The European Commission has started infringement proceedings against Belgium for allegedly violating the General Data Protection Regulation (GDPR) through its data protection authority’s lack of independence.

“Some of its members cannot be regarded as free from external influence because they either report to a management committee depending on the Belgian government; they take part in governmental projects on Covid-19 contact tracing; or they are members of the information security committee,” the EC said.

Under GDPR, members of a DPA have to perform their tasks and exercise their powers by remaining free from any external influence, direct or indirect, which can potentially affect their decisions. 

Information received to date from Belgian authorities has not allayed the EC’s concerns about the DPA’s independence.

Belgium has two months to clarify measures taken to ensure the DPA’s full independence. If it does not, the commission may decide to send Belgium a reasoned opinion, a step which could lead to the Court of Justice.


PrivSec Global

Register to PrivSec Global and hear industry leaders share insights into data protection, privacy and security.

Must see sessions include:

Register now