The European Commission has started infringement proceedings against Belgium for allegedly violating the General Data Protection Regulation (GDPR) through its data protection authority’s lack of independence.
“Some of its members cannot be regarded as free from external influence because they either report to a management committee depending on the Belgian government; they take part in governmental projects on Covid-19 contact tracing; or they are members of the information security committee,” the EC said.
Under GDPR, members of a DPA have to perform their tasks and exercise their powers by remaining free from any external influence, direct or indirect, which can potentially affect their decisions.
Information received to date from Belgian authorities has not allayed the EC’s concerns about the DPA’s independence.
Belgium has two months to clarify measures taken to ensure the DPA’s full independence. If it does not, the commission may decide to send Belgium a reasoned opinion, a step which could lead to the Court of Justice.
Register to PrivSec Global and hear industry leaders share insights into data protection, privacy and security.
Must see sessions include:
- Keynote: Max Schrems | June 24 at 2:00pm BST | 3:00pm CEST | 9:00pm HK
- GDPR Requirements and Digital Transformation | June 22 at 8:00am BST | 9:00am CEST | 3:00pm HK
- Schrems II and International Data Transfers: The Journey to a new Privacy Shield and Who Is Leading the Way | June 22 at 12:00pm BST | 1:00pm CEST | 7:00pm HK