Data Protection Around the World: Belgium

The GDPR is not fully new. Data controllers and processors, who are compliant with the current law, will be able to use this approach as a valid starting point for the implementation of the GDPR. This was the message of the Belgian Privacy Commission in the introductory text to their 13-step-plan to GDPR implementation. An accurate consideration, since Belgium has had a detailed data protection act in place since 1992. This act was amended in order to bring it in line with Directive 95/46/EC. The GDPR implementation law was finally enacted in the shape of a framework act encompassing more than just the GDPR in the summer of 2018 so after the period for transposition expired. Thanks to the proactive attitude of the Belgian Privacy Commission however, publishing recommendations to comply with specific parts of the GDPR, Belgian data controllers and processors received clear guidance even before the implementation law was published. In 2015, Belgium also was the first country in the world to create the function of Secretary of State for Privacy. This unique government post, together with the pending GDPR implementation law and two main developments are highlighted: the reform of the Privacy Commission into a Data Protection Authority that was adopted in 2017 and a high-profile case initiated by the Privacy Commission against Facebook. The latter concerned Facebook’s tracking of Internet users by means of cookies and pixels in breach of the Belgian data protection act of 1992 and contained a significant question regarding which national law applies to the company. Facebook has announced to appeal its conviction by a Brussels court but the applicability of the GDPR may make the question moot.