Can't find what you're looking for? Try the search bar or refine your parameters using the Frameworks & Concepts button above.
One of the tidbits in the Belgian Data Protection Authority’s “Management Plan 2024”: “Setting a sanctions policy, taking the EDPB’s guidelines on fines into account” (action point for 2024 for the Litigation Chamber). Interestingly for the broader question of the legal value of EDPB guidelines, this sanctions policy is described elsewhere in the document as […]
The European Data Protection Board is at it again: an urgent procedure has been launched to obtain clarification on “some of the core issues that arise in the context of processing for the purpose of developing and training an AI model”. The aim? To bring “some much needed clarity into this complex area”. Yet the […]
The Belgian Data Protection Authority just published a “cookie checklist” with its position on a number of issues regarding cookies. I’m attaching an unofficial machine translation (losing lots of its layout too), but here are some first thoughts: – Some of these topics might be subject to litigation, so while they may reflect the newest […]
The Belgian DPA’s newest rejection of a NOYB complaint for reasons of fictional mandates (yes, again) is a must-read for both complainants (or complainant organisations) and controllers/processors who receive complaints from representative organisations. Summary: “The method by which the complaint at the initiative of the representative seeks to raise a general predetermined practice, by addressing […]
No “reject all” button? Different colours in a cookie banner? Belgian DPA orders a change, based on “dark pattern” allegations and lack of freely given consent. Readers know I have my doubts on this, due because “in the physical world” we are led to make choices all the time based on product colours (some of […]
[Slide upload:] On Monday, at the invitation of the Belgian DPA’s Litigation Chamber, I spoke about key themes of the Litigation Chamber’s decisions over the past 5 years and about both the positive improvements in maturity of those decisions and the challenges resulting from the lack of appeals against certain decisions (leading to the creation […]
Another Belgian DPA decision on how long to keep the e-mail address of an ex-employee alive. The Belgian DPA repeats its position that is now almost constant (but in cases that do not appear to have been appealed): block access to a mailbox on the day of departure, then kill the e-mail address within 3 […]
First come, first served! Register now for an exclusive event on 2 September with the Belgian DPA for the 5th anniversary of its Litigation Chamber, in French & Dutch (with live translation into the other language – but no English foreseen). Very honoured to be among the very select group of speakers – and as […]
Very soon higher GDPR fines in Belgium? A recent judgment by the Court of Appeal of Brussels said that the Belgian DPA’s methodology for calculating fines was unclear, but that symbolic victory by one controller may create a significant risk for others… In a judgment in which it *confirmed* the Belgian DPA’s decision on the […]
New Belgian DPA decision, interesting on 3 points: 1. Confirmation of BDPA’s approach re “legal obligation” and “public interest” legal grounds 2. Re retention: the need to assess recidivism does not justify unlimited processing 3. Reference to EDPB’s newly updated GDPR fining guidelines (re factors affecting the amount of the fine) 1. The Order of […]
