Sticky post

Reform of the Belgian Privacy Commission The General Data Protection Regulation (EU) 2016/679 creates a new privacy regime immediately applicable across the EU as from 25 May 2018. Under the GDPR, national supervisory authorities will have a strengthened role and increased enforcement powers. In order to meet GDPR requirements, the Belgian legislator has adopted a law reforming the current Belgian Privacy Commission. The law was submitted in the Chamber of…...

Sticky post

As part of its Digital Single Market strategy, the European Commission published on 13 September 2017 a proposal for a Regulation “on a framework for the free flow of non-personal data in the European Union”. Why a Regulation governing “non-personal” data? To make sure that it is safe for businesses to store data anywhere in the EU; To eliminate barriers to trade and to enable a ‘EU data community’; To…...

Sticky post

With the act of 31 July 2017, Belgium has introduced the first whistleblowing scheme in the private sector, in execution of the Market Abuse Regulation of 2014. The provisions of the Act have entered into force on 1 September 2017. A Royal Decree of 24 September 2017 approves the procedural rules designed by the FSMA to receive whistleblowing reports. These rules will be applied as from 28 September 2017. Which…...

Sticky post

The digitalization of healthcare services is generally applauded, as it leads to increased efficiency, better quality of care, lower administrative costs, and patient empowerment. However, the digitalization of such services is not without risk from a data protection perspective, in particular given the ‘sensitive’ nature and strict legal protection of personal health information. Belgian doctors and hospitals have recently learned the hard way that they are indeed a hacker target.…...

Sticky post

Last weekend’s cyber-attack has caused significant technical and operational problems worldwide. And while the main issue in these cases is of course IT-security, such attack also gives rise to important legal / data protection issues that should not be neglected. What is everyone talking about? Over the past weekend, IT-systems around the world were hit by a highly-effective ransomware-attack labelled “WannaCry”, disabling entire computer systems and databases and in some…...

Sticky post

At the occasion of this special day, the members of the Loyens & Loeff Privacy & Data Protection Team would like to highlight the importance of data security and encourage data controllers, data processors and data subjects alike to give some special attention to their personal data / the personal data they collect and process. While the collection and use of personal data is in fact key to their business,…...

Sticky post

January 28 is international “Data Privacy Day” or “Data Protection Day”. The purpose of this day is to raise awareness and promote privacy and data protection best practices. At the occasion of Data Protection Day 2017, the Loyens & Loeff Benelux Privacy and Data Protection Team has compiled an overview highlighting the ever-increasing importance of this topic in everyday life, and the impact hereof on various industry sectors (automotive, healthcare,…...

Sticky post

On 10 January 2017, the European Commission presented its proposal for a Regulation on Privacy and Electronic Communications. The current EU e-Privacy Directive is thus to be replaced by a Regulation, directly applicable in all EU Member States. The goal is to have the e-Privacy Regulation adopted by 25 May 2018, the date on which the EU General Data Protection Regulation 2016/679 (“GDPR”) will become applicable. The proposal for the…...

Sticky post

Background – data exports outside EEA EU data protection legislation provides that personal data can only be transferred to countries outside the European Economic Area (“EEA”) when the country of final destination ensures an adequate level of protection of the privacy and fundamental rights and freedoms of individuals (article 25 of EU Directive 95/46, to be replaced by article 44 of the EU General Data Protection Regulation as from 25…...

Sticky post

Privacy advocacy group Digital Rights Ireland is challenging the EU-US “Privacy Shield” (allowing for EU-US data transfers based on self-certification by US companies) before the EU’s General Court, accusing it of failing to provide sufficient guarantees to ensure adequate data protection. 1                 Background – invalidation of the EU-US “Safe Harbour” On 6 October 2015, in the “Schrems” case (C-362/14), the EU Court of Justice (the “CJEU”) ruled that the EU…...

Sticky post

On 18 October,  partner Yves Van Couter and associates Stéphanie De Smedt and Evelina Roegiers cohosted a data protection seminar for the automotive industry at Febiac (Fédération Belge de l'Automobile et du Cycle). A presentation followed by a Q&A was well received by the many automotive professionals present....

Sticky post

As you may recall, in January 2016, on the occasion of the international “Data Protection Day”, we sent a news update reflecting on the highlights in the field of privacy and data protection in 2015 and briefly looked ahead at what to expect for 2016. Now that the summer holidays are over and as work, school, court cases, and legislative discussions resume, we would like to take a moment to…...

Sticky post

This update aims to provide you with a practical overview of the most relevant changes resulting from the General Data Protection Regulation (GDPR), applicable as from 25 May 2018. This month’s issue discusses (new) rights of the data subject: Enhanced right to information and transparency Right of access and rectification Right to erasure or “right to be forgotten” Right to restriction Right to data portability What do these changes mean…...

Sticky post

NIS-Directive Today, many cybersecurity incidents remain unreported to the Belgian authorities and to the public. With the entry into force of the EU General Data Protection Regulation in May 2018 and the mandatory implementation of the “Network Information Security Directive” (“NIS-Directive”) by EU Member States, by 9 May 2018 the EU cybersecurity landscape is set to change drastically, especially in countries (such as Belgium) that do not yet have general…...

Sticky post

European Commission adopts EU-US Privacy Shield On 12 July, the European Commission adopted the EU-US Privacy Shield, the new framework to protect the fundamental rights of data subjects whose personal data are transferred from the EEA to the United States. The EU-US Privacy Shield is the successor of Safe Harbour, which had been declared invalid by the Court of Justice of the European Union (CJEU) in the “Schrems” case in…...

Sticky post

Belgian Privacy Commission publishes annual report 2015 The Belgian Privacy Commission has published its annual report for the year 2015. In its report, the Privacy Commission highlights certain numbers and statistics, summarises its most important cases and projects, and provides a chronological overview of the most mediatised non-compliance case it handled in 2015, the “Facebook case”. 1. The “Facebook case” It all started in February 2015, when university researchers, commissioned…...

Sticky post

Earlier today, the European Parliament finally gave its long awaited approval of the EU General Data Protection Regulation (the “GDPR”), thereby completing the four-year legislative process aiming to replace the existing EU Data Protection Directive of 1995. Now that the GDPR has finally been formally adopted, it is expected to be published in the Official Journal of the EU in the coming weeks and to enter into force in spring…...

Sticky post

Stéphanie De Smedt published the country report ‘Belgium: The New Data Protection Hub?’ in the European Data Protection Law review 3/2015 . Click here to download the PDF version....

Sticky post

Privacy Law / Charter of fundamental rights Data Retention Directive (2006/24/EC) declared to be retroactively invalid Consequences for electronic communications (telephone, internet) service providers On 8 April 2014, the the validity of EU Directive 2006/24/EC (known as the “Data   Retention Directive”). The main objective of the Data   Retention Directive was to harmonise Member States’ laws concerning the   retention of certain data generated or processed by providers of…...