Commission to start legal action against Belgium for GDPR infringements
Wednesday, 09 June 2021
The European Commission will take legal action against Belgium for the infringement of the General Data Protection Regulation (GDPR) following the filing of two anonymous complaints.
The Commission is expected to announce the legal action against Belgium for serious infringement of the regulations on Wednesday afternoon, Politico has disclosed.
The authorities must notify Belgium by letter, requesting information about the infringements. This will give Belgium two months to react.
Belgium is the first state to be subject to such a procedure since the implementation of the regulation in 2016, according to Le Soir, which has been launched in response to the filing of two anonymous complaints to Didier Reynders, the commissioner in charge of implementing the GDPR.
One complaint, which was filed last November, reportedly concerns the Data Protection Authority (DPA) in Belgium and the appointment of four external members who also hold public office, in contradiction with the GDPR which states that all members must be free from any external influence.
Among the members targeted is Frank Robben, who among other things is the CEO of the Crossroads Bank Social Security, which helped to set up the track and trace system in Belgium and the main drafter of the Information Security Committee (ISC) decisions.
The second complaint concerns the ISC as a whole, which was created after the implementation of the GDPR against the advice of the European Commission, the DPA, and the Council of State, and has previously been criticised for its decisions, taken without parliamentary debate and without asking the opinion of the supervisory authority, according to Le Soir.