This is an overview of all news messages

Belgian and German data protection authorities cooperate on Mastercard’s data breach

The Belgian Data Protection Authority (DPA) as well as the Hessian authority of Germany have been notified by Mastercard company of a data breach detected on 19 August 2019 which would have affected a large number of data subjects, a significant portion of which would be German customers. Since the main establishment of Mastercard is located in Waterloo, the Belgian DPA is working closely with its Hessian counterpart and the other competent authorities to defend the interests of the persons affected by this incident.

The Court of Appeal of Brussels refers the Facebook case to the Court of Justice of the European Union

On 8 May 2019, the Court of Appeal of Brussels ruled in the Facebook case following the pleadings of 27 and 28 March 2019. The Authority argued that the Belgian courts are competent and demanded that Facebook comply with Belgian and European privacy rules. Before ruling on the merits, the Court of Appeal wants to ensure that the Authority can pursue the case against Facebook given the entry into application of the GDPR as of 25/05/2018. For this reason, the Court of Appeal decided to refer certain questions to the Court of Justice of the European Union.

The Data Protection Authority defends its arguments before the Court of Appeal in Brussels in the Facebook case

On 27 and 28 March 2019, pleadings in the Facebook case will take place before the Court of Appeal in Brussels. Facebook appealed against the judgment of 16 February 2018 of the Dutch-speaking Court of First Instance in Brussels. The DPA will argue that Belgian courts are competent and that Facebook should be ordered to respect Belgian and European privacy rules when it processes personal data through its cookies, social plug-ins and pixels.

Victory for the Privacy Commission in Facebook proceeding

The 16th of February, the Court of First Instance rendered its judgment in the proceedings on the merits in the case of the Privacy Commission vs. Facebook.

The Belgian Authority publishes new recommendation relating to the processing of personal data by Facebook through cookies, social plug-ins and pixels

On 16 May 2017, the Belgian Authority published a new recommendation relating to the processing of personal data by Facebook through cookies, social plug-ins and pixels, in response to the latest modifications to Facebooks cookie policy and the manner in which it processes personal data. The Authority has found that Facebook is now processing even more personal data of both users and non-users of Facebook, without obtaining valid consent and without complying with other legal requirements. The legal proceedings on the merits against Facebook are still ongoing. At the same time, various procedures against Facebook have been initiated by the European Contact Group of Data Protection Authorities, who released a common statement on May 16th 2017.

International review of the GPEN looks at privacy of Internet of Things

The Sweep of the Global Privacy Enforcement Network (GPEN) on how Internet of Things devices use personal data, and how users are kept informed, has been started on 11 April 2016.

The judgment in the Facebook case

In a judgement of 9 November 2015, the President of the Court of First Instance in Brussels, Belgium, ordered Facebook Inc., Facebook Ireland Limited and Facebook Belgium SPRL in summary proceedings to cease registering via cookies and social plug-ins which websites internet users from Belgium who do not have a Facebook account visit.

On 13 May the Belgian Authority adopted a first recommendation of principle on Facebook.

It has observed that Facebook "processes" the personal data of its members, users as well as of all internet users who come into contact with Facebook. Facebook does this secretively: no consent is asked for this "tracking and tracing" and the use of cookies. No targeted information is provided. The available information is vague and authorizes just about anything.

Issued by the Article 29 Data Protection Working Party regarding search engines

On Wednesday 26 November, the European data protection authorities assembled in the Article 29 Working Party have adopted guidelines on the implementation of the judgment of the Court of justice of the European Union. These guidelines contain the common interpretation of the ruling as well as the common criteria to be used by the dataprotection authorities when addressing complaints.