The Belgian Data Protection Authority (DPA) as well as the Hessian authority of Germany have been notified by Mastercard company of a data breach detected on 19 August 2019 which would have affected a large number of data subjects, a significant portion of which would be German customers. Since the main establishment of Mastercard is located in Waterloo, the Belgian DPA is working closely with its Hessian counterpart and the other competent authorities to defend the interests of the persons affected by this incident.
On 8 May 2019, the Court of Appeal of Brussels ruled in the Facebook case following the pleadings of 27 and 28 March 2019. The Authority argued that the Belgian courts are competent and demanded that Facebook comply with Belgian and European privacy rules. Before ruling on the merits, the Court of Appeal wants to ensure that the Authority can pursue the case against Facebook given the entry into application of the GDPR as of 25/05/2018. For this reason, the Court of Appeal decided to refer certain questions to the Court of Justice of the European Union.
On 27 and 28 March 2019, pleadings in the Facebook case will take place before the Court of Appeal in Brussels. Facebook appealed against the judgment of 16 February 2018 of the Dutch-speaking Court of First Instance in Brussels. The DPA will argue that Belgian courts are competent and that Facebook should be ordered to respect Belgian and European privacy rules when it processes personal data through its cookies, social plug-ins and pixels.
In a judgement of 9 November 2015, the President of the Court of First Instance in Brussels, Belgium, ordered Facebook Inc., Facebook Ireland Limited and Facebook Belgium SPRL in summary proceedings to cease registering via cookies and social plug-ins which websites internet users from Belgium who do not have a Facebook account visit.
On Wednesday 26 November, the European data protection authorities assembled in the Article 29 Working Party have adopted guidelines on
the implementation of the judgment of the Court of justice of the European Union. These guidelines contain the common interpretation of the ruling as well as the common criteria
to be used by the dataprotection authorities when addressing complaints.