Data Protection in Belgium: Difference between revisions
(Adaptations to include references to statute of limitations and guidance on direct marketing) |
|||
Line 23: | Line 23: | ||
==Legislation== | ==Legislation== | ||
===History=== | ===History=== | ||
The Data Protection Authority (APD/GBA) is the successor of the Commission for the protection of privacy with effect from 25/05/2018 and was established by the Belgian Federal Chamber of Representatives by the Law of 3rd of December 2017 establishing the Data Protection Authority. | The Belgian Data Protection Authority (APD/GBA - typically BDPA in English) is the successor of the Commission for the protection of privacy with effect from 25/05/2018 and was established by the Belgian Federal Chamber of Representatives by the Law of 3rd of December 2017 establishing the Data Protection Authority (BDPA Act). | ||
===National constitutional protections=== | ===National constitutional protections=== | ||
Line 44: | Line 44: | ||
Belgian law does not provide for specific rules with respect to the processing of employee data. Nevertheless, certain specific privacy issues regulated in collective agreements negotiated between employees and employers’ associations remain applicable. Those issues are: | Belgian law does not provide for specific rules with respect to the processing of employee data. Nevertheless, certain specific privacy issues regulated in collective agreements negotiated between employees and employers’ associations remain applicable. Those issues are: | ||
* the processing of personal data pursuant to the collective agreement N°38 on the recruitment and selection of workers; | *the processing of personal data pursuant to the collective agreement N°38 on the recruitment and selection of workers; | ||
* the processing of personal data pursuant to the collective agreement N°68 on the protection of workers’ privacy with regard to CCTV in the workplace; | *the processing of personal data pursuant to the collective agreement N°68 on the protection of workers’ privacy with regard to CCTV in the workplace; | ||
* the processing of personal data pursuant to the collective agreement N°81 on the protection of workers’ privacy with regard to the control of networked electronic communication data; and | *the processing of personal data pursuant to the collective agreement N°81 on the protection of workers’ privacy with regard to the control of networked electronic communication data; and | ||
* the processing of personal data pursuant to the collective agreement N°100 on the implementation of a preventive policy regarding alcohol and drugs inside the company. | *the processing of personal data pursuant to the collective agreement N°100 on the implementation of a preventive policy regarding alcohol and drugs inside the company. | ||
Ref.: https://www.whitecase.com/publications/article/gdpr-guide-national-implementation-belgium#q20 | Ref.: https://www.whitecase.com/publications/article/gdpr-guide-national-implementation-belgium#q20 | ||
Line 55: | Line 55: | ||
====Other relevant national provisions and laws==== | ====Other relevant national provisions and laws==== | ||
'' | Statute of limitations: Art. 105 of the BDPA Act states that facts (= alleged infringements) are time-barred after 5 years. | ||
Post-GDPR guidance: | |||
* '''Direct marketing:''' the BDPA published guidance on direct marketing on 10 February 2020. This extensive guidance is nearly 80 pages long (available in [https://www.e-nautadutilh.com/email_handler.aspx?sid=66d91b41-84ca-464f-a0e3-05698ebda3c3&redirect=https%3a%2f%2fwww.autoriteprotectiondonnees.be%2fsites%2fprivacycommission%2ffiles%2fdocuments%2fRecommandation_01-2020_marketing_direct.pdf French] and [https://www.e-nautadutilh.com/email_handler.aspx?sid=66d91b41-84ca-464f-a0e3-05698ebda3c3&redirect=https%3a%2f%2fwww.gegevensbeschermingsautoriteit.be%2fsites%2fprivacycommission%2ffiles%2fdocuments%2fAanbeveling_01_2020_direct_marketing.pdf Dutch]) and covers various topics, including cookies, controller vs processor and more. A summary in English of the key considerations can be [https://www.e-nautadutilh.com/56/3954/landing-pages/news-item.asp?sid=66d91b41-84ca-464f-a0e3-05698ebda3c3 found here]. | |||
===National ePrivacy Law=== | ===National ePrivacy Law=== |
Revision as of 15:21, 19 February 2020
Data Protection in Belgium | |
---|---|
Data Protection Authority: | APD/GBA (Belgium) |
National Implementation Law (Original): | Data Protection Act (2019) |
English Translation of National Implementation Law: | English Translation |
Official Language(s): | French, Dutch and German |
National Legislation Database(s): | Link |
English Legislation Database(s): | n/a |
National Decision Database(s): | Link |
Legislation
History
The Belgian Data Protection Authority (APD/GBA - typically BDPA in English) is the successor of the Commission for the protection of privacy with effect from 25/05/2018 and was established by the Belgian Federal Chamber of Representatives by the Law of 3rd of December 2017 establishing the Data Protection Authority (BDPA Act).
National constitutional protections
You can help us fill this section!
National GDPR implementation law
In Belgium the GDPR is implemented by the Data Protection Act (2019).
You can help us fill this section!
Age of consent
The age of consent in Belgium is 13 years old.
The APD/GBA justified its decision to lower the age of consent indicating that this represent the average age children browser the Internet. The APD/GBA considers that selecting a higher age of consent could have limited the opportunities for children to grow digitally; however, it notes that this choice must be accompanied with additional efforts from the APD/GBA and other institution to teach children, as early as possible, to adopt a thoughtful attitude towards this media[1].
Freedom of Speech
You can help us fill this section!
Employment context
Belgian law does not provide for specific rules with respect to the processing of employee data. Nevertheless, certain specific privacy issues regulated in collective agreements negotiated between employees and employers’ associations remain applicable. Those issues are:
- the processing of personal data pursuant to the collective agreement N°38 on the recruitment and selection of workers;
- the processing of personal data pursuant to the collective agreement N°68 on the protection of workers’ privacy with regard to CCTV in the workplace;
- the processing of personal data pursuant to the collective agreement N°81 on the protection of workers’ privacy with regard to the control of networked electronic communication data; and
- the processing of personal data pursuant to the collective agreement N°100 on the implementation of a preventive policy regarding alcohol and drugs inside the company.
Ref.: https://www.whitecase.com/publications/article/gdpr-guide-national-implementation-belgium#q20
Research
You can help us fill this section!
Other relevant national provisions and laws
Statute of limitations: Art. 105 of the BDPA Act states that facts (= alleged infringements) are time-barred after 5 years.
Post-GDPR guidance:
- Direct marketing: the BDPA published guidance on direct marketing on 10 February 2020. This extensive guidance is nearly 80 pages long (available in French and Dutch) and covers various topics, including cookies, controller vs processor and more. A summary in English of the key considerations can be found here.
National ePrivacy Law
You can help us fill this section!
Data Protection Authority
The Belgian Data Protection Authority (Autorité de protection des données in French or Gegevensbeschermingsautoriteit in Dutch) is the national data protection authority for Belgium.
→ Details see APD/GBA (Belgium)
Judicial protection
Civil Courts
You can help us fill this section!
Administrative Courts
You can help us fill this section!
Constitutional Court
You can help us fill this section!