GDPR

In this blog, we briefly present a judgment of the Belgian Supreme Court of 7 October 2021 on the reading of the eID card to obtain a loyalty card.

Astrid Helstone en Judica Krikke leggen in hun podcast uit wat de algemene zorgplicht van werkgevers betekent voor de veiligheid op kantoor.

A recent decision by the litigation chamber of the Belgian DPA can be put into perspective with the decision of the Supreme Court of 7 October 2021 considering that the DPA has to deal with a complaint filed by a person whose data had not been processed.

On 18 November 2021, the European Data Protection Board (“EDPB”) adopted a statement on the Digital Services Package proposed by the Commission. The Package refers to a number of legislative proposals aiming at the further use and sharing of data.

On 6 December 2021, the European Commission published the results of the public consultation on its Data Act. This legislative initiative aims at facilitating data access and use, and reviews the rules on the legal protection of databases.

On 25 March 2021, the European Parliament adopted a resolution on the Commission evaluation report on the implementation of the General Data Protection Regulation two years after its application.

On 6 December 2021, the Belgian Data Protection Authority published a recommendation on the processing of biometric data.
 

On 17 December 2021, the European Commission published its final version of the implementing decision on the adequate protection of personal data in the Republic of Korea.

The Litigation Chamber of the Belgian DPA confirms that, in the absence of an existing legal basis, it is not possible for an employer, in this case a hospital, to make the recruitment of a person conditional on the fact that he/she has been vaccinated.

On 5 January 2022, the EDPS issued a reprimand to the European Parliament for non-compliance with several provisions of the GDPR for EU Institutions and ordered it to update its data protection notices of an internal corona testing website.

The Datenschutzbehörde, the Austrian Data Protection Authority (DPA), found that the use of the free version of Google Analytics violated some provisions of the GDPR, and specifically the rules on international data transfers.

In a judgment handed down on 1 December 2021, the Market Court annulled the decision on the merits 66/2021 of 4 June 2021 of the Belgian DPA. The decision reprimanded the Belgian Ministry of Finance for not respecting the rights of the data subjects.

On 2 February 2022, the Belgian Data Protection Authority considered that the Transparency and Consent Framework (TCF) developed by Interactive Advertising Bureau Europe (IAB) violates the GDPR.

The Belgian DPA fined an NGO and a researcher both active in the fight against disinformation for violating GDPR provisions.

The Belgian Data Protection Authority published an interesting decision of its Litigation chamber. The content of the decision is not completely new, but it provides (or recalls) some relevant elements for personal data practitioners.