Can you rely on your contract to process personal data? The EDPB adopted on 9 April 2019 a set of draft guidelines on personal data processing under Article 6(1)(b) GDPR in the context of providing online services to data subjects.
Constitutional Court: fingerprints on the Belgian eID do not infringe the rights of privacy and to data protection On 14 January 2021, the Constitutional Court validated a legislative measure requiring the inclusion of fingerprints on Belgian eID. According to the Court, it is not contrary to the right to privacy and the right to protection of personal data.
Digital Law Up(to)date: (1) Parliamentary initiatives about cyber attacks; (2) ‘Zero tariff’ options before the CJEU; and (3) Council of State, GDPR and encryption In this blog, we briefly present three interesting matters in the field of digital law: (1) Parliamentary initiatives to tackle cyber attacks; (2) 'Zero tariff' options and open internet access do not mix; (3) Council of State, GDPR and encryption.
Adopting the new Standard Contractual Clauses to secure international personal data transfers Recently, the European Commission issued an implementing decision on standard new contractual clauses (“SCCs”) for the transfer of personal data to countries outside the European Economic Area.
Digital Law Up(to)date: (1) the download of a software with a permanent licence can constitute a “sale of goods”; (2) alert of the BEUC regarding the privacy policy of WhatsApp and its new terms of use In this blog, we present two interesting matters in the field of digital law: (1) The supply of a copy of software together with a licence to use it can constitute a "sale of goods”; and (2) WhatsApp in turmoil for its privacy policy and terms of use.
Enforcement of Schrems II: Council of State refuses unconditional illegality of transfers to the U.S. A recent decision of the Belgian Council of State shines a first light on the enforcement of the Schrems II ruling of the European Court of Justice in Belgium.
Digital Law Up(to)date: Out with the old – new SCCs required for new agreements As of 27 September 2021, the old set of Standard Contractual Clauses (SCCs) can no longer be used in agreements.
Digital Law Up(to)date: French Data Protection authority launches three new initiatives in the field of personal data protection In this blog, we briefly present three interesting initiatives of the CNIL, the French Data Protection Authority.
Digital Law Up(to)date: GDPR, eID and customer loyalty card before the Supreme Court In this blog, we briefly present a judgment of the Belgian Supreme Court of 7 October 2021 on the reading of the eID card to obtain a loyalty card.
Digital Law Up(to)date: Brussels Market Court annuls DPA decision against the Belgian Ministry of Finance In a judgment handed down on 1 December 2021, the Market Court annulled the decision on the merits 66/2021 of 4 June 2021 of the Belgian DPA. The decision reprimanded the Belgian Ministry of Finance for not respecting the rights of the data subjects.
Digital Law Up(to)date: Interesting points in a DPA decision based on a cross-border complaint relating to cookies The Belgian Data Protection Authority published an interesting decision of its Litigation chamber. The content of the decision is not completely new, but it provides (or recalls) some relevant elements for personal data practitioners.
Digital Law Up(to)date: The EDPS claims Pegasus might lead to an unprecedented level of intrusiveness On 15 February 2022, the European Data Protection Supervisor published Preliminary Remarks on Modern Spyware. In fact, this document directly targets the Pegasus spyware developed by an Israeli company.
Digital Law Up(to)date: From 'confidentiality of letters' to 'confidentiality of private communications'? The Belgian Parliament published a proposal to amend art. 29 of the Belgian Constitution. If adopted, art. 29 should read as follows: “The confidentiality of private communications is inviolable, except in the cases and conditions established by law”.
Digital Law Up(to)date: Cookies on Belgian press sites - A first DPA decision against Roularta The Belgian DPA fined Roularta Media Group for several breaches of the GDPR on three of its websites.