European Union

Commission opens infringement procedure regarding independence of Belgian DPA

The European Commission announced, on 9 June 2021, that it had opened infringement proceedings against Belgium on the independence of its Data Protection Authority.

In particular, the Commission highlighted that the Commissioner for Justice, Didier Reynders, had sent a letter in March 2021 which outlined that some members of the Belgian DPA cannot be regarded as free from external influence because they either report to a management committee depending on the Belgian Government, take part in governmental projects on COVID-19 contact tracing, or they are members of the Information Security Committee.

Belgium has two months to design measures to ensure a fully independent data protection authority, or  the Commission may take the next steps in the infringement procedure.

You can read the press release here.

EDPS publishes case law digest on transfers of personal data to third countries

The EDPS published, on 10 June 2021, a case law digest on transfers of personal data to third countries.

The aim of the case law digest is to clarify the structure of the analysis carried out by the CJEU in judgments concerning the transfer of personal data to third countries, highlighting the logic and steps followed and the jurisprudential acquis in relevant case law, as well as to allow readers to explore the key issues related to international transfers of personal data.

In addition, the case law digest answers a number of questions through analysis of key CJEU judgments, such as:

• When does a transfer to a third country within the meaning of Chapter V of the GDPR take place?
• What criteria has the CJEU used to determine the existence of a transfer?
• What is the overall data protection regime applicable to transfers?

You can read the case law digest here.

National Authorities

Netherlands : AP publishes 2020 Annual report

The AP published on 8 June 2021, its annual report for 2020.

The report outlines that the AP focussed on the short-term and long term effects that the COVID-19 pandemic had on the protection of personal data.

It also higlighted that, among other things, independent research found that the AP needs to grow considerably in order to guarantee the protection of personal data and that an external audit firm had pointed to the AP’s financial position and expressed concerns regarding the continuity of the AP in 2022.

Moreover, the report notes that the AP identified data trading, digital government, artificial intelligence and algorithms as focus areas for the AP due to the significant privacy risks posed.

You can read the press release here and the report here, both only available in Dutch