By Patrick Van Eecke and Elisabeth Verbrugge

Working Party 29 issued a working document on model clauses for personal data transfers from EU data processors to non-EU sub-processors. This is an important step towards creating a more comprehensive framework for contract-based personal data transfers outside the EEA.

European data
Continue Reading

MORE ENFORCEMENT POWERS FOR BELGIAN PRIVACY COMMISSION

By Patrick Van Eecke and Julie De Bruyn (DLA Piper – Brussels)

The quietness in the privacy landscape in Belgium is about to drastically change. Reason for the change of pace are the recent major data breaches that were published by the media. The Privacy Commission announced it will establish a dedicated task force to carry out proactive audits focusing on different sectors, such as financial and insurance institutions, hospitals and other health providers, and telecom operators.

Draft Belgian legislation will grant the Privacy Commission the power to independently impose monetary fines and other sanctions, such as the blocking of access to certain databases by non-compliant companies, or the withdrawal of the permits to make use of such (public) databases. The expansion of powers would transform the Privacy Commission from passive bystander to an actual ‘Privacy Police’.


Continue Reading

By Patrick Van Eecke, Alexis Fierens and Ivanka Zdravkova (DLA Piper – Brussels)

By the judgment rendered on 22 October 2013 in the Belgian version of the long-lasting The Pirate Bay saga, the Belgian Court of Cassation (Belgium’s Supreme Court) confirmed the lawfulness of a far-reaching injunction order against all national Internet service providers. According to this judgment, the examining magistrate (juge d’instruction) is entitled to order, in a single injunction, all national Internet service providers to block access to IP rights-infringing content which is hosted by a server, linked to a specific main domain name, and such by employing all possible technical means at their disposal or at least by blocking all domain names that refer to a specified main domain name (“thepiratebay.org“).

According to the Court of Cassation, such a judicial order does not impose a general obligation of monitoring upon the Internet service providers and, therefore, does not constitute a violation of Article 21(1) of the Belgian Act of 11 March 2003 on certain legal aspects of information society services (the “E-Commerce Act”) implementing Article 15(1) of the EC Directive 2000/31/EC of the European Parliament and the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (the “E-Commerce Directive”).


Continue Reading

By Patrick Van Eecke and Antoon Dierick – DLA Piper Brussels;     

On November 6, a Paris Court ordered Google to filter out hyperlinks to images of former F1 boss Max Mosley in an allegedly Nazi-themed sadomasochistic orgy. (TGI Paris, 17e ch., 6 novembre 2013, RG 11/07970, Max Mosley c. Google Inc et Google France)

This judgement is situated on the crossroads of privacy rights, freedom of information and cooperation duties of internet intermediaries. A soon to be expected European Court of Justice judgement in a similar case may bring more clarity in finding the right balance between these rights and values.


Continue Reading

By Patrick Van Eecke and Antoon Dierick

The European Parliament today published its Report on online gambling in the internal market calling for a balanced and EU compliant approach when regulating the market.

The European Parliament Resolution contains more than 50 policy statements directed towards the market, the European Commission and the Member States.

The Resolution elaborates on 5 different topics: consumer protection, compliance with EU law, administrative cooperation, money laundering and integrity of sports.


Continue Reading

By Patrick Van Eecke and Didier Wallaert

Belgium has enacted new data retention legislation on 30 July 2013. Telecom operators must now store communications traffic data, location data, data identifying the end-user, data on the communication service used and on the terminal equipment used (i.e. so-called metadata). The data retention period is one year. The new data retention legislation does not apply to the content of the communications (such as call recording), which requires a court order according to existing Belgian law.


Continue Reading

The Privacy Commission recently updated its recommendation n°4/2009 on direct marketing with a new recommendation (n°02/2013), in order to align its views with recent changes in the legal landscape.

The new recommendation for instance now clearly refers to the use of cookies in a direct marketing context, stating that the
Continue Reading

DLA Piper lawyers had the opportunity to review the European Parliament draft report on the Data Protection Regulation proposal that will be presented by Rapporteur Albrecht to the European Parliament on 10 January 2013. The proposed legislative changes  would impose significant additional requirements on entities that collect data about EU
Continue Reading