Belgium Publised Draft GDPR Implementation Legislation

Belgium’s Parliament published a draft law on June 12 that aims to bring the country’s data protection legislation in line with the European Union’s General Data Protection Regulation, which became enforceable on May 25th.

The draft legislation included 280 Articles and has three main objectives.

Firstly it aims to make provision for so-called “open clauses” of the General Data Protection Regulation. In other words, those clauses in the Regulation where EU Member States are free to formulate their own legislation and insert additional and complementary rules to the GDPR legislation.

Secondly it aims to implement into Belgian law the provisions of the “Police Directive” (“Directive 2016/680 on the protection of natural persons with regard to processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA”).

Finally, it will provide for various waivers and rules in relation to competent authorities and processing of personal data which do not come under the jurisdiction of the European Union. This might include any data held by intelligence and security services.

As GDPR is already enforceable on an EU-wide level it is hoped that the legislation will be approved by the Belgian Parliament quickly.

Although Belgium is not regarded as an influencer on EU legislation it is not unusual to see the EU Member States heavily involved in developments in EU law, including in the protection of privacy. Last February legislation was enacted to establish the Data Protection Authority, which replaces the Privacy Commission as the official data protection agency in Belgium. The Privacy Commission was an active data protection agency and was one of several authorities across the EU which has sued social media providers.