Apr 32019

The Belgian Data Protection Authority Appoints First Commissioner and Directors

Wim Nauwelaerts and Paul Greaves
, , , , , ,

On 29 March 2019, the Belgian House of Representatives appointed a new Data Protection Commissioner and four directors to the executive committee of the Belgian Data Protection Authority (‘DPA’).

These are the first appointments to be made to the DPA since it replaced the previous Belgian Privacy Commission in anticipation of the EU GDPR. This is therefore the first time that executive roles have been officially filled in the context of the regulator’s expanded competence – including the DPA’s new power to impose administrative fines of up to €20,000,000 EUR or 4 percent of an undertaking’s worldwide annual revenues for certain infringements of the EU GDPR.

The executive committee sets the strategic goals, the management agenda and the annual priorities of the DPA. Companies can therefore hope to gain a greater understanding of the DPA’s enforcement priorities in the months and years ahead.  In particular, the regulator has stated that it will publish information about its ‘vision and mission’ once its strategic plan has been drawn up.  Details of enforcement action against companies established or operating in Belgium may also begin to emerge in the not-too-distant future.

The appointees

The new Commissioner is named as Dr. David Stevens, who previously acted as the EU Data Protection Officer of a large multinational and who has a mix of academic, in-house and private practice experience.

The other appointees are as follows:

  • Director of the Knowledge Center – Alexandra Jaspar
  • Director of the Front Office – Charlotte Dereppe
  • Inspector General – Peter Van den Eynde
  • President of the Litigation Chamber – Hielke Hijmans

Commentators have praised the diversity of the appointees’ professional backgrounds.

The DPA’s activities to date

Since the entry into force of the EU GDPR on 25 May 2018, the previous members of the Belgian Privacy Commission have been carrying out the executive committee’s roles, but on an interim basis. It is perhaps for this reason that enforcement activity and the publication of new guidance by the DPA has been more limited when compared to other Supervisory Authorities such as the UK’s ICO and the French CNIL.

Nevertheless the DPA confirmed in a publication dated 23 November 2018 that the lack of a newly appointed executive committee has not prevented the DPA’s inspection and sanctions bodies from being fully operational, and that its first regulatory inspections have already commenced.

Wim Nauwelaerts

wnauwelaerts@sidley.com

Paul Greaves

pgreaves@sidley.com

You might also like
FCC Proposes Updated Data Breach Reporting Requirements, Comment Period Ongoing

On January 6, 2023, the Federal Communications Commission (the Commission) released a unanimously adopted Notice of Proposed Rulemaking, “In the Matter of Data Breach Reporting Requirements” (Proposed Rule).  The Commission sought comments through February 22, 2023 on the Proposed Rule which will update its current data breach reporting rule. Reply comments are due on or before March 24, 2023.

U.S. Employers Need to Reconsider Use of Confidentiality and Nondisparagement Provisions in Light of New NLRB Decision

Employers frequently seek to include confidentiality and nondisparagement provisions in severance agreements provided to departing employees. Last week, the U.S. National Labor Relations Board (NLRB or Board) significantly altered the legal landscape governing such provisions, making it much more difficult for unionized and nonunionized employers alike to use them for nonsupervisory employees without running afoul of the National Labor Relations Act (NLRA). The decision is likely to be appealed, and we will issue updates as they become appropriate. In the interim, however, it is critically important for employers to understand the implications of the decision (see below) and to adjust their use of these provisions to limit their risk.

Substantial changes to Hong Kong’s privacy laws coming

In a briefing to the Legislative Council (Hong Kong’s legislative body) on February 20, 2023, the Privacy Commissioner (“the Commissioner”) announced that substantive amendments to the Personal Data (Privacy) Ordinance (“PDPO”) will take place.