Apr 32019

The Belgian Data Protection Authority Appoints First Commissioner and Directors

Wim Nauwelaerts and Paul Greaves
, , , , , ,

On 29 March 2019, the Belgian House of Representatives appointed a new Data Protection Commissioner and four directors to the executive committee of the Belgian Data Protection Authority (‘DPA’).

These are the first appointments to be made to the DPA since it replaced the previous Belgian Privacy Commission in anticipation of the EU GDPR. This is therefore the first time that executive roles have been officially filled in the context of the regulator’s expanded competence – including the DPA’s new power to impose administrative fines of up to €20,000,000 EUR or 4 percent of an undertaking’s worldwide annual revenues for certain infringements of the EU GDPR.

The executive committee sets the strategic goals, the management agenda and the annual priorities of the DPA. Companies can therefore hope to gain a greater understanding of the DPA’s enforcement priorities in the months and years ahead.  In particular, the regulator has stated that it will publish information about its ‘vision and mission’ once its strategic plan has been drawn up.  Details of enforcement action against companies established or operating in Belgium may also begin to emerge in the not-too-distant future.

The appointees

The new Commissioner is named as Dr. David Stevens, who previously acted as the EU Data Protection Officer of a large multinational and who has a mix of academic, in-house and private practice experience.

The other appointees are as follows:

  • Director of the Knowledge Center – Alexandra Jaspar
  • Director of the Front Office – Charlotte Dereppe
  • Inspector General – Peter Van den Eynde
  • President of the Litigation Chamber – Hielke Hijmans

Commentators have praised the diversity of the appointees’ professional backgrounds.

The DPA’s activities to date

Since the entry into force of the EU GDPR on 25 May 2018, the previous members of the Belgian Privacy Commission have been carrying out the executive committee’s roles, but on an interim basis. It is perhaps for this reason that enforcement activity and the publication of new guidance by the DPA has been more limited when compared to other Supervisory Authorities such as the UK’s ICO and the French CNIL.

Nevertheless the DPA confirmed in a publication dated 23 November 2018 that the lack of a newly appointed executive committee has not prevented the DPA’s inspection and sanctions bodies from being fully operational, and that its first regulatory inspections have already commenced.

Wim Nauwelaerts

wnauwelaerts@sidley.com

Paul Greaves

pgreaves@sidley.com

You might also like
UK Sets Out It’s “Pro-Innovation” Approach To AI Regulation

On 29 March 2023, the UK’s Department for Science Innovation and Technology (“DSIT”) published its long awaited White Paper on its “pro-innovation approach to AI regulation” (the “White Paper”), along with a corresponding impact assessment. The White Paper builds on the “proportionate, light touch and forward-looking” approach to AI regulation set out in the policy paper published in July 2022. Importantly, the UK has decided to take a different approach to regulating AI compared to the EU, opting for a decentralised sector-specific approach, with no new legislation expected at this time. Instead, the UK will regulate AI primarily through sector-specific, principles based guidance and existing laws, with an emphasis on an agile and innovation-friendly approach. This is in significant contrast to the EU’s proposed AI Act which is a standalone piece of horizontal legislation regulating all AI systems, irrespective of industry.

How the China Personal Information Protection Law Applies to Foreign Asset Managers

Since China’s Personal Information Protection Law (PIPL) came into effect in November 2021, there has been widespread uncertainty amongst offshore fund managers and investors with entities outside Mainland China as to how and whether the regime applies to them. Given the potential for foreign asset managers to overlook or misinterpret PIPL, this brief update outlines some guidance as to how PIPL can apply, and to whom, in a practical context.

EU Moving Closer to an AI Act – Key Areas of Impact for Life Sciences/MedTech Companies

The European Union is moving closer to adopting the first major legislation to horizontally regulate artificial intelligence. Today, the European Parliament (Parliament) reached a provisional agreement on its internal position on the draft Artificial Intelligence Regulation (AI Act). The text will be adopted by Parliament committees in the coming weeks and by the Parliament plenary in June. The plenary adoption will trigger the next legislative step of trilogue negotiations with the European Council to agree on a final text. Once adopted, according to the text, the AI Act will become applicable 24 months after its entry into force (or 36 months according to the Council’s position), which is currently expected in the second half of 2025, at the earliest.