January 17, 2021

Volume XI, Number 17

Advertisement

January 15, 2021

Subscribe to Latest Legal News and Analysis

January 14, 2021

Subscribe to Latest Legal News and Analysis

Belgian DPA to Take Down Websites Infringing GDPR

 Belgian Data Protection Authority (“Belgian DPA”) signed a cooperation agreement with DNS Belgium, the organization managing the “.be” country code top-level domain name. The purpose of the cooperation agreement is to allow DNS Belgium to suspend “.be” websites that are linked to infringements of the EU General Data Protection Regulation (the “GDPR”).

The cooperation agreement establishes a two-tier cooperation system:

  • Cooperation with investigations of the Belgian DPA: DNS Belgium must provide the Belgian DPA’s Investigation Service with the information it requires for its investigations.

  • “Notice and Action” Procedure: If the Belgian DPA’s Investigation Service or Litigation Chamber considers a data processing activity conducted via a website with a “.be” domain name to infringe one of the data protection principles established under the GDPR, and the responsible data controller or data processor does not comply with the DPA’s order to suspend, limit, freeze (temporarily) or end the data processing activity, the Investigation Service or the Litigation Chamber is authorized to send a “Notice and Action” notification to DNS Belgium. Upon receipt of the “Notice and Action” notification, DNS Belgium will inform the website owner about the infringement and re-direct the relevant domain name to a warning page of the Belgian DPA. If, at the expiration of a 14-day period, the website owner indicates that it has taken the appropriate remediation measures to stop the infringement and the Belgian DPA does not contest it, the relevant domain name will be restored. During the 14-day period, website owners can make a request to stop or suspend the Notice and Action procedure, in which case the domain name may be restored until a decision regarding the procedure has been taken. If the infringement is not remediated during the 14-day period, the website will continue to be re-directed to the Belgian DPA’s warning page for a period of six months, after which the website will be cancelled and placed in quarantine for 40 days before becoming available for registration again. The Inspector General or the Director of the Litigation Chamber of the Belgian DPA can, at their discretion, provide extra time to the website owner to comply with the relevant data protection requirements.

The “Notice and Action” procedure is only available for infringements that cause very serious harm and are committed by natural or legal persons who deliberately infringe the law or who continue data processing activity despite a prior order by the Investigation Service or the Litigation Chamber of the Belgian DPA to suspend, limit, freeze (temporarily) or end the processing activity.

Read the cooperation agreement in French or in Dutch.

Advertisement
Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 338
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement