At the end of last year, in the context of setting the 2023 budget, the Belgian Data Protection Authority (Autorité de protection des données/ Gegevensbeschermingsautoriteit or APD) has highlighted the main topics that will be the focus of this year’s agenda, depending on the capacity of the authority, as the APD mentioned in its press release.

The APD declared that the work will be conducted with a two-fold approach: communication and sensibilization of the importance of personal data protection on the one hand, and enforcement of the rules by controls and sanctions on the other hand.

The main topics that the APD will address in 2023

  1. Cookies: on this matter, the APD has the intention to reinforce the harmonization of the regulations around cookies and tracking tools within Europe by making its position on this matter clearer and more explicit.
  2. Role of the DPO: since the APD recognizes the crucial role of the Data Protection Officers (DPOs) in compliance with the GDPR and the implementation of the law, it will continue to support the function of the DPOs in their main activities, especially on the preventive side (focusing on the involvement of the DPO in data subject requests or complaints) and on the control side (for example, by observing the role and the activities of the DPO in the companies under investigation).
  3. Smart cities: with regard to this innovative aspect of technology and the development of daily life, especially in relation to intelligent transport, the Belgian Authority is willing to establish a dialogue and cooperation with the main stakeholders involved in the intelligent transport projects.

Other relevant topics for the APD

Separately and in addition to the topics already mentioned, depending on the capacity of the resources and the priorities of the Contentious Chamber, the efforts of the APD will also involve other areas.

The APD will reinforce the sensibilisation campaign “Je decide” which is focusing on the data protection rights of the youth, especially in collaboration with parents and teachers. Following complaints and requests of data subjects, it will also focus on investigations against data brokers and data vendors who exchange data on a large scale.

With regard to the international cooperation, the Belgian APD representatives have underlined the importance of the involvement of the APD in European projects, not only to respond to the high demand from citizens and their complaints, but also to accompany stakeholders in the innovative and complex projects of companies that increasingly involve the processing of personal data. In particular, the APD highlighted the importance of the international cooperation on European initiatives in terms of the digital package, such as the Data Governance Act (DGA), Digital Services Act (DSA) and the Artificial Intelligence Act.

Fines imposed by the APD last year

During the last year, the Belgian authority has imposed several fines on the topics mentioned above, especially regarding website compliance, among which we remind:

  • In June 2022: a fine of €50,000 against SA Rossel & Cie (‘Groupe Rossel’), a press group, for violations of the use of the cookies (FR and NL versions);
  • In May 2022: a fine of €50,000 against Roularta for cookie violations (decision only available in NL, press release in FR);
  • In February 2022: a €250,000 fine against IAB Europe for violations of the GDPR following an investigation into the Transparency and Consent Framework (‘TCF’) (decision available here).