Beltug drafts Position on Belgian privacy law, for Mathieu Michel

Secretary of State Mathieu Michel has asked Beltug to provide its input on the Belgian privacy law and overall implementation of the GDPR. The Beltug Privacy Council has prepared a detailed response, which can be read here (Dutch only).

10 / 06 / 21

Downloads

Beltug brief aan M. Michel - evaluatie privacywet

In the Position, Beltug calls for:

Clarity on the Belgian law: the law of 30 July 2018 is difficult to read, and the deviations from the GDPR text are not always clear. An overview of deviations and/or additions in the Belgian law, with a reference to the corresponding articles of the GDPR text, would provide clarity.
A stronger, pragmatic APD/GBA: the privacy regulations have created tension between the many possible interpretations on the one hand, and the actual implementations on the other. The Belgian APD/GBA is a small organisation with limited resources, creating several problems in practice. For example, response times are unpredictable and often too long. Yet the companies using the APD/GBA are those that take the GDPR to heart. Yet they are left groping in the dark, and run the risk of complaints, investigations or fines.
We would like the APD/GBA to enter into discussions with companies, in order to draw up guidelines based on the questions and difficulties. There is a real need for concrete recommendations. This could lead to important economies of scale and greater certainty, as each company will not need to interpret the texts itself.
Clarity on the international level: the European Court of Justice in Luxembourg, among others, issues judgments on data protection. The impact of these judgments can be far-reaching. For example, the Schrems II judgment of 16 July 2020 has created a vacuum. In addition to the information published on the website, the APD/GBA could play a more significant role in this context, by indicating how companies can bridge the transition period – until there is another international solution.
General feedback on most major breaches and actions to be taken
Concrete advice on privacy: our daily contacts with business users clearly show there remain many questions about privacy, and this will only increase. Concrete advice can avoid each organisation constantly ‘reinventing the wheel’, by finding their own solutions for similar problems.All companies are involved in the digital transformation, and data processing is central to this.
They need advice from the DPA regarding the integration of data protection with information security (for example, integration of certain advice from the Centre for Cyber security Belgium is welcome) and data management (AI & Analytics)
The APD/GBA can be an ally to companies and government agencies: There is an important role to play, which goes much further than issuing fines and providing advice on legislation. In this way, the APD/GBA could support the economy by providing concrete answers to a number of pressing questions regarding digitisation.

Return to impact

Cookie	Duration	Description
_wordpress_test_cookie, test_cookie	session	WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.
CONSENT	until you remove it	The cookie is set by the GDPR Cookie Consent WordPress plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. When Consent has been given the cookie is used to store the user consent for the cookies in the category 'Analytics'.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category 'Necessary'.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
WordPress_clef_session, _wordpress_cleff_state	1 year	This WordPress cookie is necessary to use the administrator zone (only for administrators).
wp-settings-1, wp-settings-time-1	1 year	WordPress uses this cookie to customize your view of the admin interface, and possibly also the main site interface.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report.
_gat_gtag	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie that YouTube sets that measures your bandwidth to determine whether you get the new player interface or the old.
YSC	to be removed by you	Registers a unique ID to keep statistics of what videos from YouTube the user has seen. This cookie expires when you close your browser.
yt-remote-connected-devices	to be removed by you	Stores the user’s video player preferences using embedded YouTube video.
yt-remote-device-id	to be removed by you	Stores the user’s video player preferences using embedded YouTube video.