Belgian Data Protection Authority turns to criminal courts for GDPR enforcement
The Belgian Data Protection Authority (GBA) is taking a stronger stance on enforcing European data protection regulations by initiating criminal proceedings in cases of serious violations. Traditionally, the GBA has managed enforcement through its internal disputes chamber, which can impose fines on offending companies. However, these fines are often challenged and reduced by the Market Court, sometimes to symbolic amounts, which weakens the authority’s ability to protect personal data effectively.
Alexandra Jaspar, who leads the GBA’s authorization and advisory service, highlighted the frustration caused by the Market Court’s approach. She noted that fines have been lowered to as little as one euro, sending a message that data protection is not a priority. This undermines efforts to hold companies accountable and discourages decisive action against data breaches. Jaspar emphasized that data protection should be taken seriously and not treated as a luxury concern.
To improve enforcement, the GBA plans to refer more severe cases to criminal courts. Chairman Koen Gorissen explained that the authority has already submitted a direct claim to a correctional court and is considering criminal settlements through the public prosecutor’s office. This shift aims to stop problematic data processing practices more effectively by using the criminal justice system, which carries stronger penalties and deterrents.
This new approach reflects the GBA’s commitment to safeguarding personal data and ensuring compliance with the General Data Protection Regulation (GDPR). By involving criminal courts, the authority hopes to send a clear message that serious breaches will have significant legal consequences, encouraging companies to prioritize data protection and respect individuals’ privacy rights.
