The European Data Protection Board in a letter to expressed concerns about proposed legislative developments that would affect the Belgian Data Protection Authority. It says the proposals may negatively impact the stability and the independent functioning of the Belgian Data Protection Authority and thereby the consistent application of the GDPR.
The EDPB considers that the proposals to interrupt the current mandate of the GBA/APD’s external members may be at odds with the abovementioned case law of the Court of Justice. Furthermore, the EDPB considers that the added grounds of dismissal in the draft law may be inconsistent with Article 53(4) GDPR, which clearly states that “a member shall be dismissed only in cases of serious misconduct or if the member no longer fulfils the conditions required for the performance of the duties.”
The EDPB also questions how the various proposals for increased parliamentary oversight relate to the requirement to “remain free from external influence” (Article 52(2) GDPR). Lastly, the EDPB recognizes that the proposal to make obligatory use of a shared service centre may conflict with Article 52(5) GDPR, as quoted above.