Privacy & Cybersecurity Law Blog

On November 26, 2020, the Belgian Data Protection Authority (“Belgian DPA”) signed a cooperation agreement with DNS Belgium, the organization managing the “.be” country code top-level domain name. The purpose of the cooperation agreement is to allow DNS Belgium to suspend “.be” websites that are linked to infringements of the EU General Data Protection Regulation (the “GDPR”).

The cooperation agreement establishes a two-tier cooperation system:

• Cooperation with investigations of the Belgian DPA: DNS Belgium must provide the Belgian DPA’s Investigation Service with the information it requires for its investigations.
• “Notice and Action” Procedure: If the Belgian DPA’s Investigation Service or Litigation Chamber considers a data processing activity conducted via a website with a “.be” domain name to infringe one of the data protection principles established under the GDPR, and the responsible data controller or data processor does not comply with the DPA’s order to suspend, limit, freeze (temporarily) or end the data processing activity, the Investigation Service or the Litigation Chamber is authorized to send a “Notice and Action” notification to DNS Belgium. Upon receipt of the “Notice and Action” notification, DNS Belgium will inform the website owner about the infringement and re-direct the relevant domain name to a warning page of the Belgian DPA. If, at the expiration of a 14-day period, the website owner indicates that it has taken the appropriate remediation measures to stop the infringement and the Belgian DPA does not contest it, the relevant domain name will be restored. During the 14-day period, website owners can make a request to stop or suspend the Notice and Action procedure, in which case the domain name may be restored until a decision regarding the procedure has been taken. If the infringement is not remediated during the 14-day period, the website will continue to be re-directed to the Belgian DPA’s warning page for a period of six months, after which the website will be cancelled and placed in quarantine for 40 days before becoming available for registration again. The Inspector General or the Director of the Litigation Chamber of the Belgian DPA can, at their discretion, provide extra time to the website owner to comply with the relevant data protection requirements.

The “Notice and Action” procedure is only available for infringements that cause very serious harm and are committed by natural or legal persons who deliberately infringe the law or who continue data processing activity despite a prior order by the Investigation Service or the Litigation Chamber of the Belgian DPA to suspend, limit, freeze (temporarily) or end the processing activity.

Read the cooperation agreement in French or in Dutch.