The European Commission will take legal action against Belgium following complaints that its data protection regulator does not meet the EU’s independence requirements, according to three people with knowledge of the process.
The legal action, formally known as an infringement procedure, will be announced Wednesday, the individuals said. The proceedings are a response to anonymous complaints filed last year, which claimed that the Belgian privacy regulator’s ability to act independently is compromised because several of its members are also affiliated with the government.
The EU’s privacy law, the General Data Protection Regulation (GDPR), requires regulators to be independent of government.
To formally start the proceedings, the Commission will send a letter of formal notice to Belgium requesting further information, which the country must respond to within a specified period, which is usually two months. The case could eventually end up before the Court of Justice of the European Union, though the majority of cases settle before that stage.
One of the complaints, filed in November, said that the regulator’s decision to include three officials, who also report to government ministers, on a panel that gives opinions on draft bills violates GDPR requirements for members to “remain free from external influence.”
While two of the individuals have since stood down, one official, Frank Robben — who leads many of the country’s public data initiatives — retains his role at the regulator.
Complaints also objected to a fourth member of the same panel, Bart Preneel, for his membership in a government committee that authorizes certain public-sector data-sharing. Preneel also remains in his role.
The committee itself is accused in a separate complaint with the Commission, filed in July, of violating the GDPR’s restrictions on pre-approving projects that involve personal data.
Both Robben and Preneel have denied that their positions compromise the regulator’s independence.
The Belgian data protection regulator said last year that the officials’ appointment was according to criteria set out in the GDPR, and that the individuals themselves have declared the absence of any conflicts of interest.
But two directors at the regulator distanced themselves from the statement, highlighting ongoing discord between the regulator’s top officials.
Want more analysis from POLITICO? POLITICO Pro is our premium intelligence service for professionals. From financial services to trade, technology, cybersecurity and more, Pro delivers real time intelligence, deep insight and breaking scoops you need to keep one step ahead. Email [email protected] to request a complimentary trial.