AUTHOR ARCHIVES: Lauren Cuyvers


Lauren Cuyvers

Lauren Cuyvers is an associate in the Brussels office and a member of the Privacy & Data Security Group. Lauren’s data protection practice includes a focus on GDPR compliance and data transfer advice, as well as related privacy litigation. Read more→

GDPR Fragmentation May Appear More Significant than Intended

Posted on: 26 Jun 2018

With the entry into application of the GDPR on May 25, 2018, the EU Member States were expected to have adopted national legislation implementing the regulation. To date, however, only 30% of Member States have effectively passed legislation, which still leaves the legal landscape to be precarious. The GDPR allows for deviations and specifications in several areas, for instance to introduce specific conditions or limitations for the processing of biometric, genetic, or health data; to create specific protection regimes for employee data; or to restrict the rights the GDPR grants to individuals. […] Read more

EU Supervisory Authorities Disclose DPO Notification Tools

Posted on: 17 Jun 2018

Shortly after the GDPR’s entry into application on May 25, 2018, several EU Supervisory Authorities have activated online Data Protection Officer (“DPO”) notification tools, allowing organizations to communicate the contact details of their DPO to the Supervisory Authorities, which is a requirement under Article 37 GDPR. While the DPO Guidelines of the Article 29 Working Party (“WP29”; replaced by the European Data Protection Board, “EDPB”) do not emphasize the requirement to notify DPOs, Supervisory Authorities (“SAs”) view these notifications as important, and have made available […] Read more

Belgian Privacy Commission Issues DPIA “Black” and “White List” Recommendation

Posted on: 03 May 2018

On February 28, 2018, the Belgian Privacy Commission issued a recommendation on the position it takes with regard to data protection impact assessments (or “DPIAs”) as foreseen in the GDPR. A DPIA under the GDPR is similar in scope and impact to its predecessor, the PIA (or “privacy impact assessment”) and requires businesses to assess processing operations that are likely to present a high risk to individuals’ rights. Such “high risk” is, for instance, likely to present itself in processing operations involving sensitive data, systematic monitoring, or vulnerable individuals such […] Read more

Belgian Court Uses Novel Argument to Assume International Jurisdiction over Non-EU Facebook Entities

Posted on: 21 Mar 2018

On February 16, 2018, the Brussels Court of First Instance rendered a judgment in proceedings brought by the Belgian Privacy Commission’s against Facebook. The case forms one part of two-tiered litigation brought by the Commission in regards to alleged monitoring practices vis-à-vis Belgian internet users. In parallel to the proceedings that resulted in the judgment cited above, the Belgian Privacy Commission had also initiated a procedure referred to as “summary proceedings” against Facebook – and Facebook defeated the Privacy Commission’s claim before the Brussels Court of Appeal in […] Read more

Privacy & Data Security Team Launches Unique GDPR Tracker Website

Posted on: 08 Feb 2018

“To Harmonize or Not To Harmonize: That Is the Question.” With the the GDPR fast approaching on May 25, 2018, European Member States are getting ready with the implementation of national legislation. Although the GDPR is a regulation, and directly applicable in all Member States, it has left room for country-specific legislation in several different regards (such as the processing of employee data or individual rights restrictions). Most Member States still only have draft legislation at this point, but the expectation (or at least intention) is that each country will have adopted legislation […] Read more

Data Protection Litigation to Become a New Reality in Belgium

Posted on: 22 Dec 2017

On November 16, 2017 the Belgian Senate adopted an “Act on the Establishment of the Data Protection Authority” (the “Act”). Following Austria, Germany, and the UK, Belgium is the fourth EU Member State to pass a domestic statute implementing the General Data Protection Regulation 2016/679 (“GDPR”) prior to its effective date of 25 May 2018. The new Belgian Act sets forth the structure and legal organization of the Data Protection Authority (“DPA”), which will serve as the successor of the current Belgian Privacy Commission. More importantly, the Act significantly broadens the DPA’s […] Read more

WP29 issues Guidelines on Automated Individual Decision-Making and Profiling in the GDPR

Posted on: 31 Oct 2017

On October 18, 2017, the Article 29 Working Party (the “WP29”) published Guidelines clarifying the new profiling and automated decision-making provisions of the General Data Protection Regulation (“GDPR”).  European Union regulatory authorities and the WP29 consider that technological developments that facilitate the creation of individual profiles, such as big data analytics, AI and machine learning, have created new risks to data protection.  As the majority of industries (insurance, marketing and finance, and even healthcare) already apply and use these new techniques today, the WP29 […] Read more