Flash News | New moratorium for enterprises in difficulty

Belgium has recently adopted extra measures to combat the negative economic impact of Covid-19.

The Law of 20 December 2020, which entered into force on 24 December 2020, provides for a second moratorium for companies in difficulty up until 31 January 2021 (included).

The scope of application of these measures is, however, more restrictive than during the first lockdown in March 2020. They only concern enterprises subject to closure pursuant to the Ministerial Orders of 28 October and 1 November 2020 (e.g. Horeca establishments, establishments in the cultural, festive, sports and events sectors, companies in the “contact business” sector, etc.).

In addition, as under the Royal Decree n°15, the concerned enterprises cannot have already been in a state of suspension of payments on 18 March 2020 to benefit from these measures.

As to the protection measures, they are identical to those created by the Royal Decree n°15. Please refer to our news of May 2020 for a description of the latter.

The Law of 20 December is available here.

***

For any question or guidance, please contact Fanny Laune

fanny.laune@simontbraun.eu
+32 2 543 70 80

Highlights 2020 and upcoming events in 2021

What happened in 2020, and what is to expect in 2021?

Every day in December, Simont Braun shared legal highlights of 2020 and upcoming events for 2021 in its End-of-Year Countdown.

Here is a recap of each highlight by area of practice:

1. Corporate law
2. Intellectual property
3. Digital finance & Financial services
3. Civil law and Dispute resolution
4. Real Estate & Public law.

 

Corporate law

 

Golden year of remote corporate meetings and e-signatures

Since 1 January 2020, the new Companies and Associations Code allows remote shareholders and board meetings in writing or via electronic means of communication under certain conditions. With Covid-19, the Belgian government further facilitated the process and temporarily removed the legal obligation for such remote meetings to be authorised by the articles of association.

An ambitious draft bill of 27 October 2020 now notably proposes to incorporate this measure into the Companies and Associations Code.  Let’s see how it progresses in 2021…

The growing use of electronic signature in business relations also plays a major role in organising these remote corporate meetings. For more information, see our previous news here authored by Sandrine Hirsch, Axel Maeterlinck and Maxime Born.

Simpler rules for companies’ internal regulations

Since 1 January 2020, the new Code of Companies and Associations applies to companies and associations created before 1 May 2019. The new Code modernises and simplifies Belgian corporate law.

Recently, the Constitutional Court further softened the rules regarding internal regulations (“règlement d’ordre intérieur” / “intern reglement”), stating that they may even contain provisions affecting the rights of shareholders or members, the powers of the corporate bodies and the organisation and procedures of the general meeting. In such cases, these internal regulations must be approved by a resolution meeting the attendance and majority requirements for an amendment of the articles of association.

The impact of the Shareholder Rights Directive II (SRD II) on listed companies

The SRD II has now effect in Belgium.

The law of 28 April 2020 amends the Companies and Associations Code, for example, concerning the regulation of intra-group conflicts, which is likely to apply much more frequently following the extension of its scope of application to “related parties” as defined in IAS 24.

This law also modifies the Transparency Law, allowing listed companies to request information from the relevant intermediary regarding the identity of their shareholders and their shares whatever the importance of their holdings.

The Belgian law is available here. Let’s see how it goes in practice…

UBO Register: new obligations

Since 11 October 2020, all entities reporting to the UBO Register must file any document proving that the information on their ultimate beneficial owners is “adequate, accurate and up-to-date”. These documents can be, for example, the share register, articles of association, notarial deeds, etc. Their access is restricted to the competent authorities.

We remind you that all modifications must be recorded in the UBO-register within a one-month period and that the information recorded must be confirmed annually.

For more information, see our previous news here authored by Sandrine Hirsch and Nikita Tissot.

 

Intellectual property

 

The protection of geographical indications under international trade agreements

Since 26 February 2020, the Geneva Act of the Lisbon Agreement on Appellations of Origin is binding the EU Member States.

We are eager to learn the next step: which PDO-PGI will be placed on the multilateral register and deserve protection in all countries of the Lisbon Union?

We guess all 3732 current records on the EU’s e-Ambrosia GI register will not have the privilege, but only a few reputed geographical product names. Let’s wait and see!

New regulatory framework for patent attorneys

On 1 December 2020, the first part of the reform came into force. It includes the rules governing access to the profession of patent attorney and the creation of a Belgian Institute for Patent Attorneys, which will notably represent the patent attorneys active in Belgium, enforce ethical rules and organise continuous training.

For a pragmatic overview of the new law by Emmanuel Cornu and Charlotte Behets Wydemans, click here.

Don’t forget to stay tuned for the second part of the reform coming in 2021.

Design protection under review by the EU Commission

Are you a designer or a company owning IP rights? Be aware that the EU Commission thinks about reforming national and EU design laws.

The 6 key lines of attack are:

  • raising awareness on the benefits of design protection,
  • increasing harmonisation of the protection across the EU,
  • simplifying the design registration process,
  • ensuring consistency with trademark and copyright laws,
  • taking better account of the increasing digitalisation and
  • introducing rules on spare parts, crucial in the automotive sector.

The full examination and its highlights are available here. We will keep you posted!

What does 2021 hold for the Vertical Block Exemption Regulation (VBER)?

The VBER is currently under review by the EU Commission. Will it be prolonged, revised, replaced? How will the future rules impact current and upcoming business models?

Let’s see what 2021 has in store for us!

For more information, see the European Commission’s press release here.

 

Digital finance and financial services

 

The impact of Brexit on the Belgian payments scene

The 2016 UK Brexit referendum results will finally kick in on 1 January 2021, but a lot has already happened.

Several UK e-money and payments institutions, mainly focusing on money remittance, FX and B2B services, have chosen Belgium as their post-Brexit EU hub. Around 20% of all Belgian payment institutions have now a Brexit background, adding a lot of maturity to the sector.

2021 will be a stress test and reveal how smooth the migration will be for payment service users.

A European legal framework for crypto-assets in 2021?

In September 2020, as part of its digital finance strategy, the European Commission proposed a draft regulation on markets in crypto-assets (MiCA) to regulate crypto-assets and related services not yet captured by existing EU regulations.

By bringing a legal framework for crypto-assets, MiCA intends to facilitate digital innovation while ensuring consumer protection and financial stability.

If adopted, this regulation will be a major development for FinTechs in 2021. We will keep you posted!

An EU single AML/CFT supervision body for financial institutions and an EU AML Regulation in 2021?

In November 2020, the EU finance ministers agreed to set up a single EU supervision body to prevent money laundering and terrorist financing. It would have direct supervisory competences regarding some categories of obliged entities (among which, credit institutions, payment institutions, e-money institutions and virtual asset service providers), and the power to take over supervision from national supervisors under exceptional circumstances.

They further agreed to support and invite the EU Commission to present a legislative proposal for an anti-money laundering and counter-terrorist financing regulation with a view to an even application of the provisions throughout the EU.

The Commission is expected to present legal proposals in this respect in early 2021. For more information, click here.

Outsourcing and cloud services under the financial supervisors’ radar in 2021?

On 1 January 2021, the EIOPA’s Guidelines on outsourcing to cloud service providers will come into force. Existing cloud arrangements will have to be put in line with these new requirements by 31 December 2022.

These guidelines show the supervisors’ increasing focus on (cloud) outsourcing arrangements. With the development of technology, many if not all financial actors outsource IT and other related services to external providers, thereby spreading the risk of the financial sector to non-related actors (e.g. ICT).

The EU and national supervisors have noticed this trend, and we can expect an increasing and direct control of key ICT providers by the financial supervisors in the near future.

 

Civil law and dispute resolution

 

Judicial reorganisation procedure (“PRJ/WCO”): two upcoming laws

The first draft bill facilitates access to the PRJ/WCO.

The second one applies to PRJ/WCO by transfer under judicial authority and requires the assignee to motivate its choice not to take over certain employees of the transferred enterprise on technical, economic & organisational grounds independent of the transfer itself.

Read here the key takeaways of these two draft bills by Fanny Laune and Maxime Born.

Stay tuned to learn more about these upcoming novelties in insolvency law!

Alternative dispute resolution (‘ADR’) is the new black in Brussels

On 3 September 2020, the Brussels French-speaking court for enterprises created a special section dedicated to conciliation, a well-known ADR mode.

A hearing before this section aims to help the parties reach a settlement with the support of a conciliator judge trained to ADR.

This measure is a big step to foster ADR in Brussels.

The roaring twenties’ complete makeover of the 1804 Belgian Civil Code

On 1 November 2020, the brand new Civil Code and the book on evidence came into force. On 1 September 2021, it will be the turn of the book on property law.

Recently, the new Belgian government also confirmed its commitment to proceed, in 2021, with the reform of the Law of obligations prepared by an expert commission including Rafaël Jafferali and Sander Van Loock.

This reform strikes a new balance between strengthening party autonomy and expanding the courts’ role where necessary.

New rules on evidence: same old same old?

On 1 November 2020, the new book VIII on evidence of the new Civil Code entered into force. Although the new rules do not seem to deviate from the old ones radically, new principles might prove to be game-changers and will at least modify the way litigators deal with evidence.

For the 10 key takeaways of the new book VIII, see our previous news here authored by Béatrice Thieffry and Charles-Edouard Lambert.

The most iconic change is probably that the judge may now shift the burden of proof in exceptional circumstances and with a special motivation.

 

Real estate and public law

 

Upcoming (r)evolution of Belgian property law?

Manuela von Kuegelgen explains 10 key practical takeaways of the upcoming reform here.

On 1 September 2021, Book III of the new civil Code on property law will come into force. The new rules are more transparent, flexible and modern, but many questions remain, and discussions will be intense for a while…

Don’t wait until the last minute to adapt your contracts. How? Where to start? Read our highlight here or contact our team for assistance.

The strengthening of public cooperation

When can public authorities cooperate without going through a public procurement procedure?

Laura Grauer highlights the conditions for such cooperation here, based on the CJEU’s recent decision clarifying the requirements that such cooperation must fulfil to remain outside the scope of public procurement rules.

Compulsory insurance in the construction sector: perfectly imperfect

One year ago, it became mandatory for service providers others than architects to cover for their civil liability and professional indemnity.

Nevertheless, in 2020, it is still not clear what needs to be insured by whom.

Thomas Braun and Alexia Faes clarify the existing rules here.

***

Thank you for following our End-of-Year Countdown! Our lawyers are happy to assist you should you need any guidance.

Don’t forget to sign up to our LinkedIn page never to miss our regular legal updates.

 

 

Judicial reorganisation procedure: two draft bills pending under the benefit of urgency

The legislator has tabled two draft bills, respectively on 10 June 2020 and 21 October 2020, to amend a.o. the provisions relating to the judicial reorganisation procedure (PRJ/WCO) governed by Book XX of the Code of Economic Law (CEL).

The review of these draft bills is being carried out under the emergency procedure notably because of the current economic crisis and its impact on the continuity of enterprises.

The first draft bill of 10 June 2020

It aims at adapting the PRJ/WCO to the needs of the economic crisis caused by the Covid-19 pandemic, notably by facilitating access to it, especially for SME’s.

There are three main proposals to this end:

1. The broadening of the possibility to appoint one or more judicial representatives for debtors in difficulty

  • by allowing the debtor himself to ask the president of the competent Court of Enterprise to appoint a judicial representative
  • when “exceptional circumstances or events […] endanger or are likely to endanger all or part of the proper functioning of the economic activities of the debtor” ;

2. The creation of a new provisional guarantee system

With this new system, the debtor could obtain, under the supervision of the court and, if necessary with the help of a company mediator, certain temporary payment facilities. Those facilities notably consist in a suspension period during which the obligation to pay remains intact, but is suspended without any sanction being imposed.

As far as the creditors are concerned:

  • They keep their right of set-off, their right of retention and the possibility to invoke the defence of non-performance;
  • They can also oppose these provisional measures throughout their duration before the president of the Court of Enterprise. In that case, it is up to the president of the Court to decide by assessing the interests of each party;
  • The creditors cannot terminate a contract during the suspension period. In addition, the penalty clauses are deemed unwritten.

3.  The relaxation of the formal admissibility requirements by abolishing the inadmissibility sanction of the application in case of failure to file a specific document/exhibit.

This being said, the debtor shall justify “in a detailed manner” the reason why he is unable to provide the requested document/exhibit. Such an impediment can only be temporary.

Certain documents (see art. XX.41, §2, 5° to 9° of the CEL) must be filed at least 48 hours before the hearing on the application for the PRJ/WCO. If it remains impossible for the debtor to provide these documents within the time limit indicated by the Court, the debtor may file an explanatory note in the register to justify this impossibility.

The second draft bill of 21 October 2020

It notably aims at incorporating the Plessers ruling of the Court of Justice of the European Union in Articles XX.84 and seq. of the CEL regarding the PRJ/WCO by transfer under judicial authority.

The legislator proposes to impose upon the assignee an obligation to motivate his choice not to take over certain employees of the transferred enterprise on technical, economic or organisational grounds that are independent of the transfer itself. The insolvency Court shall check this motivation when the authorisation of the transfer is granted.

Conclusion

Given the uncertain times we are living in now, the measures proposed by these two draft bills should be well received by enterprises.

The first one enables enterprises, particularly SMEs, to obtain the help of a judicial representative and some temporary payment facilities according to a procedure that is simpler, faster and more discreet than the PRJ/WCO. And if this procedure should prove insufficient, access to the PRJ/WCO would then be facilitated.

These measures are in line with the requirements of the European directive on frameworks for preventive restructuring, debt forgiveness and forfeiture, and measures to be taken to increase the efficiency of insolvency proceedings. Our legislator is apparently already anticipating the implementation of this Directive which should be transposed by 17 July 2021.

As for the measures proposed in the second draft, they clarify the rules on the maintenance of employees’ rights in the event of a PRJ/WCO by transfer under judicial authority to avoid such transfer operations under Belgian law to be questioned under the recent European case law.

We will of course monitor these next developments in the insolvency world closely, so stay tuned.

***

Fanny Laune and Maxime Born

Should you have any question, do not hesitate to contact Fanny Laune:
fanny.laune@simontbraun.eu

Simont Braun secures the admissibility of Test Achats’ class action against Ryanair before Belgian Courts

Simont Braun represents Test Achats in a major class action against Ryanair, which aims at obtaining indemnification for passengers who were victims of cancellations and delays of flights in summer 2018. The total compensation is estimated at €16 million.

On 7 December 2020, the Brussels Business Court declared this very large class action admissible. This is a significant victory for consumers’ rights given the number of people (about 30,000 passengers) represented in the context of a single class action in Belgium.

The Brussels Court set aside the provision of Ryanair’s general terms and conditions granting exclusive jurisdiction to Irish courts to hear the matter. This clause was considered as manifestly unfair – and this is a first in Belgian case law – towards all 30,000 passengers, building on the earlier case-law of the Belgian Supreme Court which had so far only examined such choice of court clause in individual cases. This is also the first time that a jurisdiction clause is declared null and void in the context of a class action in Belgium.

The Court also granted strong and very concrete publicity measures for this class action to ensure its efficiency (opt-in via e-mail – more information in this regard on Test Achats’ website).

This decision is a significant step for this exceptionally large class action in Belgium.

The Simont Braun’s team representing the interests in Test Achats is led by partner Rafaël Jafferali with the assistance of Fanny Laune (Counsel), Charles-Edouard Lambert and David-Alexandre Sauvage (Associates).

 

Jurisdiction, territoriality and data protection: the Belgian Google case

Summary  |  This article deals with the private international law aspects in the Belgian Google case. With its decision of 14 July 2020, the Belgian Data Protection Authority confirms it is competent to hear a complaint filed against Google’s Belgian subsidiary, Google Belgium SA, even though the latter does not determine the purposes and means for the processing – which is determined solely by Google LLC, the mother company located in California. The reasoning of the Authority is three-ponged. First, it establishes that European data protection rules apply to the processing activity in question by applying the case law of the European Court of Justice. This results in the Authority having jurisdiction over the alleged infringement, conditional on the fact that the “one-stop-mechanism” would not be applicable. Then, the Authority establishes that the “one-stop-mechanism” does not apply and that there is thus no lead supervisory authority as the company responsible for the processing activity in question (i.e. Google LLC) is not established in the European Union. Lastly, it establishes that the complainant could bring a complaint only against Google Belgium SA because of the inextricable link between Google Belgium SA and its mother company Google LLC, the ambiguity created by Google themselves and the need for effective recourse for European data subjects. An appeal against the decision is currently pending before the Brussels Court of Appeal, section Market Court. A decision definitely worth keeping an eye out for.

Old, but not forgotten. On 14 July 2020, the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit, hereinafter “BDPA” or the “Authority”) published a decision in a case involving Google following a failure to erase personal data as requested by a data subject (you can read the decision here). Google was found to breach multiple provisions of the General Data Protection Regulation (hereinafter “GDPR”). After an extensive review of the facts and interests at stake, the BDPA imposed a fine of 600k. Not surprisingly, the decision of the BDPA received widespread media attention. The fine imposed on Google is the highest fine to date.

The decision comprises an interesting aspect of private international law. Transnational companies pose multiple problems for national authorities. One of them is the complexity to determine where the processing takes place. The division of tasks within those companies is not always clear. Those questions were precisely what the Authority had to address in the case at hand. Before establishing a breach and being able to impose a fine, the BDPA first had to address whether it had jurisdiction as to such a breach under the GDPR. This is not new. The debate takes place in the bigger context of European countries struggling to ensure proper application of their national rules against transnational companies. It provides us with the opportunity to review the rules of jurisdiction and their functioning in the context of data protection.

The analysis of the BDPA is without a doubt of keen interest to many data protection lawyers, data protection officers, academics and companies, not only in Belgium but across the world.

After a short description of the case at hand (I), we will remind the applicable rules of jurisdiction and applicable law and its evolution in the context of data protection (II). Finally, we will describe how the BDPA applied them in its decision (III)

Facts

The facts leading to the case are quite simple and resemble a common scenario. When looking for information about the complainant on Google – by using his name and surname -, the search results referenced websites revealing personal information about the complainant that he wished others would not see when “googling” his name. The search results were deemed harmful to his honour and reputation.

More concretely, the case concerned a Belgian citizen, heading a big company at the time of the dispute, who had previously been in charge of several public positions and was a member of a Belgian political party, which a series of google search results referred to. In addition to that, some search results referred to articles that described how a complaint for harassment had been directed against him, which had been dismissed. Those websites were all referenced on Google.

The complainant sent Google a request to dereference a number of websites. He used the online form made available by the Google search engine created specifically for people to exercise their “right to be forgotten”, which is directly managed by Google LLC, the parent company located in California.

After examining the request, Google refused for various reasons, such as pages that were inaccessible, or which did not meet Google’s criteria for removal, but also on the ground of the public’s right to information, with considerations for the fact that the complainant is a public figure.

Following Google’s refusal, the complainant filed a complaint against Google’s Belgian subsidiary, Google Belgium SA, with the BDPA, aimed at obtaining the effective dereferencing of the websites at stake.

Preliminary central points of discussion during the proceedings were whether or not the complaint should have been directed against Google Belgium SA, Google LLC or Google Ireland Ltd and whether or not the BDPA had jurisdiction with regard to those parties.

Rules of jurisdiction and applicable law

Although the question of jurisdiction of Member States’ courts and authorities is not new and many issues had already been raised and solved under the regime of Directive 95/46/EC (see more in detail below), it is the first time the question of the BDPA’s jurisdiction is dealt with in Belgium.

Under the directive it was not mandatory for the Member States to grant corrective powers to their data protection authorities, such decision being left at their own appreciation. In Belgium, no such powers had been recognised to the Authority under the Privacy Act of 8 June 1992. Its role at the time was mainly advisory. One exception was the ability of the President of the Authority to file a suit with civil courts in Belgium.

Such power had been used to launch a case against Facebook Belgium BVBA, Facebook Ireland Ltd and Facebook Inc.[1]. At the time, the Brussels Court of Appeal had dismissed it on grounds of lack of jurisdiction of the Belgian courts. Facing the absence of clear rules of jurisdiction, the Brussels Court of Appeal had applied the general regime of private international law to consider that:

The action of the Authority was of a public nature, which excluded the application of both the Brussels Ibis Regulation[2] and of the Belgian Code of Private International Law;

Such exclusion still allowed the Court to have jurisdiction as to the complaints directed towards Facebook Belgium BVBA when it comes to its own behaviour since it was a purely internal situation. This, however, could only lead to sentencing actions which the Belgian company was directly and personally responsible for;

Also, the Court found no ground of jurisdiction as to the case filed against Facebook Ireland Ltd and Facebook Inc. and, therefore, declared itself incompetent.

This approach, combined with the lack of power of the Authority to impose administrative fines, actually led to a lack of effective recourse in Belgium against breaches committed by transnational companies.

The GDPR brought forward an improvement in this regard:

First, it gave corrective powers to all national data protection authorities of the different Members States, effectively offering an additional recourse to data subjects;

It drew clear rules of jurisdiction and applicable law, building upon earlier case law of the European Court of Justice (hereinafter “CJEU”) under Directive 95/46/EC; and

It created a general competence for “lead supervisory authority” when it comes to cross-border processing carried out by data controllers or processors whose main establishment is located in their territory.

Under the GDPR, the European privacy rules are applicable to “processing of personal data in the context of the activities of an establishment of a controller or a processor in the European Union, regardless of whether the processing takes place in the European Union or not” (art. 3.1 GDPR). They are also applicable to “processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the European Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the European Union” (art. 3.2 GDPR).

Article 55 GDPR provides that “each supervisory authority shall be competent for the performance of the tasks assigned to and the exercise of the powers conferred on it in accordance with this Regulation on the territory of its own Member State”. Recital 122 of the GDPR clarifies that this should cover in particular “processing affecting data subjects on its territory or processing carried out by a controller or processor not established in the Union when targeting data subjects residing on its territory”.

These provisions result from previous case law of the CJEU under Directive 95/46/EC. The first and most well-known case rendered was the Google Spain judgment (CJEU, 13 May 2020, C-131/12, Google Spain et Google Inc. v. Agencia Española de Protección de Datos (AEPD) et Mario Costeja González). In this decision, the Court considered that the promotion of the processing activities of Google Inc by its Spanish subsidiary (offering advertising space to make the search engine profitable) was sufficient for considering the latter as an establishment in the sense of Directive 95/46/EC. Consequently, in this case, Spanish law was applicable to the processing undertaken by Google.

Later, in its Weltimmo judgement, the CJEU stated that any national law on the protection of personal data applies where the data controller exercises, “through stable arrangements in the territory of that Member State, a real and effective activity — even a minimal one — in the context of which that processing is carried out” (CJEU, 1 October 2015, C-230/14, Weltimmo s. r. o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság). Where their national law is applicable, data protection authorities may exercise effective powers of intervention (e.g. impose penalties) on the data controller or processor within the territory of their own Member State.

The combined effect of those cases strengthened the power of data protection authorities to enforce European data protection law on transnational companies, provided that the transnational companies exercised part of their activity through an establishment in that territory. This would apply even if the local entity’s activities merely consists in advertising the services of its parent company (the data controller). It is, therefore, not required that the said establishment actively participates in the processing of personal data, as later confirmed in the Wirtschaftsakademie judgment (CJEU, 5 June 2018, C-2010/16, Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v. Wirtschaftsakademie Schleswig-Holstein GmbH).

It is the application of those rules that the BDPA had to consider for the first time in the present decision.

The analysis of the BDPA

As explained above, in the case at hand, the BDPA had to determine whether or not it had jurisdiction with regard to the refusal of Google to dereference the websites at stake.

First, the BDPA examined whether or not the GDPR was to be applied. Territoriality is an important principle of the GDPR. The territorial competence stems from the principle in international public law where a State only has competence to enforce the law on its own territory. On that point, when interpreting article 3 GDPR, the BDPA observed a legal gap. The law does not address the situation where a data controller having an establishment in the European Union does not process personal data as part of the activities of that establishment. Applying the case law of the CJEU, the BDPA concluded that the GDPR was applicable because (i) the complainant resided in the European Union, and that (ii) otherwise, if the GDPR did not apply, no adequate, nor full protection could be offered to data subjects.

The next step consisted in determining whether the “one-stop shop” mechanism of article 56 GDPR applied. In other words, whether the BDPA lacked competence because another data protection authority enjoyed a prevailing jurisdiction as a lead supervisory authority. Google argued that this was the case, since the company had chosen its main establishment in Ireland through Google Ireland Ltd. Going through a detailed analysis of the division of tasks between the various companies (Google Inc LLC, Google Ireland Ltd, Google Belgium SA) the BDPA concluded that Google Ireland was not responsible for the processing at stake, i.e. (de)referencing results on the Google search engine. The responsibility for the functioning of the Google search engine and its three phases, namely exploration, indexation and selection of results, falls solely with Google LLC. Google Ireland only processes data for modifying the search results based on the search history of users. It thus concerned a different processing activity than the one in dispute, for which Google Ireland Ltd could not be seen as the main establishment in the sense of article 4.16 GDPR. This line of reasoning has been confirmed by the Council of State in a parallel case against Google in France by a decision of 19 June 2020. The Council of State held that the “one-stop shop” mechanism was not applicable. It confirmed that the French data protection authority (“CNIL”) was competent to impose a €50 million sanction on Google LLC (you can read the decision here).

Finally, the BDPA had to consider whether or not it was competent to hear the complaint filed specifically against Google Belgium SA and not against Google Inc or Google Ireland Ltd. For this part, the BDPA relied on the Google/CNIL judgement of the CJEU (CJEU 24 September 2019, C-507/17, Google LLC v. Commission Nationale de l’Informatique et des Libertés (CNIL)) to allow the complaint by virtue of the inextricable link between Google LLC and Google Belgium SA, and the requirement of adequate and complete protection of data subjects. It was not disputed that Google Belgium SA constituted a “stable establishment” in Belgium. It was also established that the processing was indeed carried out in the context of the activities of the Belgian establishment. The BDPA highlights the international reach and the ambiguity created by Google itself which made it difficult to clearly differentiate the responsibilities of the different entities within the Google group. Therefore, even though Google Belgium SA does not determine the purposes and means for the processing – which is determined solely by Google LLC – the inextricable link and the need for effective recourses that had been highlighted in the Wirtschaftsakademie judgement justified that the complainant directed his complaint to Google Belgium SA alone.  In the BDPA’s view, it is of little importance whether the processing of the data is actually performed outside the European Union by Google LLC employees.

Particular in the reasoning of the BDPA, is that “as its activities are inextricably linked to those of Google LLC, the Belgian subsidiary – given the role it plays and itself describes – can be treated in the same way as a data controller for processing conducted within the context of the operation of Google’s search engine and responses to delisting requests in Belgium”. In these circumstances, Google Belgium SA is responsible for ensuring the compliance of the GDPR in Belgium.

Other aspects of the decision

The decision also deals with other interesting aspects such as the balance of interests between the “right to information” and the “right to be forgotten”, the territorial reach of the dereferencing request (cf. Google/CNIL judgement) and the criteria for determining the height of the fine.

The decision was published on the website of the BDPA because of “the importance of transparency in decision-making process and the decisions of the Litigation Chamber, and in light of the scope of this decision, which concerns a very large number of data subjects – i.e. all Belgian residents, and by extension all residents of the EEA – who might be listed by Google’s search engine in search queries using their first and last names as keywords”.  In the case at hand, the BDPA has decided not to redact Google’s identifying information. This is exceptional. The BDPA is of the opinion “that these redactions are necessary to the pursuit of plaintiff’s objective, which is to be delisted by Google”. The argumentation of Google Belgium SA that the publication of the decision would be counterproductive and would stigmatise Google was rejected. In the reasoning of the BDPA “it is relevant to give this decision sufficient publicity to raise awareness among internet users of their rights under the GDPR”.

Conclusion

The decision, the first one by the BDPA addressing its international jurisdiction since the GDPR entered into force, gives much food for thought. The BDPA confirms it is competent to hear a complaint filed against Google’s Belgian subsidiary, Google Belgium SA, even though the latter does not determine the purposes and means for the processing – which is determined solely by Google LLC, the mother company located in California -.

In its reasoning, the BDPA considers all the existing case law and incorporates it in the recent legal development of data protection law. The BDPA comes up with a practical solution combining a strict legal formalism and the needed considerations for the right to an effective recourse recognised by the GDPR. For David Stevens, the president of the BDPA, this case is of great importance:

This decision is not only important for our Belgian citizens, it also demonstrates our ambition to better protect online privacy together with our fellow European regulators. Concrete actions against such global players are therefore required. In this way, we want to actively contribute to a true data protection culture on a European level as well.” (you can read the article here)

The decision of the BDPA has the potential to significantly impact the way in which global organisations should be thinking about their data protection strategy in Europe.

It remains to be seen if this line of reasoning will be confirmed by the Brussels Court of Appeal, section Market Court. In appeal, it is highly likely that a prejudicial question will be asked to the CJEU regarding the interpretation of the GDPR. In the parallel case in France, Google requested the Council of State – but was denied – that the following question would be asked:

Can a controller established in a country outside the European Union with several establishments in the European Union and a designated European registered office in the territory of a Member State have a “main establishment” within the meaning of Article 4(16) of the GDPR in that Member State in the event that decisions on the purposes and means of processing are taken in that third country?”

We look forward to seeing more development on this matter.

***

Eric De Gryse and Christopher Dumont

You may always contact us should you have any questions.
eric.degryse@simontbraun.eu – +32 2 533 17 52
christopher.dumont@simontbraun.eu – +32 2 533 17 58

With the contribution of Viktor Francq, summer intern 2020 at Simont Braun

 

[1] Brussel, 8 mei 2018, R.D.C.-T.B.H., 2020, nr. 1, p. 75.

[2] Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters, Pb.L. 20 December 2012, issue 351, 1.

Have you thought of mediation to solve your disputes?

As part of our objective to offer tailored and efficient solutions to our clients, we are happy to announce that Fanny Laune has become a registered mediator in civil and commercial matters.

Mediation offers many advantages, in particular, the confidentiality of the process, and the possibility to create tailor-made and pragmatic solutions close to every party’s needs.

Simont Braun gathers lawyers having longstanding experience in mediation (as mediator or counsel), notably in civil and commercial matters, real estate, construction, intellectual property and corporate law.

Did you know?

Thomas Braun is a member and former president of the Belgian Chamber of Conciliation, Arbitration and Mediation in Real Estate matters (CCAI).

Emmanuel Cornu acted in the first mediation proceedings organised by the Board of Appeal of the EUIPO (European Union Intellectual Property Office).

Any question?

Do not hesitate to contact Thomas Braun, Emmanuel Cornu or Fanny Laune.

Visit our mediation page.

Simont Braun achieves excellent results in The Legal 500 ed. 2020

This year again, Simont Braun has been highly recognised in The Legal 500, a reference guide ranking leading law firms around the world.

  • FinTech  |  Tier 1
    Simont Braun is THE specialist firm in fintech in Belgium
  • Intellectual Property  |  Tier 2
  • Real Estate  |  Tier 2
  • Corporate, M&A  |  Tier 3
  • Dispute Resolution  |  Tier 3

Manuela von Kuegelgen is individually recognised as a Leading Individual in Real Estate for the second year in a row.

Our young generation is also under the spotlight, with Rafaël Jafferali ranked as a New Generation Partner in Dispute Resolution and Laura Grauer as a Rising Star in Real Estate.

Nine of our lawyers are also recommended

Commercial, corporate and M&A
– Paul Alain Foriers
– Sandrine Hirsch
– Steven Callens

Dispute resolution
Paul Alain Foriers

Fintech
– Catherine Houssa
– Philippe De Prez
– Thomas Derval

Intellectual property
– Emmanuel Cornu
– Eric De Gryse
– Fernand de Visscher

We are very grateful to our clients and peers who keep recognising Simont Braun as a top law firm in the Belgian market. Thank you to our teams for their hard work!

All rankings and quotes are available here.