Belgian Data Protection Authority able to suspend GDPR non-compliant .be domain names within 14 days of notification

Dec 3, 2020 12:00:00 AM | Belgium Belgian Data Protection Authority able to suspend GDPR non-compliant .be domain names within 14 days of notification

The Belgian Data Protection Authority (GBA) announced, on 1 December 2020, that it has agreed on a protocol with DNS Belgium, the non-profit organisation responsible for managing the .be top level domain, as well as .brussels and .vlaanderen.

The protocol will allow the parties to make unavailable any .be websites which violate the GDPR, in a quicker and more efficient manner. 

Process

In accordance with DNS Belgium's general terms and conditions, the owner of the domain name needs to put an end to the infringements within 14 days. If not, DNS Belgium can revoke the right to use the domain name. At the same time as informing the owner, DNS Belgium will have the domain name refer to a warning page of the GBA, hosted by DNS Belgium. The effect of this measure is that the original website linked to the domain name can no longer be visited via the specified domain name. After an initial period (at least 6 months + 14 days), DNS Belgium can definitively revoke the rights to use the domain. 

After the period of 14 days has elapsed and in so far as DNS Belgium has not been notified of any remedial action taken by the domain owner or requested by the GBA to suspend or halt the procedure, DNS Belgium sends a reminder to the GBA so that it can verify that the owner has complied with the rule.

If DNS Belgium receives notification from the GBA that the registrant has now complied with the rules or that the procedure should be suspended or discontinued for other reasons, or if DNS Belgium has not heard from the GBA within 14 days of the reminder being sent, DNS Belgium will stop the referral to the page of the GBA and reinstate the domain name in the .be-zonefile

GDPR violation

DNS Belgium will provide, among other things, any information it holds as requested by the Belgian GBA in the context of an investigation. The protocol highlights that the evaluation of websites in violation of GDPR will remain with the competent tribunals and public authorities, such as the GBA. The protocol does not specify what exactly constitutes a ‘GDPR violation’ worthy of the measures, but it can be expected that non-compliance with rules on cookies and consent will be among them.

Future

DNS Belgium undertakes to inform the GBA as soon as it establishes that it is technically and legally possible to extend the protocol to the other two domain name zones it manages, .vlaanderen and .brussels. 

The protocol

The protocol is available in Dutch and in French