Service Public fédéral Finances – Complaint Upheld (Belgium, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Belgium's tax authority was challenged for sharing a resident's personal data with the US IRS under the FATCA agreement. The resident argued that this sharing was not legal under EU data protection laws. This case raises important questions about how personal data is handled across borders.
What happened
The tax authority disclosed a Belgian resident's personal data to the US IRS without the resident's consent.
Who was affected
A Belgian resident with dual Belgian and American nationality whose personal data was shared.
What the authority found
The authority upheld the complaint, indicating that the tax authority's actions may not comply with EU data protection laws.
Why this matters
This case emphasizes the need for clear legal bases when sharing personal data internationally. Businesses should be cautious about how they handle data that crosses borders.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Foreign Account Tax Compliance Act (FATCA) is a US law that requires foreign financial institutions to provide the US tax authority with information about the foreign bank accounts of US citizens. In order to enact FATCA outside the US jurisdiction, the US signed a number of international agreements with other Countries (“FATCA agreements”), including BelgiumAgreement between the Government of the Kingdom of Belgium and the Government of the United States of America to improve International tax compliance and to implement Fatca, April 23 2014.. In turn, Belgium implemented the FATCA agreement in its national lawBelgian Law of December 16, 2015. with the Law of December 16, 2015. Under the FATCA agreement and its implementation, financial institutions forwarded data about account holders to the Public Federal Service of Finances of Belgium (the controller). In turn, the controller forwarded the data to the US Internal Revenue Service (IRS). So, this disclosure required the transfer of personal data outside the EU/EEA and to the US. The data subject was a Belgium resident with a dual Belgian and American nationality (and therefore subject to FATCA). In 2020 a Belgian bank informed the data subject that it had disclosed his personal data to the controller, for further disclosure to the IRS. The data included his name, address, tax identification number, date of birth, account balance, account number, and other information relating to his bank assets. In 2022 the data subject filed a complaint against the controller, challenging the disclosure of his data to the IRS and questioning the legality of the FATCA agreement under EU data protection law. He put forward several demands: * he requested a halt to the disclosure of his data based on the FATCA agreement; * he required the bank to erase all the personal data it collected based on the FATCA agreement; * he required that the bank take all necessary steps to obtain the erasure of his data from the IRS. Failing that,
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Service Public fédéral Finances in BE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Service Public fédéral Finances - Belgium (2025). Retrieved from cookiefines.eu
Last updated: