Service Public fédéral Finances – Complaint Upheld (Belgium, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Foreign Account Tax Compliance Act (FATCA) is a US law that requires foreign financial institutions to provide the US tax authority with information about the foreign bank accounts of US citizens. In order to enact FATCA outside the US jurisdiction, the US signed a number of international agreements with other Countries (“FATCA agreements”), including BelgiumAgreement between the Government of the Kingdom of Belgium and the Government of the United States of America to improve International tax compliance and to implement Fatca, April 23 2014.. In turn, Belgium implemented the FATCA agreement in its national lawBelgian Law of December 16, 2015. with the Law of December 16, 2015. Under the FATCA agreement and its implementation, financial institutions forwarded data about account holders to the Public Federal Service of Finances of Belgium (the controller). In turn, the controller forwarded the data to the US Internal Revenue Service (IRS). So, this disclosure required the transfer of personal data outside the EU/EEA and to the US. The data subject was a Belgium resident with a dual Belgian and American nationality (and therefore subject to FATCA). In 2020 a Belgian bank informed the data subject that it had disclosed his personal data to the controller, for further disclosure to the IRS. The data included his name, address, tax identification number, date of birth, account balance, account number, and other information relating to his bank assets. In 2022 the data subject filed a complaint against the controller, challenging the disclosure of his data to the IRS and questioning the legality of the FATCA agreement under EU data protection law. He put forward several demands: * he requested a halt to the disclosure of his data based on the FATCA agreement; * he required the bank to erase all the personal data it collected based on the FATCA agreement; * he required that the bank take all necessary steps to obtain the erasure of his data from the IRS. Failing that,
GDPR Articles Cited
The Foreign Account Tax Compliance Act (FATCA) is a US law that requires foreign financial institutions to provide the US tax authority with information about the foreign bank accounts of US citizens. In order to enact FATCA outside the US jurisdiction, the US signed a number of international agreements with other Countries (“FATCA agreements”), including BelgiumAgreement between the Government of the Kingdom of Belgium and the Government of the United States of America to improve International tax compliance and to implement Fatca, April 23 2014.. In turn, Belgium implemented the FATCA agreement in its national lawBelgian Law of December 16, 2015. with the Law of December 16, 2015. Under the FATCA agreement and its implementation, financial institutions forwarded data about account holders to the Public Federal Service of Finances of Belgium (the controller). In turn, the controller forwarded the data to the US Internal Revenue Service (IRS). So, this disclosure required the transfer of personal data outside the EU/EEA and to the US. The data subject was a Belgium resident with a dual Belgian and American nationality (and therefore subject to FATCA). In 2020 a Belgian bank informed the data subject that it had disclosed his personal data to the controller, for further disclosure to the IRS. The data included his name, address, tax identification number, date of birth, account balance, account number, and other information relating to his bank assets. In 2022 the data subject filed a complaint against the controller, challenging the disclosure of his data to the IRS and questioning the legality of the FATCA agreement under EU data protection law. He put forward several demands: * he requested a halt to the disclosure of his data based on the FATCA agreement; * he required the bank to erase all the personal data it collected based on the FATCA agreement; * he required that the bank take all necessary steps to obtain the erasure of his data from the IRS. Failing that,
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Service Public fédéral Finances in BE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Service Public fédéral Finances - Belgium (2025). Retrieved from cookiefines.eu
Last updated: