Court case 2023/AR/801 – Court Ruling (Belgium, 2023)

On 24 May 2023, the Belgian DPA issued a decision in which it ordered a ban on the transfer of tax data of accidental US citizens residing in Belgium to the US. Despite the fact that Article 96 GDPR provides that agreements concluded prior to GDPR which comply with the EU legislation at the time of their conclusion are still valid under GDPR, the DPA considered the FATCA agreement as not in line with the GDPR (see GDPRhub summary). The controller filed an appeal with the Appeal Court requesting that the decision be suspended and annulled. The Court indeed has jurisdiction to suspend a decision if, prima facie, it appears that the decision could be annulled and if the immediate execution of the decision is likely to cause serious harm that would be difficult to repair. The controller argued that the decision violated Article 96 GDPR by holding that the FATCA agreement was invalid and that its execution caused serious harm to Belgium's international reputation and relations. The Court considered that, contrary to the interpretation of the DPA, Article 96 GDPR does not provide for a time limit on the validity of international agreements concluded prior to the GDPR. In addition, the Court held that if the decision was not suspended, the Belgian State would not be able to meet its commitments to the USA, i.e. to transfer the data before 30 September. The contested decision placed the Belgian State at odds with its international commitments, whereas Article 27 of the Vienna Convention on the Law of Treaties states that a party may not invoke the provisions of its domestic law to justify its failure to perform a treaty. The Court then carried out a balance of interests and considered that although the transfer of the data potentially infringed the provisions of the GDPR, the objective was to prevent tax fraud, i.e. an objective of general interest. This objective outweighed the interests of the data subjects. As a result, the Court decided to suspend the DPA's decis