With the deliberations of 17 September 2020, the CNIL adopted new guidelines on cookies and other trackers. The new guidelines replace those the Conseil d'Etat had deemed partially invalid in a decision of 20 June 2020, due to the general and absolute ban on cookie walls they contained.

Privacy & data protection

The Litigation Chamber of the Data Protection Authority (DPA) ruled in decision No 35/2020 that an unspecified Belgian disciplinary and judicial authority (“Sports Court”) was entitled to forward a profile photo of Facebook to sports commissioners in order to have a so-called “ban on presence”, meaning that one is not allowed to attend a sporting event, enforced. A brief explanation.

Privacy & data protection

Earlier this year, the European Insurance and Occupational Pensions Authority (EIOPA) published the final version of its guidelines on outsourcing to cloud service providers. These guidelines were finalized after a public consultation procedure. In this blogpost, we briefly examine what these guidelines mean for insurance undertakings. 

News & announcements

Our contribution to the latest Global Legal Insights is available right now. This edition is focused on fintech. Geert Somers and Bernd Fiten share their insights: how did Belgium become such a major country for fintech, and what are the offerings, opportunities and regulations in the future?

EU Court of Justice
Privacy & data protection

On 17 July 2020, the Court of Justice of the European Union ('CJEU') delivered its long awaited judgment in the Schrems II case. The Court declared the Privacy Shield as a mechanism for the transfer of personal data from the EU to the US invalid. 

council of state

The French data protection authority (the CNIL) is not allowed to prohibit cookie walls according to the French Conseil d’Etat, but the CNIL is still allowed to recommend not to use cookie walls. If a cookie wall violates the principles of the GDPR or French Data Protection Act, the CNIL may still sanction the use of such cookie wall. A brief analysis of the judgment.

Hans Graux
News & announcements

Hans Graux, partner at Timelex, has joined the EEMA Board of Management. EEMA is the leading independent, not for profit, European Think Tank including topics on identification, authentication, privacy, risk management, cyber security, the Internet of Things, Artificial Intelligence and mobile applications.

gdpr fines
Privacy & data protection

It is about two years ago that the General Data Protection Regulation (also known as the GDPR) became applicable. Just like last year, it is time to take a preliminary stock of the enforcement actions taken by the supervisory authorities in the past year and to make a forecast of what organisations will face in 2020 and the coming years in terms of data protection and GDPR.


With this new opinion, the EBA wants to clarify a few things in order to enable customers to use the new and innovative payment services offered by TPPs. Competent authorities in the Member States must now take action to ensure that the ASPSPs under their supervision provide compliant interfaces without obstacles.

Stay up to date

Timelex newsletter. On signup you agree to our privacy policy.