We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.

Belgian data transfers to US ‘breach GDPR’
(Pic: Shutterstock)
26 May 2025 data law Print

Belgian data transfers to US ‘breach GDPR’

Lawyers at McCann FitzGerald have highlighted a decision by Belgium’s data-protection authority that they say raises questions about the transfer of certain data from tax authorities in the EU to their US equivalent, the Internal Revenue Service (IRS). 

The Belgian watchdog held that certain transfers of personal information on US account-holders in Belgian financial institutions by the country’s tax authority to the IRS were not compliant with the GDPR. 

The transfers at issue were made under bilateral agreements between some EU states and the US that cover the US Foreign Account Tax Compliance Act (FATCA). 

Bilateral agreements 

FATCA, which is aimed at reducing tax evasion on offshore assets by US-resident taxpayers, requires some foreign financial institutions to impose a 30% withholding tax on US source income or proceeds unless FATCA documentation requirements are met. 

The bilateral deals remove the withholding requirement if institutions comply with local laws that require them to provide details on certain account holders to their national tax authority, which can then transfer the information to the IRS. 

The McCann FitzGerald lawyers note that the Belgian data watchdog held that the agreement between the Belgian government and the US on FATCA did not comply with articles 46(2)(a) or 49(1)(d) of the GDPR. 

The data authority also found that the agreement breached the principle of proportionality, having regard to the purposes for which personal data is transferred. 

The lawyers note that the decision is subject to appeal. 

‘Fresh scrutiny’ 

McCann FitzGerald says that, while the decision applies only to the Belgian arrangements, Luxembourg, France, and the Netherlands have all had parliamentary questions or regulatory commentary questioning whether current FATCA data transfers are compliant with EU data-protection law. 

They add that the Belgian decision could trigger fresh scrutiny of these arrangements. 

“Questions may be raised in Ireland and in other EU member states as to whether FATCA transfers between their competent tax authorities and the IRS are operating on a similar basis to those in Belgium and, if so, whether any changes need to be made to them to ensure they are compliant with GDPR requirements,” the firm’s lawyers conclude. 

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland

Content related to data law

data law
Monitor British data rules, commission urged

EDPB welcomes ‘continuing alignment’ on frameworks
data law
Clarity on ‘excessive’ requests for data – WF

Threshold for proving abuse high, AG opinion finds

data law
Data bodies see risks in EU’s GDPR proposals

'Change goes further than recent CJEU case law'

data law
Microsoft faces ICCL data complaint on Gaza

Tech ‘enables mass surveillance of Palestinians’

Copyright © 2025 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.