On 24 May 2023, the Belgian Data Protection Authority (DPA) Litigation Chamber issued its ruling in the investigation into the transfer of tax data from Belgium to the United States under the Foreign Account Tax Compliance Act (FATCA) compliance with the General Data Protection Regulation (GDPR). The DPA ruled that the FATCA agreement doesn't comply with the GDPR, noting that the transfer of tax data violates the principles principle of purpose, data minimisation and proportionality of GDPR. Furthermore, the APD pointed out that the FATCA agreement doesn't offer adequate safeguards for exported personal data, stating that a similar level of protection compared to the EU can not be guaranteed in the US. The DPA barred Federal Public Service Finance (SPF Finance) from processing the complainants' data and directed them to inform the concerned persons about the data processing under the FATCA agreement. The plaintiffs filed a complaint with the DPA against SPF Finances, alleging that SPF Finance unlawfully transferred the personal data of accidental Belgian-Americans to the US. Under FATCA, national financial institutions are required to transmit personal data, including tax data, to the tax authority FPS Finance, which transfers it to the US Internal Revenue Service, for the purpose of combating tax fraud.
Original source