DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇧🇪 European Union

Cookie consent in België / Belgique

Consent and privacy law in België / Belgique

In short
Belgium's APD became internationally known for its decision against the IAB Europe Transparency and Consent Framework, finding that the TC String constituted personal data and that the framework breached the GDPR. That ruling shaped how programmatic advertising consent is handled across Europe. The Belgian authority requires opt-in consent for non-essential cookies and rejects pre-checked boxes. As a trilingual country, Belgium expects banners in the relevant national language for the audience. The APD has a dedicated cookie checklist and enforces against banners where the reject path is hidden or harder than accepting.
Authority
Gegevensbeschermingsautoriteit / Autorité de protection des données (APD / GBA)
Status

GDPR applies since 25 May 2018, with the Belgian Framework Act

Primary law
GDPR
Languages

nl, fr, de

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to 20 million euros or 4 percent of global annual turnover, whichever is higher

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

Local guidance

  • Account for the APD ruling on the IAB Europe consent framework
  • Serve banners in the relevant national language, Dutch, French, or German
  • Use opt-in consent and avoid pre-checked boxes
  • Follow the APD cookie checklist for banner design

How ConsentX helps

  • Prior-script blocking for true opt-in
  • Equal-weight Allow and Reject controls
  • Tamper-evident consent receipts and evidence
  • One-click withdrawal trigger
  • Built-in DSAR workflow with 30-day SLA
Get started free
yoursite.com
🇧🇪 Belgium

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Belgium using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Belgium.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Belgium requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Belgium audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

What was the Belgian DPA ruling on the IAB framework?+

The APD found that the IAB Europe Transparency and Consent Framework breached the GDPR and that its consent strings were personal data. The decision forced significant changes to the framework used in online advertising.

Do Belgian cookie banners need to be multilingual?+

Banners should be in the language relevant to the audience. Belgium has Dutch, French, and German speaking regions, so the consent notice should match the language of the user being served.

Governing law

🇪🇺 GDPR

Other countries in European Union

🇩🇪 Deutschland🇫🇷 France🇪🇸 España🇮🇹 Italia🇳🇱 Nederland🇵🇱 Polska🇵🇹 Portugal🇸🇪 Sverige🇦🇹 Österreich🇮🇪 Éire / Ireland🇩🇰 Danmark🇫🇮 Suomi