No. Sharing passwords in Belgium violates the Law of 30 July 2018 on the Protection of Privacy in Electronic Communications and the GDPR, risking fines up to €20M or 4% of global turnover. The Belgian Data Protection Authority (APD/GBA) actively monitors unauthorized access cases, with 2026 enforcement tightening under the Digital Services Act (DSA) obligations.
Key Regulations for Sharing Passwords in Belgium
- GDPR (Art. 25 & 32): Mandates strict access controls; password sharing breaches data security principles, exposing controllers to liability.
- Electronic Communications Law (Art. 46): Prohibits unauthorized access to “electronic communications services,” criminalizing password sharing under Article 550bis of the Criminal Code (up to 1 year imprisonment).
- APD/GBA Guidelines (2024): Explicitly state that shared credentials—even among employees—constitute a data breach if not documented in a Record of Processing Activities (RoPA).
Additional scrutiny applies under the Belgian Criminal Code (Art. 550ter) for fraudulent use of shared credentials, with courts treating negligent sharing as gross negligence. Employers must enforce multi-factor authentication (MFA) and prohibit password reuse per NIS2 Directive transposition (2026).