On 26 October 2016, the Belgian Secretary of State responsible for privacy matters, Philippe De Backer (the “Secretary of State”), presented a policy note which sets out his plans in the area of privacy/data protection for the upcoming year (the “Note”). The Note builds on the Secretary of State’s previous note presented on 2 June 2016 (See, VBB on Belgian Business Law, Volume 2016, No. 6, p. 12, available at www.vbb.com).
The Note’s main areas of focus include: (i) the reform of the Belgian data protection rules against the backdrop of the recently adopted European Data Protection Regulation; (ii) personal data and public security; (iii) personal data held by public authorities; (iv) open data and big data; (v) privacy in the new media; and (vi) the security of personal data.
Reform of Belgian Data Protection Rules
The Note starts by discussing the recent adoption of the EU General Data Protection Regulation (the “GDPR”). The Secretary of State intends to make use of the two year transitional period foreseen by the GDPR for its entry into force to guide data controllers and processors in seizing the opportunities that will arise from the GDPR and complying with the new data protection rules. This guidance will be provided through a consultation platform on privacy, which is composed of representatives of the sector federations and civil society.
In order to achieve the objectives of transparency and accountability set forth in the GDPR, the Secretary of State intends to take concrete initiatives such as the creation of a ‘passport for privacy’. The aim of such a passport would be to enable citizens to know in which databases their data is stored and how their data is being processed. Furthermore, the Secretary of State intends to facilitate the possibility for victims to denounce abuses by elaborating a procedure for the treatment of complaints by the competent privacy commission.
Finally, the Secretary of State will introduce a bill in 2017 to reform the Commission for the Protection of Privacy (Commissie voor de bescherming van de persoonlijke levenssfeer / Commission de la protection de la vie privée – the “Privacy Commission”). The Secretary of State plans to confer the power on the Privacy Commission to impose administrative penalties, strengthen the independence of the Privacy Commission’s members and reduce administrative burdens.
Personal Data and Public Security
The Secretary of State will strive for a security policy that respects citizens’ privacy and will ensure that the security measures adopted by the government comply with national and international standards of respect for private life.
Personal Data Held by Public Authorities
As regards personal data held by public authorities, the Note indicates that transparency towards citizens concerning the use of their data by public authorities and the re-use of such data will be a policy priority in the upcoming year. In this regard, the Note underlines that criteria clearly defined in a framework law and a data protection officer within each administration will enable public authorities to perform their tasks more efficiently with respect for private life. In addition, emphasis will be put on the anonymisation of data.
Regarding E-health, the Note mentions that the evolution towards a more computerised health care system (electronic medical records, deletion of the medical certificate) will take place in close consultation with the Minister for Social Affairs and Public Health and the Minister responsible for the Digital Agenda.
Open Data and Big Data
Regarding private data, the Note mentions that societal and economic opportunities could result from “open data” and “big data”. “Open data” involves the notion that information, including geographical data, meteorological data and data from publicly funded research projects, should be freely available for use and re-use. “Big data” refers to large amounts of data produced at a high pace from a large number of sources.
By way of example, the Note indicates that the results of medicine testing carried out in private R&D could bolster healthcare and prevention policies. Again, the Secretary of State will try and exploit these opportunities while ensuring a high level of data protection. This should be achieved through the use of anonymised data and by “privacy by design” which refers to the integration of privacy safeguards into software systems and organisational structures during their development.
Furthermore, in order to help companies respect privacy, good practices will continue to be exchanged through the consultation platform on privacy, and, on that basis, the government will establish a checklist for companies to enhance data protection.
New Media
The Note mentions that the involvement of today’s youth in digital media and their active participation in the information society is an opportunity to hold a discussion on privacy at several levels. One key question is how to maximise the potential and benefits of technological developments, both for the individual and for governments and enterprises. At the same time, the risks of abuse should be minimised. The case-law of the European Court of Human Rights and the Court of Justice of the European Union should serve as guidance in this respect.
Security of Personal Data
Finally, as previously announced, in order to increase the security of personal data, the Secretary of State intends to consult stakeholders on the possibilities of creating a certification mechanism for data protection compliance. Such a certificate is promoted under the GDPR as a means to demonstrate that a specific company has implemented, and complies with, specified privacy practices.
In addition, the Secretary of State wishes to launch a pilot project on the use of blockchain technologies in the public sector. Blockchain technologies, the technologies underlying the Bitcoin currency, rely on a network effect to enhance security.
Dutch and French versions of the Note can be found here.
