More than four months after the federal elections, the new Belgian government has finally been sworn in. In many respects, this centre-right government is unique and unlike any previous administration. For example, it's the first government in 25 years not to feature a socialist party and the first coalition ever with only one French-speaking party. In this post, I'll be discussing its unprecedented focus on privacy.
In addition to specific chapters on the protection of Privacy and on cyber security, the Coalition Agreement contains numerous other references to Privacy throughout. What's more, for the first time ever, a 'secretary of state' for Privacy has been appointed (this is a member of the cabinet who is assigned and reports to one of the ministers).
So what does this mean in practice? As always the text of the coalition agreement remains vague. However, the salient points are:
Increased privacy protection versus increased data mining
Interestingly, reference to privacy protection is mostly made in relation to government decisions to increase data mining and profiling. The government intends to extend the police's powers for monitoring CCTV; increase the Judiciary Service and National Security's powers to proactively investigate crimes; better monitor asylum seekers and enable cross-access to different public databases.
On the one hand it is obviously positive that the new government wants to reinforce the protection of individual's privacy. However, reading between the lines, it seems the focus on privacy is also somewhat misleading. Indeed, the increased monitoring resulting from many of the new governmental measures risks turning the authorities into an even more powerful Big Brother than before.
Modernisation of the Belgian Data Protection Act versus need for robust harmonised EU privacy laws
The coalition agreement states (in a rather non-committal fashion) that, 'where necessary', the Belgian Data Protection Act will be modernised. In the absence of further detail, it currently remains unclear what this will mean in practice. It is unfortunate however to note that the new government states that as a rule, data processing should rely on informed consent. If the Belgian Data Protection Act were to be modified to reflect this, it would make businesses' life more difficult without really improving the level of protection of data subjects. Some may fear that it would only increase the so-called 'consent fatigue'.
More generally, one could ask why the government has chosen to update the Belgian Data Protection Act when the Data Protection Regulation on its way. While the coalition agreement still expressly states the need for solid harmonised EU privacy laws, it makes you wonder whether the new government is of the opinion that the Data Protection Regulation will not be adopted anywhere soon or even at all?
Privacy Commission will be reformed
The Belgian data protection authority also known as Privacy Commission, will be reformed by increasing the independence of its members, especially in the light of the new e-government initiatives that will be implemented. The coalition agreement remains silent as to whether the Privacy Commission will also be vested with fining powers. It does refer to the fact that appropriate sanctions must be applied in cases of infringement of data protection laws. This might suggest that in addition to the criminal sanctions, which are currently hardly ever applied, administrative sanctions will be adopted. In this context, it should be noted that the Privacy Commission itself requested for such powers earlier this year. We would therefore not be surprised if the Privacy Commission is granted more robust enforcement powers.
Cyber security high on the agenda
Since the Snowden revelations, cyber security remains high on the agenda in Belgium. The issues faced in resolving the cyber attack on Belgium's incumbent and majority state-owned Telco - Belgacom and the hacking of the Ministry of Foreign Affairs' systems demonstrated how Belgium was relatively unprepared for this type of situation. It therefore comes as no surprise that the new government will be investing in the recently created Belgian Centre for Cyber Security. This centre will act as a coordinator and must provide advice to public authorities and take initiatives to help protect businesses and the general public. This is considered absolutely essential when it comes to increasing trust in the 'digital society' and allowing Belgium to play a leading role in terms of e-government, digital society and the internet of things.
The increased focus on privacy and data protection is of course to be applauded. The real question remains however whether this coalition agreement will result in any real, tangible improvements, or whether it is simply window-dressing. Much will depend on the priority given to these topics by the secretary of state, who is also in charge of Social Fraud and the North Sea and how he will translate these high-level principles into actual legal texts.
In this context it is noteworthy that a roundtable is going to be organised with all stakeholders to refine and apply the high-level principles of the coalition agreement. We will report back on this as soon as more details become available.
Sign up to our email digest