On 2 June 2016, the Belgian Secretary of State responsible for privacy matters, Philippe De Backer (the "Secretary of State"), presented a policy note which sets out his plans in the area of privacy/data protection (the "Note"). Mr. De Backer replaces Bart Tommelein as Secretary of State after the latter was appointed to become Minister of Budget, Finance and Energy in the Flemish government. The Note builds on the policy note presented by Bart Tommelein in 2015 (See VBB on Belgian Business Law, Volume 2015, No. 11, p. 9, available at www.vbb.com ).
The Note's main areas of focus include: (i) the reform of the Belgian data protection rules against the backdrop of the recently adopted European Data Protection Regulation; (ii) personal data and public security; (iii) personal data held by public authorities; (iv) open data and big data; (v) privacy in the new media; and (vi) the security of personal data.
(i) Reform of Belgian Data Protection Rules
The Note first discusses the recent adoption of the EU General Data Protection Regulation (the "GDPR"). The Secretary of State intends to make use of the two year transitional period foreseen by the GDPR for its entry into force to guide firms in seizing the opportunities that will arise from the GDPR and complying with the new data protection rules. This guidance will be provided through the consultation platform on privacy, which is composed of representatives of the sector federations and civil society.
In order to achieve the objectives of transparency and accountability set forth in the GDPR, the Secretary of State intends to take concrete initiatives such as the creation of a 'passport for privacy'. The aim of such a passport would be to enable citizens to know in which databases their data is stored and how their data is being processed.
Finally, as announced last year, the Secretary of State will introduce a bill to reform the Commission for the Protection of Privacy (Commissie voor de bescherming van de persoonlijke levenssfeer/ Commission de la protection de la vie privée – the "Privacy Commission"). The Secretary of State plans to introduce administrative penalties that can be imposed by the Privacy Commission, strengthen the independence of the Privacy Commission's members and reduce administrative burdens.
(ii) Personal Data and Public Security
Second, the Secretary of State will strive for a security policy that respects citizens' privacy and will ensure that the security measures adopted by the government comply with national and international standards of respect for private life.
(iii) Personal Data Held by Public Authorities
Third, as regards personal data held by public authorities, the Note underlines that transparency towards citizens concerning the use of their data by public authorities will be a policy priority in the upcoming year. In this regard, an emphasis will be put on anonymisation of data and the granting of authorisations by the Privacy Commission. While reforming the latter, the Secretary of State will examine the possibility of moving from the current ad hoc approach requiring, for each application, an authorisation from the competent sectorial committee of the Privacy Commission, to a more systematic approach.
Regarding E-health, the Note mentions that the evolution towards a more computerised healthcare system (electronic medical record, deletion of the medical certificate) will take place in close consultation with the Belgian Minister of Health and the Minister for the Digital Agenda.
(iv) Open Data and Big Data
Fourth, regarding private data, the Note mentions that societal and economic opportunities could result from "open data" and "big data". "Open data" refers to the idea that specific data, such as geographical data, meteorological data and data from publicly funded research projects, should be freely available for use and re-use. "Big data" refers to large amounts of various data produced at a high pace from a large number of sources.
By way of example, the Note indicates that public data in the healthcare field could contribute to pharmaceutical innovations, whilst private R&D data could bolster healthcare and prevention policies. Again, the Secretary of State will try and exploit these opportunities while ensuring a high level of data protection. This should be achieved by the use of anonymised data and by "privacy by design" which refers to the integration of privacy safeguards into software systems and organisational structures during their development.
Furthermore, in order to help enterprises respect privacy, good practices will continue to be exchanged through the consultation platform on privacy, and on that basis, the government will establish a checklist for companies to enhance data protection.
(v) New Media
Fifth, the Note mentions that the involvement of today's youth in digital media and their active participation in the information society is an opportunity to hold a discussion on privacy at several levels. One key question in this regard is how to maximise the potential and benefits of technological developments, both for the individual and for governments and enterprises. At the same time, the risks of abuse should be minimised. The case-law of the European Court of Human Rights and the Court of Justice of the EU must offer guidance.
(vi) Security of Personal Data
Finally, as previously announced, in order to increase the security of personal data, a Bill on preventive and protective measures against data breaches will be introduced in 2016. The Secretary of State also intends to consult stakeholders on the possibilities of creating a certification mechanism for data protection compliance. Such a certificate is promoted under the GDPR as a means to demonstrate that a specific company has implemented, and complies with, specified privacy practices.
In addition, the Secretary of State wishes to launch a pilot project on the use of blockchain technologies in the public sector. Blockchain technology, which is the technology underlying the Bitcoin currency, uses a network effect to enhance security.
Dutch and French versions of the Note can be found here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.