- Jan Vanbeckevoort - Griet Verfaillie
- Privacy Commission , privacy infringement , personal data , database , 95/46/EG
News
On 8 June 2015 the State Secretary responsible for privacy Bart Tommelein (Open VLD) stated in a
press release that he intends to submit a draft act in the autumn to the Belgian House of
representatives. This draft act intends to provide the national Privacy Commission with more powers
to act against companies that violate the privacy rights of their customers.
1. High fines for companies that violate the privacy of their customers?
Numerous companies regularly, often unaware due to a lack of legal knowledge, commit privacy
infringements when using personal data for commercial purposes.
The proposed draft act would give the Privacy Commission the authority to impose administrative
fines up to € 810,000 per infringement. The amount of the fine will be determined based on multiple
criteria, including the annual turnover of the company.
Not only international players, but also SME’s, banks or private persons would fall under the
draft act.
Every person or company, that makes unlawful use of personal data from customers or users in
databases, risks the imposition of a fine.
Unless in case of a serious breach, the Privacy Commission will first give a Recommendation so that
those who violate the law have the opportunity to regularise themselves.
2.
Not waiting for the EU, however in line with EU developments
With this announcement from the State Secretary, the EU is caught in speed.
At the European level, a reform initiative to replace the current Privacy Directive 95/46/EC for
the now 28 EU Member States was already introduced in January 2012.
This resulted on 15 June 2015, after three and a half years of preparatory work, in a political
agreement by the Council (and its 28 Member States) for the adoption of a General Data Protection
Regulation.
The proposed Regulation, which shall be binding for all 28 Member States, includes provisions that
will provide better tools to enforce compliance with data protection regulation. For example,
there’s the possibility to obtain compensation if a company abuses personal data. Next, the
Regulation provides that national supervisory authorities (in Belgium the Privacy Commission) will
be able to impose a fine of up to € 1 million or 2 % of the global annual turnover of the company.
This political agreement now forms the basis to begin negotiations planned on 24 June 2015 with the
European Parliament and the European Commission. The coming into force of this new Regulation is
not expected earlier than eighteen months.
State Secretary Tommelein, representing Belgium during the negotiations at the European level,
wants to act proactively and in line with EU developments without waiting for the entry into force
of the new Regulation. By introducing a draft act, his aim is to maintain the pressure on the
negotiations at the EU Level.
Statements in the aftermath of the Council gathering on 15 June 2015 indicate that State Secretary
Tommelein seeks to advance at least in the Benelux, in consultation with its Luxembourg and Dutch
fellow ministers Félix Braz and Klaas Dijkhof, the alignment of legislation, in particular the
imposition of administrative fines.
To be continued....
