Secretary of State Mathieu Michel has asked Beltug to provide its input on the Belgian privacy law and overall implementation of the GDPR. The Beltug Privacy Council has prepared a detailed response, which can be read here (Dutch only).
In the Position, Beltug calls for:
- Clarity on the Belgian law: the law of 30 July 2018 is difficult to read, and the deviations from the GDPR text are not always clear. An overview of deviations and/or additions in the Belgian law, with a reference to the corresponding articles of the GDPR text, would provide clarity.
- A stronger, pragmatic APD/GBA: the privacy regulations have created tension between the many possible interpretations on the one hand, and the actual implementations on the other. The Belgian APD/GBA is a small organisation with limited resources, creating several problems in practice. For example, response times are unpredictable and often too long. Yet the companies using the APD/GBA are those that take the GDPR to heart. Yet they are left groping in the dark, and run the risk of complaints, investigations or fines.
We would like the APD/GBA to enter into discussions with companies, in order to draw up guidelines based on the questions and difficulties. There is a real need for concrete recommendations. This could lead to important economies of scale and greater certainty, as each company will not need to interpret the texts itself.
- Clarity on the international level: the European Court of Justice in Luxembourg, among others, issues judgments on data protection. The impact of these judgments can be far-reaching. For example, the Schrems II judgment of 16 July 2020 has created a vacuum. In addition to the information published on the website, the APD/GBA could play a more significant role in this context, by indicating how companies can bridge the transition period - until there is another international solution.
- General feedback on most major breaches and actions to be taken
- Concrete advice on privacy: our daily contacts with business users clearly show there remain many questions about privacy, and this will only increase. Concrete advice can avoid each organisation constantly ‘reinventing the wheel’, by finding their own solutions for similar problems.
All companies are involved in the digital transformation, and data processing is central to this. They need advice from the DPA regarding the integration of data protection with
- Information security (for example, integration of certain advice from the Cyber for Security Centre Belgium is welcome)
- Data management (AI & Analytics)
- The APD/GBA can be an ally to companies and government agencies: There is an important role to play, which goes much further than issuing fines and providing advice on legislation. In this way, the APD/GBA could support the economy by providing concrete answers to a number of pressing questions regarding digitisation.