Belgium’s new government sets privacy high on the political agenda, appointing minister of privacy

After several months of negotiations, finally a new governmental coalition has been formed in Belgium. It may come as a surprise, but the new government has paid particular attention to privacy related issues in its coalition agreement. Will this set a new trend?

A “Minister” for Privacy

It was announced earlier this week that Belgium will have for the first time in history a member of the cabinet dedicated to privacy. The Flemish liberal Bart Tommelein will be the Secretary of State (i.e. a member of the cabinet assigned to a Minister) responsible for privacy matters.

The Secretary of State’s other competences include combating social fraud, an activity which typically benefits from extensive use of personal data. A few years ago, Mr. Tommelein noted on his website that water, gas and electricity usage data should be used to track domicile fraud, by combining such data with identity information of social housing residents. Systematic flux of such data would enable frauds to be identified faster and more efficiently. Mr. Tommelein noted: “I know that some parties are reluctant to accept this proposal because of privacy concerns, but this is unfounded” and continued to note that any such system would be implemented “with all respect for privacy“.

Given that Mr. Tommelein’s competences will now cover both combating social fraud and privacy, it will be interesting to see how he will reconcile the (potential) privacy invasive nature of his combat against social fraud with his duty to protect privacy.

We also note that – apart from privacy issues related with combating social fraud – Mr. Tommelein has spoken up for increased protection of privacy on several occasions in the past. Examples include violations of smartphone users’ privacy and excessive tracking of social media users.

Strengthening Belgian Privacy framework

The new government has drafted a coalition agreement setting out the principles on the basis of which the coalition parties have agreed to form a government and govern in the next 5 years. An important part of the agreement deals with the government’s intended privacy related policy actions:

  • Informed consent as basic principle - The new government is of the opinion that the rising digitization of our society may negatively impact the privacy rights of its citizens, which is considered a fundamental right. Therefore, the intention is to reform the current legal framework and focus on the principle of informed consent for collecting personal data.
  • Harmonised EU framework leaving room for flexibility - The new government will advocate for a strongly harmonised European policy in relation to privacy and data protection. However, it considers that Member States must be given the possibility to provide for an increased level of protection in relation to health, social security and government matters.
  • Optimise use of data with respect for privacy – The coalition partners recognize that intelligent use of data can foster progress and security. They note that privacy protection is essential in a context of open data and systematic use of anonymised information. Companies and governments must be transparent as to which information they collect and how such information is used.
  • Security prevents unauthorised access – The coalition agreement emphasizes that security measures such as encryption must be used to prevent that anyone has unreasonable access to personal information about an individual by combining various databases and information flows.
  • Reinforcement of data subject rights – The new government re-confirms the importance of data subject rights already embedded in today’s privacy laws, and indicates for example that information on use of data must be accessible and understandable, that only necessary data may be collected and that data must be adequately secured.

The coalition agreement also introduces new data subject rights which are not yet included in Belgian laws, and seems to nuance existing privacy principles. Data subjects are granted the right of data portability. Data must be destroyed after a “reasonable term”, and data may only be used in the same “context” as the context in which they were disclosed by the data subject (rather than used for the same purpose).

  • Stakeholder involvement - The coalition partners announce that they will not unilaterally revise existing privacy principles, but involve governments as well as companies and individuals to refine and apply the above principles.
  • Reform of the data protection authority - The Belgian Privacy Commission will be reformed to assure privacy is and remains protected at the highest level.

A look into the future It will be important for both Belgian and international companies to monitor the actions of both the Belgian legislator and the Secretary of State for privacy in the (near) future. Indeed, even though Belgium is (territorially) a small country, it is an important hub for many international companies.

The privacy principles included in the coalition agreement and the appointment of a specific Secretary of State for privacy seem to indicate that the new government intends to play a very active role in legislating privacy laws. It remains to be seen if they will take action on a Belgian level on a short term, or if they will focus their efforts on the reform of European rules.

In any case, the new Belgian government demonstrates that privacy is no longer an afterthought and a key priority for the future.