Greetings from Brussels!
Belgian privacy matters have been in the media spotlight here this week. The Belgian government is set to introduce legislation that would see companies fined up to 810,000 euros (910,100 U.S. dollars) for privacy violations, as reported by the national newspaper De Morgen on Monday. The law may be in front of Parliament by autumn. The Netherlands is also working on a similar law, which would come into force on 1 January, and would carry the same fine.
Of course, EU governments are currently negotiating the framework for the GDPR to be introduced as a deterrent for companies from abusing the personal data of users for commercial purposes. But Secretary of State for Privacy Bart Tommelein, tasked with federal privacy issues, stated that Belgium will not wait for the EU to bring in its law, opting instead to go ahead with its own measures. According to Tommelein, the law will enable the Privacy Commission to act as a “regulator which can impose administrative fines.” This is currently not the case in Belgium; Belgian law does allow for criminal prosecutions for breaches of data protection laws, but they are rarely carried out.
“We are already prepared for the European regulation, we are stronger and we will keep up the pressure. I want this to deliver a clear message. Privacy has become so important, we must show that it is serious,” Tommelein said, quoted in De Morgen. He told the Belgian VRT News broadcaster: "If businesses do not respect privacy, and use unlawful methods, Belgium's Privacy Commission will first have to sound an alert. If companies don't take any heed, fines will then be on the cards." Tommelein drew a parallel with the media and energy sectors: "Here (in Belgium) independent regulators can establish violations and following a warning, administrative fines can be imposed."
The secretary also stated that consultations should first be held with the government, Parliament and members of the entrepreneurial field. The rules and levels of fines would be aligned with The Netherlands, he indicated. “We are not in the business of imposing large fines on small companies, but the fines must simply be sufficiently high to scare the big fish,” he said.
Clearly The Netherlands and Belgium are shaking up their privacy regulatory regimes; such clear messages should to be heeded by businesses. Combined with EU momentum, which appears ready to deliver the long-awaited GDPR, there should be sufficient stimulus for businesses to get their house in order if need be. Having lived and worked in Belgium for many a year, I have no doubt that the Belgian government will follow through actively on its plans. As a former Belgian captain of industry once told me: In Belgium compliance is key; ignore it at your peril.
If you want to comment on this post, you need to login.