Proposition 54K2648

Projet de loi portant création de l'Autorité de protection des données.

General information ¶

Submitted by

MR Swedish coalition

Submission date

Aug. 23, 2017

Official page

Visit

Status

Adopted

Requirement

Simple

Subjects

EC Directive protection of privacy data protection data-processing law

Voting ¶

Voted to adopt

Groen CD&V Vooruit Ecolo LE PS | SP Open Vld N-VA LDD MR PP

Abstained from voting

∉ PVDA | PTB VB

Contact form ¶

Do you have a question or request regarding this proposition? Select the most appropriate option for your request and I will get back to you shortly.

Discussion ¶

Nov. 16, 2017 | Plenary session (Chamber of representatives)

Full source

Mr. Speaker, I have prepared a very comprehensive report, but given the advanced hour, I will limit myself to a reference to the written report.

In view of the advanced hour, my speech will also be brief.

As you already know, the reform of the Privacy Commission is something our group has been asking for a very long time. We have already submitted a bill on this subject and some issues have been included in the government agreement at the initiative of our party. I am therefore very satisfied with the present bill, which has been extensively discussed and amended in the committee.

I will not repeat the committee discussion, but I would like to emphasize two important points.

First and foremost, we are very satisfied with the clear organizational structure where the independence of the responsible is a strict requirement. In the new Data Protection Authority, the function of official will now be a full-time job. We demand real independence from officials. They shall not exercise any other mandate in private organizations or public organizations. This is a very important reason for us to welcome this reform.

The new Data Protection Authority will have the right to effectively enforce compliance with the GDPR, with penalties up to 10% of turnover. This is not a cat’s bite, would a former news reader say. Nevertheless, the new GBA can and will not be a privacy policy for us. Imposing sanctions forms the closing block, only after all resources have been exhausted. It is absolutely impossible for us to organize a free witch hunt on companies.

This, by the way, is reflected in the structure of the new GBA, with separate components for the various assigned tasks. Indeed, there is the possibility, and even encouragement, of mutual exchange and cooperation, but the components do indeed each have their final responsible, and to our satisfaction also key performance indicators, on which this authority will be deducted. The KPI will need to emphasize the importance of all its tasks.

The new Privacy Commission will first and foremost have to inform, advise and guide, better than today, as shown from the hearings. Only then will it be inspected and sanctioned. The companies concerned and other data processors should be properly assisted in compliance with the privacy rules. Preventing violations is better than punishing.

For those reasons, namely the solid reform, the attention to the tasks of the new Privacy Committee and the independence as a key element, our group, even at this late hour, with great pleasure gives its approval to the current bill.

Mr. Speaker, my group – stakhanovist if any – asked me to intervene long. I will do what I can. I do this with pleasure because it is an important bill. Privacy protection is ⁇ one of the most underestimated issues of the digital age. Unlike conventional crimes and crimes, breaches of privacy, the illegal exploitation of our personal data seem painless. The right to privacy is important! It is the right to live his life as it seems to us, without having accounts to pay, without having to justify himself to anyone. It is the freedom to be what we want without questioning our place in society. The role of the State is therefore to sanctify this space of freedom so that each and every one can define themselves there without the pressure of any moral, religious or professional authority.

However, the situation is far from ideal. We are watched and traced. Our choices are analyzed, sold, denounced, used at our expense, on a daily basis. At a time when everything is connected, from the watch to the car through the boiler, identifying those who collect and process personal data is extremely difficult.

In any case, expecting the citizen to conduct a crusade against multinational companies alone to protect their personal data is totally illusory. That is why we need a public authority to ensure the role of guardian of personal data. So I want to thank Mr. Secretary of State, his team, his administration, for coming up with a really very important project; I also want to thank the experts heard in the committee and who have been working on the subject for years.

The Privacy Protection Authority, in addition to its usual tasks, will now be able to intervene on the basis of a complaint. We will be able to reprimand, give punishments, fines, denounce the prosecutor’s office ... All this is very good!

Is the project perfect? and no. Because while it’s nice to create an authority to protect people’s privacy from the digital giants, it’s even better to give them the means to do so.

The new authority will have additional tasks and yet, not a single euro more! We will have investigators on the ground, who will analyze masses of data, who will have to organize somehow a trial with respect for the rights of defence, not one euro more! The budget has not moved since 1992.

When the Privacy Protection Commission was created, remember, the internet was at its peak. There were no smartphones. Every information must be encoded manually. Twenty-five years later, we are in the age of big data. Internet is everywhere. Billions of data are collected every second and automatically processed by algorithms that record our habits. This explosion of data numbers goes hand in hand with an explosion of harvests and illegal processing, however, not an extra euro to the new authority!

I really regret it. Amendments have been submitted on the subject to raise funds not from the state budget by the way, but to raise funds from those and those who use and who pose the problems I just mentioned. This was not retained. We will discuss this in the budget.

For the rest, 67 amendments were accepted. I would like to thank all the members of the committee. There were four promises. I call them back quickly so that we can see if you are going to accomplish them.

1 of 1. Adapt the law on the body of control of police information that does not comply with the prescriptions of the European regulation. There are a lot of police databases, we know. What will be done in particular to comply with the European prescription?

2 of 2. The clarification of procedures to avoid micmacs and jurisprudence in all directions.

3 of 3. Adaptation of the appeal path. Going before the Court of Markets may not be the ideal situation. We have agreed on this in the committee.

4 of 4. I do not forget that you announced a bill to end the deductibility of administrative fines. It would still be crazy if one decided to impose a fine on Facebook, for example, and that this company could deduct it taxally. This makes no sense! This would be unacceptable, given that we are not already paying enough taxes. The government promises us a plan to remedy this, and that is so much better.

Alongside these promises, a significant progress should be noted in the appointment procedure of the management committee. In fact, we have moved from an opac process, politized and tele-guided by the executive to a transparent, open and controlled method from end to end by the parliament. Bravo to! So much better.

I have seen a lot of developments. That is why this project inspires us positively. I may have one last regret. In fact, this text does not allow associations to act directly with the future data protection authority. Given the technical nature of the matter, however, they are the best armed to take care of these cases.

Mr. Speaker, Mr. Minister, Mr. Secretary of State, dear colleagues, in view of the positive work that has been done in the committee and due to the listening we have had, my group will vote in favour of this bill. I conclude . Like the expert, Mrs. Élise Degrave, we hope that this project will combine technological development and respect for civil liberties.

Mr. Speaker, Mr. Secretary of State, Dear colleagues, the bill proposed to us today is the result of a long process of reflection and consultation aimed at reforming the Privacy Protection Commission to confer on it the status of a truly modern data protection authority, with a power of control and sanction, but also of advice and support.

This project responds to the technological revolution we are witnessing and literally transforms the production of data and our relationship to it.

I would like, as Ms. Onkelinx just did, to greet once again the work of the Secretary of State and his team, and the constructive spirit that animated the work in committees. It was recalled that 67 amendments had been discussed and accepted during these discussions. This gives even more strength to this bill. We have had very interesting hearings in this committee that have resulted in these amendments.

This draft law follows the lines of the GDPR – the General Data Protection Regulation –; it takes into account the necessary independence of the supervisory authority and the application of the principle of good governance within it. Clear procedure, effective control: accumulations and conflicts of interest are settled.

This draft law harmonises the protection of individuals and the obligations of controllers and processors in all Member States. It also balances the rights and obligations of public and private actors. This project also emphasizes the autonomy and accountability of the bodies responsible for giving a scalable and personal character by providing a framework for conformity assessment and by strengthening external control. It ensures fairness and proportionality in the implementation of sanctions, providing for an evolving arsenal of appropriate sanctions. Pre-accompanying is planned, as is awareness raising.

Finally, this bill organizes the conditions allowing the data control authority to follow and accompany social, economic and technological developments with the creation of a think tank and a knowledge center.

It is therefore with confidence and optimism that we will engage with you, Mr. Secretary of State, to ensure that our country and our parliament are at the forefront of data protection at the European level.

Mr. Speaker, Mr. Secretary of State, colleagues, the establishment of the new Data Protection Authority was seriously and respectfully debated in the Justice Committee. Hearing was held and various amendments were submitted. The result is a bill supported by the majority and opposition.

Three things were very important for our group. First, that Parliament could play its full role in the appointment procedure, second, an adequate appeal body against the decisions of the Data Protection Authority and, third, the tax non-revocability of administrative fines.

On all these points our objections and amendments have been taken into account and therefore my group will approve this bill.

I have not registered any other speakers. They were just statements of support.

Mr. Secretary of State, you have the word.

Mr. Speaker, I would like to thank the Parliament for the very constructive way in which the bill was handled.

The additions and amendments that we have been able to discuss in the committee have enriched the bill. I think the proposal presented here realises the professionalization of that Data Protection Authority. It is a modern Data Protection Authority that can function in full independence and will also provide a lot of transparency to the various companies and organizations.

Furthermore, it also has the necessary elements in the field of competences to take the appropriate measures both in terms of awareness, as well as guidance and control.

Colleagues, I am confident that this Parliament, where the final decision lies to shape the financing of the new Data Protection Authority, will provide all the necessary means to fully protect the privacy of our citizens.