54K3126 | Demobel

Projet de loi relatif à la protection des personnes physiques à l'égard des traitements de données à caractère personnel.

General information ¶

Submitted by: MR Swedish coalition
Submission date: June 11, 2018
Official page: Visit
Status: Adopted
Requirement: Simple
Subjects: EC Directive protection of privacy data protection data processing secret service public safety personal data

Voting ¶

Voted to adopt: Groen CD&V Ecolo Open Vld N-VA MR
Abstained from voting: Vooruit LE PS | SP DéFI ∉ PVDA | PTB PP VB

Party dissidents ¶

Olivier Maingain (MR) abstained from voting.

Contact form ¶

Do you have a question or request regarding this proposition? Select the most appropriate option for your request and I will get back to you shortly.

I'd like you to validate the translations on this page.
I'd like you to add the missing translations on this page.
There is an error in the information on this page.
I have another question or remark that's not listed here.

Your e-mail address
Bot check: Enter the name of any Belgian province in one of the three Belgian languages:
Province

Discussion ¶

July 18, 2018 | Plenary session (Chamber of representatives)

Full source

President Siegfried Bracke ⚙

Mr Peter Dedecker and Mr Gilles Foret, rapporteurs, refer to the written report.

Ahmed Laaouej PS | SP ⚙

Mr. Speaker, Mr. Secretary of State, the European regulation that you amend in this framework law and which protects privacy and personal data against any treatment that attacks freedoms has been welcomed by international criticism. And for this reason, we are at the time of the Internet networks, at the time when the data concerning us is stored, classified, processed, sold, exchanged, without our knowledge or, in any case, without our consent. We are exposed, without knowing it, except when a ⁇ abusive use comes to put a grain of sand into the mechanics of our lives.

Heated scandals have moved the general public, such as the use of files for electoral or commercial purposes. This is why the European Parliament has insisted on saying that data processing must be designed to serve humanity. Neither more nor less. That is why we found it necessary to impose a real debate in committee on the framework law. The urgent request from you seemed to us indecent and unacceptable.

The project was discussed before its filing with a few stakeholders, then it was obviously the subject of dubious negotiations within the government. We would have liked it to pass to Parliament like a letter to the post office. This is obviously something we regret.

Moreover, we did well to take a little time, since the expert hearing helped to improve a text widely challenged by the State Council and the Privacy Protection Commission. And then, with the force of insisting and arguing, some of our amendments were able to force the door of the majority, such as the very important organizing a way of appeal against the decisions of the COC, body of control of the police.

I am not going to do the technical debate here. It has already occurred. But I know that the report of the work will allow many associations, experts and lawyers to unravel the lines of this so complex law. And this is a fundamental criticism: the complexity of your project.

The “strikes” within the government have led to protecting the citizen not by a data protection agency, which would be a real counter-power, but by an assembly of data protection agencies: four for the federal and one in each federal entity, which does a lot, Mr. Secretary of State.

Another criticism: the absence of sanctions for administrative authorities. It is simply incredible. There is an impressive number of data that is processed by public authorities, sometimes despite common sense or disregard for privacy protection. And there are no sanctions. As the emeritus professor of philosophy of law at the University of Liège, Lucien François, said: "No right, no protection."

Let us quote, as an example, the filing of children in schools annexed to mosques, which defrauded the chronicle! When we questioned the Minister of the Interior with the compatibility of this file with the project, the answer was surreal: "This does not exist," he said! It was necessary to insist that an expert from the cabinet of Minister Geens came to provide some explanations. It is certain that this is the kind of example that should be submitted to the Data Protection Agency. In any case, I repeat, there is no punishment.

Here are two examples of criticism that we developed in commission! I would like to congratulate you on the work done, Mr. Secretary of State, as well as your team and your administration. You have not spared your punishment, it is a fact! Citizens are currently in distrust, it must be remembered. More than 80% of them fear theft or even theft of their data. It should be remembered that giants like Facebook were stolen, a few years ago, no less than a billion data by cyber attacks, shaking in addition entire branches of our economies. Citizens are stigmatized in terms of reputation, see their lives crushed by unlawful processing of personal data without any verification or contextualization.

Despite the weaknesses of the system set up and because the game is worth the candle, we will not vote against this important project, but you will have understood the reserves we issue.

Gilles Foret MR ⚙

The draft law on the protection of natural persons with regard to the processing of personal data is part of the continuity of the GDPR, the European Directive 2016/680 and the law on the creation of the data protection authority, voted here last November.

The 867 pages of the bill and the numerous amendments illustrate the complexity and technical nature of the data universe, in which we evolve without always realizing it, and which affects all sectors of activity, both private and public.

Developments, or even technological revolutions, have literally transformed the production of data and our relationship with it in recent years; the steady pace in which data drives us requires permanent and appropriate legislative and organizational responses.

This bill provides for the organization of data protection in the police/justice sphere. It also provides for the framework and protection of consent of minors from the age of 13. It also provides for the special protection of data in the context of the scientific research of archives and statistics, a special regime necessary to ensure the development of innovation and technologies, but also to ensure that they do not find themselves in a situation of technological dependence on other States that do not have the same scruples in data protection.

While we can legitimately regret the multiplicity of data protection authorities, justified however by the specialization of each of them, we, as members of the House of Representatives and guardianship authority, have an essential responsibility to ensure the legibility and effectiveness of these authorities in the future, in order to protect the fundamental rights of our citizens.

While it may seem unbalanced that the private and public sectors are not put on an equal footing in terms of sanctions, it should not be forgotten that the supervisory authorities are far from vulnerable to possible malfunctions or abuses by the public sector. They may impose corrective measures. They may prohibit processing, modify processing, delete databases or impose organizational measures.

It was, on the other hand, essential that the possibilities for sanctions be the same for similar activities offered by the public and private sectors. Amendments have been submitted in this direction.

This bill therefore constitutes a new step that must contribute to ensuring that our country is at the forefront of data protection and a leader in responsible data production and exploitation.

I would like, like Mr. Laaouej, to thank all those who contributed to the elaboration of this complex legislation. I would also like to welcome the constructive spirit that led to the discussions in committees, in particular with Ms. Onkelinx. There were many hearings. These discussions resulted in numerous amendments that evolved this 867-page bill. In any case, the document I see on the puppet of the Secretary of State represents a beautiful mass!

However, the work is not finished. It will now be necessary to ensure the proper implementation of these provisions. I believe that the Parliament, as the supervisory authority over the data protection authorities, will play a decisive role.

As chairman of the Scientific and Technological Advisory Committee, I would like to take this opportunity, Mr. Speaker, to propose a review of the functioning of this committee which, I think, will play an important role in the implementation of this complex and technical legislation in the future.

Benoît Hellings Ecolo ⚙

Mr. Speaker, I would like to say that the atmosphere at the committee meeting was extremely constructive, productive and effective. As much as I had some reluctance at the beginning of the bill which, as some colleagues have already said, is very long and very complex, so, at the end of this democratic process, I am reassured. Of course, this topic is complex. We would have preferred a single instance, namely the Data Protection Authority, as an appeal instance for citizens who would see their privacy challenged by a company, by a private actor, by state actors. You have made that choice. Thanks to the hearings we have heard, thanks to the exchanges held with the four ministers concerned, including you, Mr. Secretary of State, I am reassured. The various amendments submitted by the majority or the opposition, sometimes by the majority and the opposition together, are able to show that we can build a path, though complex, but that implements an important settlement.

Two people are at the base of this European movement, Jan Philipp Albrecht, German Green MEP, and Neelie Kroes, the former Commissioner; these are people you know well for having frequented them in the European Parliament. In the bottom, we are completing their work nationally with your framework bill, Mr. De Backer.

I will not go back on the bottom because you have answered all the questions in the committee meeting.

We will vote for the bill. However, one problem remains in this project which we have known to exist during our discussions at committee meetings and for which you are not politically responsible, Mr. Secretary of State. We held a discussion, yesterday, in the plenary session on these banks on the related bill establishing a Sectorial Committee Social Security, the only sectorial committee that will remain. Mrs Gerkens also talked about this. I was lucky to read the email exchanges between the European Commission and the office of Mrs De Block, Minister of Health, regarding the compatibility between the establishment of a single Sectorial Committee on Social Security and the General Data Protection Regulation.

On the occasion of this parliamentary debate, I would like to read the phrases that were exchanged in February 2018 and which clearly show that, as much as you had an acute awareness of a strict application of the principles of the General Data Protection Regulation, so in her particular law, which should have been discussed at the same time, Mrs De Block ignored, I dare to say, under the pressure of Mr Robben, the warnings of the European Commission.

Let us not forget that Mrs. De Block’s law – it’s not yours, Mr. De Backer – could be challenged by the European Commission, since there was this email exchange. I return the e-mail dated 13 February 2018 at 12h24 and sent by the European Commission to Mrs De Block’s office, with Mr Robben in copy. The European Commission responds in English: "Therefore we are not in a position to confirm that such approach will be in compliance with the GDPR."

And it’s worse than that since, a few days later, Ms. De Block’s cabinet chief responds himself by saying that he takes good note of the fact that the European Commission cannot confirm that the proposed solution, namely sector committees, is in accordance with the GDPR.

It is extremely damaging to see that you have worked to put all state agencies around the table, including those that manipulate ultra-sensitive data such as the State Security, the PNR instance within the SPF Foreign Affairs, the military intelligence services, the police, and that you have managed to find a method, although complex, but which ensures that all Belgian citizens, with regard to personal data that is manipulated by these police and security instances, can find a remedy. In the case of social security, this will not be possible. A parachute, namely this sector-specific committee, emerged in a law that was hidden in a Social Affairs committee and was hidden from specialists in that Parliament responsible for privacy.

I know that you are not responsible. I congratulate you on the work done. But I regret with you the political inability you had to convince your party colleague, Ms. De Block, to adopt the same attitude as you.

Staatssecretaris Philippe De Backer ⚙

My lord of voorzitter, we have a whole path underway. We have therefore not only spoken over supranational legislation, of so-called GDPR of AVG, but we have also one other richtlijn over de police- en veiligheidsdiensten geïmplementeerd, samen met something wat buiten het toepassingsgebied van de Europese Unie valt.

We have chosen a draft law that is a complete draft. The fragmentation of the new European legislation is once again becoming a whole. It is therefore not only about implementing and implementing a regulation within a national framework but also about providing a framework for police, intelligence and security services in the exercise of their functions. This is a comprehensive project.

It is very clear that both in the first and second reading we have held a thorough debate on the different facets of the different legislation. This has already been shown in the discussion in the plenary session.

We had a hearing and a very open discussion with the various ministers and myself about this European and international legislation. On the basis of this, several amendments were submitted which we openly discussed and looked at how the draft law could be improved.

The main concerns are indeed the appeal, for example to the COC, but also the clarity that no other authority would be given control powers beyond the obligations of the Regulation.

This is also what I would like to answer to Mr. Hellings. This made it clear that the role of those security committees is limited to the additional control and checks prior to the data exchange, neither more nor less. We do exactly what the European Commission asks of us.

I thank the various colleagues who have been very open and transparent during the debates and who have tried to improve the draft law in an intellectually honest way. We were open to that.

I think that this Framework Act makes it very clear that both with the Directive and the European Regulation on Privacy for our citizens we anticipate huge steps to better protect their data in public and private hands and give them more control over it, which is ultimately the goal of the European and ⁇ also of the Belgian parliamentarians and governments.