Privacy and Data Protection
We are not always aware of our personal data being processed, but these processing operations play an important part in our everyday lives: in public administration as well as in healthcare, social security, telecommunication, financial services and direct marketing. Personal data include: a person’s name, a picture, a phone number (even a professional number), a code, a bank account number, an e-mail address, a fingerprint, …
The term “Privacy” covers multiple loads. In colloquial language, it usually refers to the protection of privacy. Its meaning where it mostly comes to the fore in public and political debates is related to the regulations for the protection of privacy in relation to the processing of personal data. In our country, this is regulated by the law of 30 July 2018 (the “Privacy Act”). At the European level, the GDPR applies. At the international level, there are, among other things, OECD guidelines, ISO standards and United Nations resolutions.
“Personal data” means all data relating to a person that is or can be directly or indirectly identified. It can be the name of the person in question, an image, a telephone number, even a (direct) telephone number at work, a code, a bank account number, an e-mail address, a fingerprint, … The privacy regulations provide for a specific protection if these data are processed. The term “processing” is broad and includes the storage of these data, copying, modification, deletion, transmission, etc.
It covers not only data relating to the privacy (private life) of individuals, but also data relating to a person’s professional or public life.
Account is only taken of data relating to a natural (physical) person and not of data relating to a legal person or an association (civil or commercial company or non-profit association).
Privacy and compliance with privacy legislation is a “hot topic”. The practices followed by social media (cf. the discussion on the conditions of use of Facebook) and search engines (cf. the proceedings against Google and the ‘right to be forgotten’) have prompted the authorities to work towards a coherent and enforceable privacy regulation.
In Belgium, the Data Protection Authority (formerly the ‘Commission for the Protection of Privacy’) ensures respect for the fundamental right to protection of personal data. The European Privacy Regulation (“GDPR”) obliges each Member State of the European Union to establish such a body.
Our office is consulted on a regular basis in order to provide advice on the correct application of the applicable privacy rules. Since the implementation of the GDPR in May 2018, serious sanctions, including heavy fines, apply when personal data are not being processed correctly.