Chairman of Privacy Commission announces tougher enforcement of data protection laws

15 April 2009

Peter Van de Velde

The Chairman of the Belgian Privacy Commission has announced in a press statement that his services will increase the enforcement of data protection laws in the private sector. This relates in particular to the use of the Privacy Commission’s inspection powers under the Data Protection Act of 8 December 1992.

The Chairman explained that inspection teams will be asked to carry out on-site investigations of data controllers. Inspections would focus in particular on sectors where the Privacy Commission has serious doubts concerning data protection compliance. 

The Commission's intention to step up its enforcement efforts is due to the increasing number of questions and complaints it receives regarding the data processing activities of private companies, and to the growing number of private sector databases that are being notified to the Commission. Reference is also made to the enforcement actions of data protection authorities in neighbouring countries such as France and The Netherlands.  

The Privacy Commission’s power to set up and deploy on-site inspection teams is laid down in Article 32 of the Data Protection Act of 8 December 1992. Members of the Commission taking part in on-site inspections are granted police powers: they can request the disclosure of any documents they deem necessary and have the right to request access to any premises they believe could be relevant to the investigation.     

In contrast to its counterparts in many other EU countries, the Belgian Privacy Commission has no power to directly impose fines under the Data Protection Act. This remains the exclusive competence of the Courts, to whom the Commission - and in certain cases its Chairman - can refer a case once an infringement has been established and it has been determined that further prosecution is appropriate.  

As in the case of any other type of audit or investigation by competent authorities, the way in which companies respond to inquiries by the Privacy Commission is important. Therefore, a proactive and well-considered data protection compliance programme can save companies a lot of time and trouble.