Threat to the protection of personal data in Belgium: European civil society is concerned

EDRi, alongisde multiple civil society organisations, is the signatory of an open letter addressed to the Belgian Parliament, demanding better enforcement of the European data protection rules and guarantees of political independence of the Belgian Data Protection Authority.

By EDRi · May 4, 2022

La Maison des Lanceurs d’Alerte published today, 27 April 2022, an open letter addressed to the Belgian Parliament signed by EDRi and multiple other civil society organisations, regarding the threats faced by the protection of personal data in Belgium and the fragility of the Belgian DPA’s independence. Read the full letter in English below.

We, as actors of European civil society, are concerned about the threats to the protection of personal data in Belgium and the breaches they open in this area throughout Europe.

With the adoption in 2016 of the General Data Protection Regulation (GDPR), the European Union reiterated its attachment to privacy as a fundamental right. It sought to further protect individuals against attacks on individual freedoms that can be generated by access to personal data by private companies but also by public administrations. This progress is salutary and we are very concerned that its implementation could weaken its impact.

Hence, we have learned that, for several months, the Belgian Parliament remained deaf to repeated alerts from two whistleblowers, members of the board of the Data Protection Authority (DPA).

They reported legal incompatibilities and conflicts of interest likely to affect the proper performance of the missions of this organization, in total contradiction with the spirit and the letter of the GDPR which requires the independence of the supervisory bodies. Breaches of probity were subsequently revealed without this giving rise to an adequate and proportionate reaction on the part of the Belgian authorities. This inaction worries us and we regret that it took the European Commission threatening Belgium to take the matter to the EU Court of Justice for the problem to be taken seriously.

We also regret that the Belgian authorities do not preserve whistleblowers who are already badly bruised. One of these whistleblowers ended up resigning in December 2021, under the effect of the pressures to which she was subjected. The other has just went through a hearing at the Parliament and risks the revocation of her fonction. She suffered personal attacks, also targeting those around her. Her loyalty was questioned. She and her colleague were silenced.

At a time when Europe wants to spearhead the protection of whistleblowers with a resolutely progressive directive that prohibits all forms of reprisals, does Belgium really want to set such an example? Through the case of Charlotte Dereppe, all professionals are called upon to turn a blind eye to the reprehensible practices they witness. Don’t we want, on the contrary, to encourage them to defend the public interest?

Conflicts of interest raise doubts that plague our democracies. The grip of digital technologies on our lives carries threats that concern us all. This is why the European institutions have adopted safeguards. Public administrations cannot be exempt, in this respect, from the requirements they impose on the private sector. They must even show the example. The reputation and credibility of our institutions are at stake at a time when public confidence in democracy is already largely eroded.

For all these reasons, we salute Charlotte Dereppe’s determination and ask the Belgian Parliament to take full advantage of the consequences of her alert by effectively putting an end to all conflicts of interest in terms of data protection. We also invite him to transpose the European directive without delay and, in the meantime, to grant Charlotte Dereppe the protection due to whistleblowers.

This letter was first published in French here.

(Contribution by: Maison des Lanceurs d’Alerte)