The Belgian data protection authority imposed a €5,000 fine on a candidate in the municipal elections in June 2020. A welcome reminder: the GDPR applies to everyone!
In my job as RGPD consultant, I work with many public entities. I train many DPOs and project managers for municipalities and OCMWs. I am always amazed to hear from these people that political staff often do not take the RGPD into account in their local political activities.
Personal data is not freely available!
An all too common practice among local politicians is to use personal data from NPOs linked to the municipality. It is difficult for municipal employees to resist a request from an elected official, even if they remind him that the RGPD protects the privacy of citizens. Indeed, many public officials still believe that this regulation does not concern them. I often experience this when I lead a conference for local elected officials.
It was therefore important for the Data Protection Authority to remind the Belgian political world once again that it must also respect data protection legislation. This fine of €5,000 to a candidate in a local election is therefore welcome. Funny detail: in this case, the complainant was the municipality, and the candidate seemed to be a member of the opposition...
Constant reminders
This is not the first time that the Belgian authority has sanctioned political staff:
- The first sanction, in May 2019, concerned a burgomaster who had used personal data collected in the context of a subdivision issue to send election propaganda. The burgomaster had been fined €2,000.
- A mayor and an alderman were also fined €5,000 for crossing a contact file with the electoral list.
But despite these fines, and the mentions that have been made in the press, it seems that the entire political world has not yet taken the measure of the importance of compliance with the RGPD.
Indeed, one only has to look at the official websites of political parties to realize that the mentions imposed by the RGPD are not there, or are incomplete. Sometimes you can join without seeing a privacy policy, or only after having already encoded your data, or the party considers that it can keep the data for an unlimited period of time...
Politicians should lead by example
Let's not forget that the legislator, who sometimes has to ask the opinion of the Data Protection Authority, often "forgets" to take it into account. And yet it would be logical for the political world to set an example!
Let's hope that this new sanction will finally lead to a change of attitude and respect for citizens' personal data by the political world.
Want to know more?
Are you looking for a turnkey solution for your RGPD management?
Contact us to learn more about our solution and its applications.
