Data protection authority ‘no longer able to fulfil its mission’
Share article:
Share article:

Data protection authority ‘no longer able to fulfil its mission’

The directors had concerns over the adoption of the new coronavirus tracing app © Nicolas Maeterlinck/Belga

The Belgian data protection authority has become “unworkable” due to the actions of its president, David Stevens, according to a letter sent by two directors of the authority to parliament, Knack reports.

The data protection authority (DPA) was previously known as the Privacy Commission, and describes itself as “an independent control body responsible for ensuring compliance with the fundamental principles of personal data protection”.

However according to a letter sent by two directors of the DPA – Alexandra Jaspar, director of the knowledge centre and Charlotte Dereppe, director of first line services – the organisation has been rendered unable to function properly thanks to “serious” actions by the authority’s president.

The 10-page letter was sent on 9 September to the speaker of the parliament, the heads of the political groups and the members of the parliament’s justice committee. The two directors have already lamented the leak of their letter to Knack and Le Soir.

In the letter, the two express “grave concerns about the situation we have witnessed for 16 months,” and state that the DPA “is no longer able to fulfil its mission independently”.

They go on to request two external audits – one into the psychosocial environment within the authority, and another into its expenditure.

Finally, the directors call on MPs to submit director Stevens to “the procedure for the termination of his mandate”.

Stevens is accused of having failed on at least two occasions to carry our decisions of the management committee, as well as taking action without the committee’s fiat.

Given the influential individuals involved in both cases, there are reasons to believe that Mr. Stevens did so in order to give them preferential treatment. In doing so, he has exceeded his authority,” the authors allege.

The management of the DPA has been in some conflict for some time. One of the issues is the contact-tracing app related to the coronavirus epidemic, and as far back as July, Jaspar posted a message on LinkedIn in which she said she “feared for our democracy” regarding the Royal Decree which legislated for the app, but which had never been submitted to the DPA for its observations on the privacy aspects.

Stevens told De Standaard that urgency was the reason, rather than any ill-will.

He is also accused of conflict of interest over his participation in the Flemish government’s own privacy authority, as well as the coronavirus task force. And the two authors accuse him of disregarding “the most basic rules of good administration,” as well as intimidation.

We can provide you with all the documents confirming the serious malpractice that we allege in this letter,” the two wrote.

Stevens himself wrote to the parliament on 17 September, when he had become aware of the accusations, which he formally denied.

The five directors of the DPA, including the two authors of the leaked letter and Stevens, are due to be heard in camera by the justice committee on 21 October.

Alan Hope
The Brussels Times