Skip to main content Scroll Top

COMPLAINTS

PROCESSING OF PERSONAL DATA

HYPOTHETICAL CASES

Repeated targeted checks

Repeatedly targeted by more in-depth identity checks than other passengers at Brussels Airport, an individual submits a complaint. She believes she has been unfairly targeted and complains of disproportionate processing of her personal data by the intelligence services.

As part of its investigation, and on the basis of indirect access to these services’ files, the Committee may assess whether or not the complaint is well founded. They will review any processing of her personal data by the intelligence services. If necessary, it will request corrective measures such as the erasure or the correction of incorrect data. Despite any shortcomings noted, the Committee will not be able to communicate the results of the investigation to the applicant. The law stipulates that the Committee is limited to only sharing the fact that “the necessary checks have been carried out”.

International reporting

Someone was recently refused access to a foreign country upon their exit from the airplane on the sole grounds that they appeared on a list of “persons of interest”. Wishing to understand the reasons for this international alert, they contacted the local Belgian police who informed them that they had previously appeared in the common database Terrorism, Extremism and Radicalisation Processes (CDB T.E.R.). As their name had been removed from the list three years ago, the individual requested that the Committee investigate the reason why she was still subject to international reporting.

The Committee will carry out a joint investigation with the competent supervisory authorities to examine why this international reporting has not been lifted. When the investigation is closed, the Committee may, if necessary, request that the intelligence services take the appropriate action to lift this unjustified international alert. Despite any shortcomings noted, the Committee will not be able to communicate the results of the investigation to the applicant. The law stipulates that the Committee is limited to only sharing the fact that “the necessary checks have been carried out”.

Intelligence services advice as part of a procedure for granting nationality

After being refused Belgian nationality on two occasions following negative advice issued by State Security, an individual submits a complaint to the Committee, believing that the information about them used by State Security is incorrect.

The request is referred to the Committee. It will focus in particular on checking the information behind the intelligence presented by State Security with regard to the applicant, in order to determine whether it is based on sufficient, credible and up-to-date information. Despite any shortcomings noted, the Committee will not be able to communicate the results of the investigation to the applicant. The law stipulates that the Committee is limited to only sharing the fact that “the necessary checks have been carried out”.

As the data protection authority for data processing that falls within the scope of national security, the Committee is competent to review the processing of personal data carried out:

  • By State Security and GISS;
  • In the context of security clearances and advice;

For example, processing carried out by the NSA or a security officer

  • By CUTA;

This monitoring role is carried out with Committee P

  • By the Passenger Information Unit in the context of an intelligence operation;
  • By the SIM Commission;
  • In the context of the common database Terrorism, Extremism, Radicalisation Processes.

This role is carried out with the Supervisory Body for Police Information.

Who can lodge a request?

The Committee can intervene at the request of anyone who believes that personal data protection laws have not been respected during the processing of their personal data carried out in the context of national security.

The applicant may request that compliance with applicable regulations is checked, and that their incorrect personal data is corrected or deleted.

Formalities to be observed

The request for verification, correction or modification must be written, dated, signed and substantiated. The complainant must also prove their identity.

Otherwise, it will not be accepted.

Handling of the request

1. Preliminary examination

The Committee will subject the request to a preliminary examination to decide whether it falls within its remit.

If the request is not admissible, or is declared manifestly unfounded, the Committee will inform the complainant of its decision in writing. If necessary, the Committee can refer the complainant to another body or competent service to handle the complaint.

2. Investigation

If the Committee declares the request admissible, it will open an investigation into the matter.

In order to handle the request, the Committee may exercise all the powers at its disposal in the context of its traditional oversight remit. The Committee may also work together with other Belgian data protection authorities.

3. Closure of the case

At the end of its investigation, and if necessary, the Committee can take binding corrective decisions. Among other things, it may stipulate that the service in question corrects or deletes certain personal data.

However, the Committee cannot communicate its decision to the applicant. In accordance with the law, all it can confirm is that ‘the required checks have been carried out‘. This means that the applicant will not learn from the Committee whether or not the service in question was storing personal data about them.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.