Act Provisions Relating To The Processing Of Data Carried Out By The Service Personal Federal Public Finance Its Missions

Original Language Title: Loi portant dispositions relatives aux traitements de données à caractère personnel réalisés par le Service public fédéral Finances dans le cadre de ses missions

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
belgiquelex.be - Carrefour Bank of Legislation

3 AOUT 2012. - Act respecting provisions relating to personal data processing carried out by the Federal Public Service Finance in its missions



ALBERT II, King of the Belgians,
To all, present and to come, Hi.
The Chambers adopted and We sanction the following:
CHAPTER 1er. - General provisions
Article 1er. This Act regulates a matter referred to in Article 78 of the Constitution.
CHAPTER 2. - Provisions relating to personal data processing carried out by the Federal Public Service Finance in its missions
Section 1re. - The controller
Art. 2. The Federal Public Service Finance is responsible for the personal data processing referred to in this chapter.
Section 2. - Purpose of personal data processing
Art. 3. The Federal Public Service Finance collects and processes personal data to carry out its legal duties.
The data cannot be used by the Federal Public Service Finance for other purposes than the execution of its legal missions.
The Federal Public Service Finance may, in accordance with section 4, subsequently process for the execution of another legal mission any personal data collected legitimately as part of the execution of one of its other missions.
Section 3. - Internal data exchanges
Art. 4. Administrations and, or services of the Federal Public Service Finance shall exchange personal data on authorization of an internal proceeding to the Federal Public Service Finance designated by Royal Decree after notice of the Sectoral Committee for the Federal Authority.
This proceeding determines which types of personal data may be exchanged between jurisdictions and, or services of the Federal Public Service Finance in a systematic or ad hoc manner and for the execution of specific purposes, after verifying their adequacy, relevance and non-excess.
It adopts a regulation describing on the one hand the application process for access to personal data held by an administration and, or service of the Federal Public Service Finance and on the other, the procedure whereby such exchange takes place. This regulation is approved by the King, after the advice of the Sectoral Committee for the Federal Authority.
It may request the advice of the Sectoral Committee for the Federal Authority on any request for data processing submitted to it and for which the Committee is competent.
Section 4. - Special treatment
Art. 5. § 1er. The Federal Public Service Finance may also undertake the aggregation of data collected pursuant to section 3 for the creation of a datawarehouse that must allow its services on the one hand, to carry out targeted controls on the basis of risk indicators, and on the other hand, to carry out analyses of relational data from the various jurisdictions and, or services of the Federal Public Service Finance.
§ 2. Any data category provided to the datawarehouse is subject to authorization from the Sectoral Committee for the Federal Authority.
In particular, the Department ensures that the processing, where possible, involves coded personal data and that decoding occurs only when there is a risk of commissioning an offence to a law or regulation that falls within the purview of the Federal Public Service's missions.
A royal decree deliberated in the Council of Ministers, taken after the advice of the Commission for the Protection of Privacy, determines cases where an exchange of personal data does not require authorization from the Sectoral Committee for the Federal Authority.
Section 5. - External data exchanges
Art. 6. § 1er. The Federal Public Service Finance shall not transmit personal data to another public service or to a public legal entity only after the authorization of the Sectoral Committee for the Federal Authority or the competent community or regional authority.
A royal decree deliberated in the Council of Ministers, taken after the advice of the Commission for the Protection of Privacy, determines cases where an exchange of personal data does not require authorization from the Sectoral Committee for the Federal Authority.
§ 2. The Federal Public Service Finance receives electronic personal data from a public service or public legal entity only in the course of carrying out its legal duties and after authorization from the relevant Sector Committee or Community or Regional Authority.
Where these external data are used for the purpose of section 5, the authorization of the relevant sectoral committee shall provide that the exchange is authorized for this purpose.
§ 3. Agents of the Federal Public Service Finance shall remain in the performance of their duties within the meaning of section 337 of the Income Tax Code 1992, section 93bis of the Value-Added Tax Code, section 236bis of the Registration, Mortgage and Registry Code, section 146bis of the Code of Succession Rights, section 212 of the Code of Miscellaneous Duties and Taxes and The recipients of this data are also held in professional secrecy and may only use the data as part of the execution of their legal missions or authorizations of the relevant sectoral committees.
Section 6. - Competent management institution
Art. 7. In the data exchanges referred to in Article 5 and Article 6, § 1er, the Federal Public Service Information and Communication Technology renders the legal and technical advice referred to in sections 31bis, § 3, and 36bis of the Act of 8 December 1992 on the protection of privacy with respect to personal data processing after consultation with the Federal Public Service Finance.
The management institution of the relevant sectoral committee for the instance that provides the data renders the legal and technical advice in the cases referred to in Article 6, § 2.
Section 7. - Information Security and Privacy Protection Service
Art. 8. § 1er. It is created, within the Federal Public Service Finance, an Information and Privacy Security Service that is placed under the direct authority of the chair of the Federal Public Service Management Committee Finance.
This service is responsible for:
(a) ensure the application of privacy regulations, this Act and its enforcement measures;
(b) to verify, prior to the decision of the controller, that the conditions for the application of the exception referred to in Article 3, § 7, of the Act of 8 December 1992, relating to the protection of privacy with respect to personal data processing, are met;
(c) render legal notices when the Federal Public Service Finance is consulted in accordance with section 7.
This service also has an internal advisory, stimulation, documentation and audit function in terms of privacy protection.
It may also file a complaint directly with the Sectoral Committee for the Federal Authority where there is a risk of commissioning an offence to a law or regulation whose application falls under the duties of the Federal Public Service Finance.
§ 2. The King shall determine by order deliberately in the Council of Ministers, after the advice of the Commission on the Protection of Privacy, the composition and mode of operation of that service and the status of the members composing it.
Section 8. - Monitoring Service
Art. 9. § 1er. It is established within the Federal Public Service Finance, a department responsible for technically conducting personal data exchanges. This service also ensures the technical compliance of these personal data exchanges to this Act, the regulations, the authorizations of the competent authorities and the decisions of the processing officer. This service is placed under the direct authority of the Chair of the Federal Public Service Management Committee.
§ 2. The King shall determine by order deliberately in the Council of Ministers, after the advice of the Commission on the Protection of Privacy, the composition and mode of operation of that service.
Section 9. - Data Access Authority
Art. 10. § 1er. Federal Public Service Agents Finance and duly authorized third-party staff shall only access electronic records, data and applications to the extent that such access is adequate, relevant and not excessive in the performance of the tasks entrusted to them in the missions as defined in sections 3 and 5.
§ 2. The right of access is granted individually and personally based on a profile. He can't be transferred. Each user of the federal Public Service's internal network Finance to whom a personal access account is assigned is personally responsible for its use.
§ 3. Any access to electronic records, data or applications is subject to an audit by the identity management system of the person seeking access and correspondence to the defined profile.
§ 4. Each access or attempt to access records, data or applications is the subject of an automated registration, the content and duration of which are fixed by an internal regulation submitted for advice to the Sectoral Committee for the Federal Authority.
The service referred to in section 8 periodically controls access and access attempts to detect security incidents.
Section 10. - Right of information, access and correction
Art. 11. It is inserted in section 3 of the Act of 8 December 1992 on the protection of privacy with respect to personal data processing, replaced by the Act of 11 December 1998 and last amended by the Act of 10 July 2006, a § 7 written as follows:
« 7. Sections 9, § 2, 10 and 12 are not applicable to personal data processing managed by the Federal Public Service Finance during the period in which the data subject is subject to control or investigation or preparatory actions for the data carried out by the Federal Public Service Finance as part of the execution of his legal duties.
Where the Federal Public Service Finance has made use of the exception as defined in paragraph 1, the exception rule is immediately lifted after the closure of the control or investigation. The Information Security and Privacy Protection Service informs the taxpayer concerned without delay. "
Section 11. - Entry into force
Art. 12. This Act comes into force on 1er January 2013.
The King may fix an effective date prior to that referred to in paragraph 1er.
Promulgate this law, order that it be clothed with the seal of the State and published by the Belgian Monitor.
Given at Châteauneuf-de-Grasse, August 3, 2012.
ALBERT
By the King:
Deputy Prime Minister and Minister of Finance,
S. VANACKERE
The Minister of Justice,
Ms. A. TURTELBOOM
Seal of the state seal:
The Minister of Justice,
Ms. A. TURTELBOOM
____
Note
Documents of the House of Representatives:
53-2343 - 2011/2012:
Number 1: Bill.
No. 2: Amendments.
Number three: Report.
No. 4: Text corrected by the commission.
No. 5: Text adopted in plenary and transmitted to the Senate.
Full report: 18 July 2012.
Documents of the Senate:
5-1765 - 2011/2012:
No. 1: Project referred to by the Senate.
Number 2: Report.
No. 3: Decision not to amend.
Annales of the Senate: July 19, 2012.