Data protection and privacy remain paramount in the sphere of governance and economic regulation, particularly with regard to the handling of sensitive financial data. The recent advisory opinion from the Belgian Data Protection Authority underscores the importance of striking a balance between lawful financial surveillance and individual rights under the GDPR framework. The De Wever government wants to do datamining on the CAP database, enriched with information related to foreign accounts/income, crypto accounts etc…
Key Considerations:
– Legitimacy of Assumptions: The proposal introduces a rebuttable presumption aimed at mitigating tax evasion through financial instrument conversions and re-registrations. This presumption warrants careful consideration, especially concerning the determination of legitimate motives behind financial actions.
– Access to Control Points: It’s prudent for authorities to have access to the Central Contact Point (CAP) of the National Bank of Belgium, contingent on existing suspicions of tax evasion. However, this access should be strictly regulated to prevent unwarranted invasions of privacy. Another breach against the GDPR legislation is that the original intend of the CAP database was to be consulted only if there was a proof of fraud. Now, the purpose of the CAP database will change completely to a proactive database to find proofs of fraud! Big brother will be watching you! Let’s hope the Belgian government will reconsider their data mining plans taking into consideration our privacy rights!
– Data Warehousing Concerns: The inclination to consolidate CAP data into a warehouse for data mining raises significant privacy implications. The advisory emphasizes that any large-scale data processing must adhere to principles of necessity and proportionality to avoid undue intrusions into individual rights and freedoms.
– Technical and Ethical Guidelines: It is crucial to establish clear parameters concerning automated decision-making processes based on risk profiling. Full transparency regarding the algorithms and risk models used for such profiling is essential to foster trust and accountability in data processing practices.
– Legislative Clarity: The advisory points out that any legal framework encompassing data processing must be transparent and adequately detailed to ensure that individuals are informed of their data rights. The proposed legislation should not result in ambiguous regulations that obscure accountability mechanisms.
– Expected Revisions: The authority recommends explicit definitions of data categories subject to notification obligations, and it emphasizes that access to CAP data should only be permitted when substantiated by credible evidence of potential tax fraud.
The advisory serves as a vital reminder of the balance that must be maintained in the regulatory landscape—ensuring effective fiscal governance while rigorously protecting personal data in compliance with the GDPR.
For further reading, please refer to the original advisory document here:
Original source link: [https://www.gegevensbeschermingsautoriteit.be/publications/advies-nr.-36-2025.pdf]