Innovation and new technologies are with prio the commitment of local police for the period 2024-2028. This can be read in the new memorandum that is the result of cooperation between the various Local Police Areas across the country. With this message, the DPO day for police started on Black Friday. Among the participants not only the DPOs of different police zones, but also their supervisors, such as the chiefs of police. And with as a fun finale Jochem Nooyen, who incorporated the importance of privacy in a playful show.
The need for a digital transformation, driven from the ‘business’, is a necessity here. Philippe Kennis, advisor Cabinet CG, explained how the police want to tackle this, including through a firmly developed governance structure that should make it possible to make police work more performant, facilitate employees through administrative simplification and the use of innovative technologies.
More and more technology in police tasks creates a lot of challenges. In addition to a solid ICT infrastructure to link all this technology together, one must also focus on a risk management system. For this, several methodologies are common, but essential is and remains the awareness of everyone working with this technology and data. This DPO day addressed concrete dangers that lurk, from cut-off techniques to the misuse of Artificial Intelligence.
There is certainly work to be done at the policy level as well. Frank Schuermans explained where exactly these challenges are based on a SWOT analysis of data protection supervision. Between the annual figures of the past year, you immediately notice that the supervisory body can invest less and less time in proactive actions. This is not surprising, Stefan says. De Proft, pointing to the imbalance between the number of staff at the supervisory body (10) and those at the police services (50,000). Moreover, given the amount of (personal) data that police have to process and the challenges posed by digitization, such more proactive monitoring is necessary. But the volume of tasks and limited staffing forces the body to take a more re-active approach.
That the need for a proactive approach to supervision is essential was also underlined by Chief of Police Jean-Louis Dalle (Chief of Police PZ Gavers). He pointed to the amount of time and resources being invested in technology and innovation. It is therefore a shame if during such a project, over time, problems associated with data protection surface. This view is shared by Christophe Bierlaire (DPO – CG-ISPO). Testing innovation beforehand and not afterwards, both with the DPO and the supervisor, is therefore essential. Also clear rules, for example regarding the maintenance of local blacklists, remain essential to work cost-efficiently.
As for time constraints, there is also good news for the COC. Due to a recent ruling by the EU ECJ on Nov. 16, 2023, the COC will in the future be less burdened with access requests from citizens. Until the ruling, in Belgium it was regulated in such a way that access to a police file, exercised by a citizen who wanted to check which personal data about him were being processed, could only be done through a request to the COC. The CoC then had to verify whether that person’s data were being processed correctly and report this to the requester. The ruling overturns this procedure and states that, as in other European member states, any citizen should be able to contact the relevant police zone directly. Only in exceptional cases will the CoC still have to intervene. In this context, the COC does repeatedly point to the legislator who has recently failed to “fix” the Belgian Data Protection Act. In any case, this matter, among others, will have to be transposed into Belgian law.
In its presentation, the COC emphasizes the important role of the chief of police and the DPO in the system of supervision and control. They must be the first line of supervision and monitoring of privacy protection. In doing so, the supervisor reaches out to the DPO, clearly expressing support for the DPO and expresses her respect for the many individual and motivated GPI members and organizations who are working in the field of data protection.
Specific cases and challenges were also discussed during this DPO day. For example, a debate addressed the role of private firms (also known as processors), which are brought in to support police tasks, such as when determining traffic violations using cameras. Can one outsource a police determination? What is their role in submitting a police report to the sanctioning officer, and may this firm enrich this data? These and other questions remain fodder for discussion and indicate the importance of consultation, sharing insights and exchanging best practices. Information sharing between supervisors, DPOs and the organization is essential here. Plans for a Black Friday DPO day 2024 are already on the table.