The Supervisory Body derives its statutory and normative framework from the European and national legislation and regulations.
1. National Regulations
- The Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data (M.B. [Belgian Official Gazette] dd. 5 September 2018), the Data Protection Act or DPA for short. The DPA provides for the opening clauses of the GDPR, the transposition of Directive 2016/680 on the processing of personal data in the chain of criminal law and for the establishment of the COC.
- The Act of 5 August 1992 on the Police Service – PSA - A specific section of this Act deals with police information management (articles 44/1 up to and including 44/11/13), and with the supervisory role of the Supervisory Body.
- The Act of 3 December 2017 establishing the Data Protection Authority (article 4 §2).
- The Supervisory Body’s Rules of procedure, approved by the Chamber of Representatives on 14 November 2018 (M.B. dd. 27 November 2018). These set out the internal regulations of the COC.
2. European Regulations
(a) European Union
- The Charter of Fundamental Rights of the European Union (articles 7 and 8).
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - General Data Protection Regulation - GDPR. This European legislation governs the rights and obligations of both data processors (the parties responsible for the processing) and of data subjects (the persons whose data are processed). Find out more about the GDPR
- Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA – The Police and Criminal Justice Authorities Directive. This Directive constitutes the European framework for the processing of data by, in particular, the police services.
(b) Council of Europa
- European Convention on Human Rights (articles 8 and 9).
- Convention 108 for the protection of individuals with regard to automatic processing of personal data.
- Additional Protocol to Convention 108 for the protection of individuals with regard to automatic processing of personal data + explanatory report.
- Recommendation No R (87) 15 of the Committee of Ministers of 17 September 1987 regulating the use of personal data in the police sector.
3. International Directives
(a) ISO Standards
The ISO standards can be downloaded from the organisation’s website against payment.
- ISO/IEC 27001 Information technology - Security techniques - Information security management systems - Requirements.
- ISO/IEC 27002 Information technology - Security techniques - Code of practice for information security controls.
- ISO/IEC 29100 Information technology - Security techniques - Privacy framework.
- ISO/IEC 27701 Information technology - Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines.
(b) References textes adopted by the United Nations
- Guidelines for the regulation of computerised personal data files (1990).
- International Covenant on Civil and Political Rights (1966): article 17.
- International Convention on the Rights of the Child (1989): article 16.