| CMS Belgium | The Wire - Your Technology, Media & Communications Update | 14 May 2020 | ||||
 |
||||
|
||||
| Deadline approaching for notifying CCTV cameras to Belgian police |
The transition period for notifying your surveillance closed-circuit television cameras (“CCTV cameras”) to the Belgian police ends on 25 May 2020. Meanwhile, the European Data Protection Board (“EDPB”) has published its final guidelines on processing personal data (including facial images) through video devices. This is the perfect time to review your compliance obligations. The Law on the installation and use of surveillance closed-circuit television cameras (“CCTV cameras”) was modified and modernised in 2018. This revised Belgian Surveillance Camera Act (“Act”) entered into force on 25 May 2018, at the same time as the General Data Protection Regulation (“GDPR”). The transition period for notifying your CCTV cameras to the Belgian police expires on 25 May 2020. There could be sanctions for non-compliance with the Act and the GDPR. Does the Act apply to all CCTV cameras? Yes and no. The Act applies only to cameras installed and used for the purpose of control and surveillance of premises, in particular cameras for preventing, proving or identifying offences/anti-social behaviour against persons or property; for instance, CCTV cameras installed by a store manager to monitor store shelves; or CCTV cameras installed by a company to prevent theft or damage. The Act does not apply to workplace CCTV cameras that are used for health and safety purposes to protect the company’s property, control the production process or supervise employees. Such CCTV cameras are regulated by the Collective Bargaining Agreement No. 68 (“CBA No. 68”). If the CCTV cameras fall within the scope of both the Act and the CBA No. 68 (e.g. employees and third parties), the two regulations will apply simultaneously, with the Act taking precedence in the event of a conflict between the two. Finally, the Act does not apply to CCTV cameras regulated by specific legislation (e.g. the Law on safety at football matches). Who must notify, when, and how? Companies installing CCTV cameras must notify the Belgian police via an online platform at www.declarationcamera.be (in French)/ www.aangiftecamera.be (in Dutch). Access to this platform requires an identity check using an electronic identity card, a citizen token or a unique security code via a mobile application. CCTV cameras must be notified to the Belgian police no later than the day before the cameras are put into service. CCTV cameras that were already notified under the previous regime to the Commission de la Protection de la vie privée/Privacycommissie must be notified under the new regime by 25 May 2020. The notification must be validated annually and updated if necessary. Do controllers have to notify fake cameras? No. The Act and the GDPR do not apply to fake cameras (i.e. cameras that do not function as a camera and thereby do not process any personal data). Do companies have other obligations? Yes. Companies using CCTV cameras must also comply with the GDPR, also detailed in the EDPB 3/2019 guidelines on processing of personal data through video devices. Such obligations include:
Yes, but only if the video footage is processed to deduce special category data or to contribute to the unique identification of an individual (i.e. facial recognition technology). It is important to remember that such processing is in principle illegal, unless the processing falls within an exception under the GDPR. Otherwise, companies cannot process biometric data. If one of the GDPR exceptions applies, companies should take additional steps to minimise the risks, such as:
For more information, please contact your usual CMS advisor, or local Tier 1 Chambers and Legal 500 experts: Thomas Dubuisson or Tom De Cordier. |
|
|||||||||||||||||||||||||||||||
| CMS DeBacker, Chaussée de La Hulpe | Terhulpsesteenweg 178, 1170 Brussels, Belgium T +32 2 743 69 00 – F +32 2 743 69 01 CMS DeBacker, Uitbreidingstraat 2, 2600 Antwerp, Belgium T +32 3 206 01 40 – F +32 3 206 01 50 CMS DeBacker Luxembourg, rue Goethe 3, L-1637, Luxembourg T +352 26 27 53-1 – F +352 26 27 53-53 CMS DeBacker is a member of CMS, the organisation of independent European law and tax firms. CMS provides a deep local understanding of legal, tax and business issues and delivers client-focused services through a joint strategy executed locally across 43 jurisdictions with 75 offices in Europe and beyond. CMS was established in 1999 and today comprises ten CMS firms, employing 4,800 lawyers and is headquartered in Frankfurt, Germany.
CMS locations: Aberdeen, Algiers, Amsterdam, Antwerp, Barcelona, Beijing, Belgrade, Berlin, Bogotá, Bratislava, Bristol, Brussels, Bucharest, Budapest, Casablanca, Cologne, Dubai, Duesseldorf, Edinburgh, Frankfurt, Funchal, Geneva, Glasgow, Hamburg, Hong Kong, Istanbul, Kyiv, Leipzig, Lima, Lisbon, Ljubljana, London, Luanda, Luxembourg, Lyon, Madrid, Manchester, Mexico City, Milan, Monaco, Moscow, Munich, Muscat, Paris, Podgorica, Poznan, Prague, Reading, Rio de Janeiro, Riyadh, Rome, Santiago de Chile, Sarajevo, Seville, Shanghai, Sheffield, Singapore, Skopje, Sofia, Strasbourg, Stuttgart, Tirana, Utrecht, Vienna, Warsaw, Zagreb and Zurich.
Unsubscribe from all our Technology, Media and Communications-related newsletters. To unsubscribe from all mailings sent by CMS Belgium, please send an email to privacy@cms-db.com. For our full privacy policy, please click here. www.cms.law |