Saturday, March 1, 2008
Finally something is happening in the Belgian Data Protection World.
OIVO, the research and information centre of the consumer organisations in Belgium, has filed a complaint against the
Belgacom group to the
Privacy Commission and the
Federal Ministry of Economics.
OIVO states that the privacy notification on the invoices sent out by Belgacom clause is a violation of the Data Protection law. This notification states that '
customer data is stored in databases of the Belgacom group (Belgacom nv, Belgacom Mobile, Telindus, Skynet) and can be used by any member of that group for customer management and to send commercial information'. It also states that if a customer does not want to receive such commercial information, it should contact customer service.
This violates the data protection law on several points
- Belgacom has not given the customer the option to opt-in to commercial information.
- Belgacom does not mention how to contact customer service (address, email, phone number) and that this would be free of charge.
- Belgacom does not inform exactly what will be done with the personal data.
Belgacom is surprised at the complaint from OIVO and state that they comply with the law by providing the opt-out option. A letter was sent to every Belgacom customer to launch the new free 0800 customer service number, which was sufficient information as already 13.592 people have called and noted that they do not want to receive personal data. They also note that OIVO's approach is not elegant and that they should have contacted Belgacom directly first.
Of course OIVO's point of view is correct, and I am not surprised by Belgacom's reaction, as it is one of the
most heard excuses used by companies and organisations. Even though Belgacom is making an effort to implement the data protection law, it needs to go the extra mile and do it exactly right.