Data Protection under strain: resignation of Alexandra Jaspar

December 22, 2021

Resignation of Alexandra Jaspar, co-director of the Data Protection Authority. This decision is motivated by the total lack of independence of some members. Muzzled, the authority refuses to take a position when it comes to a public institution.

There is some turmoil in Brussels on the side of the Data Protection Authority (DPA). The Belgian government institution, which oversees privacy protection in the processing of personal data, is facing unprecedented criticism since its creation in 2017. This body has been essential since the RGPD, the General Data Protection Regulation, came into force. Alexandra Jaspar, one of the DPA’s directors and whistleblower of the Data Protection Authority has sent in her resignation.

“The DPA is no longer protecting the data but those it is supposed to control.”  

Alexandra Jaspar criticizes in particular the willingness of the DPA “to bury certain files” and denounces its partiality in the treatment of cases that are entrusted to it. “We take totally illegal decisions every day in a steering committee that does not work at all”. In her eyes, the Data Protection Authority is “infiltrated by people who work for the [Belgian] government” and its composition contradicts the General Data Protection Regulation (GDPR).

The context

On November 8, Alexandra Jaspar had sent a letter to the Belgian House of Representatives to alert on the “serious dysfunctions” of the DPA. In her eyes, David Stevens, chairman of the Data Protection Authority, “has close contacts with members of the government, ministers, directors of administration”, preventing any impartiality of the DPA. This letter followed four others, sent since September 2020. Each time, it was to denounce “serious dysfunctions” affecting the ODA.

As soon as she took office in April 2019, Alexandra Jaspar had noted that the objective was not at all to set up a data protection authority that could ensure its mission of monitoring compliance with this famous RGPD. According to her, the DPA “was infiltrated by people who depend on the government.” It is difficult, if not impossible, to control government bodies and public institutions if the institution is infiltrated by members of the government or people who work for the government.

The resigning director thus points to APD President, also director, David Stevens. He would not be impartial when it comes to examining what the state does with personal data. In addition to David Stevens, Director and Chairman of the DPA, two other people are also in the firing line. These are two advisors. Together with others, they are normally supposed to enable the APD Knowledge Center to issue opinions on the laws and regulations that govern the processing of personal data. One of those advisors is Franck Robben.

The Belgian House of Representatives is not moving. However, Europe is asking for it…

The European Commission confirms, more or less word for word, the statements of Alexandra Jaspar in rather dry and sharp letters sent to Belgium. The latest one was sent on November 12. The European Commission having found that the Belgian State is indeed violating article 52 of the regulation (GDPR). It enjoins Belgium to put an end to the irregularities by next January 12 2022. Belgium risks sanctions from the European Court of Justice. This would make it, according to Alexandra Jaspar, the first state sanctioned for the GDPR. Before that, on January 10, Alexandra Jaspar will have stepped down as director of the DPA.