The Data Protection Authority (APD), Belgian counterpart of the CNIL, contacted the Commission communautaire commun de Bruxelles-Capitale (COCOM) about a potential data leak linked to the Bruvax platform , vaccination registration platform.
“ The DPA has not received any notification from COCOM on this subject, and has therefore requested additional information in order to be able to better assess the situation ”.
According to several press articles, “ it would have been possible to assume the vaccination status of a person on the Bruvax platform by indicating the person’s national registry number concerned. This could constitute a serious health data leak ”.
The GDPR imposes the notification of vulnerabilities leading to a leak of personal data likely to create a risk for the rights and freedoms of individuals. “ In the case of a so-called high risk, the persons concerned must also be informed “.
“ According to the legal opinions that we have received, there was no fault ”announced Friday Inge Neven, COCOM Covid manager.