Belgian Consumers To Pay For Privacy Unfriendly Data Retention Measures?
Call the Attorney at +32 2 239 20 00
Jan Dhont comments on new data retention bill announced by the Belgian Ministry of Justice. “The proposed data retention requirements risk to violate consumer’s privacy and comes with a high cost. Belgian consumers are likely to pay twice for unpopular and privacy-unfriendly measures”, Mr. Dhont says.
The Belgian Ministry of Justice has proposed a bill imposing a two years data retention period to telecom operators and internet service providers offering communication services in Belgium for the purpose of the investigation, detection and prosecution of serious crime (such as organized crime or terrorist activities). Service providers will be required to retain traffic data, such as the sender and receiver’s telephone number or e-mail address, IP numbers, the date, time and duration of a communication.
The bill is heavily disputed both by the Belgian Data Protection Authority (hereinafter: “Belgian DPA”) and the Internet Services Providers’ Association (hereinafter: “ISPA”).
According to a recent opinion of July 1, 2009 (hereinafter: “Opinion”) the Belgian DPA considers that a retention period of twelve months largely suffices to fulfill the objectives of a criminal investigation. The Belgian DPA considers that the retention of traffic information for a longer time is disproportionate and difficult to conciliate with the right to privacy and fundamental freedoms as provided for in the Belgian Constitution and European Human Rights law.
According to ISPA, the bulk of public authority access requests come within six months from the day that the communication took place. Requests sent after twelve months from that day do not represent more than 5% of the total of such requests. ISPA has voiced that a two years data retention period comes with an expensive price tag. It is feared that ultimately the consumer will pay twice for privacy-unfriendly regulations, first with their privacy, and once more economically.
In Europe, Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 (hereinafter: “Directive”) requires national legislators to implement a data retention requirement varying from six months to two years (Article 6 of the Directive). Currently, there is no clear requirement for telecom operators to retain traffic information since the relevant provisions of the Belgian Telecom Act have not been executed by secondary legislation and provide for an open data retention window ranging from 12 months to 36 months.
In its opinion, the Belgian DPA reminds the Ministry that several EU member states have adopted a twelve-months or even shorter data retention period (e.g. France, Germany, Spain, Portugal, the Netherlands, Sweden and the United Kingdom). Since the Directive aims at harmonizing legislation on this matter between EU member states, it is preferred to implement the same twelve-months data retention period as in most other EU countries.
The Opinion does not bind the Ministry of Justice and it is expected that the proposed retention requirement will make it to Parliament. To be continued.
ABOUT THE AUTHOR: Jan Dhont
Jan Dhont heads the privacy & data protection practice of Lorenz.
Jan specialises in privacy and data protection as well as information technology law. He has broad experience in providing privacy compliance solutions for the pharmaceutical, insurance, banking, direct marketing, travel, recruitment and telecom industries.
Jan also advises national and international clients on EU regulatory matters, including product regulation, product liability, and commercial transactions.
He can be reached at j.dhont@lorenz-law.com.
Copyright Lorenz
More information about Lorenz
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer. For specific technical or legal advice on the information provided and related topics, please contact the author.
The bill is heavily disputed both by the Belgian Data Protection Authority (hereinafter: “Belgian DPA”) and the Internet Services Providers’ Association (hereinafter: “ISPA”).
According to a recent opinion of July 1, 2009 (hereinafter: “Opinion”) the Belgian DPA considers that a retention period of twelve months largely suffices to fulfill the objectives of a criminal investigation. The Belgian DPA considers that the retention of traffic information for a longer time is disproportionate and difficult to conciliate with the right to privacy and fundamental freedoms as provided for in the Belgian Constitution and European Human Rights law.
According to ISPA, the bulk of public authority access requests come within six months from the day that the communication took place. Requests sent after twelve months from that day do not represent more than 5% of the total of such requests. ISPA has voiced that a two years data retention period comes with an expensive price tag. It is feared that ultimately the consumer will pay twice for privacy-unfriendly regulations, first with their privacy, and once more economically.
In Europe, Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 (hereinafter: “Directive”) requires national legislators to implement a data retention requirement varying from six months to two years (Article 6 of the Directive). Currently, there is no clear requirement for telecom operators to retain traffic information since the relevant provisions of the Belgian Telecom Act have not been executed by secondary legislation and provide for an open data retention window ranging from 12 months to 36 months.
In its opinion, the Belgian DPA reminds the Ministry that several EU member states have adopted a twelve-months or even shorter data retention period (e.g. France, Germany, Spain, Portugal, the Netherlands, Sweden and the United Kingdom). Since the Directive aims at harmonizing legislation on this matter between EU member states, it is preferred to implement the same twelve-months data retention period as in most other EU countries.
The Opinion does not bind the Ministry of Justice and it is expected that the proposed retention requirement will make it to Parliament. To be continued.
ABOUT THE AUTHOR: Jan Dhont
Jan Dhont heads the privacy & data protection practice of Lorenz.
Jan specialises in privacy and data protection as well as information technology law. He has broad experience in providing privacy compliance solutions for the pharmaceutical, insurance, banking, direct marketing, travel, recruitment and telecom industries.
Jan also advises national and international clients on EU regulatory matters, including product regulation, product liability, and commercial transactions.
He can be reached at j.dhont@lorenz-law.com.
Copyright Lorenz
More information about Lorenz
View all articles published by Lorenz
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer. For specific technical or legal advice on the information provided and related topics, please contact the author.
