PHR2004 - The Kingdom of Belguim

Kingdom of Belgium

The Belgian Constitution recognizes the right of privacy and private communications.[1] Article 22 states, "Everyone has the right to the respect of his private and family life, except in the cases and conditions determined by law. . .The laws, decrees, and rulings alluded to in Article 134 guarantee the protection of this right." Article 29 states, "The confidentiality of letters is inviolable. . .The law determines which nominated representatives can violate the confidentiality of letters entrusted to the postal service." Article 22 was added to the Belgian Constitution in 1994. Prior to the constitutional amendment, the Cour de cassation ruled that Article 8 of the European Convention applied directly to the law and prohibited government infringement on the private life of individuals.[2]

The Data Protection Act of 1992 governs the processing and use of personal information in Belgium. Amending legislation to update the 1992 Act and make it consistent with the European Union (EU) Data Protection Directive was approved by the Parliament in December 1998.[3] A Royal Decree (Arrêté royal) to implement the Act was approved in July 2000. The Decree, as a whole, broadens the scope of application of the law by extending the definition of "processing," determines how special categories of data may be processed, and reinforces data subjects' rights. The Decree was finally adopted in February 2001, and the law came into effect in September 2001. Two months after the entry into force of the new data protection regime, the government announced that it had put in place an Observatoire des droits de l'Internet (the Internet Rights Observatory)[4] in order to better assess and analyze the impact of the Internet on the economy and consumer protection. The Observatory aims, through its composition, at being an open forum for all Internet stakeholders, and will issue advisory opinions and annual reports, organize a dialogue between economic actors, and inform the public.[5] In 2004, The Observatory released reports on e-commerce[6] and e-government.[7] A recent survey found out that, while 90 percent of Belgian web sites collect personal data, 55 percent of them display a privacy policy, although some of those policies are unclear, incomplete and hard to find on the site.[8]

The Commission de la protection de la vie privée (the data protection authority, or Commission) oversees the law.[9] The statute of the Commission has changed since 2004 to make it directly depend on the Parliament instead of the Ministry of Justice.[10] The Commission investigates complaints, issues opinions and maintains the registry of personal files.[11] In 2003, the Commission answered 655 complaints and requests for information. That number has reached 355 as of the end of June 2004.[12] The number of public requests also increased from about 6,200 in 1999 to about 7,400 in 2001. The Commission has issued in the last four years a number of recommendations relating to workplace privacy,[13] video surveillance,[14] the compatibility of the ten-yearly census survey with the Belgian privacy regulations,[15] the protection of privacy in the context of electronic commerce,[16] the regulation of direct marketing under the data protection legal framework,[17] the recording by banks of their customers' telephone communications,[18] the use of electronic communications for electoral advertising purposes,[19] etc. As of June 2004, there are 32 permanent staff members,[20] compared to 19 in 2001 and 28 in 2000.[21]

In 2002, the Commission was asked to assess whether the upload on the Internet of a "black list" of renters[22] by the Syndicat National des Propriétaires (National Association of Property Owners) was legal. In its opinion, the data protection authority found the database illegal under the 1998 Data Protection Act, and that it required prior legislative action to authorize it – if it were to be authorized – and determine the conditions of access.[23]

After opening a "boîte à spam" (spam mailbox) for three months at the end of 2002 to store the unsolicited commercial e-mails spontaneously forwarded by Belgian Internet users, the Commission released a study on "spam" in July 2003 which assesses the phenomenon of spam in Belgium. The Commission found out that most of the e-mails come from abroad – mainly from the United States – and details the measures it has taken to combat illegal spam. The report also outlines spammers' obligations under the Data Protection Act of 1998 and provides legal and practical advice for data subjects receiving unsolicited commercial e-mails.[24] Since 2003, the use of e-mails for marketing purposes is prohibited without the prior, free, specific and informed consent of the recipients, in compliance with the EU Directive on Electronic Commerce,[25] transposed by the Law of March 11, 2003,[26] and with the EU Electronic Communications and Privacy Directive.[27] [28]

In 2004, the Commission ruled that disclosures of passenger name records (PNR) by airline companies to the US government without passengers' consent are illegal (on the complaint of data subjects, including a Member of the European Parliament)[29]

Surveillance of communications is regulated under a 1994 law.[30] Prior to its enactment, there was no specific law. The law requires permission of a juge d'instruction before wiretapping can take place. Orders are limited to a period of one month. There were 114 orders issued in 1996,[31] and, reportedly, around 1,000 in 2002.[32] The law was amended in 1997 to remove restrictions on encryption.[33] The Parliament also amended the law in 1998[34] to require greater assistance from telecommunications carriers and to give the juge d'instruction and the Attorney General ("Procureur du Roi") more powers. The juge d'instruction now has the authority to request the cooperation of experts or network managers to help decrypt telecommunications messages which have been intercepted. The experts, network managers, etc. cannot refuse providing cooperation; criminal sanctions are possible in cases of refusal. The law also provides that telecommunications network operators and telecommunications service providers have to record and store calling data ("données d'appel") and telecommunications services subscribers' identification data for future law enforcement authorities' needs during a minimum period of 12 months. The law is very vague as to the duration of data retention ("a certain time") and would not prevent an implementing decree from increasing this period for much longer. The Belgian police are officially in favor of a three-year general retention policy.[35] In 2003, a new royal decree was enacted to implement the June 10, 1998 Law to provide more details about the practical and technical measures that telecommunications network and service providers have to comply with to cooperate with law enforcement authorities.[36]

The Council of Ministers is currently working on the second version of a bill (avant-projet de loi relatif aux communications électroniques[37]) that aims at transposing into Belgian law the EU "telecom package," a set of six directives that establish a new legal framework for electronic communications in the EU. This package includes the EU Directive on Privacy and Electronic Communications. The Commission issued a positive opinion on the part of the bill covering the protection of personal data in which it discussed the security of networks and telecommunications services, the confidentiality of communications, the retention of traffic data, the surveillance of communications, and cookies and spyware.[38] The Conseil d'Etat (State Council) and the Institut belge des services postaux et télécommunications (Belgian Institute for Postal Services and Telecommunications, or IBPT) were also consulted.

In November 2000, the Belgian Parliament enacted a Computer Crime Law.[39] The law creates four new crimes: computer forgery ("faux en informatique"), computer fraud ("fraude informatique"), hacking, and sabotage of computer data ("sabotage de données informatiques"). Recent case law tends to temper the harshness of some provisions of the new law.[40]

In December 1999 the Commission had issued an opinion on the Computer Crime Bill, in which it raised serious concerns about its potential negative impact on the protection of privacy. It recommended certain amendments to the Bill including the establishment of a "police monitoring system," which would report back to the Commission, and a three-year review provision.[41] These suggestions were not included in the law, and the data retention provision even goes against the Commission's official opinion. However, the law provides that the Privacy Commission's opinion is mandatory before any royal decree is enacted on the issue of data retention.

Almost unnoticed, a law, enacted in December 2001, bans anonymity for subscribers and users of telecommunications network operators and services providers, while the application of the law is, however, subject to a proportionality requirement. A royal decree may prohibit the exploitation of telecommunications services if they render the identification of the caller impossible, or otherwise make it difficult to track, monitor, wiretap, or record communications. With this new rule, the government can now prohibit any telecommunications service that hinders the application of the wiretapping laws.[42]

After almost a year of negotiations, a national collective labor organization of employers and employees' representatives (the Conseil national du travail) could eventually agree on common rules regulating the electronic surveillance of workers' computers in the workplace. The common agreement (called convention collective de travail or CCT) has entered into force on June 29, 2002 through a royal decree[43] and applies to all employers and employees in the country. It provides for rules implementing to the specific setting of the workplace the already existing and enforceable European and Belgian general data protection regulations, by ensuring the workers of fairness, information, and compliance with the basic data processing principles of proportionality, purpose specification, and transparency.[44] The data protection authority had released earlier an opinion[45] on the same topic in which it refers to the general principles applicable: a general prohibition of the interception of telecommunications, proportionality and transparency, balance of the interests and limited storage of personal data. Also in the field of workplace privacy, another CCT was released in 1998 to regulate the surveillance of workers by video surveillance cameras.[46]

In August 2002, a new law was enacted that better protects patients' privacy rights by giving them, e.g., the right to be clearly informed about their health state, to consent to any medical interventions, and to have access to their medical files.[47]

There are also laws relating to consumer credit,[48] social security,[49] electoral rolls,[50] the national ID number,[51] professional secrets,[52] and employee rights.[53]

From the end of 2000, IFPI Belgium, the recording industry trade association, started tracking people downloading and uploading music files from MP3 audio file-sharing web sites such as Napster, Gnutella or KaZaa. In a move that left many Belgian music fans outraged, IFPI collaborated by simple "gentlemen's agreements"[54], and outside any legal framework, with Internet service providers (ISPs) to get the names and addresses of high-speed Internet connection subscribers in order to send them personalized letters threatening them with legal action if they did not stop their file-sharing practices. In November 2001, the Privacy Commission released an initiative opinion[55] severely condemning the way IFPI had behaved with respect to the protection of people's privacy, noticing that they were violating several Belgian and European telecommunications privacy and data protection laws.[56]

In July 2001, the Conseil des ministres (Council of Ministers) approved the idea of introducing an electronic identity card for all Belgians.[57] BELPIC, which stands for Belgian Personal Identity Card, embeds a digital certificate that will, according to the government, allow Belgians to communicate online and conduct secure transactions with government agencies, access e-government applications, and perform e-banking, or other future private applications.[58] Under the plan, every Belgian citizen would get an identification card with his or her name, photograph and two digital certificates. One would be used for authentication, the other as a digital signature to sign documents such as declarations or application forms, whci will have the same legal value as documents signed by hand.[59] In February 2003, the Parliament approved the introduction of BELPIC and the new chipcards were tested in 11 municipalities (communes) until September 2003.[60] After this test, the government decided to roll out the cards to about nine million citizens throughout the Belgian territory by the end of 2006.[61] The new ID card has been criticized by the Commission[62] and civil liberties organizations as presenting a serious threat to individuals' privacy.[63]Belgium is the first country in Europe to embed a digital signature in an ID card and to massively roll out ID smart cards at a national level.[64]

Belgium began a test program in May 2004 that will make it one of the first countries in the world to issue passports with an imbedded computer chip for personal information.[65] Initially, the chip will be used only for basic information, such as name, date-of-birth, and signature. However, it has the ability to store fingerprints, an iris scan and other biometrics. The new passports are expected to be distributed to the public early 2005.

A Law of December 19, 2003[66] implemented a framework decision of the Council of the European Union on the European arrest warrant.[67] Some of its provisions specifically cover cyber-crimes and pedopornography offenses.[68]

Voting is mandatory for those 18 years and older.[69] Voter registration lists are posted in polling locations on Election Day and may also be obtained for political campaign purposes.[70] Election administrators take an oath to maintain the secrecy of votes cast. Voters are guaranteed the right of secrecy of their vote.[71] In 1989, Belgium became the first nation in Europe to pursue electronic voting.[72] In 1994, a law was enacted that allows electronic voting. The direct recording electronic (DRE) system identified was used by 44 percent of voters in 2000. By 2003, an estimated three million votes were cast using electronic voting technology.[73]

The Constitution recognizes that "everyone has the right to consult any administrative document and to have a copy made, except in the cases and conditions stipulated by the laws, decrees, or regional council decrees.[74] There are freedom of information laws, implementing this constitutional right, on the right of access to administrative documents on the national,[75] regional,[76] and community levels.[77] The basic exemptions to the general rule of access are public security, the protection of fundamental rights, international interests, public order, security or defense, confidentiality, privacy, etc. Each jurisdiction has a Commission d'Accès aux Documents Administratifs that oversees the act.

Belgium is a member of the Council of Europe (CoE) and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention No. 108).[78] It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[79] It is a member of the Organization for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The government signed, but has not ratified, the CoE Convention on cybercrime in November 2001.

[1] Constitution of Belgium, available at <http://www.fed-parl.be/constitution_uk.html>.

[2] Cour de cassation, 26 September 1978.

[3] Act concerning the Protection of Privacy with regard to the Treatment of Personal Data Files, December 8, 1992, as amended by the Act of December 11, 1998 transposing EU Directive 95/46/CE of October 24, 1995, available at <http://www.law.kuleuven.ac.be/icri/papers/legislation/privacy/tabel/index.html>. An unofficial English translation is available at <http://www.law.kuleuven.ac.be/icri/papers/legislation/privacy/engels/>.

[4] <http://www.internet-observatory.be/>.

[5] Alain Jennotte, "Un Observatoire au chevet du Net," Le Soir, December 1, 2001, available at <http://www.lesoir.be>.

[6] Observatoire des Droits de l'Internet, "Pistes pour renforcer la confiance dans le commerce électronique", avis n°3 du 1er juin 2004, soumis à la Ministre fédérale de l'Economie, June 1, 2004, available at <http://www.droit-technologie.org/redirect.asp?type=legislation&legis_id=185&url=legislations/Observatoire_2_avis__01062004.pdf>.

[7] Observatoire des Droits de l'Internet, "Facteurs de succès de l'e-gouvernement," Avis n° 2 de décembre 2003, December 2003, available at <http://www.droit-technologie.org/redirect.asp?type=legislation&legis_id=173&url=legislations/avis_observ_egov.pdf>.

[8] Michel Walrave, e-Privacy.be, Protection des donnés en ligne: amelioration de la protection des données dans les sites Web belges, un an après l'entrée en vigueur de la 'nouvelle' Loi Vie Privée?, Katholieke Universiteit Leuven, January 2003, available at <http://www.droit-technologie.org/redirect.asp?type=dossier&dossier_id=92&url=dossiers/privacy_etude_walrave.pdf>.

[9] Commission de la protection de la vie privée homepage <http://www.privacy.fgov.be/>.

[10] Law of February 26, 2003 amending the Data Protection Act of 1992. The new law creates sector committees to control the compliance with data protection in some sectors, such as public administration, social security, national registry. The committees will work under the supervision of the Commission. Belgian report to the International working group on data protection in telecommunications – 34th meeting – Berlin, September 1 and 2, 2003, Ref.: 10/TM/2003/002/004/ACL.

[11] As of June 30, 2004, there were 23,883 records in the Commission's registry. E-mail from An Machtens, Conseiller POMIS, Commission de la protection de la vie privée, to Cédric Laurant, Policy Counsel, Electronic Privacy Information Center (EPIC), July 12, 2004 (on file with EPIC).

[12] E-mail from An Machtens, supra. In 1999 and 2000, that number averaged 800 per year. In 2001, this number increased to reach almost 1,100. Rapport d'activités de la Commission – 1999-2001, available at <http://www.privacy.fgov.be/publications/rapp_99-00-01.pdf> (last report available as of July 2004).

[13] Avis d'initiative n° 10/2000 du 3 avril 2000 relatif à la surveillance par l'employeur de l'utilisation du système informatique sur le lieu de travail, available at <http://www.privacy.fgov.be>.

[14] Avis d'initiative n° 34/99 relatif aux traitements d'images effectués en particulier par le biais de systèmes de vidéo-surveillance, December 13, 1999 <http://193.191.208.6/juris/jurfv.htm>; avis d'initiative n° 3/2000 relatif à l'utilisation de systèmes de vidéo-surveillance dans les halls d'immeubles à appartements, January 10, 2000, available at <http://193.191.208.6/juris/jurfv.htm>.

[15] Avis d'initiative n° 37/2001 of October 8, 2001 concernant l'enquête socio-économique 2001, available at <http://www.privacy.fgov.be>.

[16] Avis d'initiative n° 34/2000 of November 22, 2000 relatif à la protection de la vie privèe dans le cadre du commerce électronique, available at <http://www.privacy.fgov.be>.

[17] Commission de la protection de la vie privée, Marketing direct et protection des données personnelles," March 24, 2003, available at <http://www.privacy.fgov.be/publications/note_marketing.pdf>; see also Commission de la protection de la vie privée, Les droits des utilisateurs face aux courriers électroniques non-sollicités,

<http://www.privacy.fgov.be/publications/note_spam.htm>.

[18] Recommandation n° 01/2002 du 22 août 2002 sur l'enregistrement des télécommunications effectuées dans le cadre des services bancaires, available at <http://www.privacy.fgov.be>.

[19] Avis n° 07/2003 du 27 février 2003 sur l'utilisation des moyens de communications électroniques à des fins de propagande électorale, available at <http://www.privacy.fgov.be>.

[20] E-mail from An Machtens, supra.

[21] E-mail from Anne-Christine Lacoste, supra.

[22] The list was available at <http://www.check4rent.com>.

[23] Avis n° 52/2002 du 19 décembre 2002 relatif à la constitution d'un fichier externe des locataires défaillants, available at <http://193.191.208.6/juris/jurfv.htm>. See also Actualité en détail - « Liste noire » des locataires et avis de la Commission pour la protection de la vie privée, DroitBelge.Net, January 16, 2003 <http://www.droitbelge.be/actualites.asp?display=detail&id=86>.

[24] Commission de la protection de la vie privée, Le spam en Belgique – Etat des lieux en juillet 2003, July 4, 2003, available at <http://www.privacy.fgov.be/publications/spam_4-7-03_fr.pdf>.

[25] Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on Certain Legal Aspects of Information Society Services, in particular Electronic Commerce, in the Internal Market, available at <http://europa.eu.int/cgi-bin/eur-lex/udl.pl?REQUEST=Seek-Deliver&COLLECTION=oj&SERVICE=eurlex&LANGUAGE=en&DOCID=2000l178p0001>.

[26] Loi du 11 mars 2003 sur certains aspects juridiques des services de la société de l'information, Moniteur belge, March 17, 2003, at 12960-12970, available at <http://www.droit-technologie.org/3_1.asp?legislation_id=142>.

[27] See for more details Thibault Verbiest & Etienne Wéry, "Courriers électroniques non sollicités: le débat juridique n'est pas clos," Droit et Nouvelles Technologies, February 5, 2004 <http://www.droit-technologie.org/1_2.asp?actu_id=896>.

[28] For more information, see generally Thibault Verbiest, "La loi belge enfin adoptée !," Droit et Nouvelles Technologies, April 22, 2003 <http://www.droit-technologie.org/1_2.asp?actu_id=747>; and Jos Dumortier & Mieke Loncke, Ongevraagde reclame langs elektronische post, 21 Mediarecht, Telecommunicatie en telematica 43-74 (Mechelen 2003)

[29] Commission de la protection de la vie privée, Avis 48/2003, Plaintes relatives à la transmission de données à caractère personnel par certaines compagnies aériennes vers les Etats-Unis, December 18, 2003, available at <http://193.191.208.6/jurispdf/J/Z/03/C/JZ03CI4.pdf#Page1>.

[30] Loi du 30 juin 1994 relative à la protection de la vie privée contre les écoutes, la prise de connaissance et l'enregistrement de communications et de télécommunications privées, available at <http://www.cass.be/cgi_loi/legislation.pl>.

[31] "Ecoutes: une pratique décevante et flamande ! Le résultat judiciaire des écoutes téléphoniques est médiocre. La Chambre va modifier la donne," Le Soir, December 12, 1997, available at <http://www.lesoir.be>.

[32] The increase in wiretaps is partly due to the higher number of types of communications that the police is now able to intercept, from regular landline telephones, to mobile phones, SMS messages, fac-similes, satellite communications, e-mails, chat sessions, etc. Filip Verhoest, "'Meest geavanceerde' telefoontapkamer van Europa in gebruik genomen. Boeven afluisteren in stereo," May 13, 2003, De Standaard; see also Ricardo Gutiérrez, "La Belgique se dote de grandes oreilles," Le Soir, May 12, 2003, available at <http://www.lesoir.be/articles/a_03E4C3.asp>.

[33] Chapitre 17, Loi modifiant la loi du 21 mars 1991 portant réforme de certaines entreprises publiques économiques afin d'adapter le cadre réglementaire aux obligations en matière de libre concurrence et d'harmonisation sur le marché des télécommunications découlant des décisions de l'Union européenne, December 19, 1997, available at <http://www.cass.be/cgi_loi/legislation.pl>.

[34] Loi du 10 juin 1998 (adding Art. 88bis, 90ter et seq. to the Code of Criminal Procedure (Code d'instruction criminelle)), modifiant la loi du 30 juin 1994 relative à la protection de la vie privée contre les écoutes, la prise de connaissance et l'enregistrement de communications et de télécommunications privées, June 10, 1998, available at <http://www.cass.be/cgi_loi/legislation.pl>; see "Le GSM en toute sécurité ? Pas sûr," Le Soir, February 20, 1998, available at <http://www.lesoir.be>.

[35] The European Commission made strong critiques of the law before its enactment. However, most of its critiques were not addressed, and most of them rejected without adequate motivation. Some of the European Commission's critiques mentioned that the law was too vague and could not be considered a "law" pursuant to current case law of the European Court of Human Rights (ECtHR). The European institution also specified that the law, by not restricting the strictures within which the government has to implement data retention measures, is too vague and gives the government carte blanche to act in a discretionary fashion. According to the European Commission, the data retention provision of the Belgian law is also disproportionate with respect to the Court of Justice of the European Community's case law. One has to note that, even though the new EU Directive on Privacy and Electronic Communications allows EU Member States to allow data retention for a reasonable period, the Belgian law, as it is now written, could be considered in violation of current ECtHR's case law. For more information, see European Commission, Opinion regarding Belgian bill on computer crime ("Notification 2000/151/B – Projet de loi relatif à la criminalité informatique – Emission d'un avis circonstancié au sens de l'article 9, paragraphe 2 de la Directive 98/34/CE du 22 juin 1998 – Emission d'observations au sens de l'article 8, paragraphe 2 de la directive 98/34/CE"), June 2000, appended to the Parliamentary report of the Justice Commission, Chamber of Representatives of the Belgian Parliament, October 19, 2000, DOC 50 0213/011.

[36] Arrêté royal du 9 janvier 2003 portant exécution des articles 46bis, § 2, alinéa 1er, 88bis, § 2, alinéas 1er et 3, et 90quater, § 2, alinéa 3, du Code d'instruction criminelle ainsi que de l'article 109ter, E, § 2, de la loi du 21 mars 1991 portant réforme de certaines entreprises publiques économiques, available at <http://www.just.fgov.be/cgi/article_body.pl?language=fr&caller=summary&pub_date=2003-02-10&numac=2003009111>.For more information, see generally P. Van Eecke & J. Dumortier, Elektronische Handel (Die Keure, Brugge 2003).

[37] Available at <http://www.droit-technologie.org/redirect.asp?type=legislation&legis_id=188&url=legislations/projet_be-paquetelecom.pdf>. The exposé des motifs is available at <http://www.droit-technologie.org/redirect.asp?type=legislation&legis_id=188&url=legislations/paquettelecom_be_%20exposemotifs.pdf>.

[38] Commission de la protection de la vie privée, Avis No. 08/2004 du 14 juin 2004 sur l'avant projet de loi relatif aux communications électroniques, June 14, 2004, available at <http://www.droit-technologie.org/redirect.asp?type=legislation&legis_id=195&url=legislations/avis_paquet_telecoms_vieprivee.pdf>. See also Janice Dervaux & Thibault Verbiest, Projet de loi sur les communications électroniques: avis du Conseil d'Etat et de la Commission vie privée, August 5, 2004 <http://www.droit-technologie.org/1_2.asp?actu_id=968>.

[39] Loi du 28 novembre 2000 relative à la criminalité informatique, Moniteur belge, February 3, 2001, available at <http://www.cass.be/cgi_loi/legislation.pl>.

[40] See Jeoffrey Vigneron, Pour la première fois, un juge belge applique la "nouvelle" loi sur la cybercriminalité, January 26, 2004 <http://www.droit-technologie.org/1_2.asp?actu_id=881>.

[41] Opinion n° 33/99 de la Commission de la protection de la vie privée, available at <http://www.privacy.fgov.be/>.

[42] The wording of the law is so vague that a decree might prohibit any kind of anonymization software, the use of proxies by ISPs, since they all make the identification or tracking of communications "difficult," Etienne Wéry, "Surfer anonymement devient illegal en Belgique", March 18, 2002 <www.droit-technologie.org/fr/1_2.asp?actu_id=553>.

[43] Arrêté royal rendant obligatoire la Convention Collective de Travail no. 81 du 26 avril 2002, conclue au sein du Conseil National du travail, relative à la protection de la vie privée des travailleurs à l'égard du contrôle des données de communication électroniques en réseau, Moniteur belge, 29489-29501, available at <http://www.droit-technologie.org/redirect.asp?type=legislation&legis_id=120&url=legislations/AR_120602_rendant_obligatoire_CCT_81_cybersurveillance_travailleurs.pdf>.

[44] See Bertrand Géradin, La convention collective de travail relative à la protection de la vie privée des travailleurs à l'égard du contrôle des données des communications électroniques en réseau du 26 avril 2002, June 14, 2002 <http://www.droit-technologie.org/redirect.asp?type=dossier&dossier_id=77&url=dossiers/analyse_CCT81_260402.pdf>.

[45] Commission de la protection de la vie privée, Avis d'initiative relatif à la surveillance par l'employeur de l'utilisation du système informatique sur le lieu de travail, avis n° 10/2000, April 3, 2000, available at <http://www.privacy.fgov.be>.

[46] Convention Collective de Travail n° 68 relative à la protection de la vie privée des travailleurs à l'égard de la surveillance par cameras sur le lieu de travail (June 16, 1998), available at <http://www.privacy.fgov.be/textes_normatifs/cct-68_FR.pdf>.

[47] See Loi du 22 août 2002 relative aux droits du patient (Law on Patient's Rights of August 22, 2002), available at <http://www.cass.be/cgi_loi/legislation.pl>; see also Dominique Mayerus & Pascal Staquet, Actualité en détail: La loi du 22 août 2002 relative aux droits du patient, DroitBelge.Net, October 8, 2002 <http://www.droitbelge.be/actualites.asp?display=detail&id=81>.

[48] Loi du 12 juin 1991 relative au crédit à la consommation, available at <http://www.privacy.fgov.be/textes_normatifs/loicrdit.PDF> ; l'arrêté royal du 11 janvier 1993 modifiant l'arrêté royal du 20 novembre 1992 relatif à l'enregistrement par la Banque Nationale de Belgique des défauts de paiement en matière de crédit à la consommation, available at <http://www.cass.be/cgi_loi/legislation.pl>.

[49] Loi du 15 janvier 1990 relative à l'institution et à l'organisation d'une banque-carrefour de la sécurité sociale. Modified by the loi du 29 avril 1996, available at <http://www.privacy.fgov.be/textes_normatifs/loicarrefour.PDF>.

[50] Loi du 30 juillet 1991, available at <http://www.users.skynet.be/psetranger/moniteur.htm>.

[51] Loi du 8 août 1993: le registre national, available at <http://www.privacy.fgov.be/textes_normatifs/loiregistre.PDF>.

[52] Article 458 of the Penal Code.

[53] See Roger Blanpain, Employee Privacy Issues: Belgian Report, 17 Comp. Lab. L. 38, Fall 1995. The employer generally has no right to obtain medical information from his employee, unless the information is absolutely necessary for the appropriate fulfillment of the employee's obligations under the employment contract.

[54] Olivier Van Vaerenbergh, "L'IFPI poursuit, mais la justice renâcle – Napster: plaintes en Belgique," Le Soir, February 16, 2000, available at <http://www.lesoir.be>.

[55] Avis No. 44/2001 of November 12, 2001, Avis d'initiative concernant la compatibilité de la recherché d'infractions au droit d'auteur commises sur Internet avec les dispositions juridiques protégeant les données à caractère personnel et les télécommunications, available at <http://www.privacy.fgov.be>. For comments : Etienne Wéry, "La Commision vie privée n'aime pas les manières de l'IFPI de traquer les pirates sur l'internet" (December 17, 2001) <http://www.droit-technologie.org/1_2_1.asp?actu_id=497>.

[56] The Commission de protection de la vie privée found that IFPI had violated Belgian data protection law of December 8, 1992, Belgian telecommunications privacy laws, and EU Directive 2000/31/EC on electronic commerce. See Avis No. 44/2001, supra.

[57] Région wallonne, Le projet BELPIC, July 20, 2004 <http://egov.wallonie.be/pa030401.htm>. See also Hervé Feuillien, E-Government en Région de Bruxelles-Capitale, December 4-5, 2003 <http://www.cities-lyon.org/fr/articles/227>.

[58] TB6/SINCE Interoperability Group, Open Smart Cards Infrastructure for Europe, eESC Common Specifications v2; Volume - Part 3, February 18, 2004 <http://www.eurosmart.com/Update/Download/February04/SINCE_survey.pdf>.

[59] The signature file on the card would ostensibly be required when conducting transactions with the government, banks, and other public or private entities, including the payment of taxes and electronic voting. BELPIC contains several digital keys to enable remote identification via the Internet, and personal data on the chip are secured via a public key infrastructure (PKI). Children would also receive their own cards although without the signature feature. See "Belgium Plans Digital ID Cards," BBC News Online, October 4, 2003, <http://news.bbc.co.uk/hi/technology/2295433.stm>; EDRI-gram, No. 3, February 26, 2003. See also TB6/SINCE Interoperability Group, supra.

[60] If the pilot succeeds, all inhabitants of Belgium will have an electronic ID within five years. See also Sun press release, April 10, 2003 <http://www.sun.com/smi/Press/sunflash/2003-04/sunflash.20030410.2.html>.

[61] La Belgique adopte la carte d'identité électronique, NetEconomie.com, September 7, 2004 <http://www.neteconomie.com/perl/navig.pl/neteconomie/infos/article/20040907185201>.

[62] The data protection authority noted that it was still unclear how the government answers several important privacy concerns due to the uncertainty of many aspects of the project and the information that the Commission has so far been provided with from the government. Avis n° 08/2003 du 27 février 2003 sur deux projets d'arrêté royal en exécution de la loi du … modifiant la loi du 8 août 1983 organisant un Registre National des personnes physiques et la loi du 19 juillet 1991 relative aux registres de population et aux cartes d'identité, available at <http://193.191.208.6/juris/jurfv.htm>; see also avis n° 19/2002 du 10 juin 2002 sur le projet de loi modifiant la loi du 8 août 1983 organisant un Registre national des personnes physiques et la loi du 19 juillet 1991 relative aux registres de la population et modifiant la loi du 8 août 1983 organisant un Registre national des personnes physiques, le projet d'arrêté royal relatif aux cartes d'identité et le projet d'arrêté royal portant mesures transitoires en ce qui concerne la carte d'identité électronique en Belgique, available at <http://193.191.208.6/juris/jurfv.htm>.

[63] Critics have asserted that the e-commerce identity of Internet users should not be linked to day-to-day authentication, that integration of data damages the integrity and rights of users, and that the fact that the Belgian government had had to hand the project to a private company (security firm Ubizen) jeopardized citizens' privacy rights. "Belgium Plans Digital ID Cards," supra.

[64] "Belgium Plans Digital ID Cards," supra, and TB6/SINCE Interoperability Group, supra.

[65] BBC Worldwide Monitoring, "Passport Acquires Chip," May 19, 2004.

[66] Loi du 19 décembre 2003 relative au mandat d'arrêt européen, Moniteur belge, December 22, 2003, at 60075, available at <http://www.droit-technologie.org/redirect.asp?type=legislation&legis_id=172&url=legislations/loi_191203_mandat_arret_europeen_belgique.pdf>.

[67] Council Framework Decision of June 13, 2002 on the European arrest warrant and the surrender procedures between Member States (2002/584/JHA), OJEC, 18.7.2002, L 190/1, at 0001 – 0020, available at <http://europa.eu.int/eur-lex/pri/en/oj/dat/2002/l_190/l_19020020718en00010018.pdf>. The Framework Decision's objective has been for the EU to abolish the formal extradition procedure between Member States and replace it by a system of surrender between judicial authorities. This new legal framework aims at replacing traditional cooperation relations between Member States by a system of free movement of judicial decisions in criminal matters, covering both pre-sentence and final decisions.

[68] See Etienne Wéry, La Belgique adopte le mandat d'arrêt européen: cybercriminalité et pédopornographie sont en point de mire," January 9, 2004 <http://www.droit-technologie.org/1_2.asp?actu_id=874>.

[69] CIA Country Fact Book Online, available at <http://www.cia.gov/cia/publications/factbook/geos/af.html#Govt>.

[70] European Commission, CyberVote Report, Contract number IST-1999-20338, Project: Cybervote, June 1, 2001 available at <http://www.eucybervote.org/MSI-WP6-D21-v1.0.pdf>.

[71] Belgian Constitution, Article 55, available at <http://www.oefre.unibe.ch/law/icl/be00000_.html>.

[73] "Belgian National Elections on May 18, 2003 - Over 3.2 Million Belgians Voted Electronically," M2 Presswire, May 23, 2003.

[74] Constitution of Belgium, 1994 <http://www.uni-wuerzburg.de/law/be00000_.html>, <http://www.fed-parl.be/constitution_uk.html>.

[75] Loi du 11 avril 1994 relative à la publicité de l'administration ; loi du 12 novembre 1997 relative à la publicité de l'administration dans les provinces et les communes, available at <http://www.cass.be/cgi_loi/legislation.pl>.

[76] Région flamande (Flemish Region), Décret relatif à la publicité de l'administration, May 18, 1999), Moniteur belge, June 15, 1999; Région wallonne (Walloon Region), Décret relatif à la publicité de l'administration dans les intercommunales wallonne, March 7, 2001, Moniteur belge, March 20, 2001; Région wallonne (Walloon Region), Décret relatif à la publicité de l'Administration, March 30, 1995, Moniteur belge, June 28, 1995; available at <http://www.cass.be/cgi_loi/legislation.pl>.

[77] Commission Communautaire Commune de Bruxelles-Capitale, Ordonnance relative à la publicité de l'administration, June 26, 1997; Commission communautaire française, Décret relatif à la publicité de l'administration, July 11, 1996, Moniteur belge, August 27, 1996.

[78] Signed May 7, 1982; ratified May 28, 1993; entered into force September 1, 1993, available at <http://conventions.coe.int/>.

[79] <http://conventions.coe.int/>.