Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


IV. Governance issues


The Flemish community adopted a decree relating to the administrative electronic exchange of information that provides a legal framework for the organisation of e-government.1 Its most essential features are the use of authentic sources and the single collection of information. A Flemish control authority will be established and issue authorisations so that public authorities can start exchanging information. Other provisions include the obligation to take organisational and technical security measures, maintain data accuracy, and appoint a security consultant under some circumstances.

Voting privacy

Voting is mandatory for those 18 years and older.2 The laws regarding voting, enacted in 1919 and amended to include women in 1949, are strictly enforced.3 Non-voting requires an acceptable explanation and may result in a fine, imprisonment, loss of civil rights, disenfranchisement, or a block on employment in the public sector.4 Voter registration lists are publicly posted in polling locations on Election Day and may also be obtained for political campaign purposes.5 Election administrators take an oath to maintain the secrecy of the ballots cast. Voters are guaranteed the right of secrecy of their vote.6 In 1989, Belgium became one of the first countries to use electronic means of casting ballots in public elections.7 In 1991, experiments began with the use of electronic voting machines at polling locations.8 The Election Law was amended by the Act of April 11, 1994 to allow a "system of electronic voting" and was amended again on December 18, 1998 to allow "automated" voting.9 The Federal Council of Ministers Rulings of June 20 and July 18, 1997 formally endorsed the adoption of electronic voting. By 1999, 40 percent of voters participating in Belgium's public elections used electronic voting machines.10 The direct recording electronic (DRE) system identified was used by 44 percent of voters in 2000. By 2003, an estimated 3 million votes were cast using electronic voting technology.11 The expiration of the maintenance contract of the voting machines at the end of 2008, together with the recommendations of the OSCE to implement a ticketing system, pushed the Belgian State to look for a renewed e-voting system. A study was commissioned from a consortium of universities to assess the e-voting systems in place in other countries and suggest a new one for Belgium.12 The consortium came back with two proposals: one for general elections based on ticketing, where a bar code or RFID chip would be printed on a paper ballot in order to facilitate recounts; and another to gather the votes cast by Belgians living abroad based on homomorphic encryption (Internet voting). Both systems ensure the anonymity of the ballots cast.

Open government

The Constitution recognises that "everyone has the right to consult any administrative document and have a copy made, except in the cases and conditions stipulated by laws, decrees, or regional council decrees (i.e., the "rulings referred to in Article 134").13 Freedom of information laws implement this constitutional right as well as the right of access to administrative documents on the federal,14 regional,15 community,16 provincial, and municipal levels.17 The basic exemptions to the general rule of access are public security, the protection of fundamental rights, international interests, public order, security or defence, confidentiality, and privacy. Each jurisdiction has a Commission of Access to Administrative Documents (Commission d'Accès aux Documents Administratifs, or CADA) that oversees the Act. Citizens can appeal refusals of information requests to the administrative agency, which in turn requests advice from the CADA. The CADA issues advisory opinions both on request and on its own initiative. Information seekers can then pursue a limited judicial appeal to the Counsel of State (Conseil d'Etat).18 At the federal level, each public authority is required to provide a description of its functions and organisation, and must have an information officer.19 The Law on Protection of Personal Data gives individuals the right to access and correct files about themselves that public and private entities hold, and is enforced by the Commission for the Protection of Private Life. Access to administrative documents that contain personal information is regulated by the Law of April 11, 1994.

Other developments

Two months after the new data protection regime came into effect, the government announced that it had put in place an Internet Rights Observatory (Observatoire des droits de l'Internet)20 to better assess and analyse the impact of the Internet on the economy and consumer protection. The Observatory aims, through its composition, to be an open forum for all Internet stakeholders, and will issue advisory opinions and annual reports, organise a dialogue between economic actors, and inform the public.21 The Observatory has released reports on the protection of minors on the Internet,22 e-commerce,23 e-government,24 Voice over IP,25 the right of reply in the media,26 and cyber-harassment.27

Since 1998, the Commission has been called upon several times to determine the legality of "blacklists", ranging from casinos' lists of cheaters to insurance companies' lists of bad debtors and bad risks. In 2002, the Commission was asked to assess whether publication on the Internet of a blacklist of renters by the National Association of Property Owners (Syndicat National des Propriétaires) was legal.28 In its opinion, the Data Protection Authority found the database illegal under the Data Protection Act, and stated that it required prior legislative action to authorise it – if it were to be authorised – and determine the conditions of access.29 In 2005, the Commission was asked to deliver an opinion concerning the legality of blacklists in the private sector. The Commission recommended that they be regulated by law, especially where they are likely to violate a fundamental right or restrain access to an "essential service." In the latter case, the Commission should authorise the establishment of blacklists only upon prior approval. Where the lists process sensitive data (e.g., medical data), they should be regulated by a specific law and strictly follow the provisions of the Law on Protection of Personal Data.30 In 2008, a legislative proposal on blacklists was introduced in the Parliament, on which the Commission has given its advice.31 The Commission also advocates prior legal authorisation for more sensitive blacklists, such as those that include minors or that cross sectors. Blacklists by themselves are seen as an interference with privacy because they trigger high risks of discrimination and limit the freedom to enter into contractual relationships. The Commission moreover recommended that the law define more precisely the purposes for which blacklists could be promulgated. References to "fight against fraud" or "security" are too general to effectively frame the use of blacklists. This legislative proposal has since been abandoned.

In November 2007, the Commission issued a guideline on the redistribution of visual materials and the application of privacy law to photographs, movies and publications.32

Non-government organisations' advocacy work

In 2009, a group of Belgian human rights groups, Internet and telecommunications users, and journalists, physicians, and bar associations33 launched a campaign against data retention in which they call upon the legislator not to transpose the EU Data Retention Directive (2006/24/EC) into Belgian law.34 This legal instrument mandates that all EU Member States transpose into national legislation the obligation for all telecommunications companies and Internet service providers to retain some of their customers' communications and location data ("traffic data") for up to two years. They also asked the government to improve that Directive and launched a petition open to every concerned individual.35

The Human Rights League (Liga voor Mensenrechten) organised a campaign in 2010 that offered people the chance to "fight back and regain their privacy".36 Numerous activities were organised, such as guided "privacy walks", street events, classes, and video camera spotting.37 It ended on 17 November 2010 with the Belgian version of the "Big Brother Awards"; the overall winner was the EU Data Retention Directive (2006/24/EC).38 Other nominees for the award, all branded as violating Belgians' right to privacy, included an increasingly pervasive CCTV surveillance project in a city on the Belgian coast, the Brussels transportation company (STIB)'s new "MoBIB" RFID card,39 inquiries conducted by Antwerp city police agents into unconsummated marriages or marriages of convenience, police and judicial authorities' use of airline companies' passenger data (the so-called "passenger name records"), an owner association's collection practices vis-à -vis tenants looking for accommodation, and the handling of a debtors' database (schuldencentrale) by the private credit reference agency (Beroepsvereniging voor het Krediet).40

International obligations and International cooperation

Belgium is a member of the Council of Europe (CoE) and has signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention No. 108).41 It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.42 It is a member of the Organisation for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The government has signed, but not ratified, the CoE Convention on Cybercrime.43 In 2007, Belgium ratified the Protocol amending the European Convention on the Suppression of Terrorism.44