D11.6: Survey on Mobile Identity

The legal framework for LBS in Europe INNOVATIVE FLOATING CAR DATA PROJECT

The Ministry of the Flemish Community (Ministerie van de Vlaamse Gemeenschap) initiated in September 2004 along with the Belgian mobile telephone operator Proximus and the UK-based company ITIS Holdings plc, which is specialising in traffic information, a project on Floating Car Data in Flanders. Floating Car Data (FCD) is a method to determine the traffic speed on the road network, which can be realised through the use of several technologies, like CDMA, GSM, UMTS and GPRS.

The project was conducted in the region of Antwerp due to the extensive road works that were taking place at the city ringroad at that time. During the validation phase of the project, which ended in January 2006, it was examined whether the collection of anonymous traffic and location data through the monitoring of the mobile phones that are inside a vehicle could give accurate traffic information and estimated travel time. This technology can be very useful in places where there are no detection loops or cameras, for instance.

The floating vehicle technology (Estimotion) developed by ITIS Holdings plc was used for the gathering the actual data, and these were further analysed by the Traffic Centre of Flanders (Verkeerscentrum Vlaanderen) for their accuracy and their added value to traffic management. The technology used anonymous data of active mobile phones in vehicles. Although during the project no information about the origin and the destination of the vehicles was derived from the traffic data, such information can be obtained after modifying the software, according to ITIS Holdings plc.

Since the collected data – even if a modification of the software is needed for this – can reveal data relative to the origin and the destination of the mobile user, they can be considered as personal data and their processing must follow the principles set out by the Belgian privacy law. The use of location and traffic data for the scope of this project are in fact a secondary processing of personal data and should be based on a legal ground, such as the consent of the user or the public interest. The fact that the Ministry of the Flemish Community is also involved in the project could justify the necessity of processing of the data for the public good. In this case the processing of the data could be based on Art. 5(e) of the Data Protection Act claiming the fulfilment of a task of public interest.

The actual results of the project showed that when the traffic flow was free, the prediction was mostly accurate, while in congested conditions the absolute values for the predicted travel times were not accurate, but rather optimistic. However it should be mentioned that in general the technology was able to detect in a quite accurate way the traffic trends over time per road segment. The data collected during this project are kept in a database and can be used for subsequent traffic analysis.

1. 1. 1. Processing of location data with purpose of law enforcement

         1. Location data in the Criminal Proceedings Code

In the course of the criminal procedure three different measures are foreseen with regard to private communications and telecommunications. The public prosecutor (procureur des Konings) has the power to oblige an operator to provide him with the identification data of the regular user of a telecommunications service (Art. 46 Criminal Proceedings Code (Wetboek van Strafvordering)). Secondly, article 88bis Criminal Proceedings Code contains the procedure according to which the examining magistrate (onderzoeksrechter) can oblige operators to provide him with communications data or the data revealing the origin and the destination of a communication (not only location data but also the data revealing the day, time and duration).

Finally, the Belgian legislation allows the eavesdropping, examination, and recording of private communications and telecommunications for the investigation of specific criminal offences. The procedure, which is carried out under the supervision of the examining magistrate, is described in articles 90ter until 90decies of the Criminal Proceedings Code. These articles specify the criminal offences for the investigation of which the eavesdropping, examination, and recording of private communications and telecommunications can be allowed and describe the procedure to be followed.

1. 1. 1. 1. Data retention

Furthermore, Article 126 of the Electronic Communications Act stipulates that the provider of electronic communications services or networks (including resellers) shall retain the ‘traffic data’ and ‘identification data’ of end-users for a period between 12 and 36 months. For the enforcement of the obligation of the providers to retain the data a royal decree is currently under preparation and will soon be adopted. The decree will need to define the exact retention period and under what conditions the providers will register and retain the aforementioned data. This will be allowed for the investigation and prosecution of criminal acts, for the tracking of malicious calls to emergency services and to enable the research of the Ombudsman for Telecommunications [ombudsdienst voor telecommunicatie] in revealing the identity of people making improper use of electronic communications services or networks. However, it is still too soon to know the exact scope of the data retention obligation, and for instance whether Telecommunication Operators will be compelled to store the location data of a mobile phone in standby mode.

It is worth mentioning that Art. 127 of the Electronic Communications Act allows the King to determine the technical and administrative measures to be imposed on operators or end users, in order to be able to identify the calling line in cases of emergency calls as well as for the investigation of specific crimes. The second paragraph of the article states that the supply or the use of a service or a device that hinders or prevents the aforementioned actions are prohibited. Exception to this rule could be established for encryption systems that can be used to guarantee the confidentiality of communications and the safety of payment. However, such rules have not yet been established by the King, an action that could raise several discussions regarding anonymity.  

1. 1. 1. 1. Electronic monitoring of offenders

After being in an experimentation phase since 1996 as a modality of execution of prison term, penal electronic monitoring was extended to prisons throughout the country in July 1999. Ministerial Circular letters have defined the modalities of application of monitoring. The penal electronic monitoring procedure has thus been entirely controlled by the Executive power. A Center for Electronic Monitoring has been created in 2000 and is in charge of the monitoring and the following-up of offenders.  

This situation has been heavily criticised because of opaqueness and legal uncertainty. This has led to the approval of a specific legal framework in 2006, which has created a specific tribunal in charge of the application of sentences (Tribunal d’application des peines) and which will deal with the requests of penal electronic monitoring.

Penal electronic monitoring in Belgium is conceived as an alternative to a prison term and can be only accorded to certain offenders: 

1. offenders in a position to obtain a conditional release after six months, 

2. offenders sentenced to a total prison term of a maximum of three years, and 

3. offenders able to support themselves, who have a home and a fixed telephone line. 

The offender should request to be placed under electronic monitoring. This is considered as a guarantee of human dignity. Moreover, the consent of the co-habitants is requested.  

The actual system of penal monitoring is based on a radio frequency technology. The bracelet of the offender detects whether he stays in the authorised area. More sophisticated systems of monitoring, which would allow controlling an offender through a voice check system, consumption of alcoholised beverages or real time localisation are planned to be introduced. However, because they can be perceived as ‘security drifts’, a first test period will precede their implementation.

It should be highlighted that there is no specific data protection provision in the law, nor any previous consultation of the Privacy Commission foreseen before the implementation of new methods of penal electronic monitoring. It seems that the legislation relies on the previous request of the offender in order to legitimate the processing of personal data. It follows that the general rules of the Data Protection Act as described above will apply.  

Finally, a law proposal introduced after the murder of two girls of 7 and 10 years during the summer 2006 should be mentioned. This proposal suggests the physical implementation of a chip into certain sexual criminals after their release, whereby they are put at the disposal of the government in order to be able to localise them at any moment. A specific committee constituting doctors, psychiatrists and specialised psychologists would control this procedure and such decisions. The justification of this measure into Belgian Law is based on the importance of the early intervention of police services in case of children kidnapping. The proposal concludes that only this technology can ensure enough rapidity of police action, as it enables the localisation of the sexual criminal with the chip present in the perimeter of the attack. Moreover, this measure is presented as facilitating the rehabilitation of the individual as it is invisible. Once again, no specific data protection provision is included in the proposal in order to asses the concerns raised relative to the right to private life of the individual put under surveillance and of his or her freedom to come and go anonymously.