Co-Operation ObligationforOperatorsandServiceProviders

01 October 2002

Raphaël Bailly

The “Telecom Act” (Act of 21 March 1991 on the reform of certain economic public enterprises, Belgian State Gazette, 27 March 1991, as amended) and the Code of Criminal Procedure (Articles 88(a) and 90(b) et seq.) since 1994 (law of 21 December 1994, Belgian State Gazette, 23 December 1994) impose obligations on network operators and services providers to co-operate with the Public Prosecutor under certain circumstances.

It is further provided however that a Royal Decree would be required to “determine the technical tools by which the telecommunication network operators and the providers of the telecommunication services, possibly together, must allow the finding, the localisation, the listening in, the recording and the tapping of private telecommunications under the conditions of (…) the Code of Criminal Procedure” (see Article 109(c)(E)(2)(1) of the Telecom Act).

Such a draft Royal Decree was proposed at the Council of Ministers on 20 March 2002, and was notified to the European Commission on 2 April 2002. This draft is still under discussion, in particular because of the implications for the protection of privacy (an opinion from the Belgian Privacy Commission is required). It is expected that the Royal Decree will be adopted by the end of this year.

The draft Royal Decree provides that, on the request of the Public Prosecutor, data must be communicated by the operator or service provider in Belgium, in accordance with the methods laid down in the request of the Public Prosecutor.

As an example, for Internet service providers having activities in Belgium, the data to be supplied at the request of the Public Prosecutor must meet the following working requirements:

“communication of:

a) the IP address, allocated permanently or temporarily;
b) for connections via a telephone line: the number of the caller;
c) for other Internet connection methods: identification of the user and, if possible, of the exact location of the connection to the Internet service provider;
d) for connections via a telephone line: the volume of data of incoming communications and of outgoing communications;
e) the date of the communication, including the day, month and year;
f) the time of the start and end, and the duration of the connection, showing
hours, minutes and seconds on the 24 hour clock (…)” (Article 7(2)(4)).

A subsequent amendment to the Telecom Act (by the law of 10 June 1998, Belgian State Gazette, 22 September 1998) added that a Royal Decree would be required to determine the level of participation in the investment, exploitation and maintenance costs for such tools, which the telecommunications operators and service providers should bear.

The draft Royal Decree referred to above fulfils this purpose, containing provisions on the level of participation from the operators and providers.

It proposes that “investment, operation and maintenance costs incurred by the technical resources used by telecommunications network operators and telecommunications service providers in implementation of this Decree shall be borne by said operators and providers”, and that “investment, operation and maintenance costs incurred by the technical resources used by the legal authorities in implementation of this Decree shall be borne by the Ministry for Justice”. The only compensation operators and service providers shall obtain in exchange for their collaboration within the framework of the Royal Decree appears in an annex to the Royal Decree, where several lump sum allowances are provided.

The abovementioned obligations apply to telecommunications network operators as well as to telecommunications service providers. Article 68, 4° of the Telecom Act defines “telecommunications” as “any transmission, emission, reception of signs, signals, documents, images, sounds, data of any nature, per wire, radio-electricity, optical signalisation or any other electro-magnetic system”. Article 68, 19° of the same Act defines “telecommunications services” as “any service consisting, in whole or in part, in the transmission and conveyance of signals via the telecommunications networks, except radiobroadcasting and television, which is a very broad definition of “telecommunications service”. Any service that falls under this definition would fall under the co-operation obligation. A Royal Decree of 20 April 1999 regarding the categories of telecommunication services for which operation conditions apply (Belgian State Gazette, 21 July 1999) defines a category of telecommunications services in the sense of article 90 of the Telecom Act as “data services”, i.e. “services consisting of the transmission, the switching or the processing of data destined for being sent via a telecommunications network”. A communication of the Belgian National Regulation Authority (the BIPT) applicable since 21 July 1999 specifies that “data services” include “internet access”, “EDI”, “managed bandwidth services”, “videoconferencing”, etc.

Therefore, the co-operation obligations set forth in the Telecom Act and discussed in above mentioned draft Royal Decree could apply to any of the relevant service providers, although authors seem to suggest that the obligation is aimed at applying to access providers rather than to service providers. The Ministry of Justice confirmed that the link between user and access provider is what, in particular, was being aimed at but that in any case it will be the Royal Decree which finally specifies the providers to which the co-operation obligation applies.

Finally, let us mention that another law, the law of 28 November 2000 on computer crime (Belgian State Gazette, 3 February 2001), in force since 13 February 2001, introduced additional clauses in Article 109(c)E(2) of the Telecom Act, providing a data retention obligation for providers. The retention would have effect during not less than 12 months, according to the amended Telecom Act. Yet another Royal Decree, also expected to be adopted before the end of this year, will determine more precisely the obligations of the operators and service providers as far as data retention is concerned.