Data Retention Rules in Belgium: uncertainty remains after third Constitutional Court ruling

The debate surrounding Belgium’s data retention legislation is far from over, despite recent decisions by the Constitutional Court. While some elements of the law have been upheld, the future of this legislation now hinges on the rulings of the European Court of Justice (ECJ) regarding the remaining contested sections. ISPA Belgium is closely following these developments as they have a direct impact on our members and the broader internet ecosystem in Belgium.

A long legal journey

Belgium’s data retention law, which seeks to comply with a European directive aimed at retaining mobile phone data, has faced significant legal hurdles over the years. In 2015, the Belgian Constitutional Court annulled the original legislation, deeming it too vague after a legal challenge by the Human Rights League, among others. A second attempt in 2021 was also struck down by the Court.

Now, the latest ruling by the Constitutional Court on the 2022 version of the data retention law shows some movement in the right direction. Certain key aspects were approved this time, including the concept of targeted data retention within specific geographical zones, also known as differentiated data retention. This provision allows for data retention in zones where there is heightened risk of serious crime or threats to public safety, a change from earlier laws that treated the entire country as a single entity.

Concerns remain

It is true that some legal guidelines have been established, providing much-needed reassurance for the ISP sector. However, with some aspects of the law still lacking clarity, unresolved issues pose technical challenges and create legal uncertainty for the internet ecosystem.

As a matter of fact, the future of Belgium’s data retention framework is still undecided. The Constitutional Court has referred several questions to the ECJ for clarification, particularly around how the EU Charter of Fundamental Rights should be interpreted in this context.

Striking the balance

A major area of concern for Belgian ISPs remains the issue of retaining geolocation data by mobile network operators. While the need for balance between ensuring public safety and upholding fundamental rights is recognised, the outcome of the ECJ rulings will play a decisive role in shaping how this balance is achieved, also on this aspect.

Conclusion

The legal landscape for data retention in Belgium continues to evolve, with both progress and uncertainties on the horizon. The focus of ISPA Belgium is to remain engaged in these discussions, and to ensure that the rights of citizens are respected while addressing the technical and legal challenges that our members face. As we await further developments from the ECJ, our commitment to advocating for balanced and effective policies remains steadfast.

It is crucial that the need to combat crime does not come at the cost of citizens’ fundamental right to privacy. ISPA remains committed to advocating for balanced, well-defined legislation that safeguards both public security and privacy.

ISPA Belgium

EuroISPA Council Member

EuroISPA General Meeting in Brussels: a recap

Brussels, September 23-24, 2024

Last week, the EuroISPA community travelled to Brussels for the third General Meeting of the year, gathering Council and Forum members, Board Officers and Secretariat, in the EuroISPA offices.

With the European elections now behind us, a new insitutional and political scenario slowly forming, and an entire EU agenda still to shape, our members gathered to discuss the next steps for EuroISPA to expand its connections with newly-elected EU policymakers and contribute to new (and old) policy files that will be on the agenda in the next months.

The two-day meeting covered:

📌 The confirmation of Whalebone as a new EuroISPA Industry Forum member

📌 An analsys of the proposed new college of Commissioners and what this means for EuroISPA’s activities

📌 EuroISPA’s engagement strategy to approach new policymakers and share our messages for the new EU mandate

📌 Exchange on several EuroISPA statements on topics such as sustainability, GDPR, AI, CSAM and payments.

Finally, we had the pleasure of welcoming several guest speakers:

  • Eric Ducoulombier, Head of Unit B3 on Retail Financial services, DG FISMA, European Commission, on addressing impersonation fraud in payments, with a focus on cooperation, consumer awareness, and liability
  • Dan Nechita, Head of Cabinet of Dragoş Tudorache and Lead technical negotiator for the AI Act in the 9th European Parliament, on the challenges and opportunities for the Internet industry and the role of the AI Office after the adoption of the AI Act
  • Anja Wyrobek, Advisor to MEP Birgit Sippel, LIBE Committee, on the future of privacy and data for the Internet industry and the interplay with AI

The next EuroISPA General Meeting will be held in Brussels in November – stay tuned!

PRESS RELEASE: EuroISPA welcomes new member, Whalebone

Brussels, 25 September 2024 EuroISPA, the pan-European association of Internet Services Providers Associations welcomes a new Forum member: Whalebone, a Czech developer of user-centric cybersecurity products. With Whalebone’s addition, EuroISPA’s Industry Forum currently allows ten companies with a legitimate interest in the Internet industry to participate in EuroISPA’s activities, acting in an advisory capacity and providing input on relevant policy issues.

Lorenzo Bracci, Account Executive at Whalebone, commented: “We are pleased to begin a collaboration of Whalebone with EuroISPA. As consortium leader of the DNS4EU project, Whalebone commits to the shared vision of a safe, private, and independent European digital space, thus opening new opportunities to both ISPs and their customers”.

EuroISPA is the representative body of Internet Services Providers (ISPs) across the European continent, creating a common voice aimed at promoting and protecting the interests of its members. Active since 1997, EuroISPA functions as an ‘umbrella’ association representing ISP associations on policy and legislative issues and facilitates the exchange of best practices between members.

Elina Ussa, President of EuroISPA, said: “We are delighted that Whalebone is joining our community as the newest addition to the EuroISPA Industry Forum. At EuroISPA, we highly value the input of companies, and we believe that Whalebone, with their extraordinary work on cybersecurity, will bring a topical perspective and represent a great addition to the activities of the Forum. This valuable enlargement of our membership strengthens our position as a prominent stakeholder and representative body in the sector”.

Established in 2016 in the Czech Republic with the goal of redefining digital security, Whalebone has since become the official provider of secure DNS resolution for the European Union and a globally recognised market leader in telco network security. Whalebone develops user-centric cybersecurity products for telcos, ISPs, and enterprises, and provides digital life protection to millions of everyday Internet users without the need to download anything.

Richard Malovic, CEO at Whalebone, added: “We believe that Whalebone contributes to a new standard, where the Internet connection itself would be the guarantor of security, and thus to be connected will mean to be protected”.

About Whalebone

Whalebone brings next-generation digital life protection to T1 telcos, regional ISPs, and enterprises all over the world. Their products already protect more than 400 companies and millions of their customers from malware, phishing schemes, and other malicious attacks targeted at all types of Internet-connected devices. Whalebone’s mission is to bring cybersecurity to 1 billion Internet users by the end of the decade.

For more information: [email protected]

PRESS RELEASE: Point Topic joins EuroISPA, the world’s largest association of ISPs, to foster cooperation on European digital policy development

Brussels, 10 September 2024 ­­– EuroISPA, the pan-European association of Internet Services Providers Associations, officially welcomed its new Forum member Point Topic Ltd, a London-based broadband market intelligence house. With Point Topic’s addition, EuroISPA’s Industry Forum can now rely on nine companies active in the Internet industry to participate in the Association’s activities under an advisory capacity.

EuroISPA is the representative body of Internet Services Providers (ISPs) across the European continent. Founded in 1997, EuroISPA functions as an ‘umbrella’ association representing nine national ISP associations on policy and legislative issues and facilitates the exchange of best practices between members. EuroISPA engages at EU level on behalf of its members on a wide range of policy issues, including intermediary liability, data protection, cybersecurity and safer Internet. The association is structured around different, topical, Committees, which allow members to regularly exchange ideas and views on specific policy matters and dossiers.

“Joining EuroISPA is an essential step for Point Topic in strengthening our commitment to the development of a robust and fair Internet services framework in Europe. We are excited to contribute our data-driven insights and collaborate with fellow EuroISPA Industry and Council members to foster an environment conducive to innovation and competitiveness,” said Oliver Johnson, CEO of Point Topic.

Point Topic has been at the heart of European broadband data for many years. In addition to regular data gathering and analysis for a range of private sector clients, the company has run numerous projects for the European Commission and still contributes to the Broadband Coverage in Europe study with the latest in the annual series published recently.

Elina Ussa, President of EuroISPA, said: “We are delighted to be welcoming Point Topic as the newest addition to the EuroISPA Industry Forum. Thanks to their extensive research and broad client base that includes ISPs, operators, policymakers, and academic institutions, I am confident that Point Topic will provide valuable advice to EuroISPA’s Council members, actively contributing to and enhancing our discussions on the policy issues impacting the European Internet industry and supporting us in achieving our goal of defending the interests of European ISPs at EU level”.

“At the core of what we do every day is bringing more broadband to more people.  We make a small but important and ongoing contribution to the spread of high bandwidths and all the benefits that come with it.  We believe our values align well with EuroISPA and their members and we are committed to supporting EuroISPA’s goals and collaborating towards a prosperous and interconnected European digital future together,” concluded Johnson.

About Point Topic Ltd 

Founded in 1998, Point Topic specialises in providing high-quality data and analysis on global broadband development. Celebrating its 25th year, Point Topic continues to be a key resource for industry data, influencing strategic decisions across the UK and Europe. Learn more at www.point-topic.com.

For more information: [email protected]

Draft regulation on payment services: effective fight against bank fraud requires the continuous cooperation of all parties

As part of the negotiations on the Commission’s proposal for a regulation on payment services, the liability of electronic communications operators and more generally of technical intermediaries, including digital platforms, in the context of bank fraud has been raised in different fora. This is triggered by an increase in fraudulent practices based on impersonation to deceive bank customers using electronic means of communication. For example, one of the growing vectors of bank fraud concerns the theft of telephone numbers (number spoofing). By fraudulently using a number assigned to a bank or payment service provider (bank advisor number or credit card opposition centre), the fraudster lowers the customer’s level of distrust and deceives them to obtain confidential information (access codes, bank card number, etc.).

Electronic communications operators, notably faced with the misunderstanding of fraud victims, are already incentivised to fight such practices and ensure trust in the use of telephone numbers. Several national initiatives, whether voluntary or imposed by law, have been launched in this regard. For example, in France, the Naegelen law, adopted in July 2020 to combat illegal cold calling, requires operators to ensure the authenticity of numbers from the numbering plan established by the national regulatory authority when they are used as caller ID for calls and messages received by their end-user customers.

Despite these efforts, which must continue, fraudsters remain innovators by nature, which means that fraud is rapidly evolving to circumvent any technical obstacles put in place.

This is why attempts to shift the legal and financial liability of such bank fraud cases away from payment service providers to technical intermediaries would not bring any additional result in the effective fight against these fraudulent practices. On the contrary, this would certainly lower the incentive for payment service providers to secure their services through state-of-the-art technologies and endanger the very principles governing the functioning of electronic communications services: electronic communications operators do not have visibility or control over the contents of communications on their networks, hence cannot be held liable for reprehensible acts committed using their networks. Overall, this would conflict with provisions of existing EU law applying to electronic communication operators (such as European Electronic Communications Code or ePrivacy and net neutrality) and platforms (such as the Digital Services Act).

But this does not imply that nothing can be done: cooperation at EU level among all parties involved in the fight against bank fraud (including operators, digital service providers, payment service providers, banks, customers’ associations, telecom regulators, and banking supervisors) could be strengthened and structured to identify and qualify trends in bank frauds, promote best practices in technical remediation, seek interoperability in telephone number authentication systems, and better inform customers for them to make better decisions when using payment services.

Remedying new forms of bank fraud requires a collective effort from the digital and the banking sector – the EU should not miss the opportunity to make it happen. It should ensure the Payment Services Regulation remains proportionate and incentivise efficient cooperation between the banking sector and the electronic communications sector, while duly considering the roles of each player in the value chain and without transfer of liability. 

Romain Bonenfant

EuroISPA Board Member
Managing Director, Fédération Française des Télécoms

Joint Industry Request to Extend Deadline for Trustworthy General-Purpose AI Consultation

Alongside 10 other trade associations, EuroISPA urged the European Commission and its AI Office to extend the deadline for responses to the consultation on trustworthy general-purpose AI (GPAI).

The effective implementation of AI Act rules on GPAI is vital for the future of the European AI and the ISPs ecosystem. However, the original six-week deadline, especially during the summer recess, restricts stakeholders’ ability to offer comprehensive feedback.

After the publication of this letter, the European Commission accepted to extend the consultation period until the 18th of September 2024.

EU Payments Services Regulation: EuroISPA’s opinion

EuroISPA’s position on the EU Payments Package

In 2023, the European Commission put forward proposals to bring payments and the wider financial sector into the digital age, including through a proposal for a Payment Services Regulation (PSR).

EuroISPA finds the European Parliament’s position on the PSR worrying, and most notably the contents of Article 59 of the proposed Regulation on the liability of Electronic Communications Operators in the occurrence of impersonation fraud. 

In the context of the discussions on the file currently entering the Council of the EU arena, we are now sharing our opinion concerning Article 59, advocating for the removal of the article altogether, for the strengthened cooperation between all players involved, as well as for the empowerment of consumers to make knowledgeable and safe decisions to better combat fraud.

“How to master Europe’s digital infrastructure needs?” – EuroISPA’s feedback to the European Commission’s White Paper

The European Commission’s White Paper “How to master Europe’s digital infrastructure needs?” analyses the multiple challenges Europe currently faces in the rollout of future connectivity networks. It presents possible scenarios going forward to address those challenges, attract investment, foster innovation, increase security and achieve a true Digital Single Market.

EuroISPA responded to the European Commission’s public consultation on the White Paper in the name of European Internet Services Providers (ISPs).

Here is a summary of our feedback:

  • EuroISPA welcomes the fact that the Commission highlights the critical importance of ISPs for the future of the EU and draws some meaningful scenarios in order to promote connectivity and simplify and harmonise regulations, which is needed to overcome the challenges ahead.
  • However, EuroISPA finds that many proposals require more clarification from the European Commission and need to take account of national specificities / efficient frameworks.
  • EuroISPA also commends the willingness of the EC to address the sustainability and security of networks, which are essential to ensuring a resilient and sustainable Europe.

EuroISPA General Meeting in Rome: a recap

Rome, June 27-28, 2024

Last week, the EuroISPA community travelled to Rome for the second General Meeting of the year, gathering Council and Forum members, Board Officers and Secretariat, kindly hosted by our Italian member AIIP.

This General Meeting came at a turning point in Europe’s political landscape, with the European elections results still fresh, the start of the Hungarian Presidency, and an entire EU agenda still to shape. This is precisely what our members discussed together in the two-day meeting in Rome. The agenda included:

📌 A nice welcome and overview of the work and priorities of AIIP, representing ISPs in Italy

📌 Analysis of the EU Elections results, what they mean for EuroISPA members, and our upcoming engagement efforts

📌 Approval of EuroISPA’s feedback to the European Commission’s White Paper on Digital Infrastructure. You can read our submission here.

📌 Exchange on several EuroISPA statements on topics such as sustainability, GDPR, AI, data retention, CSAM and payments.

Finally, we had the pleasure of welcoming several guest speakers:

  • Vinicio Peluffo, Member of the Italian Chamber of Deputies for the Democratic Party, on how Italy is preparing for challenges stemming from AI
  • Kristian Bartholin, Secretary to the Council of Europe’s Committee on AI, on the expectations on AI governance at a global level after the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law
  • Giuseppe Bianchi, Professor of Telecommunications at the University of Rome Tor Vergata, the role of infrastructure in enhancing the competitiveness of the EU and its Member States
  • Andrea Margheri, Deputy Head of Division, Industrial, technological, research and training programs at the Italian Cybersecurity Agency, on the interplay between AI and cybersecurity and the opportunities and challenges

The next EuroISPA General Meeting will be held in Brussels in September – stay tuned!

For the future of the Internet, EU policy needs to focus on digital infrastructure

With the EU progressively increasing its focus on digital policymaking, it is ever more crucial that digital infrastructure be kept at the core of decisions that impact the Internet. The true advancement of digital policies incorporates all actors along the value chain of Internet service provision and has the potential to create an innovative digital sphere in the interest of EU citizens. Policies must be adapted to the reality of an ecosystem that is composed of many kinds of actors, taking into account differences in resources and precedent, particularly if we want to see even implementation across the entire sector. Indeed, what we need in order to create a sustainable EU digital policy life-cycle is clarity regarding implementation and coherence with existing legislation, and avoidance of legislative overlap.

The EU is seen as a driving force of innovation globally; but in order to truly enable an innovative, free, and fair Internet, the EU must consider all the actors within the sphere of Internet service provision. By considering all players and creating a level-playing field, the EU can create a cohesive internal market and enable increased sharing of knowledge and best practice. For the EU to maintain its status as a key actor at the global level of Internet services provision, it must nurture a competitive digital market at the infrastructure and service level. The EU has the chance to play a leading role in the development of emerging technologies, including AI, quantum technology, blockchains, and virtual worlds, and to build legislation which allows players of all sizes to participate – and it must take that chance to be at the forefront change.

Meanwhile, we must not forget that a safer Internet is crucial for the integrity of EU democracy. Ensuring technology neutrality and encompassing every actor within the Internet ecosystem allows for effective policy-making that creates a safer and freer Internet for all EU citizens. 

Elina Ussa
President of EuroISPA

Read EuroISPA’s Manifesto for the 2024 European Elections here.