On October 8, 2013, a Royal Decree was published completing the transposition of the EU Data Retention Directive 2006/24/EC (the “Data Retention Directive”) into Belgian law. The Royal Decree was adopted on September 19, 2013.
The Data Retention Directive had already been partially implemented through amendments to the Electronic Communications Act of June 13, 2005. The amendments require providers of publicly available fixed and mobile telephony services, Internet access providers, email or Internet telephony services, as well as providers of the underlying public electronic communication networks, to retain communications data, including personal data, for law enforcement purposes. The Royal Decree establishes the conditions for such data retention, which go beyond the minimum requirements of the Data Retention Directive. In particular, the Royal Decree lists the categories of data that should be retained, and the Belgian list is longer than the minimum required by the Data Retention Directive. Also, the one-year retention period imposed by the Royal Decree exceeds the minimum retention period provided by the Data Retention Directive.
The Royal Decree allows for a grace period of one year to conform to the new rules.