Brussels: Europe and the Arabs

Belgian media outlets reported that data brokers offered the location data of millions of Belgians for sale. Although this data is anonymized, it can often be easily linked to individuals, according to the newspapers L'Echo and De Tijd on Tuesday. Local newspapers and the Belgian news agency Belga reported that L'Echo, in collaboration with French publications such as Le Monde, the Dutch publication BNR, and the German website Netzpolitik.org, obtained hundreds of millions of GPS coordinates from approximately 2.6 million smartphones used in Belgium. This allowed for the creation of detailed maps of the locations visited by specific phone users, from their home and workplace addresses to their children's schools, fitness centers, and favorite restaurants.

This wasn't limited to L'Echo's own journalists; it also involved at least five people who work or have worked for the European Union, including three high-ranking officials. According to the newspapers L'Echo and De Tijd, the price of the data ranges from $24,000 to $60,000 annually for current Belgian data from up to 700,000 tracked devices daily. However, journalists from the French newspaper, posing as employees of a marketing agency, obtained a free dataset as a "trial."

Belgian media reported, "This is data that smartphone users themselves reveal by downloading games or other apps that track their locations. The developers of these apps sell this data to data brokers, who in turn offer it to marketing or advertising companies." According to the brokers, the data they sell is anonymized: it consists only of unique identifiers linked to devices. However, anyone who buys this data can track the movements and habits of smartphone users. According to researchers, not all apps accurately report what data they collect and how they use it. Research revealed that at least 756 apps on the Google Play Store could access precise geolocation data without explicitly stating so.

New guidelines: Many of the tracked phones were located at NATO or European Commission sites in Brussels, at Belgian military bases such as Kleine-Brogel, at the Doel and Tihange nuclear power plants, or in maximum-security prisons. Moreover, it appears that it is not difficult to link such a unique identifier to a person. Journalists from the newspaper L'Echo reconstructed the daily routines of at least five EU employees, including three in management positions, based on leaked data. The data, obtained from mobile phones, reveals where people live, work, and travel patterns. This not only jeopardizes the personal safety of those involved but also puts strategic institutions, such as military bases and nuclear facilities in Belgium, at risk.

The European Commission expressed its concern about this information and immediately issued new guidelines for its employees. These guidelines are intended to restrict the use of advertising tracking systems on both professional and personal devices. The Commission also informed other EU institutions of the risks. This case casts a shadow over digital privacy protection in Belgium and raises questions about data monitoring and the role of commercial intermediaries.