I'm by no means an expert, but I'd say Belgium currently handles privacy in a reasonable manner that's definitely more privacy-friendly than the US.
Like many countries we have a commission for the protection of privacy to ensure personal data is handled with care. One of its responsibilities is to uphold the proportionality principle. The law mandates that personal data should only be collected in so far it is reasonable to do so and the collection needs to be intended for a specific purpose. The commission usually offers guidance and recommendations in such matters, but they do more than that. A few weeks ago they took Facebook to court because of, in their words, a flagrant breach of privacy legislation. Tracking people without an account and without providing them a way to opt-out was deemed unacceptable.
Companies are not the only possible invasion of privacy. The intelligence services are another example. They are monitored by a permanent and independent committee: Standing Committee I. The members are appointed by the Senate and have security clearance. This only started in the early nineties and precisely because there were problems. Now, if there's a complaint from a citizen who feels like he or she has been treated unfairly (I'm guessing this excludes foreigners, not sure), the committee will investigate. Their annual report looks quite interesting, and is way more specific than I expected, but unlike the site it's only available in French or Dutch.
A citizen can request the files any part of government has on him or her, this includes the intelligence services and state security. Access can be denied in some cases, but the refusal has to be accompanied by a proper explanation.
What if the privacy laws aren't respected by the government or the police? Entire court cases have been scrapped because the initial phone tap was deemed illegal, thus tainting all subsequently obtained evidence. There needs to be a properly motivated reason to start tapping phones and it's only allowed for specific types of crime. Drug dealers and arms merchants have been set free because of (clerical) errors regarding search warrants. The law and the various procedures will probably evolve to fix such issues. I haven't quite figured out if this does anything to disrupt parallel construction, but that's another matter.
Upholding existing laws is only part of the puzzle. Any government can try to pass overbearing and privacy-invading legislation. That doesn't have to be malicious in intent. Not everyone agrees on what is an acceptable intrusion on privacy and what is not. Belgium is no exception. A decent example is the recent data retention law, inspired by the EU directive. Law enforcement supported the retention, others did not. A human rights organization (Liga voor Mensenrechten) went to court and the Constitutional Court of Belgium struck down the law.
On a different note, large-scale surveillance by the Belgian government seems unlikely. Maybe the government would try if they could, I don't know. It probably helps that Belgium is tiny and many of its government agencies, intelligence services included, are not particularly well-funded. Then there's the complicated government structure and the wide variety of political parties that have to form coalition governments. Keeping secrets is hard in such an environment. Wild speculation: maybe this is why Belgacom (now Proximus) was hacked instead of formally requesting an exchange of intelligence information?
I think (hope?) a more balanced approach like in Belgium can work in bigger countries, further bolstering cooperation between allies. Sensitive personal information can be shared more freely between nations if they offer the same level of privacy protection.
Like many countries we have a commission for the protection of privacy to ensure personal data is handled with care. One of its responsibilities is to uphold the proportionality principle. The law mandates that personal data should only be collected in so far it is reasonable to do so and the collection needs to be intended for a specific purpose. The commission usually offers guidance and recommendations in such matters, but they do more than that. A few weeks ago they took Facebook to court because of, in their words, a flagrant breach of privacy legislation. Tracking people without an account and without providing them a way to opt-out was deemed unacceptable.
Companies are not the only possible invasion of privacy. The intelligence services are another example. They are monitored by a permanent and independent committee: Standing Committee I. The members are appointed by the Senate and have security clearance. This only started in the early nineties and precisely because there were problems. Now, if there's a complaint from a citizen who feels like he or she has been treated unfairly (I'm guessing this excludes foreigners, not sure), the committee will investigate. Their annual report looks quite interesting, and is way more specific than I expected, but unlike the site it's only available in French or Dutch.
A citizen can request the files any part of government has on him or her, this includes the intelligence services and state security. Access can be denied in some cases, but the refusal has to be accompanied by a proper explanation.
What if the privacy laws aren't respected by the government or the police? Entire court cases have been scrapped because the initial phone tap was deemed illegal, thus tainting all subsequently obtained evidence. There needs to be a properly motivated reason to start tapping phones and it's only allowed for specific types of crime. Drug dealers and arms merchants have been set free because of (clerical) errors regarding search warrants. The law and the various procedures will probably evolve to fix such issues. I haven't quite figured out if this does anything to disrupt parallel construction, but that's another matter.
Upholding existing laws is only part of the puzzle. Any government can try to pass overbearing and privacy-invading legislation. That doesn't have to be malicious in intent. Not everyone agrees on what is an acceptable intrusion on privacy and what is not. Belgium is no exception. A decent example is the recent data retention law, inspired by the EU directive. Law enforcement supported the retention, others did not. A human rights organization (Liga voor Mensenrechten) went to court and the Constitutional Court of Belgium struck down the law.
On a different note, large-scale surveillance by the Belgian government seems unlikely. Maybe the government would try if they could, I don't know. It probably helps that Belgium is tiny and many of its government agencies, intelligence services included, are not particularly well-funded. Then there's the complicated government structure and the wide variety of political parties that have to form coalition governments. Keeping secrets is hard in such an environment. Wild speculation: maybe this is why Belgacom (now Proximus) was hacked instead of formally requesting an exchange of intelligence information?
I think (hope?) a more balanced approach like in Belgium can work in bigger countries, further bolstering cooperation between allies. Sensitive personal information can be shared more freely between nations if they offer the same level of privacy protection.