Proposition 54K3256

Projet de loi portant des dispositions diverses concernant le Registre national et les registres de population.

General information ¶

Submitted by

MR Swedish coalition

Submission date

July 23, 2018

Official page

Visit

Status

Adopted

Requirement

Simple

Subjects

administrative formalities civil register fraud database

Voting ¶

Voted to adopt

CD&V Open Vld N-VA LDD MR PP

Voted to reject

Groen Ecolo PS | SP DéFI PVDA | PTB

Abstained from voting

LE ∉ VB

Party dissidents ¶

• Olivier Maingain (MR) voted to reject.
• Jacques Chabot (PS | SP) abstained from voting.

Contact form ¶

Do you have a question or request regarding this proposition? Select the most appropriate option for your request and I will get back to you shortly.

Discussion ¶

Nov. 14, 2018 | Plenary session (Chamber of representatives)

Full source

Mr. Speaker, dear colleagues, Mr. Minister, it is an important draft that aimed at pursuing more administrative simplification and promoting the fight against identity fraud.

The proposal led to hearings in the committee. Many of your questions have been answered very thoroughly. Additional advice was provided by the Data Protection Authority.

During the discussions, two amendments were submitted, rather a technical amendment and an amendment by the colleagues of the MR aimed at designating the authorities authorised to read fingerprints.

A total of 10 votes were voted in favour, three voted no and one abstained.

I would like to add another consideration to the N-VA. We will ⁇ support this design, as it increases security, reduces the administrative burden for citizens, ⁇ in contact with ⁇ , and takes due account of respect for privacy.

Then I give the floor to Mr Thiébaut.

Mr. Speaker, Mr. Minister, dear colleagues, the bill we are discussing today is very symbolic. He talks about respect for privacy. He stresses that this government threatens, once again, this fundamental right for each of our fellow citizens.

It contains, essentially, two parts. The first concerns access to data and contents in the National Register. The citizen is little aware of this, but the National Register knows a lot about him. It is an indispensable management tool for public authorities. It is also, at the time of big data, a source of information that does not lack to stir the cravings of private actors.

In the name of administrative simplification, you would like to give access to some of these data to companies who would like to. This is mainly about address changes. This is a step that we could hear in some cases and that should then be accompanied by solid and serious tags. However, it is important to note that the tags here are clearly insufficient for our sense.

On the one hand, it is repatriated, in the hands of the Minister of the Interior, the competence of authorization of access. The law does not specify clear conditions to be fulfilled and does not provide for advance control of compliance with security standards regarding the information that is transmitted.

On the other hand, the a posteriori checks are referred to the Data Protection Authority, but this authority has already expressed its concerns during the hearings organized around this bill. It will be an important workload to carry out these controls and it does not seem to him that the means available to handle it are at the level of the challenges.

Finally, we count on the individual responsibility of each citizen, leaving him the care to control which companies are accessing his data and to oppose it if necessary, which, at the time of spam and cookies well entered into the morals, does not appear to constitute a ⁇ solid dike.

We will also highlight the remarks of civil state officers on this subject, who fear that this provision, applied to judicial officers, encourages citizens among the most fragile to seek to disappear from radars through the deletion of registers. This is a question that it would have been wise to answer.

But the most spectacular aspect of this project is ⁇ the one that aims to place on the identity cards an image of the holder’s fingerprints, a provision that the minister justifies in two ways: on the one hand, by relying on a European text; on the other hand, by invoking the fight against identity fraud. Unfortunately, the European text in question is still under discussion and the criticism against it is vivid. The discussions are far from closed. Based on this text, we place the chariot before the oxes.

Furthermore, I wonder about the binding nature of a text calling for the insertion of “fingerprint” data on identity documents, within a space where several Member States do not have such documents.

As for identity fraud, the figures that the minister advances show the disproportionate reaction: taking fingerprints of 11 million Belgians for 344 cases of identity fraud that were the subject of an investigation in 2017. Over five years, there are 400 cases per year at the borders. Does this mean that identity control is useless? Definitely not ! But in this matter, as in many others, the notion of proportionality must be at the center of attention. Here, we are clearly sinning for lack of caution.

The measure is disproportionate, as the representatives of the Data Protection Authority, the former Privacy Protection Commission, say. Is it at least effective? You can doubt it.

Let’s take the problem from the beginning. First, let us remind ourselves that it is impossible for someone who is animated with bad intentions and who seeks to usurp an identity to make real papers that would contain a false identity. In this case, the presence or absence of fingerprints would make no difference. If the fingerprints match the card holder, there is no reason to doubt his identity and therefore it would be a hit in the water.

Next, it is still about having the technical means to compare the fingerprints of the card holder and those present on the document. Today, these readers are mostly available in municipalities and at borders. These are ⁇ places where a check can be carried out but, compared to the number of concrete situations where identity checks are carried out, this is the congruent portion. It is known that it is primarily the police during routine road controls that control the identity of citizens. And they are not equipped with ad hoc equipment. Equipping them requires a substantial budget and I am sure that this expenditure meets the priority needs of the police.

In this context, once again, the measure therefore has only a very relative effectiveness, in particular with regard to the intrusion into the privacy it represents. But the measure also seems disproportionate. Its effectiveness seems at least questionable while its cost is, on the other hand, certain.

Is this at least a measure that would not have a perverse effect? We cannot even be sure! Officers of the civil state whose opinion is not unanimous on the subject face certain difficulties. First, it is clear that this measure will require the card holder to come and take it himself to the municipality, an obligation that does not currently exist and that represents a discomfort for users.

More fundamentally, their professional organization also highlights that certain categories of the population may encounter major difficulties in complying with this measure. These include people suffering from arthrosis for whom taking fingerprints would be very difficult, or even impossible. But above all, they emphasize that, contrary to a very widespread idea, fingerprints are not immutable data!

This is how manual workers often see, because of their activity or related accidents, their fingerprints permanently modified. It is difficult to imagine the difficulties that fingerprints represent as a means of identification. This leads, moreover, to a serious relativisation of the principle that they constitute a ⁇ safe means of identification.

As the CERT representative argued, we leave – by definition – our fingerprints everywhere. Here again, malicious persons who would want to usurp an identity would not experience insurmountable difficulties in appropriating the fingerprints of a third party. By the way, this is exactly what happened to the German defence minister, whose fingerprints were subtilized in 2014 by usurpers. In the end, I fear that it will become easier to get your fingerprints stolen than to then recover your true identity.

In short, Mr. Minister, Dear colleagues, while this project as a whole seems to us to be ⁇ hasty with regard to the commercial use of the data of the National Register, it seems to us above all disproportionate, ineffective and even – in some aspects – dangerous when addressing the issue of fingerprints. The right to privacy and not to be permanently controlled, high as a human right, has already been the subject of numerous attacks under this government. Like all rights, even fundamental, it can be balanced to ensure that other rights of equal importance are respected. But this is a balance. But this text, once again, seems to us to break a always precarious and fragile balance. That is why we will vote against this project.

Mr. Speaker, Mr. Speaker, Mr. Speaker, Mr. Speaker, I will not go back to the details of the project. They have been quite developed and are even more developed in the report. I would just like to emphasize the new tools offered by the project as part of the fight against home fraud and identity fraud. These types of fraud may hide other types of fraud or be related to other types of fraud or to the commission of certain crimes or crimes – one cannot avoid thinking about terrorism.

I think of course of the registration of fingerprints on identity cards, which is the subject of Article 27 of the project. This has caused a lot of discussion in the committee. With a majority, we submitted an amendment following an observation from the Data Protection Authority and aiming to determine in the law itself which authorities are authorized to read fingerprints. For memory, this is the staff of municipalities, police services, border control, the Foreign Office, etc.

Another instrument: the strengthening of residence controls by the municipalities, referred to in Article 25 of the project. Where controls do not allow to determine with sufficient certainty the reality of the main residence, the project will allow municipal authorities to require energy suppliers to communicate consumption reports. This can only be requested as a last resort. Another important clarification, also resulting from an amendment we have filed: the companies concerned will be required to provide the requested information free of charge.

I would like to welcome the willingness of our government to provide new tools for administrative simplification. This is an important goal of the bill as the instruments will benefit both public and private bodies as well as citizens. I am referring here to the communication of changes to the data of the National Register by the services concerned to private and public bodies under Belgian law. Without entering into details, sufficient safeguards govern the exercise of this measure since the consent of the natural persons concerned must be obtained in advance but also be taken into account for the purposes for which the communication may be made. The purposes are clearly stated and are detailed in Article 12.

Mr. Minister, in conclusion, you pursue important objectives within the government and this project meets them. We will support them in the vote.

Mr. Chairman, colleagues, CD&V supports the present bill. It is a pity that the discussion about the design is reduced to one article related to the fingerprints. In fact, the draft also provides for a major change to enable the modernisation of the services of the civil service. It must be a closing block of the digitalization of the civil stand, as elaborated by Minister Geens, among others.

It is true that the design also provides for the registration of fingerprints on the eID. As of April 2019, a fingerprint will be displayed on the ID card. The proposal to put fingerprints on the identity card came, among other things, after the attacks in Paris and Brussels, when it turned out that several terrorists could travel freely thanks to identity fraud. This is also evidenced by the work of the Investigative Committee after the attacks. We were indeed confronted with some of the perpetrators of the attacks in Brussels and Paris who had multiple IDs and various alias. In addition, we are also facing increasing cases of identity fraud in other areas. The taking of the fingerprints should therefore incorporate the additional security that the person offering the eID is also actually that person. The photo on the eID, as said by others, is often misused by lookalikes.

We also assume that the reasoning provided by the Minister during the discussion in the committee is sufficient to justify the proportionality of this measure. That was the core of the opinion of the Data Protection Authority. A link between the electronic identity card and fingerprint identification is useful and reduces the likelihood of counterfeiting and identity fraud. International passports already use fingerprints. However, travel within the Schengen area does not require an international passport, but a regular identity card.

This measure incorporates additional security that allows controls when entering the Schengen area or when travelling within the Schengen area. CD&V is only in favour of this if there is a link with fundamental safeguards regarding privacy and data protection. Fingerprints are stored on the card itself and not on the chip. There will also be no general database of fingerprints. The manufacturer of the electronic identity card may retain the fingerprints for a maximum of three months. Reading of fingerprints will only be possible for authorised services, including police services, by means of an implementing order. Also, only these services will have the equipment available to do the reading. The ordinary card reader chips will therefore not allow the reading of the fingerprints. All of these things offer, in our opinion, sufficiently clearness. We will fully support this project.

Mr. Speaker, Mr. Minister, colleagues, as colleagues Degroote and Demon have already said, this bill contains more measures, including in the context of administrative simplification or the modernization of the civil status, but on behalf of our group I will mainly speak about the much-discussed measure concerning fingerprints on the eID, in the fight against identity fraud.

Our group will support the current measure for the inclusion of fingerprints on the eID. The digital image of the index finger of the left and right hand will be integrated into the map. This card, as the Minister also explained in the committee, meets the highest safety standards. Fingerprints are protected by a certificate that allows reading with a card reader only for authorized agents. Those who are authorized to do so are also explicitly included in the present draft law.

The aim of the measure is, of course, to strengthen the security of citizens’ identity cards in the fight against fraud. The same rule applies to passports in our country.

It is evident that our party shares and primates concerns about the right to privacy and freedom. Therefore, any measure to do so should be proportionate to the objective pursued and have a minimum of achievement. Therefore, our support for the present bill has not come lightly. Therefore, I would like to summarize briefly the history of the case.

In this way, we note that the fingerprints will in no case be stored or centralized. In other words, there is no central storage. They are stored only for the time necessary to create the card and therefore no longer than three months. Then they are destroyed. In the initial proposal of the Minister, a central, although secure, storage of fingerprints was included in the National Register, with a wider purpose within the framework of the general fight against crime. The minister brought the mustard from Morocco. That proposal went too far for us. During a Council of Superministers in 2017, the proposal was updated at the initiative of our group.

My colleagues, another argument that cannot be underestimated in support of the measure at issue concerns the course that Europe is currently taking in this regard. Today, we take the lead in Europe and are at the forefront. On 17 April 2018, the European Commission presented a proposal for a regulation aimed at improving the security features on EU citizens’ identity cards and thus preventing the use of fraudulent documents. Terrorists and criminals can use those documents to enter the European Union from a third country.

The European Commission wants to make the use of biometric data mandatory for countries that issue identity cards.

Meanwhile, the latter recommendation has been outlined in a proposal that will require the registration of two fingerprints on ID cards. Such biometric data may only be used to verify the authenticity of the card and to verify the identity of the holder.

Furthermore, Europe intends to approve the proposal by the end of this year. The European obligation is therefore to be met anyway.

I would like to remind you of a few figures. In 2016, we read in the Action Plan for a Strong European Response to Travel Document Fraud that fraudsters have a high demand for EU travel documents. The eID is also a travel document. At least three-quarters of the fraudulent documents detected indicate that they were issued in an EU Member State or a Schengen country.

According to recent reports from the European Border and Coast Guard, less secure national identity cards issued by Member States are the fake documents most often detected when travelling within the Schengen area. Lookalike fraud, in which the holder of the document simply very much resembles the actual owner, also continues to increase and remains the type of fraud that was most ⁇ in the second quarter of 2016.

In Belgium, on the other hand, we have recorded a sharp decline in the number of counterfeit cards since the introduction of the new eIDs in 2005. The latte to counterfeit an eID became so high that there was a shift to lookalike fraud and the false obtaining of real documents through the municipalities, based on a false name or photo. This was also confirmed in the hearings by the municipal representatives.

The figures of the national SPOC Identity Fraud regarding the number of files opened, based on reports from the municipalities, indicate an increase. Thus, the figures show that the fraud with fingerprint documents is declining compared to the eID, which is beginning to become a weak link and is increasingly used for identity fraud.

Also the police services, colleagues, note an increase in the number of attempts to fraud through lookalikes or the false acquisition of a real document on behalf of someone else. Without an additional biometric element such as the fingerprint, it is very difficult to detect such fraud. A photograph alone, as one can imagine, does not always provide sufficient exclusion to quickly and efficiently guarantee the true identity of a person concerned. With the fingerprint added, fraudsters irrevocably fall through the cart.

Dear colleagues, there is no doubt that identity fraud is usually also a cover for committing other criminal acts. These are human trafficking, fraud, criminals who want to stay under the radar, Syrian fighters who want to enter Europe clandestinely, potential terrorists, and so on.

Effective hearings were held on this subject and opinions were sought. During the hearings and from the written opinions, it was shown that the representatives of the population services in Wallonia and Flanders are in favour of fingerprints on the eID.

The right to privacy is, of course, a fundamental human right, but the right to security is also important. A constant balance of both must be made. It is also important that a government does not abuse its powers.

Our group considers that the proposed draft is sufficiently proportionate for the reasons mentioned above. In the coming years, there will also be a constant need to find a balance. It will remain a difficult balance exercise between privacy and security. This remains an important challenge for the future. However, we believe that the measure currently envisaged is proportionate and will therefore receive our support.

Mr. Speaker, Mr. Minister, colleagues, this file was followed for our group by my colleague Top. He is also a rapporteur, but since he is currently on a parliamentary mission, you will have to ask me.

I will not repeat what colleagues from the other groups have already said. However, I will add some elements from the purely destructive opinions of our Data Protection Authority. As a result, the first version of this bill was updated in allerijl. As a result, also the initial intention, the fight against terrorists and the promotion of the general sense of security, in dusty cases.

They wanted to create a central database with DNA data, especially from fingerprints. According to the GBA, the motivation of the government to build such a database was not quite clear and it is simply overhaul if one wants to collect the fingerprints of all Belgians.

Who will do anything with it in the future?

The texts were therefore linked back to recording the fingerprints on the ID card itself, without collecting them in a central data file.

Many MEPs received many concerned emails or letters about this draft. Some groups even took action pleading to lose the ID card. Then you are safe for ten years, because then you quickly get a new ID card that is valid for ten years and without that fingerprint obligation.

Funny though, that civil disobedience, but it’s actually not to laugh at. Nearly all opposition members in the committee pointed out the many risks associated with storing and making such data accessible, especially to parties other than the government.

Of course, in the light of the observations of the GBA, a number of problems arise with regard to legality, subsidiarity and proportionality. There are really too few guarantees for the protection of the individual.

In the committee for Home Affairs, a number of arguments were cited that hit nails with heads.

First, the exemption of the authorisation to consult the personal data is overwhelmed.

Second, the reasons for those exemptions are outlined too broadly and vaguely, giving a large number of individuals within and outside the government a wide discretion to access sensitive personal data.

Third, there is insufficient control over the unlawful use of that access.

Fourth, too much data becomes too freely accessible to too many persons whose authority and ability to deal with it is not sufficiently delimited, nor provided. There are too many vague provisions which provide access openly and uncontrolledly to a large number of persons for whom the importance or proportionality of their access has not been sufficiently demonstrated, especially for those who are not directly bound to the government and thus less bound by ethical requirements.

Fifth, we also find it unacceptable that the citizen does not have any knowledge or control over who then becomes the exact destination of his data. This is in conflict with the new GDPR legislation.

Mr. Speaker, Mr. Minister, the government may have more power in the fight against serious crime, human trafficking and terrorism, but registering fingerprints of everyone, including brave gentlemen, is a form of overshooting. The slinger is completely broken. If such data really needs to be collected and stored, we want it to be accessible only under the strictest possible conditions and only to the most strictly controlled security services that have absolute responsibility for it.

The GBA issued a negative opinion on the registration of fingerprints on the ID card chip on the basis of the arguments that such registration does not comply with the principle of proportionality and that the comparison with passports is irrelevant. As regards passports, the agency also reiterates that a specific European regulation requires Member States to collect fingerprints.

Mr. Minister, you argue that the ID cards are also travel documents, which is quite disputable. Several EU countries do not have ID cards. International travel is often possible only with a passport, for example in the US. Finally, the Commission also frequently referred to European regulations. It is under development and is heavily under fire, precisely because of the points of criticism that we also brought in the discussion, not only those concerning privacy, but also a huge number of technical – different types of ID cards in Europe – and practical objections, such as the logistics associated with the registration of fingerprints and facial features.

I would definitely recommend you to take a look at the Dutch neighbors. There the proposed measure was introduced and in the meantime removed, mainly due to the limited controls and doubts about the usefulness of the measure.

My colleagues will vote against it soon. The members of the majority who will enthusiastically put their fingerprints on the green yes button, I would like to see again in a few years when an evaluation of this law will show that it was a measure for nothing, which would therefore not be so bad. However, if there comes a government that centralizes the fingerprints of ID cards, then we will only have problems with their use and misuse.

Finally, colleagues, be careful where you place your fingers from today, because the consequences can be no less.

Mr. Speaker, Mr. Minister, dear colleagues, it is true that this text relates to national registers and speaks of various provisions in its title. It actually contains certain provisions that are quite positive and on which I will not return because, as I said in the committee, there is a whole series of things with which we would have had no problem and that we could even encourage.

As the CD&V colleague said, we had a long discussion on an article. Yes, but this article is for us, as for many colleagues – I believe – fundamental because it illustrates well the importance of the balance between individual freedom, necessary protection of our fellow citizens and necessary security of our fellow citizens so that they can live, move and feel safe in their country, in their region, in their neighborhood.

You also include this text in the fight against terrorism. In this regard, we have had a lot of debates, unfortunately, I would say, because we must have taken them into account for the dramatic attacks we have known in Belgium and in neighboring countries. This has systematically been a debate that we wanted to take to heart at the level of environmentalists because it is important to put a cursor and to find the balance between individual freedom, data protection and necessary security measures.

The article I am talking about is Article 27 which introduces fingerprints on identity cards. This project has had a chaotic legislative course. Indeed, a first text, submitted a little less than a year ago, had received a first opinion from the Commission on the Protection of Privacy under its former name, now Data Protection Authority. At that time, Mr. Minister, you had removed the text. Then, here a few weeks ago, you came back, in committee, with a new text that, on the basis of this article 27, does not change anything to the criticisms we may have – and we are not the only ones.

Basically, because this is exactly what it is about, the objective underlying the measure you propose is to fight identity document fraud. It is a praiseful goal if it is. My group and myself support the fight against identity fraud, and against identity card fraud in particular.

But the central question is: is it necessary, in order to ⁇ this quite relevant goal, to take the footprints of the 11 million Belgians? For us, this is the issue at the heart of this important debate. This poses great problems in terms of proportionality and effectiveness.

Why efficiency? We’ve had this debate in committee, and we’re not going to make a war of numbers; but overall, the number of identity card fraud is decreasing. I have here the text of a response you had given to my colleague Mr. Benoit Hellings, who regularly asked you about the question. At the Belgian level, there were 655 fraud cases in 2014 and 397 in 2015. These figures come from the Central Office for the Repression of Fake Documents.

At the European level, the trend is the same. We will not fight on the numbers, but what is certain is that there are a few hundred cases in Belgium, and that the trend is down at the Belgian and European level.

With regard to proportionality, it is unacceptable for us that, in order to ⁇ this goal, we organize a system that takes the footprints of 11 million Belgian citizens. This is the basis of our argument.

In terms of efficiency, it is the same. We consider this measure to be ineffective, given that people who are fraudulent are absolutely not targeted. It should be possible to target fraudsters, who provide fake documents to fraudsters and malicious persons. It is true that the perpetrators of the terrorist attacks, committed in Belgium and France in particular, carried fake identity documents.

But is it effective to take the footprints of the 11 million Belgians to be able to pursue this goal? In our opinion, the answer is negative.

Mr. Minister, you talked about ideology in the committee debates, referring to us as ideologists because we defend this point of view as a cursor, of balance in relation to our individual freedoms. We oppose mass surveillance in relation to the purpose of identity fraud. But, in our view, this is actually also an ideological measure. This is an ideological measure of your government. You want to implement measures that we consider to be extremely safe and we do not see the effectiveness of. And you justify this by certain objectives that absolutely do not correspond in terms of proportionality. Ideology is not on our side. I take as proof the hearings and reports that we have had, in particular from the Data Protection Authority, which makes it clear – and I here reiterate its opinion that was delivered to us in September – that there is no real justification for the measure envisaged.

We cannot be clearer. This is exactly what I have demonstrated. The Authority also argues by numbers, but I will not go into the details. There is the fact that identity fraud is declining in Europe and Belgium and that the guards to implement such an intrusive measure of mass surveillance are not in place.

I would like to remind you that the Data Protection Authority is an independent, neutral body and that it has issued a negative opinion, twice, on your first text and on this one. It is also important to be able to calmly analyze what is said here. We did not wish to hear them again following the answers you gave in commission, since you sweep all these arguments from a back of the hand. But for us, this is not okay. It is unacceptable to pass into force like this, given all these arguments.

I conclude with one last argument which is also pointed to the finger by the Authority. This is the risk of hacking. Indeed, if tomorrow malicious people want to "hack" our identity cards, next to our address, our municipality, our civil status, they will also have access to our identity fingerprints.

Again, security guards are not in place to avoid such risks of hacking. The conditions are not entirely met.

If I had to conclude, I would say that a bazooka is used here to kill a fly. I have already said this in the committee. Honestly, the balance between individual freedom, necessary security and the fight against identity fraud is absolutely not at the meeting. This measure is quite unbalanced in relation to the goal, which, in itself, is praiseworthy. We can already fight to ⁇ it with the means that exist. As evidence, this plague of identity fraud is declining.

No, Mr. Minister, we cannot support this text, and we will vote against it.

Mr. Speaker, Mr. Minister, I naturally agree with the argument of my colleague Vanden Burre, who has followed the dossier in the Committee on Internal Affairs very closely.

Indeed, this draft fits with many measures announced in recent years in the fight against terrorism. We have already discussed several proposals in the Committee on Home Affairs and in the Committee on Justice.

I will not repeat all the arguments of my colleague why we cannot support this text. I would like to emphasize another aspect.

This is an important design, but it has a remarkable history. There have been remarkable pirouettes made in the government parties.

We know very well that the proposal first appeared after a trip to Morocco, and even before that, as the Prime Minister has already said. Let me say that it came into actuality after a trip to Morocco in 2016, with the Prime Minister and – if I am not mistaken – also with Secretary of State Francken, for the conclusion of certain agreements. You were there, and the Prime Minister too. Then the idea arose to include fingerprints on the identity card.

On March 3, 2016, a discussion on this subject took place during the questioning hour in the Chamber. The Prime Minister was questioned about this proposal. I must honestly say that there was immediately a reaction from the Liberal Party. I still remember that Deputy Prime Minister De Croo in front of the cameras of Villa Politica on 3 March 2016 said: no pasarán! Secretary of State Tommelein also said: noppes.

A debate was then held during the plenary session. It was our cherished colleague Lahaye-Battheu who intervened on behalf of the Open Vld. I read her speech again. Well, it could have been a speech from our group. I thought it was a truly liberal viewpoint, which I later, by the way, missed a little.

Mrs Lahaye-Battheu said the following, and I quote, “Of course, there is no problem with tracking fingerprints of persons who pose a risk to our society. But what is the use of collecting, tracking and unilaterally using, when the government so desires, the fingerprints of millions of Belgians? Is this in relation to the problem? Is everyone suddenly suspicious, Mr. Prime Minister? What happens to the free movement in Europe, if we introduce such a system in our small Belgium, while the other European countries do not know it? What is the use of it? What is the cost of such a system? Last but not least, what about the legal side and the legality?” and she continues: “These arguments are separate from our concerns about privacy. I look at the Secretary of State, who also reacted from that point of view."This was then a reference to the decision of Secretary of State Tommelein. “In short,” she concludes, “Open Vld wants to focus primarily on an efficient management of current databases and information, rather than collecting as many data as possible.”

It is remarkable. One has had the Super Ministerial Council and made some changes to the first ideas that were launched then, but in the final we see today that the text is very advanced. Per ⁇ somewhat weakened compared to the first, initial proposals that were launched. But what exactly happened? Why is that concern about privacy suddenly gone? Why is the concern about proportionality gone? There is clearly no proportionality in this measure. The prime minister said in his response that this has already been discussed in the core and that the idea was not stopped. He said this on March 3, 2016. He also said that everyone was free to re-launch the proposal, with new elements, and that there were four parties and there must therefore be an agreement between four parties. On March 3, 2016, the conclusion was that there was no agreement between the four parties, now, almost three years later, that agreement is apparently there. What exactly happened is unclear. In any case, we deeply regret that this draft is finally put to the vote here, three years later.

As stated, we will not support this text because it is not proportionate. There is an overhaul here, and therefore we will vote against it.

Colleague Van Hecke, I think that this bill has come to ensure more security. If you don’t like all of this and if you feel that privacy is completely violated, what is your alternative?

Mr Degroote, we and our group have been very constructively involved in the discussion on security over the past few years. I myself worked in the investigation committee for one and a half years in relation to the attacks. We delivered a report that was unanimously approved. This report proposes a number of measures. This measure was not included in that report. It is primarily about better cooperation, better communication between the services. I can list it all.

I do not doubt your principles and your good attitude, but what do you specifically propose as an alternative? That is my only question.

This measure is not proportional to us. We will seek the fingerprints of 11.3 million inhabitants for a problem that is mainly related to identity fraud and terrorism. Why should this extensive measure be imposed on 11.3 million people? For us, this is overshooting and not proportional. Look at the negative opinion of the former privacy commission. I think this is clear enough.

So there is no need for anything else?

For us, this measure is neither proportionate nor necessary.

I would like to ask Mr. Van Hecke a question.

You are talking about two years ago. You know as well as I know that at that time it was still about storing in a file. I do not hear that in your presentation. Today it is no longer about storing all the data in a single file. This is also an essential difference for us. I think this is important to indicate. In your plea, you correctly pick up some texts and statements, but you forget that this was modified and that those data are no longer stored in a file.

There are changes between the initial and final proposals. This is one of the changes that have actually been made.

Initially, the proposal was much more extensive. This is indeed the course of the route corrected. The result, however, is still that fingerprints of 11.3 million Belgians in this country are requested to place them on the identity card.

This remains a disproportionate measure for us.

Mr. Speaker, Mr. Minister, dear colleagues, the National Register of Natural Persons as well as the identity card have acquired an importance and a daily treatment that one could never have imagined when they were created.

The identity card no longer serves only, as its name suggests, to authenticate the identity of a person, but it is increasingly required in the relationships that citizens have with public and private bodies.

It is true that this results, in particular in the event of a change of address or death, from increasingly heavy administrative formalities to be accomplished which deserved to be simplified.

The objective of simplification pursued by the bill could be praised at first glance, provided that sufficient safeguards for the protection of privacy are provided. Certainly, the draft provides that in order to allow the communication of changes given by the National Register to certain bodies, it is necessary to obtain the express consent of the person concerned. This is the least of the things. But, for the rest, the hearings organized in the committee did not confirm the sufficiency of the other guarantees provided.

This is especially true for the recording of fingerprints on the ID card chip. We are told that the aim of this measure is to strengthen the fight against identity fraud which, very often, serves to commit other more serious offences. Certainly, the fight against identity fraud, white marriages and fraudulent recognitions deserves to be legally strengthened. In order to pursue these legitimate objectives, the means used must be proportionate. However, as the Data Protection Authority has specified, the prohibition of the processing of biometric data for the purpose of identification of natural persons remains the principle, unless precise and restrictive conditions are provided to derogate from this.

In the present case and in the opinion of the experts hearing, this is not the case, or, in any case, it is not the case satisfactorily, both with regard to the interference in the private life that the fingerprint collection represents for preventive purposes, and the absence of a significant phenomenon of identity fraud that would justify that in Belgium such a derogation from the principle recalled by the High Authority be organised.

The Authority adds that, in its current form, the identity card is sufficiently secured by the hologram and the smart card it contains, noting that, in its view, no report of the Police Council or any opinion of the College of Prosecutors General reports of large-scale counterfeiting.

Furthermore, no expert was able to confirm the government majority thesis that the location of fingerprints, i.e. not on the visible chip card, but on a new chip called "invisible", would guarantee the security of the system. In the only three European countries that take fingerprints when issuing the identity card – Spain, Portugal and Italy – the system is criticized by both human rights organisations and security experts. This is how France had to provide, on the occasion of the creation of its recent TES file (Secure Electronic Titles), that users could refuse the scanning and the registration of their fingerprints as part of this file.

However, I would like to clarify that, given the freedom of movement that prevails in the European Union and which applies to identity cards – and not to passports in which biometric data are actually recorded – as well as to the use of the first ones – and not of the second ones, for reasons other than travelling abroad – the parallelism between these two titles does not appear to me to justify the application of this method to identity cards.

In response to the numerous criticisms of experts and, in particular, of the Data Protection Authority, the government majority has submitted only one amendment to designate the authorities authorized to read fingerprints on the ID card chip. These include the personnel of the municipalities, responsible for the issuance of the cards; the police services, as part of their tasks of combating fraud; the personnel responsible for border control; the Office of Foreigners; the SPF Foreign Affairs or even the companies responsible for the production of identity cards.

To justify this minimal and insufficient amendment by decree, the majority refugees behind the argument that Belgium must go at any cost to this system, since it is a request of the European Commission. However, as the Data Protection Authority states in its opinion, this is not the case. The European Commission has only introduced a proposal for a European regulation which, contrary to the bill, lists in a restrictive way the purposes for which fingerprints could be used and which, despite this very strict framework, has been criticized by the European Data Protection Supervisor.

The new procedure for access to the data of the National Register, through which the Minister of the Interior will grant not only permits for access to the Register, but also to the central files of identity cards and foreign cards, also poses questions to us. Indeed, contrary to what is provided for fingerprints, a restrictive list of undertakings authorised to request data from the National Register was not provided. This greatly surprised the group of agents in charge of the management of the municipal services of the population and the civil status – yet at the start partisan, in principle, of your bill.

This list was indeed indispensable since by extending this access to all associations pursuing a mission of general interest, the project opens the door to the risks of deviations in the processing of personal data, derivatives that the recent General Data Protection Regulation tends to reduce, or even annihilate.

Therefore, and given the absence of a formal analysis of these risks, my group, DéFi, will not support this bill.

Two provisions of this bill are inadmissible. The first provision aims to allow companies to use certain data from the National Register. The objective would be to “significantly reduce the administrative strain that citizens face in their contacts with ⁇ .”

The law provides that companies can automatically receive changes to certain data from the National Register of a person with whom they have a contract. As the bill explicitly mentions, these companies do not necessarily pursue a purpose of general interest. This implies a real danger.

During the hearing, the representative of the Group of Agents Population Civil State said he was surprised by this provision. I quote it: "Even if access must be provided by or under a law, decree or decree, and that must be necessary for the performance of tasks of general interest, the risk of deviation from the primary purpose seems important." Moreover, in the future, it will be the Minister of the Interior who will decide whether and for what reason companies receive an authorization to access data from the National Register.

Even though companies will be allowed to use data only within the limits of the purposes listed by law and commercial or advertising purposes are excluded, the bill offers insufficient controls to prevent abuse.

Several speakers, including the Data Protection Authority, spoke during the hearings to denounce the lack of personnel to control permits.

I come to the second unbearable provision in this project. This is the one that provides for the registration of fingerprints on the identity card. This measure raises strong opposition, including in the public opinion. On Twitter, a whole movement develops, under the hashtag “ikweiger”, “jerefuse”. Many experts themselves have expressed their disapproval. In addition, the Data Protection Authority issued a negative opinion on the bill, and in particular on the provision concerning fingerprints.

The Minister claims that the registration of fingerprints is necessary to prevent the falsification of identity documents. However, the discussions in the committee and during the hearings have raised significant doubts about this necessity, the effectiveness and the proportionality of the measure. On the need, several speakers showed that the number of cases of identity fraud remains very limited, and decreases even at the national and international level. Several speakers also mentioned the fact that fingerprints are not an effective tool for preventing fraud. Fingerprints can be easily stolen. The fight against identity card fraud requires more awareness, investments and personnel for digital research, and better data protection through improved encryption. Furthermore, fingerprints are not effective in the fight against terrorism, given that the vast majority of terrorists use their own identity.

Finally, given the limited number of fraud cases and the significant infringements on the privacy of citizens, the question of proportionality should be raised. The fact that the entire population has to record their fingerprints is a serious breach of privacy. According to the Data Protection Authority, the comparison with the passport does not hold the way, given its widespread impact. Even Eubelius, the law firm founded by one of the ministers of this government, confirms by saying that travel is a choice and being a citizen is not. In short, most experts consider that this measure is highly disproportionate.

What a contrast, dear colleagues, when it comes to fighting the big tax fraud! There, the right always invokes respect for privacy, when it comes to tackling big fraudsters. Here, privacy is important. But a Big Brother measure that aims to spy on the 11 million Belgians, she can pass.

For these various reasons, the PTB will vote against this bill.

Mr. Speaker, I would like to briefly explain my amendment in the general discussion. I submitted an amendment because today there is still a piece missing in the Riksregister. This is evident from the answers we received to the written questions our group has asked ministers Geens and Jambon. In particular, it is the data of people who have another nationality in addition to the Belgian nationality.

According to the Minister of Justice, the data in the Rijksregister are not only incomplete, they are also not up-to-date in the sense that the Rijksregister thereby does not provide an overview of persons who at the time of requesting the data from the database, have a multiple nationality. This overview cannot be given.

The Minister of Internal Affairs has already confirmed this in response to a written question. He stated literally: “The National Register of Natural Persons does not include information regarding the dual nationality of persons who have acquired the Belgian citizenship.”

However, it seems to me, for various reasons, important that every person possessing the Belgian nationality is also clearly aware of whether he still possesses one or more other nationalities, if such data is requested. It is therefore the purpose of the amendment to be able to give a conclusive answer to it and therefore to include that given also in the Rijksregister.

First and foremost, thank you very much for your comments in the debate, which is important. As a minister responsible for security, I have always pointed out that security policy must be a balanced policy. There are many balances to be taken into account. Respect for privacy is, of course, an important element.

Two speakers, Mr Thiébaut and Mr Van Hees, dealt with Article 26 concerning administrative simplification. Both speakers said there were not or not enough labels in this bill. We discussed all these issues during the committee discussions. I will be very brief.

This bill contains a dozen tags, namely:

express consent of the citizen;

- the citizen may at any time withdraw his consent;

- the citizen can at any time verify to which company he has given his consent;

- the purpose is only to adapt files containing personal data of customers and the law prohibits the use of the information obtained for commercial purposes;

- this is only possible when the citizen has a lasting contractual relationship with the company (it is not enough to simply be a customer);

- any enterprise that wishes to use these services of the National Register must obtain an authorization from the Minister of the Interior (a procedure is established);

- as soon as the agreement or contract between the company and the citizen is terminated, the company is obliged to immediately communicate it to the National Register. We are talking here about providing data from the National Register to the company. It is not the company that has access to the databases. Companies cannot actively consult the National Register but they receive the information in the circumstances I just mentioned. And so I repeat again that we are not talking about commercial purposes here.

The second issue concerns Article 27 on fingerprints.

Mr. Van Hecke, in my party there are many people who are engaged in history. Therefore, I would like to correct your intervention, to be historically correct.

It is true what you indicate. The debate began when we were in Morocco with a number of ministers and the Secretary of State and therefore also visited the data center of the Moroccan people, where they currently digitally track fingerprints of approximately 30 million Moroccan people.

There were journalists in our chest. While we were on the plane, journalists indicated that the government was in favor of the initiative. When the plane returned, I immediately stated that the initiative was not being discussed. I have never put any proposal in that regard from any of the four parties, not even of my party, on the government table, which is a proposal to establish databases. The only proposal we have talked about is to place digital fingerprints on the identity card without a database and with one objective, which is to combat identity fraud. I want to give it to history for what it is worth.

As regards proportionality, figures for 2014 and 2015 were cited. I add others, from the SPOC of the National Register: 402 files in 2016; 796 files in 2017; in 2018, we are already at 955!

Among these cases, identity card-specific fraud accounted for 230 cases in 2016, 467 cases in 2017, and already 576 cases in 2018. You will tell me that 500 files is very little. But the numbers are constantly increasing and it is wrong to say that the phenomenon is decreasing.

We had this discussion in the committee. For me, it is quite justified because tags are essential.

Nothing is accidental. Today there was a communication from the Council of the European Union that an agreement was reached this morning at 11 p.m. "Better security for ID documents: Council agrees its position."

It says clearly: "Security standards for ID-cards will also need to include a photo" — we have already — "and two fingerprints of the cardholder, stored in a digital format, on a contactless chip." That is exactly what we do here. An agreement has been reached within the Council of the European Union.

Belgium is leading in this. This is not just the case here, with the PNR we took the lead. I think this country should take the lead.

I am pleased and would like to thank the majority parties for supporting this draft. I am convinced that here we are taking another step towards a safer society. As I have said countless times, one measure is never enough, it is about the multitude of measures. This measure is another essential step towards strengthening the security architecture in this country.