This law requires the massive collection and storage of biometric data. In order to do this, while ID cards are being prepared, fingerprints are temporarily stored by the National Register Services.
Chip security system not strong enough to withstand cyber attack
According to a study from KU Leuven University, on average, the fingerprints of 225,000 Belgium citizens are centrally stored at any one time. The data is stored on the chips in the ID cards and the police can read it contactlessly, allowing them to check the authenticity of the card or the identity of the cardholder.
The study also shows us that the chip security system is not strong enough to prevent fraudulent access to the biometric data on the ID cards. On one hand, as we are not necessarily informed about when our cards are read and by whom, there is a risk that ill-intentioned individuals will access our information without our knowledge. On the other hand, the chip, which contains a copy of our complete fingerprint, could potentially be hacked. The consequences of such a theft or illegal use of biometric data would be very hard to fix.
In the lawmakers' view, storing fingerprints is necessary to prevent identity fraud. However, Belgian and EU data protection authorities do not necessarily agree with that stance. Indeed, they highlight that identity theft can be tackled using other security data, such as photographs on ID documents. On this basis, using biometric data on ID cards makes identity fraud easier, rather than harder.
Authorities' appetite for data is growing
By taking this disproportionate measure, the law is putting every Belgian citizen at risk of suffering personal data breaches, while the scale of this kind of fraud is currently very limited. Moreover, no prior investigation on the impact and dangers of this law has been carried out.
This controversial law joins a long list of measures that demonstrate the authorities' growing appetite for our personal data. However, this kind of measure is unlikely to help make society safer. Technologies and data collection require a lot of money and staff, and the more data you collect, the greater the need to process and analyse it. The vast majority of data that is collected and stored is from citizens who pose no threat to security. And the material, financial and human resources that are deployed to process this data is being taken away from other, more important purposes. The focus on surveillance overshadows other threats that deserve increased levels of monitoring.
The League of Human Rights and the Liga voor Mensenrechten decided to bring an action against this law in the hope of changing it. They are also calling for a in-depth debate on the usefulness and efficiency of a security policy that reflects an irrational belief in the benefits of the massive processing the personal data of every citizen without exception.