The General National Database: the Eye of Sauron?

Illustré par :

During an identity check, it is common for people to be told that they are already « known » to the police, sometimes even if their criminal record is clean. On the other hand, the people being monitored often have no knowledge of the information they are being subjected to and therefore cannot defend themselves. During a simple contact with the authorities, many people are thus  » profiled  » without their knowledge and are likely to be discriminated against in their dealings with them. The origin of the information available to law enforcement agencies is, of course, explained by the fact that they can, at any time, consult a large number of databases managed by the National General Database (hereinafter « NGD »), which they are obliged to feed at the risk of criminal prosecution. According to the available figures — which are extremely opaque, as they have not been published officially in full since 2008(1) — the system has been so successful that it seems that one person in six in Belgium is currently on file. As of December 31, 2012, there were 1,769,439 individuals in the program. In order to facilitate the collection of data within the NGB, an electronic flow has been set up so that the NGB is fed with data from the official reports recorded in « basic » databases: FEEDIS (Feeding Information System) for the federal police and ISLP (Integrated System for the Local Police) for the local police. Clearly, the majority of traffic tickets that the police write are integrated into the NGB, at least partially. 

The police thus « know » quite a few people, who, in an asymmetrical way, have no direct access to the content of the stored information. This excludes, consequently, any possibility of contradictory debate in the hypothesis that police officers decide to take into account this obscure information when drafting a report, which, thereafter, can possibly be transmitted to a Prosecutor or an Examining Magistrate within the framework of legal proceedings. Even more insidiously, information gleaned about you — which may include your political views or religious leanings — can potentially be taken into account during a simple visit by the Neighborhood Officer as part of a minor neighborhood concern. In the security context in response to the terrorist attacks in Paris and Brussels, the compilation, storage, use and communication by the State of personal data in a police file may seem legitimate… But where do you draw the line? 


Historically, it was in 1998, following the Dutroux affair — and the many criticisms that followed about the lack of information exchange — that the BNG was created with the aim of improving the circulation of police information in the country. Since then, the BNG has been collecting a phenomenal amount of data on identified or identifiable persons… but not necessarily guilty. No matter how much the Minister of the Interior tried to assure us in 2013 that  » when you are in this database, it is not for trifles « (2), a simple look at the law is enough to convince you that you do not have to be a delinquent to be registered there. For example, the police are obliged to record not only the data of criminally convicted persons but also those suspected of having committed a simple administrative offence. Also on file are people « likely » to damage real or personal property and members of groups « likely » to disturb public order. In 2005, the Antwerp police considered organizations such as Gaia, the Humanist League, Indymedia, the pacifist organization Vaka, the Bond Beter Leefmilieu, the Davidsfonds, the Belgian Labour Party, Medicine for the People, the Anti-Fascist Front, and even Hare Krishna as « extremists ». Given the searches conducted in 2014 in the context of « fictitious jobs » in the Equal Opportunities Interior Cabinet, it would not be surprising if Joëlle Milquet — yet the bearer of the project to reform the police database — was referenced there. In 2015, La Libre Belgique informed us that police officers can register, in the BNG, suspects or perpetrators of crimes under the name  » gypsy « . I myself, having been a candidate in the 2007 federal elections for the Communist Party — a youthful mistake — and an active member of the League of Human Rights for many years, may be registered there. Who knows? 

In the same way as for adults, the registration in the BNG of minors between 14 and 18 years old is done without the intervention of any magistrate. There is no minimum age limit for enrollment in the NGB, in contradiction with the Beijing Rules and the UN Convention on the Rights of the Child. From then on, a child of any age can be registered in the BNG: the mistakes of youth are unforgivable. Clearly, the project of the former French president N. Sarkozy to have a file from the nursery is therefore topical… However, the European Court of Human Rights has ruled that the retention of data on unconvicted persons may be particularly harmful in the case of minors because of their special situation and the importance of their development and integration into society. The result of all this is a significant risk of undermining the presumption of innocence of persons who have not been found guilty of any offence. According to European jurisprudence, however, suspects and convicts must necessarily be treated differently. Indeed, the European Court is of the opinion that if « the conservation of private data does not amount to the expression of suspicions, it is still necessary that the conditions of this conservation do not give the impression that they are not considered innocent ».

The objective of the NGB is obviously to allow the identification of the above-mentioned persons, but also to cross-reference this data with other police information in order to verify their  » background « The purpose of the study is to help law enforcement agencies in their investigations and to determine whether any action should be taken with regard to persons being checked (e.g. search, thorough check, arrest, seizure, hearing, etc.). The types of data collected are not explicitly defined in the law and can therefore indiscriminately consist of names, addresses, telephone numbers, license plates, photos, audiovisual recordings, even fingerprints or DNA traces, not to mention political, trade union, religious or psychological data. More generally, any information can be encoded as long as it is « adequate », « relevant » and « non-excessive » for the prosecution of crimes (judicial police mission) or the prevention of public order offences (administrative police mission). 


In the first instance, it is the responsibility of the police officer who enters the data into the NGB to assess whether the data is proportionate to the purpose. In this respect, it is interesting to note that information provided by informants or by citizens filing complaints — or even simple rumors, including those circulated through social networks — can be entered into the NGB if the official in question considers them interesting. In its 2003 annual report, Committee P (the police oversight body) states that it has found in several cases that the information obtained is used a little too lightly:  » In one case, it was a person who was allegedly a carrier of the AIDS virus and intended to infect police officers during a possible police intervention. The investigation conducted by the Standing Committee P and the Control Board found that the information recorded was based solely on verbal rumors, that there was no judicial or administrative justification, that the information received had not been thoroughly evaluated and that there was no concrete interest « .

In addition to the questionable quality of the data incorporated into the NGB, another major concern stems from the extremely long retention periods required by law. In general, and with some exceptions, data relating to administrative police missions are accessible to civil servants for 5 years from the day of their recording, and those relating to judicial police missions for up to 15 years in the case of an act qualified as a misdemeanor, and 30 years in the case of a crime. After these deadlines, or when they are no longer considered  » adequate, relevant and non-excessive « , the data processed in BNG are not deleted but, on the contrary,  » archived  » for 30 years, both for convicted persons and for those merely suspected. Certainly, during the period  » Although the data is legally availablefor more limited purposes, the citizen is entitled to ask whether this retention period is not contrary to the requirement that the data be kept for a longer period.The data is kept« for no longer than is necessary for the purposes for which it is recorded « . On the basis of this principle, the European Court of Human Rights did not hesitate to condemn the French State even though it provided for a retention period of 25 years, which is shorter than that provided for by Belgian law. The concern that the right to be forgotten and the right to change (!) may be violated is all the more legitimate when one knows that there is no provision for the automatic deletion of data recorded in the context of an event for which a data subject is subsequently acquitted. A communication to the police is foreseen, but if they do not proceed to the necessary deletion, no recourse is open to the citizens. There is therefore a risk of remaining on file with the police for an offence even if you have been acquitted of this offence by the courts. 

And that’s not all: when we talk about collecting and recording information, we are talking about communicating it. In order to ensure a maximum sharing of information, the data contained in the police databases can not only be consulted by the Belgian police services, but also be communicated to their foreign counterparts, to the judicial authorities, to the intelligence and security services, to the Committee P, to the Committee R, to the OCAM, to the Financial Information Processing Unit, to the General Administration of Customs and Excise, to the Aliens’ Office, to the international organizations of judicial and police cooperation and to the international law enforcement services (in particular Europol and Interpol). In addition, our dear friends can also consult the Schengen Information System, the SIS. It was created to compensate for the abolition of internal border controls in the Schengen area. 

In principle, these authorities may only consult the NGB within the strict framework of their duties. Nevertheless, in 2005, Committee P already mentioned  » a certain blurring of the norm [qui] within police services concerning the use of computer applications made available to them « . In its 2009 annual report, it noted that  » some members of the police force appear to continue to abuse their access to confidential data for personal use . For example, according to the daily De Morgen, in the aftermath of the suicide of the Flemish singer Yasmine in September 2009, more than 900 police officers consulted her data. Given the recurrence of the phenomenon, Committee P was once again asked to address this issue in 2013 and to conduct an investigation into the matter. In that year alone, 1,200 cases involving privacy issues were open to Committee P, 126 of which specifically involved allegations of database misuse. In only 20.11% of cases, the file review concluded that the allegation was not established. In 77.78% of the cases, the facts were in a non-professional context, i.e. either purely private or in relation to the professional environment but outside the execution of police missions. Paradoxically, the cops are flipping on themselves. Members of the police force are indeed regularly the object of illegitimate actions (18.25% of the cases): these are mainly colleagues of the staff members involved. The other important categories of victims are, in decreasing order of importance: people without a direct link to the police officers involved (14.29%); partners, ex-partners or relations of the police officers involved (11.90%); and family members or their relations (9.52%).

Finally, it is interesting to note that the discovery of illegitimate access is more likely to be the result of external complaints addressed directly to the police, the IGA or Committee P (46.83% of cases) than internal police complaints (1.59% of cases). This information will convince the reader that the figures published by Committee P are probably only the tip of the iceberg, because in order to file a complaint, the citizen must know that he or she is on file and that his or her data has been consulted inappropriately… In Belgium, direct access by citizens to data held by the police is not allowed. This must be done automatically through the Privacy Commission, which may conduct this review at the request of the individual. This is called the indirect right of access. To do so, a dated and signed application must be sent to the Commission. To be accepted, the request must contain: name, surname, date of birth, nationality of the person concerned, a photocopy of his/her identity document. The authority or department involved and  » all relevant information  » must also be identified. In response, the applicant will usually receive no information other than a notice that  » the necessary verifications have been made « . There is no way to be more opaque. 

I am well aware that this article does not inspire the hope of living in a living democracy that should, in principle, debate the implementation of a device before standardizing it, especially in the current anti-terrorist context. And I’ll add, unfortunately, as a conclusion: the BNG has only been regulated by law since March 2014. Before that date, the BNG was only regulated by ministerial circulars and internal directives that were not available to the public. But since then, statistics on its contents are non-existent: the law that was intended to make the NGB transparent has produced the opposite result. The League for Human Rights and the Liga voor Mensenrechten have decided to appeal to the Constitutional Court against the new law on police information management. Let’s keep our fingers crossed. 

Franck Dumortier

Notes et références
(1) Rapport annuel du Comité P 2007–2008.

Espace membre

Member area