The city of Kortrijk pays 40.000 euros for the information every year. A major supplier of this privacy-sensitive information is Proximus, which sees the sale of the data as a well-considered revenue model. Kortrijk is the first 'known' example of this method, but only the beginning of 'opaque' sales of data. Although it was claimed to be anonymous data, the ships omitted the link with data from Visa and / or Bancontact use provides a wealth of information.

Arne Vandendriessche, Alderman for Economy, explains that visitors don't understand Kortrijk who studies, works or lives here, but only the people who come here to shop or to experience something.

“When we combine the data with data from Visa and / or Bancontact use, we know where the money is spent and why people come to our city. Or what event has lured visitors here, ”says Vandendriessche. 

The Kortrijk city council purchases data reports from Proximus. The large mobile phone operator continuously keeps track of how many Proximus customers are in a particular area of ​​the center of Kortrijk at what time.

Authority does not assume its responsibility in this filet 

Further to its position on Proximus' provision of reports based on anonymous location data of their end users, Matthias Dobbelaere previously lashed out at the Authority. He made it clear that the Authority does not assume its responsibility in this file, as it can “decide, without being hindered by any technical knowledge, within a few hours that this does not infringe the privacy legislation”. 

This criticism is not only basically unsubstantiated, the ball is also completely missed legally. In 2016, the Authority already had a discussion with Proximus about the plans it had to offer tailor-made commercial reports. Substantive was the position that was meant during conversation Proximus was communicated clearly and legally correct. 

Article 123 of the Electronic Communications Act allows operators of mobile networks (Proximus or others) to process location data relating to a subscriber or an end user when the relevant location data has been made anonymous.

Individual location data not accepted by the Authority

Perhaps we can disagree about the boundary where the privacy rules are exceeded. It took a while before the first measurement could be taken, because the Privacy Commission looked at the project with suspicion.

As an Authority, we therefore think that we have been more than careful, based on a thorough technical insight into the intended processing operations. It not only looked at the letter of the law.

In addition, a precondition for the creation of mobility patterns on the basis of the thus anonymised big data sets was that master data for identifying such patterns could only be used with sufficiently aggregated data. Working with individual location data, even if stripped of any customer data and technical identity, was therefore not accepted by the Authority for safety's sake.

“Telecom legislation also allows us to process and use anonymised data in this way. At that point, it is no longer personal data, ”said spokesperson Fabrice Gansbeke.

Proximus committed to only report on grouped location data of at least 30 mobile end users. In addition, extrapolation takes place during the final reporting based on, among other things, Proximus' market share compared to that of other operators.

Confusion and contradiction about 'opt-out' arrangement

According to ships Vandendriessche, you can also refuse to have your data collected, via a so-called “opt-out”, a possibility to unsubscribe. The city of Kortrijk has not clearly explained how to unsubscribe. 

You cannot unsubscribe on the Proximus website either because that is not necessary. Still, Gansbeke says the company is looking into how such an opt-out scheme can be created. According to Vandendriessche you can look this up via the website of the Data protection authoritybut there is nothing to be said about an opt-out. The Data Protection Authority is an independent body that ensures that your personal data is processed in accordance with the law.

Also read: Anonymous OV chip card is not anonymous