BRUSSELS
An investigation by several European media outlets revealed Tuesday that hundreds of millions of location data points from mobile phones in Belgium, including those belonging to employees of EU institutions, NATO headquarters, and military bases, are being sold by data brokers.
The joint investigation by L’Echo, Le Monde, German public broadcasters BR and ARD, Netzpolitik.org, and BNR Nieuwsradio found that mobile applications collecting users' location data allow brokers to resell this information, despite it being officially labeled as "anonymous."
The investigation showed that the data makes it possible to accurately trace individuals' movements, including their homes, workplaces, and frequented places, posing potential security risks, particularly for those working in sensitive or critical institutions.
According to the report, mobile phones were detected within the premises of key infrastructures such as the Doel and Tihange nuclear power plants, high-security prisons, NATO headquarters in Brussels, and the Supreme Headquarters Allied Powers Europe (SHAPE) in Mons. Phones were also located at several Belgian military bases, including Kleine-Brogel, where US nuclear weapons are believed to be stored.
A NATO official told Belgian daily L'Echo that the alliance is "fully aware of the general risks that third-party data collection poses" and has "implemented measures to mitigate these risks," without disclosing further details. Despite these measures, more than 1,000 phones were located within NATO sites, according to the report.
Engie, the operator of Belgium's nuclear power plants, said connected devices are not permitted inside technical nuclear areas, except for professional purposes. The Belgian Defense Ministry also stated that smartphone use is banned in all sensitive areas.
The data examined by journalists was purchased from brokers who gather information from various mobile applications. Although such data is sold for marketing and advertising purposes, experts say combining multiple datasets can lead to the re-identification of individuals.
Investigators said they were able to identify several senior European officials, including three holding high-level positions in EU institutions, whose movements matched their home and workplace locations. Two of them confirmed the accuracy of the data but declined to be publicly named.
The European Commission described the findings as "disturbing," saying it is "concerned about the trade" in such personal data.
Data brokers reportedly offer access to location datasets for Belgium for prices ranging from $24,000 to $60,000 per year, covering up to 700,000 tracked phones per day.
Experts warned that, despite being marketed as "anonymous," location data can easily be de-anonymized. Research shows that knowing only two points of reference, such as a person's home and workplace, can be enough to identify them with 95% accuracy.