Privacy & Cybersecurity Law Blog

On 2 March 2009, a Belgian Criminal court (Tribunal correctionnel de Termonde, No. DE 20.95.16/08/25) fined Yahoo! Inc., €55,000 ($71,745) for refusing to disclose to a Belgian Public Prosecutor the personal data of its e-mail users who were under criminal investigation for fraud. The Criminal court also imposed a daily penalty fee of €10,000 ($13,045) in a case of non-compliance with the judgment.  This decision was reached despite Yahoo!’s argument that Belgian law did not apply because the company does not maintain a legal entity in Belgium and does not store any customer data in Belgium.

In the context of a criminal investigation for fraud, the Belgian Public Prosecutor of Termonde had requested the disclosure of detailed account information to identify e-mail users using pseudonyms on their Yahoo! email accounts.  Yahoo! refused to disclose such information. The Belgian Criminal court held that Yahoo! had violated Article 46bis of Belgian Code of Criminal Procedure (Code d’instruction criminelle), which imposes on electronic communication service providers a duty to cooperate with a Public Prosecutor and to provide the identity of their users when requested by a Public Prosecutor in the course of a criminal investigation.

As mentioned above, Yahoo! argued that Belgian law did not apply because there is not a Yahoo! legal entity in Belgium and Yahoo! does not store any customer data in Belgium. Furthermore, Yahoo! argued that the Belgian Public Prosecutor had failed to issue a formal request in accordance with the procedures established by the Treaty on Mutual Legal Assistance on Criminal Matters, signed between the United States and Belgium on 1 January 2000. Following the ruling, Yahoo! appealed the judgment of the Criminal court on 3 March 2009.