It’s of paramount importance that the Netherlands leads the way not only in terms of digitalization, but also in the field of digital privacy. Public authorities should make people aware of the privacy risks in the digital world and set a good example by providing sufficient privacy-friendly alternatives to existing apps and platforms. This call was made today by a broad coalition of organizations and companies – the Privacy Coalition – to members of the Dutch House of Representatives, who were handed a manifesto. 

The new Privacy Coalition notes in a joint manifesto that more and more digital platforms, services and apps are collecting users’ data without them realizing it. Those data are resold and integrated and then used to track people, follow their online behavior and influence them. “This creates digital profiles on the basis of which companies and even public authorities make decisions that have a major impact on our lives, without us being able to influence it”, the coalition states. It also warns of further polarization in society because people are no longer in control of what information they can and cannot see online.

Freedom of choice

Legislation is being drafted at both the European and national level to curb the unbridled use of personal data. But regulations and supervision alone will not be enough; developments are so rapid that we will always be lagging behind, the Privacy Coalition asserts.

The Privacy Coalition is calling on the Standing Committee on Digital Affairs of the Dutch House of Representatives to much more actively raise awareness among the citizenry about the importance of digital privacy. Public authorities, but also the business community, could set a good example by only using digital platforms and services that respect privacy. The coalition also advocates greater support for privacy-friendly alternatives to existing apps and platforms, so that people have freedom of choice.

High price

“Digital platforms are becoming more adept at collecting data from users without being transparent about it”, says Haykush Hakobyan of Privacy First, one of the initiators of the Privacy Coalition. “People believe many services are offered for free, but they are unknowingly paying a high price with their personal data. We need to stop that trend now. It is a social responsibility of companies, public authorities and other organizations to actively promote digital privacy. There are plenty of technological possibilities to be active in the digital realm without having your privacy violated.”

Hakobyan called on the House of Representatives to organize a technical briefing with providers of privacy-friendly solutions. “Recently, the House held a hearing with Google and Facebook, among others. It is now time to consult with parties that do respect people’s privacy.” The Privacy Coalition invited the Committee on Digital Affairs to continue the conversation with stakeholders and seek solutions.

“As far as I’m concerned, privacy is non-negotiable”, commented Lisa van Ginneken upon receiving the manifesto. Van Ginneken is a member of the Digital Affairs Committee on behalf of D66. “It is a basic principle that guarantees our freedom and our right not to be spied upon either in physical space or on the Internet. Digital human rights should not be the final element, but rather the starting point of any technological development.”

You can read the current manifesto of the Privacy Coalition and all co-signatories HERE.

Would your company or organization like to support the Privacy Coalition’s call? Then This email address is being protected from spambots. You need JavaScript enabled to view it.!

https://www.privacycoalitie.org 

Today – European Data Protection Day – the Dutch Privacy Awards were handed out during the National Privacy Conference, a joint initiative by Privacy First and Dutch Platform for the Information Society ECP. The winners of the 2022 Dutch Privacy Awards are:
- Street Art Museum Amsterdam (SAMA)
- Quodari
- Summitto
- Center for Information Security and Privacy Protection (CIP).

The Dutch Privacy Awards provide a platform for companies and government agencies that see Privacy as an opportunity to positively stand out and make privacy-friendly entrepreneurship and innovation the norm. "These Awards have been handed out each year since 2015 and every time the jury nominated special, innovative and inspiring candidates. That’s been no different in 2022. Most of the time, privacy becomes a news item only when things have gone terribly wrong, when hefty fines are issued or certain parties incur serious reputational damage in court. In this respect, it would be a good thing if more attention would go out to ‘the bright side of privacy’ – to solutions that save time and money, strengthen trust, offer insights to people who need it and increase the overall effectiveness of various sorts of applications. The Dutch Privacy Awards are there to put the most inspiring initiatives in the spotlight and give these the recognition they deserve," said Awards jury chairman Wilmar Hendriks.

Nominations  

There are four categories in which applicants are awarded:

1. the category of Consumer solutions (business-to-consumer)

2. the category of Business solutions (within a company or business-to-business)

3. the category of Public services (public authority-to-citizen)

4. The incentive Award for a groundbreaking technology or person.

From the various entries, the independent expert panel chose the following nominees per category (listed in arbitrary order):

1. Scoor voor je Club
2. Summitto
3. Privacy Rating
4. PiM, the Personal identity Manager by KPN
5. Street Art Museum Amsterdam (SAMA) 
6. Quodari
7. Shuttercam. 

During the National Privacy Conference all nominees presented their projects to the digital audience in Award pitches. Thereafter, the Awards were handed out. Click HERE for the entire expert panel report (pdf in Dutch), which includes participation criteria and explanatory notes on all the nominees and winners.

WINNER Consumer solutions: Street Art Museum Amsterdam (SAMA) 

Connecting privacy and art in a project that aims to raise awareness among neighborhood residents is unique and pleasantly surprised the jury. With its Privacy Project, SAMA allows such themes as privacy, digital rights, anonymity on the internet and the impact of technology on society to capture the imagination. More than 80 artists were invited to create a design for a mural, and out of their designs three were chosen to actually be produced on the streets. Local residents were involved in the choice for the design through voting.

Offering critical reflections through their art, artists encouraged residents to think about the issue of privacy. Raising awareness was in fact one of the main goals of this project. For SAMA, the project was a new adventure that saw murals being created in three vulnerable districts in Amsterdam: Nieuw-West, Noord and Zuidoost.

The jury believes that this project shows that graffiti-art murals can help raise awareness among residents about privacy issues. The whole process whereby residents think about both these issues as well as the realization of the murals equally contributes to give meaning to an abstract concept like privacy.

The jury expresses the wish that this project will be replicated in many other cities and especially in vulnerable neighborhoods where residents are still insufficiently aware of what happens to their personal data, and how important it is to be able to make choices about who you share these data with.

WINNER Business solutions: Quodari

Quodari is a privacy-friendly social media platform that puts users in control of their own data and content. It enables users to share collections of data online with friends, but also to make these data public. Taking European values as point of departure, Quodari aims to be a privacy-friendly alternative to existing social media platforms. Quodari’s business model is based on providing true value for users through additional storage space and other features for business or personal use. Quodari does not aim to attract users to its platform for as long as possible, does not exploit personal data and is free of advertising. In this way, privacy risks on the platform are reduced and financial conflicts of interest are avoided. Quodari is a Dutch initiative launched in 2021. The company expects a European rollout as well as the start to a new marketing campaign this year.

In the jury’s opinion, Quodari is a successful attempt to provide an alternative to existing social media platforms, where privacy is paramount and users truly control their own data. With Quodari, users who attach great importance to their privacy have a fair alternative to what Big Tech has to offer. That was the primary reason for the jury to grant Quodari a Dutch Privacy Award.

WINNER Public services: Summitto 

Summitto develops software for tax authorities to combat VAT fraud. Whereas existing solutions collect massive amounts of data that are often stored in plain text in a centralized way, this solution ensures that VAT fraud can be fought without actually storing data. Summitto’s method is based on modern cryptography to optimally protect invoicing. The product is a commercial off-the-shelf product that is open-source and can help tax authorities digitize VAT in a privacy-friendly way. Summitto has received grants from Horizon 2020, the EU program for research and innovation. The company is in close contact with a number of key players which in one way or another deal with VAT, including the European Commission, various government bodies and the International Bureau of Fiscal Documentation (IBFD).

With its original approach, Summitto links the social importance of combating VAT fraud with high privacy values. The approach has drawn a lot of attention from experts throughout Europe. The jury is impressed with the practical applicability of the software in combination with its high privacy standards and has therefore declared Summitto the winner in the public services category.

WINNER Incentive Award: Centrum Informatiebeveiliging en Privacybescherming (CIP) 

This year, the jury chose to present the Incentive Award to the Dutch Center for Information Security and Privacy Protection (CIP).

In spite of the pandemic, CIP has over the past year made a tremendous effort to keep its network updated through digital webinars, podcasts, workshops and games that span a range of topics. The center has built up a remarkable database of videos that are accessible to everyone on YouTube. Privacy is an important topic for CIP: up until now it has made public 22 different sorts of productions on this issue.

CIP is a public-private network organization that operates on the basis of the principle "for all, by all". It is made up of a team of passionate professionals who work together with the members of the network and its partners on practical and usable products in the field of privacy protection, ethics and information security. CIP is also on top of the news and is constantly coming up with new hot topics that are proposed by its participants and partners.

The jury expresses its great appreciation for the achievements of CIP and encourages the center to continue with the important work it is doing. Not least because the results of this work are freely accessible to public authorities, industry, organizations and citizens.

National Privacy Conference

The Dutch National Privacy Conference is a ECP|Platform for the Information Society and Privacy First initiative. Once a year, the conference brings together Dutch industry, public authorities, the academic community and civil society with the aim to build a privacy-friendly information society. The mission of both the National Privacy Conference and Privacy First is to turn the Netherlands into a guiding nation in the field of privacy. To this end, privacy by design is key.

These were the speakers during the 2022 National Privacy Conference in successive order:

Marjolijn Bonthuis (ECP deputy director)
Monique Verdier (Dutch Data Protection Authority vice chairwoman)
Martin Vliem (National Security Officer, Microsoft)
Max Schrems (founder of None of Your Business - NOYB)
Haroon Sheikh (senior scientist, Dutch Advisory Council on Government Policy, WRR)
Gry Hasselbalch (cofounder of European ThinkDoTank DataEthics)
Paul Korremans (Privacy First chairman)
Wilmar Hendriks (chairman of the expert panel of the Dutch Privacy Awards).

Both the conference as well as the Awards session – which were livestreamed from Nieuwspoort in The Hague: https://www.nieuwspoort.nl/stream/privacy-first-ecp/ – were moderated by Dutch television host Tom Jessen.

Expert panel Dutch Privacy Awards

The independent expert Award panel consists of privacy experts from different fields, all of whom participated in their personal capacity:

• Wilmar Hendriks, founder of Control Privacy, chairman of CUIC and Privacy First board member (panel chairman)
• Paul Korremans (Privacy First chairman)
• Melanie Rieback, CEO and cofounder of Radically Open Security
• Nico Mookhoek, legal expert in the field of privacy and founder of DePrivacyGuru
• Rion Rijker, privacy and IT security expert, partner at Fresa Consulting
• Magdalena Magala, privacy officer at the municipality of Zaanstad
• Mathieu Paapst, university lecturer IT law at the University of Groningen and projectlead of cookiedatabase.org
• Jaap van der Wel, IT expert and legal expert in the field of privacy, managing partner at Comfort Information Architects
• Erik Bruinsma, legal expert; director Strategy and management advice, Statistics Netherlands (CBS). 

In order to make sure that the Award process is run objectively, panel members may not judge on any entry from their own organization or an organization in which a panel member has an interest.

In collaboration with the Dutch Platform for the Information Society (ECP), Privacy First organizes the Dutch Privacy Awards with the support of the Democracy & Media Foundation and The Privacy Factory.

Preregistrations for the 2023 Dutch Privacy Awards are welcome!

Would you like to become a sponsor or (media) partner of the Dutch Privacy Awards? Then please get in touch with Privacy First! 

As an NGO that promotes civil rights and privacy protection, Privacy First has been concerned with financial privacy for years. Since 2017, we have been keeping close track of the developments surrounding the second European Payment Services Directive (PSD2), pointing out the dangers to the privacy of consumers. In particular, we focus on privacy issues related to ‘account information service providers’ (AISPs) and on the dangerous possibilities offered by PSD2 to process personal data in more extensive ways.

At the end of 2017, we assumed that providing more adequate information and more transparency to consumers would be sufficient to mitigate the risks associated with PSD2. However, these risks turned out to be greater and of a more fundamental nature. We therefore decided to launch a bilingual (Dutch & English) website called PSD2meniet.nl in order to outline both our concerns and our solutions with regard to PSD2.

Central to our project is the Don’t-PSD2-Me-Register, an idea we launched on 7 January 2019 in the Dutch television program Radar and in this press release. The aim of the Don’t-PSD2-Me-Register is to provide a real tool to consumers with which they can filter out and thus protect their personal data. In time, more options to filter out and restrict the use of data should become available. With this project, Privacy First aims to contribute to positive improvements to PSD2 and its implementation.

Protection of special personal data

In this project, which is supported by the SIDN Fund, Privacy First has focused particularly on ‘special personal data’, such as those generated through payments made to trade unions, political parties, religious organizations, LGBT advocacy groups or medical service providers. Payments made to the Dutch Central Judicial Collection Agency equally reveal parts of people’s lives that require extra protection. These special personal data directly touch upon the issue of fundamental human rights. When consumers use AISPs under PSD2, their data can be shared more widely among third parties. PSD2 indirectly allows data that are currently protected, to become widely known, for example by being included in consumer profiles or black lists.

The best form of protection is to prevent special personal data from getting processed in the first place. That is why we have built the Don’t-PSD2-Me-Register, with an Application Programming Interface (API) – essentially a privacy filter – wrapped around it. With this filter, AISPs can detect and filter out account numbers and thus prevent special personal data from being unnecessarily processed or provided to third parties. Moreover, the register informs consumers and gives them a genuine choice as to whether or not they wish to share their data.

What’s next?

We have outlined many of the results we have achieved in a Whitepaper, which has been sent to stakeholders such as the European Commission, the European Data Protection Board (EDPB) and the Dutch Data Protection Authority. And of course, to as many AISPs as possible, because if they decide to adopt the measures we propose, they would be protecting privacy by design. Our Whitepaper contains a number of examples and good practices on how to enhance privacy protection. Among other things, it lays out how to improve the transparency of account information services. We hope that AISPs will take the recommendations in our Whitepaper to heart.

Our Application Programming Interface (API) has already been adopted by a service provider called Gatekeeper for Open Banking. We support this start up’s continued development, and we make suggestions on how the privacy filter can be best incorporated into their design and services. When AISPs use Gatekeeper, consumers get the control over their data that they deserve.

Knowing that the European Commission will not be evaluating PSD2 until 2022, we are glad to have been able to convey our own thoughts through our Whitepaper. Along with the API we have developed and distributed, it is an important tool for any AISP that takes the privacy of its consumers seriously.

Privacy First will continue to monitor all developments related to the second Payment Services Directive. Our website PSD2meniet.nl will remain up and running and will continue to be the must-visit platform for any updates on this topic.

If you want to know how things develop, or in case you have any suggestions, please send an email to Martijn van der Veen: This email address is being protected from spambots. You need JavaScript enabled to view it..

Today – on European Data Protection Day – the 2021 Dutch Privacy Awards were handed out during the Dutch National Privacy Conference, a joint initiative by Privacy First and the Dutch Platform for the Information Society (ECP). These Awards provide a platform for companies and governments that see privacy as an opportunity to distinguish themselves positively and to make privacy-friendly entrepreneurship and innovation the norm. The winners of the Dutch Privacy Awards 2021 are STER, NLdigital, Schluss, FCInet and the Dutch Ministry of Justice and Security.

Consumer solutions

Winner: STER

Advertising without storage of personal data, contextual targeting: proven effectiveness

The Dutch Stichting Ether Reclame (Ether Advertising Foundation), better known as STER, was one of the first organizations in the Netherlands to abandon the common model of offering advertisements based on information collected via cookies. STER has developed a procedure that only uses relevant information on the webpages visited. No personal data are collected at all (data such as browser version, IP address and click-through behaviour). Advertisers submit their advertisements to STER, which are then put on the website in conformity with the protocol developed by STER, which is based on a number of simple categories. These categories are linked to the information that is shown, such as a TV program that someone has selected. The protocol has been built up and refined over the past period and now works properly.

In this way, STER kills several birds with one stone. Most importantly, initial applications show that this approach is at least as effective for advertisers as the old cookie-based way. Secondly, the approach removes parties from the chain. Data brokers who played a role in the old system are now superfluous. Apart from the financial gain for the chain, this also prevents data coming into the possession of parties the data should not end up with. And thirdly, STER stays in control of its own advertising campaigns.

This makes STER a deserved winner of the Dutch Privacy Awards. The concept developed is innovative and helps to protect the privacy of citizens without them having to make any effort. STER is also investigating the possibility of using the approach more broadly. This too is an innovation that the expert panel applauds.

In that sense STER’s approach is also a well-founded response to the data-driven superpowers on the market as it demonstrates that the endless collection of personal data is not at all necessary to get your message across, whether it is commercial or idealistic.

STER could perhaps also have been submitted as a Business-to-Business entry, but the direct interests of consumers meant that it was listed in the category of consumer solutions.

Business solutions

Winner: NLdigital

Organisational innovation and practical application: Data Pro Code

Entries for the Dutch Privacy Awards often relate to technical innovations. At NLdigital it is not the technology, but the approach that is innovative. It has given concrete meaning to GDPR obligations through agreements and focuses mainly on data processors, not on the responsible parties. This enables processors to make agreements more quickly, practically and with sufficient care – agreements which are also verifiable in this regard. Many companies provide services by making applications available which involve data processing. And that requires processing agreements, which are not easy to apply for every organization. Filling in the corresponding statement leads to an appropriate processing agreement for clients.

NLdigital’s code of conduct called Data Pro Code is a practical instrument tailor made for the target group: IT companies that process data on behalf of others. With the help of (600) participants/members, the Code is drawn up as an elaboration of Art. 28 of the GDPR. It has been approved by the Dutch Data Protection Authority and has led to a publicly accessible certification.

Public services

Winner: FCInet & Ministery of Justice and Security

Ma³tch, privacy on the government agenda: innovative data minimization

FCInet is innovative, privacy-enhancing technology that was developed by the Dutch Ministry of Justice and Security and the Dutch Ministry of Finance. It is meant to assist in the fight against (international) crime. Part of FCInet is Ma³tch, which stands for Autonous Anonymous Analysis. With this feature the Financial Criminal Investigation Services (FCIS) can share secure and pseudonymized datasets on a national level (for example with the Financial Intelligence Unit-Netherlands and the Fiscal Information and Investigation Service), but also internationally. Ma³tch is a technology that supports and enforces parties concerned to make careful considerations per data field. This is possible with regard to the question of which data these parties want to compare and on the basis of which conditions. This ensures that parties can set up the infrastructure in such a way that it can be technically enforced that data are exchanged only on a legitimate basis.

Through hashing, organization A encrypts (bundles of) personal data in such a way that receiving party B has the possibility to check whether a person known to organization B is also known to organization A. Only if it turns out that there is a match (because the list of known persons in hashed form of organization B is checked against the list of persons in the sent list) does the next step take place whereby organization B actually requests information about the person concerned from organization A. The check takes place in a secure decentralized environment, so organization A does not know whether there is a hit or not. The technology thus prevents the unnecessary perusal of personal data in the context of comparisons.

The open source code technology of FCInet offers broader possibilities for application, which is encouraged by the expert panel and was an important reason for the submission: it can be reused in many other organizations and systems. The panel therefore assessed this initiative as a good investment in privacy by the government, where, clearly, the issue of privacy really is on the agenda.

Incentive Award

Winner: Schluss

Schluss applied for the Dutch Privacy Awards in 2021 for the third time. That is not the reason for the Incentive Award, even though it may encourage others to persevere in a similar way.

The reason is that it is a very nice initiative, focused on the self-management of personal data. In the form of an app, private users are offered a vault for their personal data, whether they are of a medical, financial or other nature. Users decide which people or organizations gets access to their data. The idea is that others who are allowed to see the data no longer need to store these data themselves. Schluss has no insight into who uses the app, its role is only to facilitate the process. The technology, which is open source, guarantees transparency about the operation of the app.

Schluss won the prestigious Incentive Award because thus far the app has had only a beta release. However, promising projects have been started with the Volksbank and there is a pilot in collaboration with the Royal Dutch Association of Civil-law Notaries. With the mission statement (‘With Schluss, only you decide who gets to know which of your details’) in mind, Schluss chose to become a cooperation, an organizational form that appealed to the expert panel. With this national Incentive Award the panel hopes to encourage the initiators to continue along this path and to persuade parties to join forces with Schluss.

Nominations  

There are four categories in which applicants are awarded:

1. the category of Consumer solutions (business-to-consumer)

2. the category of Business solutions (within a company or business-to-business)

3. the category of Public services (public authority-to-citizen)

4. the incentive award for a ground breaking technology or person.

From the various entries, the independent expert panel chose the following nominees per category (listed in arbitrary order):

During the National Privacy Conference all nominees presented their projects to the audience in Award pitches. Thereafter, the Awards were handed out. Click HERE for the entire expert panel report (pdf in Dutch), which includes participation criteria and explanatory notes on all the nominees and winners.

National Privacy Conference

The Dutch National Privacy Conference is a ECP|Platform for the Information Society and Privacy First initiative. Once a year, the conference brings together Dutch industry, public authorities, the academic community and civil society with the aim to build a privacy-friendly information society. The mission of both the National Privacy Conference and Privacy First is to turn the Netherlands into a guiding nation in the field of privacy. To this end, privacy by design is key.

These were the speakers during the 2021 National Privacy Conference in successive order:
- Monique Verdier (vice chairwoman of the Dutch Data Protection Authority)
- Judith van Schie (Considerati)
- Erik Gerritsen (Secretary General of the Dutch Ministery of Health, Welfare and Sport) 
- Mieke van Heesewijk (SIDN Fund) 
- Peter Verkoulen (Dutch Blockchain Coalition)
- Paul Tang (MEP for PvdA)
- Ancilla van de Leest (Privacy First chairwoman)
- Chris van Dam (Member of the Dutch House of Representatives for CDA)
- Evelyn Austin (director of Bits of Freedom)
- Wilmar Hendriks (chairman of the expert panel of the Dutch Privacy Awards).

The entire conference was livestreamed from Nieuwspoort in The Hague: see https://www.nieuwspoort.nl/agenda/overzicht/privacy-conferentie-2021/stream and https://youtu.be/asEX1jy4Tv0.

Dutch Privacy Awards expert panel

The independent expert Award panel consists of privacy experts from different fields:

• Wilmar Hendriks, founder of Control Privacy and member of the Privacy First advisory board (panel chairman)
• Ancilla van de Leest, Privacy First chairwoman
• Paul Korremans, partner at Comfort Information Architects and Privacy First board member
• Marc van Lieshout, managing director at iHub, Radboud University Nijmegen
• Alex Commandeur, senior advisor BMC Advies
• Melanie Rieback, CEO and co-founder of Radically Open Security
• Nico Mookhoek, privacy lawyer and founder of DePrivacyGuru
• Rion Rijker, privacy and data protection expert, IT lawyer and partner at Fresa Consulting.

In order to make sure that the Award process is run objectively, the panel members may not judge on any entry of his or her own organization.

In collaboration with the Dutch Platform for the Information Society (ECP), Privacy First organizes the Dutch Privacy Awards with the support of the Democracy & Media Foundation and The Privacy Factory.

Pre-registrations for the 2022 Dutch Privacy Awards are welcome!

Would you like to become a sponsor of the Dutch Privacy Awards? Please contact Privacy First! 

The world is hit exceptionally hard by the coronavirus. This pandemic is not only a health hazard, but can also lead to a human rights crisis, endangering privacy among other rights.

The right to privacy includes the protection of everyone’s private life, personal data, confidential communication, home inviolability and physical integrity. Privacy First was founded to protect and promote these rights. Not only in times of peace and prosperity, but also in times of crisis.

Now more than ever, it is vital to stand up for our social freedom and privacy. Fear should not play a role in this. However, various countries have introduced draconian laws, measures and infrastructures. Much is at stake here, namely preserving everyone’s freedom, autonomy and human dignity.

Privacy First monitors these developments and reacts proactively as soon as governments are about to take measures that are not strictly necessary and proportionate. In this respect, Privacy First holds that the following measures are in essence illegitimate:
- Mass surveillance
- Forced inspections in the home
- Abolition of anonymous or cash payments
- Secret use of camera surveillance and biometrics
- Every form of infringement on medical confidentiality.

Privacy First will see to it that justified measures will only apply temporarily and will be lifted as soon as the Corona crisis is over. It should be ensured that no new, structural and permanent emergency legislation is introduced. While the measures are in place, effective legal means should remain available and privacy supervisory bodies should remain critical.

Moreover, in order to control the coronavirus effectively, we should rely on the individual responsibility of citizens. Much is possible on the basis of voluntariness and individual, fully informed, specific and prior consent.

As always, Privacy First is prepared to assist in the development of privacy-friendly policies and any solutions based on privacy by design, preferably in collaboration with relevant organizations and experts. Especially in these times, the Netherlands (and the European Union) can become an international point of reference when it comes to fighting a pandemic while preserving democratic values and the right to privacy. This is the only way that the Corona crisis will not be able to weaken our world lastingly, and instead, we will emerge stronger together.

In the context of the National Privacy Conference organized by Privacy First and the Dutch Platform for the Information Society (ECP), today the Dutch Privacy Awards have been handed out. These Awards offer a podium to organizations that consider privacy as an opportunity to positively distinguish themselves and want privacy-friendly entrepreneurship and innovation to become a benchmark. The winners of the 2020 Dutch Privacy Awards are Publicroam, NUTS and Candle.

Winner: Publicroam

Safe and easy access to WiFi everywhere for guest users

Most people in libraries, hotels, coffee bars and other public places log onto the local WiFi network in order to save on mobile data and to not rely on mobile networks which indoors may not be available everywhere. Often, WiFi networks operate on the basis of a single, local password, indicated on tables and screens. This makes the digital activities of users vulnerable in more ways than one, with all the ensuing nasty consequences. On top of that, users may not be informed about what the internet provider does with their personal data. It is said that the trade in personal data is by now more profitable than the trade in oil.

These risks were first identified by educational institutions and later by public authorities. This led to the creation of international roaming services like Eduroam and Govroam. But why aren’t such services available everywhere and to everyone? Publicroam set out to change just that and is being welcomed in more and more places. And rightfully so, according to the Privacy Awards expert panel. Several large municipalities and organizations (all libraries in the Netherlands among them) are already connected to Publicroam, or will be soon. In and of itself this facility is not a completely new solution, but the expert panel is particularly impressed by the fact that it can offer great advantages to literally everyone in the country – and possibly beyond – and can therefore have a huge impact on what we’re used to: one account which allows all users to go online automatically and securely, with serious respect for privacy ensured.

It’s possible after all: sound business initiatives that respect privacy; Publicroam is proof of this.

Winner: NUTS

Decentral infrastructure for privacy-friendly communication in healthcare

The NUTS Foundation is an initiative which aims to offer a privacy-friendly solution to identity management and sharing personal data in healthcare environments. It entails that individuals keep control over which healthcare data may be shared between healthcare providers. The NUTS Foundation has laid down its principles in a manifesto which all participants should ascribe to and which states that all software that’s being developed should meet the demands of open source. The result that the NUTS Foundation is striving for is a decentral system which keeps control over personal health information in the hands of the people involved.

The services offered by the decentral network are based on the principles of privacy by design. Identity management solutions contribute to irrefutably establishing the identity of individuals concerned. The decentral approach is in line with the digital healthcare architecture which is currently in the making and is also partly being introduced already. In this way, healthcare information components can use the decentral facilities that are being realized through NUTS.

In the eyes of the expert panel, the NUTS Foundation is a strong example of an initiative which not only looks at privacy issues in a comprehensive way but creates concrete solutions to these issues as well. The open source community that the NUTS Foundation is bringing to fruition, prevents vendor-lock-in in crucial areas of the digital healthcare infrastructure. Emerging digital Personal Healthcare Areas can equally make use of the decentral administrative provisions which NUTS is working towards. The rationale behind NUTS – creating a utility for a crucial part of the digital healthcare architecture – particularly appeals to the expert panel. Expanding the foundation, which currently by and large relies on a single company, will further increase the support for this initiative.

In order to give the NUTS Foundation the opportunity to further realize its ideals and to propagate these more widely, the expert panel has decided to confer this year’s Dutch Privacy Award for business solutions to the NUTS Foundation.

Winner: Candle

Privacy-friendly smart home solution

Candle is a reaction to a risk analysis (privacy by design) to Internet of Things products which unnecessarily connect to a cloud server. It’s a project which concentrates on developing alternative smart systems in and around the home, based on the principle that connection to the internet is unnecessary. Candle started off as a project organization run by students from universities and colleges of higher education as well as by artists’ collectives who aimed at developing practical hardware solutions combined with open source software. Various domestic appliances such as central heating, cameras, CO2 sensors and other applications can easily be connected with one another. A switch is used to make contact with an external network. Users make a deliberate choice when they import and export emails and other data.

Candle shows that it’s very well feasible to create a Smart solution without Big Tech companies and their data driven models. Meanwhile, there are various concept solutions which companies can actually put into practice. In its core, Candle is privacy by design and it opens people’s eyes to alternative smart systems.

"The market for ethical technology will grow in much the same way as the market for biological food has grown enormously. But how do we boost this market? That’s the challenge. The GDPR has ploughed the earth. Now it’s time to sow and entrust this concept to consumers", comments Candle.

Nominations

There are four categories in which applicants are awarded:

1. the category of Consumer solutions (business-to-consumer)

2. the category of Business solutions (within a company or business-to-business)

3. the category of Public services (public authority-to-citizen)

4. The incentive prize for a ground breaking technology or person.

From the various entries, the independent expert panel chose the following nominees per category:

During the National Privacy Conference the nominees presented their projects to the audience in Award pitches. Thereafter, the Awards were handed out. Click HERE for the entire expert panel report (pdf), which includes participation criteria and explanatory notes on all the nominees and winners.

National Privacy Conference

The National Privacy Conference is a ECP|Platform for the Information Society and Privacy First initiative. Once a year, the conference brings together Dutch industry, public authorities, the academic community and civil society with the aim to build a privacy-friendly information society. The mission of both the National Privacy Conference and Privacy First is to turn the Netherlands into a guiding nation in the field of privacy. To this end, privacy by design is key.

These were the speakers during the 2020 National Privacy Conference in successive order:

- Monique Verdier (vice chairman of Dutch Data Protection Authority)
- Richard van Hooijdonk (trendwatcher/futurist) and Bas Filippini (founder and chairman of Privacy First)
- Tom Vreeburg (IT-auditor)
- Coen Steenhuisen (privacy advisor at Privacy Company)
- Peter Fleischer (global privacy counsel at Google)
- Sander Klous (professor in Big Data Eco Systems, University of Amsterdam)
- Kees Verhoeven (Member of the Dutch House of Representatives for D66).

Expert panel of the Dutch Privacy Awards

The independent expert award panel consists of privacy experts from different fields:

• Bas Filippini, founder and chairman of Privacy First
• Paul Korremans, partner at Comfort Information Architects and Privacy First board member
• Marie-José Bonthuis, owner of IT’s Privacy
• Esther Janssen, attorney at Brandeis Attorneys specialized in information law and fundamental rights
• Marc van Lieshout, managing director at iHub, Radboud University Nijmegen
• Melanie Rieback, CEO and co-founder of Radically Open Security
• Nico Mookhoek, privacy lawyer and owner of NMLA
• Wilmar Hendriks, founder of Control Privacy and member of the Privacy First advisory board
• Alex Commandeur, senior advisor at BMC Advies.

In order to make sure that the award process is run objectively, the panel members may not judge on any entry of his or her own organization.

Privacy First organizes the Dutch Privacy Awards with the support of the Democracy & Media Foundation and in collaboration with ECP. Would you like to become a partner of the Dutch Privacy Awards? Then please contact Privacy First!

The Dutch Ministry of Finance is about to oblige companies to export personal data on a large scale. The measure is hidden in a subordinate clause of a letter from the Minister of Finance, although it has major consequences. The measure obliges companies that trade in 'virtual assets' (such as bitcoins, real estate, but also purchases in computer games) to include personal data of customers in the transaction records and messages. The information from all parties involved needs to remain visible and available to everyone in the value chain.

Consumers, companies and citizens cannot object to this mandatory addition of their personal data. The topic is not receiving the proper amount of political attention because it is presented as a technical measure. In his letter to Dutch Parliament of 21 March 2019, the Minister fails to point out the large scope and impact. It is, however, suggested that a consultation round will take the market responses to the envisaged rules onboard.

Privacy First and VBNL (United Bitcoin Companies Netherlands) have meanwhile understood that the worldwide objections to the proposed measure are being ignored. That is why they are today sending an urgent letter to the Dutch Minister of Finance. They ask him to study the issue better, with all relevant Ministries and in particular: to better inform Parliament. In doing so, they point to the conflicts of law that may arise as the measure may well violate international agreements and treaties that protect privacy.

Where it is known that consumers are very reluctant to make their own data available to private and commercial institutions, the government must be similarly reluctant on their behalf. Privacy First finds it extremely unfortunate that the Ministry of Finance seems to intend to give this all-in permission for unbridled export of personal data without giving it proper attention and without applying due process.

There is no merit to the claim that the measure is required for counter-terrorism purposes. Experts at Europol (!) indicate that the international proposal is "overkill" and not necessary for investigative purposes. The rule adds nothing to the existing European framework against money laundering and terrorist financing and only increases the risk of unwanted data breaches.

Privacy First and VBNL hope that their letter will make Dutch Parliament aware that this is a proposal that goes far beyond the much-debated access-regime of the recent second European Payment Services Directive (PSD2). With PSD2, consumers can decide to share data themselves. With this proposal, they will become deprived of that fundamental right for all kinds of economic acts. Privacy First and VBNL are calling on parliamentarians to protect consumers and businesses against this unnecessary planned measure.

The letter can be downloaded here (pdf).

PSD2 opt-out register

Is it possible to have innovation in the field of payment data while preserving privacy? Under the new European banking law PSD2, payment data can be shared with non banking parties. The legislator has, however, failed to implement privacy by design. Therefore, the Privacy First Foundation has taken the initiative to launch a PSD2 opt-out register in the Netherlands. We are happy to report that the SIDN Fund is supporting us in this. With this opt-out register bank account numbers can be filtered. This can be useful in case bank account numbers are linked to sensitive personal data, such as a payment to a trade union, a healthcare insurer, a political party or an organization that reveals one’s sexual preference. It can also be useful when consumers wish to filter their contra accounts. The Dutch PSD2 opt-out register could become trendsetting at a European level.

Source: https://www.sidnfonds.nl/nieuws/de-eerste-pioniers-van-2019, 22 May 2019 (in Dutch).

Follow https://psd2meniet.nl for updates and become a member of our PSD2 Privacy Panel! (in Dutch)

For all its projects and affiliated activities, Privacy First is largely dependent on donations. The more financial support and donations we receive, the sooner Privacy First will be able to launch the PSD2 opt-out register.

In the context of the National Privacy Conference organized by Privacy First and ECP today the Dutch Privacy Awards have been handed out. These Awards offer a podium to organisations that consider privacy as an opportunity to positively distinguish themselves and want privacy-friendly entrepreneurship and innovation to become a benchmark. The winners of the 2019 Dutch Privacy Awards are Startpage.com as well as Privacy Company & SURF. PublicSpaces received the incentive prize.

Winner: Startpage.com

With Private Search 2.0, Startpage.com allows those who find profiling and targeting on the basis of search queries oppressing, to breathe a little more freely again. The basic promise of Startpage is that its users can question Google Search without having to fear that Google accords a permanent data trail to every single query. Moreover, Startpage.com enables searching through an anonymizing proxy. It therefore meets the needs of anyone who doesn’t want to be confronted with targeted ads on the basis of search queries. Think of people who search for information related to financial, relationship or health problems. And naturally any other person who, by default, wishes to stay clear of foreign companies that trade in personal data (based in Silicon Valley and elsewhere). Startpage.com thus offers people an important and very privacy-friendly opportunity to visit websites without having to worry about unwanted profiling and without being confronted with one’s own search behavior.

Winner: Privacy Designer (Privacy Company and SURF)

Privacy Designer is a Privacy Company and SURF web app which helps SMEs, associations and NGOs to identify privacy risks. The app has been co-financed by the SIDN Fund and can be used free of charge.

The expert panel was deeply impressed by this solution. It’s a practical and innovative app which has a large impact on society because research points out that the target group is often insufficiently aware of the privacy risks to which it is exposed and doesn’t quite know how to deal with such risks appropriately. Another advantage of Privacy Designer is the fact that all data is stored on one’s own device and the use of personal data is kept to a minimum. In short, this entry can potentially improve the privacy of a large group of people in an effective and accessible way.

Winner: PublicSpaces

There is a lot that goes on online that internet users can’t see and are not aware of. Advertising displayed on the basis of search behavior can be a great annoyance. Meanwhile, we become increasingly dependent on online information gathering, navigation and cloud storage. This makes a few dominant commercial companies ever more powerful.

PublicSpaces is a coalition of public broadcasters and cultural organizations that aim to ‘repair’ the internet by restoring it to a community of users. They try to do so by collaborating with a number of relevant parties and by offering alternatives. In particular, the fact that data so easily ends up across different platforms is a thorn in the eye of PublicSpaces. With open source initiatives and the use of IRMA (‘I Reveal my Attributes’, an open source identity platform which won a Dutch Privacy Award last year), the coalition attempts to improve online privacy. The expert panel wholeheartedly encourages PublicSpaces’ mission.

Nominations

There are four categories in which applicants are awarded:

1. the category of Consumer solutions (business-to-consumer)

2. the category of Business solutions (within a company or business-to-business)

3. the category of Public services (public authority-to-citizen)

4. The incentive prize for a ground breaking technology or person.

From the various entries, the independent expert panel chose the following nominees per category:

During the Dutch National Privacy Conference the nominees presented their projects to the audience in Award pitches. Thereafter, the Awards were handed out. Click HERE for the entire expert panel report (Dutch pdf), which includes participation criteria and explanatory notes on all the nominees and winners.

National Privacy Conference

The National Privacy Conference is a ECP|Platform for the Information Society and Privacy First initiative. Once a year, this conference brings together Dutch industry, public authorities, the academic community and civil society with the aim to build a privacy-friendly information society. The mission of both the National Privacy Conference and Privacy First is to turn the Netherlands into a guiding nation in the field of privacy and data protection. To this end, privacy by design is key.

These were the speakers during the 2019 National Privacy Conference in successive order:

Aleid Wolfsen (chairman of the Dutch Data Protection Authority)
Sophie in ‘t Veld (Member of the European Parliament)
Tijmen Schep (PrivacyLabel)
Brenno de Winter (IT researcher)
Jeroen Terstegge (Privacy Management Partners).

Expert panel of the Dutch Privacy Awards

The independent expert Award panel consists of privacy experts from different fields:

• Bart van der Sloot, senior researcher at Tilburg University (panel chairman)
• Bas Filippini, founder and chairman of Privacy First
• Paul Korremans, data protection & security professional at Comfort Information Architects (and Privacy First board member)
• Marie-José Bonthuis, IT’s Privacy owner
• Esther Janssen, attorney specialized in information law and fundamental rights, Brandeis Attorneys
• Esther Keymolen, philosopher of technology, TILT, Tilburg University
• Matthijs Koot, senior security specialist, Secura BV
• Marc van Lieshout, senior researcher at TNO and managing director at PI.lab
• Wendeline Sjouwerman, privacy specialist who focuses on local governments and health care.

In order to make sure that the Award process is run objectively, the panel may not judge on any entry of his or her own organization.

Privacy First organizes the Dutch Privacy Awards with the support of the Democracy & Media Foundation and in collaboration with ECP. Would you like to become a partner or sponsor of the Dutch Privacy Awards? Then please contact Privacy First!

IRMA and ‘referendum students’ win Dutch Privacy Awards

In the context of the National Privacy Conference organized by Privacy First and ECP, today the very first Dutch Privacy Awards have been awarded. These Awards offer a podium to companies and governments that consider privacy as an opportunity to positively distinguish themselves and want privacy-friendly entrepreneurship and innovation to become a benchmark. The great winner of the 2018 Dutch Privacy Awards is IRMA (I Reveal My Attributes). The students who organized the Dutch referendum about the controversial Tapping law received the incentive prize.

Winner: IRMA (I Reveal my Attributes)

IRMA (I Reveal my Attributes) is a state of the art, open source identity platform which allows users to authenticate themselves by using an app on the basis of one or several attributes related to their different roles (contextual authentication). This form of authentication does not reveal one’s identity: a one-to-one relation between the user and the service provider makes brokers redundant and allows the former to use services anonymously, without a password and with minimal attributes.

The system has been developed by the Digital Security Research Group of the Radboud University Nijmegen. Since the end of 2016, IRMA is part of the independent Dutch Privacy by Design foundation.

The Awards panel praises the academic community for developing IRMA as a general purpose privacy-by-design application intended for both the private as well as the public sector. As a means of privacy-friendly authentication, the panel regards the innovative capacity of the open source technology used, the instant deployability and the potential impact on society of IRMA as great assets. That is why the panel unanimously chose IRMA as the winner of the 2018 Dutch Privacy Awards.

Winners: ‘Tapping law students’

On the initiative of five University of Amsterdam students, a national referendum about the new and controversial Dutch Intelligence and Security Services Act (‘Tapping law’) will be held on 21 March 2018. Regardless of the outcome of the referendum, one of its results will be a heightened awareness of and a more critical stand towards privacy issues among the Dutch. This fact alone was sufficient ground for the panel to unanimously reward the students with a Dutch Privacy Award (incentive prize).

Nominations

There are four categories in which applicants are awarded:

1. the category of Consumer solutions (from companies for consumers)

2. the category of Business solutions (within a company or business-to-business)

3. the category of Public services (public authorities to citizens)

4. The incentive prize for a ground breaking technology or person.

Out of the various entries, the independent expert panel chose the following nominees per category:

During the National Privacy Conference the nominees have presented their projects to the audience in Award pitches. Thereafter, the Awards were handed out. Click HERE for the entire Award panel report (pdf in Dutch), which includes participation criteria and explanatory notes on all the nominees and winners.

From left to right: Paul Korremans (panel member), Luca van der Kamp (‘referendum student’), Esther Bloemen (Personal Health Train), Nina Boelsums (‘referendum student’), Bas Filippini (panel chairman), Bart Jacobs (IRMA), Arjan van Diemen (TrustTester), Marie-José Hoefmans (Schluss) and Wilmar Hendriks (Youth Privacy Implementation Plan (municipality of Amsterdam). Photo: Maarten Tromp.

National Privacy Conference

The National Privacy Conference is an initiative of ECP (Dutch Platform for the Information Society) and Privacy First. From now on, the conference will bring together once a year Dutch industry, public authorities, the academic community and civil society with the aim to build a privacy-friendly information society. The mission of both the National Privacy Conference and Privacy First is to turn the Netherlands into a guiding nation in the field of privacy. To this end, privacy-by-design is key.

The speakers during the 2018 National Privacy Conference were, in successive order:

Aleid Wolfsen, chairman of the Dutch Data Protection Authority,
Gerrit-Jan Zwenne, professor of Law and the Information Society (University of Leiden),
Jaap-Henk Hoepman, associate professor Privacy by Design (Radboud University Nijmegen),

Ulco van de Pol, chairman of the Amsterdam Data Protection Commission,
Tim Toornvliet, Netherlands ICT,
Lennart Huizing, Privacy Company.

Aleid Wolfsen, chairman of the Dutch Data Protection Authority. Photo: Maarten Tromp.

Panel of the Dutch Privacy Awards

The independent expert Award panel consists of privacy experts from different fields:
• Bas Filippini, founder and chairman of Privacy First (panel chairman)
• Paul Korremans, data protection & security professional at Comfort Information Architects
• Marie-José Bonthuis, owner of IT’s Privacy
• Bart van der Sloot, senior researcher at Tilburg University
• Marjolein Lanzing, PhD Philosophy & Ethics, Eindhoven University of Technology.

In order to make sure that the award process is run objectively, the panel members may not judge on any entry of his or her own organization.

Privacy First organized this first edition of the Dutch Privacy Awards in collaboration with ECP, with the support of the Democracy & Media Foundation and the Adessium Foundation. Would you like to become a partner of the Dutch Privacy Awards? Then please contact Privacy First!