Dutch risk profiling system SyRI banned following court decision
Today, the district court of The Hague ruled on the use of the algorithm-based system SyRI (System Risk Indication) by the Dutch government. The judges decided that the government, in trying to detect social services fraud, has to stop profiling citizens on the basis of large scale data analysis. As a result, people in the Netherlands are no longer 'suspected from the very start’ ("bij voorbaat verdacht").
The case against the Dutch government was brought by a coalition of NGOs, consisting of the Dutch Platform for the Protection of Civil Rights (Platform Bescherming Burgerrechten), the Netherlands Committee of Jurists for Human Rights (Nederlands Juristen Comité voor de Mensenrechten, NJCM), Privacy First, the KDVP Foundation (privacy in mental healthcare), Dutch trade union FNV, the National Clients Council (LCR) and authors Tommy Wieringa and Maxim Februari.
The court concludes that SyRI is in violation of the European Convention on Human Rights. SyRI impinges disproportionately on the private life of citizens. This concerns not only those that SyRI has flagged as an 'increased risk', but everyone whose data are analysed by the system. According to the court, SyRI is non-transparent and therefore cannot be scrutinized. Citizens can neither anticipate the intrusion into their private life, nor can they guard themselves against it.
Moreover, the court draws attention to the actual risk of discrimination and stigmatization on the grounds of socio-economic status and possibly migration background, of citizens in disadvantaged urban areas where SyRI is being deployed. There is a risk – which cannot be examined – that SyRI operates on the basis of prejudices. The attorneys of the claimant parties, Mr. Ekker and Mr. Linders, had this to say: "The court confirms that the large scale linking of personal data is in violation of EU law, Dutch law and fundamental human rights, including the protection of privacy. Therefore, this ruling is also important for other European countries and on a wider international level."
From now on, as long as there is no well-founded suspicion, personal data from different sources may no longer be combined.
Line in the sand
"This ruling is an important line in the sand against the unbridled collection of data and risk profiling. The court puts a clear stop to the massive surveillance that innocent citizens have been under. SyRI and similar systems should be abolished immediately", states Privacy First director Vincent Böhre.
"Today we have been proved right on all fundamental aspects. This is a well-timed victory for the legal protection of all citizens in the Netherlands", says Tijmen Wisman of the Platform for the Protection of Civil Rights.
Another plaintiff in the case, trade union FNV, equally rejects SyRI on principal grounds. "We are delighted that the court has now definitively cancelled SyRI", comments Kitty Jong, vice chair of FNV.
Turning point
The parties hope that the ruling will herald a turning point in the way in which the government deals with the data of citizens. They believe this viewpoint is endorsed by the considerations of the court: these apply not only to SyRI, but also to similar practices. Many municipalities in the Netherlands have their own data linking systems which profile citizens for all sorts of policy purposes. When it comes to combining data, a legislative proposal that would be greater in scope than SyRI and would enable lumping together the databases of private parties and those of public authorities, was all but unthinkable. The decision by the Hague district court, however, clamps down on these Big Data practices. According to the claimant parties, it is therefore of crucial importance that the SyRI ruling will affect both current as well as future political policies.
Public debate
The case against SyRI serves both a legal and a social goal. With this ruling, both goals are reached. Merel Hendrickx of PILP-NJCM: "Apart from stopping SyRI, we also aimed at initiating a public debate about the way the government deals with citizens in a society undergoing digitisation. This ruling shows how important it is to have that discussion."
Although SyRI was adopted in 2014 without any fuss, the discussion about its legality intensified after the lawsuit was announced. At the start of 2019, the use of SyRI in two Rotterdam neighbourhoods led to protests among inhabitants and a discussion in the municipal council. Soon after, the mayor of Rotterdam, Ahmed Aboutaleb, pulled the plug on the SyRI program because of doubts over its legal basis. In June 2019, Dutch newspaper Volkskrant revealed that SyRI had not detected a single fraudster since its inception. In October 2019, the UN Special Rapporteur on extreme poverty and human rights, Philip Alston, wrote a critical letter to the district court of The Hague expressing serious doubts over the legality of SyRI. Late November 2019, SyRI won a Big Brother Award.
The coalition of parties was represented in court by Anton Ekker (Ekker Advocatuur) and Douwe Linders (SOLV Attorneys). The proceedings were coordinated by the Public Interest Litigation Project (PILP) of the NJCM.
The full ruling of the court can be found HERE (official translation in English).
Court hearing in lawsuit against System Risk Indication (SyRI)
Fundamental lawsuit against mass risk profiling of unsuspected citizens
On Tuesday October 29 at 9:30 am in the district court of The Hague the court hearing will take place in the main proceedings of a broad coalition of Dutch civil society organizations against Systeem Risico Indicatie (System Risk Indication - SyRI). SyRI uses secret algorithms to screen entire residential areas to profile citizens on the risk of fraud with social services. According to the coalition of plaintiffs, this system poses a threat to the rule of law and SyRI must be declared unlawful.
The group of plaintiffs, consisting of the Dutch Platform for the Protection of Civil Rights, the Netherlands Committee of Jurists for Human Rights (NJCM), the Privacy First Foundation, the KDVP Foundation and the National Client Council (LCR), in March 2018 sued the Dutch Ministry of Social Affairs. Authors Tommy Wieringa and Maxim Februari, who previously spoke very critically about SyRI, joined the proceedings in their personal capacity. In July 2018, Dutch labour union FNV also joined the coalition.
The parties are represented by Anton Ekker (Ekker Advocatuur) and Douwe Linders (SOLV Attorneys). The case is coordinated by the Public Interest Litigation Project (PILP) of the NJCM.
Trawl method on unsuspected citizens
SyRI links the personal data of citizens from various government databases on a large scale. These centrally collected data are subsequently analyzed by secret algorithms. This should show whether citizens pose a risk of being guilty of one of the many forms of fraud and violations that the system covers. If the analysis of SyRI leads to a risk notification, then the citizen in question will be included in the so-called Risk Notices Register (Register Risicomeldingen), which can be accessed by government authorities.
SyRI uses this trawl method to screen all residents of a neighborhood or area. For this, the system uses almost all data that government authorities store about citizens. It comprises 17 data categories, which together provide a very intrusive picture of someone's private life. SyRI currently covers the databases of the Dutch Tax Authorities, Inspectorate of Social Affairs, Employment Office, Social Security Bank, municipalities and the Immigration Service. According to the Dutch Council of State (Raad van State), which gave a negative opinion on the SyRI bill, it was hard to imagine any data that did not fall within the scope of the system. Former chairman Kohnstamm of the Dutch Data Protection Authority, which also issued a negative opinion on the system, called the adoption of the SyRI legislation "dramatic" at the time.
Threat to the rule of law
According to the claimants, SyRI is a black box with major risks for the democratic rule of law. It is completely unclear to any citizen, who can be screened by SyRI without cause, what data are used for this, which analysis is carried out with it and what makes him or her a 'risk'. Moreover, due to the secret operation of SyRI, citizens are also unable to refute an incorrect risk indication. The use of SyRI makes the legal process and the associated procedures intransparent.
SyRI thereby undermines the relationship of trust between the government and its citizens; these citizens are in fact suspected in advance. Virtually all information that they share with the government, often to be eligible for basic services, can be used against them secretly without any suspicion.
The plaintiffs in this lawsuit are not opposed to the government combating fraud. They just think that this should be done on the basis of a concrete suspicion. There should be no trawl searches in the private life of unsuspected Dutch citizens to look for possible fraud risks. According to the claimants, this disproportionate method does more harm than good. There are better and less radical forms of fraud prevention than SyRI.
Not one fraudster detected yet
The total of five SyRI investigations that have been announced since the system's legal introduction have by now turned tens of thousands of citizens inside out, but have not yet detected one fraudster. This was revealed at the end of June 2019 by Dutch newspaper Volkskrant, which managed to get hold of evaluations of SyRI investigations. The investigations failed because the analyses were incorrect, due to lack of capacity and time at the implementing bodies, but also because there is disagreement within the government about SyRI.
For example, mayor Aboutaleb of Rotterdam pulled the plug from the SyRI investigation in two neighborhoods in Rotterdam South last summer, because the Ministry, unlike the municipality, also wanted to use police and healthcare data in the investigation. The deployment of SyRI also led to protest among the neighborhood's residents, who clearly showed that they felt insulted and unfairly treated.
UN expresses concern about SyRI
The UN Special Rapporteur on extreme poverty and human rights Philip Alston wrote to the court earlier this month about his concerns about SyRI and urged the judges to thoroughly assess the case. According to the rapporteur, several fundamental rights are at stake. SyRI is described in his letter as a digital equivalent of a social detective who visits every household in an area without permission and searches for fraudulent cases; in the analogue world such a massive manhunt would immediately lead to great resistance, but with a digital instrument such as SyRI, it is wrongly claimed that 'ignorance is bliss'.
Practical information
The court hearing is open to the public and will take place on Tuesday October 29th from 9.30 am in the Palace of Justice, Prins Clauslaan 60 in The Hague. Case number: C/09/550982 HA ZA 18/388 (Nederlands Juristen Comité c.s./Staat).
Source: campaign website Bijvoorbaatverdacht.nl.
New Round in Privacy Fight Between Dutch Railways and Passenger
A train passenger has submitted an enforcement request to the Dutch Data Protection Authority, because he argues that Dutch Railways (NS) violates the privacy of train passengers.
In response to three new attempts by Dutch Railways (NS) to violate the privacy of train passengers, NS customer Michiel Jonker has submitted a request for enforcement to the Dutch Data Protection Authority (DPA). It concerns:
- Rejecting the reimbursement of the remaining balance on anonymous public transport chip cards if the holder does not provide his or her name and address data to NS;
- Refusing international train tickets by NS employees at station desks if buyers do not provide their name and address data to NS;
- Charging, since 2 July 2018, additional "service costs" when holders of anonymous public transport chip cards pay in cash for topping up the balance on these cards.
Since July 2014, NS has already launched attacks on the privacy of Dutch train passengers in various ways. It then concerned:
- Discriminating holders of anonymous public transport chip cards in discount hours;
- Requiring de-anonymization of the anonymous public transport chip cards when NS is asked to provide services (for example, reimbursing money in the event of delays);
- Applying two unique card numbers on each anonymous OV chip card, as a result of which the anonymity of these cards is affected.
As a traveler who wants to maintain his privacy, Jonker repeatedly asked the DPA to investigate these violations and to take enforcement measures. Jonker already won several lawsuits against the DPA, which initially refused to even investigate the reports.
The recently adopted General Data Protection Regulation (GDPR) will play an important role in the assessment of the new violations by NS. Another central issue will be the right to pay by cash, which protects privacy.
Jonker: "In all these matters, the question is whether users of Dutch public transport are entitled to a real, effective protection of their privacy. This question is more relevant than ever, when you see how people are treated in situations where privacy is not adequately protected. We don't only think about China with its Social Credit score, or the United States with their "No Fly" lists, but also about European countries where laws have been adopted in recent years that allow the government to spy on travelers who are not even suspected of any punishable or risky behavior. For example France with its permanent state of emergency and the Netherlands with its new Intelligence and Security Act."
In this new case, Jonker is supported by Privacy First and Maatschappij voor Beter OV.
Source: https://www.liberties.eu/en/news/ns-privacy-fight-passenger-privacy/15444, 25 July 2018.
Civil rights groups sue Dutch government for risk profiling citizens
A group of civil society organizations is bringing a case against the Dutch government because of System Risk Indication, better known by the abbreviation SyRI. According to the plaintiffs, this risk profiling system is a black box that should be stopped as it forms a risk to the democratic rule of law.
The coalition of plaintiffs consists of the Netherlands Committee of Jurists for Human Rights (NJCM), the Dutch Platform for the Protection of Civil Rights (Platform Bescherming Burgerrechten), Privacy First, the KDVP Foundation (privacy in mental healthcare) and the National Clients Council (LCR). Two well-known authors, Tommy Wieringa and Maxim Februari, have in their individual capacities joined the case as plaintiffs. As ‘ambassadors’ to this lawsuit, they have fiercely criticized SyRI on multiple occasions.
The proceedings are carried out by Deikwijs Attorneys under the guidance of the Public Interest Litigation Project (PILP) of the NJCM.
Trawl net actions on the basis of secret algorithms targeting innocent citizens
SyRI links together on a large scale personal data of innocent citizens from databases of public authorities and companies. With the use of secret algorithms, citizens are subsequently subjected to a risk analysis. When there is an increased risk of breaking one of the many laws that SyRI covers, individuals are included in the Risk Reports Register, which is accessible to many government agencies.
SyRI is a black box that poses a major threat to the democratic rule of law. Citizens who are being examined through SyRI without any justification, have absolutely no idea which of their data are being used for analyses, what kind of analyses are being carried out and what actually determines whether or not they are a ‘risk’. Because SyRI works surreptitiously, citizens are not in a position to refute any incorrect flagging that may concern them.
According to the coalition, SyRI is in breach of various fundamental rights while it simultaneously undermines the relationship of trust between citizens and those in power. Citizens are suspect from the very start and all of the information that they share with public authorities, may secretly be used against them without imputation or concrete ground.
Ministry refuses to operate in a transparent manner
Despite fundamental objections from the Dutch Council of State (Raad van State) and the Dutch Data Protection Authority about the lawfulness of the system, at the end of 2014 the legislation for SyRI was rubber-stamped by the Dutch Senate and the House of Representatives. However, SyRI has been in use ever since 2008 already. Since then, dozens of investigations have been carried out and this included examining entire neighborhoods in several Dutch cities. Once the system was specified in law, it has been applied in Eindhoven and Capelle aan den IJssel among other places. It was recently announced that SyRI will be used in the Rotterdam neighborhoods of Bloemhof en Hillesluis and in the Haarlem neighborhood of Schalkwijk.
A FOIA request submitted by the coalition has resulted in barely any information concerning the dozens of SyRI investigations that have been carried out prior to and after the system had been laid down in law in 2014. The Dutch Ministry of Social Affairs is unwilling to provide insight into its practices arguing that, by disclosing the data and risk models that are used in SyRI, cunning citizens would become aware what to look out for when they commit fraud. The claimants, in their turn, assert that this is not in line with the obligation to inform and the right to a fair trial.
More information
In the context of this lawsuit, a public information campaign called ‘Bij Voorbaat Verdacht’ (‘Suspect From The Very Start’) has been launched. On the (Dutch) campaign website you can find updates about the legal proceedings as well as a simplified summary of the subpoena. The complete subpoena (in Dutch) can be found on the website of Deikwijs Attorneys (pdf). Click HERE for the English version on the website of PILP (pdf).
Update 16 October 2018: the District Court of The Hague has allowed the Dutch Federation of Trade Unions (FNV) as co-plaintiff in the lawsuit.
Privacy First and others start interim injunction proceedings to suspend Dutch Tapping law
The Dutch government and Parliament aim to quickly introduce the privacy-violating Tapping law. A coalition of privacy advocates will start interim injunction proceedings to prevent this from happening.
Implementation of unaltered Tapping law imminent
In recent months, there has been a thorough public debate in the Netherlands about the new Dutch Intelligence and Security Services Act, the so-called ‘Tapping law’. In a referendum that was held on 21 March 2018, a majority of the Dutch citizenry voted AGAINST this act. In response to this, the Dutch government has promised only a few minor, superficial policy changes as well as a few non-fundamental legislative amendments. Both the Dutch government and the House of Representatives have with full intent pushed for a prompt entry into force of the Tapping law in its unaltered form, as per 1 May to be exact. The envisaged legislative amendments will be presented by the government only after the summer. Regrettably, a motion to postpone the implementation of the Tapping law until after these legislative amendments have been discussed, was yesterday repealed by the House of Representatives. With that, it seems Parliament has had its say and it is now again up to society to make a move.
Interim injunction proceedings
It is Privacy First’s established policy to try to prevent massive privacy violations. Unmistakeably, the implementation of the current Tapping law is a massive privacy breach, because as a result of it, there will be large-scale tapping into the Internet traffic of innocent citizens and, moreover, the data of innocent citizens will be exchanged with foreign secret services without first being evaluated. This is a blatant violation of the right to privacy. Therefore, we cannot wait for any possible legislative amendments that serve to ‘rectify retrospectively’. After all, by that time the violations will have already occurred. Today, a coalition of Privacy First and various other civil organizations and companies urge the government to postpone the introduction of the Tapping law (or at least those parts of it that constitute the gravest privacy violations) until all legislative amendments have been discussed in Parliament. In case the government refuses this request, our coalition will not hesitate to start interim injunction proceedings in order to enforce the postponement of the Tapping law before court.
Broad coalition
Alongside Privacy First, the coalition that has been created for these proceedings is comprised of the Netherlands Committee of Jurists for Human Rights (NJCM), Bits of Freedom, the Dutch Association of Criminal Defence Lawyers (NVSA), the Dutch Platform for the Protection of Civil Rights, Free Press Unlimited, BIT, Voys, Speakup, Greenpeace International, Waag Society and Mijndomein Hosting. The case is taken care of by Boekx Attorneys and is coordinated by the Public Interest Litigation Project (PILP) of the Netherlands Committee of Jurists for Human Rights. Apart from said interim injunction proceedings, since March 2017 Privacy First and other organizations are preparing a larger scale lawsuit in order for multiple parts of the Tapping law to be declared unlawful as it contravenes international and European privacy law.
Today, on behalf of the coalition, our attorneys will send a letter to the Dutch government (the ministers of the Interior and Defence) requesting the postponement of the implementation of the Tapping law. The government will have the opportunity to respond to this request until Friday, 20 April.
Update 20 April 2018: the government has rejected the appeal of the coalition. The coalition will now continue preparing interim injunction proceedings.
Update 17 May 2018: today the coalition summons has been sent to the Dutch state attorney; click HERE for the full version (pdf in Dutch). The summary proceedings will take place at the District Court of The Hague on Thursday 7 June 2018, 10.00 am - 12.00 pm CET.
Update 7 June 2018: this morning the hearing took place before the District Court of The Hague; click HERE for the pleading of our attorneys (pdf in Dutch). The court is expected to deliver a ruling on Tuesday, 26 June 2018.
Update 26 June 2018: to the great disappointment of Privacy First, today the District Court of The Hague has unfortunately rejected the case. Find the complete ruling (in Dutch) HERE. From a legal point of view, the bar was set high in these interim injunction proceedings: in order to be able to win our case, the judge had to declare the Tapping law ‘unequivocally ineffective’ on account of blatant (unequivocal) violation of international or European privacy law. However, the court ruling reads like a foregone conclusion in favor of the State, not least because various objections of our coalition have remained unidentified. That being said, it needs to be stressed (as the court itself does too), that this ruling constitutes only a preliminary opinion and that a thorough (‘full’) review was lacking in this case.
The coalition of organizations that has initiated these proceedings regrets the judgment. In view also of the result of the referendum, the coalition is of the opinion that the government should have waited to introduce the contested parts of the Tapping law until the parliamentary legislative process in response to the referendum is finished. Introducing the Tapping law unchanged on 1 May 2018 before proposing amendments at a later stage (after the summer) is and remains incorrect.
The coalition will soon discuss possible follow-up legal action.
Dutch Supreme Court passes on Passport Trial to Council of State
After years of legal proceedings against the storage of fingerprints under the Dutch Passport Act — one of the gravest privacy violations in the Netherlands — Privacy First and 19 co-plaintiffs were declared inadmissible by the Dutch Supreme Court.
Since May 2010, a large-scale lawsuit against the central storage of fingerprints under the Dutch Passport Act by Privacy First and 19 co-plaintiffs (Dutch citizens) has been under way. This so-called 'Passport Trial' was a civil case because with regard to the merits of the case, individual citizens were not able to turn to an administrative court.
Citizens could only go to an administrative court if they would first provoke an individual decision: an administrative refusal to issue a passport or ID card after an individual refusal to give one's fingerprints. Hence, they could only litigate on an administrative level if they were prepared to live without a passport or ID card for years.
Moreover, the provision in the Passport Act on the central storage of fingerprints (Article 4b) still hasn't entered into force. Therefore, the administrative courts were unauthorized to assess this provision. Moreover, contrary to other countries, a direct administrative appeal against Dutch law (Acts and statutes) isn't possible in the Netherlands.
Subsequently, an administrative court would only have been able to individually and indirectly ("exceptionally") assess this provision on the basis of higher privacy legislation after that same provision would have entered into force, that is to say, after the central storage (and exchange) of everyone's fingerprints would have become a fait accompli.
To prevent such a massive violation of privacy, only the civil courts were authorized to rule in the case of Privacy First et al. For many years civil courts have been the perfect type court for the direct assessment of national legislation on the basis of higher (privacy) legislation, even if the national legislation in question has not yet entered into force but does entail an imminent privacy violation.
Strong case
As a relevant foundation, Privacy First was able to take civil action in the general interest, on behalf of the Dutch population at large. Since the early 90s this is possible via a special procedure under Article 3:305a of the Dutch Civil Code: the so-called "action of general interest." Up until May 2010, when Privacy First et al. summoned the Dutch government, the Dutch Supreme Court seemed to have given the green light for this.
However, in July 2010, the Supreme Court disregarded its earlier case law by declaring that interest groups can only turn to a civil court if individual citizens cannot pursue legal proceedings before an administrative court. But in Privacy First's Passport Trial, citizens could not apply to an administrative court. So Privacy First et al. still had a very strong case. What's more, the admissibility criteria of the Supreme Court seemed not to apply to actions of general interest, but merely to 'group actions' that are organized on behalf of a specific group of people instead of the entire population.
Incomprehensible judgment
In February 2011, the district court of The Hague wrongly declared our Passport Trial inadmissible. This decision was subsequently appealed by Privacy First et al. Courtesy also of the pressure exerted by this appeal, the central (as well as municipal) storage of fingerprints was largely discontinued in the summer of 2011 and the taking of fingerprints for Dutch ID Cards was halted altogether at the start of 2014.
In February 2014, The Hague Court of Appeal declared Privacy First — in the general interest — admissible after all and judged that the central storage of fingerprints under the Passport Act was in violation of the right to privacy. The Dutch Minister of the Interior, Ronald Plasterk, was not amused and demanded an appeal in cassation before the Dutch Supreme Court.
Against all odds (as Privacy First had virtually all Dutch legislation, legislative history, case law and legal literature on its side), on May 22, 2015, the Dutch Supreme Court declared Privacy and its 19 co-plaintiffs inadmissible once more. According to the Supreme Court, the citizens can turn to an administrative court, which has also blocked the road to a civil court for Privacy First.
All this while in the last few years it had been established that the co-plaintiffs could not turn to an administrative court, at least not for the review of Article 4b of the Passport Act concerning the central storage of fingerprints. In innumerable administrative cases over the past few years, judges of various Dutch administrative courts have declined jurisdiction in this respect. That meant that for Privacy First as an interested organization, the road to an administrative court was equally blocked.
The fact that the Supreme Court rules as if that isn't so is simply incomprehensible. Furthermore, litigating citizens can neither be expected to get by without a passport for years, nor can they be expected to first let their privacy be violated (giving up fingerprints, even for storage) before a judge can determine whether this is legal. The fact that the Supreme Court seems to require this just the same is not just inconceivable (as well as in breach of its own case law) but also reprehensible.
Gap in the legal protection
The ruling by the Dutch Supreme Court creates a legal vacuum in the Netherlands: if citizens or organizations want massive and imminent privacy violations, such as the central storage of fingerprints under the Passport Act, to be reviewed, then they may not be able to turn to either a civil or an administrative court. This creates a gap in the legal protection that has been in place in the Netherlands over the past few decades.
The Supreme Court may now have passed on this case to the highest Dutch administrative court (the Council of State), but it's all but certain that the Council of State is able and still prepared to review the central storage of fingerprints under the Passport Act. In light of this, the Supreme Court should have waited for the ruling by the Council of State in four current and parallel administrative cases revolving around the Passport Act, prior to coming up with its ruling in Privacy First's Passport Trial. By not doing this, the Supreme Court has taken a huge risk, has prematurely stepped into the shoes of the Council of State and has put the Council of State under severe pressure.
If the Council of State were soon to judge differently than the Supreme Court (that is to say, if the Council of State would judge that it is equally unauthorized to rule in this matter), the two institutions would make an enormous blunder and would create a huge gap in the legal protection in the Netherlands, in contravention of the European Convention on Human Rights (ECHR)
Multiple ECHR violations
Privacy First et al. await the ruling of the Council of State with considerable anticipation. In the meantime, Privacy First et al. will already prepare to file a complaint with the European Court of Human Rights in Strasbourg on account of a breach of Article 8 ECHR (right to privacy) and Articles 6 and 13 EHCR (right to access to justice and an effective legal remedy). Despite the Kafkaesque anti-climax before the Dutch Supreme Court, a European conviction of the Netherlands would thus be on the cards once the complaint has been filed.
Read the entire judgment by the Dutch Supreme Court HERE (in Dutch).
Click HERE for our entire case file.
A similar version of this article was published on http://www.liberties.eu/en/news/bad-day-for-privacy-in-the-netherlands.
The Peninsula (Qatar), 12 March 2015: 'Dutch court nixes data storage law, says privacy breached'
"A Dutch court on Wednesday struck down a law requiring telecoms and Internet service providers to store their clients' private phone and email data, saying it breached European privacy rules.
"The judge ruled that data retention is necessary and effective to combat serious crime. Dutch legislation however infringes on the individual's right to privacy and the protection of personal data," the Hague district court said.
"The law therefore contravenes the Charter of Fundamental Rights of the European Union," the court said in a statement.
Seven groups and organisations including privacy watchdog Privacy First and the Dutch Association of Journalists dragged the Dutch state to court last month over the issue.
The Dutch court's decision comes after the European Court of Justice in April 2014 struck down the European Union law that forced telecoms operators to store private phone and email data for up to two years, judging it too invasive, despite its usefulness in combating terrorism.
Advocate General Pedro Cruiz Villalon declared the 2006 legislation illegal and told the European Union's 28 member states to take the necessary steps to withdraw it.
The 2006 directive called for EU states to store individuals' Internet, mobile telephone and text metadata -- the time, date, duration and destination, but not the content of the communications themselves -- for six months to two years.
This data could then be accessed by national intelligence and police agencies.
"The privacy rights of Dutch citizens were violated en masse by this mass surveillance," said Vincent Boehre of Privacy First.
"Privacy First fights for a society in which innocent civilians do not have to feel that they are being constantly monitored," he said on the organisation's website in response to the ruling.
"The verdict of the Hague tribunal is an important step in that direction," said Boehre."
Source: http://thepeninsulaqatar.com/news/international/326442/dutch-court-nixes-data-storage-law-says-privacy-breached, 12 March 2015.
Le Parisien (France), 11 March 2015: 'La justice néerlandaise annule une loi sur les données personnelles'
"La justice néerlandaise a annulé mercredi une loi exigeant le stockage de données personnelles, assurant que bien qu'utile à la lutte contre le crime, le texte violait la vie privée des utilisateurs des réseaux téléphoniques et d'internet.
"Les juges ont estimé que le stockage de données était nécessaire et efficace pour combattre le crime, mais la législation néerlandaise est contraire aux droits des personnes à une vie privée et à la protection de leurs données personnelles", a indiqué le tribunal de La Haye dans un communiqué.
"La loi est donc contraire à la Charte des droits fondamentaux de l'Union européenne", a ajouté le tribunal.
Sept organisations, dont l'organisation de défense de la vie privée Privacy First et l'Association néerlandaise des Journalistes, avaient entamé une action contre l?État le mois dernier.
Cette décision des juges intervient environ un an après une décision de la justice européenne, qui avait imposé en avril 2014 une révision de la législation sur la conservation des données personnelles, la jugeant "disproportionnée" malgré son utilité dans la lutte contre le terrorisme.
La directive en question datait de 2006 et exigeait des opérateurs de télécoms et des fournisseurs d'accès internet de stocker les données des communications téléphoniques ou de courriels pendant six mois à deux ans.
Étaient donc conservées les métadonnées desdites communications, comme l'heure, la date, la durée et la destination, mais pas leur teneur.
Ces données pouvaient ensuite être consultées par les services de renseignement ou la police.
"Les droits à une vie privée des citoyens néerlandais ont été violés en masse par cette surveillance", a affirmé Vincent Boehre, le directeur des opérations de Privacy First, cité dans un communiqué publié sur le site internet de l'organisation.
Privacy First "lutte pour une société dans laquelle des civils innocents ne doivent pas se sentir comme s'ils étaient constamment surveillés", a-t-il ajouté, soulignant que ce jugement est "une étape importante dans cette direction"."
Source: http://www.leparisien.fr/high-tech/la-justice-neerlandaise-annule-une-loi-sur-les-donnees-personnelles-11-03-2015-4595081.php, 11 March 2015.
Star Online (Malaysia), 12 March 2015: 'Dutch court nixes data storage law, says privacy breached'
"A Dutch court struck down a law requiring telecoms and Internet service providers to store their clients' private phone and e-mail data, saying it breached European privacy rules.
"The judge ruled that data retention is necessary and effective to combat serious crime. Dutch legislation however infringes on the individual's right to privacy and the protection of personal data," the Hague district court said.
"The law therefore contravenes the Charter of Fundamental Rights of the European Union," the court said in a statement.
Seven groups and organisations including privacy watchdog Privacy First and the Dutch Association of Journalists dragged the Dutch state to court last month over the issue.
The Dutch court's decision comes after the European Court of Justice in April 2014 struck down the European Union law that forced telecoms operators to store private phone and e-mail data for up to two years, judging it too invasive, despite its usefulness in combating terrorism.
Advocate General Pedro Cruiz Villalon declared the 2006 legislation illegal and told the European Union's 28 member states to take the necessary steps to withdraw it.
The 2006 directive called for EU states to store individuals' Internet, mobile telephone and text metadata – the time, date, duration and destination, but not the content of the communications themselves – for six months to two years.
This data could then be accessed by national intelligence and police agencies.
"The privacy rights of Dutch citizens were violated en masse by this mass surveillance," said Vincent Boehre of Privacy First.
"Privacy First fights for a society in which innocent civilians do not have to feel that they are being constantly monitored," he said on the organisation's website in response to the ruling.
"The verdict of the Hague tribunal is an important step in that direction," said Boehre."
Source: http://www.thestar.com.my/Tech/Tech-News/2015/03/12/Dutch-court-nixes-data-storage-law-says-privacy-breached/, 12 March 2015.
Bangkok Post (Thailand), 12 March 2015: 'Dutch court nixes data storage law, says privacy breached'
"A Dutch court on Wednesday struck down a law requiring telecoms and Internet service providers to store their clients' private phone and email data, saying it breached European privacy rules.
"The judge ruled that data retention is necessary and effective to combat serious crime. Dutch legislation however infringes on the individual's right to privacy and the protection of personal data," the Hague district court said.
"The law therefore contravenes the Charter of Fundamental Rights of the European Union," the court said in a statement.
Seven groups and organisations including privacy watchdog Privacy First and the Dutch Association of Journalists dragged the Dutch state to court last month over the issue.
The Dutch court's decision comes after the European Court of Justice in April 2014 struck down the European Union law that forced telecoms operators to store private phone and email data for up to two years, judging it too invasive, despite its usefulness in combating terrorism.
Advocate General Pedro Cruiz Villalon declared the 2006 legislation illegal and told the European Union's 28 member states to take the necessary steps to withdraw it.
The 2006 directive called for EU states to store individuals' Internet, mobile telephone and text metadata - the time, date, duration and destination, but not the content of the communications themselves - for six months to two years.
This data could then be accessed by national intelligence and police agencies.
"The privacy rights of Dutch citizens were violated en masse by this mass surveillance," said Vincent Boehre of Privacy First.
"Privacy First fights for a society in which innocent civilians do not have to feel that they are being constantly monitored," he said on the organisation's website in response to the ruling.
"The verdict of the Hague tribunal is an important step in that direction," said Boehre."
Source: http://www.bangkokpost.com/tech/world-updates/494578/dutch-court-nixes-data-storage-law-says-privacy-breached, 12 March 2015.
