Law & Politics

Today, Privacy First sent the following plea to the Dutch House of Representatives: 

Dear Members of Parliament, 

It is with great disapproval that the Privacy First Foundation has taken note of the planned introduction of coronavirus entry passes for bars and restaurants, events and cultural institutions. This will lead to a division in society, exclusion of vulnerable groups and a massive violation of everyone’s right to privacy. Below, Privacy First will briefly explain this.

Serious violation of fundamental rights

The coronavirus entry pass (‘corona pass’) constitutes a serious infringement of numerous fundamental human rights, including the right to privacy, physical self-determination, bodily integrity and freedom of movement in conjunction with other classic human rights such as the right to participate in cultural life and various children’s rights such as the right to recreation. Any curtailment of these rights must be strictly necessary, proportionate and effective. In the case of the corona pass, however, this has not been demonstrated to date and the required necessity is simply being assumed in the public interest. More privacy-friendly alternatives to reopen and normalize society seem never to have been seriously considered. For these reasons alone, the corona pass cannot pass the human rights test and should therefore be repealed. In this context, Privacy First would also like to remind you of countries such as England, Belgium and Denmark where a similar pass was deliberately not introduced, or has been done way with not long after its introduction. In the Netherlands, there has been a great lack of support in recent days for the corona pas and many thousands of entrepreneurs have already let it be known that they will not cooperate. Privacy First therefore expects that the introduction of the corona pass will lead to massive civil disobedience and successful lawsuits against the Dutch government.

Social exclusion

The introduction of the corona pass violates the general prohibition of discrimination, as it introduces a broad social distinction based on medical status. This puts a strain on social life and may lead to widespread inequality, stigmatization, social segregation and even possible tensions, as large groups in society will not (or not systematically) want to, or will not be able to get tested or vaccinated (for a variety of reasons), or obtain a digital test or vaccination certificate. During our National Privacy Conference in early 2021, Privacy First already took the position that the introduction of a mandatory ‘corona passport’ would have a socially disruptive effect.[1] On that occasion, the Dutch Data Protection Authority, among others, explicitly took a stand against the introduction of such a passport. The aforementioned social risks apply all the more strongly to the vaccination coercion that is caused by the introduction of the corona pass. In this regard, Privacy First would like to remind you of the fact that both your House of Representatives and the Parliamentary Assembly of the Council of Europe have expressed their opposition to a direct or indirect vaccination requirement.[2] In addition, the corona pass will have the potential to set precedent for other medical conditions and other sectors of society, putting pressure on a much wider range of socio-economic human rights. For these reasons, Privacy First calls on you to block the introduction of the corona pass.

Multiple privacy violations

From the perspective of the right to privacy, there are a number of yet other specific concerns and questions. First of all, the corona pass introduces a mandatory ‘health proof’ for participation in a large part of social life, in flagrant violation of the right to privacy and the protection of personal data. Through the mandatory display of an ID card in addition to the corona pass, an entirely new identification requirement is created in public places. The existing anonymity in the public space is thus removed, with all the dangers and risks that this entails. Moreover, this new identification requirement raises questions about the capacities of entrepreneurs to determine the identity of a person and to assess the state of health by means of the corona pass.

Moreover, the underlying legislation results in the inconsistent application of existing legislation with regard to the same act, i.e. testing, with far-reaching consequences on the one hand for an important attainment such as medical confidentiality and the public’s trust in that confidentiality, and on the other for the practical implementation of retention periods of the test results while the processing of these results does not change. After all, it is not the result of the test that should determine whether the registration of the testing falls under the Dutch Medical Treatment Agreement Act (‘Wgbo’, which requires medical confidentiality and a 20-year retention period) or the Dutch Public Health Act (‘Wpg’, which requires a 5-year retention period), but the act of testing itself. Besides, it is questionable why a connection was sought with the Wpg and/or Wgbo now that it is about obtaining a certificate for participation in society and it does not concern medical treatment (Wgbo) or public health tasks for that purpose. The only ground for processing personal data for the purpose of ascertaining the presence of the coronavirus and for breaching medical confidentiality, should be consent. However, in this case there cannot be the legally required freely given consent, since testing and vaccination will be a mandatory condition for participation in society.

Privacy requires clarity

Many other things are and remain unclear: what data will be stored, where, by whom and in which systems? To what extent will there be an international and European exchange of such data? Which parties with which purposes will have access to or will copy the data, or put these in huge new national databases together with our health data? Will we have constant personal localization and identification, or only occasional verification and authentication? Why can test results be kept for an unnecessarily long time? How great are the risks of hacking, data breaches, fraud and forgery? To what extent have decentralized, privacy-friendly technologies and privacy by design, open source software, data minimization and anonymization seriously been considered? How long will test certificates remain free of charge? Is work already underway to introduce an ‘alternative digital medium’ to the Dutch CoronaCheck app, namely a chip (card), with all the objections and risks that entails? Why has there been no independent Privacy Impact Assessment (PIA)? How many more times must the country accept emergency laws to close privacy leaks, when our overburdened and understaffed Data Protection Authority is already noting that there is no legal basis for the processing of the data concerned? How will unforeseen uses and abuses, function creep and profiling be prevented, and how is privacy oversight arranged? Will non-digital, paper alternatives remain available at all times? Why is the ‘yellow booklet’ not accepted as a privacy-friendly alternative, as it is in other countries? What happens with the test material – i.e. everyone’s DNA – at the various testing sites? And when will the corona pass be abolished? In other words, to what extent is this actually a ‘temporary’ measure?

In the view of Privacy First, the introduction of the corona pass will lead merely to an impractical burden on entrepreneurs, innumerable deficiencies and destruction of capital for society. Privacy First therefore requests that the members of the House of Representatives block the introduction of the corona pass. Failing to do so, Privacy First reserves the right to have the legislation introducing the corona pass reviewed against international and European law and declared inoperative by the courts. Preparations for such legal proceedings by us and many others are already underway.

Yours sincerely,

Privacy First Foundation 

[1] See National Privacy Conference 28 January 2021, https://youtu.be/asEX1jy4Tv0?t=9378, starting at 2h 36 min 18 sec.
[2] See Council of Europe, Parliamentary Assembly, Resolution 2361 (2021): Covid-19 vaccines: ethical, legal and practical considerations, https://pace.coe.int/en/files/29004/html, par. 7.3.1-7.3.2: ‘‘Ensure that citizens are informed that the vaccination is NOT mandatory and that no one is politically, socially, or otherwise pressured to get themselves vaccinated, if they do not wish to do so themselves; ensure that no one is discriminated against for not having been vaccinated, due to possible health risks or not wanting to be vaccinated.’’ See also, inter alia, Dutch House of Representatives, Motion by Member Azarkan on no corona vaccination requirement (28 October 2020), House of Representatives, 25295-676, https://zoek.officielebekendmakingen.nl/kst-25295-676.html: ‘‘The House of Representatives (...) expresses that there should never be a direct or indirect corona vaccination obligation in the future’’; Motion by Member Azarkan on access to public benefits for all regardless of vaccination or testing status (5 January 2021), House of Representatives 25295-864, https://zoek.officielebekendmakingen.nl/kst-25295-864.html: "The House of Representatives (...) requests the government to allow access to public benefits for all regardless of vaccination or testing status."

An earlier, similar version of this commentary appeared as early as March 2021: https://www.privacyfirst.eu/focus-areas/law-and-politics/695-privacy-first-position-concerning-the-dutch-draft-bill-on-covid-19-test-certificates.html.

It is with great concern that Privacy First has taken note of the Dutch draft bill on COVID-19 test certificates. Under this bill, a negative COVID-19 test certificate will become mandatory for access to sporting and youth activities, all sorts of events and public places including bars and restaurants and cultural and higher education institutions, Those who have no such certificates risk getting high fines. This will put pressure on everyone's right to privacy. 

Serious violation of fundamental rights

The draft bill severely infringes numerous fundamental and human rights, including the right to privacy, physical integrity and freedom of movement in combination with other relevant human rights such as the right to participate in cultural life, the right to education and various children’s rights such as the right to recreation. Any curtailment of these rights must be strictly necessary, proportionate and effective. However, the current draft bill fails to demonstrate this, while the required necessity in the public interest is simply assumed. More privacy-friendly alternatives to reopen and normalize society do not seem to have been considered. For these reasons alone, the proposal cannot pass the human rights test and should therefore be withdrawn.

Social exclusion

The proposal also violates the general prohibition of discrimination, as it introduces a broad social distinction based on medical status. This puts pressure on social life and may lead to large-scale inequality, stigmatization, social segregation and even possible tensions, as large groups in society will not (or not systematically) want to or will not be able to get tested (for various reasons). During the recent Dutch National Privacy Conference organized by Privacy First and the Platform for the Information Society (ECP), it already became clear that the introduction of a mandatory ‘corona passport’ could have a socially disruptive effect.[1] On that occasion the Dutch Data Protection Authority, among others, took a strong stand against it. Such social risks apply all the more strongly to the indirect vaccination obligation that follows on from the corona test certificate. In this regard, Privacy First wants to recall that recently both the Dutch House of Representatives and the Parliamentary Assembly of the Council of Europe have expressed their opposition to a direct or indirect vaccination requirement.[2] In addition, the draft bill under consideration will have the potential to set precedents for other medical conditions and other sectors of society, putting pressure on a much broader range of socio-economic rights. For all of these reasons, Privacy First strongly recommends that the Dutch government withdraw this draft bill.

Multiple privacy violations

Moreover, from the perspective of the right to privacy, a number of specific objections and questions apply. First of all, the draft bill introduces a mandatory ‘proof of healthiness’ for participation in a large part of social life, in flagrant violation of the right to privacy and the protection of personal data. Also, the draft bill introduces an identification requirement at the entrance of public places, in violation of the right to anonymity in public spaces. The bill also results in the inconsistent application of existing legislation to the same act, namely testing, with far-reaching consequences on the one hand for a precious achievement like medical confidentiality and the trust of citizens in that confidentiality, and on the other hand for the practical implementation of retention periods while the processing of the test result does not change. After all, it is not the result of the test that should determine whether the file falls under the Dutch Medical Treatment Contracts Act (WGBO, which has a medical secrecy requirement and a retention period of 20 years) or under the Public Health Act (with a retention period of five years), but the act of testing itself. Moreover, it is unclear why the current draft bill seeks to connect to the Public Health Act and/or WGBO if it only concerns obtaining a test certificate for the purpose of participating in society (and therefore no medical treatment or public health task for that purpose). Here, the only possibility for processing and for breaching medical confidentiality should be the basis of consent. In this case, however, there cannot be the legally required freely given consent, since testing will be a compelling condition for participation in society.

Privacy requires clarity

Many other issues are still unclear: which data will be stored, where, by whom, and which data may possibly be exchanged? To what extent will there be personal localization and identification as opposed to occasional verification and authentication? Why may test results be kept for an unnecessarily long time (five or even 20 years)? How great are the risks of hacking, data breaches, fraud and forgery? To what extent will there be decentralized, privacy-friendly technology, privacy by design, open source software, data minimization and anonymization? Will test certificates remain free of charge and to what extent will privacy-friendly diversity and choice in testing applications be possible? Is work already underway to introduce an ‘alternative digital carrier’ in place of the Dutch CoronaCheck app, namely a chip, with all the risks that entails? How will function creep and profiling be prevented and are there any arrangements when it comes to data protection supervision? Will non-digital, paper alternatives always remain available? What will happen to the test material taken, i.e. everyone’s DNA? And when will the corona test certificates be abolished?

As long as such concerns and questions remain unanswered, submission of this bill makes no sense at all and the corona test certificate will only lead to the destruction of social capital. Privacy First therefore reiterates its request that the current proposal be withdrawn and not submitted to Parliament. Failing this, Privacy First will reserve the right to have the matter reviewed by the courts and declared unlawful.

[1] See the Dutch National Privacy Conference, 28 January 2021, https://youtu.be/asEX1jy4Tv0?t=9378, starting at 2h 36 min 18 sec.
[2] See Council of Europe, Parliamentary Assembly, Resolution 2361 (2021): Covid-19 vaccines: ethical, legal and practical considerations, https://pace.coe.int/en/files/29004/html, par. 7.3.1-7.3.2: “Ensure that citizens are informed that the vaccination is NOT mandatory and that no one is politically, socially, or otherwise pressured to get themselves vaccinated, if they do not wish to do so themselves; ensure that no one is discriminated against for not having been vaccinated, due to possible health risks or not wanting to be vaccinated.” See also, for example, Dutch House of Representatives, Motion by Member Azarkan on No Corona Vaccination Obligation (28 October 2020), Parliamentary Document 25295-676, https://zoek.officielebekendmakingen.nl/kst-25295-676.html: "The House (...) pronounces that there should never be a direct or indirect coronavirus vaccination obligation in the future"; Motion by Member Azarkan on Access to Public Benefits for All Regardless of Vaccination or Testing Status (5 January 2021), Parliamentary Document 25295-864, https://zoek.officielebekendmakingen.nl/kst-25295-864.html: "The House (...) requests the government to enable access to public services for all regardless of vaccination or testing status.’

In the fight against the coronavirus, the Dutch government this week made clear that the introduction of a curfew is imminent. Because of this, Privacy First today has sent the following appeal to the Dutch House of Representatives:

Dear Members of Parliament,

This week the Netherlands finds itself at a historical human rights crossroads: is a nation-wide curfew going to be introduced for the first time since World War II? For Privacy First such a far-reaching, generic measure would be disproportionate and far from necessary in virtually every situation. Moreover, in the fight against the coronavirus the effectiveness of such a measure remains unknown to this date. For that alone, there can be no legally required social necessity of a curfew. A curfew could in fact also be counterproductive, as it would harm the mental and (therefore also) physical health of large groups in society. Besides, a curfew in the Netherlands is yet another step towards a surveillance society. The use of lighter, targeted and more effective measures is always preferable. Should a curfew nonetheless be introduced, Privacy First would consider it a massive violation of the right to privacy and freedom of movement. Privacy First therefore calls on you to not let this happen and to thwart the introduction of a curfew.

Yours faithfully,

The Privacy First Foundation

Update 17 February 2021: this week, in summary proceedings, the district court of The Hague handed down a ground-breaking ruling that says that the curfew was wrongly introduced under the Dutch Extraordinary Powers Act. The current Dutch curfew is therefore unlawful. Moreover, the court found that there are "major question marks regarding the factual substantiation by the State of the necessity of the curfew. (...) Before a far-reaching restriction such as a curfew is introduced, it must be clear that no other, less far-reaching measures are available and that the introduction of the curfew will actually have a substantial effect", stated the court, without the conviction that this was the case. In addition, the court raised the question of why an urgent (but voluntary) curfew advice had not been chosen. The court also noted that "the Dutch Outbreak Management Team, according to the team itself, has no evidence that the curfew will make a substantial contribution to reducing the spread of the virus." All this "makes the State's assertion that a curfew is inevitable at least debatable and without convincing justification", the court concluded. (See judgment (in Dutch), paragraphs 4.12-4.14.)

The judgment of the district court of The Hague is in line with Privacy First’s earlier position. Privacy First hopes that this will be confirmed on appeal by the Hague Court of Appeal and that it will also lead to the rejection of the curfew by both the Dutch House of Representatives and the Senate.

Yesterday, there was a hearing in the Dutch House of Representatives in which the by now notorious Corona app was critically discussed. The House had invited various experts and organizations (among which Privacy First) to submit position papers and take part in the hearing. Below is both the full text of our position paper, as well as the text which was read out at the hearing. A video of the entire hearing (in Dutch) can be found HERE. Click HERE for the program, all speakers and position papers.

Dear Members of Parliament,

Thank you kindly for your invitation to take part in this roundtable discussion about the so-called Corona app. In the view of Privacy First, apps like these are a threat to everyone’s privacy. We will briefly clarify this below.

Lack of necessity and effectiveness

With great concern, Privacy First has taken note of the intention of the Dutch government to employ a contact tracing app in the fight against the coronavirus. Thus far, the social necessity of such apps has not been proven, while the experience of other countries indicates there is ground to seriously doubt their benefit and effectiveness. In fact, these apps may even be counterproductive as their use leads to a false sense of safety. Moreover, it’s very hard to involve the most vulnerable group of people (the elderly) through this means. This should already be enough reason to refrain from using Corona apps.

Surveillance society

In Privacy First’s view, the use of such apps is a dangerous development because it could lead to stigmatization and numerous unfounded suspicions, and may also cause unnecessary unrest and panic. Even when ‘anonymized’, the data from these apps can still be traced back to individuals through data fusion. In case this technology will be introduced on a large scale, it will result in a surveillance society in which everyone is being continuously monitored – something people will be acutely aware of and would lead to an imminent societal chilling effect.

Risks of misuse

There is a significant risk that the collected data will be used for multiple purposes (function creep) and be misused by both companies and public authorities. The risk of surreptitious access, hacking, data breaches and misuse is substantial, particularly in the case of central instead of decentral (personal) storage as well as a lack of open source software. However, not even the use of personal storage offers any warranty against misuse, malware and spyware, or, for that matter, makes users less dependent on technical vulnerabilities. Moreover, if the data fall into the hands of criminal organizations, they will be a gold mine for criminal activities.

For Privacy First, the risks of Corona apps do not outweigh their presumed benefits. Therefore, Privacy First advises the House to urge the cabinet not to proceed with the introduction of such apps.

Testing instead of apps

According to Privacy First, there is a better and more effective solution in the fight against the coronavirus. One that is based on the principles of proportionality and subsidiarity, i.e., large scale testing of people to learn about infection rates and immunization. To this end, the necessary test capacity should become available as soon as possible.

Haste is rarely a good thing

If, despite all the above-mentioned objections, it will be decided there is going to be a Corona app after all, then this should come about only after a careful social and democratic process with sufficiently critical, objective and independent scrutiny. This has not been the case so far, judging by the developments of the past few days. In this context, Privacy First recommends that the House calls on the cabinet to put its plans on ice and impose a moratorium on the use of Corona apps.

Privacy by design

The right to anonymity in public space is a fundamental right, one that is crucial for the functioning of our democratic constitutional state. Any democratic decision to nullify this right is simply unacceptable. If indeed the deployment of ‘Corona apps’ will be widespread, then at least their use should be strictly anonymous and voluntary. That is to say, they should be used only for a legitimate, specific purpose, following individual, prior consent without any form of outside pressure and on the premise that all the necessary information is provided. In this respect, privacy by design (embedding privacy protection in technology) must be a guiding principle. For Privacy First, these are stringent and non-negotiable prerequisites. In case these conditions are not met, Privacy First will not hesitate to bring proceedings before a court.      

Yours faithfully,

The Privacy First Foundation
(...)

Dear Members of Parliament,

You have received our position paper, this is our oral explanation.

First of all: Privacy First is firmly against any form of surveillance infrastructure, with or without apps.

With this in mind, we look at three legal principles:

•  Legitimate purpose limitation.
  - What is the problem?
  - What is the scale of the problem?
  - What are possible objectives, how can we achieve these objectives, and how can we measure progress towards them?
  
  It’s already impossible to answer the first question as we now test partially and selectively. The total infected population is unknown, the people who have recovered are unknown also, and do not get reported. There is, however, fearmongering as a result of emotions and selective reporting; deaths with multiple causes (die with as opposed to die from Corona) and admittance to critical care units.
  
  Let us be clear, we will first have to map out the causes of this problem before we can draw conclusions and talk about solutions. Not only IT professionals and virologists should be involved in this, to no lesser extent we need philosophers, legal scholars, sociologists, entrepreneurs and others who represent society also.
  
  
• Necessity and proportionality. In terms of test capacity, critical care units, medical materials and medical personnel, we essentially have a capacity problem. So, there is no doubt in our mind what we should be focusing on, also in view of future outbreaks; testing the entire population in order to tell who is infected and who is immune, and be able to determine the real problem. 97% of the population is unaffected. Make sure there will be a division and proper care for high-risk groups. Halt crisis communication and start crisis management. Take all treatment methods seriously, including those that are not profitable for Big Pharma and Big Tech.
  
  
• Subsidiarity. Once we know the problem, we may ask what the solutions are. Additional personnel at municipal health centers? Building a critical care unit hospital specifically for situations like these? Increasing the test capacity in order to be able to take decisions based on figures? All of this is possible within our current health system, with the general practitioner as the first point of contact.

On the basis of trust, we have given our government six weeks to get its act together. And what do we get in return? Distrust and monitoring tools. And still shortages of medical equipment. So, fix the fundamentals, deal with the treatment and test capacity and stop building new technological gadgets and draconian apps used in dictatorial regimes in Asia. And take The Netherlands out of this prolonged lockdown as soon as possible. Privacy First is opposed to a ‘1.5-meter society’ as the new normal, and is instead in favor of a common-sense society based on trust in mature citizens.

With great concern, Privacy First has taken note of the intention of the Dutch government to employ special apps in the fight against the coronavirus. In Privacy First’s view, the use of such apps is a dangerous development because it could lead to stigmatisation and numerous unfounded suspicions, and may also cause unnecessary unrest and panic. Even when ‘anonymized’, the data from these apps can still be traced back to individuals through data fusion. In case this technology will be introduced on a large scale, it will result in a surveillance society in which everyone is being continuously monitored – something people will be acutely aware of and would lead to an imminent societal chilling effect. Furthermore, there is a substantial risk that the collected data will be used and misued for multiple (illegitimate) purposes by companies and public authorities. Moreover, if these data fall into the hands of criminal organizations, they will be a gold mine for criminal activities. For Privacy First, these risks of Corona apps do not outweigh their presumed benefits.

The right to anonymity in public space is a fundamental right, one that is crucial for the functioning of our democratic constitutional State. Any democratic decision to nullify this right is simply unacceptable. If indeed the deployment of ‘Corona apps’ will be widespread, then at least their use should be strictly anonymous and voluntary. That is to say, they should be used only for a legitimate, specific purpose, following individual, prior consent without any form of outside pressure and on the premise that all the necessary information is provided. In this respect, privacy by design (embedding privacy protection in technology) must be a guiding principle. For Privacy First, these are stringent and non-negotiable prerequisites. In case these conditions are not met, Privacy First will not hesitate to bring proceedings before a court.

The world is hit exceptionally hard by the coronavirus. This pandemic is not only a health hazard, but can also lead to a human rights crisis, endangering privacy among other rights.

The right to privacy includes the protection of everyone’s private life, personal data, confidential communication, home inviolability and physical integrity. Privacy First was founded to protect and promote these rights. Not only in times of peace and prosperity, but also in times of crisis.

Now more than ever, it is vital to stand up for our social freedom and privacy. Fear should not play a role in this. However, various countries have introduced draconian laws, measures and infrastructures. Much is at stake here, namely preserving everyone’s freedom, autonomy and human dignity.

Privacy First monitors these developments and reacts proactively as soon as governments are about to take measures that are not strictly necessary and proportionate. In this respect, Privacy First holds that the following measures are in essence illegitimate:
- Mass surveillance
- Forced inspections in the home
- Abolition of anonymous or cash payments
- Secret use of camera surveillance and biometrics
- Every form of infringement on medical confidentiality.

Privacy First will see to it that justified measures will only apply temporarily and will be lifted as soon as the Corona crisis is over. It should be ensured that no new, structural and permanent emergency legislation is introduced. While the measures are in place, effective legal means should remain available and privacy supervisory bodies should remain critical.

Moreover, in order to control the coronavirus effectively, we should rely on the individual responsibility of citizens. Much is possible on the basis of voluntariness and individual, fully informed, specific and prior consent.

As always, Privacy First is prepared to assist in the development of privacy-friendly policies and any solutions based on privacy by design, preferably in collaboration with relevant organizations and experts. Especially in these times, the Netherlands (and the European Union) can become an international point of reference when it comes to fighting a pandemic while preserving democratic values and the right to privacy. This is the only way that the Corona crisis will not be able to weaken our world lastingly, and instead, we will emerge stronger together.

Column

The coronavirus has plunged the whole world into a deep crisis and governments do their utmost to control the dissemination. As I wrote in my previous column, it is important especially now to keep our heads cool and to protect our civil rights and privacy. A short and temporary infringement of our privacy in the general interest may be legitimate. The western model should imply a partial, temporary lockdown, lasting at most twice the incubation period so as to control the spread of the virus based on increased testing, and to facilitate the healthcare system, augmenting the number of critical care beds.

Moreover, this should be a participatory lockdown, based on voluntary participation and citizens’ individual responsibility. This is only logical, as trust is the cornerstone of our democratic society, even though at times there is a lack of it. This concerns trust in fellow citizens, the government and first of all, oneself. At this point in time I have a lot of confidence in the Dutch approach, which is a combination of common sense and relying on healthcare experts. Ultimately, we will have to learn to live with this virus and control potential outbreaks.

To measure is to know and therefore it is essential to scale up the number of tests with the right test equipment without delay. There are tests which can indicate quickly whether someone is infected. It is interesting to note that in Germany, where practically everyone with symptoms is being tested, the percentages of gravely ill and deceased people are considerably lower than in countries where testing is very limited. For policy makers and politicians it is thus very important to take the right decisions on the basis of facts.

If not, there will be a long-standing and emotionally-driven struggle, the encroachment on our freedom will not be short and temporary and power will shift disproportionately into the hands of the State. Such a scenario will see us move towards a forced surveillance society (see the current situation Israel is in, the newly introduced legislation in the UK as well as EU proposals with regard to telecom location data), characterised by the abolishment of anonymous (cash) payments (see the current guidelines in the Dutch retail sector), the dissolution of medical confidentiality and physical integrity in the context of potential virus infections (compulsory vaccinations and apps) and censorship of any alternative or undesired sources of information that counter the prevailing narrative. Besides, commercial interests of IT and pharmaceutical companies would come to dominate even more.

In the best case scenario, both society and the economy will soon be able to revive on the basis of individual and aggregate test results, with this lesson to bear in mind: let’s not lose the importance of our freedom, health and individual responsibility out of sight. All of a sudden, citizens have been left to their own devices and this experience will make them realize that life is not malleable and our society is not a mere paper exercise. This situation could lead to increased civic participation and less government, i.e. greater focus on critical functions. When we take a look around now, we see positive-minded, well-informed and responsible citizens and there is no need to keep focusing on a handful of exceptions. That is, as long as the measures in place are comprehensible, measurable and very temporary, and are not packaged into structural legislation, thereby misusing the crisis in order to grant certain organizations and sectors greater influence and power.

Finally, it’s worth realizing that all entrepreneurial Dutchmen without whom we would not be able to pay our fine public services, also deserve a round of applause. And perhaps the idea of a basic income for every citizen could be reviewed once more. In other words: let’s aim for more individual decisions in a freer society that is supported by technology and common sense!

Here’s to a free 2020!

Bas Filippini,
Privacy First chairman
(in personal capacity)

Column

Many questions have been raised about Privacy First’s point of view in relation to the protection of privacy in crisis situations, such as the one we’re currently experiencing as a result of the coronavirus. As indicated previously, I support the precautionary principle, i.e., we don’t know what we don’t know and what in fact is effective. A strict, western-style approach on the basis of a temporary (partial) lockdown for a (very) short period of time will drastically flatten the coronavirus curve and will make sure the healthcare system does not collapse. This also allows us to gain time to find a vaccine or medicine. We still don’t know exactly what kind of virus we’re dealing with, how it came into existence and how to control it.

Our society is built on trust. In a crisis situation like we’re in now, authorities will have to take temporary crisis measures which allow citizens to do the right thing voluntarily and on the basis of trust. This may temporarily restrict privacy, such as freedom of movement and/or physical integrity (think of being in quarantine). The government can choose to have a full or partial lockdown. Making this choice, it is essential that we rely on the norms and values of our free, democratic society, and that there is trust both in the citizenry and in the means and measures that may be employed. Ideally, this would result in a participatory lockdown based on everyone’s freedom and sense of responsibility.

Past experience shows that when there is open and honest communication, citizens act responsibly and in the general interest. This implies that draconian and structural legislative measures that restrict freedom can be kept at bay, much to the benefit of the people and the economy. In this respect, it is significant that practically all companies, institutions and organizations currently comply with the protocols, and even do more than what is required. After a period of inaction, the Dutch government has decided to act and take responsibility, which is most welcome. After all, this concerns a potentially great number of very sick patients and fatalities, including many elderly and vulnerable people.

Our government has opted for a democratic instead of a dictatorial approach, and that is to be applauded. So let’s use this moment to keep our head cool instead of infringing upon everyone’s freedom and right to privacy, freedom of movement, bodily integrity and cash payments. I see there is a bitter wind sweeping through Denmark, where a coronavirus emergency law has been rushed through, allowing the authorities to force people to be vaccinated (even though there is no vaccine yet), and in France too, where permanent crisis measures seem to have been implemented. All this is incompatible with a decent society and creates misplaced precedents. Let’s act in the general interest on the basis of trust and everyone’s own responsibility. For that, we need neither to be locked up, nor do we want to see the army in the streets, or any other draconian measures or laws to be put in place.

Let’s strive for a free and trustworthy Netherlands and Europe.

Bas Filippini,
Privacy First chairman
(in personal capacity)

Since 2013, the Dutch Association of General Practitioners has, in an essential civil case, been litigating against the private successor of the Dutch Electronic Health Record (Elektronisch Patiëntendossier, EPD): the National Switch Point (Landelijk Schakelpunt, LSP). At the end of last week, the Dutch Supreme Court decided that, for the time being, the LSP is not in violation of current privacy law. However, the Supreme Court has laid down in its judgment that the LSP will soon have to comply with the legislative requirement of privacy-by-design. This constitutes an important precedent and raises the bar with a view to the future.

Private relaunch of EPD: National Switch Point

In April 2011, the Dutch Senate unanimously rejected the EPD, primarily on account of privacy objections. However, almost directly afterwards, various market participants (among which health insurance companies) made sure there was a relaunch of the same EPD in private form: the LSP, intended for the large-scale, central exchange of medical data. Since then, the LSP has been introduced nationally and many practitioners have aligned themselves with it, oftentimes under pressure of health insurers. Millions of people in the Netherlands have given their ‘consent’ to the exchange of their medical records via the LSP. However, this ‘consent’ is so broad and general, it’s virtually impossible to deem it lawful. This was one of the main objections the court case of the Association of General Practitioners against the LSP revolved around. Other objections against the LSP are related to the fact that its architecture is inherently insecure and in breach of privacy. Through the LSP, every connected medical record is accessible for thousands of health care providers. This is in violation of the right to privacy of patients and the medical confidentiality of treating physicians. What’s more, there is no privacy-by-design, for example through end-to-end encryption. The LSP is basically as leaky as a sieve, which means that it’s ideal for function creep and possible abuse by malicious actors.

Specific Consent Campaign

Over the last couple of years, Privacy First has repeatedly raised the alarm about this in the media. We have brought the issue to the attention even of the United Nations Human Rights Council. In April 2014, a large scale Internet campaign was launched on the initiative of Privacy First and the Dutch Platform for the Protection of Civil Rights (Platform Bescherming Burgerrechten) in order to retain and enhance the right to medical confidentiality: www.SpecifiekeToestemming.nl. Ever since, this campaign is being supported by numerous civil organizations, healthcare providers and scholars. The essence of the campaign is that specific consent should (again) become the leading principle when it comes to the exchange of medical data. In case of specific consent, prior to sharing medical data, clients have to be able to decide whether or not, and if so, which data to share with which healthcare providers and for which purposes. This minimizes risks and enables patients to control the exchange of their medical data. This is in contrast to the generic consent that applies to the LSP. In the case of generic consent, it is unforeseeable who can access, use and exchange someone’s medical data. In this respect, generic consent is in contravention of two classic privacy principles: the purpose limitation principle and the right to free, prior and fully informed consent for the processing of personal data.

Privacy by design

Courtesy also of the pressure exerted by our campaign SpecifiekeToestemming.nl, the Dutch legislative proposal Clients’ Rights in relation to the processing of data in healthcare (legislative proposal 33509), was strenghtened by the House of Representatives in 2014 and was adopted by the Senate in 2016 as a result of two crucial motions: 1) the motion Bredenoord (D66) about the further elaboration of data-protection-by-design as the starting point for the electronic processing of medical data and 2) the motion Teunissen (Party for the Animals) related to keeping medical records accessible on a decentral (instead of a central) level. Under the new law, specific (‘specified’) consent is obligatory. This should now be implemented in all existing and future systems for the exchange of medical data, including the LSP. Moreover, privacy-by-design will become an inexorable legal duty under the new European General Protection Data Regulation (GDPR), that is to say, privacy and data protection should be incorporated in all relevant hardware and software from the very first design. In this context, there have been several developments on the Dutch market in recent years, all of which indicate that both specific consent as well as privacy-by-design are indeed becoming standards in new systems. A prime example of this in a medical context is Whitebox Systems, which won a Dutch National Privacy Innovation Award in 2015 already.

Court case of Association of General Practitioners

Since March 2013, the Dutch Association of General Practitioners (Vereniging Praktijkhoudende Huisartsen, VPH) has been litigating in a large-scale civil case against the private administrator of the LSP: the Association of Healthcare Providers for Healthcare Communication (Vereniging van zorgaanbieders voor zorgcommunicatie, VZVZ). Following unsatisfactory rulings by the district court of Utrecht and the Arnhem Court of Appeal, VPH appealed before the Dutch Supreme Court at the end of 2016. Since then, this case has, on the recommendation of Privacy First, received pro bono support from law firm Houthoff Buruma. As amicus curiae, Privacy First and the Platform for the Protection of Civil Rights filed a letter (PDF) with the Supreme Court in support of the general practitioners and in line with our joint campaign SpecifiekeToestemming.nl. In her conclusion, the Advocate general of the Supreme Court referred extensively to the amicus curiae letter. On 1 December 2016, the Supreme Court finally came up with its ruling. Regrettably, the Supreme Court by and large agreed with the line of reasoning of the Arnhem Court of Appeal. Privacy First cannot help thinking that the LSP (even before the Supreme Court) is apparently too big too fail: by now this faulty system has grown to the extend that no one dares to declare it unlawful. There is, however, an important positive note, which can be found in the final consideration of the Supreme Court:

‘‘[The Court has] acknowledged that the healthcare infrastructure can be designed in such a way that a clearer distinction can be made between (sorts of) data and (categories of) healthcare providers and, particularly, in such a way that the exchange of data on the basis of consent can beforehand be limited to cases of urgency. The Court takes the view that such infrastructure would be better in line with the principles of the Privacy Directive and the Personal Data Protection Act, but that it could not have been demanded from VZVZ at the time of the contested ruling. According to the Court, VZVZ can be expected, however, to alter its system offering greater freedom of choice, as soon as this is technically possible and feasible.

These considerations are not incomprehensible. It is worthwhile noting that, considering (...) the regulatory changes and VZVZ’s ambitions in relation to the system (...), privacy by design and privacy by default as explicit points of departure (art. 25, paragraphs 1 and 2 General Data Protection Regulation), is what the Court can reasonably expect from VZVZ.’' (5.4.4)

Just like the Arnhem Court of Appeal, the Supreme Court clearly homes in on the implementation of specific consent and privacy-by-design when it comes to the LSP. The Supreme Court thereby creates a positive precedent which will set the scene for the future, also in a broader sense. Privacy First will continue to actively follow the developments in this case and, if necessary, will not hesitate to bring certain aspects to the attention of the courts once more.

Read the entire ruling of the Supreme Court HERE (in Dutch) and the previous conclusion of the Advocate General HERE.

HERE you find the amicus curiae letter written by Privacy First and the Dutch Platform for the Protection of Civil Rights (pdf in Dutch).

Comments from the Dutch Association of General Practitioners: http://www.vphuisartsen.nl/nieuws/cassatieberoep-vphuisartsen-verloren-toch-winst/

Comments from SpecifiekeToestemming.nl: http://specifieketoestemming.nl/werk-aan-de-winkel-na-teleurstellend-vonnis-over-lsp/.

The Amsterdam police are considering the introduction of mobile X-ray body scanners on the streets, local television station AT5 reported today. If the police will indeed introduce such "nude scanners", Privacy First will not hesitate to sue both the Amsterdam police and the responsible Amsterdam Mayor Van der Laan for breach of 1) human dignity, 2) the presumption of innocence, 3) privacy, 4) freedom of movement, 5) physical integrity and 6) the health of all Amsterdam residents. Any introduction of mobile X-ray scanners will actively jeopardize the privacy as well as the health of innocent citizens.

Privacy First hereby makes an urgent appeal for political measures: this Thursday the subject of preventive searches is on the agenda of the Amsterdam city council. It is primarily up to the council to blow the whistle and prohibit the introduction of nude scanners by the Amsterdam police. If the council fails in this, Privacy First reserves the right to take all necessary measures to prevent the introduction of nude scanners.

Update 7.00pm: reaction of Privacy First on FunX Radio (in Dutch).

Update June 29, 2012: the introduction of mobile body scanners is put on hold during further investigations by Amsterdam Mayor Van der Laan. The subject will not be on the agenda of the Amsterdam city council again until early 2013. The political debate on preventive searches (including the possible introduction of body scanners) which took place yesterday in the Amsterdam city council Committee for General Affairs can be viewed online HERE (starting at 233m40s).