Law & Politics

Privacy-wise these are turbulent times. Partly because of the pressure by Privacy First, a positive change is ongoing since last year. Privacy is higher up on the Dutch political agenda. Dutch media more often and more extensively report on privacy matters. This enhances privacy awareness among the Dutch population. It also reinforces our democratic constitutional State. Examples of positive developments are the abandonment of the electronic toll system (no ‘espionage units’ in cars), voluntary instead of compulsory ‘smart energy meters’, voluntary instead of compulsory body-scans at airports, abandonment of the storage of fingerprints under the Dutch Passport Act and the introduction of Privacy Impact Assessments for new legislation that invades the privacy of citizens. All of these developments go hand in hand with Privacy First’s motto: ‘‘your choice in a free society’’. Meanwhile, privacy restricting forces from the old days still have their say. Bad habits die hard. In recent months this became particularly obvious through developments towards a private restart of the Dutch Electronic Health Record (Elektronisch Patiëntendossier, EPD). Earlier this year the Senate had rightly binned the EPD. Apparently some policy makers and commercial parties are having none of this. With similar stubbornness others are currently trying to press through their old plans for Automatic Number Plate Recognition (ANPR) and camera surveillance along the Dutch border. These plans were already on the drawing board years ago, in a time in which privacy increasingly seemed to become a taboo. A time in which the American Bush administration was able to burden the entire European Union with biometric passports and associated databases. That time is over, but the heritage of that era still exerts its influence to this day...

In the meantime privacy is back where it once was. Privacy is the ‘‘new green.’’ In that respect advocates of the national EPD and ANPR are behaving like a bunch of old environmental polluters. They’re like rusty old factories from the 70s being teletransported to the year 2011, without them realizing it. The Dutch House of Representatives seemed to have a good sense for this when last week it unanimously accepted a motion about something that Privacy First has been emphasizing since its foundation: ‘‘Privacy by Design’’. In other words, incorporating privacy from scratch in a technical sense, at the micro level, through Privacy Enhancing Technologies (PET). In the view of Privacy First, however, the principle of ‘‘Privacy by Design’’ also applies to the meso- and macro-levels. That is to say, in an organizational and legislative sense. After all, this is the way you get to a privacy-friendly design as well as a privacy-friendly reality of a sustainable information society as a whole. Well, you can pursue your own line of thoughts here. As a source of inspiration Privacy First is pleased to provide the entire text of the parliamentary motion:

The House of Representatives,

on the advice of the deliberation,

considering that in ICT projects of the government there is too little attention for the protection of privacy and too little attention for the prevention of abuse of these systems;

considering that the privacy of citizens is not to be invaded any more than is strictly necessary and that insecure systems can put privacy in danger;

considering that systems that can easily be hacked seriously affect the reputation of government;

considering that modifying systems to safeguard privacy and enhancing security afterward, is usually more expensive and more often leads to a lower level of protection compared to when privacy and security are prerequisites from the outset of the project;  

requests the government to apply privacy by design and security by design in the development of all new ICT projects in order for new ICT systems to be more secure and better prepared against abuse and only to contain privacy-sensitive information when strictly necessary,

and proceeds to the order of the day.

This week an important policy debate took place in the Dutch Senate with the Minister of the Interior and Kingdom Relations Piet Hein Donner (of the Christian-democratic party CDA) and the State Secretary for Security and Justice Fred Teeven (of the liberal party VVD) about ‘the role of the government in digital data processing’. In the week following up to the debate Privacy First had expressed its views to the Senate. We are pleased to see that many of our views have been accepted (and even literally copied by some parties) throughout the Senate and that even government members Donner and Teeven proved not to be insensitive to them. This goes for both classic rights and principles that need to be reconfirmed as well as some new starting points:

- the right to express, prior and fully informed consent of citizens in the use of their personal data, both by the government and corporations;

- strict purpose limitation and necessity when using personal data;

- the right of citizens to access, correction and deletion of their personal data;

- privacy, freedom of choice, transparency and effectiveness as leading principles in the drafting of new legislation;

- the importance of evaluation and sunset clauses in (new) legislation;

- public cost-benefit analyses;

- public disclosure of departmental feasibility studies, pilot projects and research reports;

- introduction of privacy impact assessments (PIAs) and privacy by design;

- support of the legislative process by means of expert meetings and external advice.

However, the statement by minister Donner that destroying the fingerprints which are stored by Dutch municipalities would still take months is a great disappointment. The same goes for the fact that there is still no ‘fingerprint-free’ ID card; this too could have been implemented a long time ago. Recently Privacy First urged the minister to execute this process as quickly as possible (be it through modifying relevant legislation or through technical modifications).

A draft report of the Parliamentary debate can be found HERE. Our own audio recordings of the debate can be downloaded HERE. A great number of interesting passages from the debate (both by Members of Parliament as well as members of the government) can be found HERE (in Dutch).

On 2 February this year, the district court of The Hague gave its judgement in the civil lawsuit on the Dutch Passport Act which had been initiated by the Privacy First Foundation and 21 co-plaintiffs (citizens) against the Dutch government on 6 May 2010. The main request in this case is that the new Passport Act is to be declared unlawful on account of violating human rights, in particular the right to privacy. However, to the astonishment of many, the court declared both Privacy First as well as the 21 co-plaintiffs inadmissible. Hence the court didn’t proceed to the stage of dealing with the merits of the legal questions regarding the new Passport Act.

A striking aspect about the judgement is, first of all, how short it is. Privacy First cannot help thinking that the court wanted to be done with this case quickly. The court motivated its judgement by declaring that Privacy First would not have an own interest in this case and that for the co-plaintiffs (citizens) a legal avenue to an administrative judge would be all that remains. However, as a matter of fact, Privacy First as a relevant foundation has every interest in this case. What’s more, citizens are not in a position to (directly) object to the storage of fingerprints for their new passport or ID-card. Making such individual objections is only possible through time-consuming and cumbersome proceedings.

Privacy First has decided to appeal against the court’s judgement. On the basis of an analysis by our attorneys of SOLV we deem the judgement to be perfectly contestable, especially with regard to the inadmissibility of Privacy First as well as our co-plaintiffs. (This analysis is being shared by other legal experts.) The appeal will take place before the Court of Appeal in The Hague. Once the earlier judgement on inadmissibility has been overturned, the merits of the case can be dealt with there.

The press release by Privacy First announcing its appeal can be read HERE (Dutch pdf).

Update 17 February 2011: See also this article on Webwereld (in Dutch).

Vincent Böhre, Director and Legal advisor 

Below is an extensive photo impression of the day of our Passport Trial at the Palace of Justice in The Hague. These pictures were taken by press photographer Guus Schoonewille of Fastfoto and can be used freely under the following title: "Privacy First Foundation, 29 November 2010, Trial against the new Passport Act. Photo: Guus Schoonewille". Click on the picture of your choice to see a larger version which you can download using your right mouse button.

Below is an extensive photo impression of the day of our Passport Trial at the Palace of Justice in The Hague. These pictures were taken by press photographer Guus Schoonewille of Fastfoto and can be used freely under the following title: "Privacy First Foundation, 29 November 2010, Trial against the new Passport Act. Photo: Guus Schoonewille". Click on the picture of your choice to see a larger version which you can download using your right mouse button.

Art photographer Maarten Tromp has made a beautiful photo series of the co-plaintiffs in our Passport Trial. Three of these photos are on the left and below in small size. A large number of pictures appeared on February 2, 2011 in Dutch newspaper NRC Next. The entire series of photographs can be seen on the website of Maarten Tromp.



                                 

On this page you can find up-to-date information and documents relating to the civil lawsuit (Passport Trial, 'Paspoortproces') that Privacy First has lodged against the Dutch government which, in this case, is being represented by the Dutch Ministry of the Interior and Kingdom Relations.

trial documents (in Dutch)

- Response letter ('Borgersbrief') from Privacy First and co-plaintiffs dated 6 March 2015, by Barbara van Dorp (Alt Kam Boer Attorneys; click HERE (pdf in Dutch).

- Advice from the Advocate General of the Supreme Court Jaap Spier dated 20 February 2015; click HERE (pdf in Dutch, 7 MB).

- Rejoinder from Privacy First and co-plaintiffs dated 5 December 2014, by Barbara van Dorp (Alt Kam Boer Attorneys); click HERE (pdf in Dutch).

- Reply from the State Attorneys Hans van Wijk and Gijsbrecht Nieuwland dated 5 December 2014; click HERE (pdf in Dutch).

- Written explanation to the appeal summons from the State Attorneys Hans van Wijk and Gijsbrecht Nieuwland dated 21 November 2014; click HERE (pdf in Dutch).

- Statement of Defence (written explanation) from Privacy First and co-plaintiffs dated 21 November 2014, by Barbara van Dorp (Alt Kam Boer Attorneys); click HERE (pdf in Dutch).

- Appeal Summons from State Attorneys Hans van Wijk en Gijsbrecht Nieuwland dated 19 May 2014; click HERE (pdf in Dutch).

- Ruling of the Hague Court of Appeal dated 18 February 2014; click HERE (pdf in Dutch), which was also published on rechtspraak.nl and in Jurisprudentie Bestuursrecht 2014/76, with annotation by professor R. Schutgens.

- Reply to the Statement of Appeal by the State Attorney Cécile Bitter dated 26 March 2013: click HERE (pdf in Dutch).

- Statement of Appeal by the Privacy First Foundation and co-plaintiffs, dated 18 December 2012 click HERE.
- Judgement by the district court of The Hague dated 2 February 2011:  click HERE. LJN: BP2860. Annotations: JB 2011/78 by Prof. R. Schutgens , NJB 2011, No 15 (Kroniek Bestuursrecht, 'Chronicle of Administrative Law'), p. 939; NJB 2012/11 (Prof. T. Barkhuysen, Ruim baan voor belangenorganisaties, 'Make way for interest groups').

- Brief by Christiaan Alberdingk Thijm (SOLV Attorneys): click HERE.
- Brief by State Attorney Cécile Bitter: click HERE. 
- Statement of Defence by State Attorney Cécile Bitter: click HERE.
- Summons of the State by the Privacy First Foundation, by Christiaan Alberdingk Thijm (SOLV Attorneys): click HERE.
- Pre-advice by Judith van Schie (Bousie Attorneys): click HERE. 

Background: LegAL grounds

The source for our current passport: EU Council Regulation (EC) No 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States: click HERE.

The EU rules for dealing with passport data: Directive 95/46/EC dated 24 October 1995 (European Privacy Directive): click HERE.

Jurisprudence: the famous Marper case. Is it lawful to store the fingerprints of someone who isn't being accused of anything? According to the European Court of Human Rights (ECHR), it isn't. For the judgment by the ECHR in Strasbourg in the case of S. and Marper vs. United Kingdom dated December 4, 2008, click HERE.

The Dutch Passport Act of 15 July 2009, in force as of 21 September 2009, click HERE. For the 2008 Explanatory Memorandum to the new Passport Act click HERE.

The general philosophy of the Fair Information Principles

1. Notice/Awareness

The most fundamental principle is notice. Consumers should be given notice of an entity's information practices before any personal information is collected from them. Without notice, a consumer cannot make an informed decision as to whether and to what extent to disclose personal information. Moreover, three of the other principles discussed below -- choice/consent, access/participation, and enforcement/redress -- are only meaningful when a consumer has notice of an entity's policies, and his or her rights with respect thereto.

While the scope and content of notice will depend on the entity's substantive information practices, notice of some or all of the following have been recognized as essential to ensuring that consumers are properly informed before divulging personal information:

• identification of the entity collecting the data;
• identification of the uses to which the data will be put;
• identification of any potential recipients of the data;
• the nature of the data collected and the means by which it is collected if not obvious (passively, by means of electronic monitoring, or actively, by asking the consumer to provide the information);
• whether the provision of the requested data is voluntary or required, and the consequences of a refusal to provide the requested information; and
• the steps taken by the data collector to ensure the confidentiality, integrity and quality of the data.

Some information practice codes state that the notice should also identify any available consumer rights, including: any choice respecting the use of the data; whether the consumer has been given a right of access to the data; the ability of the consumer to contest inaccuracies; the availability of redress for violations of the practice code; and how such rights can be exercised.

In the Internet context, notice can be accomplished easily by the posting of an information practice disclosure describing an entity's information practices on a company's site on the Web. To be effective, such a disclosure should be clear and conspicuous, posted in a prominent location, and readily accessible from both the site's home page and any Web page where information is collected from the consumer. It should also be unavoidable and understandable so that it gives consumers meaningful and effective notice of what will happen to the personal information they are asked to divulge.

2. Choice/Consent

The second widely-accepted core principle of fair information practice is consumer choice or consent. At its simplest, choice means giving consumers options as to how any personal information collected from them may be used. Specifically, choice relates to secondary uses of information -- i.e., uses beyond those necessary to complete the contemplated transaction. Such secondary uses can be internal, such as placing the consumer on the collecting company's mailing list in order to market additional products or promotions, or external, such as the transfer of information to third parties.

Traditionally, two types of choice/consent regimes have been considered: opt-in or opt-out. Opt-in regimes require affirmative steps by the consumer to allow the collection and/or use of information; opt-out regimes require affirmative steps to prevent the collection and/or use of such information. The distinction lies in the default rule when no affirmative steps are taken by the consumer. Choice can also involve more than a binary yes/no option. Entities can, and do, allow consumers to tailor the nature of the information they reveal and the uses to which it will be put. Thus, for example, consumers can be provided separate choices as to whether they wish to be on a company's general internal mailing list or a marketing list sold to third parties. In order to be effective, any choice regime should provide a simple and easily-accessible way for consumers to exercise their choice.

In the online environment, choice easily can be exercised by simply clicking a box on the computer screen that indicates a user's decision with respect to the use and/or dissemination of the information being collected. The online environment also presents new possibilities to move beyond the opt-in/opt-out paradigm. For example, consumers could be required to specify their preferences regarding information use before entering a Web site, thus effectively eliminating any need for default rules.

3. Access/Participation

Access is the third core principle. It refers to an individual's ability both to access data about him or herself -- i.e., to view the data in an entity's files -- and to contest that data's accuracy and completeness. Both are essential to ensuring that data are accurate and complete. To be meaningful, access must encompass timely and inexpensive access to data, a simple means for contesting inaccurate or incomplete data, a mechanism by which the data collector can verify the information, and the means by which corrections and/or consumer objections can be added to the data file and sent to all data recipients.

4. Integrity/Security

The fourth widely accepted principle is that data be accurate and secure. To assure data integrity, collectors must take reasonable steps, such as using only reputable sources of data and cross-referencing data against multiple sources, providing consumer access to data, and destroying untimely data or converting it to anonymous form.

Security involves both managerial and technical measures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data. Managerial measures include internal organizational measures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Technical security measures to prevent unauthorized access include encryption in the transmission and storage of data; limits on access through use of passwords; and the storage of data on secure servers or computers that are inaccessible by modem.

5. Enforcement/Redress

It is generally agreed that the core principles of privacy protection can only be effective if there is a mechanism in place to enforce them. Absent an enforcement and redress mechanism, a fair information practice code is merely suggestive rather than prescriptive, and does not ensure compliance with core fair information practice principles.

The Fair Information Principles as put into Canadian Law

Klik hier voor de bron.

These principles are usually referred to as “fair information principles”.

They are included in the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private-sector privacy law, and called "Privacy Principles".

Privacy Principles

Principle 1 — Accountability

An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.

Principle 2 — Identifying Purposes

The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.

Principle 3 — Consent

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

Principle 4 — Limiting Collection

The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.

Principle 5 — Limiting Use, Disclosure, and Retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.

Principle 6 — Accuracy

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

Principle 7 — Safeguards

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

Principle 8 — Openness

An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

Principle 9 — Individual Access

Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Principle 10 — Challenging Compliance

An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.