A broad coalition of organizations and companies is starting interim injunction proceedings against the Dutch government. The Privacy First Foundation, internet provider BIT, the Dutch Association of Journalists and the Dutch Association of Defence Counsel among others are demanding the abolition of the Dutch Telecommunications Data Retention Act. The Dutch Council of State and the European Court of Justice have already ruled that the Act is in violation of fundamental rights that protect private life, communications and personal data. However, the Dutch government refuses to render the Telecommunications Data Retention Act inoperative.

On 8 April 2014 the European Court of Justice declared the European Data Retention Directive (2006/24/EC) invalid with retroactive effect. According to the Court, retaining communications data of everyone without any concrete suspicion is in violation of the fundamental right to privacy. Objective criteria should be applied to determine the necessity of collection and retention of data and there should be prior control from an independent body or judge. Randomly and unrestrictedly collecting metadata (traffic data) in the context of 'mass surveillance' is not permitted, according to the Court.

In the Netherlands, regulations in this area are enshrined in the Dutch Telecommunications Data Retention Act, which largely mirrors the European Data Retention Directive. The Act provides that telecommunications companies and internet providers have to retain various data regarding internet and telephone usage for at least six and at most twelve months in order for judicial authorities to be able to use those data for criminal investigation purposes. Recently the Dutch Council of State ('Raad van State') judged that the Act does not comply with fundamental rights that protect private life, communications and personal data. However, the Dutch government does not heed the advice of the Council of State and refuses to repeal the Act. Compliance with the Act will be maintained by the government.

Vincent Böhre of Privacy First: "Mass surveillance constitutes a massive violation of citizens' privacy rights. It is unacceptable that the Dutch government clings to this practice after the highest European judge has already clearly stated back in April that this privacy violation is not permitted."

Thomas Bruning, Secretary of the Dutch Association of Journalists: "Telecommunications companies and internet providers are now obliged to retain a vast amount of communications data of all citizens. This includes journalists. Companies have to disclose these data at the request of the government. There is no guarantee whatsoever for the journalistic right of non-disclosure."

"The Dutch regulations are in breach of the applicable European fundamental rights", states Fulco Blokhuis, partner at Boekx Attorneys, who has meanwhile drafted a subpoena. "This situation is as disconcerting as it is undesirable. Maintaining this Act is unlawful, both towards citizens as well as companies who are forced to stay in possession of traffic data."

Alex Bik of internet provider BIT: "When the Dutch government introduced the Act, it hid behind the argument that the introduction was simply imposed upon by Europe, but since the European Data Retention Directive has been repealed with retroactive effect, this argument all of a sudden is no longer deemed valid by the government. That is not right."

Otto Volgenant of Boekx Attorneys: "As the Dutch Minister of Security and Justice, Ivo Opstelten, is unwilling to abolish the Telecommunications Data Retention Act, we will request the court to either render the Act inoperative or to prohibit its application any longer. We will shortly be issuing interim injunction proceedings."

Update 12 January 2015: the interim injunction proceedings against the Dutch government pertaining to the retention of telecommunications data will take place before the district court of The Hague in a public hearing on Wednesday 18 February 2015 at 11:00 hours. Meanwhile, the renowned Netherlands Committee of Jurists for Human Rights (NJCM) has joined the coalition of claimant organizations. Click pdfHERE (pdf, in Dutch) for the subpoena, click HERE for a press release from Boekx Attorneys (in Dutch) and HERE for an article (in Dutch) which appeared on the website of Dutch newspaper Telegraaf this morning.

Update 30 January 2015: yesterday a hearing (roundtable) about the Dutch Data Retention Act took place in the Dutch House of Representatives. Click pdfHERE for a schedule of the hearing (pdf) and pdfHERE (pdf, in Dutch) for the talking points that Privacy First sent to the House of Representatives prior to the hearing (pdf). The lack of necessity and proportionality of the current Data Retention Act were the main topics that were discussed by Privacy First during the roundtable. Other aspects that were raised by Privacy First related to the chilling effect in society as well as the potential for function creep that the Act brings about.

Update 13 February 2015: today, on behalf of the State, the Dutch State Attorney submitted a Statement of Defence; click pdfHERE (pdf in Dutch, 9 MB). The admissibility of the claimant organizations will not be challenged by the Dutch government, the State Attorney told our own attorneys by telephone. Therefore the proceedings will immediately focus on the merits of the case, rather than on procedural requirements. This is a breakthrough development: in similar cases the admissibility of the claimant parties was almost always contested by the State. A crucial lawsuit concerning such admissibility (our Passport Trial against the storage of fingerprints) is currently being conducted by Privacy First against the Dutch government before the Supreme Court of the Netherlands. Privacy First is of the opinion that the recognition of admissibility by the State Attorney in the interim injunction proceedings against the Telecommunications Data Retention Act puts Privacy First in a stronger position for this and future lawsuits that revolve around the right to privacy. Moreover, in times when access to justice of individual citizens in the Netherlands is increasingly under financial pressure, the admissibility of civil society organizations such as Privacy First forms an important safeguard for a well functioning Dutch democracy under the rule of law.

Update 18 February 2015: in front of a full courtroom (many civil servants, citizens, students and journalists were in attendance), today Privacy First et al. crossed swords with the State; click pdfHERE for the plea of our attorneys (pdf in Dutch) and pdfHERE for the pleadings of the State Attorney (pdf, in Dutch). The judge listened carefully but didn't ask any questions. As yet, Wednesday 11 March 2015 has been determined as the date of the judgment.

Update 11 March 2015: in a break-through verdict today, the district court of The Hague has rendered the Dutch Data Retention Act inoperative; click HERE.

Published in Litigation

"Holland sammelt unbändig Daten. Neue digitale Produkte dienen der totalen Überwachung. Und sind eine große Gefahr für die Gesellschaft.

Hinter den Dünen, ein paar hundert Meter vom Strand entfernt, liegt in Noordwijk der futuristische Bau von Decos. Das niederländische Software-Unternehmen hat sich eine neue Zentrale geleistet – einem eingeschlagenen Meteoriten ist sie nachempfunden, es könnte auch ein Raumschiff sein. Hier setzen IT-Spezialisten die digitale Zukunft durch: den völlig papierlosen Betrieb. Mitarbeiter kommunizieren ausschließlich elektronisch, und wer dem Unternehmen einen Brief schreibt, bekommt ihn zurück mit der Aufforderung, ihn nochmals zu senden, aber bitte als E-Mail.

Auch seinen Kunden bietet Decos Digitalisierung pur: Das Unternehmen liefert ihnen Software, um alle Dokumente elektronisch zu speichern – aber auch Produkte zur totalen Überwachung von Mitarbeitern. Sein „Cartracker" verfolgt jede Dienstreise, alle fünf Sekunden wird das Fahrzeug frisch verortet. „Hiermit haben Sie immer eine aktuelle Übersicht, wo sich Ihre Autos und Mitarbeiter befinden", wirbt Decos. Mehr noch: Der Fahrstil wird ständig überwacht und sogar benotet: „Aufgrund der Höchstgeschwindigkeit, des Bremsverhaltens und der Beschleunigung berechnet ,Decos Cartracker' eine individuelle Zensur für das Fahrverhalten jedes Fahrers."

Digitalisierung wird zur Norm

Nun mag es bei Geldtransportern noch sinnig sein, ihnen aus Sicherheitsgründen aus der Ferne zu folgen. In allen anderen Fällen gilt: Wohl dem, der einen weniger progressiven Arbeitgeber hat – einen, der vertraut, statt nonstop zu überwachen. Aber die Digitalisierung nimmt zu, sie wird zur Norm – und das nicht nur im Beruf, auch im öffentlichen Raum. Und die Niederlande sind hier in mancherlei Hinsicht schon weiter fortgeschritten als Deutschland.

Im Juli schaffte das Land endgültig die Fahrkarte aus Papier im öffentlichen Verkehr ab – für die zuvor schon schrittweise eingeführte „ÖV-Chipkarte", die den Preis in der Regel je Kilometer berechnet. Für den Kunden bedeutet sie außer 7,50 Euro Anschaffungskosten vor allem Umstände: für das Aufladen, für das Ein- und Auschecken bei jeder Fahrt. Wer das versäumt oder an einen kaputten Kartenleser gerät, ist schnell ein Sümmchen los; man muss dann auf Kulanz hoffen und per Online-Antrag versuchen, es erstattet zu bekommen.

Anonymität hat ihren Preis

Was aber noch schwerer wiegt: Die Chipkarte speichert so die Fahrstrecke – und da die Standardversion alle wesentlichen Nutzerdaten enthält (inklusive Kontonummer), kann sie das Reiseverhalten des Bürgers erfassen. Wer anonym mit einem Einmal-Ticket fahren will, muss Aufschlag zahlen – nicht viel, einen Euro momentan, aber immerhin; und vielleicht ist das ja auch nur der Anfang. Viel gravierender noch: Wer eine Studenten- oder Rentnerkarte braucht, muss zwingend die personengebundene Version mit den Daten wählen. Natürlich versichern die Betreiber, alles vertraulich zu behandeln. Aber wer sich darauf verlässt, ist naiv. Wo immer auf der Welt digital gespeichert wird: Die Vorfälle sind Legion, in denen Patienten-, Sozial- oder andere Daten missbraucht wurden – oder massenweise verfügbar, sei es versehentlich, sei es durch Hacker.

Natürlich gibt es in Deutschland den ähnlichen Fall: wenn jemand mit seiner Bahncard Punkte sammelt. Aber das macht er dann freiwillig. Und es ist wichtig aufzupassen, dass die öffentlichen Verkehrsträger hierzulande nicht dem Beispiel aus dem Ausland folgen. Generell ist Obacht schon geboten, wann immer die Preisgabe von Daten belohnt wird – wie bei dem Vorstoß eines deutschen Autoversicherers, Rabatt zu gewähren, wenn der Autohalter einen digitalen Fahrtenschreiber (Blackbox) installiert. Denn das läuft schnell darauf hinaus, dass er umgekehrt für das Recht auf Anonymität einen Malus bekommt.

Erstaunlich ist, dass ein Land wie die Niederlande so unbändig Daten sammelt – sieht es sich doch gerne als „gidsland": als internationales Vorbild, wenn es um Politik, Verwaltung, gesellschaftliche Werte und Normen geht. „Von allen Menschenrechten steht das Recht auf Privatsphäre in den Niederlanden am meisten unter Druck", befindet die Stiftung Privacy First.

Mal führen die Behörden Sicherheit als Argument für die Digitalisierung an, mal Effizienz. Nach Amsterdam führt jetzt auch Rotterdam stadtweit das „Kennzeichenparken" ein: Wer das Auto abstellt, muss am Automaten die Buchstaben und Ziffern des Nummernschilds eingeben. Mit Bargeld darf er auch nicht mehr zahlen, nur mit Karte oder per Mobiltelefon – auch dies ein nationaler Trend. Wieder eine digitale Spur hinterlassen, wieder ein Stück Anonymität dahin. (...) [A]ls Nächstes eine Pflicht für Smart Meters in Wohnungen: Ablesegeräte, die viel mehr erfassen können als nur den Energieverbrauch in den Wohnungen. Die Industrie lobbyiere schon kräftig dafür. Nicht zu reden von den zahllosen Überwachungskameras in Städten, der massenweisen Kennzeichenerfassung auf Autobahnen und Polizeidrohnen mit Kamera. Die Bedenken der Datenschützer werden gerne abgetan: Wer nichts zu verbergen hat, muss doch nichts befürchten? Aber das ist die falsche Haltung, sie kehrt ein grundlegendes Recht um: das Recht, sich unbewacht zu bewegen."

Source: http://www.faz.net/aktuell/wirtschaft/wirtschaftspolitik/digitalisierung-big-brother-in-holland-13092653.html, 12 August 2014.

"Recently, the Court of Appeal of The Hague held that the storage of Dutch citizens' personal data in a central register is an unjustified violation of the right to privacy.

In light of, amongst other things, the implementation of the European regulation on standards for security features and biometrics in passports and travel documents, and to comply with this regulation, the Dutch Passport Act was amended in 2009. This new Passport Act states that future passports would have to contain a chip with a digital facial image and two fingerprints of each applicant. The Dutch government therefore planned to create a central register to hold the facial image files and four fingerprints of each applicant (two of which are included in the passport for identity verification). This new register would also serve other purposes: it would help passport fraud control, and it would allow applicants to renew their passport in any municipality in the Netherlands. The national government acknowledged that the request and saving of these personal data would form a violation of the right to privacy of Dutch citizens, but the government stated that the data storage was proportionate and justified, considering the intended purposes.

The interest group Privacy First disagreed with the government. This group, which seeks to publicly promote the enhancement and preservation of the right to privacy, believed that the creation of this central register violates this fundamental right enshrined in several international laws and regulations. The group launched legal proceedings against the Dutch government. The district court of The Hague ruled that Privacy First did not have a cause of action. Privacy First then appealed against this verdict.

Remarkably, the government meanwhile reviewed their amendments to the new Passport Act. The government concluded that the storage of these personal data in a central register did not achieve its purpose, namely passport fraud control via one's identity verification. Therefore, the Act's provisions that related to the storage of personal data in a central register would be suspended. Furthermore, the number of fingerprints to be taken for the filing would be reduced from four to two in accordance with European regulation.

On appeal, the Court of Appeal ruled that since Privacy First and the government now share the same views about the central register, Privacy First would have lost its standing in their cause of actions, so it dismissed the interest group's claims. However, the Court of Appeal found that the district court had erred when it held that Privacy First did not have a cause of action at the time. Since Privacy First is an interest group advocating the protection of the general interest of Dutch nationals' right to privacy, it should have been able to bring proceedings before the civil court according to Article 3:305 of the Dutch Civil Code (Burgerlijk Wetboek). This would only have been different if the interest group had represented the combined interest of individuals. The Court of Appeal further ruled that Privacy First incurred a financial risk.

The Court of Appeal also ruled that in view of all the circumstances of the case at first instance, the district court should have ruled in favour of Privacy First concerning their arguments against the setting up of a central register. This central register's storage of Dutch citizens' personal data is an unjustified violation of one's right to privacy enshrined in Article 8 ECHR because it did not fulfill its purpose. The Court of Appeal understands that this was a violation from the start, but this had only become evident after the first ruling."

Source: http://www.lexology.com/library/detail.aspx?g=27bf8f03-ada9-47d4-ac7f-4e4aece29cd3, 15 July 2014.

Today the district court of The Hague ruled in the case Citizens v. [Dutch Minister of Home Affairs] Plasterk ("Burgers tegen Plasterk"). In this lawsuit a coalition of citizens and organizations (including Privacy First) demands the Dutch General Intelligence and Security Service (AIVD) and the Dutch Military Intelligence and Security Service (MIVD) to put an end to the receipt and use (''laundering'') of illegally collected foreign intelligence on Dutch citizens, for example through the infamous PRISM program of the American NSA. Unfortunately the court has rejected all of the claims. Below are some first observations by Privacy First.

A positive aspect of the judgment is that the court deems all plaintiffs (citizens and organizations) admissible. This is a very welcome development for Privacy First with regard to our current Passport Trial before the Supreme Court of the Netherlands, wherein such admissibility will be crucial. However, this bright spot is overshadowed by the way the district court of The Hague has dealt with the merits of the case.

First of all, the court failed to carry out a fact-finding study: in fact no witnesses and experts were heard at all, even though this was offered to the court on forehand and Dutch law offers sufficient opportunity for this.

Furthermore, it is striking that the court deems less strict procedural safeguards necessary when it comes to the exchange of massive amounts of raw data in bulk. For the exchange of information on such a large scale, stricter – not less strict – procedural safeguards are necessary, as most of these data relate to innocent citizens.

In addition, the court wrongfully makes a distinction between metadata (traffic data) and the content of communications, while both types of data overlap and require the same high level of judicial protection.

The court is also wide off the mark by judging that the legal requirement of foreseeability (including privacy guarantees) of Article 8 of the European Convention on Human Rights (ECHR) would be less applicable to the international exchange of data between secret services. As yet, in the Netherlands the legal basis of such exchange of data is formed by a relatively obscure legal provision: Article 59 of the Dutch Intelligence and Security Services Act (Wiv). This article is far from fulfilling the modern requirements that article 8 ECHR imposes on such provisions. Therefore, the current practice of exchange between the AIVD/MIVD and foreign secret services in essence takes place within a legal vacuum, a legal black hole.

In the view of Privacy First, the current judgment of the Hague court comes down to the ''legal laundering'' of this practice. Privacy First expects that higher courts will deem this situation to be a violation of Article 8 ECHR and is looking forward to the appeal before the Hague Court of Appeals with confidence.

Read the whole judgment of the district court of The Hague HERE as well as the first comments by Privacy First's lawyers of Bureau Brandeis (both in Dutch only).

Published in Litigation

"Der militärische Geheimdienst der Niederlande (MIVD) hat illegaler Weise Daten an ausländische Geheimdienste weitergegeben. Das geht aus einem Bericht hervor, den das niederländische Parlament beim dafür zuständigen Geheimdienst-Kontrollgremium (CTIVD) beantragt hat. Das CTIVD ist ein dreiköpfiges Gremium, das Einsicht in alle Geheimdienstinformationen hat. Es kann ausserdem Zeugen befragen, auch unter Eid.

Der Geheimdienst hat zwar die Erlaubnis, im Rahmen von Abkommen Daten an andere Staaten weiterzugeben. Es wurden aber Beweise gefunden, dass Art und Umfang der Datenweitergabe unrechtmäßig waren. Welche Daten genau illegal weitergegeben wurden, und vor allem an wen, sagt der öffentlich gemachte Bericht leider nicht.

In einem weniger beachteten Snowden-Leak hatte die niederländische Zeitung NRC Handelsblad allerdings erst vor wenigen Tagen über ein Beispiel der Zusammenarbeit berichtet. Dabei geht es um das flächendeckende Abschöpfen von Telefonverkehr in Somalia durch die niederländischen Geheimdienste MIVD und AIVD. Durch die Weitergabe an die NSA dürften diese Informationen auch für Drohneneinsätze eine wichtige Rolle spielen.

Im November hatte ein Bündnis aus Personen und Organisationen, darunter der Journalistenverband und die Privacy First Foundation, die niederländische Regierung verklagt, weil diese zwar öffentlich Empörung über Spähaktionen geäußert hatte, allerdings schon damals klar war, dass niederländische Geheimdienste ebenso wie die Dienste anderer europäischer Staaten fleissig mitmachen beim Überwachen und Datentauschen."

Source: https://netzpolitik.org/2014/militaergeheimdienst-der-niederlande-der-illegalen-datenweitergabe-ueberfuehrt/, 12 March 2014.

Privacy First is considering taking legal steps.

Without any regard to all the privacy objections, this week the European Parliament has voted in favor of mandatory introduction of the eCall system in new cars. This system forms a direct threat to the privacy of every motorist. In case the European Council (i.e. a majority of EU Member States) approves the decision of the European Parliament, the eCall device will become mandatory in every car in Europe as of October 2015. Privacy First demands that eCall will become voluntary instead of mandatory and to this end is prepared to start a lawsuit if necessary.

In case of a road accident eCall automatically alerts the emergency services by calling 112. However, the eCall alarm system also leaves behind a trail of location data without the motorist having given his prior consent to this. It's an in-vehicle system that doesn't have an on/off button but does continuously leave behind traces (metadata) to the surrounding GSM networks. This constitutes a flagrant breach of the right to privacy and anonymity in public space. Moreover, the system could be used for purposes other than road safety only by organizations such as the police, insurance companies, tax authorities, intelligence services and possibly even criminals. There has hardly been any public debate about the possible introduction of eCall. Therefore the mandatory introduction is not only unlawful but also undemocratic. A few years ago the introduction of the electronic toll system with the accompanying 'spying device' was rejected by the Dutch in mass numbers. Now it seems they will be put up with a spying device in their cars via a European back door after all. This is unworthy of a democratic constitutional State such as the Netherlands.

The Privacy First Foundation intervenes as soon as the right to privacy is about to be violated on a massive scale. In case the eCall system will be mandatorily introduced in the Netherlands, Privacy First will start a lawsuit to turn this decision around. If needed, Privacy First is prepared to litigate all the way up to the European Court of Justice in Luxembourg and is confident about the outcome of any legal steps it may take.

Published in Law & Politics

"The Court of Justice in the Hague has ruled that fingerprints gathered from individuals getting a new passport can't be held centrally and used in criminal investigations.

Dutch authorities have been prevented from storing citizens' fingerprints in a central database following a ruling this week by the Court of Justice in the Hague.

In the Netherlands, individuals' fingerprints are gathered by the local municipality when they apply for a new passport. The government had proposed gathering those different sets of fingerprints into a central database, which could then be accessed by police for the purposes of matching fingerprints found in criminal investigations.

However, the system turned out to be far from perfect — 21 percent of fingerprints collected by the authorities in the Netherlands were unusable to identify individuals.

The court found such a high level unacceptable: "This can mean nothing other than the storage of fingerprints in a central register is not suitable for the purpose originally envisioned, that is, the determination and verification of one's identity.

"This means that it is also not suitable for the prevention of identity fraud or for the process of requesting a new travel document or using a travel document, which is one of the main purposes of the Act [the legislation which requires fingerprints in Dutch passports]. Therefore the conclusion is that the invasion of privacy formed by the central storage of fingerprints is unjustified."

No immediate effect

Although the ruling is a significant victory for Privacy First, the privacy group that brought the case before the Court of Justice, it won't have immediate consequences for the Dutch government.

The European Court of Justice had already ruled in October last year that the directive requiring European member states to include two fingerprints in their passports did not provide a legal basis for then also including all citizens' prints in a central repository.

In addition, the court stipulated that fingerprints given by individuals for such purposes could not to be used for criminal investigations.

(...)

However, according to Christiaan Alberdingk Thijm, the lawyer representing Privacy First, the ruling will have a bearing on any future government attempts to collect sensitive data, such as photos.

"This is not only good news for those opposing plans of a central fingerprint database, but for those opposing any central government owned database," he said."

Source: http://www.zdnet.com/no-you-cant-store-peoples-fingerprints-in-a-central-database-dutch-court-rules-7000026505/, 19 February 2014.

In a groundbreaking judgment, the Hague Court of Appeal has today decided that centralised storage of fingerprints under the Dutch Passport Act is unlawful. The Privacy First Foundation and 19 co-plaintiffs (Dutch citizens) had put forward this legal issue to the Court of Appeal in a so-called 'action of general interest' ("algemeen-belangactie"). In February 2011, the district court of The Hague had declared Privacy First inadmissible. Because of this, the district court couldn't address the merits of the case. The Court of Appeal has now declared Privacy First to be admissible after all and has quashed the judgment of the district court. Moreover, the Appeals Court deems centralised storage of fingerprints under the Dutch Passport Act to be unlawful since it violates the right to privacy. Therefore it seems that centralised storage of fingerprints under the Dutch Passport Act will be shelved once and for all.

In May 2010, Privacy First et al. took the Dutch government (Ministry of Home Affairs) to court on account of the centralised storage of fingerprints under the new Dutch Passport Act. Such storage had mainly been intended to prevent small-scale identity fraud with Dutch passports (look-alike fraud).

Partly due to the pressure exerted by this lawsuit of Privacy First, central storage of fingerprints was brought to a halt in the Summer of 2011. The judgment by the Hague Court of Appeal has now made any future centralised storage of fingerprints legally impossible: the Court deems centralised storage of fingerprints an "inappropriate means" to prevent identity fraud with travel documents. According to the Court "this cannot but lead to the conclusion that the infringement upon the right to privacy caused by centralised storage of fingerprints is not justified. In that regard the district court should have awarded the claim of Privacy First." (Para. 4.4.)

This is a great victory for Privacy First and for all the citizens who have stood up against centralised storage of fingerprints under the Dutch Passport Act in recent years. The judgment by the Court also paves the way for Privacy First (and other civil society organizations) to continue to initiate lawsuits in the general interest for the preservation and promotion of the right to privacy, for example the new lawsuit by Privacy First et al. against the Dutch government on account of illegal data espionage (NSA case). Recently the Dutch State Attorney deemed Privacy First to be admissible in this case too. These developments are a great impetus for Privacy First to continue to take legal steps in the coming years for the sake of everyone's right to privacy.

Read the entire judgment by the Hague Court of Appeal HEREpdf (pdf in Dutch; for a text-version on the website of the Netherlands Judiciary, click HERE).
Click HERE for the press release by our attorneys of Bureau Brandeis.

Update 21 May 2014: the Dutch government appears to be a sore loser: earlier this week the State Attorney has lodged an appeal (in Dutch: 'cassatie') against the ruling of the Hague Court of Appeal at the Supreme Court of the Netherlands; click HEREpdf (pdf in Dutch) for the appeal summons. The Dutch government wants Privacy First to be declared inadmissible after all and calls on the Supreme Court to still declare central storage of fingerprints lawful. This must not happen. Privacy First is considering its options in its own defence.

Update 21 November 2014: today Privacy First et al. have submitted to the Supreme Court their statement of defence against the appeal summons; click HEREpdf for the document (pdf in Dutch). In the appeal, Privacy First et al. are being represented by Alt Kam Boer Attorneys in The Hague; this law-office is specialised in Supreme Court litigation. On behalf of the Dutch government (Ministry of Home Affairs) the State Attorney has today submitted a written explanation to the previous appeal summons; click HEREpdf (pdf in Dutch). The next steps could consist of a written reply and rejoinder, followed by advice (''conclusion'') from the Procurator General at the Supreme Court (to which Privacy First et al. would be able to respond) and a judgment by the Supreme Court midway through 2015.

Update 5 December 2014: today Privacy First et al. have delivered an early Christmas present to the Dutch Minister of Home Affairs: our written reply (rejoinder) to the recent explanation of the Ministry of Home Affairs to the previous appeal summons. Click HEREpdf for the document (pdf in Dutch). The Dutch government, in turn, submitted a short reply to the recent statement of defence by Privacy First et al.; click HEREpdf (pdf in Dutch). On 9 January 2015 the Supreme Court will set a date on which the Procurator General will issue his advice.

Update 12 January 2015: the Procurator General at the Supreme Court will issue his advice ("conclusion") on 10 April 2015.

Update 12 March 2015: Much earlier than expected, Advocate General Mr. Jaap Spier delivered his advice (''conclusion'') in the case to the Supreme Court on 20 February 2015; click HEREpdf (pdf in Dutch, 7 MB). Its conservative contents and tone are notable aspects of his advice. Furthermore, the Advocate General wrongfully assumes that the contested provisions of the Dutch Passport Act had never become legislation. While he upholds Privacy First's admissibility, he does so on the wrong legal grounds. Moreover, the Advocate General does not touch on the substance of the privacy issues at all, is incorrect in his view that proceedings could have taken place before an administrative judge and, erroneously, wants Privacy First et al. to still pay for the legal costs of the proceedings. In response to the advice of the Advocate General, within the formal term of two weeks Privacy First submitted a response letter ("Borgers brief") to the Supreme Court; click HEREpdf (pdf in Dutch). No such letter has been submitted by the Dutch State Attorney. Therefore, Privacy First has had the final say in this case. We will now have to wait for the Supreme Court ruling, which is expected later this year.

Published in Litigation

"Eine der wichtigsten Errungenschaften der EU ist ohne Zweifel der freie Personenverkehr. Wie frei dieser in Zukunft sein wird, ist allerdings die Frage.

Ende August gab Innenministerin Johanna Mikl-Leitner ihre Absicht bekannt, die Grenzen künftig mit computergesteuerten Kameras zu überwachen. Als Beispiel dient ein ähnliches System an den holländischen Grenzen. Laut Robert Strondl, Abteilungsleiter in der Generaldirektion für öffentliche Sicherheit, soll es demnächst eine Erkundungsmission in die Niederlande geben. „Es ist nicht die Absicht, das System eins zu eins zu übernehmen, sondern wir wollen uns die ‚Goodies' rausholen."

Proteste aus Deutschland

@migo boras heißt das System, das seit einem Jahr die wichtigsten niederländischen Grenzübergänge bewacht. Ein Computerprogramm in der Kamera registriert Kennzeichen, Typus und Passagiere der Fahrzeuge. Wenn es eine Übereinstimmung mit Polizeidaten gibt, wird das Auto angehalten. Nicht nur wegen seines Namens ruft das System Erinnerungen an Orwells Big Brother wach. Ist es Zufall, dass Big Brother auch der Name eines der erfolgreichsten niederländischen Fernsehformate ist? Wie es jetzt aussieht, dürfte @migo boras ein ähnlicher Exportschlager werden, denn auch in Großbritannien und den USA wird die Technologie inzwischen verwendet.

Unumstritten ist das Ganze allerdings nicht. Als die niederländische Regierung ihre Pläne bekannt machte, gab es massive Proteste von deutschen Datenschützern und Politikern, die meinten, dass es gegen das Schengener Abkommen verstoßen würde. Und aus diesem Grund wurde das System in einer abgeschwächten Form eingeführt. So dürfen die Kameras maximal 90 Stunden pro Monat und nicht mehr als sechs Stunden pro Tag eingeschaltet sein. (...)

Nur dumme Verbrecher

Ähnlich sieht es Vincent Böhre von der niederländischen Organisation Privacy First, die sich für den Schutz der Privatsphäre einsetzt. Gegenüber Public meint Böhre, dass nur „dumme Verbrecher" erwischt werden. „Die organisierte Kriminalität passt sich an. Die nehmen Schleichwege oder fahren statt mit rumänischen Kleinbussen mit französischen oder mit deutschen BMWs." Möglicherweise ist das System sogar kontraproduktiv: „Die Gefahr besteht, dass sich die Polizei zu sehr auf die Technik verlässt und viel Zeit verliert mit der Anhaltung von unbescholtenen Bürgern." Den Erfolg bei der Bekämpfung von illegaler Immigration sieht Böhre im Promillebereich: „Das wirft die Frage auf nach der Verhältnismäßigkeit eines Systems, das an die 20 Millionen Euro gekostet hat."

Noch bedenklicher findet er, dass juristische Grundsätze umgekehrt werden: „Früher war es so, dass die Polizei ein Auto nur anhielt, wenn es einen begründeten Verdacht auf ein Verbrechen gab. Bei @migo boras wird automatisch jedes Fahrzeug registriert und mit der Datenbank verglichen." Das Ganze erinnere laut Böhre an eine „militärische Operation". „Eines der größten Probleme des Systems ist aber, dass es keine gesetzliche Grundlage gibt, obwohl das eigentlich der Fall sein sollte bei einer Beschränkung der Privatsphäre."

Eines müssen die Kritiker aber zugeben: Zu einem großen öffentlichen Aufschrei hat @migo boras bisher nicht geführt. Abgesehen von einigen kritischen Zeitungs- und Fernsehberichten konnte die Regierung es quasi durch die Hintertür einführen. Wie bei den traditionellen holländischen Fenstern mit offenen Vorhängen, durch die jeder gleich ins Wohnzimmer blicken kann, haben die Niederländer anscheinend wenige Probleme damit, dass der Staat durch ihr Autofenster schaut. Ohne Zweifel spielt dabei eine Rolle, dass Ereignisse wie die Morde an Pim Fortuyn und dem Filmemacher Theo van Gogh das Gefühl von Sicherheit nachhaltig zerstört haben.

Keine bösartigen Regierungen

Der Journalist Bart de Koning, Autor des Buches „Alles onder controle" („Alles unter Kontrolle"), sieht aber auch tiefere Gründe: „Themen wie Bürgerrechte bekommen hier sehr wenig Aufmerksamkeit. Im Grunde genommen sind die Holländer da ziemlich naiv. Wenn man ihnen sagt, dass es um die Sicherheit geht, nehmen sie leicht eine Beschränkung der Privatsphäre in Kauf." Zu einem Teil würde dies mit der Geschichte zusammenhängen: „Während die Deutschen ihre Erfahrungen mit der Nazizeit und der Stasi gemacht haben, können sich die Holländer noch immer schwer vorstellen, dass der Staat auch bösartig sein kann." (...)

Ein Amigo an jeder Laterne

In dieser Hinsicht können sich die holländischen Datenschützer auf etwas gefasst machen. Vor kurzem kündigte Innenminister Ivo Opstelten seine Pläne an, nicht nur an den Grenzen, sondern an allen Autobahnen die Kennzeichen automatisch registrieren zu lassen und die Daten vier Wochen lang zu speichern. Für Bas Filippini, den Gründer von Privacy First, ist @migo boras nur der Anfang einer unheilvollen Entwicklung: „Ich lebe gerne in einer freien Umgebung und suche selbst meine Freunde aus ... Bald hängt aber an jeder Laterne ein Amigo, der registriert, was wir machen.""

Source: Public (magazine for Austrian municipalities), November 2013, pp. 36-37. Click HERE to read the full article online on the Public website.

"A coalition of lawyers, journalists and internet freedom activists launched legal action against the Dutch government, in an attempt to get it to stop using information about Dutch people gleaned from NSA surveillance.

After it recently emerged that information about 1.8 million Dutch people's calls had been purloined by the National Security Agency, the country's home affairs minister, Ronald Plasterk, expressed annoyance that the U.S. agency hadn't asked first. However, he said, the monitoring "only concerns metadata, like who called who."

Dutch lawyers and journalists aren't so quite so sanguine about the matter, largely because their professions require confidentiality – something you can't guarantee clients and sources when you're potentially being monitored. On Wednesday, the Dutch Association of Defense Counsels and the Dutch Association of Journalists joined a broad coalition in suing Plasterk and the country's government, demanding that the state stop using data recorded in the Netherlands by the NSA.

The coalition also includes internet freedom activist Rop Gonggrijp, security expert Jeroen van Beek, advocate Bart Nooitgedagt, investigative journalist Brenno de Winter and tech law expert Mathieu Paapst, as well as the Internet Society Netherlands Chapter and Privacy First Foundation.

At the heart of the complaint is a potential legal sleight-of-hand that many (including me) have long suspected is in play – namely that intelligence agencies are bypassing their own countries' privacy laws by getting allies to spy on their citizens for them.
(...)
Daphne van der Kroft, public policy advisor at the coalition's law firm, Bureau Brandeis (yes, named after the legendary American jurist), suggested Plasterk and the Dutch state were "whitewashing" data.
(...)
This is not the first such case to arise in Europe following Edward Snowden's NSA revelations. The activist group Privacy International has attempted to sue the British government over data-sharing between the NSA and its UK counterpart, GCHQ. However, it had to approach a secret court to do this, and it got no response.

It is now trying a different angle, complaining to the OECD about the collaboration of telecommunications firms with the NSA. A separate group, Privacy not Prism, has skipped the secret court bit and gone straight to the European Court of Human Rights. (...)"

Source: http://gigaom.com/2013/11/06/dutch-lawyers-and-journalists-sue-government-over-nsa-links/, 6 November 2013.

Page 8 of 18

Our Partners

logo Voys Privacyfirst
logo greenhost
logo platfrm
logo AKBA
logo boekx
logo brandeis
 
 
 
banner ned 1024px1
logo demomedia
 
 
 
 
 
Pro Bono Connect logo
Procis

Follow us on Twitter

twitter icon

Follow our RSS-feed

rss icon

Follow us on LinkedIn

linked in icon

Follow us on Facebook

facebook icon