Yesterday, there was a hearing in the Dutch House of Representatives in which the by now notorious Corona app was critically discussed. The House had invited various experts and organizations (among which Privacy First) to submit position papers and take part in the hearing. Below is both the full text of our position paper, as well as the text which was read out at the hearing. A video of the entire hearing (in Dutch) can be found HERE. Click HERE for the program, all speakers and position papers.

Dear Members of Parliament,

Thank you kindly for your invitation to take part in this roundtable discussion about the so-called Corona app. In the view of Privacy First, apps like these are a threat to everyone’s privacy. We will briefly clarify this below.

Lack of necessity and effectiveness

With great concern, Privacy First has taken note of the intention of the Dutch government to employ a contact tracing app in the fight against the coronavirus. Thus far, the social necessity of such apps has not been proven, while the experience of other countries indicates there is ground to seriously doubt their benefit and effectiveness. In fact, these apps may even be counterproductive as their use leads to a false sense of safety. Moreover, it’s very hard to involve the most vulnerable group of people (the elderly) through this means. This should already be enough reason to refrain from using Corona apps.

Surveillance society

In Privacy First’s view, the use of such apps is a dangerous development because it could lead to stigmatization and numerous unfounded suspicions, and may also cause unnecessary unrest and panic. Even when ‘anonymized’, the data from these apps can still be traced back to individuals through data fusion. In case this technology will be introduced on a large scale, it will result in a surveillance society in which everyone is being continuously monitored – something people will be acutely aware of and would lead to an imminent societal chilling effect.

Risks of misuse

There is a significant risk that the collected data will be used for multiple purposes (function creep) and be misused by both companies and public authorities. The risk of surreptitious access, hacking, data breaches and misuse is substantial, particularly in the case of central instead of decentral (personal) storage as well as a lack of open source software. However, not even the use of personal storage offers any warranty against misuse, malware and spyware, or, for that matter, makes users less dependent on technical vulnerabilities. Moreover, if the data fall into the hands of criminal organizations, they will be a gold mine for criminal activities.

For Privacy First, the risks of Corona apps do not outweigh their presumed benefits. Therefore, Privacy First advises the House to urge the cabinet not to proceed with the introduction of such apps.

Testing instead of apps

According to Privacy First, there is a better and more effective solution in the fight against the coronavirus. One that is based on the principles of proportionality and subsidiarity, i.e., large scale testing of people to learn about infection rates and immunization. To this end, the necessary test capacity should become available as soon as possible.

Haste is rarely a good thing

If, despite all the above-mentioned objections, it will be decided there is going to be a Corona app after all, then this should come about only after a careful social and democratic process with sufficiently critical, objective and independent scrutiny. This has not been the case so far, judging by the developments of the past few days. In this context, Privacy First recommends that the House calls on the cabinet to put its plans on ice and impose a moratorium on the use of Corona apps.

Privacy by design

The right to anonymity in public space is a fundamental right, one that is crucial for the functioning of our democratic constitutional state. Any democratic decision to nullify this right is simply unacceptable. If indeed the deployment of ‘Corona apps’ will be widespread, then at least their use should be strictly anonymous and voluntary. That is to say, they should be used only for a legitimate, specific purpose, following individual, prior consent without any form of outside pressure and on the premise that all the necessary information is provided. In this respect, privacy by design (embedding privacy protection in technology) must be a guiding principle. For Privacy First, these are stringent and non-negotiable prerequisites. In case these conditions are not met, Privacy First will not hesitate to bring proceedings before a court.      

Yours faithfully,

The Privacy First Foundation
(...)


Dear Members of Parliament,

You have received our position paper, this is our oral explanation.

First of all: Privacy First is firmly against any form of surveillance infrastructure, with or without apps.

With this in mind, we look at three legal principles:

  •  Legitimate purpose limitation.
    - What is the problem?
    - What is the scale of the problem?
    - What are possible objectives, how can we achieve these objectives, and how can we measure progress towards them?

    It’s already impossible to answer the first question as we now test partially and selectively. The total infected population is unknown, the people who have recovered are unknown also, and do not get reported. There is, however, fearmongering as a result of emotions and selective reporting; deaths with multiple causes (die with as opposed to die from Corona) and admittance to critical care units.

    Let us be clear, we will first have to map out the causes of this problem before we can draw conclusions and talk about solutions. Not only IT professionals and virologists should be involved in this, to no lesser extent we need philosophers, legal scholars, sociologists, entrepreneurs and others who represent society also.

  • Necessity and proportionality. In terms of test capacity, critical care units, medical materials and medical personnel, we essentially have a capacity problem. So, there is no doubt in our mind what we should be focusing on, also in view of future outbreaks; testing the entire population in order to tell who is infected and who is immune, and be able to determine the real problem. 97% of the population is unaffected. Make sure there will be a division and proper care for high-risk groups. Halt crisis communication and start crisis management. Take all treatment methods seriously, including those that are not profitable for Big Pharma and Big Tech.

  • Subsidiarity. Once we know the problem, we may ask what the solutions are. Additional personnel at municipal health centers? Building a critical care unit hospital specifically for situations like these? Increasing the test capacity in order to be able to take decisions based on figures? All of this is possible within our current health system, with the general practitioner as the first point of contact.

On the basis of trust, we have given our government six weeks to get its act together. And what do we get in return? Distrust and monitoring tools. And still shortages of medical equipment. So, fix the fundamentals, deal with the treatment and test capacity and stop building new technological gadgets and draconian apps used in dictatorial regimes in Asia. And take The Netherlands out of this prolonged lockdown as soon as possible. Privacy First is opposed to a ‘1.5-meter society’ as the new normal, and is instead in favor of a common-sense society based on trust in mature citizens.

Published in Law & Politics

With great concern, Privacy First has taken note of the intention of the Dutch government to employ special apps in the fight against the coronavirus. In Privacy First’s view, the use of such apps is a dangerous development because it could lead to stigmatisation and numerous unfounded suspicions, and may also cause unnecessary unrest and panic. Even when ‘anonymized’, the data from these apps can still be traced back to individuals through data fusion. In case this technology will be introduced on a large scale, it will result in a surveillance society in which everyone is being continuously monitored – something people will be acutely aware of and would lead to an imminent societal chilling effect. Furthermore, there is a substantial risk that the collected data will be used and misued for multiple (illegitimate) purposes by companies and public authorities. Moreover, if these data fall into the hands of criminal organizations, they will be a gold mine for criminal activities. For Privacy First, these risks of Corona apps do not outweigh their presumed benefits.

The right to anonymity in public space is a fundamental right, one that is crucial for the functioning of our democratic constitutional State. Any democratic decision to nullify this right is simply unacceptable. If indeed the deployment of ‘Corona apps’ will be widespread, then at least their use should be strictly anonymous and voluntary. That is to say, they should be used only for a legitimate, specific purpose, following individual, prior consent without any form of outside pressure and on the premise that all the necessary information is provided. In this respect, privacy by design (embedding privacy protection in technology) must be a guiding principle. For Privacy First, these are stringent and non-negotiable prerequisites. In case these conditions are not met, Privacy First will not hesitate to bring proceedings before a court.

Published in Law & Politics

The world is hit exceptionally hard by the coronavirus. This pandemic is not only a health hazard, but can also lead to a human rights crisis, endangering privacy among other rights.

The right to privacy includes the protection of everyone’s private life, personal data, confidential communication, home inviolability and physical integrity. Privacy First was founded to protect and promote these rights. Not only in times of peace and prosperity, but also in times of crisis.

Now more than ever, it is vital to stand up for our social freedom and privacy. Fear should not play a role in this. However, various countries have introduced draconian laws, measures and infrastructures. Much is at stake here, namely preserving everyone’s freedom, autonomy and human dignity.

Privacy First monitors these developments and reacts proactively as soon as governments are about to take measures that are not strictly necessary and proportionate. In this respect, Privacy First holds that the following measures are in essence illegitimate:
- Mass surveillance
- Forced inspections in the home
- Abolition of anonymous or cash payments
- Secret use of camera surveillance and biometrics
- Every form of infringement on medical confidentiality.

Privacy First will see to it that justified measures will only apply temporarily and will be lifted as soon as the Corona crisis is over. It should be ensured that no new, structural and permanent emergency legislation is introduced. While the measures are in place, effective legal means should remain available and privacy supervisory bodies should remain critical.

Moreover, in order to control the coronavirus effectively, we should rely on the individual responsibility of citizens. Much is possible on the basis of voluntariness and individual, fully informed, specific and prior consent.

As always, Privacy First is prepared to assist in the development of privacy-friendly policies and any solutions based on privacy by design, preferably in collaboration with relevant organizations and experts. Especially in these times, the Netherlands (and the European Union) can become an international point of reference when it comes to fighting a pandemic while preserving democratic values and the right to privacy. This is the only way that the Corona crisis will not be able to weaken our world lastingly, and instead, we will emerge stronger together.

Published in Law & Politics
Saturday, 28 March 2020 18:14

Health and common sense

Column

The coronavirus has plunged the whole world into a deep crisis and governments do their utmost to control the dissemination. As I wrote in my previous column, it is important especially now to keep our heads cool and to protect our civil rights and privacy. A short and temporary infringement of our privacy in the general interest may be legitimate. The western model should imply a partial, temporary lockdown, lasting at most twice the incubation period so as to control the spread of the virus based on increased testing, and to facilitate the healthcare system, augmenting the number of critical care beds.

Moreover, this should be a participatory lockdown, based on voluntary participation and citizens’ individual responsibility. This is only logical, as trust is the cornerstone of our democratic society, even though at times there is a lack of it. This concerns trust in fellow citizens, the government and first of all, oneself. At this point in time I have a lot of confidence in the Dutch approach, which is a combination of common sense and relying on healthcare experts. Ultimately, we will have to learn to live with this virus and control potential outbreaks.

To measure is to know and therefore it is essential to scale up the number of tests with the right test equipment without delay. There are tests which can indicate quickly whether someone is infected. It is interesting to note that in Germany, where practically everyone with symptoms is being tested, the percentages of gravely ill and deceased people are considerably lower than in countries where testing is very limited. For policy makers and politicians it is thus very important to take the right decisions on the basis of facts.

If not, there will be a long-standing and emotionally-driven struggle, the encroachment on our freedom will not be short and temporary and power will shift disproportionately into the hands of the State. Such a scenario will see us move towards a forced surveillance society (see the current situation Israel is in, the newly introduced legislation in the UK as well as EU proposals with regard to telecom location data), characterised by the abolishment of anonymous (cash) payments (see the current guidelines in the Dutch retail sector), the dissolution of medical confidentiality and physical integrity in the context of potential virus infections (compulsory vaccinations and apps) and censorship of any alternative or undesired sources of information that counter the prevailing narrative. Besides, commercial interests of IT and pharmaceutical companies would come to dominate even more.

In the best case scenario, both society and the economy will soon be able to revive on the basis of individual and aggregate test results, with this lesson to bear in mind: let’s not lose the importance of our freedom, health and individual responsibility out of sight. All of a sudden, citizens have been left to their own devices and this experience will make them realize that life is not malleable and our society is not a mere paper exercise. This situation could lead to increased civic participation and less government, i.e. greater focus on critical functions. When we take a look around now, we see positive-minded, well-informed and responsible citizens and there is no need to keep focusing on a handful of exceptions. That is, as long as the measures in place are comprehensible, measurable and very temporary, and are not packaged into structural legislation, thereby misusing the crisis in order to grant certain organizations and sectors greater influence and power.

Finally, it’s worth realizing that all entrepreneurial Dutchmen without whom we would not be able to pay our fine public services, also deserve a round of applause. And perhaps the idea of a basic income for every citizen could be reviewed once more. In other words: let’s aim for more individual decisions in a freer society that is supported by technology and common sense!

Here’s to a free 2020!

Bas Filippini,
Privacy First chairman
(in personal capacity)

Published in Columns

Column

Many questions have been raised about Privacy First’s point of view in relation to the protection of privacy in crisis situations, such as the one we’re currently experiencing as a result of the coronavirus. As indicated previously, I support the precautionary principle, i.e., we don’t know what we don’t know and what in fact is effective. A strict, western-style approach on the basis of a temporary (partial) lockdown for a (very) short period of time will drastically flatten the coronavirus curve and will make sure the healthcare system does not collapse. This also allows us to gain time to find a vaccine or medicine. We still don’t know exactly what kind of virus we’re dealing with, how it came into existence and how to control it.

Our society is built on trust. In a crisis situation like we’re in now, authorities will have to take temporary crisis measures which allow citizens to do the right thing voluntarily and on the basis of trust. This may temporarily restrict privacy, such as freedom of movement and/or physical integrity (think of being in quarantine). The government can choose to have a full or partial lockdown. Making this choice, it is essential that we rely on the norms and values of our free, democratic society, and that there is trust both in the citizenry and in the means and measures that may be employed. Ideally, this would result in a participatory lockdown based on everyone’s freedom and sense of responsibility.

Past experience shows that when there is open and honest communication, citizens act responsibly and in the general interest. This implies that draconian and structural legislative measures that restrict freedom can be kept at bay, much to the benefit of the people and the economy. In this respect, it is significant that practically all companies, institutions and organizations currently comply with the protocols, and even do more than what is required. After a period of inaction, the Dutch government has decided to act and take responsibility, which is most welcome. After all, this concerns a potentially great number of very sick patients and fatalities, including many elderly and vulnerable people.

Our government has opted for a democratic instead of a dictatorial approach, and that is to be applauded. So let’s use this moment to keep our head cool instead of infringing upon everyone’s freedom and right to privacy, freedom of movement, bodily integrity and cash payments. I see there is a bitter wind sweeping through Denmark, where a coronavirus emergency law has been rushed through, allowing the authorities to force people to be vaccinated (even though there is no vaccine yet), and in France too, where permanent crisis measures seem to have been implemented. All this is incompatible with a decent society and creates misplaced precedents. Let’s act in the general interest on the basis of trust and everyone’s own responsibility. For that, we need neither to be locked up, nor do we want to see the army in the streets, or any other draconian measures or laws to be put in place.

Let’s strive for a free and trustworthy Netherlands and Europe.

Bas Filippini,
Privacy First chairman
(in personal capacity)

Published in Columns

Since 2013, the Dutch Association of General Practitioners has, in an essential civil case, been litigating against the private successor of the Dutch Electronic Health Record (Elektronisch Patiëntendossier, EPD): the National Switch Point (Landelijk Schakelpunt, LSP). At the end of last week, the Dutch Supreme Court decided that, for the time being, the LSP is not in violation of current privacy law. However, the Supreme Court has laid down in its judgment that the LSP will soon have to comply with the legislative requirement of privacy-by-design. This constitutes an important precedent and raises the bar with a view to the future.

Private relaunch of EPD: National Switch Point

In April 2011, the Dutch Senate unanimously rejected the EPD, primarily on account of privacy objections. However, almost directly afterwards, various market participants (among which health insurance companies) made sure there was a relaunch of the same EPD in private form: the LSP, intended for the large-scale, central exchange of medical data. Since then, the LSP has been introduced nationally and many practitioners have aligned themselves with it, oftentimes under pressure of health insurers. Millions of people in the Netherlands have given their ‘consent’ to the exchange of their medical records via the LSP. However, this ‘consent’ is so broad and general, it’s virtually impossible to deem it lawful. This was one of the main objections the court case of the Association of General Practitioners against the LSP revolved around. Other objections against the LSP are related to the fact that its architecture is inherently insecure and in breach of privacy. Through the LSP, every connected medical record is accessible for thousands of health care providers. This is in violation of the right to privacy of patients and the medical confidentiality of treating physicians. What’s more, there is no privacy-by-design, for example through end-to-end encryption. The LSP is basically as leaky as a sieve, which means that it’s ideal for function creep and possible abuse by malicious actors.

Specific Consent Campaign

Over the last couple of years, Privacy First has repeatedly raised the alarm about this in the media. We have brought the issue to the attention even of the United Nations Human Rights Council. In April 2014, a large scale Internet campaign was launched on the initiative of Privacy First and the Dutch Platform for the Protection of Civil Rights (Platform Bescherming Burgerrechten) in order to retain and enhance the right to medical confidentiality: www.SpecifiekeToestemming.nl. Ever since, this campaign is being supported by numerous civil organizations, healthcare providers and scholars. The essence of the campaign is that specific consent should (again) become the leading principle when it comes to the exchange of medical data. In case of specific consent, prior to sharing medical data, clients have to be able to decide whether or not, and if so, which data to share with which healthcare providers and for which purposes. This minimizes risks and enables patients to control the exchange of their medical data. This is in contrast to the generic consent that applies to the LSP. In the case of generic consent, it is unforeseeable who can access, use and exchange someone’s medical data. In this respect, generic consent is in contravention of two classic privacy principles: the purpose limitation principle and the right to free, prior and fully informed consent for the processing of personal data.

Privacy by design

Courtesy also of the pressure exerted by our campaign SpecifiekeToestemming.nl, the Dutch legislative proposal Clients’ Rights in relation to the processing of data in healthcare (legislative proposal 33509), was strenghtened by the House of Representatives in 2014 and was adopted by the Senate in 2016 as a result of two crucial motions: 1) the motion Bredenoord (D66) about the further elaboration of data-protection-by-design as the starting point for the electronic processing of medical data and 2) the motion Teunissen (Party for the Animals) related to keeping medical records accessible on a decentral (instead of a central) level. Under the new law, specific (‘specified’) consent is obligatory. This should now be implemented in all existing and future systems for the exchange of medical data, including the LSP. Moreover, privacy-by-design will become an inexorable legal duty under the new European General Protection Data Regulation (GDPR), that is to say, privacy and data protection should be incorporated in all relevant hardware and software from the very first design. In this context, there have been several developments on the Dutch market in recent years, all of which indicate that both specific consent as well as privacy-by-design are indeed becoming standards in new systems. A prime example of this in a medical context is Whitebox Systems, which won a Dutch National Privacy Innovation Award in 2015 already.

Court case of Association of General Practitioners

Since March 2013, the Dutch Association of General Practitioners (Vereniging Praktijkhoudende Huisartsen, VPH) has been litigating in a large-scale civil case against the private administrator of the LSP: the Association of Healthcare Providers for Healthcare Communication (Vereniging van zorgaanbieders voor zorgcommunicatie, VZVZ). Following unsatisfactory rulings by the district court of Utrecht and the Arnhem Court of Appeal, VPH appealed before the Dutch Supreme Court at the end of 2016. Since then, this case has, on the recommendation of Privacy First, received pro bono support from law firm Houthoff Buruma. As amicus curiae, Privacy First and the Platform for the Protection of Civil Rights filed a letter (PDF) with the Supreme Court in support of the general practitioners and in line with our joint campaign SpecifiekeToestemming.nl. In her conclusion, the Advocate general of the Supreme Court referred extensively to the amicus curiae letter. On 1 December 2016, the Supreme Court finally came up with its ruling. Regrettably, the Supreme Court by and large agreed with the line of reasoning of the Arnhem Court of Appeal. Privacy First cannot help thinking that the LSP (even before the Supreme Court) is apparently too big too fail: by now this faulty system has grown to the extend that no one dares to declare it unlawful. There is, however, an important positive note, which can be found in the final consideration of the Supreme Court:

‘‘[The Court has] acknowledged that the healthcare infrastructure can be designed in such a way that a clearer distinction can be made between (sorts of) data and (categories of) healthcare providers and, particularly, in such a way that the exchange of data on the basis of consent can beforehand be limited to cases of urgency. The Court takes the view that such infrastructure would be better in line with the principles of the Privacy Directive and the Personal Data Protection Act, but that it could not have been demanded from VZVZ at the time of the contested ruling. According to the Court, VZVZ can be expected, however, to alter its system offering greater freedom of choice, as soon as this is technically possible and feasible.

These considerations are not incomprehensible. It is worthwhile noting that, considering (...) the regulatory changes and VZVZ’s ambitions in relation to the system (...), privacy by design and privacy by default as explicit points of departure (art. 25, paragraphs 1 and 2 General Data Protection Regulation), is what the Court can reasonably expect from VZVZ.’' (5.4.4)

Just like the Arnhem Court of Appeal, the Supreme Court clearly homes in on the implementation of specific consent and privacy-by-design when it comes to the LSP. The Supreme Court thereby creates a positive precedent which will set the scene for the future, also in a broader sense. Privacy First will continue to actively follow the developments in this case and, if necessary, will not hesitate to bring certain aspects to the attention of the courts once more.


Read the entire ruling of the Supreme Court HERE (in Dutch) and the previous conclusion of the Advocate General HERE.

HERE you find the amicus curiae letter written by Privacy First and the Dutch Platform for the Protection of Civil Rights (pdf in Dutch).


Comments from the Dutch Association of General Practitioners: http://www.vphuisartsen.nl/nieuws/cassatieberoep-vphuisartsen-verloren-toch-winst/

Comments from SpecifiekeToestemming.nl: http://specifieketoestemming.nl/werk-aan-de-winkel-na-teleurstellend-vonnis-over-lsp/.

Published in Medical Privacy
Wednesday, 27 June 2012 13:58

No bodyscans on the streets!

The Amsterdam police are considering the introduction of mobile X-ray body scanners on the streets, local television station AT5 reported today. If the police will indeed introduce such "nude scanners", Privacy First will not hesitate to sue both the Amsterdam police and the responsible Amsterdam Mayor Van der Laan for breach of 1) human dignity, 2) the presumption of innocence, 3) privacy, 4) freedom of movement, 5) physical integrity and 6) the health of all Amsterdam residents. Any introduction of mobile X-ray scanners will actively jeopardize the privacy as well as the health of innocent citizens.

Privacy First hereby makes an urgent appeal for political measures: this Thursday the subject of preventive searches is on the agenda of the Amsterdam city council. It is primarily up to the council to blow the whistle and prohibit the introduction of nude scanners by the Amsterdam police. If the council fails in this, Privacy First reserves the right to take all necessary measures to prevent the introduction of nude scanners.

Update 7.00pm: reaction of Privacy First on FunX Radio (in Dutch).

Update June 29, 2012: the introduction of mobile body scanners is put on hold during further investigations by Amsterdam Mayor Van der Laan. The subject will not be on the agenda of the Amsterdam city council again until early 2013. The political debate on preventive searches (including the possible introduction of body scanners) which took place yesterday in the Amsterdam city council Committee for General Affairs can be viewed online HERE (starting at 233m40s).

Published in CCTV
Sunday, 30 August 2009 18:16

Is wireless the new tobacco?

It is a well established principle of justice that a company selling a consumer product ought to take proper care for the health of the user of that product, even on a basis of "could have known". Cell phone companies certainly have not shown much care for the health of their buyers. Just like tobacco companies have funded pseudo-scientific research that proved that smoking was not related to any health hazards, likewise the phone companies have produced reports that radiation from cell phones was not harmful. They were referring to the same kind of radiation that is 'cooking' your ear when you make a call of, say, five minutes.
Published in Medical Privacy

Our Partners

logo Voys Privacyfirst
logo greenhost
logo platfrm
logo AKBA
logo boekx
logo brandeis
 
 
 
banner ned 1024px1
logo demomedia
 
 
 
 
 
Pro Bono Connect logo
Procis

Follow us on Twitter

twitter icon

Follow our RSS-feed

rss icon

Follow us on LinkedIn

linked in icon

Follow us on Facebook

facebook icon