On 31 May 2012 the Netherlands will once again be examined in Geneva by the highest human rights body in the world: the United Nations Human Rights Council. The UN Human Rights Council was founded in 2006 and consists of 47 of the 192 UN Member States. Since 2008 the human rights situation in each country is periodically reviewed. This procedure takes place every four years for each UN Member State and is called ‘Universal Periodic Review’ (UPR). During the first UPR session in 2008 it was straight away the Netherlands’ turn to be examined and our country was in fact heavily criticized. In 2011 the privacy situation in the Netherlands is even worse compared to 2008: enough ground for Privacy First to raise a number of issues with the UN. Privacy First did so last night through a so-called shadow report: a report in which NGOs can voice their concerns on a particular issue. (For such reports strict requirements with the Human Rights Council apply, among which a limit of 2815 words.) Without shadow reports, diplomats in the Council are not able to do their work properly. Otherwise they would of course be dependent on the State report of the Netherlands itself. So Privacy First presented its own report with the following recommendations:  

•  No national biometric database, not even in the long run;

•  No introduction of mobile fingerprint scanners;

•  Introduction of a truly anonymous OV-chipkaart (Public Transport chip card);

•  No introduction of Automatic Number Plate Recognition (ANPR) as currently envisaged;

•  Transparency and suspension of the new border control system @MIGO;

•  A voluntary, regional instead of national Electronic Health Record System with 'privacy by design';

•  Proper legislation concerning the profiling of citizens.

You can download our entire report HERE. We hope that our recommendations will be accepted in the Human Rights Council and will lead to an international exchange of best practices. Privacy First is happy to keep you informed on these developments.

Update 23 March 2012: this week the long-awaited Dutch UPR State report for the Human Rights Council appeared. Moreover, the shadow report by the Dutch section of the International Commission of Jurists (Dutch abbreviation: NJCM) that was presented earlier (also on behalf of 24 other NGOs) became public. The NJCM report contains a very critical section on privacy in which – parallel to the recommendations of Privacy First – among other things, a call for the abrogation of the current plans concerning ANPR and mobile fingerprint scanners is made; see pp. 6-7 of the NJCM report. Relevant reports by other organisations can be found HERE.

Official preparatory work for the Dutch State report has seen two consultation meetings with Dutch civil society (NGOs) at the Dutch Ministry of the Interior (Dutch abbreviation: BZK) in recent months. During the first meeting on 1 December 2011, Privacy First insisted on incorporating a separate section about privacy in the State report. During the second meeting on 16 January 2012, Privacy First requested an explicit mention of ‘privacy by design’ in that very section. BZK responded positively to both requests. However, the privacy section in the State report appears to be relatively short, superficial and elusive. It is telling that this section is part of the chapter ‘Challenges and constraints’. This gives the impression of a defensive attitude. What’s even more telling is the following sentence: ‘‘The challenge will now be to ensure that all these [privacy infringing] measures are implemented.’’ Apparently the Dutch State is not sure where it stands... And rightly so. The mere positive points are the mention of ‘privacy by design’, the report by the Dutch Scientific Council for Government Policy called iOverheid (iGovernment) and the following passage:

"In addition, partly in response to concerns expressed in Parliament, certain policy measures that impact on privacy are currently being modified, as for example the discontinuation of the storage of fingerprint data on national ID-cards and within the passport database."

Privacy First interprets this passage as an international declaration (unilateral statement) from the Netherlands to stop the storage of fingerprints on ID-cards and in its travel document administration once and for all. Privacy First is keen to continue reminding the government of this.

Update 5 April 2012: the international lobbying surrounding the UPR session of the Netherlands on 31 May 2012 is in full swing, both at foreign embassies in The Hague as well as within the permanent representations of UN Member States in Geneva. In this context an important 'UPR pre-session' took place yesterday morning in Geneva where various international human rights organisations had the opportunity to voice their concerns about the Netherlands in front of a broad audience of foreign diplomats. Click HERE for an impression of the meeting about the Netherlands. The statement by Privacy First during this meeting can be found HERE and can also be downloaded on the website of the Dutch Human Rights Institute under incorporation.

Update 21 April 2012: Based on all shadow reports (among which that of Privacy First) that the UN received at the end of 2011, an official UN summary has in the meantime been drawn up in Geneva. This ‘summary of stakeholders’ information’ can be found HERE. Apart from Privacy First, the NJCM (also on behalf of the Dutch Platform for the Protection of Civil Rights / Platform Bescherming Burgerrechten), Bits of Freedom, the Dutch Data Protection Authority, Vrijbit and the Dutch Contact Point on Abuse of Mandatory Identification (Meldpunt Misbruik Identificatieplicht) all sent their privacy worries to Geneva in writing; all these reports will soon appear on this UN page. As far as Privacy First is aware, this has not occurred on this scale before. Therefore, for the first time in history the privacy theme figures prominently in a UN report about the Netherlands, as a matter of fact more prominent than is the case in other summaries, for example the one on the United Kingdom. Furthermore, it’s striking that the UN cites a passage about profiling from the Privacy First report: ‘‘digital profiles can be extremely detailed and profiling can easily lead to discrimination and 'steering' of persons in pre-determined directions, depending on the 'categories' their profiles 'fit into' and without the persons in question being aware of this.’’ (UN summary, para. 65). All of this can rightly be called a breakthrough that will hopefully bear fruit during the upcoming session on 31 May 2012.

Update 23 May 2012: In recent months Privacy First has had a series of useful conversations with foreign diplomats in Geneva and The Hague. Meanwhile a number of so-called ‘advance questions’ by UN Member States have appeared on the UPR website of the UN. Among them is the following question by the United Kingdom to the Netherlands: ‘‘Given recent concerns about data collection and security, including the unintended consequences of cases of identity theft, does the Netherlands have plans for measures to ensure more comprehensive oversight of the collection, use and retention of personal data?’’ (Source) Privacy First looks forward with confidence to further questions by UN Member States about Dutch privacy perils.

Published in Law & Politics

Step 1: E-Gates at Schiphol Airport

Today a seemingly innocent article in Computable caught Privacy First’s attention. The title of the article is ‘‘Passport photo system is fraud sensitive’’ and its subtitle reads ‘‘Digital passport photo inadequate’’. The gist of the article is that the quality of the facial scans in passports (and ID cards) will have to be improved in order for the chance of mismatches in automated facial recognition at Schiphol Airport to be reduced. An experiment with facial recognition is currently planned for the fall of 2011. At Schiphol 36 so-called E-Gates will then be installed: gates for automatic border passage.    

On your way to the gate you will simply walk through one of those gates: the System verifies whether your face corresponds with the face on the chip of your passport. In case the System works 100% a 100% of the time then it’s enormously useful. In case it doesn’t, the System causes delays and irritation, long queues and new opportunities for identity fraud. And even if it does work faultlessly, there’s still a hidden 'catch': automatic screening of your security profile. Before coming to Schiphol you have already been completely screened on the basis of all possible databases that have been linked to you. Once at Schiphol it’s 'party time': without you knowing it your name has been assigned to a green, yellow, orange or red flag. More colors are possible. All of this remains unknown to you, which makes it all the more exciting. If you are taken apart from the queue at the E-Gate then it won’t be for a cup of tea and a biscuit, but to admire the color of your virtual flag once more. After all, it’s party time and the Royal Netherlands Border Police would rather not be color-blind. With a bit of luck you can still go aboard your plane, hoping of course that at the arrival in country X there’s no other feast of flags awaiting you.

Step 2: passport photo booth in the city hall

A few years later (on your return to the Netherlands) you need to renew your passport. For new passport photos you go to your local professional photographer. However, he redirects you to the city hall. For some time passports photos are still only allowed to be made there. You vaguely recall an article in Computable that already referred to this: ‘‘Mistakes [with passport photos] could be prevented by making a digital photo of the passport applicants in the city hall, at the moment they make their passport application.’’ At the time (2011) this seemed enormously useful to the government. Henceforth no more hassle with professional photographers but high definition 3D photos taken straight away in a special Big Brother booth at the town hall, easy as that. Designed initially for E-Gates at Schiphol, then used for automatic facial recognition in shops and on the streets, eventually worldwide. A comparable Dutch plan was rejected in 2007 under pressure from the sector of professional photographers. Since that time our country was hit by one recession after the other. Meanwhile the Dutch privacy movement flourished. But that wasn't meant to spoil the 'fun'. Therefore it took the Dutch government a lot of effort to convince photographers that they could very well do without their passport photo revenues. Not to mention the privacy of Dutch citizens.

Will this be our future? Not if it’s up to Privacy First. We’ll keep you posted.

Published in Profiling

A broad international alliance of NGOs demands that there will be a European investigation into biometric data storage. Governments increasingly lay claim to people's biometric data (such as fingerprints), which are then stored on radio-frequency identification (RFID)-chips in passports and ID-cards. Some countries, such as the Netherlands, France and Lithuania go even further and store this information in databases which can be used for criminal investigation and prosecution.

The alliance of more than 60 organisations (including Privacy First) has urgently requested the Secretary-General of the Council of Europe, Mr. Thorbjørn Jagland, to request the countries concerned for an explanation about whether or not their legislation on these matters complies with the European Convention on Human Rights (ECHR) as speedily as possible. The alliance is of the opinion that a thorough investigation is to be conducted on whether the guarantees and criteria of human rights with respect to the necessity, proportionality, subsidiarity and security guarantees that the ECHR demands for the use of biometrics, are in actual fact being adhered to. This is very much put in doubt by a recent report of the Council of Europe.

It is actually worth pointing out that the idea for the current European enrolment and storage of biometric data has partly come into existence in the Council of Europe itself, that is to say, at the behest of a few working groups that devoted themselves to combating terrorism around 2004. One of these working groups was the Group of Specialists on Identity and Terrorism (CJ-S-IT) which operated under Dutch chairmanship. In April 2004, this working group made the following recommendation:

 "The creation or development of systems which allow identity checks with reference
to civil status records and  registers and population registers to be carried out rapidly
(in particular by means of a centralised system) and in a reliable manner. (…)

Give consideration to and promote research and ongoing cooperation between police
scientists and institutions (…) in order to make greater use of scientific identification
of individuals, especially through the use of biometrics and DNA analysis,
most notably in their use in identity documentation.
" (Source, pp. 17-18. Other
documentation from 2003 to the present day can be found online HERE.)

Meanwhile, it is up to that very Council of Europe to map European national laws that since that time have lost their balance in this area. Where national laws do not respect human rights, the Member States in question are to be called to order. Privacy First looks forward with confidence to the Secretary-General of the Council of Europe carrying out these duties.
 

Logo of the alliance

Published in Biometrics

Soon every car driver in Holland will be a potential suspect 

Under a new, far-reaching legislative proposal, the Dutch Minister for Security and Justice Ivo Opstelten aims to enhance criminal investigation by introducing a four week storage period of the number plates of all cars through camera surveillance. Current rules dictate that these data have to be deleted within 24 hours. Last year the previous Minister of Justice (Hirsch Ballin) planned to make a similar proposal with a storage period of 10 days. However, the Dutch House of Representatives then declared this topic to be controversial. In his current proposal, Opstelten takes things a few steps further. Already in 2008 the Dutch Data Protection Authority (College Bescherming Persoonsgegevens, CBP) ruled that police forces were not adhering to Dutch privacy rules by storing number plates for a greater period than was legally permitted. According to the CBP, all number plates that are not suspect (so-called ‘no-hits’) are to be removed from relevant databases immediately. Opstelten’s plan to also store the number plates of unsuspected citizens for four weeks directly flies in the face of this.  

Listen to what Privacy First had to say (in Dutch) about this on Radio 2 (NCRV, Knooppunt Kranenbarg, 11 January 2011):



Read more about Opstelten's plans in Computerworld , Tweakers  and on the weblog of SOLV.
Published in CCTV

Argumentation courtesy of Stichting Meldpunt Misbruik Identificatieplicht ('Dutch Contact Point on Abuse of Mandatory Identification'):

(1) The application of a Radio-Frequency Identification (RFID)-chip makes the 'OV-chipkaart' (Public Transport chip card) vulnerable. Information on the card can be read by others at a distance, the card can be copied or manipulated, and the credit that’s on it can easily be stolen.

(2) Storing personal data for much too long affects people's personal freedom. There is absolutely no need for transport companies to continuously register exactly where someone is located, to make video images of every check-in and check-out and to store these data for an undetermined period of time.

(3) Because personalized chip cards are to be accommodated with a scan of the passport photo, cameras located at every public transport turnstile can be programmed in such a way that certain people or certain groups of people can be singled out. Associated law enforcement or commercial applications invade people's privacy. By means of the new system, public transport companies become an extension of police and law enforcement authorities and can earn money by commercially making use of personal information for marketing or advertisement purposes.

(4) Privacy will have to be paid for. Everyone who doesn’t want his travel behavior being documented or his passport being scanned and digitally saved in the administration of the transport company will be excluded by the system from subscription and will be financially disadvantaged in case he/she wants to protect his/her privacy. In this way, public transport companies that have the task to provide proper transport will start earning money from the privacy of their clients.

Published in Mobility
Page 3 of 3

Our Partners

logo Voys Privacyfirst
logo greenhost
logo platfrm
logo AKBA
logo boekx
logo brandeis
 
 
 
banner ned 1024px1
logo demomedia
 
 
 
 
 
Pro Bono Connect logo
Procis

Follow us on Twitter

twitter icon

Follow our RSS-feed

rss icon

Follow us on LinkedIn

linked in icon

Follow us on Facebook

facebook icon