PSD2 opt-out register
Is it possible to have innovation in the field of payment data while preserving privacy? Under the new European banking law PSD2, payment data can be shared with non banking parties. The legislator has, however, failed to implement privacy by design. Therefore, the Privacy First Foundation has taken the initiative to launch a PSD2 opt-out register in the Netherlands. We are happy to report that the SIDN Fund is supporting us in this. With this opt-out register bank account numbers can be filtered. This can be useful in case bank account numbers are linked to sensitive personal data, such as a payment to a trade union, a healthcare insurer, a political party or an organization that reveals one’s sexual preference. It can also be useful when consumers wish to filter their contra accounts. The Dutch PSD2 opt-out register could become trendsetting at a European level.
Source: https://www.sidnfonds.nl/nieuws/de-eerste-pioniers-van-2019, 22 May 2019 (in Dutch).
Follow https://psd2meniet.nl for updates and become a member of our PSD2 Privacy Panel! (in Dutch)
For all its projects and affiliated activities, Privacy First is largely dependent on donations. The more financial support and donations we receive, the sooner Privacy First will be able to launch the PSD2 opt-out register.
In the context of the National Privacy Conference organized by Privacy First and ECP today the Dutch Privacy Awards have been handed out. These Awards offer a podium to organisations that consider privacy as an opportunity to positively distinguish themselves and want privacy-friendly entrepreneurship and innovation to become a benchmark. The winners of the 2019 Dutch Privacy Awards are Startpage.com as well as Privacy Company & SURF. PublicSpaces received the incentive prize.
With Private Search 2.0, Startpage.com allows those who find profiling and targeting on the basis of search queries oppressing, to breathe a little more freely again. The basic promise of Startpage is that its users can question Google Search without having to fear that Google accords a permanent data trail to every single query. Moreover, Startpage.com enables searching through an anonymizing proxy. It therefore meets the needs of anyone who doesn’t want to be confronted with targeted ads on the basis of search queries. Think of people who search for information related to financial, relationship or health problems. And naturally any other person who, by default, wishes to stay clear of foreign companies that trade in personal data (based in Silicon Valley and elsewhere). Startpage.com thus offers people an important and very privacy-friendly opportunity to visit websites without having to worry about unwanted profiling and without being confronted with one’s own search behavior.
Winner: Privacy Designer (Privacy Company and SURF)
Privacy Designer is a Privacy Company and SURF web app which helps SMEs, associations and NGOs to identify privacy risks. The app has been co-financed by the SIDN Fund and can be used free of charge.
The expert panel was deeply impressed by this solution. It’s a practical and innovative app which has a large impact on society because research points out that the target group is often insufficiently aware of the privacy risks to which it is exposed and doesn’t quite know how to deal with such risks appropriately. Another advantage of Privacy Designer is the fact that all data is stored on one’s own device and the use of personal data is kept to a minimum. In short, this entry can potentially improve the privacy of a large group of people in an effective and accessible way.
There is a lot that goes on online that internet users can’t see and are not aware of. Advertising displayed on the basis of search behavior can be a great annoyance. Meanwhile, we become increasingly dependent on online information gathering, navigation and cloud storage. This makes a few dominant commercial companies ever more powerful.
PublicSpaces is a coalition of public broadcasters and cultural organizations that aim to ‘repair’ the internet by restoring it to a community of users. They try to do so by collaborating with a number of relevant parties and by offering alternatives. In particular, the fact that data so easily ends up across different platforms is a thorn in the eye of PublicSpaces. With open source initiatives and the use of IRMA (‘I Reveal my Attributes’, an open source identity platform which won a Dutch Privacy Award last year), the coalition attempts to improve online privacy. The expert panel wholeheartedly encourages PublicSpaces’ mission.
There are four categories in which applicants are awarded:
1. the category of Consumer solutions (business-to-consumer)
2. the category of Business solutions (within a company or business-to-business)
3. the category of Public services (public authority-to-citizen)
4. The incentive prize for a ground breaking technology or person.
From the various entries, the independent expert panel chose the following nominees per category:
|Consumer solutions:||Business solutions:||Public services:|
|Private Search 2.0 (Startpage.com)||
Privacy op Schooltas
Passantentellingen (Municipality of Nijmegen)
|VraagApp||Privacy Designer (Privacy Company and SURF)||Project privacy by design (Dutch Tax Authorities)|
During the Dutch National Privacy Conference the nominees presented their projects to the audience in Award pitches. Thereafter, the Awards were handed out. Click HERE for the entire expert panel report (Dutch pdf), which includes participation criteria and explanatory notes on all the nominees and winners.
National Privacy Conference
The National Privacy Conference is a ECP|Platform for the Information Society and Privacy First initiative. Once a year, this conference brings together Dutch industry, public authorities, the academic community and civil society with the aim to build a privacy-friendly information society. The mission of both the National Privacy Conference and Privacy First is to turn the Netherlands into a guiding nation in the field of privacy and data protection. To this end, privacy by design is key.
These were the speakers during the 2019 National Privacy Conference in successive order:
Aleid Wolfsen (chairman of the Dutch Data Protection Authority)
Sophie in ‘t Veld (Member of the European Parliament)
Tijmen Schep (PrivacyLabel)
Brenno de Winter (IT researcher)
Jeroen Terstegge (Privacy Management Partners).
Expert panel of the Dutch Privacy Awards
The independent expert Award panel consists of privacy experts from different fields:
- Bart van der Sloot, senior researcher at Tilburg University (panel chairman)
- Bas Filippini, founder and chairman of Privacy First
- Paul Korremans, data protection & security professional at Comfort Information Architects (and Privacy First board member)
- Marie-José Bonthuis, IT’s Privacy owner
- Esther Janssen, attorney specialized in information law and fundamental rights, Brandeis Attorneys
- Esther Keymolen, philosopher of technology, TILT, Tilburg University
- Matthijs Koot, senior security specialist, Secura BV
- Marc van Lieshout, senior researcher at TNO and managing director at PI.lab
- Wendeline Sjouwerman, privacy specialist who focuses on local governments and health care.
In order to make sure that the Award process is run objectively, the panel may not judge on any entry of his or her own organization.
Privacy First organizes the Dutch Privacy Awards with the support of the Democracy & Media Foundation and in collaboration with ECP. Would you like to become a partner or sponsor of the Dutch Privacy Awards? Then please contact Privacy First!
Writing a New Year’s Column about the state of affairs concerning the protection of everyone’s privacy weighs me down this year. With the exception of a few bright spots, privacy in the Netherlands and the rest of the world has greatly deteriorated. For a while it seemed that the revelations of Edward Snowden in 2013 about secret services tracking everyone’s online behavior would be a rude wake-up call for the world. It was thought that an increasing number of data breaches and a rising number of governments and companies getting hacked, would make people realize that large amounts of data stored centrally is not the solution. The Arab Spring in 2015 would bring about major change through the unprecedented use of (social) media.
The European Union successfully voted against the exchange of data relating to travel movements, paved the way for the current General Data Protection Regulation and seemed to become the shining alternative example under the guidance of Germany, a country known for its vigilance when it comes to privacy. Unfortunately, things turned out differently. Under the Obama administration, Snowden was shunned as a traitor and other whistleblowers were clamped down on harder than ever before. Julian Assange was forced into exile while murdering people with the use of drones and without any form of trial was implemented on a large scale. Extrajudicial killings with collateral damage... While the discussion was about waterboarding... Discussions on such ‘secondary topics’ have by now become commonplace in politics, and so has the framing and blaming of opponents in the polarized public debate (the focus is usually on the person rather than on the argument itself).
Looking back on 2018, Privacy First identifies a great number of areas where the breakdown of privacy is evident:
Government & privacy
In March, an advisory referendum in the Netherlands was held on the introduction of the so-called Tapping law. Immediately after that, the referendum was abrogated. This happened in a time of unprecedented technological possibilities to organize referendums in various ways in a shared democracy. That’s outrageous. The outcome of the referendum was not taken into account and the Tapping law was introduced just like that. Moreover, it turned out that all along, the Dutch Minister of the Interior had withheld an important report on the functioning of the Dutch General Intelligence and Security Service.
Apparently this was nothing to worry about and occurred without any consequences. The recent report by the Dutch State Commission on the (re)introduction of referendums will likely end up in a drawer, not to be looked at again.
Fear of losing one’s role and the political mood of the day are all too important in a culture in which ‘professional politicians’ are afraid to make mistakes, but which is full of incidents nonetheless. One’s job or profession comes first, representing citizens comes second. Invariably, incidents are put under a magnifying glass in order to push through binding legislation with a broad scope. Without the review of compliance with guiding principles such as necessity, purpose limitation, subsidiarity and proportionality. There is an ever wider gap between government and citizens, who are not trusted but are expected to be fully transparent towards that self-same government. A government that time and again appears to be concealing matters from citizens. A government that is required by law to protect and promote privacy, but is itself still the most prominent privacy-violator.
The medical establishment & privacy
In this area things got really out of hand in 2018. Through various coordinated media offensives, the EU and the member states are trying to make us believe in the advantages of relinquishing our right to physical integrity and our humanity. Sharing biometric data with the United States continues unabatedly. We saw the police calling for compulsory DNA databases, compulsory vaccination programs, the use of smart medicines with microchips and the phasing out of alternative therapies. Furthermore, health insurance companies cautiously started to cover genetic testing and increasingly doing away with medical confidentiality, the Organ Donation Act was introduced and microchips implanted in humans (the cyborg as the highest ideal in Silicon Valley propaganda) became ever more popular.
How long before microchips become compulsory for all citizens? All (domestic) animals in the EU have already preceded us. And then there’s the Electronic Health Record, which was first rejected in the Dutch Senate but has reappeared on the minister’s agenda via a detour. Driven by commercial interests, it is being rammed down the throats of general practitioners while alternatives such as Whitebox are not taken seriously. The influence of Big Pharma through lobbying with government bodies and participating in government working groups is particularly acute. They closely cooperate with a few IT companies to realize their ideal of large and centralized networks and systems. It’s their year-end bonus and growth at the expense of our freedom and well-being.
Media & privacy
Naturally, we cannot overlook ‘fake news’. One of the premises for having privacy is being able to form your own opinion and respect and learn from the opinions of others. Furthermore, independent left and right-wing media are essential in a democratic constitutional State. It's their task to monitor the functioning of elected and unelected representatives in politics and in government. Journalists should be able to penetrate into the capillaries of society in order to produce local, national and global news.
Ever since free news gathering came about, it has been a challenge to obtain news based on facts. It’s not always easy to distinguish a press service, PR and propaganda from one another. In times of rapid technological changes and new opportunities, they should be continuously reviewed according to the principles of journalism. That’s nothing new. What is new, however, is that the European Union and our own Minister for the Interior, Kajsa Ollongren, feel they’re doing the right thing by outsourcing censorship to social media companies that are active on a global scale and have proven to be unreliable.
While Facebook and Google have to defend themselves in court for spreading fake news and censoring accounts, the governments hand over the monitoring task to them. The privacy violators and fake news distributors as the guardians of our privacy and journalism. That’s the world upside down. By so doing, this minister and this government undermine the constitutional State and show disdain for intelligent citizens. It’s time for a structural change in our media system, based on new technologies such as blockchain and the founding of a government media office whose task is to fund all media outlets through citizens’ contributions, taking into account the media’s scope and number of members. So that concerns all media, including the so-called alternative media, which should not be censored.
Finance & privacy
The erosion of one’s privacy increasingly manifests itself at a financial level too. The fact of the matter is, that the tax authorities already know in detail what the spending pattern of all companies and citizens looks like. Thanks to the Tapping Law, they can now pass on this information in real-time to the secret services (the General Intelligence and Security Service is watching along). Furthermore, a well-intended initiative such as PSD2 is being introduced in a wholly improvident and privacy-unfriendly way: basic conditions relating to the ownership of bank details (of citizens, account holders) are devoid of substance. Simple features such as selective sharing of banking details, for example according to the type of payment or time period, are not available. What’s more, payment details of third parties who have not given their consent, are sent along.
In the meantime, the ‘cash = criminal’ campaign goes on relentlessly. The right to cash and anonymous payment disappears, despite even the Dutch Central Bank now warning that the role of cash is crucial to our society. Privacy First has raised its opinion on this topic already in 2016 during a public debate. The latest development in this regard is the further linking of information through Big Data and profiling by debt-collecting agencies and public authorities. Excluding citizens from the electronic monetary system as a new form of punishment instead of letting them pay fines is a not so distant prospect. In this regard, a lot of experimentation is going on in China and there have been calls in Europe to move in the same direction, supposedly in order to fight terrorism. In other words, in the future it will become increasingly difficult to raise your voice and organize against abuse of power by governments and companies: from on high it takes only the press of a button and you may no longer be able to withdraw cash, travel or carry out online activities. In which case you have become an electronic outcast, banished from society.
Public domain & privacy
In 2018, privacy in public space has all but improved. Whereas 20 years ago, the Netherlands was deemed too small to require everyone out on the streets to be able to identify themselves, by now, all governments and municipalities in Europe are developing ‘smart city’ concepts. If you ask what the benefits and use of a smart city are (beyond the permanent supervision of citizens), proponents will say something vague about traffic problems and that the 'killer applications' will become visible only once the network of beacons is in place. In other words, there are absolutely no solid figures which would justify the necessity, subsidiarity and proportionality of smart cities. And that’s not even taking basic civil rights such as privacy into consideration.
Just to give a few examples:
- ANPR legislation applies from 1 January 2019 (all travel movements on public roads will be stored in a centralized police database for four weeks)
- A database consisting of all travel movements and stays of European citizens and toll rates as per 2023
- Emergency chips in every vehicle with a two-way communication feature (better known as spyware) as per 1 January 2019
- Cameras and two-way communication in public space, built into the lampposts among other objects as part of smart city projects
- A decision to introduce additional cameras in public transport as per 2019
- The introduction of Smart Cities and the introduction of unlimited beacons (doesn’t it sound so much better than electronic concentration camp posts?)
- Linking together all traffic centers and control rooms (including those of security companies operating on the private market)
- Citizens are permanently monitored by invisible and unknown eyes.
Private domain & privacy
It’s well known that governments and companies are keen to take a peek in our homes, but the extent to which this was being advanced last year, was outside of all proportion. Let’s start with energy companies, who foist compulsory smart meters on citizens. By way of ‘appointment to install a smart meter’, which you didn’t ask for, it’s almost impossible to stay clear of red tape. After several cancellations on my part and phone calls to energy provider Nuon, they simply continued to push forward. I still don’t have a smart meter and it will stay like that.
Once again Silicon Valley featured prominently in the news in 2018. Unelected dictatorial executives who are no less powerful than many a nation state, promote their utopias as trendy and modern among citizens. Self-driving cars take the autonomy and joy away from citizens (the number of accidents is very small considering the millions of cars on the road each day), while even children can tell that a hybrid approach is the only option. The implementation of smart speakers by these social media companies is downright spooky. By bringing smart toys onto the market, toy manufacturers equally respond to the needs that we all seem to have. We can all too readily guess what these developments will mean for our privacy. The manipulation of facts and images as well as distortion, will starkly increase.
Children & privacy
Children and youths represent the future and nothing of the above bodes well for them. Screen addiction is sharply on the rise and as children are being raised amidst propaganda and fake news, much more attention should go out to forming one’s own opinion and taking responsibility. Centralized pupil monitoring systems are introduced indifferently in the education system, information is exchanged with parents and not having interactive whiteboards and Ipads in the classroom has become unthinkable. The first thing children see every single day, is a screen with Google on it... Big Brother.
Dependence on the internet and social media results in impulsive behaviour among children, exposes them to the madness of the day and affects their historical awareness and ability to discern underlying links. The way of thinking at universities is becoming increasingly one-sided and undesirable views are marginalized. The causes of problems are not examined, books are not read though there is certainly no lack of opinions. It’s all about making your voice heard within the limits of self-censorship that’s in force in order to prevent becoming the odd one out in the group. The same pattern can be identified when it comes to forming opinions in politics, where discussing various issues based on facts seems no longer possible. Not to mention that the opinions of citizens are considered irrelevant by our politicians. Good quality education focused on forming opinions and on creating self-reflective minds instead of a robot-way of thinking, is essential for the development of a healthy democracy.
Are there any positive developments?
It's no easy task to identify any positive developments in the field of privacy. The fact is that the introduction of the GDPR and the corresponding option to impose fines has brought privacy more sharply into focus among companies and citizens than the revelations of Snowden have been able to do. The danger of the GDPR, however, is that it narrows down privacy to data protection and administrative red tape.
Another positive development is the growing number of (as of yet small) initiatives whereby companies and governments consider privacy protection as a business or PR opportunity. This is proved by the number of participants in the 2019 Dutch Privacy Awards. Recurring themes are means of anonymous communication (email, search engines, browsers), possible alternatives to social networks (messaging services like WhatsApp, Facebook, Instagram and Twitter) on the basis of subscriptions, blockchain technology and privacy by design projects by large organizations and companies.
Privacy First has teamed up with a few top quality pro bono attorneys who are prepared to represent us in court. However, judges are reluctant to go off the beaten track and come up with progressive rulings in cases such as those concerning number plate parking, average speed checks, Automatic Number Plate Recognition, the Tapping Law, etc. For years, Privacy First has been suffering from a lack of funding. Many of those who sympathize with us, find the topic of privacy a bit eerie. They support us morally but don’t dare to make a donation. After all, you draw attention to yourself when you’re concerned with issues such as privacy. That’s how bad things have become; fear and self-censorship... two bad counsellors! It’s high time for a government that seriously deals with privacy issues.
Constitutional reform should urgently be placed on the agenda
Privacy First is a great proponent of constitutional reform (see our 2017 New Year’s column about Shared Democracy), based on the principles of the democratic constitutional State and the European Convention on Human Rights (ECHR). Our democracy is only 150 years old and should be adapted to this current day and age. This means that the structure of the EU should be changed. Citizens should take on a central and active role. Government policies should focus on technological developments in order to reinforce democracy and formulate a response to the concentration of power of multinational companies.
Privacy First argues that the establishment of a Ministry of Technology has the highest priority in order to be able to stay up to date with the rapid developments in this field and produce adequate policies accordingly. It should live up to the standards of the ECHR and the Dutch Constitution and avoid becoming a victim of the increasing lobbying efforts in this sector. Moreover, it is time for a Minister of IT & Privacy who stays up to date on all developments and acts with sufficient powers and in accordance with the review of a Constitutional Court.
The protection of citizens’ privacy should be facilitated and there should be privacy-friendly alternatives for current services by technology companies. For 2019, Privacy First has a few tips for ordinary citizens:
- Watch out for and stay away from ‘smart’ initiatives on the basis of Big Data and profiling!
- Keep an eye on the ‘cash = criminal’ campaign. Make at least 50% of your payments anonymously in cash.
- Be cautious when communicating through Google, Apple, Facebook and Microsoft. Look for or develop new platforms based on Quantum AI encryption and use alternative browsers (TOR), networks (VPN) and search engines (Startpage).
- Be careful when it comes to medical data and physical integrity. Use your right for there to be no exchange of medical data as long as initiatives such as Whitebox are not used.
- Be aware of your right to stay anonymous, at home and in public space. Campaign against toll payment, microchips in number plates, ANPR and number plate parking.
- Be aware of your legal rights to bring lawsuits, for example against personalized waste disposal passes, camera surveillance, etc.
- Watch out for ‘smart’ meters, speakers, toys and other objects in the house connected to the internet. Purchase only privacy by design solutions with privacy enhanced technology!
The Netherlands and Europe as guiding nations in the field of privacy, with groundbreaking initiatives and solutions for apparent contradictions concerning privacy and security issues - that’s Privacy First's aim. There’s still a long way to go, however, and we’re being blown off course ever more. That’s due in part because a comprehensive vision on our society and a democracy 3.0 is lacking. So we continue to drift rudderless, ending up in the big manipulation machine of large companies one step at a time. We need many more yellow vests before things change. Privacy First would like to contribute to shaping and promoting a comprehensive, positive vision for the future. A future based on the principles that our society was built on and the need for greater freedom, with all the inevitable restrictions this entails. We will have to do it together. Please support Privacy First actively with a generous donation for your own freedom and that of your children in 2019!
To an open and free society! I wish everyone a lot of privacy in 2019 and beyond!
Bas Filippini, Privacy First chairman
New European PSD2 legislation in force
At the start of 2019, the Payment Service Directive 2 will enter into force in the Netherlands. Under this new European banking law, consumers can share their banking details with parties other than their own bank. This first requires their explicit consent, upon which banks must share all transactional data of the consumer (account holder) with an external party (financial service provider) for a period of 90 days, after which the consumer can renew his consent. The consumer can also withdraw his consent at all times.
PSD2 is a great concern to Privacy First
Privacy First is very worried about PSD2. The law focuses too much on improving competition and innovation while the privacy interest of account holders is overlooked. These are Privacy First’s greatest concerns:
- Consumers are not in a position to limit the amount of banking details. Even in case a financial service provider does not need these details, all data are shared just the same once the account holder has issued his consent.
- The bank details of a consumer include the details of contra accounts. Holders of such accounts are unaware of the fact that their details may be shared and are not in a position to prevent that. As transactional data will be analyzed much more widely with the use of Big Data and data analyses than before the introduction of PSD2, there will be a much greater risk of privacy violations.
- Banking details contain ‘sensitive personal data’ that may only be issued under strict conditions. A subscription payment to a trade union, political party or organization that reveals one’s sexual preferences, should be considered sensitive personal data according to Privacy First. The same applies to transactions with health insurance companies and pharmacists. Currently, there is no way to filter out these data and they are being issued to parties that are not allowed to process them.
During an episode of the Dutch television program Radar that was broadcast on Monday 7 January 2019, Privacy First drew particular attention to these issues.
PSD2 quality label aims for transparency
Privacy First wants consumers to get honest and transparent information on what happens to their data. We advocate not for lengthy privacy statements, but rather for information that fits on a single sheet of paper. This information should not come from the financial industry, but from consumers themselves. After all, they can best decide which information they find valuable when making a choice. During 2018, Privacy First worked on this initiative along with the Volksbank and other partners from the financial sector.
PSD2 opt-out register
Privacy First is surprised that no attention has been paid to the role of ‘sensitive personal details’ in transactional data. Such details may only be shared under strict conditions and therefore have to be filtered out. Equally, consumers who do not want others to share their data with financial service providers should have the opportunity to prevent this. That is why Privacy First would like to see an opt-out register, similar to the do-not-call-me register which has been around in the Netherlands for many years. During the Radar broadcast, Privacy First announced it would bring forward this proposal, hoping to be able to develop it further together with the financial sector and policy makers. The aim is to have a compulsory opt-out register. This will, however, require amending the European PSD2 directive.
 Additional information: it concerns all transactional data. The extent to which these data go back in time varies per bank. See the overview (in Dutch) of the Dutch consumer association: The majority of account holders saves their bank statements for at least five years https://www.consumentenbond.nl/betaalrekening/meerderheid-bewaart-rekeningafschriften-ten-minste-5-jaar.
 Additional information: this is included in Article 9 of the GDPR and in Article 22 of the Dutch GDPR implementation Act. In short, processing sensitive personal data is unlawful, with a few exceptions. See (in Dutch) https://wetten.overheid.nl/BWBR0040940/2018-05-25.
Below, in alphabetical order, are Privacy First’s main objections against the new Dutch Intelligence and Security Services Act (Wiv2017, or ‘Tapping law’):
A. Authority to hack
Under the new law, the Dutch intelligence services will be able to hack a target through innocent third parties. By hacking a third party (for example an aunt, a sister, a friend, a husband, a grandfather, a colleague, a neighbour, a public authority, a company, etc.), information can be obtained about the target. In other words, any devices of innocent citizens may be hacked by the intelligence services. Citizens will never be notified about this, as there is no duty to inform.
C. Chilling effect
The new law may result in people behaving differently (either consciously or not) than they would do in a free environment. This can have a negative effect on the exercise of their fundamental rights other than the right to privacy, for instance on the right to freedom of expression and the right to freedom of association, assembly and demonstration.
Under both the current as well as the new law, Dutch secret agents are authorized to commit criminal offences. However, up until now, the exact scope of this power has been unknown. Under the current law, this power could be further regulated through a (never introduced) General Administrative Order. A number of years ago, the Dessens Commission recommended introducing such a General Administrative Order after all. In the new Tapping law however, the foundation for this General Administrative Order has been scrapped, leaving behind a legal vacuum.
The new law enables automatic access to databases in both the entire private and public sector. This allows intelligence services direct access to various sensitive databases of companies, public authorities and other organizations, either through informants and agents (infiltrators), or through secret agreements.
The power to conduct ‘research-oriented interception’, popularly known as the ‘trawl net method’ or the ‘the dragnet-surveillance power’, allows intelligence and security agencies (secret services) to tap the internet traffic of large groups of people simultaneously. They may tap a particular municipality, neighbourhood, local community or street, in case one of their targets happens to live there. This entails monitoring the communications of innocent citizens by means of a digital dragnet. Privacy First believes that the data of innocent citizens do not belong in the hands of intelligence services. Apart from that, the collection of huge amounts of data makes the intelligence services less effective.
Under the new law, encrypted data in the possession of companies, public authorities and individuals (for example communications data) must be decrypted on the request of secret services. Refusing to comply with a decryption order will be punished with a maximum of two years’ imprisonment.
Under the Tapping law, the intelligence and security services will have their own DNA database. They may collect DNA of targets and non-targets (innocent citizens). In order to collect DNA, they are allowed to grant themselves access to confined places, such as offices or residences. Dutch magazine Groene Amsterdammer has recently written an extensive article about the DNA Collection Service.
E. European Convention on Human Rights (ECHR)
The right to privacy is a human right: this right is protected by article 8 of the ECHR. Privacy First is of the opinion that the new Tapping law violates the right to privacy. We are ready to start interim injunction proceedings (lawsuit) against the Dutch government in case the Tapping law comes into force. This would enable a judge to scrutinize the new Act and possibly render it (partly) inoperative on account of violation of article 8 ECHR.
Exchange of data
The data of innocent citizens and journalists that are collected through the use of internet dragnet surveillance can be shared with foreign intelligence agencies before first being evaluated by the Dutch agencies.
F. Fake news from the Dutch government
According to the Dutch Minister of the Interior Kajsa Ollongren, it’s not necessary that the government puts neutral information about the Tapping law referendum on its website rijksoverheid.nl. This means that the Dutch government does not provide objective information to voters.
The law gives too much power to intelligence and security services and too little privacy guarantees to citizens. After the Tapping law referendum, the law will have to go back to the legal drawing board, where proper privacy guarantees should be added and the exercise of powers be reviewed.
H. Human rights
Privacy is a human right. The right to protection of one’s private life applies to everyone and is being guaranteed by numerous international and European treaties. The Tapping law will massively violate this right, considering the fact that it allows for the collection, storage and international exchange of data of large groups of innocent citizens.
Hyping the terror threat
Proponents of the Tapping law have often put forward the argument that it will prevent terror attacks, as was shown by Dutch television show Zondag met Lubach. However, other countries have already shown that working in a focused, targeted way is much more effective. Opponents of the Tapping law agree that the current law needs to be updated, but they demand that the law be modified and improved in crucial aspects.
I. I’ve got nothing to hide
Everyone is entitled to having a private life. That’s why the data of innocent citizens do not belong to intelligence and security agencies. It’s important for these data, which include medical information, personal conversations, private emails, work-related emails, news stories, hobbies, interests and internet search results, to be protected properly. You may have ‘nothing’ to hide, but other citizens, like medical professionals, attorneys, activists, whistle-blowers and journalists certainly do.
Interception of cable-bound data
It is falsely being argued that the intelligence and security services are currently allowed to intercept data over the ether (non cable-bound) only and not any cable-bound data. Under current legislation, they may intercept cable-bound data when the target concerns, for example, a particular individual. Under the new law, secret services will be authorized to intercept cable-bound data on a large scale and without specific targets (the dragnet method).
Internet of Things
An ever increasing number of devices are connected to the internet. All these devices can be tapped and hacked under the new Tapping law. Think of a car, a camera, microphone, printer and perhaps even a pacemaker. After all, the Tapping law doesn’t exclude this possibility.
The communications of journalists may be intercepted under the new Tapping law by means of dragnet surveillance, among other ways. Secret services may acquire knowledge about this confidential information. This constitutes a threat to the freedom of the press and the journalistic right to non-disclosure of sources. Only retrospectively will secret services delete information that turns out not to be useful for any investigation.
In most cases, a judicial verification of the exercise of powers is lacking. As explained under ‘Review Board for the Use of Powers’(TIB), the new Review Board lacks the investigatory powers for effective and independent monitoring.
In his tv programme Zondag met Lubach, comedian and television presenter Arjen Lubach has looked into the Tapping law three times, explaining why it’s good to be critical about it. You can watch the videos (in Dutch) here: Tapping law 1, Tapping law 2 and Tapping law 3.
M. Medical confidentiality
Under the new law, the medical confidentiality of patients and the medical secrecy of doctors cannot be guaranteed: secret services can make a request to anyone, including doctors and hospitals, to hand over relevant data and to grant access to their data system (Electronic Health Record). They can also hack into such systems. This can lead to the evasion of health care among patients, which could endanger national health.
N. Notification obligation
Under the new law, the notification obligation is insufficient. Five years after exercising a certain power, the person concerned should, in principle, be notified about this. This, however, applies to only a few of the newly introduced powers. Privacy First thinks the notification obligation should apply to the exercise of all powers.
O. Other countries
Under the new Tapping law, data that have been collected may be shared with other countries without being evaluated first. This means that Dutch intelligence services can share unseen and unselected data (of innocent citizens) with foreign secret services. Once the data have been shared, Dutch intelligence services won’t be able to monitor the use of these data anymore.
P. Presumption of innocence
With the introduction of the new law, the presumption of innocence gets inverted. The dragnet-surveillance makes every single citizen a potential suspect, without any concrete ground to monitor someone in particular. Moreover, large-scale data collection increases the chance of false positives.
Q. Quest for data
The Dutch government has developed an enormous thirst for data. Whereas neighbouring countries go back to a target-centric approach, the Netherlands embraces Big Data. This leads to an ever growing haystack in which finding the needle will become increasingly difficult. More data is no equivalent to more security.
R. Review Board for the Use of Powers (TIB)
Independent supervision in all phases of the exercise of powers by secret services (before, during and afterwards) is insufficiently guaranteed. Since intelligence services operate secretly, citizens against whom such powers are exercised cannot object to this themselves. That’s why the exercise of powers is to be reviewed independently. The new Review Board for the Use of Powers (Toetsingscommissie Inzet Bevoegdheden) reviews beforehand whether the minister has rightfully given approval for the exercise of a relatively far-reaching (‘special’) power under the new law. This review is substantiated by less guarantees than the review by a judge. Furthermore, the Review Board doesn’t have any investigative powers of its own and is completely dependent on the information it’s provided with by others. Various authorities, such as the Dutch Data Protection Authority, have warned that the Review Board shouldn’t become a 'rubber stamping machine'.
Review Committee on the Intelligence and Security Services (CTIVD)
The judgments of the Review Committee on the Intelligence and Security Services, which retrospectively reviews whether or not powers have been applied lawfully, are not binding. The Minister of the Interior may not take the findings and recommendations into account and continue to unlawfully use powers.
Privacy and security are unduly placed on opposite sides of the balance. In a free and democratic society, privacy and security go hand in hand. It’s possible to draft an Intelligence and Security Services Act that has good privacy safeguards under which information of innocent citizens doesn't end up in the hands of intelligence agencies.
Unevaluated data that have been collected through ‘dragnet surveillance, may be stored for three years. These data may also be shared with other countries, even without first being evaluated. Data that the intelligence and security agencies deem relevant may be kept for as long as they are regarded as such.
Z. Zero days
The intelligence and security services have the power to make use of unknown software vulnerabilities, so called zero-days. Such vulnerabilities are known to them, but not to the creator or manufacturer of the software. They don’t have to notify the manufacturer about it. This allows malicious parties to exploit vulnerabilities, even over longer time periods. It also creates a black market, where such vulnerabilities and data breaches are traded.
This list is not exhaustive and can be supplemented at all times.
IRMA and ‘referendum students’ win Dutch Privacy Awards
In the context of the National Privacy Conference organized by Privacy First and ECP, today the very first Dutch Privacy Awards have been awarded. These Awards offer a podium to companies and governments that consider privacy as an opportunity to positively distinguish themselves and want privacy-friendly entrepreneurship and innovation to become a benchmark. The great winner of the 2018 Dutch Privacy Awards is IRMA (I Reveal My Attributes). The students who organized the Dutch referendum about the controversial Tapping law received the incentive prize.
Winner: IRMA (I Reveal my Attributes)
IRMA (I Reveal my Attributes) is a state of the art, open source identity platform which allows users to authenticate themselves by using an app on the basis of one or several attributes related to their different roles (contextual authentication). This form of authentication does not reveal one’s identity: a one-to-one relation between the user and the service provider makes brokers redundant and allows the former to use services anonymously, without a password and with minimal attributes.
The system has been developed by the Digital Security Research Group of the Radboud University Nijmegen. Since the end of 2016, IRMA is part of the independent Dutch Privacy by Design foundation.
The Awards panel praises the academic community for developing IRMA as a general purpose privacy-by-design application intended for both the private as well as the public sector. As a means of privacy-friendly authentication, the panel regards the innovative capacity of the open source technology used, the instant deployability and the potential impact on society of IRMA as great assets. That is why the panel unanimously chose IRMA as the winner of the 2018 Dutch Privacy Awards.
Winners: ‘Tapping law students’
On the initiative of five University of Amsterdam students, a national referendum about the new and controversial Dutch Intelligence and Security Services Act (‘Tapping law’) will be held on 21 March 2018. Regardless of the outcome of the referendum, one of its results will be a heightened awareness of and a more critical stand towards privacy issues among the Dutch. This fact alone was sufficient ground for the panel to unanimously reward the students with a Dutch Privacy Award (incentive prize).
There are four categories in which applicants are awarded:
1. the category of Consumer solutions (from companies for consumers)
2. the category of Business solutions (within a company or business-to-business)
3. the category of Public services (public authorities to citizens)
4. The incentive prize for a ground breaking technology or person.
Out of the various entries, the independent expert panel chose the following nominees per category:
|Consumer solutions:||Business solutions:||Public services:|
|IRMA (I Reveal My Attributes)||TrustTester||Youth Privacy Implementation Plan (municipality of Amsterdam)|
|Schluss||Personal Health Train|
During the National Privacy Conference the nominees have presented their projects to the audience in Award pitches. Thereafter, the Awards were handed out. Click HERE for the entire Award panel report (pdf in Dutch), which includes participation criteria and explanatory notes on all the nominees and winners.
From left to right: Paul Korremans (panel member), Luca van der Kamp (‘referendum student’), Esther Bloemen (Personal Health Train), Nina Boelsums (‘referendum student’), Bas Filippini (panel chairman), Bart Jacobs (IRMA), Arjan van Diemen (TrustTester), Marie-José Hoefmans (Schluss) and Wilmar Hendriks (Youth Privacy Implementation Plan (municipality of Amsterdam). Photo: Maarten Tromp.
National Privacy Conference
The National Privacy Conference is an initiative of ECP (Dutch Platform for the Information Society) and Privacy First. From now on, the conference will bring together once a year Dutch industry, public authorities, the academic community and civil society with the aim to build a privacy-friendly information society. The mission of both the National Privacy Conference and Privacy First is to turn the Netherlands into a guiding nation in the field of privacy. To this end, privacy-by-design is key.
The speakers during the 2018 National Privacy Conference were, in successive order:
Aleid Wolfsen, chairman of the Dutch Data Protection Authority,
Gerrit-Jan Zwenne, professor of Law and the Information Society (University of Leiden),
Jaap-Henk Hoepman, associate professor Privacy by Design (Radboud University Nijmegen),
Ulco van de Pol, chairman of the Amsterdam Data Protection Commission,
Tim Toornvliet, Netherlands ICT,
Lennart Huizing, Privacy Company.
Aleid Wolfsen, chairman of the Dutch Data Protection Authority. Photo: Maarten Tromp.
Panel of the Dutch Privacy Awards
The independent expert Award panel consists of privacy experts from different fields:
• Bas Filippini, founder and chairman of Privacy First (panel chairman)
• Paul Korremans, data protection & security professional at Comfort Information Architects
• Marie-José Bonthuis, owner of IT’s Privacy
• Bart van der Sloot, senior researcher at Tilburg University
• Marjolein Lanzing, PhD Philosophy & Ethics, Eindhoven University of Technology.
In order to make sure that the award process is run objectively, the panel members may not judge on any entry of his or her own organization.
Privacy First organized this first edition of the Dutch Privacy Awards in collaboration with ECP, with the support of the Democracy & Media Foundation and the Adessium Foundation. Would you like to become a partner of the Dutch Privacy Awards? Then please contact Privacy First!
The Dutch citizenry has rejected the new Dutch Intelligence and Security Services Act. This act will now have the be amended. If not, legal action will be pursued.
Historic red line
Wednesday 21 March 2018 is a historic day: for the first time ever, the populace of a nation has spoken out against a law on intelligence services in a referendum. In this referendum, the Dutch had the chance to cast their ballots on the new Dutch Intelligence and Security Services Act, better known as the ‘Tapping law’. By now, it is known that a clear majority is AGAINST the law. Privacy First considers this as a historic victory and hopes that, as a result, similar developments will unfold in other countries: developments that contravene mass surveillance and the creation of controlled societies, and that lead to better legislation with true respect for the liberty of innocent citizens.
Objections against the Tapping law
The main objections of Privacy First against the Tapping law relate to the fact that it authorizes not only large-scale tapping into the Internet traffic and communications of innocent citizens, but also allows for the storage of these data for many years and the unsupervised exchange of these data with foreign secret services. These and other concerns of Privacy First have been listed in alphabetical order. The liberty-restricting Tapping law should not be viewed in isolation, but is part of a wider negative trend, as can be read in a recent column (in Dutch) by Privacy First chairman Bas Filippini.
Right from the very start, Privacy First has supported the organization of the Dutch referendum against the Tapping law. Alongside Privacy First, there are numerous other civil organizations that have been very active over the past few months to inform the citizenry about the Act. Most of the work, however, has been done by the referendum instigators: the students of the University of Amsterdam who, at the end 2017, collected enough signatures to make this referendum possible. For this unique achievement, Privacy First gave them a Dutch Privacy Award at the start of this year. Privacy First has recently called on all political parties at municipal level to take a stand against the Tapping law. Furthermore, through public debates, advertisements and social media and through interviews on the radio, on television and in newspapers, we have been as active as possible to create a critical mass. Moreover, Privacy First organized a public debate about the Tapping law in Amsterdam. It featured various renowned speakers, among them our attorney Otto Volgenant and the Dutch National Coordinator for Counter Terrorism and Security Dick Schoof. This debate (in Dutch) has been broadcasted on NPO Politiek several times and can also be viewed on our website and on YouTube. Even according to advocates of the Tapping law, this referendum was characterized by a substantive discussion among critical and well-informed members of the public. It is also in this regard that the referendum can be called a great success, a bright day for democracy and something that has increased general awareness about privacy in the Netherlands. After today, abolishing the referendum, which is what the Dutch government intends to do, should really be out of the question.
The law should be improved. Otherwise there will be legal action.
The consequences of the Dutch referendum about the Tapping law are clear: the law should be modified and improved immediately. If not, Privacy First and various other plaintiffs (organizations) will start a large-scale lawsuit with the express purpose of having various parts of the Act declared unlawful and rendered inoperative by a judge. In 2015, Privacy First and coalition partners succeeded in suspending the Dutch Data Retention Act in the same way. In recent years, Privacy First has on several occasions warned the Dutch government as well as both houses of Dutch Parliament that a similar lawsuit against the Tapping law would be imminent. The result of the current referendum has bolstered our position enormously. By now, the summons against the government has been prepared and our attorneys are ready to litigate. The choice is up to the government: change course or back down!
"Twelve organizations teamed up to file a lawsuit to stop the implementation of a new data mining law in the Netherlands. The new law was adopted by the Dutch Senate on Tuesday and gives the intelligence services more capabilities to spy on internet traffic on a large scale.
"We trust that the Dutch judges will pull the brake and say: this law goes too far", human rights lawyer Jelle Klaas, who is representing the coalition of organizations in their lawsuit, said to RTL Nieuws. The coalition includes the Public Interest Litigation Project, civil rights organization Privacy First, the Dutch Association of Journalists, the Dutch Association of Criminal Law Attorneys and the Platform for the Protection of Civil Rights.
According to the organizations, this law is a serious violation of Dutch citizens' privacy. The case will first be presented to a Dutch court, who will test it against the European Convention of Human Rights. If the Dutch court rules against the organizations, they will take it to the European Court.
Klaas is currently preparing the case. He expects that the lawsuit will only actually start after the new law is implemented on January 1st, 2018, but he hopes it happens earlier."
Source: http://nltimes.nl/2017/07/12/lawsuit-started-new-dutch-data-mining-law, 12 July 2017.
After numerous lawsuits in various European countries, the decision has finally been made: in a break-through ruling, the European Court of Justice has decided this week that a general requirement to retain telecommunications data (data retention) is unlawful because it is in violation of the right to privacy. This ruling has far-reaching consequences for surveillance legislation in all EU member States, including the Netherlands.
Previous data retention in the Netherlands
Under the 2009 Dutch Data Retention Act, the telecommunications data (telephony and internet traffic) of everyone in the Netherlands used to be retained for 12 months and 6 months, respectively, for criminal investigation purposes. This legislation stemmed from the 2006 European Data Retention Directive. However, in April 2014 the European Court of Justice declared this European Directive invalid because it violates the right to privacy. Subsequently, former Dutch minister of Security and Justice Ivo Opstelten refused to withdraw the Dutch Data Retention Act, after which a broad coalition of Dutch organizations and companies demanded in interim injunction proceedings that the Act would be rendered inoperative. The claimant organizations were the Privacy First Foundation, the Dutch Association of Defence Counsel (NVSA), the Dutch Association of Journalists (NVJ), the Netherlands Committee of Jurists for Human Rights (NJCM), Internet provider BIT and telecommunications providers VOYS and SpeakUp. Boekx Attorneys in Amsterdam took care of the proceedings, and successfully so: rather uniquely (laws are seldomly rendered inoperative by a judge, let alone in interim injunction proceedings), on 11 March, 2015, the Dutch district court in The Hague repealed the entire Act at once. The Dutch government decided not to appeal the ruling, which has been final since then. Consequently, all telecom operators concerned have deleted the relevant data. In relation to criminal investigations and prosecutions, so far this does not seem to have led to any problems.
European Court makes short shrift of mass storage once and for all
Unfortunately, the April 2014 decision of the European Court left some margin for interpretation under which broad, general retention of everyone’s telecommunications data could still be allowed, for example through close judicial supervision before access and use of those data. In a Swedish and a British case about data retention, the European Court has now ensured full clarity in favour of the right to privacy of every innocent person on European territory:
"The Charter of Fundamental Rights of the European Union must be interpreted as precluding national legislation which, for the purpose of fighting crime, provides for general and indiscriminate retention of all traffic and location data of all subscribers and registered users relating to all means of electronic communication’’, the Court judges.
In other words: mass storage of everyone’s data for criminal investigation purposes is unlawful. After all, according to the Court this ‘‘exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society’’.
In conventional language, the Court basically says that such legislation doesn’t belong in a free democracy under the rule of law, but in a totalitatrian dictatorship instead. And this is exactly the raison d'être of the Charter of Fundamental Rights of the European Union (which was inspired by universal human rights), on which the verdict of the Court is based.
Consequences for the Netherlands
Recently the current Dutch minister of Security and Justice, Ard van der Steur, has again presented to the Dutch House of Representatives a legislative proposal to reintroduce a broad, general telecommunications retention Act. Moreover, a similar legislative proposal pending in the Dutch Senate concerns the recognition and retention of number plate codes of all cars in the Netherlands (i.e. everyone’s travel movements and location data). Following the EU Court ruling, both legislative proposals are unlawful in advance on account of violation of the right to privacy. The same goes for planned mass storage of data that flow in and out of the Netherlands through large internet cables under the new Dutch Intelligence and Security Services Act (and the international exchange thereof), the possible future reintroduction of central databases with everyone’s fingerprints, national DNA databases, national records which include everyone’s financial transactions, etc. etc.
Following the EU Court ruling, the Dutch government can draw one conclusion only: both the legislative proposal that regards the new telecommunications retention Act as well as the legislative proposal that relates to the registration on a massive scale of number plate codes, are to be withdrawn this instant. Otherwise Privacy First will again enforce this in court and will do likewise with every other legislative proposal that threathens to violate the right to privacy of innocent citizens on a large scale.
Privacy First wishes you happy holidays and a privacy-friendly 2017!
Privacy First New Year’s column
Looking back on 2016, Privacy First perceives a renewed attack on our democratic constitutional State from within. Incident-driven politics based on the everyday humdrum prevails and the Dutch government’s frenzy efforts to control the masses is relentless, arrogant and driven by industry and political lobbying. The democratic principles of our constitutional State are being lost out of sight ever more while the reversion of legal principles has become commonplace. Every (potential) attack thus becomes an attack on our civil rights.
Current constitutional State unable to defend itself
Barely a single day has gone past in the current mediacracy and governors without any historical or cultural awareness hand us, our children and our future over to a new electronic dictatorship fenced off by 4G masts. Citizens who autonomously seek to inform themselves have become ‘populists that spread fake news’. It’s not just the government that has lost its way, but so have the mainstream media, so it seems. The model characterized by fear, hate and control adopted by many authoritarian states headed by a strong leader is increasingly seen as the way to go.
Privacy First has said it before but will reiterate: we are of the opinion that State terrorists who continuously change legislation restricting civil liberties are ultimately much more harmful to our society than a single ‘street terrorist’, however terrible and shocking an attack is for those directly involved. The galling thing is that our constitutional State cannot adequately defend itself against the erosion of democratic principles from within: among other things, there is a lack of independent review of our Constitution. Therefore we are very happy that the European Court of Justice has recently ruled all forms of trawl net technology unlawful in advance. A great verdict that has far-reaching consequences for the State terrorists among our politicians and civil servants. A clear line in the sand.
Our democratic constitutional State came into existence out of the 19th century way of thinking and will have to be reshaped through a public debate, provided this is done taking into account the basic principles of living together - a human experience that goes back thousands of years. Love, trust en freedom are fundamental pillars. Privacy First discerns a number of changes over the past 150 years to which our constitutional State has no adequate answer, if any answer at all. These changes will have to be integrated into a newly structured democratic constitutional State which will have to be partly parliamentary and partly shared. In other words: the democratic foundation is there, but will have to be adapted to the desires and developments of our time.
Towards a Shared Democracy: adjusting parliamentary democracy to our present time
Privacy First calls on (and challenges, if necessary) every Dutch citizen to participate in a broad public discussion in order to shape a democracy 3.0. After Athens (1.0) and our parliamentary democracy from the 19th century onwards (2.0), in our eyes it’s time for the concept of a Shared Democracy (3.0), which is both a disruptive way of thinking as well as a social model for which we identify seven big drivers that help adjust our current 19th century system. Privacy First notices that these seven drivers are currently undermining our model from the inside and the outside. But by thinking differently, one will find that these pillars also offer an opportunity to move towards a new form for the future: the so-called Shared Democracy.
1. Changing role of the media; towards a mediacracy
Originally, in the 19th century model, the media didn’t yet have the scale and level of outreach today’s media have. The influence of the media has become large to the extent it will have to be one of the pillars of the future Shared Democracy.
2. Changing role of citizens
The enormous financial and social emancipation, the elevated level of education and the individualization of citizens is currently leading to huge tensions in the democracy of parliamentary representation. As part of the old way of thinking, citizens are still regarded as an unassertive, inferior, necessary evil. However, citizens want to have decision-making power on numerous issues and this – supported by the newest technologies and means of communication - will have to be structurally implemented in the Shared Democracy on the basis of various structures of representation and participatory leadership based on personal responsibility, an area in which politics and the government are still falling far behind in their relationship with citizens.
3. Scientific, technological and information revolution
These revolutions create new opportunities and offer an almost real-time insight in the developments and events within society. Moreover, the internet and associated infrastructures enable completely new forms of exchange and marketplaces of ideas and decisions. This happens on a worldwide scale between like-minded people and people who hold different views. Where supply and demand are ill-aligned, new services that have a disruptive effect on old structures pop up. Think of the clear imbalance between citizens and politics. A solution for that problem can be found in completely new and invigorating systems and structures, set up with an open and free attitude, with privacy by design enshrined in legislation and with the application of advanced technology - all elements that distinguishes the Shared Democracy.
4. Unrestrained proliferation of public authorities
The house is ready to move into, but the contractor keeps coming back every day to see whether there are still tasks to be done... likewise our government exerts its influence on our daily life and on today’s economy. The unrestrained proliferation of public authorities has got to stop immediately and the government has to be brought back to normal proportions, in line with a standard that has yet to be established. By now, citizens serve the government instead of the other way around. The power of (central) public authorities is no longer commensurate with those of individual citizens. A key trait of the Shared Democracy will be the size, power and scope of the government.
5. Lifelong professional politicians
Another thing the founders of the 19th century model didn’t take into account (despite the seperation of powers) is the fact that many current (national) representatives are fulltime politicians, some of whom carry out public sector activities quite directly related to their political function. Particularly these latter ones have lost all connection to society and virtually live off taxpayers’ money without any risks. In the Shared Democracy we envisage, we advocate that representatives of citizens make clear choices and are in favour of all possible mixed forms of citizens and representatives in order to create a much larger engagement and responsibility among individual citizens when it comes to being active politically.
6. Financial sector, upscaling and mass control
The centralization and management of financial flows disconnected from the underlying value, erodes both the economy and society. The human dimension is disappearing into the background in upscaling and efficiency models dominated by financial flows. By introducing mantras such as ‘cash is criminal’, paying anonymously is being phased out while bank runs that could endanger and destabilize the system are being prevented. Here too, the web continually gets tighter around citizens and money no longer belongs to them, but to banks and the government. With a view to the future and on the basis of current and future technological possibilities, in the Shared Democracy, ownership relationships and the right to anonymous means of payment will have to be firmly embedded in law.
7. Supranational elite of individuals and companies
One of the effects of globalization is the rise of a large group of supranational companies and individuals that are disconnected from their nation-states and societies, benefitting from the rights they have but not fulfilling the duties that society equally brings along. Now that information and power are concentrated within a few very large, global conglomerates, there are many financial corporations and companies that have become larger than nation-states. The intransparent power of lobbygroups backing these conglomerates thrives under the old, authoritarian pyramid structure of centralized political representation. In the Shared Democracy, special attention will have to go out to democratic shaping and modelling on all levels, while the centralized and decentralized power structures have to be continually in balance and be measurable with the most advanced technology.
How will the Shared Democracy deal with all this? How much more freedom are we prepared to give up for the sake of (false) security? 100% security = 0% freedom. How are we going to restructure our society and democratic system in order to hold on to our principles with the seven drivers of development in mind? And on which scale are we willing to do so?
To better define these questions and look for answers, Privacy First will organize a New Year's Reception on 19 January 2017, at 7:30 pm in the Volkshotel in Amsterdam. The reception (in Dutch) will revolve around the Shared Democracy.
Privacy First encourages everyone to contribute to this new movement towards a Shared Democracy in an open and free debate on all available communication channels!
Privacy First Foundation chairman