Privacy-wise these are turbulent times. Partly because of the pressure by Privacy First, a positive change is ongoing since last year. Privacy is higher up on the Dutch political agenda. Dutch media more often and more extensively report on privacy matters. This enhances privacy awareness among the Dutch population. It also reinforces our democratic constitutional State. Examples of positive developments are the abandonment of the electronic toll system (no ‘espionage units’ in cars), voluntary instead of compulsory ‘smart energy meters’, voluntary instead of compulsory body-scans at airports, abandonment of the storage of fingerprints under the Dutch Passport Act and the introduction of Privacy Impact Assessments for new legislation that invades the privacy of citizens. All of these developments go hand in hand with Privacy First’s motto: ‘‘your choice in a free society’’. Meanwhile, privacy restricting forces from the old days still have their say. Bad habits die hard. In recent months this became particularly obvious through developments towards a private restart of the Dutch Electronic Health Record (Elektronisch Patiëntendossier, EPD). Earlier this year the Senate had rightly binned the EPD. Apparently some policy makers and commercial parties are having none of this. With similar stubbornness others are currently trying to press through their old plans for Automatic Number Plate Recognition (ANPR) and camera surveillance along the Dutch border. These plans were already on the drawing board years ago, in a time in which privacy increasingly seemed to become a taboo. A time in which the American Bush administration was able to burden the entire European Union with biometric passports and associated databases. That time is over, but the heritage of that era still exerts its influence to this day...
In the meantime privacy is back where it once was. Privacy is the ‘‘new green.’’ In that respect advocates of the national EPD and ANPR are behaving like a bunch of old environmental polluters. They’re like rusty old factories from the 70s being teletransported to the year 2011, without them realizing it. The Dutch House of Representatives seemed to have a good sense for this when last week it unanimously accepted a motion about something that Privacy First has been emphasizing since its foundation: ‘‘Privacy by Design’’. In other words, incorporating privacy from scratch in a technical sense, at the micro level, through Privacy Enhancing Technologies (PET). In the view of Privacy First, however, the principle of ‘‘Privacy by Design’’ also applies to the meso- and macro-levels. That is to say, in an organizational and legislative sense. After all, this is the way you get to a privacy-friendly design as well as a privacy-friendly reality of a sustainable information society as a whole. Well, you can pursue your own line of thoughts here. As a source of inspiration Privacy First is pleased to provide the entire text of the parliamentary motion:
The House of Representatives,
on the advice of the deliberation,
considering that in ICT projects of the government there is too little attention for the protection of privacy and too little attention for the prevention of abuse of these systems;
considering that the privacy of citizens is not to be invaded any more than is strictly necessary and that insecure systems can put privacy in danger;
considering that systems that can easily be hacked seriously affect the reputation of government;
considering that modifying systems to safeguard privacy and enhancing security afterward, is usually more expensive and more often leads to a lower level of protection compared to when privacy and security are prerequisites from the outset of the project;
requests the government to apply privacy by design and security by design in the development of all new ICT projects in order for new ICT systems to be more secure and better prepared against abuse and only to contain privacy-sensitive information when strictly necessary,
and proceeds to the order of the day.