On 31 May 2012 the Netherlands will once again be examined in Geneva by the highest human rights body in the world: the United Nations Human Rights Council. The UN Human Rights Council was founded in 2006 and consists of 47 of the 192 UN Member States. Since 2008 the human rights situation in each country is periodically reviewed. This procedure takes place every four years for each UN Member State and is called ‘Universal Periodic Review’ (UPR). During the first UPR session in 2008 it was straight away the Netherlands’ turn to be examined and our country was in fact heavily criticized. In 2011 the privacy situation in the Netherlands is even worse compared to 2008: enough ground for Privacy First to raise a number of issues with the UN. Privacy First did so last night through a so-called shadow report: a report in which NGOs can voice their concerns on a particular issue. (For such reports strict requirements with the Human Rights Council apply, among which a limit of 2815 words.) Without shadow reports, diplomats in the Council are not able to do their work properly. Otherwise they would of course be dependent on the State report of the Netherlands itself. So Privacy First presented its own report with the following recommendations:
• No national biometric database, not even in the long run;
• No introduction of mobile fingerprint scanners;
• Introduction of a truly anonymous OV-chipkaart (Public Transport chip card);
• No introduction of Automatic Number Plate Recognition (ANPR) as currently envisaged;
• Transparency and suspension of the new border control system @MIGO;
• A voluntary, regional instead of national Electronic Health Record System with 'privacy by design';
• Proper legislation concerning the profiling of citizens.
You can download our entire report HERE. We hope that our recommendations will be accepted in the Human Rights Council and will lead to an international exchange of best practices. Privacy First is happy to keep you informed on these developments.
Update 23 March 2012: this week the long-awaited Dutch UPR State report for the Human Rights Council appeared. Moreover, the shadow report by the Dutch section of the International Commission of Jurists (Dutch abbreviation: NJCM) that was presented earlier (also on behalf of 24 other NGOs) became public. The NJCM report contains a very critical section on privacy in which – parallel to the recommendations of Privacy First – among other things, a call for the abrogation of the current plans concerning ANPR and mobile fingerprint scanners is made; see pp. 6-7 of the NJCM report. Relevant reports by other organisations can be found HERE.
Official preparatory work for the Dutch State report has seen two consultation meetings with Dutch civil society (NGOs) at the Dutch Ministry of the Interior (Dutch abbreviation: BZK) in recent months. During the first meeting on 1 December 2011, Privacy First insisted on incorporating a separate section about privacy in the State report. During the second meeting on 16 January 2012, Privacy First requested an explicit mention of ‘privacy by design’ in that very section. BZK responded positively to both requests. However, the privacy section in the State report appears to be relatively short, superficial and elusive. It is telling that this section is part of the chapter ‘Challenges and constraints’. This gives the impression of a defensive attitude. What’s even more telling is the following sentence: ‘‘The challenge will now be to ensure that all these [privacy infringing] measures are implemented.’’ Apparently the Dutch State is not sure where it stands... And rightly so. The mere positive points are the mention of ‘privacy by design’, the report by the Dutch Scientific Council for Government Policy called iOverheid (iGovernment) and the following passage:
"In addition, partly in response to concerns expressed in Parliament, certain policy measures that impact on privacy are currently being modified, as for example the discontinuation of the storage of fingerprint data on national ID-cards and within the passport database."
Privacy First interprets this passage as an international declaration (unilateral statement) from the Netherlands to stop the storage of fingerprints on ID-cards and in its travel document administration once and for all. Privacy First is keen to continue reminding the government of this.
Update 5 April 2012: the international lobbying surrounding the UPR session of the Netherlands on 31 May 2012 is in full swing, both at foreign embassies in The Hague as well as within the permanent representations of UN Member States in Geneva. In this context an important 'UPR pre-session' took place yesterday morning in Geneva where various international human rights organisations had the opportunity to voice their concerns about the Netherlands in front of a broad audience of foreign diplomats. Click HERE for an impression of the meeting about the Netherlands. The statement by Privacy First during this meeting can be found HERE and can also be downloaded on the website of the Dutch Human Rights Institute under incorporation.
Update 21 April 2012: Based on all shadow reports (among which that of Privacy First) that the UN received at the end of 2011, an official UN summary has in the meantime been drawn up in Geneva. This ‘summary of stakeholders’ information’ can be found HERE. Apart from Privacy First, the NJCM (also on behalf of the Dutch Platform for the Protection of Civil Rights / Platform Bescherming Burgerrechten), Bits of Freedom, the Dutch Data Protection Authority, Vrijbit and the Dutch Contact Point on Abuse of Mandatory Identification (Meldpunt Misbruik Identificatieplicht) all sent their privacy worries to Geneva in writing; all these reports will soon appear on this UN page. As far as Privacy First is aware, this has not occurred on this scale before. Therefore, for the first time in history the privacy theme figures prominently in a UN report about the Netherlands, as a matter of fact more prominent than is the case in other summaries, for example the one on the United Kingdom. Furthermore, it’s striking that the UN cites a passage about profiling from the Privacy First report: ‘‘digital profiles can be extremely detailed and profiling can easily lead to discrimination and 'steering' of persons in pre-determined directions, depending on the 'categories' their profiles 'fit into' and without the persons in question being aware of this.’’ (UN summary, para. 65). All of this can rightly be called a breakthrough that will hopefully bear fruit during the upcoming session on 31 May 2012.
Update 23 May 2012: In recent months Privacy First has had a series of useful conversations with foreign diplomats in Geneva and The Hague. Meanwhile a number of so-called ‘advance questions’ by UN Member States have appeared on the UPR website of the UN. Among them is the following question by the United Kingdom to the Netherlands: ‘‘Given recent concerns about data collection and security, including the unintended consequences of cases of identity theft, does the Netherlands have plans for measures to ensure more comprehensive oversight of the collection, use and retention of personal data?’’ (Source) Privacy First looks forward with confidence to further questions by UN Member States about Dutch privacy perils.