Summary proceedings against massive privacy violation by Automatic Number Plate Recognition (ANPR) camera surveillance
Challenging large-scale privacy violations in court has long been Privacy First’s established practice. In recent years, Privacy First has successfully done so against the central storage in the Netherlands of everyone’s fingerprints under the Dutch Passport Act, against the storage of everyone’s communications data under the Dutch Telecommunications Data Retention Act and – in coalition with other parties – against large-scale risk profiling of innocent citizens through the Dutch System Risk Indication (SyRI).
A current and urgent issue that equally merits going to court over, concerns the Dutch legislation on Automatic Number Plate Recognition (ANPR) which applies since 2019 under Art. 126jj of the Dutch Code of Penal Procedure. Under this piece of law, the number plate codes of millions of cars in the Netherlands (i.e. everyone’s travel movements) are stored continuously for four weeks in a central police database for criminal investigation purposes, regardless of whether one is suspected of anything. This is totally unnecessary, completely disproportionate and also ineffective, as was revealed in evaluation reports published today by the Dutch Research and Documentation Center (‘WODC’, part of the Dutch Ministry of Justice and Security). Supervision is lacking and the system can easily be abused, newspaper NRC Handelsblad recently confirmed in its reporting.
Privacy First has therefore prepared a lawsuit to have the ANPR legislation repealed on account of violation of European privacy law. Summary proceedings against the Dutch government will take place at the district court of The Hague on 10 November 2021. Through Pro Bono Connect, Privacy First has engaged CMS as the law firm that will take care of the litigation in this case. Our summons in summary proceedings can be found HERE (pdf in Dutch). If necessary, these preliminary proceedings will be followed by broader proceedings on the merits. After all, there is no doubt that the current ANPR law constitutes a massive privacy violation and simply does not belong in a free democratic society. Considering the relevant European case law, Privacy First deems the likelihood of successful legal action very high.
Case details: Privacy First vs. the State (Dutch Ministry of Justice and Security), Wednesday 10 November 2021 11.00 am, The Hague district court. You are welcome to attend the court hearing. A route description in Dutch can be found here.
Update November 8, 2021: due to Corona restrictions, it appears that the court is only willing to allow two (already registered) visitors at the court hearing. However, due to high public interest, there will be a livestream: https://www.rechtspraak.nl/Organisatie-en-contact/Organisatie/Rechtbanken/Rechtbank-Den-Haag/Nieuws/Paginas/Livestream-rechtszaak-stichting-Privacy-First-tegen-de-Staat.aspx.
Update November 10, 2021: the court hearing took place today; click HERE for our lawyer's pleading (pdf in Dutch). The court's ruling is scheduled for December 1st.
Update December 1, 2021: today the district court of The Hague rendered its judgment. In the judgment, the court first of all established that Privacy First is admissible in this case as a non-profit interest group for the protection of the privacy of all citizens in the Netherlands. This again establishes that Privacy First can conduct these and subsequent legal proceedings in the public interest. Subsequently, however, the court ruled that in these preliminary relief proceedings there was no sufficiently urgent interest. Privacy First finds this judgment incomprehensible, since in the case of a daily massive privacy violation by definition there is an urgent interest to have that violation legally reviewed and to have it stopped. Privacy First will now commence proceedings on the merits against the ANPR legislation and is also considering lodging an urgent appeal against the current judgment with the Court of Appeal of The Hague. In view of relevant European case law, Privacy First still considers the chances of successful legal action exceptionally high.
The ANPR legislation at issue in Privacy First's lawsuit relates to the mass collection and storage of everyone's "historical" ANPR data, also known as "no hits". This should be distinguished from the many years of police practice where license plates of suspects (so-called "hits") can be used for criminal investigations. Dutch media are regularly confused about this as a result of misleading government information, for example on the websites of the Dutch National Police and the Public Prosecution Service. Privacy First regrets such deception and hopes that the media will not be misled by this.
Would you like to support these legal proceedings? Then please consider becoming a donor! Privacy First consists largely of volunteers and is entirely dependent on sponsorship and donations to pursue litigation.
Today an important debate will take place in the Dutch House of Representatives about the introduction of Passenger Name Records (PNR): the large scale, years-long storage of all sorts of data of airline passengers, supposedly to fight crime and terrorism. Privacy First has major objections and at the end of last week has sent the following letter to the House. Today’s parliamentary debate was first scheduled to take place on 14 May 2018, but was cancelled (following a similar letter from Privacy First) until further notice. Following new parliamentary questions, the debate will now take place today after all. Here is the full text of our most recent letter:
Dear Members of the House of Representatives,
On Monday afternoon, this 11 March, you will discuss the Dutch implementation of the European directive on Passenger Name Records (PNR) with minister Grapperhaus (Justice and Security). In Privacy First’s view, both the European PNR directive as well as the Dutch implementation thereof are legally untenable. We shall here briefly elucidate our position.
Under the minister’s legislative proposal concerning PNR, numerous data of every single airline passenger travelling to or from the Netherlands will be stored for five years in a central government database of the new Passenger Information Unit and will be used to prevent, investigate and prosecute crimes and terrorism. Sensitive personal data (such as names, addresses, telephone numbers, email addresses, dates of birth, travel data, ID document numbers, destinations, fellow passengers and payment data) of many millions of passengers will, as a result, become available for many years for the purpose of data mining and profiling. In essence, this means that every airline passenger will be treated as a potential criminal or terrorist. In 99.9% of all cases, however, this concerns perfectly innocent citizens, mainly holidaymakers and business travellers. This is a flagrant breach of their right to privacy and freedom of movement. Last year, Privacy First had already made these arguments in the Volkskrant and on BNR Nieuwsradio. Because of privacy objections, in recent years there has been a lot of political resistance to such large scale PNR storage of data, which has been rejected by both the House of Representatives as well as the European Parliament on several occasions since 2010. In 2015, Dutch ruling parties VVD and PvdA were absolutely opposed to PNR as well. Back then, they called it a ‘holiday register’ and they themselves threatened to take to the European Court of Justice in case the PNR directive would be adopted. However, after the attacks in Paris and Brussels, it seemed that many political restraints had evaporated and in 2016, the PNR directive finally came about after all. Up to now however, the legally required necessity and proportionality of this directive have still to be demonstrated.
In the summer of 2017, the European Court of Justice issued an important ruling with regard to the similar PNR agreement between the EU and Canada. The Court declared this agreement invalid because it violates the right to privacy. Among other things, the Court held that the envisaged agreement must, “limit the retention of PNR data after the air passengers’ departure to that of passengers in respect of whom there is objective evidence from which it may be inferred that they may present a risk in terms of the fight against terrorism and serious transnational crime.” (See Opinion 1/15 (26 July 2017), par. 207.) Ever since this ruling, the European PNR directive is a legal uncertainty. Therefore, the Dutch government has valid ‘‘concerns about the future viability of the PNR directive” (see Note in response to report, p. 23, in Dutch). Privacy First expects that the current PNR directive will soon be submitted to the European Court of Justice for judicial review and will then be declared unlawful. Subsequently, a situation will arise that is similar to the one we have witnessed a few years ago with regard to the European Telecommunications Data Retention Act: as soon as this European directive will be annulled, the Dutch implementing provisions will equally be invalidated in interim injunction proceedings.
The current Dutch PNR legislative proposal seems unlawful a priori because of a lack of demonstrable necessity, proportionality and subsidiarity. The legislative proposal comes down to mass surveillance of mostly innocent citizens; in the 2016 Tele2 case the European Court already ruled that this type of legislation is unlawful. Thereupon the Netherlands pledged before the UN Human Rights Council “to ensure that the collection and maintenance of data for criminal [investigation] purposes does not entail massive surveillance of innocent persons.” The Netherlands now seems to renege on that promise. After all, a lot of completely unnecessary data of every airline passenger will be stored for years and can be used by various Dutch, European and even non-European government agencies. Moreover, the effectiveness of PNR has to date never been demonstrated, the minister himself affirmed: ‘‘There is no statistical support” (see Note in response to report, p. 8, in Dutch). The risk of unjust suspicion and discrimination (due to fallible algorithms used for profiling) under the proposed PNR system is serious, which also increases the likelihood of delays and missed flights for innocent passengers. All the while, wanted persons will often stay under the radar and choose alternative travel routes. Furthermore, the legislative proposal entirely fails to address the role and capabilities of secret services, which will be granted secret and shielded access to the central PNR database under the new Dutch Intelligence and Security Services Act. However, the most questionable aspect of the Dutch PNR legislative proposal is that it goes even two steps further than the European PNR directive itself: After all, it is the Dutch government's own decision to also store the data of passengers on all intra-EU flights. This is not obligatory under the PNR directive, and the Netherlands could have limited this to preselected flights (judged to be at risk) only. This would have been in line with the advice of most experts in this field who argue for targeted actions as opposed to mass surveillance. In other words, to focus on persons with a reasonable suspicion about them, in accordance with the principles of our democracy under the rule of law.
Privacy First Advice
Privacy First strongly advises you to reject the current legislative proposal and to replace it with a privacy-friendly version. In case this will lead to the European Commission referring the Netherlands to the European Court of Justice due to a lack of implementation of the present PNR directive, Privacy First would be confident this would end in a clear victory for the Netherlands. EU Member States simply cannot be expected to implement privacy-violating EU rules. This applies equally to the national implementation of relevant resolutions of the UN Security Council (in this case UNSC Res. 2396 (2017)) which is similarly at odds with international human rights law. In this respect, Privacy First has already warned of the abuse of the Dutch TRIP system (which is also used for PNR) by other UN Member States. In this regard, the Netherlands has its own responsibility under the Dutch Constitution as well as under international law.
Privacy First Foundation
Update 19 March 2019: Regrettably, today the House of Representatives has adopted the legislative proposal almost unchanged; only GroenLinks, SP, PvdD and Denk voted against. Unfortunately, a motion by GroenLinks and SP to provoke legal action by the European Commission against the Dutch government about the PNR directive was rejected. The only bright spot is the widely adopted motion for the judicial reassessment and possible revision of the PNR directive at a European political level. (Only PVV and FvD voted against this motion.) Next stop: the Senate.
Update 4 June 2019: despite sending the above letter for a second time and despite other critical input by Privacy First, the Senate today has unfortunately adopted the legislative proposal. Only GroenLinks, PvdD and SP voted against. Even in spite of the enormous error rates (false positives) of 99.7% that recently came to light in the comparable German PNR system, see https://www.sueddeutsche.de/digital/fluggastdaten-bka-falschtreffer-1.4419760. Meanwhile, large scale cases have been brought against the European PNR directive in Germany and Austria in order for the European Court of Justice to nullify it on account of violations of the right to privacy, see the German-English campaign website https://nopnr.eu and https://www.nrc.nl/nieuws/2019/05/15/burgers-in-verzet-tegen-opslaan-passagiersgegevens-a3960431. As soon as the European Court rules that the PNR directive is unlawful, Privacy First will start interim injunction proceedings in order for the Dutch PNR law to be rendered inoperative. Moreover, yesterday Privacy First has put the PNR law on the agenda of the UN Human Rights Committee in Geneva. On 1 and 2 July 2019, the overall human rights situation in the Netherlands (including violations of the right to privacy) will be critically reviewed by this Committee.
Partly on the initiative of Privacy First, a special Committee of the United Nations will this week in Geneva look into the imminent adoption of Taser weapons among the entire Dutch police force. This adoption possibly contravenes the UN Convention against Torture.
Right to physical integrity
For Privacy First, the right to privacy has always been a broad human rights concept. This includes the right to physical integrity. In recent years, this right has come under increasing pressure, think of preventive frisking on the streets, body scans at airports, DNA databases, the new Organ Donation Act in the Netherlands, discussions about compulsory vaccinations, etc. The right to physical integrity is laid down not only in the European Convention on Human Rights, but is also protected by Article 11 of the Dutch Constitution. At an international level, this right is part of the category of human rights which have the strongest protection. The absolute prohibition of torture and other cruel, inhuman or degrading treatment falls in the same category.
UN Convention against Torture
In international law, torture is in the small category of absolute prohibitions. Other examples within this category are the prohibition of genocide, international aggression (illegal warfare), slavery, racial discrimination, apartheid and piracy. Violation of these norms is always and under all circumstances prohibited. Anyone anywhere in the world who is committing or has committed torture or other cruel, inhuman or degrading treatment or punishment should therefore be prosecuted and extradited. Public officials, ministers, presidents and Heads of State are no exception to this rule. Since 1988, the Netherlands is party to the convention in which this is laid down: the UN Convention against Torture. Every contracting party is periodically reviewed by the treaty monitoring body in Geneva: the UN Committee against Torture. Opinions delivered by this Committee provide authoritative guidance on the application and interpretation of the convention. On Tuesday and Wednesday this week, it will be the Netherlands’ turn to be reviewed (the last time was in 2013): on Tuesday the Netherlands will be questioned by the Committee’s members, after which the Dutch government delegation will provide its answers on Wednesday. Subsequently, the Committee will issue a series a recommendations (‘Concluding Observations’) to the Netherlands.
Taser weapons on the UN agenda
In preparation of the Dutch session and on behalf of a broad coalition of civil society organizations, the Dutch section of the International Commission of Jurists for Human Rights (Nederlands Juristen Comité voor de Mensenrechten, NJCM) has recently sent a so-called 'shadow report' about the Netherlands to the Committee in Geneva. On the initiative of Privacy First, the issue of Taser weapons was expressly put on the agenda, as was the case in 2013. The situation is such that the Dutch government aims to provide every Dutch police officer with his own Taser weapon, media reported only last week. Thus far, only special arrest teams are equipped with Taser weapons. The expectation is that the wider, more general deployment of Taser weapons will lead to structural excesses. In this respect, all scandals with Taser weapons, particularly those in the United States, speak for themselves. In Privacy First’s view, the use of Taser weapons can easily lead to violations of the international prohibition of torture or cruel or inhuman treatment and the associated right to physical integrity. Taser weapons lower the threshold for the use of violence and hardly leave behind any visible traces. By the same token, Taser weapons can cause serious physical and mental damage. This results in serious risks for the Dutch population and for certain vulnerable groups in particular. That’s why our joint shadow report to the Committee emphasizes these risks (see pages 15-16 of the report).
Previous criticism of the UN Committee
Both the Dutch coalition of civil society organizations as well as Amnesty International have requested the UN Committee to cross-examine the Dutch government on this issue and advise the Netherlands not to equip the entire police force with Taser weapons. This is what Privacy First and other parties had already pushed for during the previous session of the UN Committee in 2013. Back then, this led the Committee to issue the following urgent recommendations to the Netherlands:
“The Committee recommends to [the Netherlands], in accordance with articles 2 and 16 of [the Convention against Torture], to refrain from flat distribution and use of electrical discharge weapons by police officers. It also recommends adopting safeguards against misuse and providing proper training for the personnel to avoid excessive use of force. In addition, the Committee recommends that electrical discharge weapons should be used exclusively in extreme limited situations where there is a real and immediate threat to life or risk of serious injury, as a substitute for lethal weapons.” (paragraph 27).
Privacy First is confident the Committee will again come up with critical recommendations.
Update 22 November 2018: yesterday and the day before the Dutch session took place before the UN Committee. Numerous topical issues were critically examined, including Taser weapons. Representatives of Curaçao, Sint Maarten and Aruba emphatically declared that no Taser weapons are used on their islands. This contrasted sharply with the statements made by the representative of the Dutch government (Secretary General Siebe Riedstra of the Ministry of Justice and Security), who barely addressed the issue and merely remarked that the Dutch government will take a decision on the adoption of Taser weapons in 2019. Below are all the relevant audio clips:
Questions by Abdelwahab El Hani on behalf of the UN Committee, 20 November 2018:
(simultaneous interpretation into English)
Answer by Siebe Riedstra on behalf of the Netherlands:
New questions by Abdelwahab El Hani on behalf of the UN Committee, 21 November 2018:
(simultaneous interpretation into English)
Answer by Siebe Riedstra on behalf of the Netherlands:
See also the UN press release about the Dutch session in Geneva, the full video recording (day 1 and day 2) and the verbatim report of proceedings (day 1 and day 2). The UN Committee is expected to present its Concluding Observations about the Netherlands within a few weeks’ time.
Update 7 December 2018: today the UN Committee has issued a number of Concluding Observations to the Dutch government, urging the Netherlands not to equip the entire police force with Taser weapons and to limit their adoption to cases that can be deemed proportionate and strictly necessary. The Committee emphatically cautions against using Taser weapons against vulnerable people. Moreover, the Committee expresses serious concerns about the way Taser weapons have been used by the Dutch police thus far.The entire report by the Committee can be found HERE (pdf). Below is the part concerning Taser weapons (paragraph 42-43):
Electrical discharge weapons (tasers) and pepper spray
42. The Committee notes with concern that despite its previous recommendations against the routine distribution and use of electrical discharge weapons (tasers) by police officers, the State party conducted a pilot testing from February 2017 to February 2018 without clear instructions on their restrictive use. It is particularly concerned at information that during this pilot period, police officers used tasers in situations where there was no real and immediate threat to life or risk of serious injury, including in cases where targeted individuals were already in police custody. It is further concerned about reports of the frequent use of the so-called “stun mode” which is intended to merely inflict pain, and the incidents in which tasers were used against minors as well as persons with mental disabilities in healthcare settings. In addition, the Committee is concerned about information that the use of pepper spray is not regulated fully in line with principles of necessity and proportionality and that the new draft Instructions on the Use of Force is expected to further lower the threshold for using it and to permit its use against vulnerable persons including pregnant women and children (arts. 2, 11 and 16).
43. Recalling the Committee’s previous recommendations (CAT/C/NLD/CO/5-6, para. 27), the State party should:
(a) Refrain from routine distribution and use of electrical discharge weapons by police officers in their day-to-day policing, with a view to establishing a high threshold for their use and avoiding excessive use of force;
(b) Ensure that electrical discharge weapons are used exclusively in limited situations where there is a real and immediate threat to life or risk of serious injury, as a substitute for lethal weapons and by trained law enforcement officers only;
(c) Explicitly prohibit the use of electrical discharge weapons and pepper spray against vulnerable persons, including minors and pregnant women, and in healthcare settings, including mental health institutions, and especially prohibit the use of electrical discharge weapons in the custodial settings;
(d) Ensure that the instructions on the use of electrical discharge weapons and pepper spray emphasize the absolute prohibition of torture and the need to respect the principles of necessity and proportionality, fully in accordance with the Convention and the Basic Principles on the Use of Force and Firearms by Law Enforcement Officials;
(e) Adopt safeguards against misuse of electrical discharge weapons and pepper spray and provide proper training and awareness programmes for the law enforcement personnel;
(f) Monitor and regularly review the use of electrical discharge weapons and pepper spray, and provide the Committee with this information.
Privacy First appreciates the critical opinion and the principled position of the Committee. Not least because it creates a strong precedent for other countries worldwide. Privacy First will ensure that the Dutch government will comply with the Committee’s observations.
Column by Bas Filippini,
Privacy First chairman
The Dutch police is currently running a pilot with Radio Frequency Identification (RFID)-chips in license plates. According to an internal report, fraud with license plates is alleged to be a big problem. A chip which is compulsory for every motorist and which can be read from a distance through a 'read-out portal' at all times on public roads, would supposedly be THE solution. However, Privacy First perceives the setting up of a national control system to track all movements in public space of all 17 million Dutch citizens as a great danger to society. Privacy First finds a compulsory spychip disproportional and unfit for a decent democracy under the rule of law.
A comprehensive electronic control system
Enquiries by Privacy First reveal that the license plate chip is part of a much larger plan to equip all roads in the Netherlands with so-called 'portals' with measurement equipment. These portals would record all cars 24 hours a day and thus the movements of all 17 million citizens in public space. The Dutch Bicycle and Automobile Industry (RAI) Association strongly recommends the use of such a chip in a recently leaked report. Moreover, new regulations, which make chips inside cars compulsory alongside license plate chips, are being prepared by European Parliament. According to the basic concept, over 60 details would be recorded and stored in the European database EUCARIS. The chip should enable immobilizers as well as a digital license plate database, online license plate requests, a European general periodical car inspection and could eventually grow into a European system for travel and residence rights and taxes.
For the time being, the project is traded as a solution for identity fraud and license plate related crimes in order to get citizens 'aboard'. However, in Privacy First's eyes the system is yet another attempt to be able to record citizens in public space, either through the public transport chip card or chips in license plates and/or cars. A license plate chip for all citizens as if it were an ankle bracelet is a dogged principle in the current control oriented way of thinking by the Dutch government and now the European Parliament, too. Which role do Dutch lobbyists outside Dutch parliament play in order to introduce these chips from Dutch manufacturer NXP in all European license plates on the basis of a Europe measure, or, in other words, by way of a political U-turn? Privacy First thinks it's high time for some serious journalistic research into this.
Current license plate issues: facts or suggestions?
Upon enquiry into the real problem, none of the authorities have been able to provide any clarity about the presupposed 40,000 cases of fraud with license plates. Even though it's important for citizens to know if there's a problem, and how substantial this problem is, the figure cannot be confirmed. Therefore, the question is raised whether it's legally justified to introduce such a system. Even in case of an estimated 40,000 license plates (a mere 0.5 per mil of the total) it's dubious whether the privacy of the entire society should be sacrificed. It's also altogether unclear how high the costs of such a system would be, and how high the gains in respect of the current alleged costs of identity fraud and license plate related crimes.
Are there no alternative solutions to 'the problem'? From a recent letter from the Dutch minister of Security and Justice, Ard van der Steur, it emerges that fraud with license plates occurs less frequently already due to measures such as the controlled online management and issuing and returning of license plates, requirements for recognized manufacturers and laminators (laminate code) as well as the obligation to report stolen or lost blank plates or license plates that have not yet been issued. Moreover, in 2000, the system of duplicate codes on license plates was introduced. Furthermore, faulty license plates are entered in the database for Automatic Number Plate Recognition (ANPR) control.
Whether it concerns black boxes, chips for theft prevention in (as of yet only more expensive) cars, eCall for crash analyses (also manufactured by NXP), dashcams, speed checks or the network of ANPR cameras, time and again Privacy First sees a pattern whereby the Dutch government tries to turn the complete recording of travel behaviour of citizens into reality. Now we're about to witness a spychip in every license plate and in every car, through undemocratic EU law – the ICT industry lobbied a number of MEPs in order to circumvent national parliaments – and the central database EUCARIS.
Reasons to opt for free choice and very selective use of a passive chip
Privacy First sees many reasons to not give a control infrastructure the go-ahead:
• A lack of necessity due to the absence of concrete figures regarding the 'alleged problem' and the availability of alternative solution-paths and measures, some of which have already been introduced.
• A complete lack of a cost-benefit analysis of a control infrastructure. The only one benefitting from the system in the short term is the chip manufacturer: in the future, chip manufacturer NXP will spy on you alongside the NSA! Under American surveillance legislation that is.
• The alleged problem is not commensurate with the measure, which is entirely disproportional and in breach of Article 8 ECHR. In the fight against identity fraud with license plates, a passive registration chip suffices and citizens should be able to choose freely whether or not they want to have a RFID license plate.
• The system will enable real-time identification, monitoring and recording of all citizens, including lawyers, journalists, politicians, activists – a very serious privacy infringement
• A central infrastructure and central data storage are particularly susceptible to fraud. If criminals get access to databases containing all the travel and residency data of cars and people in the Netherlands and the rest of Europe, all floodgates will be opened.
• There is a risk of function creep. The tax authorities, police and other law enforcement agencies already have real-time access to systems that have been intended for entirely different purposes, think of systems related to car parks and speed checks.
• Eventually a system like that could be deployed to burden citizens even more in various ways, such as road pricing and other travel & residency taxes and sanction systems, something that is perhaps the underlying thought of this draconian measure. Meanwhile ANPR cameras are used to fine drivers of old diesel cars in inner cities. What's next?
• Permanently recording citizens in public space will lead to self-censorship and an 'apology society' in which citizens have to have an alibi all time to explain what they were doing in a given location and why they were there. Citizens are already pestered by the police and authorities as a result of their travel behaviour – complaints about this reach Privacy First ever more often.
• Finally, an infrastructure like this affects our constitutional democracy by inverting the legal principle that there should be a reasonable suspicion of a criminal offence to be tracked: every citizen would be considered a potential suspect and would be continuously spied on.
An over-zealous control oriented way of thinking by a distrustful government
The policies of the Dutch government are tenaciously moving in one direction only. New technological gadgets are mandatorily deployed to record all citizens and central systems are subsequently linked together. After that, a flawed law and its implementation are being proposed and finally there are talks with privacy organizations and guileless citizens, who are left behind in an electronic prison. Nowadays Big Data, data mining and profiling are the magic words in all government departments. It all concerns 'OPD' (other people's data) anyway, very convenient indeed. In this case we're talking about equipping each car with three chips and implementing and maintaining a comprehensive ICT network on all roads, a market potentially worth billions of euros. And in the relationship that is then being formed between the public and the government, the latter is a distrustful partner that wants to know who the former is communicating with and what its travel movements look like. It also wants to dispose of systems with which errors can be checked, but in the worst case, it deals carelessly with all the data it collects. Such a relation, based on mistrust, certainly isn't sustainable.
The Netherlands, a global pioneer in the field of privacy
Time and again people forget: it's the legitimate task of the government to protect and promote the privacy of its citizens! Privacy First wants the Netherlands to become a global pioneer in the field of privacy with advanced technologies, based on the principles of our constitutional democracy and independent of the misconceptions of the day and our incident-driven political system. After all, this is about a fundamental turnaround in the relationship with the public, something Privacy First is opposed to. We therefore challenge politics, industry and science to turn the Netherlands into THE nation that is at the vanguard of privacy matters while maintaining security, and not the other way around!
A broad coalition of organizations and companies is starting interim injunction proceedings against the Dutch government. The Privacy First Foundation, internet provider BIT, the Dutch Association of Journalists and the Dutch Association of Defence Counsel among others are demanding the abolition of the Dutch Telecommunications Data Retention Act. The Dutch Council of State and the European Court of Justice have already ruled that the Act is in violation of fundamental rights that protect private life, communications and personal data. However, the Dutch government refuses to render the Telecommunications Data Retention Act inoperative.
On 8 April 2014 the European Court of Justice declared the European Data Retention Directive (2006/24/EC) invalid with retroactive effect. According to the Court, retaining communications data of everyone without any concrete suspicion is in violation of the fundamental right to privacy. Objective criteria should be applied to determine the necessity of collection and retention of data and there should be prior control from an independent body or judge. Randomly and unrestrictedly collecting metadata (traffic data) in the context of 'mass surveillance' is not permitted, according to the Court.
In the Netherlands, regulations in this area are enshrined in the Dutch Telecommunications Data Retention Act, which largely mirrors the European Data Retention Directive. The Act provides that telecommunications companies and internet providers have to retain various data regarding internet and telephone usage for at least six and at most twelve months in order for judicial authorities to be able to use those data for criminal investigation purposes. Recently the Dutch Council of State ('Raad van State') judged that the Act does not comply with fundamental rights that protect private life, communications and personal data. However, the Dutch government does not heed the advice of the Council of State and refuses to repeal the Act. Compliance with the Act will be maintained by the government.
Vincent Böhre of Privacy First: "Mass surveillance constitutes a massive violation of citizens' privacy rights. It is unacceptable that the Dutch government clings to this practice after the highest European judge has already clearly stated back in April that this privacy violation is not permitted."
Thomas Bruning, Secretary of the Dutch Association of Journalists: "Telecommunications companies and internet providers are now obliged to retain a vast amount of communications data of all citizens. This includes journalists. Companies have to disclose these data at the request of the government. There is no guarantee whatsoever for the journalistic right of non-disclosure."
"The Dutch regulations are in breach of the applicable European fundamental rights", states Fulco Blokhuis, partner at Boekx Attorneys, who has meanwhile drafted a subpoena. "This situation is as disconcerting as it is undesirable. Maintaining this Act is unlawful, both towards citizens as well as companies who are forced to stay in possession of traffic data."
Alex Bik of internet provider BIT: "When the Dutch government introduced the Act, it hid behind the argument that the introduction was simply imposed upon by Europe, but since the European Data Retention Directive has been repealed with retroactive effect, this argument all of a sudden is no longer deemed valid by the government. That is not right."
Otto Volgenant of Boekx Attorneys: "As the Dutch Minister of Security and Justice, Ivo Opstelten, is unwilling to abolish the Telecommunications Data Retention Act, we will request the court to either render the Act inoperative or to prohibit its application any longer. We will shortly be issuing interim injunction proceedings."
Update 12 January 2015: the interim injunction proceedings against the Dutch government pertaining to the retention of telecommunications data will take place before the district court of The Hague in a public hearing on Wednesday 18 February 2015 at 11:00 hours. Meanwhile, the renowned Netherlands Committee of Jurists for Human Rights (NJCM) has joined the coalition of claimant organizations. Click HERE (pdf, in Dutch) for the subpoena, click HERE for a press release from Boekx Attorneys (in Dutch) and HERE for an article (in Dutch) which appeared on the website of Dutch newspaper Telegraaf this morning.
Update 30 January 2015: yesterday a hearing (roundtable) about the Dutch Data Retention Act took place in the Dutch House of Representatives. Click HERE for a schedule of the hearing (pdf) and HERE (pdf, in Dutch) for the talking points that Privacy First sent to the House of Representatives prior to the hearing (pdf). The lack of necessity and proportionality of the current Data Retention Act were the main topics that were discussed by Privacy First during the roundtable. Other aspects that were raised by Privacy First related to the chilling effect in society as well as the potential for function creep that the Act brings about.
Update 13 February 2015: today, on behalf of the State, the Dutch State Attorney submitted a Statement of Defence; click HERE (pdf in Dutch, 9 MB). The admissibility of the claimant organizations will not be challenged by the Dutch government, the State Attorney told our own attorneys by telephone. Therefore the proceedings will immediately focus on the merits of the case, rather than on procedural requirements. This is a breakthrough development: in similar cases the admissibility of the claimant parties was almost always contested by the State. A crucial lawsuit concerning such admissibility (our Passport Trial against the storage of fingerprints) is currently being conducted by Privacy First against the Dutch government before the Supreme Court of the Netherlands. Privacy First is of the opinion that the recognition of admissibility by the State Attorney in the interim injunction proceedings against the Telecommunications Data Retention Act puts Privacy First in a stronger position for this and future lawsuits that revolve around the right to privacy. Moreover, in times when access to justice of individual citizens in the Netherlands is increasingly under financial pressure, the admissibility of civil society organizations such as Privacy First forms an important safeguard for a well functioning Dutch democracy under the rule of law.
Update 18 February 2015: in front of a full courtroom (many civil servants, citizens, students and journalists were in attendance), today Privacy First et al. crossed swords with the State; click HERE for the plea of our attorneys (pdf in Dutch) and HERE for the pleadings of the State Attorney (pdf, in Dutch). The judge listened carefully but didn't ask any questions. As yet, Wednesday 11 March 2015 has been determined as the date of the judgment.
Update 11 March 2015: in a break-through verdict today, the district court of The Hague has rendered the Dutch Data Retention Act inoperative; click HERE.
"Eine der wichtigsten Errungenschaften der EU ist ohne Zweifel der freie Personenverkehr. Wie frei dieser in Zukunft sein wird, ist allerdings die Frage.
Ende August gab Innenministerin Johanna Mikl-Leitner ihre Absicht bekannt, die Grenzen künftig mit computergesteuerten Kameras zu überwachen. Als Beispiel dient ein ähnliches System an den holländischen Grenzen. Laut Robert Strondl, Abteilungsleiter in der Generaldirektion für öffentliche Sicherheit, soll es demnächst eine Erkundungsmission in die Niederlande geben. „Es ist nicht die Absicht, das System eins zu eins zu übernehmen, sondern wir wollen uns die ‚Goodies' rausholen."
Proteste aus Deutschland
@migo boras heißt das System, das seit einem Jahr die wichtigsten niederländischen Grenzübergänge bewacht. Ein Computerprogramm in der Kamera registriert Kennzeichen, Typus und Passagiere der Fahrzeuge. Wenn es eine Übereinstimmung mit Polizeidaten gibt, wird das Auto angehalten. Nicht nur wegen seines Namens ruft das System Erinnerungen an Orwells Big Brother wach. Ist es Zufall, dass Big Brother auch der Name eines der erfolgreichsten niederländischen Fernsehformate ist? Wie es jetzt aussieht, dürfte @migo boras ein ähnlicher Exportschlager werden, denn auch in Großbritannien und den USA wird die Technologie inzwischen verwendet.
Unumstritten ist das Ganze allerdings nicht. Als die niederländische Regierung ihre Pläne bekannt machte, gab es massive Proteste von deutschen Datenschützern und Politikern, die meinten, dass es gegen das Schengener Abkommen verstoßen würde. Und aus diesem Grund wurde das System in einer abgeschwächten Form eingeführt. So dürfen die Kameras maximal 90 Stunden pro Monat und nicht mehr als sechs Stunden pro Tag eingeschaltet sein. (...)
Nur dumme Verbrecher
Ähnlich sieht es Vincent Böhre von der niederländischen Organisation Privacy First, die sich für den Schutz der Privatsphäre einsetzt. Gegenüber Public meint Böhre, dass nur „dumme Verbrecher" erwischt werden. „Die organisierte Kriminalität passt sich an. Die nehmen Schleichwege oder fahren statt mit rumänischen Kleinbussen mit französischen oder mit deutschen BMWs." Möglicherweise ist das System sogar kontraproduktiv: „Die Gefahr besteht, dass sich die Polizei zu sehr auf die Technik verlässt und viel Zeit verliert mit der Anhaltung von unbescholtenen Bürgern." Den Erfolg bei der Bekämpfung von illegaler Immigration sieht Böhre im Promillebereich: „Das wirft die Frage auf nach der Verhältnismäßigkeit eines Systems, das an die 20 Millionen Euro gekostet hat."
Noch bedenklicher findet er, dass juristische Grundsätze umgekehrt werden: „Früher war es so, dass die Polizei ein Auto nur anhielt, wenn es einen begründeten Verdacht auf ein Verbrechen gab. Bei @migo boras wird automatisch jedes Fahrzeug registriert und mit der Datenbank verglichen." Das Ganze erinnere laut Böhre an eine „militärische Operation". „Eines der größten Probleme des Systems ist aber, dass es keine gesetzliche Grundlage gibt, obwohl das eigentlich der Fall sein sollte bei einer Beschränkung der Privatsphäre."
Eines müssen die Kritiker aber zugeben: Zu einem großen öffentlichen Aufschrei hat @migo boras bisher nicht geführt. Abgesehen von einigen kritischen Zeitungs- und Fernsehberichten konnte die Regierung es quasi durch die Hintertür einführen. Wie bei den traditionellen holländischen Fenstern mit offenen Vorhängen, durch die jeder gleich ins Wohnzimmer blicken kann, haben die Niederländer anscheinend wenige Probleme damit, dass der Staat durch ihr Autofenster schaut. Ohne Zweifel spielt dabei eine Rolle, dass Ereignisse wie die Morde an Pim Fortuyn und dem Filmemacher Theo van Gogh das Gefühl von Sicherheit nachhaltig zerstört haben.
Keine bösartigen Regierungen
Der Journalist Bart de Koning, Autor des Buches „Alles onder controle" („Alles unter Kontrolle"), sieht aber auch tiefere Gründe: „Themen wie Bürgerrechte bekommen hier sehr wenig Aufmerksamkeit. Im Grunde genommen sind die Holländer da ziemlich naiv. Wenn man ihnen sagt, dass es um die Sicherheit geht, nehmen sie leicht eine Beschränkung der Privatsphäre in Kauf." Zu einem Teil würde dies mit der Geschichte zusammenhängen: „Während die Deutschen ihre Erfahrungen mit der Nazizeit und der Stasi gemacht haben, können sich die Holländer noch immer schwer vorstellen, dass der Staat auch bösartig sein kann." (...)
Ein Amigo an jeder Laterne
In dieser Hinsicht können sich die holländischen Datenschützer auf etwas gefasst machen. Vor kurzem kündigte Innenminister Ivo Opstelten seine Pläne an, nicht nur an den Grenzen, sondern an allen Autobahnen die Kennzeichen automatisch registrieren zu lassen und die Daten vier Wochen lang zu speichern. Für Bas Filippini, den Gründer von Privacy First, ist @migo boras nur der Anfang einer unheilvollen Entwicklung: „Ich lebe gerne in einer freien Umgebung und suche selbst meine Freunde aus ... Bald hängt aber an jeder Laterne ein Amigo, der registriert, was wir machen.""
Source: Public (magazine for Austrian municipalities), November 2013, pp. 36-37. Click HERE to read the full article online on the Public website.
Since September 2012, Dutch Minister Ivo Opstelten has been planning to equip the entire Dutch police force with Taser weapons. At the request of the Privacy First Foundation, the Dutch government will have to answer some tough questions about this before the UN Committee against Torture.
One of the most important and most ratified human rights treaties in the world is the 1984 United Nations Convention against Torture. Under this Convention, torture is prohibited under all circumstances. Anyone who is guilty of torture anywhere in the world is to be prosecuted or extradited. This also applies to civil servants, ministers, presidents and heads of State. The Netherlands has been a party to the UN Convention against Torture since 1988. Periodically, every country that has ratified the Convention is examined by the supervisory treaty body in Geneva: the UN Committee against Torture (CAT). This upcoming Tuesday and Wednesday it's the Netherlands' turn to come under CAT's scrutiny: on Tuesday the Netherlands will be cross-examined by the Committee on various issues, after which the Dutch delegation will come up with answers on Wednesday. Subsequently, the Committee will make a number of critical recommendations (''Concluding Observations'') to the Netherlands.
In preparation of the Dutch session, the Privacy First Foundation, the Dutch National Human Rights Institute (College voor de Rechten van de Mens) and the Dutch section of the International Commission of Jurists (Nederlands Juristen Comité voor de Mensenrechten, NJCM) have recently sent so-called 'shadow reports' about the Netherlands to the Committee in Geneva. Both Privacy First and NJCM emphatically raised the issue of Taser weapons for the Dutch police. Privacy First did so through a special letter to the Committee: click HERE. In this letter Privacy First draws the Committee's attention to the intention of the Dutch Minister of Security and Justice Mr. Ivo Opstelten to soon supply every Dutch police officer with his/her own Taser weapon. (Currently 'only' the arrest teams of the Dutch police force are equipped with Taser weapons.) In the view of Privacy First, the use of Taser weapons can easily lead to a violation of the international ban on torture as well as the related right to physical integrity, which in turn is part of the right to privacy. Taser weapons lower the treshold for police violence and hardly leave behind any scars. At the same time Taser weapons can inflict serious physical damage and mental harm. In conjunction with the current lack of firearms training for Dutch police officers, this produces serious risks for the Dutch population. Therefore we have requested the Committee to critically examine the Netherlands about this and to advise against introducing Taser weapons for the entire Dutch police force. Last Friday, Privacy First was notified from Geneva that the UN Committee will indeed critically examine this issue. This week Privacy First will keep you up-to-date of the latest developments.
Update 13 May 2013, 23.00h: a livestream of the Dutch session can be viewed online HERE (Tuesday 10am-3pm, Wednesday 3pm).
Update 14 May 2013, 15.00h: Today the Dutch delegation in Geneva (under the chairmanship of the Dutch Permanent Representative to the UN) was critically questioned by the Committee on various issues, among which... Tasers. The Dutch answers will follow tomorrow afternoon at 15.00h. Below are the relevant parts both in text as well as in mp3:
Committee member Nora Sveaass (Norway): "I then want to bring the attention to something that I've been informed of, namely that the State [of the Netherlands] is planning on a pilot of using Taser weapons as a regular weapon within the police force. And the pilot is supposed to take place, I understand, the last half of this year, so it's probably just around the corner. This Committee has on many different occasions warned against the use of Tasers, both in special situations and especially as a regular weapon to all the police, as I understand the plans are. And there are a lot of reasons for this, I won't go into the detail, because these have been described both by this Committee and by a lot of others, because, first of all, health reasons, physical as well as psychological. So I would hope that you would rethink and perhaps change the decision of implementing a pilot and also doing it in practice."
Committee member Fernando Mariño Menéndez (Spain): "I'm also concerned by the decision that we've heard about to generalize the use of Tasers by all regular police officers, as just referred to by Mrs. Sveaass, that the Tasers will be used as an [armament] for standard use across the Kingdom of the Netherlands. That's our understanding, perhaps we're wrong, perhaps there is a special protocol governing the use of Tasers. Our position as a Committee is that Tasers shouldn't be used at all. If they are to be used, and this seems to be dangerous, then they need to be used in very specific cases and properly regulated. We'd like to know what's happening in the Kingdom of the Netherlands."
Update 14 May 2013, 16.45h: This afternoon Privacy First employee Vincent Böhre was interviewed about this topic on Dutch radio station FunX. You can listen to the entire interview (in Dutch) here:
Update 15 May 2013: This afternoon the Netherlands had the opportunity to answer the questions that were asked by the UN Committee yesterday. In the audio file below you can hear how the Dutch Permanent Representative to the UN in Geneva denies and downplays the Dutch plans concerning Taser weapons. For the Committee members this was no reason to tone down or withdraw their critical remarks made yesterday. Therefore, Privacy First expects the Committee to express sharp criticism on the Dutch Taser plans in its Concluding Observations that are soon to be issued. Tonight the Committee already published a press release about the Dutch session; click HERE.
Update 16 May 2013: An integral video registration of both session days of the UN Committee is online HERE. The Concluding Observations of the Committee about the Netherlands will follow on Friday afternoon 31 May 2013 (June 3rd at the latest), Privacy First was told by telephone from Geneva today.
Update 22 May 2013: as a result of the Dutch session before the UN Committee last week, Dutch opposition party D66 today has posed a series of critical Parliamentary questions to Minister Opstelten; click HERE (in Dutch).
Update 31 May 2013: As predicted earlier by Privacy First and as reported tonight by Dutch television news program EenVandaag, the UN Committee against Torture has issued a negative statement today about Minister Opstelten's plans to equip the entire Dutch police force with Taser weapons:
"The Committee is concerned about the pilot plan to be reportedly launched to distribute electrical discharge weapons to the entire Dutch police force, without due safeguards against misuse and proper training for the personnel. The Committee is concerned that this may lead to excessive use of force (arts. 2, 11 and 16). The Committee recommends to the State party, in accordance with articles 2 and 16 of the Convention, to refrain from flat distribution and use of electrical discharge weapons by police officers. It also recommends adopting safeguards against misuse and providing proper training for the personnel to avoid excessive use of force. In addition, the Committee recommends that electrical discharge weapons should be used exclusively in extreme limited situations where there is a real and immediate threat to life or risk of serious injury, as a substitute for lethal weapons." (para. 27. Click HERE for the entire document.)
The Privacy First Foundation hopes that this negative stance by the UN Committee will lead to a reconsideration and withdrawal of the Dutch plans to equip every Dutch police officer with a Taser weapon. Privacy First also hopes that the announced pilot will not be executed.
From the response to Parliamentary questions (in Dutch) it emerged this week that there is no specific legal basis for the secret use of drones by police in the
Without a specific legal basis in accordance with Article 8 paragraph 2 ECHR, every police drone constitutes an inadequate means of criminal investigation that shouldn't be used. Therefore the use of such drones should be suspended with immediate effect. In individual criminal cases, it is up to the judge to exclude information gathered with police drones from legal proceedings as it concerns unlawfully obtained evidence.
Privacy First hereby makes an urgent appeal to the Dutch House of Representatives to institute a moratorium on the further use of drones. Such a moratorium should only be lifted after a broad democratic debate has taken place and the use of drones has been properly regulated. In case the current Dutch situation will continue to be politically tolerated, Privacy First reserves the right to enforce a moratorium in court.
"Die niederländische Polizei hat seit 2009 in 132 Fällen Drohnen eingesetzt, um unterschiedliche Straftaten zu klären oder Lagebilder zu erstellen. Die Verfolgung von Fluchtautos mit Kameras und das Aufspüren von Cannabis-Plantagen mit Wärmekameras bildeten dabei die Mehrzahl der Einsätze. Dies geht aus Angaben des niederländischen Infrastruktur- und Innenministeriums hervor, das allerdings Details zu den Drohnen-Einsätzen verweigerte. Das findet der anfragende Abgeordnete Gerard Schouw von der Partei D66 untragbar: Der Drohneneinsatz müsse öffentlich kontrollierbar sein und eine rechtliche Grundlage haben.
Gegenüber dem niederländischen Programm von RTL erklärte Schouw, dass ohne genaue Auskünfte und Kontrollmöglichkeiten der Einsatz von Drohnen in einer Grauzone stattfinde. "Aus welcher Entfernung werden da unschuldige Bürger gefilmt? Niemand hat eine Ahnung, was da passiert."
Unterstützung erhielt Schouw von der niederländischen Datenschutzorganisation Privacy First. Deren Anwalt Vincent Böhre erklärte, dass die Kameraüberwachung mit Drohnen eine Überwachungstechnik ist, die nach dem niederländischen Recht nicht erlaubt sei.
Ähnlich äußerte sich der Jurist Leon Wecke von der Universität Radboud. "Wir werden überall von Kameras verfolgt. Nun sind es auch noch Drohnen, denen wir uns nicht bewusst sind." Dies sei eine Verletzung der Privatsphäre, erklärte Wecke gegenüber dem Internet-Nachrichten Nu.nl. Drohnen bedürften daher einer eigenständigen gesetzlichen Regelung, betonte Wecke. Zu den Drohneneinsätzen soll es in Arnhem, Amsterdam, Almere und Rotterdam gekommen sein. Wegen fortlaufender technischer Probleme soll die Amsterdamer Polizei ihre Drohnen inzwischen außer Dienst gestellt haben.
In Deutschland hatten zuletzt die Grünen auf einer Fachtagung über den Einsatz von Drohnen diskutiert und dabei über Polizeidrohnen ebenso wie über Militärdrohnen gesprochen. Die Videos dieser Tagung sind mittlerweile online verfügbar."
Source: Heise Online, 23 March 2013.
"The police are increasingly using unmanned aircraft in their efforts to track down criminals in the Netherlands, leading to MPs' questions about the privacy implications.
Drones - small helicopters equipped with cameras - are used to trace burglars and getaway cars as well as illegal marijuana plantations. For example, Harlingen borrowed two drones from the defence ministry last year after a spate of burglaries in the Frisian town.
Since 2009, drones have been used in at least 40 areas, the AD reported on Monday. In total, they were in the air on at least 132 different days.
D66 parliamentarian Gerard Schouw has asked the justice ministry to explain the implications of the use of drones on privacy.
'I understand they can be useful, but they need to have a basis in law,' he is quoted as saying by RTL news. 'How closely can innocent citizens be filmed. No-one has a clue what they are filming.'
Lawyer Vincent Böhre from the Privacy First foundation said the use of drones is illegal because the flights are not made public.
'It is a form of camera supervision which is not allowed under Dutch law,' he told the broadcaster. The use of drones also infringes European privacy laws, he said.
Amsterdam city council said earlier this year it had grounded its two €29,000 drones because of continuing technical problems."
Source: Expatica.com (Netherlands), 18 March 2013.