"A judge scrapped the Netherlands' data retention law Wednesday, saying that while it helps solve crimes it also breaches the privacy of telephone and Internet users.

The ruling followed a similar decision in April by the European Union's top court that wiped out EU data collection legislation it deemed too broad and offering too few privacy safeguards.

The Security and Justice Ministry said it was considering an appeal.

Under the Dutch law, telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients' Internet use for six months.

The written judgment by Judge G.P. van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes" but added that this could not justify the privacy breaches the law entails.

The judge did not set a deadline for disposing of the data.

Privacy First, one of the organizations that took the government to court, said the ruling "will bring to an end years of massive privacy breaches" in the Netherlands.

The government said after last year's European court ruling that it would amend its law.

In a written statement, the Security and Justice Ministry said it regretted the court's decision.

"Providers are no longer required to store data for investigations," the statement said. "The ministry is seriously concerned about the effect this will have on fighting crime.""

Source: http://thechronicleherald.ca/business/1274008-judge-overturns-dutch-data-retention-legislation, 11 March 2015.

"A Dutch court Wednesday handed a victory to privacy advocates by striking down a data-retention law that gives the government easy access to telecommunication data.

The District court of The Hague said the law, which requires telecom providers to collect and store data for as long as 12 months, violates citizens' right to privacy and the right to protection of personal data. "The judge finds that this violation is not limited to what is strictly necessary," it said.

The ruling, which can still be appealed, is a blow to the Dutch government, which said the law was important to fight terrorism and organized crime. But it is a victory for privacy advocates, journalists and criminal lawyers in the Netherlands who argued that the law was unconstitutional because data are kept regardless of whether citizens are a suspect or not.

A spokesman for the Dutch ministry of Security and Justice wasn't immediately available to comment on the ruling.

The court's decision is effective immediately, which means that telecommunication companies are no longer obligated to store and collect data.

Most of the big providers weren't immediately available for comment, with some saying their legal experts need time to assess the implications.

"There are multiple layers in this ruling. We need to know how we should interpret it," a Tele2 spokesman said.

The lawsuit was the latest in a decade of legal challenges to data-retention across Europe. First adopted under an European Union directive dating to 2006, such rules generally require telecom providers to collect and store data about their users' mobile phone traffic and location for as long as two years.

But in several countries, including Germany, data-retention laws have since been tossed out on privacy grounds. And last spring, the European Union Court of Justice, the bloc's highest court, struck down the underlying directive requiring countries to implement the rules in the first place, saying it didn't have sufficient safeguards for individual's right to privacy.

In the Netherlands, where a data-retention law was enacted in 2009, the Dutch government has shown reluctance to scrap the law for security reasons. (...)"

Source: http://blogs.wsj.com/digits/2015/03/11/dutch-court-strikes-down-countrys-data-retention-law/, 12 March 2015.

"A judge scrapped the Netherlands' data retention law Wednesday, saying that while it helps solve crimes it also breaches the privacy of telephone and Internet users.

The ruling by a judge in The Hague followed a similar decision in April by the European Union's top court that wiped out EU data collection legislation it deemed too broad and offering too few privacy safeguards.

The Security and Justice Ministry said it was considering an appeal.

Under the Dutch law, telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients' Internet use for six months.

The written judgment by Judge G.P. van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes" but added that this could not justify the privacy breaches the law entails.

The judge did not set a deadline for disposing of the data.

Privacy First, one of the organizations that took the government to court, said the ruling "will bring to an end years of massive privacy breaches" in the Netherlands.

The government said after last year's European court ruling that it would amend its law.

In a written statement, the Security and Justice Ministry said it regretted the court's decision.

"Providers are no longer required to store data for investigations," the statement said. "The ministry is seriously concerned about the effect this will have on fighting crime.""

Source: http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11415850, 12 March 2015.

"A judge in the Netherlands has struck down a Dutch law that forces local telcos to store customer internet and phone metadata.

The law is similar to legislation being proposed by the Abbott government.

The ruling by a judge in The Hague on Wednesday followed a similar decision in April by the European Union's top court that wiped out EU data collection legislation it deemed too broad and offering too few privacy safeguards.

The judge said that while the metadata retention law helped solve crimes, it also breached the privacy of telephone and internet users.

The Dutch Justice and Security Ministry said it was considering an appeal.

Under the Dutch law, telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients' internet use for six months.

The written judgment by Judge G. P. van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes" but added that this could not justify the privacy breaches the law entails.

The judge did not set a deadline for disposing of the data.

The ruling follows Australian Communications Minister Malcolm Turnbull telling the bosses of news organisations concerned about journalists' sources being exposed that Australia's data retention bill was being overblown as an issue.

The government wants the bill legislated by the end of this month.

The minister, who began meeting the bosses this week, said his message to them was that law enforcement and security authorities already had access to metadata and there were no exemptions for journalists.

"The only thing the data retention law is requiring is that types of metadata which are currently retained will be retained in the future for at least two years," Mr Turnbull told ABC Radio on Wednesday.

"This whole metadata retention issue has been overblown by a lot of people; the changes are not as substantial as people make out."

The Dutch ruling also comes as Prime Minister Tony Abbott's office began offering briefings to media organisations with Australian Federal Police officials in an attempt to calm their concerns. The briefings are being arranged for several of Australia's most prominent media bosses before they front an inquiry examining the protection of journalists' sources on March 20, where they are expected to oppose Australia's data retention laws on the basis that they will result in journalists' sources being exposed in leak investigations.

The media bosses' concerns follow Britain rushing through guidelines for access to journalists' metadata after it was revealed that more than 600 applications in a three-year period were made for journalists' metadata by 19 different law enforcement agencies.

The Australian Federal Police has repeatedly refused to provide Fairfax Media with similar figures in Australia and recently refused to divulge the figure under freedom of information laws to another publication.

In the 2013-14 financial year, there were more than 500,000 disclosures of metadata to various agencies, including Centrelink, the Tax Office, Australia Post and traditional policing agencies.

Critics have described the Australian proposal as unnecessary, not proportionate, and a privacy violation.

The Australian journalists' union, the Media, Entertainment and Arts Alliance, said it would have a "chilling effect" on reporting.

But Mr Turnbull said the two-year retention period was vital for investigating crime and terrorism.

After the Dutch ruling, Privacy First, one of the organisations that took the Dutch government to court, said the ruling would "bring to an end years of massive privacy breaches" in the Netherlands.

In a written statement, the Dutch Justice and Security Ministry said it regretted the court's decision.

"Providers are no longer required to store data for investigations," the statement said. "The ministry is seriously concerned about the effect this will have on fighting crime.""

Source: http://www.smh.com.au/digital-life/consumer-security/dutch-do-a-uturn-on-metadata-laws-20150312-141rkl.html, 12 March 2015.

"A Dutch court has scrapped a national data retention law. The judge ruled that, although saving metadata might help solve crimes, it certainly breached the privacy of telephone and Internet users.

A court in the Netherlands struck down a law requiring telecoms and Internet service providers to store their clients' private phone and email data, saying it breached EU privacy rules. The decision took effect immediately on Wednesday, but officials announced that the Security and Justice Ministry could appeal.

"The judge ruled that data retention is necessary and effective to combat serious crime," according to the district court in The Hague. "Dutch legislation, however, infringes on the individual's right to privacy and the protection of personal data." The court added that "the law therefore contravenes the Charter of Fundamental Rights of the European Union."

The law had previously required telephone companies in the Netherlands to store information about all fixed and mobile calls for a year. Internet providers had to store information on their clients' use for six months.

In April 2014, the European Court of Justice struck down a 2006 EU law forcing telecoms to store electronic metadata - the time, date, duration and destination of communiques, but not the content - for up to two years. The practice was ruled to be invasive, despite the claimed anti-terror potential. Advocate General Pedro Cruz Villalon had declared the 2006 legislation illegal and told the European Union's 28 member states to take the necessary steps to withdraw it.

'Far-reaching crime'

The written ruling by Gerard van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes," but, the judge added, this could not justify the privacy breaches that the law entails. The judge did not set a deadline for disposing of the data.

According to Privacy First, one of seven organizations that took the government to court last month, the ruling "will bring to an end years of massive privacy breaches." The Dutch Association of Journalists was also a party to the suit.

After last year's ruling in the EU court, the government had announced that it would amend its law. However, in a written statement released on Wednesday, officials from the Security and Justice Ministry criticized the court's decision.

"Providers are no longer required to store data for investigations," the officials complained in the statement. "The ministry is seriously concerned about the effect this will have on fighting crime."

The extent to which governments and corporations monitor private individuals has risen to the forefront in the wake of a series of documents released since 2013 by the American intelligence whistleblower Edward Snowden. According to the latest report, New Zealand has monitored neighbors in the Asia-Pacific region. A new anti-terror law in China requires that foreign corporations allow the government to access their data.

The Wikimedia Foundation has sued the US National Secutiry Agency over its mass surveillance of private individuals. And consumer advocates have lashed out at large corporations that harvest personal data for commercial purposes."

Source: http://www.dw.de/in-hague-court-rules-for-dutch-tech-privacy-advocates/a-18308553, 11 March 2015.

"A judge scrapped the Netherlands' data retention law Wednesday, saying that while it helps solve crimes it also breaches the privacy of telephone and Internet users.

The ruling by a judge in The Hague followed a similar decision in April by the European Union's top court that wiped out EU data collection legislation it deemed too broad and offering too few privacy safeguards.

The Security and Justice Ministry said it was considering an appeal.

Under the Dutch law, telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients' Internet use for six months.

The written judgment by Judge G.P. van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes" but added that this could not justify the privacy breaches the law entails.

The judge did not set a deadline for disposing of the data.

Privacy First, one of the organizations that took the government to court, said the ruling "will bring to an end years of massive privacy breaches" in the Netherlands.

The government said after last year's European court ruling that it would amend its law.

In a written statement, the Security and Justice Ministry said it regretted the court's decision.

"Providers are no longer required to store data for investigations," the statement said. "The ministry is seriously concerned about the effect this will have on fighting crime.""

Source: http://abcnews.go.com/Technology/wireStory/court-scraps-dutch-data-retention-law-cites-privacy-29551938, 12 March 2015.

"Judge in The Hague says country's regime for retaining telephone and internet users helps to solve crime but is too intrusive.

A judge has scrapped the Netherlands' data retention law, saying that while it helps solve crime it also breaches the privacy of telephone and Internet users.

The ruling by a judge in The Hague followed a similar decision in April by the European Union's top court that wiped out EU data collection legislation it deemed too broad and offering too few privacy safeguards.

The Dutch security and justice ministry said it was considering an appeal.

Under the Dutch law telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients' internet use for six months.

The written judgment by Judge GP van Ham conceded that scrapping the data storage "could have far-reaching consequences for investigating and prosecuting crimes" but added that this could not justify the privacy breaches the law entailed.

The judge did not set a deadline for disposing of the data.

Privacy First, one of the organisations that took the government to court, said the ruling "will bring to an end years of massive privacy breaches" in the Netherlands.

The Dutch government said after last year's European court ruling that it would amend its law. In a written statement the security and justice ministry said it regretted the court's decision.

"Providers are no longer required to store data for investigations," the statement said. "The ministry is seriously concerned about the effect this will have on fighting crime."

Data retention has been a heated issue in light of Edward Snowden's revelations about the activities of the National Security Agency in the US and its affiliates overseas.

In Australia, a key US intelligence ally, the government is currently considering its own data retention package, which would store certain types of Australians' phone and web data for two years.

Privacy concerns have been raised and a lengthy political debate has ensued amid confusion within the government itself over how far the laws would extend or what would be retained. But the bill is now closer to passing with the support of a parliamentary committee involving both major parties.

The government in Canberra has agreed to hold a separate hearing into the issues of law enforcement agencies access to journalists' metadata, and news outlets will appear before a parliamentary hearing on 20 March."

Source: http://www.theguardian.com/technology/2015/mar/12/data-retention-netherlands-court-strikes-down-law-as-breach-of-privacy, 12 March 2015.

"The Dutch data retention law requiring telecommunications operators and ISPs to store customer metadata for police investigations was scrapped by the District Court of the Hague on Wednesday.

The court found that the law violates fundamental European Union privacy rights. The question remains though whether the law should be inactivated indefinitely, as the case can be appealed by the Dutch state, a court spokesman said. However, pending the outcome of any possible legal procedures the law will remain inactive, he said.

The Dutch Ministry of Security and Justice declined to comment as it was still studying the verdict.

The law suspended by the court was based on the EU's Data Retention Directive, which was invalidated by the Court of Justice of the EU (CJEU) last year, also because it violated fundamental privacy rights.

Despite that ruling though, the Dutch government decided in November last year to largely maintain its national data retention law on the grounds that it "is indispensable for the investigation and prosecution of serious criminal offenses." Only a few adjustments were made, which mainly tightened who had access to what data and under what circumstances.

Not satisfied with that approach, a broad coalition of organizations, including Privacy First, the Dutch Association of Criminal Defense Lawyers, the Dutch Association of Journalists, the Dutch Section of the International Commission of Jurists, ISP BIT and telecom companies VOYS and SpeakUp, sued the government in January to get the law invalidated.

The court, ruling in their favor, criticized the overly broad scope of the law in its verdict.

Data retention rules were introduced after terror attacks in London and Madrid in 2004 and 2005 with the aim of fighting serious crime. However, the Dutch law also allowed law enforcement to retrieve data in the case of a bicycle theft, the court noted. And while the government promised not to use the law lightly, the fact remains that the opportunity to do so exists and there are no safeguards to effectively restrict access to information to what is strictly necessary for the fight against only serious crime, the court found.

What's more, under the scrapped law, access to data is not subject to a prior review by a court or independent administrative authority, the court said. Thus, the law violates articles 7 and 8 of the Charter of Fundamental Rights of the EU, which cover the right to a private life and the protection of personal data.

While the inactivation of the law may have profound implications for the investigation and prosecution of criminal offenses, that does not justify the persistence of the infringement, the court said.

The verdict probably means that ISPs and telecom companies can now stop retaining data, but when or whether they will do so is unclear. BIT did not immediately respond to a request for comment. A spokesman for Dutch ISP XS4ALL said the company can probably stop retaining data and delete existing records but wants the legal department to make absolutely sure it can before it will do so.

The Netherlands is not the only country where a law based on the EU Data Retention Directive was invalidated. A similar law was axed by the Constitutional Court of Austria in the wake of the CJEU ruling, for example, while Germany's data retention law was ruled unconstitutional long before the CJEU ruling.

In Sweden, meanwhile, the government maintains that the national data retention law can still be applied. And in the U.K., a new data retention law was rushed through by the U.K. government in December, replacing the one that was based on the EU directive. That new law will be reviewed by the country's High Court though to determine if it violates human rights."

Source: http://www.pcworld.com/article/2895356/dutch-court-scraps-telecommunications-data-retention-law.html, 11 March 2015.

Today the district court of The Hague has rendered the Dutch Data Retention Act inoperative in a break-through verdict. The judge did so at the request of the Privacy First Foundation and six other organizations. This puts an end to a massive privacy violation that lasted for years: retaining the telecommunications data of everyone in the Netherlands for criminal investigation purposes, which made every Dutch citizen a potential suspect.

Broad coalition of civil society organizations

Under the 2009 Dutch Data Retention Act, the telecommunications data (telephony and internet traffic) of everyone in the Netherlands had to be retained, for 12 months and 6 months respectively, for criminal investigation purposes. In interim injunction proceedings against the Dutch government, a broad coalition of civil society organizations demanded the Act to be rendered inoperative as it violated the right to privacy. The claimant organizations were the Privacy First Foundation, the Dutch Association of Defence Counsel (NVSA), the Dutch Association of Journalists (NVJ), the Netherlands Committee of Jurists for Human Rights (NJCM), Internet provider BIT and telecommunications providers VOYS and SpeakUp. The case was conducted by Boekx Attorneys (Amsterdam).

Stubborn minister

According to the claimant parties, the Dutch Data Retention Act constituted a violation of fundamental rights that protect privacy, communications and personal data. This was also the view of the European Court of Justice in April last year, followed by the Dutch Council of State (Raad van State), the Dutch Data Protection Authority (College Bescherming Persoonsgegevens) and the Dutch Senate (Eerste Kamer). However, former Dutch minister of Security and Justice, Ivo Opstelten, refused to withdraw the Act. Opstelten wanted to uphold the Act until a legislative change was implemented, which could have taken years. The district court in The Hague has now made short shrift of the Act by repealing it immediately.

Data retention is unlawful

On 8 April 2014, the European Court of Justice declared the EU Data Retention Directive entirely and retroactively unlawful. The Dutch Data Retention Act was almost identical to this invalid directive. According to the European Court, retaining the telecommunications data of everyone, without any well-founded suspicion, is in breach of the fundamental right to privacy. Randomly and unrestrictedly collecting 'metadata' in the context of mass surveillance is not permitted, according to the Court.

Important precedent

Privacy First is committed to maintaining and strengthening everyone's right to privacy, if necessary by filing lawsuits against the Dutch government. The Dutch Data Retention Act was an excellent cause for doing so, says Vincent Böhre of Privacy First: "This mass surveillance constituted a massive violation of the right to privacy of every Dutch citizen. It was unacceptable that minister Opstelten clinged to this practice after the highest European court had already clearly stated back in April that this privacy violation was not permitted. Privacy First works to promote a society in which innocent citizens are not burdened by the idea of constantly being watched. The judgment of the court in The Hague is an important step in that direction."

Privacy First expects Dutch telecommunications providers to comply with the judgment and stop retaining everyone's telecommunications data for criminal investigation purposes. In case the Dutch government decides to appeal the judgment, then Privacy First is confident about the outcome of proceedings before the Hague Court of Appeal.

The original judgment in Dutch can be found HERE. Click HERE (pdf) for an unofficial English translation on the website of the Interdisciplinary Internet Institute.

Published in Litigation

A broad coalition of organizations and companies is starting interim injunction proceedings against the Dutch government. The Privacy First Foundation, internet provider BIT, the Dutch Association of Journalists and the Dutch Association of Defence Counsel among others are demanding the abolition of the Dutch Telecommunications Data Retention Act. The Dutch Council of State and the European Court of Justice have already ruled that the Act is in violation of fundamental rights that protect private life, communications and personal data. However, the Dutch government refuses to render the Telecommunications Data Retention Act inoperative.

On 8 April 2014 the European Court of Justice declared the European Data Retention Directive (2006/24/EC) invalid with retroactive effect. According to the Court, retaining communications data of everyone without any concrete suspicion is in violation of the fundamental right to privacy. Objective criteria should be applied to determine the necessity of collection and retention of data and there should be prior control from an independent body or judge. Randomly and unrestrictedly collecting metadata (traffic data) in the context of 'mass surveillance' is not permitted, according to the Court.

In the Netherlands, regulations in this area are enshrined in the Dutch Telecommunications Data Retention Act, which largely mirrors the European Data Retention Directive. The Act provides that telecommunications companies and internet providers have to retain various data regarding internet and telephone usage for at least six and at most twelve months in order for judicial authorities to be able to use those data for criminal investigation purposes. Recently the Dutch Council of State ('Raad van State') judged that the Act does not comply with fundamental rights that protect private life, communications and personal data. However, the Dutch government does not heed the advice of the Council of State and refuses to repeal the Act. Compliance with the Act will be maintained by the government.

Vincent Böhre of Privacy First: "Mass surveillance constitutes a massive violation of citizens' privacy rights. It is unacceptable that the Dutch government clings to this practice after the highest European judge has already clearly stated back in April that this privacy violation is not permitted."

Thomas Bruning, Secretary of the Dutch Association of Journalists: "Telecommunications companies and internet providers are now obliged to retain a vast amount of communications data of all citizens. This includes journalists. Companies have to disclose these data at the request of the government. There is no guarantee whatsoever for the journalistic right of non-disclosure."

"The Dutch regulations are in breach of the applicable European fundamental rights", states Fulco Blokhuis, partner at Boekx Attorneys, who has meanwhile drafted a subpoena. "This situation is as disconcerting as it is undesirable. Maintaining this Act is unlawful, both towards citizens as well as companies who are forced to stay in possession of traffic data."

Alex Bik of internet provider BIT: "When the Dutch government introduced the Act, it hid behind the argument that the introduction was simply imposed upon by Europe, but since the European Data Retention Directive has been repealed with retroactive effect, this argument all of a sudden is no longer deemed valid by the government. That is not right."

Otto Volgenant of Boekx Attorneys: "As the Dutch Minister of Security and Justice, Ivo Opstelten, is unwilling to abolish the Telecommunications Data Retention Act, we will request the court to either render the Act inoperative or to prohibit its application any longer. We will shortly be issuing interim injunction proceedings."

Update 12 January 2015: the interim injunction proceedings against the Dutch government pertaining to the retention of telecommunications data will take place before the district court of The Hague in a public hearing on Wednesday 18 February 2015 at 11:00 hours. Meanwhile, the renowned Netherlands Committee of Jurists for Human Rights (NJCM) has joined the coalition of claimant organizations. Click pdfHERE (pdf, in Dutch) for the subpoena, click HERE for a press release from Boekx Attorneys (in Dutch) and HERE for an article (in Dutch) which appeared on the website of Dutch newspaper Telegraaf this morning.

Update 30 January 2015: yesterday a hearing (roundtable) about the Dutch Data Retention Act took place in the Dutch House of Representatives. Click pdfHERE for a schedule of the hearing (pdf) and pdfHERE (pdf, in Dutch) for the talking points that Privacy First sent to the House of Representatives prior to the hearing (pdf). The lack of necessity and proportionality of the current Data Retention Act were the main topics that were discussed by Privacy First during the roundtable. Other aspects that were raised by Privacy First related to the chilling effect in society as well as the potential for function creep that the Act brings about.

Update 13 February 2015: today, on behalf of the State, the Dutch State Attorney submitted a Statement of Defence; click pdfHERE (pdf in Dutch, 9 MB). The admissibility of the claimant organizations will not be challenged by the Dutch government, the State Attorney told our own attorneys by telephone. Therefore the proceedings will immediately focus on the merits of the case, rather than on procedural requirements. This is a breakthrough development: in similar cases the admissibility of the claimant parties was almost always contested by the State. A crucial lawsuit concerning such admissibility (our Passport Trial against the storage of fingerprints) is currently being conducted by Privacy First against the Dutch government before the Supreme Court of the Netherlands. Privacy First is of the opinion that the recognition of admissibility by the State Attorney in the interim injunction proceedings against the Telecommunications Data Retention Act puts Privacy First in a stronger position for this and future lawsuits that revolve around the right to privacy. Moreover, in times when access to justice of individual citizens in the Netherlands is increasingly under financial pressure, the admissibility of civil society organizations such as Privacy First forms an important safeguard for a well functioning Dutch democracy under the rule of law.

Update 18 February 2015: in front of a full courtroom (many civil servants, citizens, students and journalists were in attendance), today Privacy First et al. crossed swords with the State; click pdfHERE for the plea of our attorneys (pdf in Dutch) and pdfHERE for the pleadings of the State Attorney (pdf, in Dutch). The judge listened carefully but didn't ask any questions. As yet, Wednesday 11 March 2015 has been determined as the date of the judgment.

Update 11 March 2015: in a break-through verdict today, the district court of The Hague has rendered the Dutch Data Retention Act inoperative; click HERE.

Published in Litigation
Page 3 of 4

Our Partners

logo Voys Privacyfirst
logo greenhost
logo platfrm
logo AKBA
logo boekx
logo brandeis
 
 
 
banner ned 1024px1
logo demomedia
 
 
 
 
 
Pro Bono Connect logo
Procis

Follow us on Twitter

twitter icon

Follow our RSS-feed

rss icon

Follow us on LinkedIn

linked in icon

Follow us on Facebook

facebook icon