The Dutch government and Parliament aim to quickly introduce the privacy-violating Tapping law. A coalition of privacy advocates will start interim injunction proceedings to prevent this from happening.

Implementation of unaltered Tapping law imminent

In recent months, there has been a thorough public debate in the Netherlands about the new Dutch Intelligence and Security Services Act, the so-called ‘Tapping law’. In a referendum that was held on 21 March 2018, a majority of the Dutch citizenry voted AGAINST this act. In response to this, the Dutch government has promised only a few minor, superficial policy changes as well as a few non-fundamental legislative amendments. Both the Dutch government and the House of Representatives have with full intent pushed for a prompt entry into force of the Tapping law in its unaltered form, as per 1 May to be exact. The envisaged legislative amendments will be presented by the government only after the summer. Regrettably, a motion to postpone the implementation of the Tapping law until after these legislative amendments have been discussed, was yesterday repealed by the House of Representatives. With that, it seems Parliament has had its say and it is now again up to society to make a move.

Interim injunction proceedings

It is Privacy First’s established policy to try to prevent massive privacy violations. Unmistakeably, the implementation of the current Tapping law is a massive privacy breach, because as a result of it, there will be large-scale tapping into the Internet traffic of innocent citizens and, moreover, the data of innocent citizens will be exchanged with foreign secret services without first being evaluated. This is a blatant violation of the right to privacy. Therefore, we cannot wait for any possible legislative amendments that serve to ‘rectify retrospectively’. After all, by that time the violations will have already occurred. Today, a coalition of Privacy First and various other civil organizations and companies urge the government to postpone the introduction of the Tapping law (or at least those parts of it that constitute the gravest privacy violations) until all legislative amendments have been discussed in Parliament. In case the government refuses this request, our coalition will not hesitate to start interim injunction proceedings in order to enforce the postponement of the Tapping law before court.

Broad coalition

Alongside Privacy First, the coalition that has been created for these proceedings is comprised of the Netherlands Committee of Jurists for Human Rights (NJCM), Bits of Freedom, the Dutch Association of Criminal Defence Lawyers (NVSA), the Dutch Platform for the Protection of Civil Rights, Free Press Unlimited, BIT, Voys, Speakup, Greenpeace International, Waag Society and Mijndomein Hosting. The case is taken care of by Boekx Attorneys and is coordinated by the Public Interest Litigation Project (PILP) of the Netherlands Committee of Jurists for Human Rights. Apart from said interim injunction proceedings, since March 2017 Privacy First and other organizations are preparing a larger scale lawsuit in order for multiple parts of the Tapping law to be declared unlawful as it contravenes international and European privacy law.

Today, on behalf of the coalition, our attorneys will send a letter to the Dutch government (the ministers of the Interior and Defence) requesting the postponement of the implementation of the Tapping law. The government will have the opportunity to respond to this request until Friday, 20 April.


Update 20 April 2018: the government has rejected the appeal of the coalition. The coalition will now continue preparing interim injunction proceedings.

Update 17 May 2018: today the coalition summons has been sent to the Dutch state attorney; click HERE for the full version (pdf in Dutch). The summary proceedings will take place at the District Court of The Hague on Thursday 7 June 2018, 10.00 am - 12.00 pm CET.

Update 7 June 2018: this morning the hearing took place before the District Court of The Hague; click HERE for the pleading of our attorneys (pdf in Dutch). The court is expected to deliver a ruling on Tuesday, 26 June 2018.

Update 26 June 2018: to the great disappointment of Privacy First, today the District Court of The Hague has unfortunately rejected the case. Find the complete ruling (in Dutch) HERE. From a legal point of view, the bar was set high in these interim injunction proceedings: in order to be able to win our case, the judge had to declare the Tapping law ‘unequivocally ineffective’ on account of blatant (unequivocal) violation of international or European privacy law. However, the court ruling reads like a foregone conclusion in favor of the State, not least because various objections of our coalition have remained unidentified. That being said, it needs to be stressed (as the court itself does too), that this ruling constitutes only a preliminary opinion and that a thorough (‘full’) review was lacking in this case.

The coalition of organizations that has initiated these proceedings regrets the judgment. In view also of the result of the referendum, the coalition is of the opinion that the government should have waited to introduce the contested parts of the Tapping law until the parliamentary legislative process in response to the referendum is finished. Introducing the Tapping law unchanged on 1 May 2018 before proposing amendments at a later stage (after the summer) is and remains incorrect.

The coalition will soon discuss possible follow-up legal action.

Published in Litigation

The Dutch citizenry has rejected the new Dutch Intelligence and Security Services Act. This act will now have the be amended. If not, legal action will be pursued.

Historic red line

Wednesday 21 March 2018 is a historic day: for the first time ever, the populace of a nation has spoken out against a law on intelligence services in a referendum. In this referendum, the Dutch had the chance to cast their ballots on the new Dutch Intelligence and Security Services Act, better known as the ‘Tapping law’. By now, it is known that a clear majority is AGAINST the law. Privacy First considers this as a historic victory and hopes that, as a result, similar developments will unfold in other countries: developments that contravene mass surveillance and the creation of controlled societies, and that lead to better legislation with true respect for the liberty of innocent citizens.

Objections against the Tapping law

The main objections of Privacy First against the Tapping law relate to the fact that it authorizes not only large-scale tapping into the Internet traffic and communications of innocent citizens, but also allows for the storage of these data for many years and the unsupervised exchange of these data with foreign secret services. These and other concerns of Privacy First have been listed in alphabetical order. The liberty-restricting Tapping law should not be viewed in isolation, but is part of a wider negative trend, as can be read in a recent column (in Dutch) by Privacy First chairman Bas Filippini.

Successful referendum

Right from the very start, Privacy First has supported the organization of the Dutch referendum against the Tapping law. Alongside Privacy First, there are numerous other civil organizations that have been very active over the past few months to inform the citizenry about the Act. Most of the work, however, has been done by the referendum instigators: the students of the University of Amsterdam who, at the end 2017, collected enough signatures to make this referendum possible. For this unique achievement, Privacy First gave them a Dutch Privacy Award at the start of this year. Privacy First has recently called on all political parties at municipal level to take a stand against the Tapping law. Furthermore, through public debates, advertisements and social media and through interviews on the radio, on television and in newspapers, we have been as active as possible to create a critical mass. Moreover, Privacy First organized a public debate about the Tapping law in Amsterdam. It featured various renowned speakers, among them our attorney Otto Volgenant and the Dutch National Coordinator for Counter Terrorism and Security Dick Schoof. This debate (in Dutch) has been broadcasted on NPO Politiek several times and can also be viewed on our website and on YouTube. Even according to advocates of the Tapping law, this referendum was characterized by a substantive discussion among critical and well-informed members of the public. It is also in this regard that the referendum can be called a great success, a bright day for democracy and something that has increased general awareness about privacy in the Netherlands. After today, abolishing the referendum, which is what the Dutch government intends to do, should really be out of the question.

The law should be improved. Otherwise there will be legal action.

The consequences of the Dutch referendum about the Tapping law are clear: the law should be modified and improved immediately. If not, Privacy First and various other plaintiffs (organizations) will start a large-scale lawsuit with the express purpose of having various parts of the Act declared unlawful and rendered inoperative by a judge. In 2015, Privacy First and coalition partners succeeded in suspending the Dutch Data Retention Act in the same way. In recent years, Privacy First has on several occasions warned the Dutch government as well as both houses of Dutch Parliament that a similar lawsuit against the Tapping law would be imminent. The result of the current referendum has bolstered our position enormously. By now, the summons against the government has been prepared and our attorneys are ready to litigate. The choice is up to the government: change course or back down!

Published in Law & Politics

"Twelve organizations teamed up to file a lawsuit to stop the implementation of a new data mining law in the Netherlands. The new law was adopted by the Dutch Senate on Tuesday and gives the intelligence services more capabilities to spy on internet traffic on a large scale.

"We trust that the Dutch judges will pull the brake and say: this law goes too far", human rights lawyer Jelle Klaas, who is representing the coalition of organizations in their lawsuit, said to RTL Nieuws. The coalition includes the Public Interest Litigation Project, civil rights organization Privacy First, the Dutch Association of Journalists, the Dutch Association of Criminal Law Attorneys and the Platform for the Protection of Civil Rights.

According to the organizations, this law is a serious violation of Dutch citizens' privacy. The case will first be presented to a Dutch court, who will test it against the European Convention of Human Rights. If the Dutch court rules against the organizations, they will take it to the European Court.

Klaas is currently preparing the case. He expects that the lawsuit will only actually start after the new law is implemented on January 1st, 2018, but he hopes it happens earlier."

Source: http://nltimes.nl/2017/07/12/lawsuit-started-new-dutch-data-mining-law, 12 July 2017.

On November 2nd 2016, the Dutch House of Representatives will address a controversial legislative proposal that will introduce four week storage of the travel movements of all motorists in the Netherlands. In case both chambers of Dutch Parliament adopt this proposal, Privacy First will try to overturn this in court.

Large scale breach of privacy

It is Privacy First’s constant policy to challenge large scale privacy violations in court and have them declared unlawful. Privacy First successfully did so with the central storage of everyone’s fingerprints under the Dutch Passport Act and the storage of everyone’s communications data under the Dutch Telecommunications Retention Act. A current and similar legislative proposal that lends itself for another major lawsuit is legislative proposal 33542 (in Dutch) of the Dutch Minister of Security and Justice, Ard van der Steur, in relation to Automatic Number Plate Recognition (ANPR). Under this legislative proposal, the number plate codes of all motorists in the Netherlands, i.e. everyone’s travel movements, will be collected through camera surveillance and stored for four weeks in police databases for criminal investigation purposes. As a result, every motorist will become a potential suspect. This is a completely unnecessary, wholly disproportionate and ineffective measure. Therefore the proposal is in breach of the right to privacy and thus unlawful.

Old proposal

The current ANPR legislative proposal was already submitted to the Dutch House of Representatives in February 2013 by the then Minister of Security and Justice, Ivo Opstelten. Before that, in 2010, Opstelten’s predecessor Hirsch Ballin had the intention to submit a similar proposal, albeit with a storage period of 10 days. However, back then the House of Representatives declared this subject to be controversial. Opstelten and Van der Steur have thus now taken things a few steps further. Due to privacy concerns, the parliamentary scrutiny of this proposal was at a standstill for several years, but now seems to be reactivated and even reinforced through a six-fold increase of the proposed retention period, courtesy of the ruling parties VVD and PvdA.

Data haystack

Under current Dutch national law, ANPR data of innocent citizens must be erased within 24 hours. In the eyes of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP), all number plate codes that are not suspect (so-called ‘no-hits’) are to be removed from relevant databases immediately. Van der Steur’s plan to also store the number plate codes of unsuspected citizens for four weeks directly flies in the face of this. VVD and PvdA are even willing to increase this retention period to six months. The inevitable consequence, a haystack of data, would constitute a blatant violation of the right to privacy of every motorist. Any possible judicial oversight of the use of these data would do nothing to alter this.

UN Human Rights Council

In recent years, Privacy First has repeatedly expressed this position to both the House of Representatives (standing committee on Security and Justice) as well as to relevant MPs personally. Privacy First has also made its stance clear in personal meetings with Minister Opstelten (July 2012) and Minister Van der Steur (July 2014, at that time still a VVD MP). Moreover, Privacy First has recently raised this issue with the United Nations. In May 2017, the Dutch government can be held accountable for this at the UN Human Rights Council in Geneva.

Lawsuit

In case both the House of Representatives and the Dutch Senate will adopt the ANPR legislative proposal in its current form, Privacy First (in a broad coalition together with other civil organizations) will immediately summon the Dutch government in order to render the law inoperative on account of violation of the right to privacy. If necessary, Privacy First and co-plaintiffs will litigate all the way up to the European Court of Human Rights in Strasbourg. Considering the European and Dutch case law on the subject, Privacy First rates its chances of legal success very high.


Update 20 December 2018: today the Dutch government has announced that the ANPR Act will enter into force on 1 January 2019. The summary proceedings of Privacy First against the ANPR Act will soon take place at the District Court of The Hague.

Published in Litigation

Mass storage of fingerprints violates the right to privacy 

Following the Court of Appeal of The Hague, today the Dutch Council of State (Raad van State) judged that municipal (‘decentral’) storage of fingerprints under the Dutch Passport Act is unlawful on account of violation of the right to privacy. The Council of State reached this conclusion in seven administrative law cases of Dutch individual citizens (supported by civil organization Vrijbit). At the start of 2014, the Court of Appeal of The Hague handed down a similar ruling in the civil Passport case by the Privacy First Foundation and 19 (other) citizens against the Dutch government. Subsequently however, our Passport trial was declared inadmissible by the Dutch Supreme Court and was redirected to the administrative judge: the Dutch Council of State. Privacy First then submitted its entire case file to the Council of State in order to reinforce the individual passport cases pending before this body. The Council of State (the supreme administrative court of the Netherlands) now rules similar to the way the Court of Appeal of The Hague has done before. Notwithstanding the later inadmissibility before the Supreme Court, the ban on the storage of everyone’s fingerprints in databases thus stands firm once again.

Faulty judgement and procedure

As was the case with the previous judgement by the Court of Appeal of The Hague, Privacy First regrets that the Council of State was unwilling to declare the storage of fingerprints unlawful on strictly principal grounds (that is, because of a lack of societal necessity, proportionality and subsidiarity), but merely on the basis of technical imperfections. Therefore, Privacy First will advise the concerned citizens to keep on litigating all the way up to the European Court of Human Rights (ECtHR) in Strasbourg. Considering the existing Strasbourg case law, there is a high likeliness that the Netherlands will still be condemned on principal grounds on account of violation of the right to privacy (art. 8 European Convention on Human Rights, ECHR). Privacy First also expects a condemnation on account of violation of the right of access to justice and an effective legal remedy (art. 6 and 13 ECHR). After all, civil litigation against the Dutch Passport Act proved to be impossible, and administrative legal action was possible only indirectly after the rejection of individual requests for new passports or ID cards (in case the applicants refused to have their fingerprints taken). In order to obtain their current victory before the Council of State, these citizens thus have had to get by for years without passports or ID cards, with all the problems and risks this entailed.

Exceptions for conscientious objectors

In today’s judgement, the Council of State also decided that the compulsory taking of two fingerprints for a new passport applies equally to everyone and that there can be no exceptions for people who do not want to have their fingerprints taken out of conscientious objections. Privacy First is doubtful whether this verdict will stand the scrutiny of the ECtHR. Apart from a violation of the right to privacy, it seems this decision is also in breach of the freedom of conscience (art. 9 ECHR). The fact that the European Passport Regulation does not include such an exception is irrelevant as this Regulation is subordinate to the ECHR.

RFID chips and facial scans

Privacy First also deplores the fact that the Council of State was not prepared to make a critical assessment of the risks of Radio Frequency Identification (RFID) chips (which include sensitive personal data that can be read remotely) in passports and ID cards. The same goes for the compulsory storage of facial scans in municipal databases. But these aspects, too, can still be challenged in Strasbourg.

Municipalities’ own responsibility

A small ray of hope in the judgement by the Council of State is that municipalities and mayors have their own responsibility to respect human rights (including the right to privacy) independently, even if this means independently refraining from applying national legislation because it violates higher international or European law:

"Insofar as the mayor claims that there is no possibility to deviate from the provisions (laid down in national law), the [Council of State] holds that pursuant to Article 94 of the [Dutch] Constitution, current statutory provisions within the Kingdom [of the Netherlands] do not apply if such application is not compatible with any binding provisions of treaties and of resolutions of international organizations.’’ (Source in Dutch, paragraph 6.)

This decision by the Council of State applies to all domains and could have far-reaching consequences in the future.

New ID cards for free

The ruling of the Council of State entails that for applications of new ID cards, fingerprints have been taken (and stored) on a massive scale but without a legal basis since 2009. Accordingly, Privacy First advises everyone in the possession of an ID card with fingerprints to change it (if desired) at his or her municipality for a free new one without fingerprints. If municipalities refuse to offer this service, Privacy First reserves the right to take new legal steps in this regard.

Published in Litigation

After numerous lawsuits in various European countries, the decision has finally been made: in a break-through ruling, the European Court of Justice has decided this week that a general requirement to retain telecommunications data (data retention) is unlawful because it is in violation of the right to privacy. This ruling has far-reaching consequences for surveillance legislation in all EU member States, including the Netherlands.

Previous data retention in the Netherlands

Under the 2009 Dutch Data Retention Act, the telecommunications data (telephony and internet traffic) of everyone in the Netherlands used to be retained for 12 months and 6 months, respectively, for criminal investigation purposes. This legislation stemmed from the 2006 European Data Retention Directive. However, in April 2014 the European Court of Justice declared this European Directive invalid because it violates the right to privacy. Subsequently, former Dutch minister of Security and Justice Ivo Opstelten refused to withdraw the Dutch Data Retention Act, after which a broad coalition of Dutch organizations and companies demanded in interim injunction proceedings that the Act would be rendered inoperative. The claimant organizations were the Privacy First Foundation, the Dutch Association of Defence Counsel (NVSA), the Dutch Association of Journalists (NVJ), the Netherlands Committee of Jurists for Human Rights (NJCM), Internet provider BIT and telecommunications providers VOYS and SpeakUp. Boekx Attorneys in Amsterdam took care of the proceedings, and successfully so: rather uniquely (laws are seldomly rendered inoperative by a judge, let alone in interim injunction proceedings), on 11 March, 2015, the Dutch district court in The Hague repealed the entire Act at once. The Dutch government decided not to appeal the ruling, which has been final since then. Consequently, all telecom operators concerned have deleted the relevant data. In relation to criminal investigations and prosecutions, so far this does not seem to have led to any problems.

European Court makes short shrift of mass storage once and for all

Unfortunately, the April 2014 decision of the European Court left some margin for interpretation under which broad, general retention of everyone’s telecommunications data could still be allowed, for example through close judicial supervision before access and use of those data. In a Swedish and a British case about data retention, the European Court has now ensured full clarity in favour of the right to privacy of every innocent person on European territory:

"The Charter of Fundamental Rights of the European Union must be interpreted as precluding national legislation which, for the purpose of fighting crime, provides for general and indiscriminate retention of all traffic and location data of all subscribers and registered users relating to all means of electronic communication’’, the Court judges.

In other words: mass storage of everyone’s data for criminal investigation purposes is unlawful. After all, according to the Court this ‘‘exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society’’.

In conventional language, the Court basically says that such legislation doesn’t belong in a free democracy under the rule of law, but in a totalitatrian dictatorship instead. And this is exactly the raison d'être of the Charter of Fundamental Rights of the European Union (which was inspired by universal human rights), on which the verdict of the Court is based.

Consequences for the Netherlands

Recently the current Dutch minister of Security and Justice, Ard van der Steur, has again presented to the Dutch House of Representatives a legislative proposal to reintroduce a broad, general telecommunications retention Act. Moreover, a similar legislative proposal pending in the Dutch Senate concerns the recognition and retention of number plate codes of all cars in the Netherlands (i.e. everyone’s travel movements and location data). Following the EU Court ruling, both legislative proposals are unlawful in advance on account of violation of the right to privacy. The same goes for planned mass storage of data that flow in and out of the Netherlands through large internet cables under the new Dutch Intelligence and Security Services Act (and the international exchange thereof), the possible future reintroduction of central databases with everyone’s fingerprints, national DNA databases, national records which include everyone’s financial transactions, etc. etc.

Following the EU Court ruling, the Dutch government can draw one conclusion only: both the legislative proposal that regards the new telecommunications retention Act as well as the legislative proposal that relates to the registration on a massive scale of number plate codes, are to be withdrawn this instant. Otherwise Privacy First will again enforce this in court and will do likewise with every other legislative proposal that threathens to violate the right to privacy of innocent citizens on a large scale.

Privacy First wishes you happy holidays and a privacy-friendly 2017!

Published in Law & Politics

Privacy First New Year’s column

Looking back on 2016, Privacy First perceives a renewed attack on our democratic constitutional State from within. Incident-driven politics based on the everyday humdrum prevails and the Dutch government’s frenzy efforts to control the masses is relentless, arrogant and driven by industry and political lobbying. The democratic principles of our constitutional State are being lost out of sight ever more while the reversion of legal principles has become commonplace. Every (potential) attack thus becomes an attack on our civil rights.

Current constitutional State unable to defend itself

Barely a single day has gone past in the current mediacracy and governors without any historical or cultural awareness hand us, our children and our future over to a new electronic dictatorship fenced off by 4G masts. Citizens who autonomously seek to inform themselves have become ‘populists that spread fake news’. It’s not just the government that has lost its way, but so have the mainstream media, so it seems. The model characterized by fear, hate and control adopted by many authoritarian states headed by a strong leader is increasingly seen as the way to go.

Privacy First has said it before but will reiterate: we are of the opinion that State terrorists who continuously change legislation restricting civil liberties are ultimately much more harmful to our society than a single ‘street terrorist’, however terrible and shocking an attack is for those directly involved. The galling thing is that our constitutional State cannot adequately defend itself against the erosion of democratic principles from within: among other things, there is a lack of independent review of our Constitution. Therefore we are very happy that the European Court of Justice has recently ruled all forms of trawl net technology unlawful in advance. A great verdict that has far-reaching consequences for the State terrorists among our politicians and civil servants. A clear line in the sand.

Our democratic constitutional State came into existence out of the 19th century way of thinking and will have to be reshaped through a public debate, provided this is done taking into account the basic principles of living together - a human experience that goes back thousands of years. Love, trust en freedom are fundamental pillars. Privacy First discerns a number of changes over the past 150 years to which our constitutional State has no adequate answer, if any answer at all. These changes will have to be integrated into a newly structured democratic constitutional State which will have to be partly parliamentary and partly shared. In other words: the democratic foundation is there, but will have to be adapted to the desires and developments of our time.

Towards a Shared Democracy: adjusting parliamentary democracy to our present time

Privacy First calls on (and challenges, if necessary) every Dutch citizen to participate in a broad public discussion in order to shape a democracy 3.0. After Athens (1.0) and our parliamentary democracy from the 19th century onwards (2.0), in our eyes it’s time for the concept of a Shared Democracy (3.0), which is both a disruptive way of thinking as well as a social model for which we identify seven big drivers that help adjust our current 19th century system. Privacy First notices that these seven drivers are currently undermining our model from the inside and the outside. But by thinking differently, one will find that these pillars also offer an opportunity to move towards a new form for the future: the so-called Shared Democracy.

1. Changing role of the media; towards a mediacracy

Originally, in the 19th century model, the media didn’t yet have the scale and level of outreach today’s media have. The influence of the media has become large to the extent it will have to be one of the pillars of the future Shared Democracy.

2. Changing role of citizens

The enormous financial and social emancipation, the elevated level of education and the individualization of citizens is currently leading to huge tensions in the democracy of parliamentary representation. As part of the old way of thinking, citizens are still regarded as an unassertive, inferior, necessary evil. However, citizens want to have decision-making power on numerous issues and this – supported by the newest technologies and means of communication - will have to be structurally implemented in the Shared Democracy on the basis of various structures of representation and participatory leadership based on personal responsibility, an area in which politics and the government are still falling far behind in their relationship with citizens.

3. Scientific, technological and information revolution

These revolutions create new opportunities and offer an almost real-time insight in the developments and events within society. Moreover, the internet and associated infrastructures enable completely new forms of exchange and marketplaces of ideas and decisions. This happens on a worldwide scale between like-minded people and people who hold different views. Where supply and demand are ill-aligned, new services that have a disruptive effect on old structures pop up. Think of the clear imbalance between citizens and politics. A solution for that problem can be found in completely new and invigorating systems and structures, set up with an open and free attitude, with privacy by design enshrined in legislation and with the application of advanced technology - all elements that distinguishes the Shared Democracy.

4. Unrestrained proliferation of public authorities

The house is ready to move into, but the contractor keeps coming back every day to see whether there are still tasks to be done... likewise our government exerts its influence on our daily life and on today’s economy. The unrestrained proliferation of public authorities has got to stop immediately and the government has to be brought back to normal proportions, in line with a standard that has yet to be established. By now, citizens serve the government instead of the other way around. The power of (central) public authorities is no longer commensurate with those of individual citizens. A key trait of the Shared Democracy will be the size, power and scope of the government.

5. Lifelong professional politicians

Another thing the founders of the 19th century model didn’t take into account (despite the seperation of powers) is the fact that many current (national) representatives are fulltime politicians, some of whom carry out public sector activities quite directly related to their political function. Particularly these latter ones have lost all connection to society and virtually live off taxpayers’ money without any risks. In the Shared Democracy we envisage, we advocate that representatives of citizens make clear choices and are in favour of all possible mixed forms of citizens and representatives in order to create a much larger engagement and responsibility among individual citizens when it comes to being active politically.

6. Financial sector, upscaling and mass control

The centralization and management of financial flows disconnected from the underlying value, erodes both the economy and society. The human dimension is disappearing into the background in upscaling and efficiency models dominated by financial flows. By introducing mantras such as ‘cash is criminal’, paying anonymously is being phased out while bank runs that could endanger and destabilize the system are being prevented. Here too, the web continually gets tighter around citizens and money no longer belongs to them, but to banks and the government. With a view to the future and on the basis of current and future technological possibilities, in the Shared Democracy, ownership relationships and the right to anonymous means of payment will have to be firmly embedded in law.

7. Supranational elite of individuals and companies

One of the effects of globalization is the rise of a large group of supranational companies and individuals that are disconnected from their nation-states and societies, benefitting from the rights they have but not fulfilling the duties that society equally brings along. Now that information and power are concentrated within a few very large, global conglomerates, there are many financial corporations and companies that have become larger than nation-states. The intransparent power of lobbygroups backing these conglomerates thrives under the old, authoritarian pyramid structure of centralized political representation. In the Shared Democracy, special attention will have to go out to democratic shaping and modelling on all levels, while the centralized and decentralized power structures have to be continually in balance and be measurable with the most advanced technology.

How will the Shared Democracy deal with all this? How much more freedom are we prepared to give up for the sake of (false) security? 100% security = 0% freedom. How are we going to restructure our society and democratic system in order to hold on to our principles with the seven drivers of development in mind? And on which scale are we willing to do so?

To better define these questions and look for answers, Privacy First will organize a New Year's Reception on 19 January 2017, at 7:30 pm in the Volkshotel in Amsterdam. The reception (in Dutch) will revolve around the Shared Democracy.

Privacy First encourages everyone to contribute to this new movement towards a Shared Democracy in an open and free debate on all available communication channels!

Bas Filippini
Privacy First Foundation chairman

Published in Columns

In the Dutch Citizens v. Plasterk case about the international exchange of data between secret services, the coalition of citizens and organizations (including Privacy First) has explained its appeal before the Hague Court of Appeals. In its statement of appeal, which was submitted to the Court on 2 February 2016, the coalition details why the ruling of the district court of The Hague (in Dutch) is wrong.  

In summary, the district court of the Hague has ruled that the collaboration and exchange of data on the basis of trust between Dutch secret services and foreign secret services (among which the American NSA) may simply be continued. According to the judge, the importance of national security is the determining factor, thereby essentially giving the Dutch AIVD (general intelligence and security service) and MIVD (military intelligence and security service) carte blanche to collect bulk data of Dutch citizens via foreign intelligence agencies without any legal protection, only because of the designation ‘national security’.

The Citizens v. Plasterk coalition deems this ruling to be in flagrant breach of the right to privacy and has lodged an appeal. It must be noted that the coalition isn’t seeking to ban the collaboration with foreign services as such. However, we find that when it comes to collaborating and receiving data, strict safeguards should be maintained. Failure to do so means that data that has been obtained by the NSA and other intelligence services in violation of Dutch law, illegally end up in the hands of Dutch intelligence services. This comes down to the laundering of data through an illegitimate U-turn.

"By using NSA data, minister Plasterk and his services are laundering illegally obtained data. This case should put an end to that", says our lawyer Christiaan Alberdingk Thijm of bureau Brandeis. Read our entire statement of appeal HERE (pdf in Dutch).

What’s next?

The Dutch government will first have to react to our statement of appeal in a statement of defence on appeal, after which the Hague Court of Appeals will schedule a hearing and render a ruling.

Meanwhile, our coalition has been admitted to intervene in the legal proceedings against the British government that the British organization Big Brother Watch et al. have brought before the European Court of Human Rights (ECtHR). This is a significant development because as a result, the ECtHR may, at an early stage, be able to issue a verdict that is relevant to our Dutch case. Click HERE (pdf) for the recent decision on admissibility by the European Court and HERE for more information about the British case on the Court's website.

The Citizens v. Plasterk case

At the end of 2013, the Citizens v. Plasterk coalition summoned the Dutch government, represented by the Dutch minister of the Interior, Ronald Plasterk. This was prompted by Edward Snowden’s revelations about the practices of (foreign) intelligence services. The coalition demands that the Netherlands stops using data that have been obtained in violation of Dutch law.

In February 2014 the case almost led to minister Plasterk’s withdrawal from office. It had emerged that Plasterk had wrongfully informed the Dutch House of Representatives on the exchange of data between Dutch and foreign intelligence services. The Dutch services had passed on 1.8 million items of data to the Americans and not the other way around, as he had previously claimed.

In July 2014 the district court of The Hague rejected the claims of the coalition, after which the coalition lodged an appeal before the Hague Court of Appeals.

At the end of 2015 it became known that the coalition may participate in a British lawsuit before the European Court of Human Rights in Strasbourg.

The participating citizens in the coalition are: Rop Gonggrijp, Jeroen van Beek, Bart Nooitgedagt, Brenno de Winter and Mathieu Paapst. The participating organizations are: the Privacy First Foundation, the Dutch Association of Defence Counsel (NVSA), the Dutch Association of Journalists (NVJ) and Internet Society Netherlands.

The case is taken care of by bureau Brandeis, in particular by our lawyers Christiaan Alberdingk Thijm and Caroline de Vries, who make use of the bureau Brandeis’s pro-bono fund.

Update 9 February, 2016: today the coalition submitted its written submissions to the European Court of Human Rights, click HERE (pdf).

Published in Litigation
Wednesday, 23 December 2015 15:38

From street terrorism to State terrorism?

Christmas column by Bas Filippini,
Chairman of the Privacy First Foundation 

Principles of our democratic constitutional State are still very relevant 

‘‘Your choice in a free society’’ is the slogan of the Privacy First Foundation. Privacy First has defined its principles on the basis of universal human rights and our Dutch Constitution and is reputed for professional and, if necessary, legal action in line with our free constitutional State. The mere fact that Privacy First exists, means that in recent years the aforementioned principles have come under increasing pressure. We base our (legal) actions and judgements on thorough fact-finding, to the extent possible in our working area.

‘The Netherlands as a secure global pioneer in the field of privacy’, that’s our motto. This country should also serve as an example of how to use technology whilst maintaining the principles of our open and free society. This can be achieved through legislative, executive and IT infrastructures, starting from privacy by design and making use of privacy enhanced technology.

Whereas the industrial revolution has environmental pollution as a negative side effect, the information revolution has the ‘pollution of privacy and freedom’ as an unwanted side effect.

Therefore, the question is how to preserve the basic principles of our democratic constitutional State and how to support new structures and services towards the future. As far as we’re concerned, these basic principles are neither negotiable nor exchangeable. Yet time and again we see the same incident-driven politics based on the misconceptions of the day strike at times when the constitutional State is at its most vulnerable and cannot defend itself against the emotional tide of the moment.

Paris as yet another excuse to pull through ‘new’ laws

Various politicians feed on the attacks in Paris and tumble over one another to express Orwellian macho talk, taking things further and further in legislative proposals or in emotional speeches characterized by belligerence and rhetoric. And it’s always so predictable: further restraining existing freedoms of all citizens instead of focusing further on the group of adolescents (on average, terrorist attackers are between 18 and 30 years old) that intelligence agencies already have in sight. Instead of having a discussion about how intelligence agencies can more effectively tackle the already defined group that needs to be monitored and take preventive measures in the communication with and education of this target group, the focus too easily shifts to familiar affairs whereby necessity, proportionality and subsidiarity are hard to find.

So in the meanwhile we’ve witnessed the prolonged state of emergency in France, the far reaching extension of powers of the police, the judiciary and intelligence services (also to the detriment of innocent citizens), extra controls in public space, the retention of passenger data, etc., etc. All this apparently for legitimate reasons in the heat of the moment, but it will be disastrous for our freedom both in the short as well as in the long run. In this respect the blurring definition of the term ‘terrorism’ is striking. Privacy First focuses on government powers in relation to the presumption of innocence that citizens have. We’re in favour of applying special powers in dealing with citizens who are under reasonable suspicion of criminal offences and violate the rights of others with their hate and violence. In fact, that’s exactly what the law says. Let’s first implement this properly, instead of introducing legislative proposals that throw out the baby with the bathwater.

The governments is committed to impossible 100 per cent security solutions

What often strikes me in conversations with civil servants is the idea that the government should provide 100 per cent solutions for citizens and applies a risk exclusion principle. This leads to a great deal of compartmentalization and paralyzation when it comes to possible government solutions in the area of security. Technology-based quick fixes are adhered to by default, without properly analyzing the cause of problems and looking at the implementation of existing legislation.

The government way of thinking is separate from citizens, who are not trusted in having legal capacity and are regarded as a necessary evil, as troublesome and as inconvenient in the performance of the government’s tasks. The idea that the government, serving its citizens, should offer as high a percentage as possible but certainly not a 100 per cent security (the final 10 per cent are very costly on the one hand and suffocating for society on the other) is not commonly shared. No civil servant and no politician is prepared to introduce policies to maintain an open society today (and 50 years from now) that entail any risk factors. However, in reality there will always be risks in an open society and it should be noted that a society is not a matter of course but something we should treat with great care.

Here in the Netherlands we’ve seen other forms of government before: from rule by royal decree to a bourgeoisie society and an actual war dictatorship. Every time we chose not to like these forms of society. What could possibly be a reason to be willing to go back to any of these forms and give up our freedoms instead of increasing them and enforcing them with technology? Especially in a society that has high levels of education and wherein citizens show to be perfectly able to take their own decisions on various issues. We hire the government and politics as our representatives, not the other way around. However, we’re now put up with a government that doesn’t trust us, is only prepared to deliver information on the basis of FOIA requests and requires us to hand over all information and communications about us and our deepest private lives as if we were prima facie suspects. That puts everything back to front and to me it embodies a one way trip to North Korea. You’ll be more than welcome there!

Political lobby of the industry

The industry’s persistence to overload the government and citizens with ICT solutions is unprecedented. Again and again here in the Netherlands and in Silicon Valley the same companies pop up that want to secure their Christmas bonus by marketing their products in exchange for our freedom. We’re talking about various electronic health records like the Child record and the Orwellian and centralized electronic patient record, the all-encompassing System Risk-Indication database, travel and residency records, road pricing, chips in number plates and cars, so-called automated guided vehicles (including illegal data collection by car manufacturers), number plate parking, automatic number plate recognition cameras, facial recognition in public space and counter-hacking by government agencies while voting computers are back on the agenda. Big Data, the Internet of things, the list goes on.

With huge budgets these companies promote these allegedly smart solutions, without caring about their dangers for our freedom. It’s alienating to see that the reversal of legal principles is creeping in and is being supported by various government and industry mantras. It’s as if a parasitic wasp erodes civil liberties: the outside looks intact but the inside is already empty and rotten.

From street terrorism to State terrorism

As indicated above, the information revolution leads to the restriction of freedom. It’s imperative to realize that after 4000 years of struggle, development and evolution we have come to our refined form of society and principles that are (relatively) universal for every free citizen. Just as most of us are born out of love, freedom and trust, to me these are also the best principles with which to build a society. We’re all too familiar with societies founded on hate, fear and government control and we have renounced them not so long ago as disastrous and exceptionally unpleasant. At the expense of many sacrifices and lives these principles have been enshrined in treaties, charters and constitutions and are therefore non-negotiable.

It’s high time to continue to act on the basis of these principles and make policy implementation and technology subordinate to this, taking into account the people’s needs and their own responsibility. In my eyes, a civil servant in the service of the people who places security above everything else, is nothing more than a State terrorist or a white collar terrorist who in the long term causes much more damage to our constitutional State and freedom than a so called street terrorist. The government and industry should have an immediate integrity discussion about this, after which clear codes can be introduced for privacy-sustainable governing and entrepreneurship.

Towards a secure global pioneer in the field of privacy

Privacy First would like to see government and industry take their own responsibility in protecting and promoting the personal freedom of citizens and in so doing use a 80/20 rule as far as security is concerned. By focusing on risk groups a lot of money and misery can be saved. Exceptions prove the rule, which in this case is a free and democratic constitutional State and not the other way around. Say yes to a free and secure Netherlands as a global pioneer in the field of privacy!

Published in Columns

By now basically everyone is aware of the far-reaching eavesdropping practices by the American National Security Agency (NSA). For years the NSA has been secretly eavesdropping on millions of people around the world, varying from ordinary citizens to journalists, politicians, attorneys, judges, scientists, CEOs, diplomats and even presidents and heads of State. In doing so, the NSA has completely ignored the territorial borders and laws of other countries, as we have learned from the revelations by Edward Snowden in the PRISM scandal. Instead of calling the Americans to order, secret services in other countries appear to be all too eager to make use of the intelligence that the NSA has unlawfully obtained. In this way national, European and international legislation that should safeguard citizens against such practices is being violated in two ways: on the one hand by foreign secret services such as the NSA that collect intelligence unlawfully, and on the other hand by secret services in other countries that subsequently use this intelligence. This constitutes an immediate threat to everyone’s privacy and to the proper functioning of every democratic constitutional State. This is also the case in the Netherlands, where neither the national Parliament nor the responsible minister (Mr. Ronald Plasterk, Home Affairs) has so far taken appropriate action. This situation cannot continue any longer. Therefore a national coalition of Dutch citizens and organizations (including the Privacy First Foundation) has today decided to take the Dutch government to court and demand that the inflow and use of illegal foreign intelligence on Dutch soil is instantly brought to a halt. Furthermore, the coalition demands that the Dutch government notifies all citizens whose personal data have been illegally obtained. These data must also be deleted.

These legal proceedings by the Privacy First Foundation primarily serve the general interest and aim to restore the right to privacy of every citizen in the Netherlands. The lawsuit is conducted by bureau Brandeis; this law firm also represents Privacy First and 19 co-plaintiffs (Dutch citizens) in our Passport Trial against the Dutch government. Privacy First is confident it will soon have positive outcomes in both of these cases.

Click HEREpdf to read the subpoena as it was presented to minister Plasterk today. (Dutch only)

Apart from Privacy First, the coalition of plaintiff parties consists of the following organizations and citizens:

- The Dutch Association of Defence Counsel (Nederlandse Vereniging van Strafrechtadvocaten, NVSA)
- The Dutch Association of Journalists (Nederlandse Vereniging van Journalisten, NVJ)
- The Dutch chapter of the Internet Society (ISOC.nl)
- Jeroen van Beek
- Rop Gonggrijp
- Bart Nooitgedagt (represented by the NVSA)
- Matthieu Paapst (represented by ISOC.nl)
- Brenno de Winter (represented by the NVJ).
 
Update 5 February 2014: today the Dutch government (Ministries of Home Affairs and Defence) has responded to the subpoena in a comprehensive statement of defence; click HEREpdf for the entire document (pdf; MIRROR) and HERE for the press release by our attorneys of bureau Brandeis (in Dutch). It is remarkable that the State Attorney only deems the Privacy First Foundation admissible (see p. 31). This means that Privacy First is only one step away from standing before the judges of the district court of The Hague. This development is also of great importance for our Passport Trial, in which that same court at an earlier stage deemed Privacy First et al. inadmissible. The Hague Court of Appeal is currently looking into this legal issue once more. In the point of view of Privacy First, the court should declare all plaintiffs (citizens and organizations) admissible in both the court case concerning the NSA as well as our lawsuit regarding the Dutch biometric passport.

Published in Litigation
Page 2 of 3

Our Partners

logo Voys Privacyfirst
logo greenhost
logo platfrm
logo AKBA
logo boekx
logo brandeis
 
 
 
banner ned 1024px1
logo demomedia
 
 
 
 
 
Pro Bono Connect logo
Procis

Follow us on Twitter

twitter icon

Follow our RSS-feed

rss icon

Follow us on LinkedIn

linked in icon

Follow us on Facebook

facebook icon