Privacy First appeals to the Dutch House of Representatives to stop the storage of passport biometrics and to withdraw the new Passport Act.
Today the Privacy First Foundation has sent a letter to the Dutch House of Representatives with regard to the general meeting about the new Passport Act of 27 April 2011 with the Minister of the Interior and Kingdom Relations Piet Hein Donner. This is the content of our letter:
No more than two years after the coming into force of the new Passport Act, this law is again high on the agenda of the House of Representatives. After having gone through a relatively inconspicuous parliamentary trajectory, the new Passport Act was accepted on 9 June 2009 without a vote in the Senate. At the time this came like a bolt from the blue for many: after all, there had hardly been any democratic debate about this far-reaching Act. Confronted with this fait accompli, one and a half years of increasing resistance followed in the form of citizens protests, petitions, scientific and political criticism, objection proceedings, lawsuits and even motions of disapproval by local councils. In that sense the new Passport Act is heading back to the House of Representatives like a societal boomerang. Privacy First hereby reiterates its main objections against the current Act:
- Under the European Passport Regulation the taking of only two fingerprints and a facial scan in a travel document is obligatory. This is for the (supposed) fight against fraud with those same documents. With the new Passport Act the Netherlands takes things much further by also storing these data (plus two extra fingerprints) in databases for a broad range of other purposes, among which criminal investigation and prosecution, counter-terrorism, disaster control and intelligence work in the Netherlands and in third countries. Considering the entirely unjustified and disproportionate character of this measure, this constitutes a collective violation of the right to privacy and physical integrity of every Dutch citizen with a new travel document;
- Most citizens have never been told about the above mentioned purposes in the new Passport Act; this constitutes a violation of their right to informed consent in the processing of their biometric data;
- Citizens who are willing to object against the compulsory storage are forced to undertake legal proceedings that take years, a period during which they must make their way through life without a valid travel and ID document, with all the disadvantages and risks this entails;
- The storage of biometric data (both in the travel document and in a database) creates a new form of fraud: biometric identity fraud. This type of fraud can stay undetected for years and haunt someone for the rest of his or her life.
- The same goes for the Radio Frequency Identification (RFID)-chip in the document that can be read from a distance: this too creates news risks of identity fraud;
- The security of the storage in databases (be it a ‘centralized’ or a ‘de-centralized’ database) can impossibly be (entirely) guaranteed;
- Storage in databases is suitable for identification instead of verification and paves the way for function creep;
- During the issuance of the travel document generally no biometric verification takes place. Therefore it’s unknown to what extent the travel documents that have been brought into circulation under the new Passport Act function as far as the biometrics are concerned. In this respect it appeared, during the parliamentary Round Table about the new Passport Act on 20 April 2011, that there’s a percentage of error (when verifying fingerprints) of no less than 21%.
On account of these objections Privacy First makes an urgent appeal to the House of Representatives to immediately halt the storage of biometric data (in particular fingerprints) and to withdraw the new Passport Act of 2009 or to revise it along the following lines:
- Enrolment of biometric data is to become voluntary;
- Storage of these data in municipal or national databases is to be stopped;
- For domestic use an alternative ID document without biometrics is to be developed.
With the exception of Great-Britain, of all countries in the European Union the Netherlands is worse off in terms of privacy. This emerges from a large-scale survey by the British organisation Privacy International. In the Netherlands there is endemic surveillance in no less than 10 areas, among which are the biometric passport/ID-card, the exchange of personal data, the storage of communication data, medical and financial information, telephone and internet tapping and border controls. Furthermore, with regard to privacy, in the Netherlands there are no effective constitutional safeguards, insufficient judicial supervision and a lack of political leadership. You can read the entire survey HERE.
The findings of Privacy International confirm that a radical change of direction is needed in the Netherlands in the area of privacy: from worst practice to best practice, moving from the position of a ‘privacy third world country’ towards that of a ‘privacy leading nation’. The Netherlands has the knowledge and the means to make this step. Privacy First is eager to contribute its mite in this well-needed ‘privacy U-turn’.
The general philosophy of the Fair Information Principles
The most fundamental principle is notice. Consumers should be given notice of an entity's information practices before any personal information is collected from them. Without notice, a consumer cannot make an informed decision as to whether and to what extent to disclose personal information. Moreover, three of the other principles discussed below -- choice/consent, access/participation, and enforcement/redress -- are only meaningful when a consumer has notice of an entity's policies, and his or her rights with respect thereto.
While the scope and content of notice will depend on the entity's substantive information practices, notice of some or all of the following have been recognized as essential to ensuring that consumers are properly informed before divulging personal information:
- identification of the entity collecting the data;
- identification of the uses to which the data will be put;
- identification of any potential recipients of the data;
- the nature of the data collected and the means by which it is collected if not obvious (passively, by means of electronic monitoring, or actively, by asking the consumer to provide the information);
- whether the provision of the requested data is voluntary or required, and the consequences of a refusal to provide the requested information; and
- the steps taken by the data collector to ensure the confidentiality, integrity and quality of the data.
Some information practice codes state that the notice should also identify any available consumer rights, including: any choice respecting the use of the data; whether the consumer has been given a right of access to the data; the ability of the consumer to contest inaccuracies; the availability of redress for violations of the practice code; and how such rights can be exercised.
In the Internet context, notice can be accomplished easily by the posting of an information practice disclosure describing an entity's information practices on a company's site on the Web. To be effective, such a disclosure should be clear and conspicuous, posted in a prominent location, and readily accessible from both the site's home page and any Web page where information is collected from the consumer. It should also be unavoidable and understandable so that it gives consumers meaningful and effective notice of what will happen to the personal information they are asked to divulge.
The second widely-accepted core principle of fair information practice is consumer choice or consent. At its simplest, choice means giving consumers options as to how any personal information collected from them may be used. Specifically, choice relates to secondary uses of information -- i.e., uses beyond those necessary to complete the contemplated transaction. Such secondary uses can be internal, such as placing the consumer on the collecting company's mailing list in order to market additional products or promotions, or external, such as the transfer of information to third parties.
Traditionally, two types of choice/consent regimes have been considered: opt-in or opt-out. Opt-in regimes require affirmative steps by the consumer to allow the collection and/or use of information; opt-out regimes require affirmative steps to prevent the collection and/or use of such information. The distinction lies in the default rule when no affirmative steps are taken by the consumer. Choice can also involve more than a binary yes/no option. Entities can, and do, allow consumers to tailor the nature of the information they reveal and the uses to which it will be put. Thus, for example, consumers can be provided separate choices as to whether they wish to be on a company's general internal mailing list or a marketing list sold to third parties. In order to be effective, any choice regime should provide a simple and easily-accessible way for consumers to exercise their choice.
In the online environment, choice easily can be exercised by simply clicking a box on the computer screen that indicates a user's decision with respect to the use and/or dissemination of the information being collected. The online environment also presents new possibilities to move beyond the opt-in/opt-out paradigm. For example, consumers could be required to specify their preferences regarding information use before entering a Web site, thus effectively eliminating any need for default rules.
Access is the third core principle. It refers to an individual's ability both to access data about him or herself -- i.e., to view the data in an entity's files -- and to contest that data's accuracy and completeness. Both are essential to ensuring that data are accurate and complete. To be meaningful, access must encompass timely and inexpensive access to data, a simple means for contesting inaccurate or incomplete data, a mechanism by which the data collector can verify the information, and the means by which corrections and/or consumer objections can be added to the data file and sent to all data recipients.
The fourth widely accepted principle is that data be accurate and secure. To assure data integrity, collectors must take reasonable steps, such as using only reputable sources of data and cross-referencing data against multiple sources, providing consumer access to data, and destroying untimely data or converting it to anonymous form.
Security involves both managerial and technical measures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data. Managerial measures include internal organizational measures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Technical security measures to prevent unauthorized access include encryption in the transmission and storage of data; limits on access through use of passwords; and the storage of data on secure servers or computers that are inaccessible by modem.
It is generally agreed that the core principles of privacy protection can only be effective if there is a mechanism in place to enforce them. Absent an enforcement and redress mechanism, a fair information practice code is merely suggestive rather than prescriptive, and does not ensure compliance with core fair information practice principles.
The Fair Information Principles as put into Canadian Law
Klik hier voor de bron.
These principles are usually referred to as “fair information principles”.
They are included in the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private-sector privacy law, and called "Privacy Principles".
Principle 1 — Accountability
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
Principle 2 — Identifying Purposes
The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
Principle 3 — Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Principle 4 — Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
Principle 5 — Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
Principle 6 — Accuracy
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Principle 7 — Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
Principle 8 — Openness
An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
Principle 9 — Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10 — Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.