Privacy First comments on review of Section 13 Constitution

Under a public consultation The Home Office recently requested Privacy First to respond to the current cabinet proposal to revise article 13 of the constitution (letter, telephone and telegraph secrecy). Our comments on the draft bill can be found below (click HERE for the version in pdf):

Ministry of the Interior and Kingdom Relations
Deputy Director for Constitutional Affairs and Legislation
Mr W.J. Pedroli
PO Box 20011
2500 EA The Hague

Amsterdam, 29 December 2012

Subject: Privacy First comments on draft bill amending Section 13 of the Constitution

Dear Mr Pedroli,

On 16 October last, you requested Privacy First Foundation to comment on the draft bill to amend Section 13 of the Constitution. Privacy First is grateful for your request and hereby provides you with critical comments. It should first be noted that Privacy First fully endorses this government's desire to modernise the current, archaic Section 13 of the Constitution. However, Privacy First regrets that the government has not seized the opportunity to also renew and strengthen other 'fundamental rights in the digital age'.

Positive aspects
In Privacy First's view, the first and third paragraphs of the current draft bill revising Section 13 of the Constitution are powerful anchor points for a future-proof right to confidential communications. The first paragraph rightly modernises the old letter, telephone and telegraph secrecy into a technology-independent (or technology-neutral) letter and telecommunication secrecy. The third paragraph properly safeguards its horizontal effect. Privacy First also endorses the broad interpretation given to various relevant concepts in the draft explanatory memorandum (MoU). However, the second paragraph of the draft bill contains a systematic imbalance that could throw our society off course in less democratic times. It is therefore this second paragraph in particular on which Privacy First's criticism is focused. Other points of criticism concern the notification obligation and traffic data as well as the absence of a comparative law paragraph in the Explanatory Memorandum.

Judicial authorisation and national security
The MoT rightly states that "in light of Article 13 (...) the protection of the citizen against government infringements is paramount, especially in light of police and intelligence operations. (...) Establishing the requirement of judicial authorisation in the Constitution provides a strong and clear guarantee of the rule of law."[1] It is therefore incomprehensible that the second paragraph of the draft bill exempts the domain of national security from judicial oversight. After all, where the concentration of power is highest, judicial checks and balances be most powerful in preventing (future) abuse of power. In the light of European history, the exception in paragraph 2 is even completely irresponsible: in our regions, too, a democratic constitutional state is unfortunately not a static given. In addition, this sends a dangerous signal to foreign countries. Privacy First also considers the exception in paragraph 2 unwise in view of possible technological developments in the (distant) future.[2] The same applies in connection with the (further) stretching of the concept of "national security". Also in the future, the Dutch population should be protected against arbitrary breaches of communication secrecy; the current wording of paragraph 2 offers no guarantee to this end.

Adding an additional 'judicial layer' would strengthen the current system of internal and external oversight of intelligence and security services (and thus the democratic rule of law). The system of judicial oversight in a country like Canada could be a source of inspiration in this regard. Such a judicial check would also be in line with the case law of the European Court of Human Rights:

"The Court has indicated, when reviewing legislation governing secret surveillance in the light of Article 8 [ECHR], that in a field where abuse is potentially so easy in individual cases and could have such harmful consequences for democratic society as a whole, it is in principle desirable to entrust supervisory control to a judge."[3]

In light of this, the current wording of paragraph 2 is inappropriate. Privacy First therefore recommends that this paragraph be revised as follows:

"Restriction of this right is possible in the cases determined by law with the authorisation of the court or, in the interests of national security, with the authorisation of one or more ministers designated by law." [strike out Privacy First]

As a possible alternative to the introduction of judicial oversight in the security domain, Privacy First recommends that the existing Intelligence and Security Services Regulatory Commission (CTIVD) should be upgrade to a stronger independent oversight body naar the Belgian or German model, with overall mandatory review in advance instead of random monitoring afterwards.

Notification requirement
A second point of criticism concerns the lack of explicit constitutional mention of a duty of notification in case of breaches of letter and telecommunication secrecy. After all, a duty of notification strengthens legal protection for citizens and contributes to correct compliance with the law by the government, including in the security domain. Like judicial authorisation, this offers the best guarantees against short- and long-term abuse.

Traffic data
In Privacy First's view, traffic data should also fall within the scope of Section 13 of the Constitution. After all, this data often relates in part to the content of communication; this is even evident in so many words from the MoT itself, where SMS and the subject line of email are rightly cited as examples.[4] The same applies, for example, to searches in search engines. In addition, from traffic data in combination with other (whether or not real-time collected) data, the content of communications between individuals and/or companies can still be deduced. A strong regime of Article 13 of the Constitution combined with judicial oversight is therefore called for here too.

Law comparison
Finally, Privacy First lacks a comparative law paragraph in the current MoT comparing the current Article 13 Constitution with constitutional best practices from countries with either a civil law, either a common law tradition. With a new Article 13 Constitution as the international state-of-the-art would also allow the Netherlands to distinguish itself positively and regain some of its former position as a human rights guiding country.

Privacy First hopes to serve you with this opinion. If requested, we are happy to provide further clarification on the above points.

Sincerely,

Privacy First Foundation

Vincent Böhre
director of operations