De Verleiders entice Holland into discussion

Privacy First is glad that this uproar has put the issue of privacy back on the agenda. The conversation raised a number of pressing issues that are in play today and high on Privacy First's agenda. Below is a small summary:

SyRI - System Risk Indication

The System Risk Indication (SyRI) widely links personal data of unsuspected citizens from government and corporate databases. A secret algorithm then predicts whether they pose a risk of breaking any of the many laws covered by the system. If SyRI's analysis leads to a risk notification, a citizen is included in the so-called Risk Notification Register, which is accessible to a large number of government agencies.

SyRI is a 'black box' that contains major risks to the democratic rule of law. It is completely unclear to a citizen who can be vetted by SyRI without any reason, what data is used for this purpose, what analyses are carried out with it and what makes him or her a risk or not. Moreover, because of SyRI's covert operation, citizens are also unable to refute an incorrect risk report. On SyRI, the State has been sued by a large coalition consisting of the Civil Rights Platform Foundation, the Dutch Lawyers Committee for Human Rights (NJCM), Privacy First Foundation, KDVP Foundation, the National Clients' Council (LCR) and FNV. Authors Tommy Wieringa and Maxim Februari joined the case in their personal capacity as plaintiffs.

ANPR - Automatic Number Plate Recognition

Since 1 January last, the Law on capture and retention of license plates by police (ANPR Act) into force. This involves the police using, in hundreds of locations, so-called ANPR cameras. This law allows the license plates of all cars in the Netherlands (or everyone's travel movements) to be stored for four weeks in a central police database for investigation and prosecution through camera surveillance. Every motorist thereby becomes a potential suspect. This is totally unnecessary, totally disproportionate and also ineffective. This law therefore violates the right to privacy and is therefore unlawful.

Privacy First is preparing to sue the State and have the court declare this law unlawful.

Innocence Presumption

Privacy First notes that legislation is rapidly being produced that erodes the democratic rule of law and gives governments, police and secret services ever greater powers. Whereby more and more data is stored "just in case", instead of there being reasonable suspicion on a person. The presumption of innocence is a principle of law that is under considerable attack and needs protection.

Cash

Privacy First has been advocating the protection of cash for years; after all, it is the only means of payment that is anonymous. We see that in increasing numbers, cash payments are no longer accepted. In several court cases (such as over license plate parking), Privacy First has argued for the preservation of cash payment options.

PSD2 - Payment Service Directive 2

From the beginning of 2019, PSD2 (Payment Service Directive 2) will take effect in the Netherlands. This new European banking law allows consumers to share their banking data with parties other than their own bank. To do so, consumers must first give explicit consent. After this, the bank must share all transaction data of the consumer (account holder) with an external party (financial service provider) for a period of 90 days, after which the consumer can renew his consent. Also, the consumer can withdraw his consent at any time.

PSD2 label for transparency

Privacy First wants consumers to be informed honestly and transparently about what happens to their data. Instead of lengthy privacy statements, Privacy First advocates independent information on one A4, offering information determined by consumers. After all, consumers are best placed to decide for themselves what information they find valuable when making a choice. Throughout 2018, Privacy First worked on this initiative with Volksbank and other partners from the financial sector.

PSD2-me-not register

Privacy First is surprised that no attention has been paid to the role of "special personal data" in transaction data. This data should only be shared under strict conditions and should therefore be able to be filtered. Consumers who do not want their data shared by others with financial service providers should also be given the option to prevent this. That is why Privacy First wants an opt-out register for PSD2, similar to the don't-call-me register.