Senate hearing on ANPR bill
On Tuesday 20 June next, the Senate will hold a hearing ("expert meeting") on two controversial bills: the Automatic Number Plate Registration (ANPR) bill and the Computer Crime III bill ("police hacking law"). To that end, at the request of the Senate Committee on Security and Justice, Privacy First submitted last week a concise position paper in on the ANPR bill. Below is the full text, click HERE for the original version in pdf. The hearing is public and will be available live on the internet. Click HERE for more information, the full programme and all speakers.
Thank you for your invitation to participate in the expert meeting on the ANPR (automatic number plate registration) bill. Under this bill, police will be given the power to retain all license plates on public roads for 4 weeks for investigation and prosecution. In Privacy First's view, this constitutes a massive privacy violation. We will briefly explain below.
Under current legislation, ANPR data of innocent citizens should be deleted within 24 hours. All license plates that are not suspicious (so-called "no-hits") should even be deleted from the databases immediately, according to the Personal Data Authority. After all, in a democratic state governed by the rule of law, innocent citizens should be left alone as much as possible: the classic principle of law is that the government may only invade a citizen's privacy upon reasonable suspicion of a concrete criminal offence. Current ANPR practice is in line with this in that the "hits" can be used and the "no-hits" erased. However, this practice has taken place for years on the basis of a general catch-all provision: Article 3 Police Act. This involves profiling. This in no way meets the modern requirements of European privacy law for the use of ANPR. Privacy First therefore firstly recommends that the current ANPR practice be curtailed and still provided with a specific legal basis with strict privacy safeguards.
Lack of necessity and proportionality
Instead of still regulating the current ANPR practice in a privacy-friendly manner, the current ANPR bill represents a far-reaching violation of virtually every motorist's right to privacy. After all, under this bill, all license plates on public roads (i.e. everyone's travel movements, location data) will be stored in a national ANPR database for 4 weeks. Moreover, this ANPR data will be shared with the AIVD (under the new Intelligence and Security Services Act, even through direct access to the ANPR database), among others. As a result, every motorist becomes a potential suspect. However, the ANPR legislative process so far does not show any social need for this: in recent years, ANPR seems to have contributed to successful investigation and prosecution in only a handful of crimes. By objective standards, this does not outweigh the sacrifice of the privacy, freedom of movement and presumption of innocence of millions of motorists. By comparison, when after 9/11 the CDA proposed fingerprinting the entire population for investigation purposes, this was immediately rejected by Justice Minister Korthals (VVD). Korthals considered this proposal disproportionate, because on an annual basis, there were around 10,000 trace cases (with fingerprints), and the House of Representatives agreed with the minister at the time. Mass storage of everyone's fingerprints and telecommunications data have since been banned. Consequently, it is hard to see why the storage of everyone's ANPR data should be allowed.
From 'mass surveillance' to 'targeted surveillance'
The current bill lays a fundamental building block for the Netherlands as a future "surveillance society". In doing so, the Netherlands is crossing a boundary in principle. Both within Dutch society and abroad, there is great concern about this, as discussions between Privacy First and various embassies in The Hague recently revealed. Indeed, at the European level, there is precisely a development in the opposite direction: from ineffective, inefficient and unlawful "mass surveillance" towards effective, efficient and legitimate "targeted surveillance", according to several landmark rulings by Europe's highest courts and growing communis opinio among experts. Thus, by passing this bill, the Netherlands is not only making a legal and policy gaffe, but also creating a dangerous international precedent.
The current bill dates back to early 2013 and has - rightly - had a troubled history since then. Already a year after the bill was submitted to the House of Representatives by former minister Opstelten, it proved legally untenable, when the European Court of Justice declared the mass storage of everyone's telecommunication data (including location data) to be unlawful. Due to privacy concerns, further discussion of the bill then lay on hold for two years, until it was reactivated by former minister Van der Steur in September 2016. Three months later, however, the final blow followed: in a new, more sharply worded ruling, the European Court of Justice declared the undirected, mass storage of data of innocent citizens for investigative purposes (data retention) to be definitively unlawful. Moreover, the use of such data requires prior judicial authorisation. The current ANPR bill does not meet any of these requirements. The bill is therefore unlawful and should be rejected by your Chamber. Failing this, Privacy First (in broad coalition) will sue the Dutch State and have the bill declared non-binding due to violation of the right to privacy (art. 8 ECHR).
For further information or questions regarding the above, Privacy First can be reached at any time on telephone number 020-8100279 or by email: firstname.lastname@example.org.
Privacy First Foundation
 Bill capturing and retaining licence plate data by police, Parliamentary Papers 33542.
 See Data Protection Board, Police forces act in violation of law when applying ANPR (28 January 2010), https://autoriteitpersoonsgegevens.nl/nl/nieuws/politiekorpsen-handelen-strijd-met-de-wet-bij-toepassing-anpr.
 See Letter from the Minister of Justice dated 10 December 2001, Parliamentary Papers II, 2001-2002, 19637, no. 635, p. 7.
 Previously, Justice Minister Hirsch Ballin also planned to submit a similar proposal with a 10-day retention period back in 2010. However, the House of Representatives subsequently declared this proposal controversial.
 Court of Justice of the European Union 8 April 2014, Joined Cases C-293/12 & C594/12 (Digital Rights).
 Court of Justice of the European Union 21 December 2016, Joined Cases C-203/15 & C-698/15 (Tele2).
Update 20 June 2017: the hearing in the Senate this morning was very diverse and particularly critical; click HERE for the whole video and HERE for Privacy First's input (from 19m42s and 39m23s). Below is the full text of our introduction. A formal report of the meeting will soon appear on the Senate website.
Thank you for inviting us to this meeting. Both in our position paper and at this meeting, Privacy First will mainly address the ANPR bill. After all, this bill is the main reason why you invited us.
Ever since the submission of Minister Hirsch Ballin's original proposal in 2010 to store everyone's license plate data, or location data, for tracking and prosecution purposes, Privacy First has taken the position that such a proposal is completely unlawful due to lack of necessity and proportionality. This position has since been confirmed by established European case law. Should this bill nevertheless be enacted into law, Privacy First will have it declared non-binding due to violation of Article 8 ECHR.
Privacy First has already made this known several times in recent years to both the Lower House and Minister Opstelten and Minister Van der Steur personally. At our meeting with minister Opstelten in July 2013, the Dutch Legal Committee for Human Rights (NJCM) and the Privacy Law Association were also critically present. On the prospect of a court case against the ANPR bill, Minister Opstelten responded at the time as follows, and I quote: "The courts implement the legislation." As if the judiciary were just an extension of the executive. Privacy First responded that "the court also tests national legislation against international conventions". After that, an embarrassed silence fell over Opstelten and his top officials. At subsequent meetings with these officials, Privacy First, incidentally, was never able to escape the impression that their defence of the bill was somewhat "contre coeur" was. This was also the case in recent years with laws that would similarly bring about massive privacy violations, including the storage of everyone's fingerprints under the Passport Act. By the end of 2010, no official could be found in the whole of the Netherlands who dared to defend it publicly. Public opposition to such storage was and is strong.
Both the storage of everyone's fingerprints and the storage of everyone's telecommunications data have now been declared unlawful by several top European judges. Privacy First hopes this ANPR bill will not have to go that far. We therefore hereby request your House to reject this bill.
Computer crime bill III
Then a few comments on the Computer Crime III bill: as with the ANPR bill, this bill has never been subjected to a thorough and independent Privacy Impact Assessment. Both bills seem mainly driven by technological determinism: anything technically possible is made possible by law. However, as with the ANPR bill, the required societal necessity and proportionality have so far never been substantiated. There is deliberately no question of any limitation in the technological sense: the effect of the bill will extend to everything that is connected to the internet, which means almost the whole of society in future, including the Internet of Things, vital infrastructure and medical systems. In police circles, people even want to be able to hack into and stop moving cars, with all the dangers this poses to road safety. Moreover, the use and misuse of unknown ICT vulnerabilities is hardly contained, and the crimes in which this bill can be used can be continuously expanded by order in council. That is not a privacy by design. That is function creep by design. Privacy First therefore calls on your House to reject this bill as well.
Update 19 July 2017: click HERE for the full report of the hearing as published by the Senate (editorially corrected reprint).