Netherlands under scrutiny at United Nations
Tomorrow in Geneva, the Netherlands will be scrutinised by the world's highest human rights body: the United Nations (UN) Human Rights Council. Since 2008, the human rights situation in each country has been periodically assessed by the UN Human Rights Council. This procedure takes place for every UN member state every five years and is called "Universal Periodic Review" (UPR).
Shadow report Privacy First
At the previous UPR sessions in 2008 and 2012, the Netherlands received relatively strong criticism. Currently, the Dutch privacy outlook is worse than ever. Reason for Privacy First to actively raise a number of issues at the UN. Privacy First did this in September 2016 (a week before the UN deadline) through a so-called shadow report: a report in which a civil society organisation expresses its concerns about a particular issue. (Such reports, by the way, are subject to strict requirements at the Human Rights Council, including a strict word limit). Indeed, without shadow reporting, UN diplomats cannot do their job properly. Indeed, one would continue to depend on one-sided, mostly rosy state reports. So Privacy First served up its own report on the Netherlands in including the following recommendations:
Improving Dutch opportunities for civil society organisations to pursue class action lawsuits.
Introduction of constitutional review by the Dutch judiciary.
Better legislation around profiling and data mining.
No introduction of automatic number plate registration (ANPR) as currently envisaged.
Suspension of unregulated border control system @MIGO-BORAS.
No reintroduction of broad data retention (general telecom retention obligation).
No mass surveillance under the new Intelligence and Security Services Act (Wiv) and tighter judicial oversight of secret services.
Repeal of 'police hacking law' (Computer Crime Bill III).
A voluntary, regional rather than national SPD with 'privacy by design'.
Introduction of an anonymous public transport chip card that is truly anonymous.
In addition to the Human Rights Council, Privacy First also sent its reporting to all foreign embassies in The Hague early this year. Following this, extensive (confidential) meetings took place in recent months between Privacy First and the embassies of Bulgaria, Argentina, Australia, Greece, Germany, Chile and Tanzania, with the rank of our interlocutors ranging from senior diplomats to ambassadors. Also, Privacy First received positive responses to our reporting from the embassies of Sweden, Mexico and the UK. Moreover, some passages from our report were reproduced in the UN summary on the overall human rights situation in the Netherlands; click HERE ('Summary of stakeholders' information', paras 47-50).
Hopefully, e.g. will prove effective tomorrow. However, this cannot be guaranteed, as this is an inter-state, diplomatic process, and many issues in our reporting (and recent conversations) are equally sensitive issues in numerous other UN member states.
UN Human Rights Committee
A similar report was submitted by Privacy First to the UN Human Rights Committee in Geneva in December 2016. This Committee periodically monitors Dutch compliance with the UN Convention on Civil and Political Rights (ICCPR). Partly as a result of this report, the Human Rights Committee last week rejected, among other things, the Wiv, camera system @MIGO-BORAS and the telecoms data retention obligation (dataretention) agendized for the upcoming 2018 Dutch session (see paras 11, 27).
We hope that our input will be used by both the UN Human Rights Council and the UN Human Rights Committee and lead to constructive criticism and international exchange of best practices will lead. Privacy First will be happy to keep you updated on this.
The Dutch UPR session will take place tomorrow from 9am-12.30pm and will be live monitoring are on the internet.
Update 10 May 2017: the Dutch government delegation (led by Minister Plasterk) received critical recommendations on human rights and privacy in relation to counterterrorism by Canada, Germany, Hungary, Mexico and Russia at the UPR session in Geneva today. Click HERE for the video of the entire UPR session. Publication of all recommendations by the UN Human Rights Council will follow on 12 May.
Update 12 May 2017: Today at 6pm, all recommendations to the Netherlands by the UN Human Rights Council were published, click HERE (pdf). Useful advice to the Netherlands on the right to privacy comes from Germany, Canada, Spain, Hungary, Mexico and Russia, see paras 5.29, 5.30, 5.113, 5.121, 5.128 & 5.129. Below are the relevant recommendations. Further comments by Privacy First follow.
Extend the National Action Plan on Human Rights to cover all relevant human rights issues, including counter-terrorism, government surveillance, migration and human rights education (Germany);
Extend the National Action Plan on Human Rights, published in 2013 to cover all relevant human rights issues, including respect for human rights while countering terrorism, and ensure independent monitoring and evaluation of the Action Plan (Hungary);
Review any adopted or proposed counter-terrorism legislation, policies, or programs to provide adequate safeguards against human rights violations and minimize any possible stigmatizing effect such measures might have on certain segments of the population (Canada);
Take necessary measures to ensure that the collection and maintenance of data for criminal [investigation] purposes does not entail massive surveillance of innocent persons (Spain);
Adopt and implement specific legislation on collection, use and accumulation of meta-data and individual profiles, including in security and anti-terrorist activities, guaranteeing the right to privacy, transparency, accountability, and the right to decide on the use, correction and deletion of personal data (Mexico);
Ensure the protection of private life and prevent cases of unwarranted access of special agencies in personal information of citizens in the Internet that have no connection with any illegal actions (Russian Federation). [sic]
Update 26 May 2017: Meanwhile, a fuller UN report of the UPR session (including account of the 'interactive dialogue' between UN member states and the Netherlands) has been published; click HERE (pdf). In September, it will be known which recommendations the Dutch government will accept and implement.
Update 22 September 2017: the Dutch government has since announced (pdf) that, of the above recommendations, it accepts only the Spanish one explicitly:
Take necessary measures to ensure that the collection and maintenance of data for criminal purposes does not entail massive surveillance of innocent persons.
Privacy First considers this to be a binding international commitment and will hold the Dutch government to it, e.g. in current legislative proposals that conflict with it.
The remaining UN recommendations (by Germany, Canada, Mexico, Hungary and Russia) are, for the time being, only taken note of by the Netherlands (they are "noted", in diplomatic jargon). In doing so, the Netherlands makes only the following commitment:
"The current Action Plan will not be amended, but the recommendations [made by Germany and Hungary] will be considered during the development of a new one."
This offers some perspective. In due course, Privacy First will discuss this with the responsible ministries.