Privacy First nominations for Big Brother Awards

At the end of this summer, our colleagues at Bits of Freedom will once again organise the annual Big Brother Awards. Below are our nominations for the biggest Dutch privacy violations of the past year:

1. ANPR plans by minister Opstelten
   If it were up to Minister Opstelten, the travel movements of every motorist in the Netherlands would henceforth be stored for four weeks in a police database via automatic number plate recognition (ANPR) for detection and prosecution of criminal offences. In Opstelten's eyes, every motorist is therefore a potential criminal. Privacy First considers this proposal completely disproportionate and therefore in violation of the right to privacy as it applies to every citizen under Article 8 ECHR. Should Opstelten's plan be made law by the Dutch parliament, Privacy First will immediately take the Dutch State to court for unlawful legislation in violation of the right to privacy; see http://www.privacyfirst.nl/aandachtsvelden/cameratoezicht/item/615-iedere-automobilist-wordt-potentiele-verdachte.html.
2. Hacking proposal by minister Opstelten
   A second unsavoury plan by Minister Opstelten is to give the police the power to hack into citizens' computers and require citizens to decrypt encrypted files for the police. Privacy First also considers this plan completely contrary to the right to privacy, as it is unnecessary and disproportionate. In addition, the proposal violates the ban on self-incrimination (nemo tenetur). The proposal lays the foundation for future abuse of power and, in Privacy First's view, is a typical building block for a police state rather than a democratic constitutional state. For our main objections, see http://www.privacyfirst.nl/aandachtsvelden/wetgeving/item/659-bezwaren-van-privacy-first-tegen-de-hack-plannen-van-opstelten.html.
3. License plate parking
   An increasing number of cities (including Amsterdam) have recently introduced mandatory license plate parking. Privacy First champions the classic right of citizens to travel freely and anonymously in their own country. This includes the right to park anonymously. License plate parking tramples this right. Moreover, it leads to function creep (purpose shifting) in violation of the right to privacy, including the Tax Office's already proven misuse of lease drivers' parking data; see http://www.nrc.nl/nieuws/2013/07/29/privacywaakhond-het-servicehuis-parkeren-overtreedt-de-wet/.
4. Trajectory checks
   Speed measurements through section controls continuously record the travel movements of motorists on highways. This constitutes a massive infringement of the right to privacy. Such an infringement requires a specific legal basis backed by safeguards against abuse. However, no such legal basis exists for route controls. As such, route controls constitute a collective violation of the right to privacy. Moreover, here too there is the danger of function creep (purpose shifting); this is already evidenced by Minister Opstelten's current plans to soon start using all section control cameras over motorways also for automatic number plate recognition (ANPR) to detect and prosecute a wide range of offences, collection of outstanding fines, tax debts, etc.
   
5. Drones
   In addition to fixed cameras in residential areas, shops, stations, above motorways, etc., citizens are increasingly spied upon - and almost unnoticed - by flying cameras: so-called drones. This is done both by the government (especially the police) and private parties, but as yet without adequate legal regulation. As a result, the privacy risks and chances of accidents are enormous. Privacy First therefore advocates a moratorium (suspension) on the use of drones until robust national regulations are in place. Also, it would drones should only be used by public authorities in exceptional cases, such as disaster relief or to trace suspects of very serious crimes, and only if no other adequate means exist. A licensing system should be introduced for private parties, with strict supervision and enforcement in this respect. Also, any drone to be fitted with a publicly identifiable transponder.
   
6. Taser weapons police
   In September 2012, it was announced that Minister Opstelten was to replace the entire Dutch police force with Taser-weapons (electric shock weapons). In Privacy First's view, the use of Taser-weapons easily lead to violation of the international ban on torture (state torture) and the related right to bodily integrity (the latter being part of the right to privacy). Taser-After all, guns lower the threshold of violence and leave hardly any external marks. At the same time, Taser-weapons cause serious physical and mental harm. Combined with the current lack of weapons training among the Dutch police, this poses serious risks to the Dutch population. In May 2013, the Dutch government had to answer to the UN Committee against Torture in Geneva about Opstelten's plans; see http://www.privacyfirst.nl/aandachtsvelden/wetgeving/item/650-nederlandse-taser-wapens-op-vn-agenda.html. Nevertheless, Opstelten's intentions seem unchanged for the time being...
7. SPD
   In April 2011, the introduction of a national Electronic Patient Record (EHR) was unanimously rejected by the Senate due to privacy concerns and security risks. Since then, however, private efforts have been working towards national introduction of almost exactly this same EHR, with regional exchange of medical data via a National Switch Point (LSP). By definition, this leads to function creep by design instead of privacy by design. Indeed, the digital 'regional partitions' in and around the LSP will be easy to bypass or remove. The entire system can therefore return to its old, centralised form at any future time, with all the privacy and security risks that this entails. In addition, the current set-up involves generic rather than specific consent from patients to share their medical data with healthcare providers (and future third parties). This poses an acute threat to both medical privacy and medical confidentiality.