Privacy First puts Dutch privacy violations on UN agenda

On 31 May 2012, the time will come again when the Netherlands will be scrutinised in Geneva by the world's highest human rights body: the United Nations Human Rights Council. The UN Human Rights Council was established in 2006 and comprises 47 of the 192 UN member states. Since 2008, the human rights situation in each country has been periodically assessed by the Human Rights Council. This procedure takes place every four years for each UN member state and is called "Universal Periodic Review" (UPR). At the first UPR session in 2008, the Netherlands was right on top, receiving a lot of criticism around the ears. Anno 2011, the Dutch privacy situation is even worse than in 2008: reason for Privacy First to raise a number of issues with the UN. Privacy First did this last night by means of a so-called shadow report: a report in which civil society organisations can express their concerns about a certain issue. (Incidentally, such reports are subject to the following rules at the Human Rights Council strict requirements, including a 2815-word limit). Without shadow reports, diplomats in the Human Rights Council cannot do their job properly. After all, one would continue to depend on the state reporting from the Netherlands itself. So Privacy First submitted its own report containing the following recommendations:

- No national biometric database, even in the long term,

- No introduction of mobile fingerprint scanners,

- Introduction of an anonymous public transport chip card that is truly anonymous,

- No introduction of automatic number plate recognition (ANPR) as currently envisaged,

- Openness and suspension of new border control system @MIGO,

- A voluntary, regional rather than national SPD with 'privacy by design',

- Good legislation around profiling (profiling citizens).

Our entire report can be found HERE to. We hope that our recommendations in the Human Rights Council will be adopted and lead to international exchange of best practices. Privacy First will be happy to keep you informed of these developments.

Update 23 March 2012: this week, the long-awaited Dutch UPR state report to Human Rights Council. Also, the previously submitted NJCM shadow report (also on behalf of 24 other civil society organisations) publicly. The NJCM report contains a highly critical privacy paragraph calling - in parallel with Privacy First's recommendations - for, among other things, the withdrawal of the current plans on ANPR and mobile fingerprint scanners; see pp. 6-7 of the NJCM report. Relevant reports from other organisations can be found HERE.

In official preparation for the Dutch state report, two major consultation meetings with Dutch civil society (NGOs) took place at the Ministry of the Interior (BZK) in recent months. At the first meeting on 1 December 2011, Privacy First urged the inclusion of a separate section on privacy in the state report. At the second meeting on 16 January 2012, Privacy First asked whether this paragraph would explicitly mention "privacy by design". The Interior Ministry responded positively to both Privacy First's requests. However, the privacy paragraph in the state report proved to be relatively short, superficial and evasive. Significantly, this paragraph is in the "challenges and constraints" section. This makes a defensive impression. Even more telling is the following sentence: "The challenge will now be to ensure that all these [privacy infringing] measures are implemented." Apparently, the Dutch state is not convinced of its own case ... And rightly so. Positives include only the mention of "privacy by design", the WRR report iGovernment and the following passage:

"In addition, partly in response to concerns expressed in Parliament, certain policy measures that impact on privacy are currently being modified, as for example the discontinuation of the storage of fingerprint data on national ID cards and within the passport database."

Privacy First interprets this passage as an international statement (unilateral statement) of the Netherlands to permanently stop storing fingerprints on identity cards as well as in the travel documents administration. Privacy First will be happy to keep reminding the Dutch government of this.

Update 5 April 2012: international lobbying around the Netherlands' UPR session on 31 May next is now in full swing, both at foreign embassies in The Hague and at permanent representations of UN member states in Geneva. In that context, an important 'UPR pre-session' place in which various human rights organisations were able to voice their concerns about the Netherlands before a wide audience of foreign diplomats. Click HERE for an English-language impression of the meeting on the Netherlands. The statement which Privacy First presented at this meeting can be found HERE and can also be downloaded from the website of the Dutch Human Rights Institute-in-residence.

Update 21 April 2012: Based on all the shadow reports (including Privacy First's) received by the UN in late 2011, an official UN summary has now been prepared in Geneva. This "summary of stakeholders' information" you will find HERE. In addition to Privacy First, the NJCM (also on behalf of the Civil Rights Protection Platform), Bits of Freedom, the Dutch Data Protection Authority, Vrijbit and the Meldpunt Misbruik ID-plicht also sent their privacy concerns in writing to Geneva; all these reports will soon appear on this UN page. As far as Privacy First is aware, this has not happened on this scale before. As a result, for the first time in history, the issue of privacy features prominently in a UN report on the Netherlands, more prominently also than in other summaries such as about the United Kingdom. It is also noteworthy that the UN included a passage on profiling Quoting from Privacy First's report: "digital profiles can be extremely detailed and profiling can easily lead to discrimination and 'steering' of persons in pre-determined directions, depending on the 'categories' their profiles 'fit into' and without the persons in question being aware of this." (UNsummary, para 65). All this can rightly be called a breakthrough that will hopefully bear fruit during the session on 31 May next.

Update 23 May 2012: in recent months, Privacy First has held a series of useful discussions with foreign diplomats in Geneva and The Hague. Meanwhile, on the UN UPR website already a number of so-called "advance questions" from UN member states appeared, including the following question from the UK to the Netherlands: "Given recent concerns about data collection and security, including the unintended consequences of cases of identity theft, does the Netherlands have plans for measures to ensure more comprehensive oversight of the collection, use and retention of personal data?" (Source) Privacy First views further questions from UN member states on Dutch privacy concerns with confidence.