On 22 November 2023, the Netherlands may go to the polls again for elections to the House of Representatives. Privacy First looked for you at what opportunities and risks for the right to privacy are included in the various election programmes. Below you can read (in largely random order) an impression of things that caught our eye. In this context, Privacy First would also like to refer you to the Technology Selector.
That many political parties unfortunately still do not value privacy was recently shown by revelations about tracking cookies, micro-targeting and personalised political ads. Also, many political parties use Google Analytics, among others, instead of privacy-friendly alternatives.
Apart from this, the upcoming elections promise to cause a real landslide in the political landscape. Hopefully, this will benefit the protection of privacy and other civil rights in the Netherlands.
As a classic "law and order" party, the VVD has historically not had too good a track-record when it comes to privacy. The current VVD election manifesto continues that line: it mainly focuses on more data sharing and camera surveillance for security purposes. Emblematic is the following sentence: "When privacy laws get in the way of improving the safety of citizens, we have to solve it." In other words, remove privacy barriers. The VVD is fully committed to more digitisation and artificial intelligence (AI). Among other things, the VVD also wants cold cases be able to solve problems using (foreign) genealogical databases. Bureau HALT should be able to see education records. Police officers are given Tasers (electric shock weapons) and bodycams. Asylum seekers' phones must be able to be read by the IND. The VVD favours road pricing, with as a privacy bright spot a tariff that is "not tied to the time and place where you use the car."
For years, D66 has profiled itself as "the privacy party of the Netherlands". In part, their election manifesto attests to this. For instance, while D66 is in favour of a European digital identity (eID), it is open source, decentralised and non-commercial. D66 also insists on strict purpose limitation in the use of DNA material and makes a case for maintaining end-to-end encryption and anonymity on social media (although this anonymity can be broken if someone breaks the law). Personal data of protesters should not be easily accessed by the police. Furthermore, metadata should be protected by letter secrecy, excessive data collection by governments should be curbed and a European data leak register should be established. On the other hand, D66 supports the European Health Data Space, which transfers control over access to everyone's medical data to European bodies.
Unfortunately, we read little hopeful in the CDA election manifesto when it comes to privacy. In the medical field, for instance, there is talk of "privacy rules gone mad", the CDA shows support for faster data sharing in the security domain through the Data Processing by Collaborative Groups Act (WGS) and the CDA wants to be able to ban anonymous social media accounts.
On the privacy front, GroenLinks-PvdA make an interesting combination. After all, GroenLinks has traditionally been relatively privacy-friendly, but PvdA certainly was not in the past. However, the election manifesto contains many privacy-promoting points, such as more budget for the Personal Data Authority (AP), a European ban on data trading, a right to end-to-end encryption and better safeguards against backdoors, a ban on automatic profiling by algorithms and mass surveillance, a ban on tracking software in education and a ban on trade in payment data by banks. On the other hand, GroenLinks-PvdA turns online anonymity into identifiable "pseudonymity" as soon as you are suspected of a criminal offence, data in the care and security domain should be easier to share and cash payments above 1,000 euros are banned.
In line with Pieter Omtzigt's views, we find some interesting privacy passages in NSC's election manifesto. For instance, NSC wants that when a citizen's data is requested from the government, this search request should be registered and reported to the citizen. Citizens should be able to see who is using their data for what purposes and complain about it. Companies and governments should not be able to watch every transaction. NSC is also against a European digital identity and against client-side scanning ("EU chat control"). However, the use of a personal digital safe managed by the citizen himself should be explored in digital services. The AP should have sufficient resources and the government should only restrict citizens' privacy when there is a demonstrable need, proportionate and as little as possible, with strong independent oversight. Spyware on phones should be deployed only in cases of immediate threat to national security. At NSC, however, we also read that large tech platforms should be "required to record the true identity behind accounts in their records, under penalty of hefty fines. If guidelines/legislation are violated (...) they will be fined and required to share identity with the police."
On privacy, the BBB's election manifesto shows a relatively brief and mixed picture. On the one hand, for instance, BBB talks about "respecting citizens' privacy and not going behind their front doors", BBB is against a compulsory digital identity and wants anonymous data use in the development of innovations. On the other hand, BBB is in favour of a centralised electronic patient file and wants to amend privacy legislation to allow information sharing when dealing with serious crime, the latter including the use of cash.
With the PVV, there is traditionally little about privacy in its election manifesto. It is only worth mentioning that the PVV opposes the digital euro. However, the PVV also wants a digital pillory for perpetrators of violent and moral crimes.
On privacy, the SP's election manifesto is short and clear: "We do not want state control, nor do we want Big Tech determining our choices." The AP should be strengthened. The SP does not want a digital euro and cash should be accepted. Furthermore, the SP wants free services to offer the same privacy protection as paid services.
Although the PvdD has never profiled itself as a "privacy party", it has had an excellent track-record in this area for years. The PvdD's election manifesto is testament to this. Below is a sample of their list of privacy issues:
- User control over data in "smart" devices
- Abolition of systems and apps that cannot guarantee privacy
- "Privacy by default" as default setting
- Collecting data and sharing medical data only with explicit consent
- More visibility for citizens on stored personal data and better possibilities for its deletion
- Maintaining end-to-end encryption
- No client-side scanning ("EU chat control")
- Requisition of personal data by Justice from companies only in case of concrete suspicion and after judicial review
- No hacking by investigative and security services without judicial review
- No further widening of 'Drag Act'
- Stricter standards for interception of citizens
- No public camera surveillance with facial recognition
- Camera surveillance only in court-designated high-risk areas
- Better safeguards to preserve cash
- No surveillance of peaceful protesters
- No introduction of WGS ('Super SyRI Act')
- Ban on watching software when working from home. Students may refuse watch-along software in exams.
Of the SGP, Privacy First recalls years ago a constructive privacy debate evening at the SGP Youth, where those young people seemed to have a more privacy-friendly attitude than the "old guard" within that party, something that unfortunately still applies to more parties. In terms of privacy content, however, that new generation does not yet sufficiently resonate in the SGP election manifesto. For instance, the SGP wants a national facility for exchanging patient data, national security and citizen safety take precedence over privacy, and a decryption order must become possible. On the other hand, the SGP wants the government to take measures to protect the safety and privacy of journalists, intrusions on citizens' privacy should only be allowed if necessary for the safety of individuals or the State in emergency situations, and the SGP wants a legal acceptance obligation for cash. The SGP also wants the making and distribution of videos of police and emergency workers to be banned.
Compared to the other Christian parties, the ChristenUnie's (CU) election manifesto is remarkably privacy-friendly. For example, CU wants a "legally guaranteed right to a clean slate, so consumers can request to have all their data destroyed." CU also advocates restraint in the deployment of digital surveillance systems and wants to exclude commercial use of healthcare data. CU does not want a European Citizen Service Number and is critical of European digital identity. Profiling of children and trafficking in online data about children should be banned. Social media should start using an age limit. Cash payments should remain possible everywhere. However, CU does want easier data sharing between governments.
FvD is keen to ensure anonymity on the internet. The election manifesto contains some interesting passages in that regard, including repealing the 'Sleep Act', limiting data collection from the government and "giving citizens the option not to take a static IP address" (i.e. a dynamic, less easily traceable IP address). Citizens should be able to request their own data records and "all historical QR data should be destroyed". FvD wants no European digital identity and no digital euro. Remarkably, however, FvD wants to abolish the Cookie Law.
In DENK's election manifesto, we only find that DENK wants to strengthen monitoring of algorithms through the Personal Data Authority. Missed opportunity for DENK.
For a party that recently had privacy advocate Sophie in 't Veld in its ranks, Volt's election manifesto unfortunately disappoints badly. For instance, "pseudonymity is becoming the standard on social media", or the end of online anonymity. Volt favours the digital Euro and a European digital identity. However, Volt (like almost all parties) does want the AP to be given more resources. However, Volt also wants to "deprive professional criminals of privacy", how should this be interpreted?
Like Volt, JA21 wants to "deprive professional criminals of privacy". JA21 also wants more camera surveillance and to "remove legal obstacles" in that regard. Furthermore, JA21 wants to "invest heavily in advanced surveillance technology to counter drug smuggling". JA21 also wants more targeted preventive searches using a person-centred approach and "stop the misplaced obsession with ethnic profiling". JA21 does, however, oppose the digital euro.
According to their election manifesto, BIJ1 wants, among other things, to make Dutch residents more aware of their digital rights and privacy rights. BIJ1 also wants a ban on unsolicited sales of personal information and a ban on biometric recognition software. End-to-end encryption should remain guaranteed and expansion of public camera surveillance should be stopped. BIJ1 also wants Dutch secret services to stop international exchange of un-evaluated bulk data.
On the one hand, BVNL considers camera surveillance permissible where it promotes the safety of citizens. On the other hand, BVNL reads that cops should always wear a bodycam during their work. BVNL favours digital voting only when privacy is 100 per cent guaranteed (i.e. never?). The UBO register will be abolished. BVNL does not want an identification requirement for social media use and opposes attempts to weaken or ban encryption. BVNL opposes a digital European identity and the digital euro. Cash should be kept and accepted everywhere. As a privacy-friendly alternative, Bitcoin should also become legal tender. BVNL wants to invest in technologies that promote privacy and online security. Salient detail: Privacy First founder Bas Filippini is BVNL's listduster.
Last but not least: the Pirate Party, a party that has made a huge case for privacy for many years, but has so far failed to win a parliamentary seat (in the past also led by former Privacy First chairman Ancilla van de Leest). In their current election manifesto together with The Greens, the word privacy appears no less than 61 times. Below is a sample of the privacy laundry list:
- Promoting high-quality encryption
- No mass surveillance. Collection of data only from concrete suspects, with prior judicial authorisation.
- No client-side scanning / "EU chat control"
- No large-scale telecom data retention. Ditto on travel data and biometrics.
- No automated profiling
- No public face recognition
- No general identification requirement
- As much as possible privacy by design and open source
- Transparency on smart energy meters and ability to refuse a 'smart meter'
- Better privacy safeguards for home, education and medical workers
- Better privacy safeguards in the Wiv / 'Sleep Act' (also for journalists)
- Export controls on surveillance and censorship technology
- Retaining cash, among other things for anonymity
- No financial discounts in exchange for (medical) data
- Anonymous travel should remain possible in all forms
- etc etc etc etc.