Lower house demands 'privacy by design'
These are turbulent times in privacy land. Partly due to pressure from Privacy First, there has been a positive turnaround since last year. Privacy is increasingly higher on the political agenda. Media report on privacy issues more frequently and extensively. As a result, privacy awareness among the Dutch population is increasing. This strengthens our democratic constitutional state. Examples of positive developments are the abolition of road pricing (no 'spy box' in the car), voluntary instead of mandatory 'smart energy meters', voluntary instead of mandatory body scans at airports, abolition of fingerprint storage under the Passport Act and the introduction of Privacy Impact Assessments to new legislation affecting citizens' privacy. All these developments fit perfectly with Privacy First's motto: "own choices in a free environment". At the same time, the privacy-restricting forces of yesteryear are still pulling plenty of strings. "Bad habits die hard." In recent months, this was particularly evident in developments towards a private relaunch of the national Electronic Patient Record (EHR). Earlier this year, the Senate had rightly relegated this SPD to the dustbin. Some policymakers and commercial parties were apparently opposed. With similar stubbornness, others are currently trying to implement their old plans for Automatic Number Plate Recognition (ANPR) and camera surveillance at land borders push through. These plans were on the drawing board years ago, at a time when privacy seemed increasingly taboo. A time when the Bush administration could still saddle the entire European Union with biometric passports and associated databases. Those days are now gone, but its legacy still lingers long after
Privacy is now back on the scene. Privacy is the "new green". In this respect, the proponents of a nationwide SPD and ANPR behave like a bunch of old environmental polluters. Like rusty old factories from the 1970s that - without realising it themselves - have been teleported to the year 2011. The House of Representatives seemed to sense this well when it last week unanimous a motion adopted on an issue that Privacy First has been addressing since its inception insists: "Privacy by Design". In other words, building in privacy protection from design in a technical sense, at the micro level, through Privacy Enhancing Technologies (PET). However, in Privacy First's view, the principle of "Privacy by Design" also applies at the meso and macro level. So in organisational and in legal terms. After all, this is how you achieve privacy-friendly design and practice of a sustainable information society as a whole. Anyway, you can philosophise further on this yourself. For inspiration, Privacy First is happy to provide you with the entire text of the parliamentary motion along:
The Chamber,
having heard the deliberations,
whereas in government ICT projects, there is too little attention to the protection of privacy and too little attention to preventing the misuse of these systems;
whereas citizens' privacy should not be invaded beyond what is strictly necessary and insecure systems compromise privacy;
whereas systems that can be easily hacked seriously damage the prestige of government;
whereas, retrofitting systems to ensure privacy and enhance security is generally more expensive and often leads to a lower level of protection than when privacy and security are preconditions at the beginning of a project;
Calls on the government to apply privacy by design and security by design in the development of all new ICT projects to be launched so that new ICT systems are more secure and better able to withstand misuse and contain privacy-sensitive data only when strictly necessary,
and moves on to the order of business.