UN member states challenge Netherlands on 'ethnic profiling'
This morning in Geneva, the much-anticipated Universal Periodic Review (UPR) of the Netherlands at the United Nations Human Rights Council took place. In the run-up to this 4-year session, Privacy First and several other organisations had extensively voiced their privacy concerns about the Netherlands to both the UN and almost all UN member states; you can read more here HERE reading. The Dutch delegation at the UPR session was led by Minister Liesbeth Spies (BZK). Notable in the opening statement from Minister Spies was the following passage on privacy:
"The need to strike a balance between different interests has sometimes been hotly debated in the Dutch political arena, for example in the context of privacy measures and draft legislation limiting privacy. The compatibility of this kind of legislation with human rights standards is of utmost importance. This requires a thorough scrutiny test, which is guaranteed by our professionals and institutions. Improvements in this regard have been made when necessary, especially in the starting phase of new draft legislation. This has been done in the field of privacy, where making Privacy Impact Assessments (PIAs), describing the modalities for the planned processing of personal data, are compulsory now." (pp. 5-6, italics SPF)
A "thorough scrutiny test" and mandatory Privacy Impact Assessments are the terms that Privacy First positively noticed in this.
Prior to the UPR session, the UK had already submitted the following question to the Netherlands: "Given recent concerns about data collection and security, including the unintended consequences of cases of identity theft, does the Netherlands have plans for measures to ensure more comprehensive oversight of the collection, use and retention of personal data?" (Source) On behalf of the Netherlands answered Minister Spies answered this question this morning in Geneva as follows: "On the review of our laws on data protection, The Netherlands are currently working on a legislative proposal on data breach notification, following announcements of this proposal in the present coalition agreement. The proposal, which would require those responsible for personal data to notify the data protection authorities in case of "leakage" of personal data with specific risks for privacy (including identity theft), is expected to be tabled in Parliament in the coming months." This response is rather brief and unfortunately contains no news. However, a new Dutch law with an obligation to report data breaches will hopefully also serve as a best practice may become applicable to other UN member states. The credits for this go to our colleagues at Bits of Freedom who have been working on this for a long time.
During the UPR session mentioned Estonia the protection of privacy and personal data a "human rights challenge of the 21st century". The subject of privacy was then critically raised by Morocco: "Quelles sont les mesures concrètes entreprises par les autorités néerlandaises pour sécuriser l'utilisation des donnés personnelles?" The Philippines brought the right to privacy also comes up, but only as follows: "The Philippine delegation appreciates the frank assessment of the Netherlands of the obstacles and challenges it has to hurdle in the implementation of the right to privacy especially in the area of protection of personal information." Qualitatively better were the comments from Greece, India, Russia and Uzbekistan. Greece stated preventive search addressed: "We take note of reports regarding the issue of preventive body searches. We recommend that the Netherlands ensure that in its application of preventive body searches, all relevant human rights are adequately protected, in particular the right to privacy and physical integrity and the prohibition of discrimination on the basis of race and religion." India spoke Netherlands on ethnic profiling of citizens: "We encourage the Dutch Government to take concrete measures to combat discrimination including discrimination by the Government such as ethnic profiling." Also Russia advised Netherlands "to introduce measures to stamp out discrimination arising as a result of the practice of racist, ethnic or religious profiling." Uzbekistan spoke Netherlands on this as well: "We are concerned about the existence of information on the increasingly broad use by the police of racist profiling."
In response to these points referred Minister Spies to recent Dutch investigations by police, academics and the National, Amsterdam and Rotterdam Ombudsman on preventive searches, discrimination and 'ethnic profiling'. About digital profiling (in general) she further stated the following: "In its recent proposal for a general Data Protection Regulation, the [European] Commission has included rules on profiling, which can address the problems associated with profiling and the protection of personal data. The Netherlands endorses the need for clear legislative rules with regard to this topic, given the specific challenges for privacy protection that this technique entails. This is also the background against which the Netherlands welcomed in 2010 the Council of Europe Resolution on this topic, which contained a useful definition of profiling that would also be beneficial for inclusion in the [European] Commission proposals. The Netherlands will draw attention to this ongoing discussion in Brussels. The Regulation, once in force, will be directly applicable in the Netherlands."
All in all, this constitutes a reasonable harvest if one realises that the issue of privacy has played virtually no role at the UN Human Rights Council until now. However, it is unfortunate to note that most countries still hardly dare to mention this topic, let alone ask concrete, critical questions about it. Many of Privacy First's recommendations remained undiscussed during the UPR session, while diplomats in Geneva and The Hague had previously shown extensive interest in them. Perhaps they were still "whistled back" from the departments in the various capitals, as many privacy issues are also sensitive at home? Who knows... The fact remains, however, that the international community was given ample information by Privacy First and that the Dutch UN delegation led by Minister Spies was "on edge" partly because of this. This can only benefit privacy awareness and protection inside and outside the Netherlands. In the end, that is what we are all about.
Update 4 June 2012: this afternoon, a working group of the Human Rights Council took a draft report on the Dutch UPR session to. The final version of this report will be adopted by the Human Rights Council in September 2012, accompanied by (substantiated) acceptance or rejection by the Netherlands of each individual recommendation in the report. The House of Representatives will also debate the issue.
In total, 49 countries participated in the Dutch UPR session. It was notable that Belgium, Italy and Austria did not participate in the session (Belgium and Italy had signed up previously registered). As far as Austria is concerned, this is particularly unfortunate because, of all the UN member states, it was precisely Austria that had shown the most interest beforehand in the Privacy First's shadow report and had hinted at making a strong, general recommendation to the Netherlands on the right to privacy.
Update 21 September 2012: this morning, the UN Human Rights Council discussed the recommendations to the Netherlands and the Dutch permanent representative in Geneva explained which recommendations were accepted or rejected by the Netherlands; see this UN document and this video recording. The two recommendations of the Human Rights Council that dealt with ethnic profiling and preventive searches were both adopted by the Netherlands, with the following explanation:
– ethnic profiling: "The Dutch government rejects the use of ethnic profiling for criminal investigation purposes as a matter of principle." And on profiling in general: "In its recent proposal for a General Data Protection Regulation, the European Commission included rules on profiling that address problems that may arise due to the increasing technical possibilities for in-depth searches of databases containing personal data. The Netherlands endorses the need for clear legislative rules on this subject, given the specific challenges for privacy protection that this technology entails." (Source, 98.57 & n. 75).
- Preventive searches: "The power to stop and search is strictly regulated in the Netherlands. The mayor of a municipality may designate an area where, for a limited period of time, preventive searches may be carried out in response to a disturbance of or grave threats to public order due to the presence of weapons. The public prosecutor then has discretion to order actual body searches and searches of vehicles and luggage for weapons." (Source, 98.74 & n. 95).
See also this statement of the Netherlands Lawyers Committee for Human Rights (NJCM) that morning (video). Like the NJCM, Privacy First regrets the lack of government consultation in the run-up to today's UPR session.
The session from 31 May can be seen in full below (click HERE for image clips for each country separately):