Winners Dutch Privacy Awards 2021 announced!
At the National Privacy Conference of Privacy First and ECP, the Dutch Privacy Awards were presented today, on the European Privacy Day. The winners of the Dutch Privacy Awards 2021 are STER, NLdigital, Schluss, FCInet & Ministry of J&V.
Advertising without storing personal data, contextual targeting: proven to work
The Stichting Ether Reclame, better known as the STER, was one of the first organisations in the Netherlands to abandon the common model of offering advertisements based on information collected through cookies. The STER has developed a procedure that only uses the relevant information on the webpage visited. No more personal data is collected at all (data such as browser version, IP address and click-through behaviour). Advertisers submit to the STER their ads to be placed. Those ads are placed based on the protocol developed by the STER, which is based on a number of simple categories. Those categories are linked to the information being shown, such as a TV programme requested by someone. The protocol has been built and refined over the past period and is now working properly.
In this way, STER kills several birds with one stone. Most importantly, initial applications show that this approach is at least as effective for advertisers as the old cookie-based way. Second, the approach removes parties from the chain. Data brokers who fulfilled a role in the old system are now redundant. Beyond the financial gain this brings to the chain, it also prevents data from ending up with parties that really have nothing to do with it. And thirdly, STER keeps the advertising campaigns in its own hands.
This makes STER a deserved winner of the Dutch Privacy Awards. The elaborated concept is innovative and it contributes to protecting citizens' privacy without them having to put in any effort. STER is also exploring the possibilities of using the approach more widely. That too is innovation that the jury applauds.
In this sense, STER's approach is also a well-founded rebuttal to the data-mongering superpowers on the market. Because STER hereby shows that this endless collection of personal data is not at all necessary to get your message right, whether commercial or idealistic.
It could have possibly also competed as a Business-to-Business entry, but the direct interest of consumers made this category chosen.
Organisationally innovative and practically applicable: Data Pro
Often, entries for the Privacy Awards relate to technical innovations. At Data Pro, it is not the technology but the approach that is innovative. Data Pro focuses primarily on processors rather than controllers and has given concrete substance to AVG obligations through agreements. This allows processors to make agreements faster, practical and sufficiently careful, and they are also verifiable on them. Many companies provide services by providing applications, which involve data processing. And that requires processor agreements, which are not easy to apply for every organisation. Completing the corresponding statement leads to an appropriate processor agreement for clients.
Data Pro is a practical instrument, usable for the target group: ICT companies that process data on behalf of others. Central is the Code of Conduct Data Pro, drawn up as an elaboration of Art. 28 of the AVG, with and by the participants/members (600), approved by the Personal Data Authority and leading to a publicly accessible certification.
Winner: FCInet & Ministry of J&V
Ma³tch, privacy on the government's agenda: innovative data minimisation
Ma³tch is innovative, privacy-enhancing technology that is now helping the Ministry of Justice and Security fight (international) crime. It enables the Financial Criminal Investigation Services (FCIS) to share datasets securely and pseudonymised at national level (FIU-Netherlands and the FIOD), as well as internationally. Ma³tch is a technology that supports/enforces that involved parties can carefully weigh up each data field. This can be both about which data they want to compare and based on which conditions. This ensures that parties can set up the infrastructure in such a way that it can be technically enforced that data is only exchanged on a legitimate basis.
Via hashing, organisation A encrypts (bundles of) personal data in such a way that a receiving party B has the possibility to check whether a person known to organisation B is also known to organisation A. Only if it turns out that there is a match (because the list of known persons in hashed form from organisation B is run against the list of persons in the sent list) does the next step take place where information about the person in question is actually requested by organisation B from organisation A. The check takes place in a secure decentralised environment, so organisation A does not know whether there is a hit or not. The technique thus prevents the unnecessary knowledge of personal data in the context of comparisons.
This technique offers wider possibilities for application. This was also an important reason for the submission: the technique can be reused in many other organisations and systems. The open source code shows how it works, reuse in many areas is possible and encouraged. Partly for this reason, the jury assessed this initiative as a good investment in privacy by the government, which also shows that privacy is really on the agenda there.
Schluss applied for the 2021 Privacy Awards for the third time. That is not the reason for the Incentive Award, even though it may encourage others to persevere.
The reason is that it is a very nice initiative aimed at self-management of personal data. In the form of an App, the private user gets a vault for his/her personal data, from medical to financial and other data. The user decides who or which organisation gets access to the data. The others who get access to the data no longer have to store the data themselves, is the idea. The organisation Schluss also does not get to see who uses the app, it only facilitates. The open-source technology guarantees transparency about how the app works.
It won the prestigious Encouragement Award because it still lives in a beta version. However, promising projects have been launched with the Volksbank and a pilot in cooperation with the Royal Notarial Association. Based on the mission statement "With Schluss, you, and only you, decide who can know what about you", the organisational form of a cooperative was chosen. This element also appealed to the jury. With this national Encouragement Award, the jury hopes to encourage the initiators to continue along the chosen path and persuade parties to join forces with Schluss.
There are four categories for which entries could be nominated:
- Consumer Solutions category (from businesses for consumers)
- category Business solutions (within a company or business-to-business)
- category Public services (from government for citizens)
- Incentive award for a pioneering technology or person.
From the various entries, the independent expert jury had determined the following nominees in each category, in no particular order:
- Ministry of Health, Welfare and Sport (CoronaMelder)
- FCInet & Ministry J&V (Ma³tch)
- Roseman Labs (Secure Multiparty Computation)
- NLdigital (Data Pro)
- Simple Analytics
- STER (Contextual targeting)
- 4MedBox (4LifeSupport)
During the National Privacy Conference all nominees presented their projects to the digital audience through Award pitches. The Awards were then presented. Click here for the entire jury report (pdf) with participation criteria and explanation of all nominees and winners.
National Privacy Conference
The National Privacy Conference is an initiative of ECP|Platform for the Information Society and Privacy First. This conference annually brings together Dutch business, government, science and civil society to jointly build a privacy-friendly information society. Mission of the National Privacy Conference and the Dutch Privacy Awards is to develop the Netherlands into an international Privacy Guide Country. Privacy by design constitutes the key to this.
Speakers were successively
- Monique Verdier (vice-chairman Personal Data Authority)
- Judith van Schie (Considerati)
- Erik Gerritsen (Secretary-General, Ministry of Health, Welfare and Sport)
- Mieke van Heesewijk (SIDN fund)
- Peter Verkoulen (Dutch Blockchain Coalition)
- Paul Tang (Labour Party MEP)
- Ancilla van der Leest (chairman Privacy First)
- Chris van Dam (CDA MP)
- Evelyn Austin (director Bits of Freedom)
- Wilmar Hendriks (jury chairman Dutch Privacy Awards).
The entire conference was streamed live from Nieuwspoort and is available at https://youtu.be/asEX1jy4Tv0.
Jury Dutch Privacy Awards
The Awards jury consists of independent privacy experts from various sectors:
- Wilmar Hendriks, founder Control Privacy and member Advisory Board Privacy First (jury chair)
- Ancilla van de Leest, chairman Privacy First
- Paul Korremans, partner Comfort-IA and data protection officer (also board member Privacy First)
- Marc van Lieshout, managing director iHub, Radboud University Nijmegen
- Alex Commandeur, senior advisor BMC Advies
- Melanie Rieback, CEO and co-founder Radically Open Security
- Nico Mookhoek, privacy lawyer and founder DePrivacyGuru
- Rion Rijker, privacy and information security expert and IT lawyer, partner Fresa Consulting.
To ensure that the election of the Awards is conducted objectively, the jury is not allowed to judge an entry from its own organisation or an organisation in which a jury member has an interest.
Privacy First organises the Dutch Privacy Awards with support from Democracy & Media Foundation and The Privacy Factory, in collaboration with ECP.
Would you like to become a sponsor of the Dutch Privacy Awards? Then please contact on with Privacy First!