Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


IV. Governance issues


With regard to government usage of the Internet, in 2007, "the Dutch DPA conducted an investigation into the municipality of Nijmegen's publication of planning permission data."1 The outcome was a finding that personal data – application forms about certain properties and proposed alterations to them as well as information about applicants, including their signatures – was published.2 The CBP concluded that "…the municipality may only publish compulsory data on the Internet on the property in question and the alterations proposed," and not individuals' personal data.3

To date, the public law requirement on the assignment of Internet and personal data, does not justify a situation where an administrative body automatically publishes all data on the Internet.4

Many countries, including the Netherlands, have discussed or implemented electronic means for voting in elections. Usually the manipulation of election results, either by insiders (i.e., manufacturers) or outsiders (i.e., hackers) is a concern. The Dutch debate on electronic voting also has prominent privacy features.5 Machines began replacing ballot boxes in most precincts in the early 1990s. Controversy was initiated in 2006 by a pressure group. Besides concern about the opportunities afforded by electronic voting to manipulate election results, researchers found that the machines produced radiation that could be captured with an antenna, thereby revealing the voter's choice.6 The latter issue gave both the government and the pressure group a means of legally framing the problem, as election legislation provides for a secret ballot (Dutch Constitution, Art. 53.2; Election Law, Art. J 15), but not for verification of election results. This led first to the suspension of one type of voting machine, and finally, in 2007, to the withdrawal of the approval regulation, and thereby the abolition of all voting machines. In 2008, an expert group concluded that even with a printed ballot allowing voter verification (as proposed by the Election Process Advisory Commission, 2007),7 the privacy problems could not be solved as long as any electronic device was used to select the candidate and/or cast the vote.8 This shows that the secret ballot is seen as an important aspect of privacy. Similarly, allegations that an election advice service provider was storing political preferences alongside IP addresses raised discussion.9

In April 2010, the CBP responded to a letter from the director of Dutch government IT inquiring about the legality of the usage of the BSN by the Dutch government. Although the director concluded that this usage was legal in all cases, the CBP held that the usage is illegal because the law states that government bodies can only use the BSN if it is legally required for executing their task.10

Open government

The Government Information (Public Access) Act of 1991 is based on the constitutional right of access to information. It creates a presumption that documents created by a public agency should be available to everyone. Information can be withheld if it relates to international relations of the state, the "economic or financial interest of the state," investigation of criminal offences, inspections by public authorities, or personal privacy. However, these exemptions must be balanced against the importance of the disclosure. Requesters can appeal denials to an administrative court, which renders the final decision.11

Other developments

There have been some recent developments with regard to privacy and work and social security. In one recent project, the Waterproof project, old-age pensioners and recipients of social assistance benefits in 65 municipalities in Friesland, Groningen, and Drenthe were checked for fraud based on data concerning their water consumption and the water contamination surcharge.12 The CBP investigated,  found the computer files had been linked to water data, and ruled it unlawful.13 As a result of this ruling, the Social Security and Investigation Service(Sociale Inlicktingen en Opsoringsdienst, SIOD) is now working on the development of risk analyses using Privacy-Enhancing Technology (PET).14 Here, two goals are served: combating fraud and protecting personal data.

Another way of uncovering benefit fraud is through social security investigators. The CBP has laid down an efficient process for spotting illegal activity involving personal data connected with these activities.15 Research completed in 2006 showed that compliance with the obligation to inform citizens of the fact that they had been observed was at best fleeting. Accordingly, the process description was tightened up in 2007.16

At the end of 2007, the Netherlands decided to simplify the use of BCRs (Binding Corporate Rules) in outsourcing.17 "The authority is developing an approach whereby a permit will be granted to a multinational company acting as a processor on behalf of its affiliates in countries without adequate data protection laws." The processor applies for a permit on the behalf of the controllers it works for.18 The application is required to include practical examples of the kind of data processing involved.19 "Companies then need to submit, every six months, an updated list of the controllers whose data the company processes to the Netherlands Data Protection Authority."20

Non-government organisations' advocacy work

The Bits of Freedom NGO initiated the Dutch Big Brother Awards in 2002.21 In January 2006, Bits of Freedom organised the fourth annual Dutch Big Brother Awards.22 The group gave anegative Big Brother Award to Dutch Minister for Integration and Immigration Rita Verdonk because she supplied the status of rejected asylum seeker applicants to their country of origin.23 She also repeatedly denied her actions in Parliament and attempted to minimise the impact of the information she gave.24 A positive award was given for the first time to Hans Franken, a professor of Law and Information Science at the University of Leiden and member of the Senate for the Christian-democrat party, for his consistent resistance in the Senate to mandatory data retention.25

Bits of Freedom ceased its activities on 1 September 2006, after six years of successfully defending digital civil rights.26 Nonetheless, its former members organised the 2007 Dutch Big Brother Awards, awarding the 2007 prize in the individual category to the Dutch citizen.27 When people are asked about governmentsurveillance and data mining, many people respond by declaring: "I've got nothing to hide." This attitude is the major threat to privacy in the Netherlands.28 In the corporate category, the prize was granted to the Dutch National Railroad (NS) because of its proposal for the OV Chip Card. In the government category, the Dutch Central Bank (DNB) won because of its cooperation in the extra-legal transfer of Dutch financial records to American law enforcement agencies via SWIFT.29 In the category "proposal", the electronic child file (EKD) won the prize.30

In August 2009 Bits of Freedom reformed. It strives to influence legislation and self-regulation on both the national and European levels.31

International obligations and International cooperation

The Netherlands has signed and ratified the 1966 UN International Covenant on Civil and Political Rights (ICCPR) and its First Optional Protocol, which establishes an individual complaint mechanism.32

The Netherlands is a member of the Council of Europe (CoE) and has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. It has signed and ratified the CoE's Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108)33 and the CoE's Convention on Cybercrime.34

It is a member of the Organisation for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Trans-border Flows of Personal Data.