(Dieser Artikel ist auch in deutscher Sprache verfügbar)
The year 2008 did not improve the course of privacy and data protection in the Netherlands. The public debate focused on data collection systems related to fundamental aspects of Dutch citizens' lives, such as communications, health and movement. Unfortunately, there are no signs that concerns or incidental public outcry over privacy will lead to significant improvements to the design of the systems or reconsideration of their goals, merit and impact on society.
After years of negotiations, the Dutch Data Protection Authority (DPA) approved the data protection guarantees in the smart card system for the public transport sector. Besides other major implementation problems, the smart card system introduces a major privacy concern due to the planned registration of all travel movements of users of the Dutch public transport system in a central database. At the end of 2008, the DPA approved the system after receiving guarantees that only derived data would be used for marketing purposes with an opt-out and that for any processing of personal travel movements opt-in will be sought. As there are no hard guarantees that all personal travel data will be deleted or that the system will not make it possible to access travel movements in identifiable form, many have expressed their disappointment with the approval. Another transport related privacy problem that re-entered the public debate in 2008 was the planned system for road charging. The current design for the system entails the collection of details about personal travel movements.
The Dutch Parliament considered the data retention implementation law in the first half of 2008. In this context, a group of prominent academics voiced their concern that Dutch society is turning into a control society and a police state. After the Parliament adopted the law, lowering the data retention term from 18 to 12 months, the Senate has been critically looking at the proposal ever since. The Senate has also another law under consideration that would streamline access for the national security agency to datasets in the public, communications, transport and financial sector.
Probably the most prominent discussion about privacy took place in the health sector. The Electronic Patient File (EPD), a centralized system for the collection and exchange of medical data for use by medical professionals, caused widespread privacy concerns and generated 170 000 objections. Like the public transport smart card, the EPD has major implementation problems and has recently been postponed. A similar national dossier system for children, proposed to improve child care by building an extensive digital dossier of each young individual, is still on the political agenda. The broadly defined dataset, including medical data, psychosocial data and subjective opinions about children and their parents, will be updated for all children until they reach the age of nineteen, after which it will be kept for another 15 years.
Finally, a government commissioned report on the balance between privacy and security in the public sector was published. The report, titled "Do it simply, Simply do it", concludes that government and public agencies should be pragmatic, but do much more to protect privacy and deal with the possible tension between privacy and security while doing their work. The report gives a number of recommendations and a reference framework for dealing with privacy and security issues. It advises to "keep it simple, facilitate and ensure that security and privacy are mutually reinforcing as far as possible." The report has been widely interpreted in the media as a call to stop addressing fundamental questions related to the widespread processing of personal data in the public sector.
EDRi-gram: Dutch Parliament lowers data retention term to 12 months
(4.06.2008)
http://www.edri.org/edrigram/number6.11/nl-data-retention-12-months
Report, 'DO IT SIMPLY - SIMPLY DO IT, to protect security and privacy', (in
Dutch, Bijlage 4 = English Summary, 22.01.2009)
http://www.minbzk.nl/aspx/download.aspx?file=/contents/pages/96602/rap...
OV-Chipkaart roll-out creeps forward (16.01.2009)
http://www.railwaygazette.com/news_view/article/2009/01/9219/ov_chipka...
(Contribution by Joris van Hoboken)