Mobilizing for Privacy: Civil Society Advocacy against Surveillance in the Netherlands

This article discusses how civil society is mobilizing international human rights to advocate for more privacy and personal data protection. In comparison to other European countries, privacy advocacy has commenced relatively recently in the Netherlands. Since 2009, civil society has expressed its concern about increased state surveillance at the international, national and local level. The article ends by discussing from a political and judicial perspective if human rights mobilization is an effective strategy to ensure compliance with privacy and data protection law in the Netherlands.


Introduction
As digital personal data is increasingly collected, retained, processed and shared between governmental agencies in Netherlands, civil society is beginning to express discontent in relation to the lack of protection and accountability of the so-called information-Government (i-Government) (Prins, 2011).The concept of i-Government implies that the government, by using information and communication technologies (ICT) has become an independent actor in the information society and therefore the concept of e-Government, which usually only refers to the use of ICT, is no longer sufficient.Increasingly governments employ data collection, data retention, data mining and cross-sharing techniques not only to govern, but also to minimize all major and minor risks to society.For instance, governments may use surveillance technology to collect personal data about individuals and groups who could potentially pose a threat to national security (Prins, 2011).
The Dutch government's activities within this context are by no means unique.Many European countries are slowly turning into so-called surveillance societies (Wood & Webster, 2009;Lyon, 2007).For example, the allegedly inappropriate and excessive use of surveillance technologies by British local governments led to a fierce debate (MacDonald, 2011).Surveillance societies "function, in part, because of the extensive collection, recoding, storage, analysis and application of information and individuals and groups in these societies as they go about their lives" (Wood & Webster, 2009;Lyon, 2007).This development of personal data collection, data mining and data retention affects everybody, including potential suspects, illegal migrants as well as privacy activists, who run the risk of being -preventively -labelled as a possible threat to society.
Only recently has Dutch civil society begun to express some concerns about i-Government's surveillance strategies and their effect on the right to privacy and personal data protection (Prins, 2011).Ordinary citizens are likewise becoming increasingly aware of the potential dangers thanks to creative public manifestations such as the 'Privacybarometer', the annual 'Big Brother Awards', and the fake governmental brochure offering a free tattoo of the so-called 'Burgerservicenummer' (each Dutch citizen is given a personal identification number by the government) (Böhre, 2010).As of 2009 a number of non-governmental organizations (NGO's) have been mobilizing international human rights (Note 1) in relation to privacy and data protection concerns.In 2009 several organizations under the leadership of the Dutch Section of the International Commission of Jurists (NJCM) raised the issue of the new Passport Act, which includes the creation of a national biometric database (fingerprints), at the United Nations Human Rights Committee, whereas the privacy NGO Vrijbit issued a complaint at the European Court of Human Rights (Binnenlands Bestuur, 2009;NJCM, 2009).In the Dutch context the mobilization of international human rights appears remarkable, especially because the conflict thereby became, as Sally Engle Merry calls it, 'vernacular' (Wilson, 2007) (Note 2).This implies that the conflict is simultaneously international, national and local and in order to suit these different stages it is translated by so-called intermediaries, in this particular case civil society organizations.
Regarding these aforementioned developments this article raises the question, why at the end of the first decade of the 21 st century Dutch NGO's use a human rights discourse to translate their privacy and personal data concerns to the international level.It primarily focuses on the period between 2009 and 2011.The first section reviews the Dutch context of privacy and data protection to those in surrounding European countries, including Germany and the United Kingdom.The role of civil society in the public debate about i-Government and surveillance strategies is reviewed in the second section.In the following section, the mobilization of human rights by civil society at the international level is analyzed.Before the conclusion, a brief commentary on the governmental response to civil society's privacy and data protection advocacy is deliberated upon.

The Dutch on Privacy and Data Protection
The last couple of years civil society has become more vocal about the protection of the right to privacy and personal data in the Netherlands.As public debate surrounding this topic had virtually been non-existent until 2009, one could conclude that this is quite a recent phenomenon within Dutch society (Prins, 2008;Vedder, Wees, Koops & De Hert).The consensus was, and to a certain extent still is, that the Dutch are not really concerned about their right to privacy and personal data protection.For instance, a public opinion poll conducted in 2008 by the European Commission showed that the vast majority (82 percent) of the people interviewed felt that their fellow citizens have little awareness about the importance of the right to data protection (Eurobarometer, 2008, 20-21).This does not mean that the Dutch are not at all concerned about privacy and how i-Government deals with their personal data (CPB, 2009b;De Koning, 2008).The most likely explanation for this apparent contradiction is that the Dutch traditionally have trusted their government and this may also apply to i-Government's use of technology (Bélanger & Carter, 2008).Also there is a sense that there is nothing one can do about technological developments.Last but not least, the Netherlands, unlike surrounding countries, has not been confronted with large-scale data leaks that have influenced public opinion.
From a European perspective, the general attitude in the Netherlands regarding the right to privacy and data protection is remarkable.Dutch citizens appear to have more confidence in the i-Government than other European citizens.Since 1991 public opinion polls conducted in the European Union have consistently shown that in comparison to surrounding countries the Dutch are less concerned about how the i-Government and private organizations handle data protection (Eurobarometer, 2008) (Note 3).Moreover, the Dutch are not only less concerned than their neighbors, but have in recent years they worry less.This stands in sharp contrast to, for example, the situation in the United Kingdom and in Germany (Eurobarometer, 2008).To illustrate, in 1996 49 percent of German respondents and 81 percent of English respondents were very concerned about data protection, whereas in the Netherlands this was just 47 percent.In 2008, when respondents in the European Union were confronted with the same question, the score for Germany was 86 percent, the United Kingdom 76 percent and the Netherlands 32 percent.Furthermore, public concern about the right to privacy and data protection is also more intense in Germany and in the United Kingdom than in the Netherlands.This is partly caused by the fact that in relation to this particular issue civil society in these countries has been more outspoken and better organized.What is remarkable, however, is that the reputation of the British and German i-Government in relation to privacy and data protection differs significantly.The United Kingdom has quite a bad reputation, whereas Germany enjoys quite a good reputation.In 2007, for instance, the NGO Privacy International in her ranking of leading surveillance societies classified England as an 'endemic surveillance society' and Germany as 'some safeguards, but weakened protections' (the Netherlands fell between both with 'systematic failures to uphold safeguards') (Murakami & Ball, 2006, 5;Privacy International, 2011) (Note 4).Thus, the extent to which European countries have developed into surveillance societies and the reputation of the government in ensuring the right to privacy and protecting personal information does not relate to the level in which public debate focuses on these issues nor on the extent to which civil society is mobilized.

Human Rights Mobilization
Currently, public discourse on the role of government in safeguarding the rights to privacy and data protection often includes references to human rights.Furthermore, advocacy on the international level is surprising, because at the national level law explicitly protects the right to privacy and personal data (Note 5).Also, civil society fears that the Netherlands, which since the 1980s has protected privacy quite rigidly, is slowly turning into a surveillance society (Vedder et al., 2007).The involvement of the 'nanny state' in people's personal lives is especially contested.For instance, on the website of 'Ouders Online' ('Parents Online') one can read about privacy concerns in relation to the Municipality of Amsterdam's electronic child welfare file: "Nagging about privacy is perceived as annoying in Amsterdam" (Pardoen, 2007).In this particular case it is contested by civil society that local child welfare services should have the authority to collect the personal -medical -data of all minors (not just those who require special attention), which includes their cognitive development, family structure, race and school achievement.Other organizations such as the human rights NGO's the NJCM operate with a broader perspective and advocate the protection of all human rights, including the rights to privacy and data protection (Paul, 2000).Individual citizens have tended to become actively involved with these issues only when the protection of their own rights is at risk.This could be caused by a perceived infringement of their right to privacy by social security agencies or as a result of suffering the consequences of identity fraud.
Civil movements, human rights organizations and citizens have communal and individual strategies to raise awareness about data protection and privacy concerns.Among other things they lobby, publish press statements, organize seminars, develop and maintain discussion forums on the internet, use Facebook, write blogs, send text messages, submit petitions to national and international authorities, write letters to politicians or policymakers, contribute or write proposals for new laws and submit complaints to the courts.For instance, the NGO Bits of Freedom submitted a proposal for a draft law which would ensure that governmental agencies and organizations must report data loss to a special database (van Daalen, 2011).When citizens do something they are often inclined to submit a complaint to the responsible authority, go to court or inform the press.Last year, for example, five students who all use a student card for free public transport (OV-card) filed a request to the Dutch Data Protection Authority (CBP) to ensure that all public transport companies comply with data protection law while collecting and using the personal data of students (De Clinic, 2010).Furthermore, in 2009 a man uploaded a homemade film on YouTube of public officials of the Rotterdam Department for Urban Planning and Housing ('Dienst Stedenbouw en Volkshuisvesting') entering his house without a warrant (Geenstijl, 2009;SP Rotterdam, 2009) (Note 6).With these kinds of initiatives civil society tries to raise political and judicial awareness and thereby create social change.
The process by which Dutch civil society attempts to create social change may be understood as 'issue politics' or 'the legalization of politics' (Bovens, Derksen, Witteveen, Becker & Kalma, 1995;Wilson, 2007).This entails that civil society organizes itself to advocate a particular issue, and tries, often supported by court rulings or the recommendations of international human rights committees, to create public awareness and establish political accountability.The question remains, however, as to who civil society exactly represents and whether its strategies to protect privacy and personal data are legitimate (ICHR, 2010;Prins, 2007).Both NGO's and citizen mobilize human rights and/ or civil rights in their discourse on infringements on the right to privacy and personal data protection.To illustrate, in 2009 Dutch civil society turned against the new Passport Act that implemented a European Union Regulation in the Netherlands.The section which required the creation of a national database for fingerprints, which would not only be used to prevent identity fraud but could also be accessed under particular criteria by law enforcement agencies, was fiercely contested.Before and especially after the Act was passed in the Senate, several NGO's expressed their concerns in the media, by lobbying in the Parliament, by beginning legal proceedings and by issuing complaints to international human rights bodies (Prins, 2011).The NJCM, for example, gave a number of interviews in newspapers, as well as on radio and TV.Additionally, in its shadow report to the Human Rights Committee, the treaty body of the United Nations International Covenant on Civil and Political Rights '(ICCPR'), the NGO stated that a national database for fingerprints was a human rights violation, in particular as it fails to comply with article 17 of the ICCPR (right to privacy) (NJCM, 2009).Furthermore, the NGO Vrijbit released a number of press statement and applied, without first issuing a complaint to a Dutch court, to the European Court of Human Rights.In its application, which included a request for an interim measure as well, Vrijbit argued that Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms, which protects private and family life, would be violated by the Passport Act (ECtHR, 2009).In conclusion, both NGOs advocated the issue of the national database for fingerprints simultaneously, at the national and international level with explicit reference to international human rights.Last but not least, several individuals and a private foundation, Stichting Privacy First, have initiated legal proceedings at the national level as well (Privacy First, 2011, Volkskrant 2011a;Volkskrant 2010).
Therefore, by mobilizing international human rights Dutch civil society has attempted to inform the general public and hold the government accountable (Wilson, 2007).Thus a national or local conflict about by i-Government's use of biometric data for other purposes than identifying verification becomes international and thereby as Sally Engle Merry describes it 'vernacular' (Wilson, 2007) (Note 7).The NGO's are intermediaries who rely on an international human rights discourse to translate the conflict to the stage of the UN human rights committees and the European Court of Human Rights.This is extraordinary because NGO's usually translate human right law into a local discourse, before attempting to seek justice at the international level (Merry, 2006).

Does Civil Society Create Social Change?
Despite the mobilization of international human rights by civil society, it remains to be seen whether their advocacy efforts regarding i-Government surveillance and the consequences for the protection to the right to privacy and data protection have effect.On the one hand, the public at large is slowly being sensitized about the possible infringements by the i-Government on the right to privacy and data protection.Also, the issue of privacy is gradually becoming part of political discourse.For instance, since 2010 the People's Party for Freedom and Democracy (VVD) has advocated the protection of the right to privacy, especially in relation to an over-intrusive government (VVD, 2011).On the other hand, the process is relatively new and therefore reflections on whether civil society creates social change with their international human rights advocacy can only be preliminary.
Generally one could argue that politicians, public officials and employees of supervisory bodies have a tendency to talk about consulting civil society rather than participating in a meaningful dialogue about i-Government surveillance, its effect on the right to privacy and data protection.For example, the 2009 report of the Commission Brouwer about security and privacy hardly included interviews with civil society (Commission Brouwer, 2009).Furthermore, the Data Protection Authority conducts a lot of research and disseminates public information.However, their focus is neither on personal contact nor on enabling citizens who want to issue a complaint about a particular situation (CPB, 2010;CPB, 2009a).Perhaps diverging priorities are the explanation why this supervisory body is not strongly engaging with civil society.This situation reflects contemporary political culture and relations between the government and citizens.Even though civil society has only recently begun to advocate privacy and data protection issues, the reaction of the government to this development is restrained.A former State Secretary for Interior and Kingdom Affairs, Ms. Bijleveld, for instance, filed in 2009 criminal charges against the people who were responsible for the creation of a fake government brochure, which promised a free tattoo of the aforementioned Burgerservicenummer (Prins, 2011).Instead of using the opportunity to engage in a meaningful dialogue, she focused on labeling the incident as 'tasteless'.Responding in a newspaper, the director of the Rathenau Institute, which conducts socio-political research on technology in relation to science, stated that this incident sent a public message that their expert reports and advisory opinions had been unable to successfully mass communicate (NRC Next, 2009).
For many citizens it is unclear whether i-Governments infringements on their privacy are justified in terms of creating a more effective public service or dealing with social problems.People are generally unaware that the Burgerservicenummer, which in practice also entails more personal data retention and information cross sharing, or the Compulsory Identification Act have proven ineffective (Everwijn, Jongebreur & Lolkema, 2009;Vedder et al., 2007).This situation is also the consequence of the fact that few politicians feel that the protection of digital personal data is a sexy topic.According to Privacybarometer, a website that collects statistics about the parliamentary votes about Acts that threaten privacy, only three political parties: The Socialist Party, the Green Left Alliance and the Animal Rights Party, are consistent in their protection of the right to privacy (Privacybarometer, 2010).The most likely explanation is that information technology and its side-effects are complex to grasp and politicians feel that data collection, data retention, data mining and cross sharing techniques provide a quick solution to societal problems such as child abuse.
As a result of several incidents the traditional and social media are becoming more interested in i-Government's use of technology, the generally increased levels of surveillance and the potential threats these developments pose to privacy and personal data protection.Subsequently more public awareness is created.In turn this affects political accountability.For instance, the former Minister of Justice in an interview after his presentation of the Dutch report to the Human Rights Committee, said that there was a possibility that in time other biometric data such as iris scans might replace the fingerprints in Dutch passports (NRC Handelsblad, 2009c).Thereby providing a biometric solution rather than discussing the possible violation of article 17 of the ICCPR (right to privacy).This kind of response illustrates how challenging it is for civil society to effectively translate the issue into an international human rights violation, establish political accountability and create social change.
Even though the Human Rights Committee in her concluding observations expressed concern about the national database for fingerprints, there initially was little follow-up at the national level (United Nations Human Rights Committee, 2009).Lobbying has been somewhat effective with Members of Parliament, who have requested amendments to the Act and a special parliamentary hearing concerning the issue (Volkskrant, 2011b).Nonetheless, although some of the political parties who, almost two years after the Act was passed, have begun to have second thoughts about the creation of a national data base for fingerprints, do so on the basis of the potential risks for national security and not because of concerns for international human rights violations.Furthermore, civil society could utilize the international human rights discourse more effectively if it would also focus on lobbying in the European Union or with members of the Council of Europe.This is especially relevant because several Acts that pose data protection and privacy risks are the consequence of implementing European Union legislation.Since the implementation of the Lisbon Treaty, and the EU Charter of Fundamental Rights European Members of Parliament have more tools to ensure compliance with privacy and data protection rights (Note 8).As a 2010 European Parliament resolution that altered bank information sharing between the European Union and the USA suggests, the Members of the European Parliament are willing to use their power to protect basic human rights such as the right to privacy and data protection (EuropaNu, 2010).Last but not least, after questions by European Member of Parliament Sophia in 't Veld, European Justice Commissioner Vivian Reding agreed to investigate Dutch Passport regulations (Volkskrant, 2011c).
However, in the Netherlands the government has continued to develop new Acts that incorporate personal data collection, data retention, data mining and cross sharing of personal records.This is partly motivated by security and counter-terrorism efforts and the desire to live in a risk-free society, where every potential threat should be eliminated.Simultaneously, civil society is incident focused and its responses are often legally orientated (Prins, 2011).As a result of which the coherency within civil society's advocacy is lost.By using the international human rights framework or national law, civil society tries to create more public awareness and political accountability.This tactic is probably more successful in individual cases then in amendments to -draft-Acts.Unlike Germany, the Netherlands has no Constitutional Court and the judiciary cannot review legislation.Also, recommendations by international human rights bodies are not always implemented.Last but not least some civil society organizations are partly dependent on state subsidies and face challenges in using court cases against the state.

Conclusions
By using a human rights discourse, Dutch civil society is increasingly advocating the protection of privacy and personal data by the information-Government ('i-Government') within the international legal framework.Civil societies' fear is aroused by ever more governmental data collection, data retention, data mining and data cross sharing techniques.Many feel that the Netherlands is turning into a so-called surveillance society, that there is too little political accountability and that a meaningful dialogue with the executive is missing.Civil society has responded by mobilizing human rights at the international, national and local level.By doing so the conflict becomes vernacular, which means that the conflict is operating at several levels simultaneously.NGO's who operate as intermediaries use the human rights discourse to translate the conflict to these different levels.In the Dutch context the mobilization of human rights within the international legal framework is done in addition to a number of national and local advocacy strategies of which several focus on litigation.Subsequently the protection of privacy and data protection by the i-Government is no longer merely a Dutch issue.