Last Updated March 28, 2019

Law and Practice

Contributed By Vondst Advocaten N V

Authors



Vondst Advocaten N V is an Amsterdam-based boutique law firm that focuses exclusively on contentious intellectual property, pharmaceuticals and life sciences, IT and privacy. The data protection team advises and litigates in both national and international matters relating to data protection. In addition, they frequently lecture and publish on data protection.

The primary source with respect to law enforcement access to data for serious crimes is the Dutch Code of Criminal Procedure. Other relevant laws are the Police Data Act and the Judicial Data and Criminal Records Act. Furthermore, sector-specific regulators may have access under sector-specific legislation, such as the Competition Law Act.

  • Can agencies authorise unilaterally or is independent judicial or approval required?

For accessing means of communication and private homes, the general rule is that independent judicial approval is required.

  • What safeguards protect privacy by law and in practice?

It is generally believed that Dutch law enforcers and regulators obey legal restrictions to access to data. If personal data has been accessed without proper legal grounds, the basic rule is that courts will ignore such data and may declare a certain investigation or prosecution unlawful.

The main laws applying to government access to data for intelligence, anti-terrorism or other national security purposes are the Dutch Code of Criminal Procedure for regular public prosecution and the Intelligence and Security Services Act 2017 for the two secret services, being the General Intelligence and Security Service and the Military Intelligence and Security Service.

  • Can agencies authorise unilaterally or is independent judicial or approval required?

For accessing means of communication and private homes, the general rule is that independent judicial approval is required.

The secret services (both the General Intelligence and Security Service and the Military Intelligence and Security Service) are supervised by the Review Committee for the Intelligence and Security Services (‘Commissie van Toezicht op de Inlichtingen en Veiligheidsdiensten’) (CTIVD). As well as the CTIVD, the Review Committee use of Powers (‘Toetsingscommissie Inzet Bevoegdheden’) (TIB) has been established to review the use of the specific or general powers of the secret services. As a basic rule, access to personal data requires prior approval of the responsible minister or TIB.

It is generally believed that Dutch law enforcers and regulators obey legal restrictions to access to data. If personal data has been accessed without proper legal grounds, the basic rule is that courts will ignore such data and may declare a certain investigation or prosecution unlawful. The CTIVD is actively supervising the secret services. For instance, it has investigated the processing of mass internet traffic by the secret services and generally found this processing to be legal.

On 14 November 2018, CTIVD and TIM issued a joint statement announcing co-ordinated co-operation in supervising the secret services.

There is no Dutch law that expressly allows an organisation to invoke a foreign government access request as a legitimate basis to collect and transfer personal data, except that the secret services or other governmental agencies may have certain rights to share data with foreign governmental agencies.

With respect to foreign government access requests, the basic rule is therefore, as follows from Article 6(3) of the GDPR, that an organisation may not invoke such request as a legitimate basis to collect or transfer personal data. However, a foreign government access request may help to assume that processing can be based on the legitimate interests ground of Article 6(1) of the GDPR. In this respect, reference is made to the guidance on the processing of personal data in the context of whistle-blower hotlines that was issued by the ArtWP29 (WP 117). Although this opinion is not explicitly endorsed by the EDPB in Endorsement 1/2018, it may still serve as useful guidance on this matter.

The main issues that have arisen in the last few years have been in connection with government access to personal data, particularly access to bulk internet data by the secret services. The government wanted to introduce such access rights in the Intelligence and Security Services Act 2017. A referendum was held with respect to the draft of this Act, and the majority of voters expressed their criticism. Nonetheless the Act was adopted, although with some minor changes.

Vondst Advocaten N V

Jacob Obrechtstraat 56
1071 KN Amsterdam

+31 20 504 20 00

+31 20 504 20 10

info@vondst.com www.vondst.com
Author Business Card

Authors



Vondst Advocaten N V is an Amsterdam-based boutique law firm that focuses exclusively on contentious intellectual property, pharmaceuticals and life sciences, IT and privacy. The data protection team advises and litigates in both national and international matters relating to data protection. In addition, they frequently lecture and publish on data protection.

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.