AIVD and MIVD must remove data from innocent citizens

The General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) must destroy five large data sets. These have been compiled and preserved for no good reason. That is the conclusion of the Commission of Supervision of the Intelligence and Security Services (CTIVD). This concerns data of probably millions of citizens that have been collected in the context of the Intelligence and Security Services Act (Wiv). The law is more commonly known as the Sleep Act.

Complaint Bits of Freedom

The CTIVD investigated the matter after a complaint from the citizen movement Bits of Freedom. At the end of May, this organization filed a complaint on behalf of millions of citizens. The BoF has thus been the first organization to file a kind of ‘class action complaint with the CTIVD. In this way, Bits of Freedom wanted to “stop this illegal practice and free the data of all these citizens from the clutches of the secret services”. If it is up to the supervisory committee, this will now also happen.

Previous warnings from the CTIVD were just that: warnings. This is because the supervisory department has no enforcement power. As a result, the intelligence services and the cabinet were able to ignore the advice. However, the complaints department of the CTIVD does have enforcement power. The datasets must now be destroyed within two weeks.

Previous complaint

The two security services were already tapped on their fingers in 2019 and in 2020 about the same data sets. However, they argued that the full data sets were important for the protection of national security. Therefore, they should be kept indefinitely. Kajsa Ollogren, who was Minister of the Interior at the time, also ignored the advice of the CTIVD.

The government did, however, amend the towage law at the time. From then on, data of innocent citizens were no longer allowed to be kept indefinitely. The intelligence services were given a year and a half to collect the necessary data and had to remove the rest of the sets. However, this did not happen. Controlling the gigantic data sets was seen as impracticable. That is why the services labelled the entire data sets as ‘relevant’ in order to be able to store all data.

Moreover, the MIVD did not periodically check the relevance of the data sets. Research by Bits of Freedom showed that this service only did this after the privacy organization filed its complaint. Also, too many employees of both the AIVD and the MIVD had access to all data. The services should have restricted this access, but that has not happened yet either.

Cabinet response

For the time being, the AIVD and MIVD have not responded to the CTIVD’s ruling. The cabinet has responded in the form of a letter to parliament. The letter states: “The cabinet will therefore implement this decision with immediate effect”.

However, the letter approaches that the collected data is of great importance for national security and that its long-term storage is also important. It also refers to the final report of the Wif Evaluation Committee 2017 from January 2021. This also indicated that the retention period of the datasets was too long. The amendment to the law introduced at that time should “provide a structural solution that does justice to the operational value of bulk data sets for national security and the protection of fundamental rights of citizens”.

Finally, reference is made to the AIVD and MIVD Temporary Investigations Act into countries with an offensive cyber program. This is currently before the Council of State for advice.

Catch up on more articles here

Follow us on Twitter here

Popular

Must read

MORE ON THIS TOPIC:

Related Posts