The Registratiekamer is concerned about the privacy of the consumer of today and tomorrow, from mobile telephony to purchasing products on the Internet, personal data are recorded everywhere. The Registratiekamer concludes that almost every activity of today's digital consumer is recorded while today's digital consumer is not aware of it. The Registratiekamer therefore urges clear information for consumers. Everyone has the right to know what details are registered and why. In 1999 the Registratiekamer also started an investigation of the use of personal data by Internet providers. The results of that research were published in June 2000.
The year 1999 was also dominated by the introduction of the new Wet bescherming persoonsgegevens (Wbp or Personal Data Protection Act). A step in the right direction was the Second Chamber unanimously accepting the new Act in November. The Registratiekamer naturally paid thorough attention to the discussions in the Second Chamber.
The Registratiekamer advised the Permanent Parliamentary Committee of Justice on the consequences of the new Act. The Act is now being processed by the First Chamber and is expected to take effect by the beginning of 20011. The introduction of this Act will involve major consequences for the Registratiekamer. One will be a new name - the Dutch Data Protection Authority (or Personal Data Protection Board). The College will have greater authorities, such as the imposition of fines. In the year under review the Registratiekamer paid careful attention to the consequences of introducing the Act, and has made necessary preparations (theme 2).
The Registratiekamer's Annual Report also mentions that the screening of people and companies developed strongly in 1999. Screening involves determining whether someone, for instance an applicant or business partner, is reliable or trustworthy. To do this several sources are consulted. The Registratiekamer followed this development scrupulously as the effectiveness of screening is not only overstated, but also involves drastic invasion on an individual's privacy. According to the Registratiekamer it is therefore essential that screening takes place only in the absence of less drastic alternatives. If this is the case, then screening should only take place according to clear, predetermined criteria and on the basis of lawfully acquired information. To develop the best picture possible of the existing integrity instruments, the Registratiekamer organised during the year a round table conference on screening in the Netherlands (theme 3).
Important publications
In 1999 the Registratiekamer offered its report Informatieverstrekking door de fiscus - ontheffing van de fiscale geheimhoudingsplicht in het licht van privacywetgeving (Information provision by tax authorities - exemption from the obligation to fiscal secrecy in the context of data protection legislation) to State Secretary Vermeend of Finance and the Second Chamber. This publication concluded that the appropriate statutory regulations for the granting of personal data by the tax authorities, in the light of privacy legislation, is no longer up-to-date. The Registratiekamer considers it desirable to provide for this, as a continuation of the tax law revision.
Public and private institutions for work and income are combining forces ever more often. Under the creed of Samenwerking Werk en Inkomen (Cooperation between Work and Income), executive bodies, social services and employment agencies are offering their services in Centres for Work and Income (CWIs). In Werken met gegevens (Working with Information) the Registratiekamer listed and analysed the possibilities and limits of this cooperation in CWIs, offering a number of rules of thumb for the practical side of this cooperation.
The use of consumer information for marketing purposes was the subject of a study that resulted in the 1999 publication of Koning Klant (King Client). In this report the Registratiekamer indicated how the standards and rules of the Wbp apply to the processing of consumer information and how organisations' economic interests should be measured against clients' privacy interests when processing them.
The results of an investigation carried out by the Registratiekamer on the set-up and exploitation of the population register (GBA) in three municipalities were published in 1999. The research showed that citizens' information saved in the GBA are protected insufficiently. The Registratiekamer assumes that the situation in those municipalities is typical of the situation in other municipalities in the Netherlands.
In 1999 the Registratiekamer also paid attention to new technological developments that might have consequences for citizens' privacy. Two research reports were published in this field, Intelligent Software Agents and Privacy, set up in cooperation with the Canadian privacy supervisory authority for Ontario, and At face value: on biometrical identification and privacy.
All the reports of the Registratiekamer can be downloaded for its website: www.registratiekamer.nl
For the Dutch reports an English summary is normally available.
Active internationally
The problem of data traffic with countries outside the European Union was a prominent item on the agenda of the working party 'article 29' of the European data protection directive in 1999. In this context the working party published opinions a number of times on the dialogue of the European Commission with the United States on the 'safe harbor' principles. In addition, the working party issued two positive opinions on levels of protection in Switzerland and Hungary.
The Registratiekamer represents the Netherlands in the advisory committee referred to in article 18 of the data protection convention of the Council of Europe. In 1999 this committee's activities focused on setting up a protocol for the treaty discussing two subjects, the problem of transfers of data to third countries and the role of supervisory authorities.
Since the introduction of the Schengen Implementation Agreement and the Europol Convention, the Registratiekamer has been taking part in two unique forms of international supervision. Both conventions are familiar with the disposition of an internationally independent supervisor, for the Strasbourg-based Schengen Information System and for Europol's police systems.
Cooperation with other supervisory authorities is becoming ever more significant. At the spring conference of European supervisory authorities in Helsinki, the Registratiekamer presented a report on audit techniques to its European sister organisations. This report was drafted in close cooperation with the Spanish Agencia de Protección de Datos and discussed during an international workshop organised by the Registratiekamer. Six countries and the European Commission participated in the workshop, which took place in the Hague in November 1999.
Upon the request of the Council of Europe, the Registratiekamer took part in an official mission of the United Nations to Kosovo. Most population registers were destroyed during the war; as a result of which all residents will have to register again, and new identification documents will have to be issued. The Registratiekamer has contributed to the setting up of new (privacy-based) standards for the population registers in Kosovo.
Countries outside the European Union also show great interest in European privacy legislation. The Registratiekamer was invited to inform on this matter in the United States; it also organised information sessions for guests from Japan, China, Russia, Croatia and Slovenia for instance.
1 The new data protection act has in the meantime been approved by the First Chamber. It bears the date of 6th July 2000