Startups, stay away from The Netherlands if you value privacy

New law proposal makes The Netherlands very privacy unfriendly

If you would have asked me in 2013 where you should start your internet startup I would have proudly said: The Netherlands. We ranked very high when it comes to digital infrastructure, broadband penetration, adoption rates of technology, government stimulation packages, access to talent and judicial infrastructure like net neutrality and privacy. That last part is the part I would like to address here.

In 2012 we were the first country in Europe to have a true net neutrality law. We have a data protection agency which actually sued Google in 2012 because it violated privacy. We ranked second in the freedom of press ranking in 2013. We basically had one of the highest privacy ratings in the world, but a lot changed since 2013.

If you value your customers privacy don’t start your startup in the Netherlands (or take a masterclass privacy by design)

What happened to the judicial infrastructure

• We started enforcing one of the weirdest, ineffective and product development unfriendly cookie laws (A law that is still weird in 2015 and has also been introduced in the rest of Europe).
• The European Net neutrality law -which does enable two tier internet- will overwrite the Dutch stricter net neutrality laws. All that under huge pressure from the big European telecom providers.
• The Dutch enforced a data retention law which breached the privacy of telephone and internet users. They did this knowing the European Union had already wiped out EU data collection legislation that were deemed too broad and offered too few privacy safeguards. It took privacy fighters -including Voys- a trip to court to strike the law down.
• And now there is a new law proposal that allows the Dutch General Intelligence, Security Service and Military Intelligence Agencies to mass survey and wiretap innocent civilians.

About the new Security Act

• It allows mass monitoring of telephone calls, internet and email traffic, messages (Text and IM) and website visits.
• It allows profiling and behavioral analysis.
• It allows the Dutch government to hand over the mass surveillance gathered data to other international agencies for analysis.
• It allows them to hack 3rd party applications to in turn hack target applications if those target applications are unbreachable by direct attack.
• It allows the scanning of networks that might be interesting to be used as such a 3rd party hacking tool.
• It even allows intelligence agencies to force companies to hand over their customers’ cryptographic keys.

The strange thing is that most of these things aren’t weighed by a judge anymore. It’s up to the minister to give permission.

The law not only has huge implications for Dutch civilians, it also has a huge impact on internationally focused Dutch startups as they fall under the proposed Dutch law.

A foolish law, that needs to be prevented!

Let me point out a few things here.

1. Mass surveillance does not work

The NSA has a $ 10,8 billion budget and two independent studies have and I quote here: “not identified a single instance involving a threat to the United States in which the NSA program made a concrete difference in the outcome of a counterterrorism investigation.”

I doubt the Dutch are going to do any better here. It is an utter waste of money and it totally sacrifices privacy. The Dutch CBP – a government organization that monitors the protection of personal data – says that the current counter terrorism laws have had no use so far and says the fact that we still have the laws “worrisome”.

2. We are innocent until proven guilty

Principles of legality require all law to be clear, ascertainable and non-retrospective. It is the foundation of democracy and the rule of Law. The new law proposal literally crumbles the foundation of the rule of Law and democracy.

3. No more trias politica

It also undermines the separation of powers – trias politica – because it does not separate the roles of legislature, executive and judiciary, since the minister can make judicial decisions.

4. We have the right to privacy

Art. 17 of the International Covenant on Civil and Political Rights gives us the right to privacy.

5. We have a right for Freedom of speech

Art. 19: of the International Covenant on Civil and Political Rights gives us a right for Freedom of speech. Knowing that a government is listening in by default undermines that right.

Could The Netherlands still be privacy friendly?

Yes it could. The new law is under consultation. You can react to the proposal. There are currently 67 public reactions. There need to be a lot more. Make others aware of the impact of the proposal. Others can be startups, your telecom- and/or internet provider, judges, politicians and the press.

If we can get foolish laws struck down, we can prevent them from becoming a reality in the first place. Until we do, you should consider founding your startup in Iceland and found the startup development team in Groningen 😉

P.S. The Hague, if you are reading: Startup weekend The Hague is a very serious invitation.