As long-time readers know, I have been struggling to understand what has gone on in terms of legal challenges to the Dutch passport law that requires biometrics. Every time a new decision has come out, at least a few readers have pointed out to me that the English translations – and my attempts to understand them – have been less than fully accurate. Part of my confusion is that although I generally understand how to challenge a law in the American judicial system, the process is somewhat different in the EU.
Happily, a Dutch privacy watcher who prefers to remain anonymous has sent me an explanation of what’s going on over there, which I posting here. with eternal gratitude and only minor tweaks to the English:
Since 21 September 2009, fingerprints are obligatory in passports in Holland, as they are in France, Spain, and several other countries due to a EU obligation. Some countries are also storing these fingerprints in government databases.
In September 2009, Association Vrijbit tried to stop this collection and storage via an interim measure at the European Court on Human Rights in Strasbourg, but the Court ruled inadmissibility. It didn’t take interim measures because there would be no ‘irreversible damage.’ “Irreversible damage” is the criterion applied in such cases. It’s true that databases could always be destroyed later on, but it could be too late if other things happen in the interim.
The underlying Vrijbit court case was ruled inadmissible in 2010 because it should initially be heard at the national level, but the Court didn’t address the fact that Vrijbit had appealed that these national legal remedies were not effective.
National court cases in Europe strangely take a lot of time. A German lawyer is waiting for a court case since 2007, the French biometric passport case still hasn’t reached the highest national court stage. Challenges cannot be taken to the European Court until they have been heard and decided in national court cases.
A Dutch civil court case heard in the Court in The Hague in 2011 decided complaints from Privacy First Foundation and 21 plaintiffs were non-admissible. Appeals are pending.
The administrative court of The Hague ruled in March that fingerprints are obligatory because it says so in the Dutch law. But the court didn’t go into the claim that the Dutch law establishes a breach of the European Convention on Human Rights. The court simply didn’t dare to hold the Dutch law against the ECHR convention. It ruled that the feared future function creep wasn’t relevant today. The court neglected the fact that the current passport database could easily be turned into a future central prosecution database. It also neglected the ECHR case, Van der Velden vs The Netherlands, which states that current fears of future (mis)use of databases should be taken into account, too. The court’s ruling was a political one, because in practice, and at this very moment, Dutch police can already ask fingerprints from the local council’s passport database.
Appeals are pending but take years as national court cases take years. Several other civilians have started similar cases.
In the meantime, the fingerprint database is filled gradually… the lack of legal protection is stunning, and the number of Dutch civilians without a passport is growing. They become second-class citizens, with no chance to get a job, medical care etc. without a proper obligatory ID card or passport.
The Dutch parliament is rethinking the Passport Law and the database storage of biometrics. The building of a central biometrics database is under fire., e.g because of security reasons, but there’s a chance that hashing of fingerprints will be presented as the technical privacy ‘solution’ in the coming months. Also the current (temporary) decentral databases at the local councils could stay operational.
On a European level, the EU Commission is informally investigating the legality of the Dutch Passport Law. On 31 March, an alliance of organizations petitioned the Secretary General of the Council of Europe to start an investigation under Article 52 ECHR into the legality of the collection and storage of biometrics under all European passport laws.
The Human Rights Committee of the Council of Europe itself recognizes the human rights problems (under C5) but is downplaying the fingerprint objections: http://assembly.coe.int/Documents/WorkingDocs/Doc11/EDOC12522.pdf
Update: Additional links added thanks to a kind reader.