Abstract
This paper describes how privacy and data protection law and policy have evolved in the Netherlands from the 1960s onwards. The description is guided by two questions: have policy changes occurred in privacy legislation, and how can these changes be explained? The paper describes, first, legislation focusing on spatial and relational privacy, with a primary focus on constitutional law; second, informational privacy or data protection legislation; and third, non-privacy-focused legislation which impacts negatively on privacy and data protection. The analysis shows that, since privacy emerged on the policy agenda in the late 1960s, privacy law and policy can be roughly divided into two periods: two decades of creating general privacy frameworks in the Constitution and comprehensive data protection legislation, and two decades of updating these general frameworks in light of technological developments while also passing many privacy-diminishing laws to serve other policy goals. The rise of the information society, the network society, and the risk society can explain a privacy policy change occurring somewhere during the 1980s. This change can be interpreted either as a shift from generally privacy-friendly policy to generally privacy-unfriendly policy, or as a shift in focus from general, privacy-centric framework regulation to specific, privacy-unrelated legislation targeted at other, higher-ranking policy goals, such as organized crime, immigration, and health and safety. The current outlook for privacy protection does not seem bright, but recent developments in media and public agenda-setting suggest that privacy and data protection are about to become more important policy issues in sectoral legislation. Perhaps the future of privacy protection, if it has a future, should be sought outside privacy and data protection law itself.
Acknowledgements
This paper builds on a country report written for the EU Agency for Fundamental Rights (FRA) as part of a Comparative Legal Study on Assessment of Data Protection Measures and Relevant Institutions (Fabbrini et al. Citation2009). The country report was written by me together with Colette Cuijpers, Sjaak Nouwt, Arnold Roosendaal and Suad Cehajic. I also thank Colette Cuijpers and Paul De Hert for providing valuable input for this article.
Notes
1. Act of April 7, 1971, Staatsblad [Dutch Official Journal] 1971, 180. “Personal sphere” (persoonlijke levenssfeer) has regularly been used since in Dutch law to indicate what in common Dutch parlance is called “privacy” (privacy).
2. Act of January 19, 1983, Staatsblad 1983, 19 (subsequently renumbered by Decree of February 17, 1983, Staatsblad 1983, 70).
3. Dutch Supreme Court, June 22, 1973, Nederlandse Jurisprudentie 1973, 386.
4. Act of December 28, 1988, Staatsblad 1988, 665.
5. Act of July 6, 2000, Staatsblad 2000, 302, entry into force September 1, 2001 (Staatsblad 2001, 337).
6. Kamerstukken II (Parliamentary Documents Second Chamber] 2009–2010, 31 051, No. 5, pp. 21–22.
7. See, seminally, the policy plan Society and Crime, Kamerstukken II [Parliamentary Documents Second Chamber] 1984–1985, 18 995, Nos. 1–2, May 22, 1985.
8. Act of May 27, 1999, Staatsblad 1999, 245 (entry into force February 1, 2000, Staatsblad 2000, 32).
9. Act of June 24, 2004, Staatsblad 2004, 300 (identification duty); Act of July 13, 2002, Staatsblad 2002, 420 (frisking).
10. Act of September 28, 2006, Staatsblad 2006, 460.
11. Act of July 21, 2007, Staatsblad 2007, 300.
12. Act of July 18, 2009, Staatsblad 2009, 333. This Act implements the Data Retention Directive, 2006/24/EC, which the Dutch administration have actively promoted in the EU after 9/11.
13. http://www.consumentenbond.nl/actueel/waarstaanwijvoor/privacy (last accessed December 1, 2010).
14. http://www.humanistischverbond.nl/dossiers/mensenrechten/privacy (last accessed December 1, 2010).
15. http://www.njcm.nl/site/newsposts/show/243 (last accessed November 1, 2009).
16. Samenwerkingsprotocol CBP-OPTA, July 12, 2005, Staatscourant [Dutch Official Gazette] 2005, 133, p. 27.