
New law proposal makes The Netherlands privacy-unfriendly - jorrizza
https://www.voys.nl/weblog/startups-stay-away-netherlands-if-you-value-privacy
======
tptacek
I know that this is a tricky question to engage with on HN, but is there a
major-market country in Europe --- say, from the list of Germany, France, the
UK, Italy, Spain, Netherlands, Switzerland, Poland, Norway, Sweden, Belgium,
Austria, Denmark, and Finland --- that is _fundamentally_ more privacy-
friendly than the US, in black-letter terms?

US privacy laws have loopholes you can drive a truck through. But the limited
research I've done suggest to me that that's true of virtually all western
democracies, and that the loopholes in other countries can be even larger and
less transparent. My impression of France for instance, is that there isn't a
major distinction between what the French government can do on its own soil to
combat terrorism versus what it can do abroad; that's probably not true of the
US.

I'm interested in facts and non-emotional analysis; the "interesting"
discussion we can have about this topic. Obviously a lot of people bring
priors to it about the evils of the NSA or NSA/USG's corrupting influence on
other countries. I'm prepared to stipulate that (believe it or not, I'm not
that far from most HN readers on these topics, ideologically!) if we can boil
things down to the raw facts.

~~~
cmdrfred
I believe that on paper, the United States is the freest and most privacy
friendly place on the planet (well the paper that isn't classified). In
practice not so much. Things wealthy people care about are very high privacy
(financial transactions, private offshore holdings, medical records, etc)
things not so wealthy people care about are basically wide open (criminal
records, books you rent in a library, phone calls). We stomp all over the
constitution.

Take the gay marriage debate, not once did I see someone question if the
government even has a right to determine who is allowed to be married, and why
is should be involved at all. "Congress shall make no law respecting an
establishment of religion" marriage is a religious institution, seems pretty
clear.

All we really have to do is fire judges (and those that appoint them) who do
not uphold the constitution. This has to be for all violations, not just the
ones you disagree with. Don't like guns? Pass an amendment. Don't think that
'Hate Speech' should be legal? Pass an amendment. Scared of terrorists? Pass
an amendment. Until then the lawmakers and judiciary will just run roughshod
over our "certain unalienable rights".

~~~
schoen
Financial transactions are not necessarily "very high privacy" in the U.S.
Financial transactions over $10,000 are required to be reported to the
government, as well as transactions that a banker believes are part of a
cumulative transaction over $10,000.

[https://en.wikipedia.org/wiki/Bank_Secrecy_Act](https://en.wikipedia.org/wiki/Bank_Secrecy_Act)

In addition, banks are not allowed to open accounts without verifying the
customer's identity.

[https://en.wikipedia.org/wiki/Know_your_customer](https://en.wikipedia.org/wiki/Know_your_customer)

I don't think it's clear how well credit card transaction data is protected
against subpoenas, and there is a rumor that one or more of the many
undisclosed §215 bulk collection programs relate to financial transactions.
There are statutory protections for financial transaction records, but the
Supreme Court has held that a bank account holder has no constitutional
expectation of privacy in the bank's records. U.S. v. Miller, 425 U.S. 435
(1976).

~~~
cmdrfred
To the government is one thing, you have to report all income to the
government over a certain threshold. If you are a corporation trying to buy
votes, then your finical dealings are highly private.*

*Citizens United v. FEC

------
wbhart
It's odd to see the Netherlands referred to as previously being privacy
conscious.

Back in the mid 2000's I recall looking in the CIA Factbook and noting that
the Netherlands intercepted more telephone calls and did more internet
monitoring than just about any other country, per capita (of course "Fact" was
used rather loosely in the title of that book).

Hackers in the Netherlands were introducing regular pulses into their daily
internet activity and then using Fourier analysis to detect this signal in the
server load of apparently well known Government buildings, believed to belong
to the Dutch secret service (to what extent these rumours were true, I can't
say -- I wasn't involved).

For historical reasons, the Dutch people also developed a habit of "spying" on
neighbours to "make sure they were ok". This is still included in some guides
for foreigners living in the Netherlands, so they don't become concerned when
their neighbours begin looking in their windows.

In my stay in the Nethelands, I however learned that just about every spy
agency in Europe was spying on just about everyone else in Europe. So it
became clear in the end that the Dutch weren't necessarily any worse at it
than everyone else. Of course, that threat seems to be greater in larger
states with bigger economies. If you live anywhere else, you at least know
everyone else is probably spying on you, even if your own Government is not.

~~~
jacquesm
I wrote about this at length:

[http://jacquesmattheij.com/wholesale-privacy-violations-
in-t...](http://jacquesmattheij.com/wholesale-privacy-violations-in-the-
european-union)

We're definitely not doing well at all on this front and it is getting worse
rather than better.

~~~
wbhart
In my opinion, all that is happening with these "anti-privacy laws" is that
very old spying practices are becoming codified in law. Nothing will actually
change. The spying is already happening, and has been for a long time.

~~~
jacquesm
Yes, the crimes are simply being retro-actively whitewashed and for the future
you can expect a lot more of the same especially because it is now legal.

Never mind that these laws are in conflict with just about every right that we
as citizens are supposed to have and which we all learn in school should be
important to us.

------
ChuckMcM
So does Dutch law actually recognize the UN's International Covenant[1] ?
While a country can be a signatory to the covenant, it is just a popularity
stunt until there are locally enacted laws which provide for enforcement of
its provisions. It isn't like UN Peacekeepers are going to come parachuting in
to your rescue.

Also the comment about Mass surveillance is incorrect. While it may not have
found any terrorism suspects there is ample evidence that it has impacted drug
smuggling (as implemented in the US) where the DEA was fed information that it
had to lie about where it got it. While I find the whole parallel construction
thing a huge violation of civil liberties (and generally should be illegal) it
is pretty clear that mass surveillance did identify a number of drug
operations. So in that regard it "works". It might be better to say that it
hasn't been shown to be an effective tool against terrorism.

[1]
[http://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx](http://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx)

~~~
tptacek
Parallel construction should be unlawful. The point of the exclusionary rule
for evidence is to address the _incentives_ of law enforcement. It's not a
recognition that specific pieces of evidence are somehow tainted and
untrustworthy. That's a broken premise parallel construction seems to rely on.

But then a follow-on question: for the big 3 EU countries, what are the
exclusionary principle rules? From a little research last year, I know that
the exclusionary rule in the UK is more complicated than it is in the US.

~~~
Tomte
Germany: none at all (barring extreme cases), and that's really the
overwhelming mainstream opinion of German scholars. Only defenders lament it.

The idea is that much harm comes from letting people walk, just because the
police did an honest mistake. Or even a willful, outrageous thing.

Punishing the police officer should be enough to deter such behavior.

I think that it's a reasonable stance, but I'm not invested into it much.

I tend to see it as another example where we try to find a reasoned and
weighted position, whereas America usually takes a very black and white
approach.

I don't mean that disparagingly, it's a valid position. Just an observation.

~~~
hundt
Do the police officers actually get punished in Germany?

~~~
Tomte
At least every prosecutor's office has a whole department dealing only with
crimes committed by officials, and I guess they're not just sitting around.
:-)

I believe it's just like you would expect if you knew nothing about Germany:
many crimes are punished, many aren't.

For whatever reason, and yes, cronyism and a certain reluctance to prosecute
does happen. But that's a null statement.

I won't claim that reality is great, I just have no reason to believe that
police officers regularly get away with major infractions.

------
adventured
It's a fair criticism. However I think it's too early to be telling startups
to stay away from the Netherlands. Both because the new law may be prevented
yet, and these types of laws are occurring simultaneously across most of the
developed world. I'm not sure where a startup would flee to, to avoid them.

I might take the opposite tact here. I'd argue instead that startups should
feel perfectly comfortable making the Netherlands their home, for all the
positive reasons, and they should all focus on slaying these bad qualities.
The Netherlands only has 17 million people, it's still very possible to have
your voice heard. A focused group of startups can probably still make a
difference.

~~~
LunaSea
I'm dutch and I agree that a decision not to go there shouldn't be rushed but
a bill like this being even considered makes the choice very flaky.

------
jacoplane
So they're doing exactly what the NSA and GCHQ are doing but they're actually
being transparent about the fact that they're doing it?

~~~
tptacek
That's not a fair assessment. The problem with NSA isn't that their authority
is opaque. The problem is that their authority, dating back to the cold war,
is so broad that it's difficult to cabin what their doing into public policy
objectives.

In other words: once you pass a law that gives the government authority to
dragnet communications, no matter how specific and overt the law is, the
authority you've delegated does grave and _intrinsic_ harm to transparency.

------
jackweirdy
Without getting specific to particular startups - obviously the best country
is the one where you have a large market -which are the best countries for
startups?

In terms of availability of funding, legal ability to onboard foreign workers,
IP rights, general digital-friendly legislation, and so on? I'm only really
aware of the US & larger EU countries, presumably there are also great
opportunities further afield?

