What a Drag(net): Dutch Surveillance Laws in the Light of European Union Data Protection Law

  • Mistale TaylorEmail author
Part of the Netherlands Yearbook of International Law book series (NYIL, volume 49)


In 2017, the Dutch Parliament controversially approved the Dutch Intelligence and Security Services Act (ISS Act) 2017, which started applying in May 2018. The Act aimed to reflect both new security threats and technological developments. Many groups and individuals took issue with the law’s provisions allowing for mass, indiscriminate surveillance by authorities and their bulk collection of personal data. The draft law inspired a citizen-initiated referendum and multiple court cases aimed at changing the law to better protect individual privacy, all of which were largely unsuccessful. An Explanatory Memorandum submitted with the original bill and many scholars have assessed the law’s (in)compatibility with the Council of Europe legal framework. Little attention, however, has been given to how the law adheres to EU data protection standards. Whilst EU law does not extend to national security and intelligence, EU data protection law can provide guidance on how authorities should collect and process individuals’ personal data. Furthermore, the Court of Justice of the EU has increasingly made pronouncements on Member State law that covers security issues. Using EU data protection law as a guide, this chapter assesses certain provisions of the ISS Act. It determines that the Act does not adhere to the cornerstone principles of purpose limitation, data minimisation and limited data retention.


Data protection Surveillance European Union law Security Privacy Right to data protection Dutch Intelligence and Security Services Act 2017 


  1. Eijkman QAM (2018) Access to Justice for Communications Surveillance and Interception: Scrutinising Intelligence-Gathering Reform Legislation. Utrecht Law Review 14(1):116–127CrossRefGoogle Scholar
  2. Kokott J, Sobotta C (2013) The distinction between privacy and data protection in jurisprudence of the CJEU and the ECtHR. International Data Privacy Law 3(4):222–228CrossRefGoogle Scholar
  3. Pedersen AM, Udsen H, Jakobsen SS (2018) Data retention in Europe – the Tele 2 case and beyond. International Data Privacy Law 8(2):160–174CrossRefGoogle Scholar
  4. Ryngaert C, van Eijk N (2019) International cooperation by (European) security and intelligence services: reviewing the creation of a joint database in light of data protection guarantees. International Data Privacy Law 9(1):61–73CrossRefGoogle Scholar
  5. Vedaschi A (2018) Privacy and data protection versus national security in transnational flights: the EU-Canada PNR agreement. International Data Privacy Law 8(2):124–139CrossRefGoogle Scholar

Copyright information

© T.M.C. Asser Press and the authors 2019

Authors and Affiliations

  1. 1.Utrecht UniversityUtrechtThe Netherlands

Personalised recommendations