The watchdog which supervises the Dutch spy services said on Tuesday that the military security service MIVD is failing to notify people who were spied on even though it is required by law.

By not informing civilians if the MIVD has used targeted internet taps or other methods against them, the agency is not providing insight into its activities and citizens are unable to expose alleged misuse of powers, the CTIVD said.

The MIVD is required to investigate whether the person concerned can be notified five years after being the subject of a tap or other surveillance activity. If they can be told, they are sent a report. There are several exceptions but even then, a report must be made to the CTIVD.

“The MIVD has not complied with these legal obligations for four years. This is unlawful,” the agency said.

Not informing the subject of investigations “deprives the affected individuals of the opportunity to appeal or complain,” the watchdog said. “This limits the fundamental right to submit disputes with the MIVD to an independent and impartial court or complaints organisation.”

The watchdog has given the MIVD two months to make a written commitment about clearing the backlog and six months to explain how it will “regain control”.

Brussels

Meanwhile, European news website Politico says the European Commission has warned member states that they can’t call use national security as a blanket excuse to justify their use of spyware.

Governments that decide to use intrusive surveillance software, “cannot exercise their responsibility in a way that undermines the effectiveness of EU law” on data protection and privacy, said the draft communication, seen by Politico. The paper was written in response to a European Parliament committee report on spyware.

A full year after the inquiry report of @EP_PegaInquiry the @EU_Commission finally seems to be taking action against EU governments abusing spyware against opponents and critics. @vonderleyen should simply implement the recommendations adopted by @Europarl_EN @AntoanetaRoussi 1/3 https://t.co/RhSTVykHoZ

— Sophie in ‘t Veld (@SophieintVeld) July 23, 2024

The draft communication proposes several “minimum safeguards and conditions” that should be implemented “irrespective of the purpose of the surveillance,” including ensuring a court or independent body has authorised it. It also suggests informing individuals who were under surveillance.

“Arguably one of the most important rights of individuals is the right to be notified that they were subject to the use of intrusive surveillance software once the threat that triggered its use passed,” the report is quoted as saying.