In this review report, the CTIVD investigated the exchange of personal data on (alleged) jihadists by the AIVD within the Counter-Terrorism Group (CTG) and within the framework of cooperation in the field of signals intelligence (sigint).
The CTIVD finds that, as of yet, insufficient safeguards for the protection of the individual in the context of the exchange and further processing of data within the framework of the investigated multilateral cooperation exist. For the exchange of data by the AIVD to be lawful, it is important that the current situation is not allowed to continue and that the degree of legal protection is improved. The CTIVD is of the opinion that, where the multilateral cooperation of the AIVD with foreign services lead to the joint retention and processing of personal data or the joint exercise of (investigatory) powers, a joint responsibility exists. Each of the cooperating services is responsible for the whole i.e. for the consequences of potential unlawful actions. It is necessary in this connection that the cooperating services decide together which concrete multilateral safeguards they will jointly establish for the protection of the rights of the individual. The general data protection principles are leading here. The CTIVD finds that the multilateral safeguards within the CTG have only been implemented to a limited extent. In the context of sigint cooperation there is a higher degree of data protection.
The CTIVD makes recommendations aimed at creating additional safeguards in order to prevent unlawful conduct from occurring. With this, the CTIVD aims to ensure a more stringent protection regime and to allow for effective oversight.