Oversight activities into the functioning of the ISS Act 2017

On 1 May 2018, the day on which the ISS Act 2017 came into force, the Oversight Department of the CTIVD started its oversight activities into the ‘functioning of the ISS Act 2017’. The Oversight Department focuses on how the ISS Act 2017 is implemented and carried out by the AIVD and the MIVD. This process will take two years and the CTIVD will report to Parliament and the Ministers involved on the results every six months, in November 2018, May 2019, November 2019 and May 2020.

At the request of the House of Representatives, the Senate and the Ministers involved, the CTIVD focuses its oversight activities on the questions put forward during the parliamentary debate on the Act. The Oversight Department also looks at other topics which it deems relevant from the perspective of its legal tasks and to which it gives priority.

In the first six months, the Oversight Department focused on the following topics:

1. Compliance with the duty of care for lawful data processing;
2. How data is reduced responsibly during the use of special investigatory powers; 
3. The use of the investigatory power of investigation-related interception;
4. The use of the investigatory power of automated data analysis in the context of investigation-related interception;
5. How the AIVD and the MIVD have set up the internal process of handling complaints and reports of misconduct; and
6. Cooperation with foreign services, in particular the quality of weighting notes.

The Oversight Department conducted investigations and carried out various baseline measurements. In an investigation, the CTIVD assesses the lawfulness of a certain activity by the AIVD and the MIVD. In a baseline measurement, the CTIVD marginally checks whether the AIVD and the MIVD have sufficiently implemented the legal safeguards and pledged policy safeguards. The outcome of a baseline measurement is a risk assessment. This provides the AIVD and the MIVD with guidelines with which to modify internal policy and the set-up of their processes and systems. Based on the established risks, the Oversight Department determines in part which investigations it will conduct.