Surveillance by intelligence services – Volume II: field perspectives and legal update
or fully well-founded.497 So, the number of complaints
remains the same over the years. In the context of some
of these complaints, the CTIVD raised the issue of secrecy
surrounding the facts included in the CTIVD’s opinion;
in such cases, the minister decides which information
may be provided to the individual. The CTIVD stated that
it would favour declassifying information that would
contribute to a better understanding of the working
methods of the services, and in particular cases, it in
fact suggested declassifying the information. Only in
cases relating to the military intelligence services (GISS)
did the minister not follow the CTIVD’s suggestions.498
While the CTIVD had limited remedial powers under the
2002 Act, the 2017 Law changed this and gave CTIVD
biding decision powers.
In Sweden, both expert bodies – SIUN and the
Commission on Security and Integrity Protection
(SIN) – may be approached by citizens wishing to check
whether they are under surveillance, and whether this
surveillance was lawfully conducted by the intelligence
services. Between 2008 and 2016, SIUN audited more
than 80 cases. Between 2014 and 2016, SIUN received
46 requests from individuals wishing to check whether
SIGINT surveillance was conducted according to the
law.499 These requests concerned the National Defence
Radio Establishment as well as the three other entities
monitored by SIUN. None of the individual requests
highlighted serious faults. Of the total control work,
including checks made not on the basis of a request
from an individual, four opinions were delivered to
the intelligence services, two of them to the National
Defence Radio Establishment. SIUN never reached the
stage where it may refer a case to the prosecutor or
order the National Defence Radio Establishment to
terminate data collection.500
“We disclose what we are allowed to disclose. However,
we do not say, for example, that there’s probably more.
That would not be right. […] There is a specific formulation.
We say: ‘we have carried out our checks and there are no
concerns from the perspective of data protection’.”
(Data protection authority)
“In general, we will not confirm or deny that someone
has been wiretapped. We will focus on whether there has
been a wrongdoing, an illegal practice, and this we aim to
communicate, even though often in an abstract way.”
(Expert body)
While discussing the processing of complaints,
respondents said they carry out comprehensive
497
498
499
500
120
The Netherlands, CTIVD (2015), p. 19 and following.
Ibid. pp. 22–23.
Sweden, SIUN (2017), pp. 4-9.
Sweden, National Defence Radio Establishment (Försvarets
radioanstalt) (2016).
investigations on the basis of well-founded (in some
cases ill-founded) complaints from individuals. This
includes access to the intelligence service’s sources
or meetings with its staff, and can include inviting
complainants to hearings. However, the responses
received by individuals regarding complaints are more
or less standard: if unlawful activity has taken place,
the applicant is informed so that compensation can be
sought; but if not, the response –‘neither confirm nor
deny’ (‘NCND’) – can cover both situations where ‘no
surveillance actually took place’ or where ‘it did but was
lawful’. As rare exceptions, in a few Member States,
individuals are informed if they were under surveillance.
Representatives of civil society organisations, lawyers,
and academia noted that the standard ‘NCND’ response
makes available remedies ineffective and questioned
if the remedies are suited for individuals.
According to representatives of institutions dealing
with individual complaints, the response might be
different when the intelligence services were found to
act ‘illegally’ or ‘unlawfully’.
“I think in this highly complex area government has, in
addition to the resources, the added advantage of the
knowledge of what [the services] are doing and the ability to
‘NCND’ everything, which is a problem. We need much more
transparency, robustness from the domestic court.”
(Civil society organisation)
“So the complaint goes off, the [expert body] will consider
it, there may be a hearing, there maybe not be, it may be
that the [expert body] hears evidence from the intelligence
services or the police, but maybe not, but if it does,
I probably would be told, my client might be told, we
wouldn’t have a right to attend, we wouldn’t have a right to
approach them. The [expert body] makes a decision and will
only notify me if they find a violation.” (Lawyer)
Finally, individuals may also prefer to access justice
through intermediaries, such as relevant civil society
organisations. The latter may play a vital role in taking
surveillance-related complaints to court when class
actions are allowed, as well as in bringing cases of
a more general nature requesting access to specific
information on the activities and investigative
methods of intelligence authorities to contribute to
greater transparency and accountability in this area.501
However, in some EU Member States, civil society
organisations often lack adequate resources, and few
are able to offer comprehensive services to victims of
data protection violations.502
501 Poland, Administrative Court in Warsaw (Wojewódzki
Sąd Administracyjny w Warszawie), Helsinki Foundation
for Human Rights v. ABW, II SA/Wa 710/14, 24 June 2014,
pending appeal to the Supreme Administrative Court:
Poland, Helsinki Foundation for Human Rights (2015).
502 FRA (2014c).