Dutch security service kept illegal DNA database

The General Intelligence and Security Service (AIVD) kept a DNA database that is not permitted by law, according to a report by the Supervisory Committee on the Intelligence and Security Services (CTIVD). The report states that data was kept where names were linked to DNA profiles "on a limited scale", but did not indicate exactly how many DNA profiles were kept. Once the AIVD has identified a person, the service must remove and destroy the DNA profile and any cellular material. European law states that there must be an adequate legal basis for the preservation of cellular material and DNA profiles. In this there must be minimum safeguards for storage duration, use, access by third parties, procedures for preserving the integrity and confidentiality of the data and procedures for the destruction. The CTIVD determined that the AIVD lacked such a specific regime of safeguards for the preservation of cellular material and DNA profiles. Dutch law provides no basis for this and as long as the current law on the retention of DNA profiles and cellular material is not regulated, the AIVD is not allowed to set up its own DNA database for any reason whatsoever. The CTIVD examined all cases in which the AIVD conducted a biological forensic investigation since 2002. According to the supervisory committee, there were not a large number of such cases and they determined that there were irregularities in "a limited number of cases". The AIVD states on its website that all DNA related data of these cases has been destroyed.