According to Docksey and Propp (2023), accountability can sometimes be understood as responsibility, answerability, controllability, liability, transparency, and a synonym for good governance. The notion of accountability varies in different senses and can be seen by scholars in a narrow and broad approach (van Puyvelde, 2013). For instance, Bovens (2010) describes that there is no consensus regarding accountability and that accountability perceptions or interpretations will vary according to the era, societal roles, organizations' agendas, and political views.

Fest et al. (2022) state that accountability can be regarded as having responsibility. However, they add that accountability also means the implementation of transparency. Equally, Flyverbom (2016) portrays accountability as a process that may be implemented through transparency requirements.

Hood (2010) describes accountability as the duty of an individual or organization to be answerable for their actions. Similarly, van Buuren (2009, p. 3) indicates that accountability may be described as a liability that involves a dynamic of actor-explanation-giving.

The Venice Commission 2007² addresses accountability as taking responsibility for errors and putting matters right. Unlike this understanding, van de Poel et al. links accountability, responsibility, and liability. van de Poel et al. (2012) suggests that accountability may be understood as the moral obligation to account for one's actions; in this sense, the notion of accountability as responsibility or liability is not mutually exclusive.

Furthermore, Cobbe et al. (2023, p. 1187), argue that accountability can be understood as a mechanism. These mechanisms can be institutionalized through oversight boards (Bovens, 2010). Likewise, Korff et al. (2017) and Fox (2007), state that accountability can be materialized by setting up oversight institutions that, in turn, will adopt other accountability mechanisms, such as transparency, to complete the performance of supervisory duties in the light of accountability.

Accountability is applied in different fields, such as climate change, medicine, technology, law, and public administration. For instance, accountability in the medical field is applied as a social responsibility concept where all actors involved have a high degree of responsibility and accountability due to the significant impact of their work on society (Mohammadi et al., 2020). Bagave et al. (2022) argue that accountability applied in human-technology studies requires professionals to explain their decisions when using data or technological tools to support their tasks. This requirement can enable legal consequences on actors to justify their conduct or behavior (Bagave et al., 2022). Docksey and Propp (2023) have established that accountability is also used in the legal field; for example, the European General Data Protection Regulation (GDPR) recognizes accountability as the legal responsibility of data controllers to ensure data quality. Hood (2010) explains that accountability is a central point in public administration. It can be said that accountability in democratic societies supports the Rule of Law, subjecting all government organizations to the same scrutiny standards as the ones applied to citizens, preventing government arbitrariness against citizens (Naarttijärvi, 2019, 2023, p. 48; Cobbe et al., 2020).

Security work is characterized as defensive, meaning that it is designed to protect national security (van Buuren, 2009, p. 3). The main feature of intelligence work is offensive, characterized by investigations made abroad in the interest of national security. Security work requires intelligence to collect small pieces of information to prevent possible unwanted events threatening national security (Cayford and Pieters, 2018).

Traditionally, national security was seen as a necessity to protect from war. However, in recent years, protecting national security is also concerned with protecting the legal order. The Court of Justice of the European Union (CJEU) has established that the legal order may be understood as upholding the values of the rule of law, which the European Union has adopted.⁴ The Dutch government has broadly defined national security as the protection against threats that may jeopardize one or more critical interests of the Dutch state and the legal order that could result in social disruption (Ministerie van Justitie en Veiligheid, 2019).

Protecting the legal order may also be understood as fighting terrorism (Korff et al., 2017; Neumann, 2023, p. 18), which translates to international cooperation among intelligence and security organizations by processing and sharing data to combat common “enemies” (e.g., terrorism, extremism, cybercrime) that threaten European Values and Human Rights (van Puyvelde, 2020). For example, the Dutch government supports data sharing and international cooperation with other intelligence and secret services to combat jihadist terrorism (Belgian Standing Intelligence Agencies Review Committee, 2018, p. 3). These dynamics enable different actors, beyond traditional intelligence and security work, to cooperate and share information -including personal data- internationally (Bigo, 2019). Thus, it may argued that the work of intelligence and secret services has changed from the traditional view of national security and intelligence to protect the nation from war. With new threats, including cyber-attacks on the nations' infrastructures, intelligence and security operations have expanded to international cooperation with other partners. This cooperation includes deploying digital surveillance and sharing processed data to protect the legal order and prevent crime or terrorism (Arnold, 1952; Braat et al., 2017; Bigo, 2019; Jaffel and Larsson, 2023, p. 221).

In the Netherlands, the tasks of the Dutch Intelligence and Secret Service (“AIVD”) include conducting investigations and intelligence analyses against persons or organizations that may represent a threat to the democratic legal order, safety, or other vital interests of the Dutch nation.⁵ Similarly, they are tasked with security screenings.⁶ The scope and powers to conduct these investigations and intelligence analysis are governed under their legal framework, the Intelligence and Security Services Act 2017, or in Dutch de Wet van inlichtingen en veiligheidsdiensten 2017 (“Wiv 2017”). The AIVD is legally allowed to process data -including personal data- to protect national security, the legal order, and any other interests of the Dutch nation.⁷ For example, suppose the AIVD is granted permission to investigate a target suspected of terrorism. In that case, they may request airline passengers' data from Dutch customs to analyze data streams regarding the assigned task. However, the power or scope to conduct these investigations is limited to this specific target. It means that the AIVD cannot -or should not- use these powers to pursue other investigations, such as security clearance assessments regarding other individuals. In essence, the AIVD must not misuse their power to request information for purposes outside their assigned task. Otherwise, the misuse of power can lead to risks such as unlawfully breaching fundamental rights—e.g., the right to privacy.⁸

Intelligence and security work is a challenging task. Intelligence and security domains face different levels of complexity; every day, they deal with threats that may determine the stability or instability of a nation (Menkveld, 2021). Cayford and Pieters describe intelligence and security work as a difficult puzzle because apparent insignificant pieces of data or information may become significant. In contrast, apparent significant pieces of data or information may become insignificant. For instance, certain protestors may represent a more significant deal than others, leading to tipping points and major events. However, one of the problems that intelligence and security work face in identifying these risks is knowing where the “edge of chaos” lies.⁹ This point of uncertainty has led intelligence and secret services to favor gathering bulk datasets to fight potential threats.¹⁰ At this stage, it must be acknowledged that intelligence and security domains' role -or duty- is to save lives by preventing threats against national security and society (Cayford and Pieters, 2018). Thus, their work is essential because they assist decision-makers in becoming aware of threats and act against them (van Buuren, 2009, p. 5).

The previous section will inevitably lead us to consider privacy and data protection caveats in the work of intelligence and security domains. In principle, the term privacy can be vague and ambiguous (Solove, 2007, p. 754, 755). For example, the Wiv 2017 only provides us with the meaning of data, personal data, and data processing. However, the Wiv 2017 is unclear and does not define the meaning of privacy.¹¹

Pierucci and Walter, members of the Committee of Convention 108+, have declared that privacy and data protection are fundamental rights that must concern a democratic society living in the digital age. They have stated that these rights need adequate protection and cannot be compromised (Pierucci and Walter, 2020). Pierucci and Walter have stressed that this condition of a fundamental right is also recognized by the United Nations (Resolution 68/167), outlining that privacy and data should not be subject to unlawful or arbitrary surveillance because it violates the right to privacy and undermines a democratic society (Pierucci and Walter, 2020).

Naarttijärvi notes that under Articles 7 and 8 of the European Charter of Fundamental Rights (“the Charter”) and Article 8 of the European Convention on Human Rights (“ECHR” “the Convention”) (Naarttijärvi, 2018), privacy is a concrete recognized fundamental right as well as data protection.¹² Zuboff (2019) reflects on the right to privacy, outlining that it entails protecting one's information because privacy belongs to the most intimate sphere of a person. Although privacy, or the right to private life, has been settled by different national and international courts as a fundamental right protected against government intrusion, such as surveillance, the right to privacy is not absolute and is to be measured against other necessities, such as national security (Taylor, 2011).

In the previous section, we acknowledged that the work of security and intelligence domains can be difficult because sometimes they work under information uncertainty, making the case for justifying data processing. However, while acknowledging the necessity to protect the country from national threats, it is appropriate to highlight that collecting bulk datasets by intelligence and security domains is an intrusive method against the right to privacy. Thus, the collection of bulk datasets not only targets criminals or suspects of a crime but also targets innocent civilians who do not threaten national security. In this regard, intelligence and security work needs to be considered from both angles: the one that protects national security from threats and the one that requires due observance of fundamental rights, such as the right to privacy and data protection.

In summary, national security and privacy protection matter. Intelligence practitioners deal with threats to national security daily; they are bound to encounter uncertainties that must be untangled before they start putting puzzles together to protect national security. This challenge creates room for a gray area where intelligence practitioners face tradeoffs and decision-making that must be measured against a dynamic society governed by the rule of law. For instance, times of peace may not require the deployment of special powers that intrude into the right to privacy, while unsettling times may require the exercise of special powers. Not an easy task indeed. However, in democratic societies, these dilemmas warrant addressing accountability and oversight of intelligence and security domains (Naarttijärvi, 2019, p. 40; Hansén, 2023).

Grant and Keohane (2005) identify different accountability mechanisms, such as accountability within organizations, the state, courts, and peer accountability. Accountability may be materialized by introducing oversight to scrutinize the individual's or organization's use of public resources and supervising the use of legal powers or mandates (Wills and Vermeulen, 2011).

According to van Puyvelde, intelligence oversight in democratic nations has adopted different forms, such as implementing institutionalized mechanisms to supervise intelligence and security operations. These institutionalized mechanisms are predominately the legislative, the parliament, and the judiciary (van Puyvelde, 2013). Similarly, independent and objective media, interest groups, and civil society play a role as overseers (Born and Wills, 2012, p. 6). However, their role is restricted due to intrinsic facts surrounding intelligence, such as access and release of classified information (van Puyvelde, 2013).

Oversight mechanisms, such as parliament, judiciary, and independent boards, are also present in European intelligence and security work (European Union Agency for Fundamental Rights, 2023, p. 10). For instance, in the Netherlands, the General Intelligence and Security Services (Algemene Inlichtingen- en Veiligheidsdienst) (AIVD) is governed under different types of oversight: judicial, parliamentary, independent boards, and internal organizational control (Ministerie van Binnenlandse Zaken en Koninkrijksrelaties, 2023a).

The Vienna Commission 2007 said intelligence services are accountable -or scrutable- under the same principles of accountability governing all public servants (see text footnote 2). Stottlemyre outlines that intelligence officials do not serve the ruling regime in office. Instead, they serve the people; intelligence practitioners provide security for the people. Therefore, their assignment is “protecting individuals from fear -regardless of the political context” (Stottlemyre, 2023).

In the Dutch context, Wills and Vermeulen (2011, p. 41) are of the view that the Dutch intelligence and security services, as well as its ministers, ought to comply with the law and be subject to accountability. Similarly, Wills and Vermeulen (2011, p. 41) agreed that intelligence and security domains should account for their actions. This accountability process may be carried out through parliament oversight or independent oversight boards appointed by the parliament (Wills and Vermeulen, 2011, p. 41).

In intelligence and security domains, the actor-forum relationship can be complex due to a multi-layer of actors and forums, on occasion, playing hybrid roles. The complex actor-forum relationship involving citizens, their representatives, and other actors can be explained in Figure 1: citizens sit at the top of the pyramid, leading to different scenarios. Firstly, citizens entrust parliament to exercise control over the executive in national security administration. In this case, the distinction between actor and forum is straightforward: Citizens, as primary recipients of accountability, are considered the forum, while the parliament entrusted with scrutiny duties are the actors. The forum can punish the actors for their shortcomings by voting them out of parliament. A second scenario may arise; parliamentarians can become a forum to the executive or a particular minister -the actor- entrusted or assigned with national security and protection of fundamental rights. In this scenario, the executive or the concerned minister acts as accountable figures for their national intelligence and secret services and the scrutiny of the parliament. These political figures are responsible for providing an account to the public through the work of the parliament (Wills and Vermeulen, 2011, p. 41). There is a third scenario, and feasibly more, arguably more complex because one or more actors become a forum and vice versa. For instance, intelligence and security practitioners may be answerable to several forums. An intelligence practitioner -the actor- may be accountable to their director or leading minister -the forum. Simultaneously, intelligence practitioners and their organizations -as actors- may be required to provide account to independent oversight boards -the forum.¹⁸ Thus, intelligence practitioners are accountable actors caught in a complex actor-forum relationship. The complexity of the relationship between the actor and the forum may also lead to different challenges or frictions.¹⁹

Lastly, it is relevant to acknowledge that in holding an organization, such as intelligence and security domains, accountable, some literature may present a valid caveat: the problem of many hands (Cobbe et al., 2023, p. 1194). This problem argues that it is challenging to ascertain the responsibility of individuals who work as a collective (Bovens, 1998). Although, in legal or administrative terms, it may be challenging to ascertain individual responsibility -and liability, the literature supports that in this type of scenario, individuals are expected to act with a moral duty to act or behave positively (van de Poel et al., 2012). Thus, addressing and acknowledging that intelligence and security services are also bound under the same accountability principles of public service, being characterized as accountable intelligence actors, may provide an initial step toward solving the problem of many hands. Additionally, even in cases where legal or administrative individual responsibility is a challenge, the organization, the minister, and the government carry legal and political burdens to be accounted for (van de Poel et al., 2012, p. 14, 15; Bovens and Wille, 2021).²⁰

To summarize this section, we highlight the following: first, intelligence and security domains are to be treated under the same rules of public service accountability. Intelligence and secret services are accountable to the people they serve. The people are the forum, which delegates forum powers to the parliament to conduct oversight of intelligence and secret services. Similarly, the people have legitimized the parliament to extend forum powers to courts of law and oversight boards to supervise the lawfulness in which intelligence and security domains operate (van Puyvelde, 2013).

In broad terms, there are several reasons why democratic societies are or should be interested in accountability principles in public service organizations such as intelligence and secret services (van Buuren, 2009, p. 4). It is argued that accountability can motivate public servants, including intelligence and secret services, to uphold positive practices (Bagave et al., 2022). Newberry²¹ considers that accountability in public service serves at its heart as a tool to protect citizens from potential abuse of powers from both the government in office and the parliament itself. Similarly, the Vienna Commission 2007, about the work of intelligence and secret services, urges the implementation of accountability safeguards to prevent misuse of power and to provide learning opportunities (see text footnote 2).

When studying accountability applied to intelligence and security domains, it may be helpful to refer to international frameworks such as the European Court of Human Rights (ECtHR) in the Big Brother Watch and Others v. the UK (no.58170/13) case. The ECtHR has established that the work of intelligence and security domains needs to be confined to strictly acting within their legal duty, in other words, to act under the scope of their legal duty and power (see Table 3). This same principle was also confirmed by the Court of Justice of the European Union (CJEU) in La Quadrature du Net and Others (ECLI:EU: C:2020:791). Acting with the duty may be understood as applying what is prescribed or written by the law. The CJEU, in the matter of La Quadrature du Net and Others (ECLI:EU:C: 2020:79) (para 132), established that in cases of government surveillance and collection of bulk data, clear rules needed to be established by the law to enable intelligence practitioners to follow these rules. For instance, clear rules must be established to indicate how intelligence and security practitioners must handle personal data. These rules include the scope of their mandate and the safeguards implemented to minimize harm to fundamental rights when executing intelligence operations such as bulk interception of personal data.²³

In Table 3, we also find consensus within Dutch legal instruments regarding intelligence practitioners acting under their legal duty. For instance, Article 8 of the Wiv 2017 imposes a general duty of care on Dutch intelligence and security practitioners in the Netherlands. This duty of care may be understood as protecting national security, the legal order, or other national interests. Furthermore, Article 24 of the Wiv 2017 directly imposes a duty of care on the services regarding technologies and data processing.²⁴ It requires the AIVD to process data with due observance, meaning that the processing must have a specific purpose and be necessary to fulfill the tasks given to the AIVD.²⁵ This duty means implementing measures to ensure the quality of data processing, which, for example, requires the accuracy and completeness of data being processed, including algorithms.²⁶

Furthermore, in Table 3, we also find agreement among academic scholarship. Academics have found that, in practical terms, intelligence and security domains need to act within their duty. For instance, Vaage and Stenslie (2023) frame that an essential element of accountability in intelligence and security domains demands intelligence practitioners to follow the duty to speak the truth to decision-makers, meaning that intelligence and security practitioners must avoid contaminating the truth by the desires of political actors. van Buuren (2009, p. 5) supports this framing and endorses that the duty of speaking truth -or providing information- to decision-makers (e.g., political decision-makers or police enforcement) is within the context of acting in the best interest of national security and protecting the nation from threats.

The previous findings allow us to infer that a first step forward in finding workable accountability principles is to determine the scope of the duty of intelligence and secret services so they can have clear boundaries to act upon and to be accountable for. We denominate this first principle applicable to intelligence and security domains as the “acting within duty” principle.

Previously, we stated that in the context of intelligence and security domains, establishing a duty and acting within the duty is necessary to enable the accountability process within these organizations. Similarly, the accountability process is supported by explaining or justifying actors' actions.

Explainability is required for small and complex decision-making, such as human-technology interactions or assessing international data exchanges with other counterparts. For instance, Table 3 shows that the ECtHR in Big Brother Watch and Others v. the UK (paras 382, 383, 417) set explainability as a key principle of accountability. The ECtHR found that British intelligence and secret services needed to explain or justify the bulk retention, processing, and analysis of personal data.²⁷

In the Dutch intelligence and security domains, we have noted that their legal frameworks allow them to use data and technologies. For instance, Dutch practitioners can utilize automated data analysis to analyze the bulk interception of cable communications.²⁸ However, as shown in Table 3, Dutch practitioners are prohibited from making decisions solely based on the outcome of automated technological tools. We infer that under Article 60(3) Wiv 2017, the accountability principle conditioning the use of data and technologies is subjected to the accountability of the human in the loop to explain their decisions.

The literature provides essential clues regarding studying key accountability principles applied to public service organizations. In Table 3, we find that Doshi-Velez et al. (2017), de Bruijn et al. (2022), and Fest et al. (2022) have stressed that accountability in public service requires government bureaucrats to justify and explain their decisions, mainly when using technological development. This justification or explainability of decision-making when employing technologies in public organizations supports accountability and promotes public trust in government services (Doshi-Velez et al., 2017). For instance, Fest et al. (2022) explain that this need for explanation or justification is presented among police officers; they translate this obligation to explain or justify the use of algorithms as part of being accountable actors in public service. Following the actor-forum relationship doctrine,²⁹ we note that the explainability element includes justifying decision-making, as Molander et al. (2012) pointed out. Similarly, the effect of explaining decisions when, for instance, dealing with data or technological tools is that it can enable citizens' trust in their governments providing services (de Bruijn et al., 2022). Meijer and Grimmelikhuijsen (2020, p. 60–62) agree with these scholars and endorse that the explainability element allows citizens to trust the government's services. Thus, humans in the loop working in public service—e.g., intelligence practitioners- are accountable to citizens for explaining how they use data and technologies (Constantino, 2022). This obligation, or burden of proof, on the part of the decision-maker to explain their decisions creates an incentive for the decision-maker to question technology outputs (de Bruijn et al., 2022). The obligation of intelligence and security domains to explain and produce justifications when utilizing personal data and technological tools supports accountability (Kamer, 1998).³⁰

Demonstrating necessity as part of being accountable is another element in which we found agreement across different frameworks. Necessity applied to the work of intelligence and security operations may be explained as meeting the threshold to show a reasonable, clear, and legal purpose for the use of data (Belgian Standing Intelligence Agencies Review Committee, 2018, p. 5). In Table 3, we find an agreement between the ECtHR and CJEU regarding the principle of necessity in intelligence and security operations when interfering with the right to privacy. For instance, the ECtHR in the matter of Big Brother Watch and Others v. the UK (paras 311, 334, 355, 365) established that the collection of bulk data, although it breaches the right to privacy protected under Article 8 of the ECHR, might be only allowed in certain circumstances such as protecting national security (Hages and Oerlemans, 2021). Therefore, interference with fundamental rights, such as privacy, must be reasonably justified by demonstrating genuine necessity. Contrarily, if humans in the loop working in intelligence and security domains cannot demonstrate necessity, their actions may be regarded as unlawful, breaching Article 8 of the ECHR (see: Big Brother Watch and Others v. the UK, paras 424- 426). The same reasoning was displayed by the CJEU in La Quadrature du Net (ECLI:EU:C: 2020:79) (paras 121, 129), establishing that bulk data collection or government surveillance needed to demonstrate to be necessary to protect overall the rights and freedoms of citizens fostered by the rule of law and the European Union principles.

Dutch legal frameworks have also confirmed the principle of necessity when accounting for interference with the right to privacy in intelligence and security operations. Table 3 illustrates that the Dutch Court of the Hague established that Dutch intelligence practitioners had acted lawfully in their operations, having shown the necessity to protect national security.³¹ The Court heard the question of whether the Dutch government was allowed to use data intercepted by the United States intelligence and secret services without knowing whether such data collection infringed fundamental rights and Dutch law. The Dutch court submitted that the AIVD was authorized to engage in international cooperation in cases where it was demonstrated to be necessary. In this matter, the ground of necessity was focused on the importance of Dutch national security. The Dutch Court established that the interests of individuals or particular groups, such as the right to privacy and data protection, were subjected to the protection of national interests.³²

The requirement of necessity works to protect citizens against unwanted government intrusion. The purpose of introducing necessity as an accountability principle in intelligence and security operations is to protect citizens from disproportional government surveillance, as subscribed by Milaj (2016) in Table 3. Cooper, in Table 3, also stresses the need to introduce the necessity principle in intelligence and security operations to require the decision-maker, humans in the loop, to demonstrate that their actions warrant necessity.³³ Similarly, Bigo et al. (2015) have argued that national security should not prevent the necessity principle from being overlooked in intelligence and security operations.

Accountability in intelligence and security operations is complex and requires more than demonstrating a legal ground or power to act. It also requires other elements, such as showing that the actions of intelligence actors were proportional. In Table 3, the CJEU in La Quadrature du Net (ECLI:EU:C: 2020:79) (paras 113, 121, 129, 130, 131) found that any measures, such as collecting citizen's data infringing the right to privacy need to have regard to the principle of proportionality. Proportionality allows a holistic assessment, weighing different values in the face of the necessity presented at a given moment.

Proportionality is also addressed in Dutch intelligence and security domains, see Table 3. For instance, Article 26 of the Wiv 2017 requires the AIVD to collect (personal) data having regard to the circumstances of the case. In other words, accountable intelligence actors, in the course of their duties, must consider the seriousness of the threat against the protected interest, including national security and privacy as fundamental rights. AIVD practitioners are called to account to assess whether the use of special powers is proportional to the threat.³⁴

Following international and national frameworks, academics also agreed that proportionality is a key factor in balancing the powers given to intelligence and security domains. For instance, in Table 3, Enqvist and Naarttijärvi (2023) sustained that the proportionality requirement is essential because it balances the purpose for which the data is being used; this balance is measured against the protection of fundamental rights, such as limiting the right to privacy protection against an overwhelming threat to national security. Lastly, as hinted previously, these key accountability principles are intertwined in a way that it is plausible that the proportionality assessment may change according to the necessity (Belgian Standing Intelligence Agencies Review Committee, 2018, p. 5). Thus, as stated by Joel (162), it is plausible to ascertain an overlap between the necessity and proportionality principles, both heavily applied by European frameworks to call to account intelligence and security domains. Lastly, following the view of Milaj-Weishaar in Table 3, the fact that a legal mandate may allow the breach of privacy rights on the grounds of national security does not mean that necessity or proportionality assessments can be avoided. Instead, intelligence and security domains must take into account in their decision-making the necessity of the interference followed by its proportionality regarding the specific case (Milaj-Weishaar, 2020).

In addition to the previous accountability principles presented. Table 3 shows that record keeping and reporting are essential accountability features supported by international instruments. This principle is relevant in the work of intelligence and security domains. The record keeping requirement in intelligence and security domains is addressed by the European Court of Human Rights (ECtHR) in the Big Brother Watch and Others v. the UK (para 356), establishing that intelligence and security domains must record in detail each step of the process for bulk interception of data. This recording requirement in accountability is necessary because it enables the possibility to scrutinize the work of intelligence and security domains, opening up opportunities for organizational improvement.³⁵

The Dutch intelligence and security domains also acknowledge reporting as an enabler of accountability. In Table 3, we describe that under Article 27 of the Wiv 2017, the AIVD is compelled to draw up a report regarding the destruction of unnecessary data collected by them. In the Dutch intelligence and security frameworks, under Article 12 of the Wiv 2017 they are also required to produce annual reports.

In the literature, we also find agreement regarding the record keeping and reporting requirement to allow greater accountability of intelligence and security domains. For instance, in Table 3, Wetzling established that accountability safeguards are tangible when implementing record keeping and reporting obligations in intelligence and security domains (Wetzling, 2019; Bagave et al., 2022, p. 23). Gill (2023) also suggests that adequate record keeping can help oversight boards identify the shortcomings of intelligence and security domains, particularly in fundamental rights breaches. Taylor (2011) identifies the failure or poor record keeping in intelligence and security operations as possibly undermining adequate oversight of intelligence and security domains. Thus, we submit that record keeping and reporting are essential features for the workability of accountability in intelligence and security domains because they enable scrutiny of intelligence and security domains, providing means to improve professional practices.

Accountability principles also foster redress because they allow the identification and address of injustices made to citizens who have suffered wrongdoing by the government (Braithwaite, 2006, p. 35). In Table 3, we observe that international frameworks such as the ECtHR in Big Brother Watch and Others v. the UK (no.58170/13) (paras 359, 413, 425) stressed the need for redress as part of accountability in intelligence and security domains. In the case of unjustified or unlawful data processing in the context of national security, redress may be operationalized by providing binding powers to independent boards to require the destruction of data unlawfully obtained by intelligence and security domains (Bovens and Wille, 2021). Similarly, the European Union Agency for Fundamental Rights supports that redress can be used to require intelligence and security domains to destroy personal data unlawfully obtained (European Union Agency for Fundamental Rights, 2023, p. 27).

Table 3 shows that Dutch intelligence and security domains are subjected to redress principles. For instance, the AIVD can amend or prevent unnecessary infringement of privacy rights by destroying personal data that have lost purpose or are unnecessary in fulfilling intelligence and security duties.³⁶ Similarly, Article 124 of the Wiv 2017 provides redress measures by imposing administrative sanctions on the AIVD. These administrative sanctions may be materialized in orders to terminate intelligence and security operations or orders against the AIVD to delete or destroy data they process.³⁷

There is an overwhelming agreement across scholars regarding redress. For instance, in Table 3, we observe that Braithwaite (2006, p. 35), Fox (2007), Doshi-Velez et al. (2017), Korff et al. (2017, p. 12), Bovens and Wille (2021), and Docksey and Propp (2023), agree that a tangible characteristic of accountability in intelligence and security domains is the implementation of redress measures. In summary, we have learned that redress in intelligence and security services is materialized through binding orders to require accountable intelligence actors to stop or destroy unlawful or unneeded data processing.³⁸

Another key principle of accountability in intelligence and security domains is the operationalization of independent oversight. This section observes the agreement across different authorities regarding the implantation of oversight in intelligence and security domains.

In Table 3, we observe that the ECtHR established the requirement of oversight in intelligence and security domains. For instance, in the case of Big Brother Watch and Others v. the UK (no.58170/13) (paras 350, 361, 381), the ECtHR said that in matters of government surveillance, it is necessary to have continuous appropriate oversight to supervise the use of special powers—such as surveillance and bulk data processing—of intelligence and security actors. The ECtHR established that continuous oversight is the counterbalance to safeguard fundamental rights against the powers given to intelligence and security domains (paras 349–350, 354). Similarly, the ECtHR highlighted that independent oversight boards' powers must be robust to limit the effects of the infringement on fundamental rights (para 356).

Furthermore, Table 3 shows this trend in accepting independent oversight to protect fundamental rights against the powers given to intelligence and security domains. For instance, the Vienna Commission 2007 has stated that to foster accountability in intelligence and security domains, independent oversight needs to be done end-to-end (prior, during, and after) (see text footnote 2). Similarly, in 2014, the European Parliament called on the Netherlands to put independent intelligence oversight boards in place to satisfy the European Convention on Human Rights (European Parliament, 2014).

In Table 3, we observe that, in 1997, the Dutch Parliament agreed that intelligence and security domains must welcome the opportunity to be subjected to end-to-end independent oversight to protect fundamental rights, such as the right to privacy (Kamer, 1998). This desire from the Dutch parliament to implement end-to-end independent oversight was materialized through Article 36(2)(3) of the Wiv 2017, introducing the TIB, which conducts prior legality assessments regarding the AIVD's operations. Similarly, under Article 97(3)(a) Wiv 2017, a second oversight board, the CTIVD is tasked with assessing the lawfulness of the AIVD's operations.³⁹ The CTIVD supervises the AIVD's ongoing and completed operations.

International and national instruments and scholars agree upon the need for continuous independent oversight. In Table 3, Vieth-Ditlmann and Wetzling (2021) agreed that independent oversight in intelligence and security operations is necessary to safeguard citizens' rights against unlawful intrusive measures exercised by intelligence and security domains. Similarly, Aucoin and Heintzman (2000), van de Poel et al. (2012), and Bovens and Wille (2021) conceive the idea of continuous independent oversight as a tool to mitigate human or organizational errors that may harm citizens. While Ryngaert and van Eijk (2019) suggest that independent oversight of intelligence and security domains contributes to privacy and data protection safeguards.

Lastly, Ossege (2012) addresses independent oversight of intelligence and security domains, outlining the complexities this mechanism may bring to the actor-forum relationship. The caveat regarding oversight is that, in some cases, it may be treated as a power game rather than a tool to safeguard citizens' rights and provide a means for organizational improvement. Making independent oversight work in the actor-forum relationship will require productive relationships between the parties to achieve workable accountability principles in intelligence and secret services. For instance, it may be necessary for the actor to be more cooperative while the forum to be more flexible. This last caveat regarding oversight will be addressed in the following paragraphs.

Previously, we have addressed some key principles of accountability that can be implemented in intelligence and security domains to safeguard fundamental rights. In this section, we will detail some conditions that support the workability of these accountability principles in a way that provides room for intelligence and security operations while safeguarding other fundamental rights. These conditions supporting workable accountability are summarized in Table 4.

The Netherlands Court of Audit (Rekenkamer, 2021), in its 2021 Report, highlights some of the tensions -or struggles- in the AIVD and the implementation of accountability principles imposed by the Dutch Intelligence and Security Services Act 2017 (Wet op de inlichtingen- en veiligheidsdiensten 2017, “Wiv 2017”). The legislation brought forward two oversight boards to supervise the AIVD to safeguard fundamental rights against the prerogative given to the AIVD to deploy special powers on the grounds of national security. These supervisory boards are the TIB and CTIVD (see 3.4.3 Independent oversight boards). These boards have been tasked to enforce principles of accountability, such as conducting legality assessments primarily focusing on necessity and proportionality in the operations of the AIVD (TIB Annual Report 2021).

The Report has established that the accountability principles brought by the Wiv 2017 have been underestimated and challenging, stating no fault of the AIVD, the TIB, or the CTIVD in implementing accountability. Instead, the Report considers that the parliament and executive needed to evaluate the practical consequences more in-depth regarding the implementation and capabilities for compliance with these new accountability principles in the AIVD. For instance, there is a need to invest resources in more specialized staff to ensure compliance with principles of accountability.

Similarly, the Report stresses the need for the workability of accountability principles in the AIVD to support the AIVD's operational capacity and future-proofing power. At first glance, we can ascertain that this workability may refer to the professional practices that facilitate the fulfillment of accountability principles. As such, we see it appropriate to discuss these issues in light of our proposed workable principles of accountability in intelligence and secret services.

We have established the need for intelligence and security work to protect the nation from threats. We have mentioned the difficulty of their job in gathering small and big puzzles. Intelligence and security domains are constantly evolving and catching up with technological development, which means that inevitably, the work of intelligence and security practitioners will affect citizens' lives; there may be instances where interference with citizens' privacy and personal data is necessary and justified (Jaffel and Larsson, 2023; Cayford and Pieter, 2018). At this point, it may be appropriate also to acknowledge that not all data collected may be helpful for intelligence and security practitioners without having contextual knowledge of the data or information at hand (Flyverbom, 2016). Similarly, unwarranted surveillance can lead to chilling effects and distort social behavior in the digital ecosystem.⁴⁵

The power to interfere with the right to privacy, for instance, by collecting and sharing personal data, does not mean a free pass for intelligence and security domains. Instead, the balance between security and privacy, including personal data, requires a closer look at the boundaries of the rule of law in the context of national and international legislation governing a democratic society (Naarttijärvi, 2018; Docksey and Propp, 2023). A society without privacy protection would be a suffocating society (Solove, 2007, p. 768).

Accountability in intelligence and secret services means the opportunity for checks and balances in a democratic society to protect citizens' fundamental rights when deploying government surveillance tools and practices (see text footnote 10). For instance, the accountability dialogue in intelligence and secret service can start by acknowledging that any action infringing fundamental rights needs to be well-established or outlined under a legal mandate -prescribed by the law- to set clear boundaries in a democratic society.⁴⁶ This measure can allow intelligence and secret services to be bound to act within the scope of their duty and clearly understand what they will be accounted for. It creates fairness and certainty for intelligence secret services practitioners and civil society. It can result in further advantages, such as providing more substantial legitimacy and resilience to the work of intelligence and secret services.

Applying accountability principles and making them work in intelligence and security domains is a balancing act. Section 4 has taught us that accountability principles are intertwined; one cannot be applied in isolation. Thus, one or more principles must be applied in conjunction to achieve the desired outcomes of accountability, as previously studied in Section 3. Moreover, as seen in Section 4, applying accountability does not need to be inflexible or oppressive. Instead, the success of accountability may be supported by productive relationships that allow room for cooperation or flexibility in the complex actor-forum relationship.

The powers given to intelligence and security domains must be balanced against necessity and proportionality principles. For instance, necessity and proportionality are established by the CJEU in La Quadrature du Net (ECLI:EU:C: 2020:79) (paras 201, 215, 218), stating that actions of intelligence and security services needed to be justified by a genuine and severe threat. The decisions of the AIVD may be easily justified if the organization approaches necessity and proportionality principles as part of its routine. Adhering to these principles can minimize situations where the forum -supervisors such as the TIB or CTIVD- may object to executing special powers. For example, suppose the main task of the supervisors is to oversee the compliance of necessity and proportionality principles. In that case, the AIVD may take a proactive role to convey to the supervisors to accept that the AIVD has already satisfied these principles.

Furthermore, Dutch intelligence and security services have a duty of care concerning processing personal data and using technological tools.⁴⁷ This duty of care embraces principles of accountability to justify decision-making as to how and why intelligence practitioners decide to take or adopt specific routes in their investigations -including using or not using intrusive means to obtain and share personal data. This duty leads us to the principle of reporting and record keeping (Born and Wills, 2012, p. 10). “Streamlining” the accountability processes may be possible by embedding routine short tasks to report and keep records of key procedures while deploying technological tools or collecting personal data. In police practice, officers have a diary to write down key elements of significant things they have encountered daily. For example, when conducting an arrest, they will take note of the circumstances and how they proceeded. This same approach to proactively reporting and keeping records, by default, in the AIVD allows the AIVD to comply with reporting and record-keeping and provides a platform to justify their decision-making during their operations. These “by default” actions may be uploaded or recorded on a system where supervisors and the AIVD can easily access the information. These measures can save time in the AIVD and support productive relationships between the actor and the forum. Similarly, supervisors such as the TIB and CTIVD can show a willingness to cooperate by accepting these notes or records as part of the AIVD justification obligations to keep records and justify decisions. Lastly, it is worth noting that reporting should not only focus on the efficiency or effectiveness of the AIVD. Instead, reporting can also provide significant attention to legality procedures and assessments (Cayford et al., 2018).

Another strategy for workable accountability requires the actor and forum to have a degree of flexibility and cooperation and, to some degree, value alignment. We have learned that actor-forum relationships, in this case, the relationship between the AIVD -the actor- and the TIB and CTIVD -the forum- are bound to be awkward and, sometimes, uncomfortable. This can be explained by the fact that each party has different mandates. For example, the AIVD protects national security. On the other hand, the TIB and CTIVD are tasked with supervising the work of the AIVD through legal assessments regarding the AIVD's actions. Both parties have conflicting world views -at least of their mission. However, both are committed to principles of accountability, such as acting within their duty or providing justifications. One is committed to protecting the nation against threats; that is their duty, and they are accountable for that. The other one is committed to protecting fundamental rights; that's their duty, and they are also accountable for that. Both are accountable and have in common serving their nation and protecting people. Thus, accountability can be seen as an awkward couple because there will be common agendas, but they may also have different mandates to fulfill. Hence, their relationship can be complex. To alleviate these tensions, both parties can add some flexibility and cooperation so both can get on with their tasks.

It is argued that inflexible accountability mechanisms, such as inflexible oversight boards, can reduce the ability of public servants to adapt their decision-making to the particular needs of the task -such as acting rapidly when the nation is at risk. Dutch intelligence agencies claim that the existing legal accountability mechanisms placed by legislation passed in the Dutch parliament create an undue burden on them that is so great that they increasingly struggle to fulfill their mission of protecting the country's security (Rekenkamer, 2021).