The Dutch security service AIVD broke privacy laws in its research into social media and wrongly hacked into website forums to gather information on all users, regulators said on Thursday.

The report by the security service regulator CTIVD says five hacking operations were not properly motivated and were therefore unlawful. The hacks were carried out on behalf of foreign security agencies, the NRC reports.

In four other investigations, privacy regulations were broken disproportionately, the CTIVD said.

Forums

These were large general web forums without a radical or extremist tint, and the privacy of a large number of ordinary citizens was wrongly invaded. The CTIVD did not mention any forums by name but the NRC cites website Maroc.nl as a possible example.

At the time the NRC first reported on the scandal, home affairs minister Ronald Plasterk said the hacking was within the law.

In a reaction to the findings, Plasterk said he had instructed the AIVD to tighten up its procedures but stressed research into websites is necessary to allow the security service to do its job properly.