Dutch tax office falls foul of GDPR rules
The Dutch tax office breached privacy rules for seven years by holding data on more than a quarter of a million citizens in a list of possible fraudsters, a data protection watchdog has concluded.
In a report published last week, the Dutch Data Protection Authority (DDPA) found that the Tax and Customs Administration unlawfully used personal data to create a blacklist of around 270,000 people between 2013 and 2020, breaking domestic privacy laws and latterly GDPR.
Many of the details contained in the list had been entered with no clear purpose – the authority estimates that there was little or no justification for including almost half of the entries on the list – were not surely held, and were often kept for an excessive length of time, the DDPA found. These factors constitute a breach of the GDPR principles, which came into force in 2018.
“Of course, the tax office has to tackle fraud. But our research shows that the tax office registered fraud signals and used them in a way that is absolutely not allowed,” chairman of the DDPA, Aleid Wolfsen, said, as reported by AP News.
Wolfsen added that those blacklisted “could not defend themselves and… could not be removed from the list” and that this “created a gap in legal protection”.
The breach compounds the administration’s already sullied record, following an investigation into the practices it used to unearth child welfare fraud between 2017 and 2019. The DDPA said the tax office used data on citizens’ dual nationality to assess claims, which created a discriminatory system. Thousands of families – many from ethnic minority backgrounds – had their benefit payments stopped unjustly and received demands for repayments that were not owed. This was found to have led to unemployment, bankruptcies and divorces.
“The whole system was set up and used in a discriminatory manner,” Wolfen said.
Concerns raised
Director of the Federation of Dutch Trade Unions (FNV), Van Vliet, said that though employees raised concerns about the list of possible fraudsters, they were told to adhere to existing protocols and rules by their supervisors. “That’s where it went wrong,” he said.
The trade union for employees of the Tax and Customs Administration and the Ministry of Finance, Nederlandse Categoriale Vakvereiniging Financiën (NCF), said budget cuts were partly to blame for the breach.
“Fighting fraud is a profession in its own right and you cannot automate it through a system. That requires a human touch,” said NCF chairman, Albert van der Smissen, as reported by online news site Blaze Trends.
The fraud system that resulted in the discriminatory targeting of families was officially shut down in 2020. In January this year, the Dutch government resigned after admitting responsibility for the false accusations levelled at claimants.
About Jack Aldane
Jack is a British journalist, cartoonist and podcaster. He graduated from Heythrop College London in 2009 with a BA in philosophy, before living and working in China for three years as a freelance reporter. After training in financial journalism at City University from 2013 to 2014, Jack worked at Bloomberg and Thomson Reuters before moving into editing magazines on global trade and development finance. Shortly after editing opinion writing for UnHerd, he joined the independent think tank ResPublica, where he led a media campaign to change the health and safety requirements around asbestos in UK public buildings. As host and producer of The Booking Club podcast – a conversation series featuring prominent authors and commentators at their favourite restaurants – Jack continues to engage today’s most distinguished thinkers on the biggest problems pertaining to ideology and power in the 21st century. He joined Global Government Forum as its Senior Staff Writer and Community Co-ordinator in 2021.
Related Posts
