Dutch DPA still identifies privacy risks within the government

The Dutch Data Protection Authority (Dutch DPA) has identified and listed the trends and developments in the area of privacy that are currently going on within the government. The Dutch DPA sees that the government has taken steps, but is still struggling to meet the requirements of the privacy legislation.

The Dutch DPA notes in its Government sector view that:

  • The knowledge of the privacy laws and regulations within the government sometimes leaves much to be desired, in particular where managers are concerned.
  • The position of the internal privacy supervisor, the Data Protection Officer (DPO), is under pressure in some cases.
  • Governmental organisations sometimes knowingly exceed the limits set by the law. For example, when identifying fraud (think of fraud risk algorithms). But also the opposite: that managers do not dare to take action, because they – wrongly – see the privacy laws and regulations as an impediment.

More data, greater impact on citizens

Governmental organisations collect more personal data than ever and also want to link these data more often than ever. The risk of citizens getting into difficulties is big if the government does not handle their personal data correctly. Major examples of this are the allowance affair and the data breach at the Joint Health Service GGD during the corona pandemic, but also think of the use of ill-considered algorithms by the Employee Insurance Agency UWV and the Education Executive Agency DUO.

Monique Verdier, vice chair of the Dutch DPA: ‘As a citizen, you are obliged to share data with the government. Often, these are highly sensitive data. Obviously, you assume that the government will handle your data with due care, that they cannot fall into the wrong hands. And that the government does not treat you unfairly or discriminate against you, based on your personal data.’

Not lose sight of privacy interests

At municipalities as well, the Dutch DPA sees an increasing need to share and link data. This is often done with the aim of helping someone with a request for care, countering debt problems, or stopping crime. These are good intentions, but a proper protection of your citizens and their data is part and parcel of this.

Monique Verdier: ‘There is still a lot of work to be done by the government. Unfortunately, this was also apparent in the past years, from the series of grave abuses involving data processing by the government. These abuses startled society and damaged the confidence of citizens in the government. To restore that confidence, the government will have to show that it takes the privacy rights and the interests of citizens seriously and makes every effort to protect them properly.’