Use of personal data by the police
The police use all sorts of data for the proper performance of police duties. Has a crime been committed, for example? Then the police record data of the victim and any witnesses. The police need these data for conducting an investigation.
The police are only permitted to process personal data for a specific purpose. For example, for detecting perpetrators of punishable offences or for ensuring public order. The data that the police process have to be necessary for achieving the purpose.
On this page
Use of special personal data
Only in exceptional cases are the police permitted to record and use special personal data. These are data about, for example, someone's religion, race/ethnicity, political preference and health. The police are only allowed to do this if it is necessary for the investigation, the provision of assistance or another police duty.
Access to data at the police
Not everyone who works at the police has access to all data. Because the police process such sensitive personal data, the law sets strict requirements to the system that regulates who has access to what.
Necessary for doing the job
Employees of the police are only allowed to access personal data that they need for doing their job. They are not allowed to do anything with personal data (such as collecting and storing personal data) if this is not necessary for their work.
Describing authorisations
The police have to describe clearly for what an employee has been authorised. And therefore, what this employee is allowed to do with personal data. There must be, for example, an overview of which employee has access to which police system and why.
Transfer of personal data to other organisations
The police may transfer personal data to other organisations or persons within or outside the police. Authorised recipients of such data transfers can be found in the Police Data Act (Dutch abbreviation Wpg) and the Police Data Decree (Dutch abbreviation: Bpg). These are a special Act and a special decree for the protection of personal data at the police.
Examples are the Dutch Immigration and Naturalisation Service (IND), directors of prisons, the probation service, partnerships within the municipality, and Europol.
Use of camera images by the police
The police are permitted to use camera images recorded using camera surveillance by the municipality in public places. In certain cases, the police are also allowed to deploy cameras in public places themselves. Such as short (mobile) camera surveillance at a high-risk professional football match, (threatening) riots, an event or a demonstration. The police may also deploy (hidden) cameras as a means of investigation. Special powers are required for such camera surveillance.
Disclosure of data of suspects
The police have more scope for disclosing personal data than other organisations. This has been set out in the Wpg. That is why the police are allowed to disclose names and photos of suspects in special cases. This is only permitted if this is necessary for the performance of statutory police duties.
Consent from the Public Prosecution Service (OM) required
The police have to justify that there is an important public interest, such as security. The OM therefore has to consent to the disclosure of the personal data of a suspect. The police and the OM check if the purpose of the investigation is proportionate to the impact on the private life of a suspect as a result of the disclosure of, for example, the name or images of that suspect.
Less far-reaching methods
The police will also have to see whether there are less far-reaching methods for achieving the same purpose. For example, the impact on the suspect is less significant if the police publish ‘blurred’ versions of the images. Or if the police announce that the name and the photo of the suspect will only be released if the suspect does not report themselves to the police before a certain time.
Blog or vlog by the police
The police are not permitted to use names or images of suspects in blogs or vlogs. A blog or vlog kept by a police officer is often intended to provide information about police work. This is not a statutory police duty. That is why it is not permitted to use data that can be traced to suspects for this purpose.
Not the Wpg, but the General Data Protection Regulation (GDPR) applies for information. Under the GDPR, organisations must have a legal basis for processing personal data. This applies, for example, when:
- a citizen can be recognised in an image in a vlog;
- an employee of the police recruits new colleagues using a blog.
The police have also made agreements about the use of social media themselves (in Dutch).
Also see: Privacy legislation for police and judicial authorities.