The Data Processing (Cooperative Societies) Bill (WGS) should not be adopted by the Dutch Senate; that is the position the Dutch Personal Data Authority (AP) has taken. The WGS would not only give government and private organisations ‘very broad’ powers to exchange personal data but would go even further than the fraud detection system SyRI. The latter has already been banned by the courts.
In a press release, the AP therefore announced that it is calling on the Senate to not adopt the WGS in its current form. Whilst the AP has already advised on two earlier draft bills, the last and third opinion concerns the final text.
Data Processing by Collaborative Societies Act
The bill enables large-scale data exchange between partners of government agencies and private parties (further defined hereunder). The main purpose of this data exchange is the prevention of serious crime. The current proposal designates four organisations that can make use of the powers set out in the WGS:
- – Financial Expertise Centre (FEC);
- – Infobox Criminal and Inexplicable Wealth (iCOV);
- – Regional Information and Expertise Centres (RIECs);
- – Care and Safety Houses (ZVH’s).
On top of this list, the police, the judiciary, and the tax authorities are also included enabling them to share this data with other parties (i.e. banks). In addition, the WGS enables the government the possibility to designate new partnerships which will in turn have the same data sharing rights as explained above.
Many risks for large numbers of data subjects
There is an important public interest in preventing and fighting serious crime that sometimes requires far-reaching restrictions on privacy. However, the AP believes that the current proposal poses too many risks to a large number of data subjects.
An important criticism made by the AP is that the WGS may affect various principles of criminal and administrative law (for example the presumption of innocence).With the way that the bill currently is designed, there is a chance that citizens – but also their family and friends – will be put through a similar ‘investigation’. Importantly, the more vulnerable of society are more likely to come into contact with these government agencies and will therefore also be subjected to frequent data exchanges.
Vague definition of ‘purpose’
In addition, the purpose of sharing and analysing personal data is not sufficiently defined. According to the bill, it concerns ‘important general interests’, however those are not sufficiently defined . The AP therefore finds this description much too vague. Organisations under this scheme are already allowed to exchange data with each other on the basis of ‘a signal'(the latter also not being defined). It is also not specified which other parties the data may be shared with.
Limitation of Legal Protection
This lack of transparency means that it is not clear to those involved what information is exchanged with whom and what the consequences are. As a result, data subjects are unable to properly exercise their rights. Citizens can not only unjustly end up on the ‘wrong list’ , but the WGS can have far-reaching consequences for those involved. First and foremost, the bill does not provide any clear safeguards to prevent this: the legal protection of citizens is therefore too limited. These problems were previously identified by the Human Rights Board.
Breach of secrecy obligations
Another important point is that existing legislation often includes a duty of confidentiality for government agencies. After all, citizens and companies must be able to assume that the data they provide will be safely stored. With the introduction of the WGS, many of these obligations (i.e.secrecy) will be broken. The AP warns that this could drastically change the relationship between citizens and the government making citizens less inclined in sharing information with the government.
Finally, according to the AP, the proposed WGS also carries a risk of mass surveillance. The bill allows a large number of authorities to share personal data with each other, without there having to be a clear indication to do so. Moreover, it is so broad that it concerns not only government agencies, but also private parties with the government being allowed to designate new cooperative agreements. This is done without including another legislative body: the Parliament.
The AP points out that this proposal goes even further than the controversial fraud detection system SyRI (System Risk Indication). The use of that system was banned by the District Court of The Hague in early 2020, after interest groups started a case about it (represented by SOLV lawyer Douwe Linders). You can read more about this SyRI judgment here. Although the government states that the WGS is not intended to be the successor to SyRI, the proposal does seem to have adopted parts of it that seem oddly similar.