In July 2020, we wrote about "1043 project”- the practice of the tax and customs service to “mark” citizens as possible fraudsters. The criterion for such a hidden "marking" and getting into the "black list" of the tax service was often the origin, namely dual citizenship or immigration from Eastern Europe. Tens of thousands of law-abiding citizens fell under the sight of the tax authorities, many were forced to return previously received subsidies and benefits. Litigation began with the tax service.
And today, April 12, 2022, The media blew up the news that the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) imposed a fine of 3,7 million euros on the Ministry of Finance for the so-called Fraude Signalering Voorziening (FSV) - a "black list" of taxpayers. As you know, the Tax and Customs Administration reports to the Ministry of Finance, so the Minister of Finance, Sigrid Kaag, is ultimately responsible.
What is the nature of the violation?
The tax authorities have kept the personal data of potential fraudsters for years. The Tax and Customs Administration registered the personal data of possible fraudsters through the FSV from 2012 to March 2020. Moreover, an early analogue of this mechanism has been functioning since 2001.
Registering personal data in this way for twenty years is an offense of unprecedented magnitude, according to representatives of the Data Protection Authority. Personal data was stored for no good reason, without a clear purpose, carelessly, without adequate protection and for too long. Quite a lot of tax officials had access to a poorly protected system.
The tax authorities violated the GDPR privacy law on many counts.
Recall that in December 2021, the Data Protection Authority already fined the tax authorities due to the scandal with the allowance. Then the tax authorities paid a fine of 2,75 million euros to the state treasury for an unlawful claim for the return of child care allowance, for which parents had to return a large amount as a result of false suspicions of fraud.
The rationale behind the sanctions from the tax service was the dual citizenship of the parents. The tax authorities violated privacy. The Tax and Customs Service was supposed to remove data on dual citizenship in 2014, but in May 2018, there were still 1,4 million dual citizens in the tax authorities' systems.
Dual citizenship has been used as a criterion for assessing taxpayer risk in the fight against organized fraud. This is an absolutely illegal and discriminatory criterion for assessing taxpayers.
Who got hurt?
The use of the "black list" by the tax service affected not only the recipients of subsidies and benefits, who were forced to return large amounts to the state treasury due to unfounded suspicions of fraud. The discriminatory practice of the tax authorities concerns the interests of wider groups of the population.
The "black list" includes 270 thousand people, including 2000 minors. In addition to individuals, the list included companies.
People were blacklisted if the tax office received so-called risk signals. An investigation by accounting and consulting firm PwC uncovered guidelines that risk signals included personal characteristics, nationality and age. An "offender profile" was drawn up: a person with, among other things, low income, average salary, usually young and often of foreign origin. Individuals with these characteristics were closely monitored. At the same time, it is impossible to say about half of the people why they were included in the list of potential scammers.
Investigation reports show that officials systematically selected certain individuals for particularly thorough fraud screening. The consequences could be serious: such people did not receive amicable debt restructuring or university fundingfaced other financial problems. It is also possible that the tax authorities were more rigorous in checking their tax returns.
Recent investigations also show that the working methods of the tax authorities have been largely undocumented. Due to the lack of important documents, the experts were unable to correctly recreate and evaluate the actions of representatives of the tax authorities.
The result?
The practice of using the Fraud Alert Service (FSV) was discontinued in 2020 after investigations found it violated citizens' privacy. The tax authorities have previously stated that 5 to 000 people financially suffered from being blacklisted.
About 60 taxpayers received letters of apology from the tax authorities for being targeted by the Fraud Alert Service (FSV). The total number of people eligible for compensation is still under investigation.
A fine of 3,7 million euros must be paid by the tax authorities and returned to the treasury. It is collected through the Central Agency for the Collection of Judgments (CJIB), a government agency subordinate to the Ministry of Justice and Security.
According to Caspar It, a spokesman for the Data Protection Authority, although the fine goes to the treasury, the very fact of imposing it is a significant step. This sanction specifies what is allowed and what is not. The amount of the fine also indicates the severity of the violation. The fine also forces the tax authorities to correct their behavior and stop the practice of illegal use of confidential data of taxpayers.
Publication Date: 12.04.2022
