The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP), often called the "Privacy Guardian" in the media, is concerned about the risks of using personal data from government databases. In particular, the Office proposes to amend the legislation to prohibit the transfer of personal data from government sources without notifying and obtaining the consent of those involved.
Open data
On the one hand, AP sees the importance of so-called "open government data" for research or commercial use. A draft law of the appropriate content is currently being considered, its adoption should ensure the availability of as much data as possible from state sources. This data must be searchable by the software and may be combined with other data.
“When it comes to the number of trees planted in a certain area, or the quality of the air in that area, then of course there is no objection.”, - is talking Vice President of Management Monique Verdier.
However, on the other hand, government databases also include personal data. The concern is that government agencies should have the discretion to assess what personal information can be shared. «When it comes to people, their addresses, phone numbers, their possessions - This is completely different. Everyone is responsible for their own personal data. The decision as to whether this data should be shared should not be left to the discretion of government authorities. Ultimately, we must decide for ourselves what to do with our data. Only the legislator, and not the state body, has the right to somehow influence this process.”
Trade in personal information
The AP has previously criticized the disclosure of personal data in public registries such as the Commercial Register and the Land Registry. As a result, the government will allow self-employed people working from home to hide their address in the Commercial Registry, but that address is still open by default. It is not yet possible to hide your address in the Land Registry, that is, personal data in these public registers are not properly protected.
If the government, after passing the bill, makes it even easier to extract personal data from public sources, this could have extremely negative consequences. By running the appropriate algorithm and combining personal data from different sources, companies will be able, for example, to create profiles of people in order to sell these profiles in the future. It can also make it even easier to find out where someone lives in order to threaten or otherwise invade privacy.
The AP advises the government to include in the bill a provision stating that the transfer of personal data from public registries is prohibited in principle. Such transfer by state bodies should not be a common practice, but only an exception. The law should clearly define under what circumstances it is allowed, otherwise the risk of abuse is too great.
Publication Date: 30.08.2022
