On Sept. 25, 2024, the Intelligence and Security Services Regulatory Commission (CTIVD) announced it would investigate the processing of bulk data sets by the AIVD and MIVD.
The services acquire and process large amounts of personal data as part of the performance of their statutory duties. Where appropriate, the services work with so-called bulk datasets. Bulk datasets are defined by the legislator as 'large data sets in which the majority of the data relate to organizations and persons who are not and will not become the subject of an agency's investigation' (Article 1, Temporary regulation on further processing bulk datasets Wiv 2017).
Bulk datasets are of great significance for the performance of the services' tasks. At the same time, the acquisition and processing of bulk datasets involves a (major) privacy breach.
Given the importance of good processes regarding the processing of bulk data sets within the services and their proper execution, the CTIVD considers it important to investigate the processing of bulk data sets. The central research question is: "Do the AIVD and MIVD act lawfully when processing bulk data sets?".
The investigation concludes with a public surveillance report.
