The Dutch police do not illegally request private and personal data of citizens. The law regulates that the police have a customer indication to request data from the Basic Registration of Persons (BRP). Officers do this to have the most current data, not to gather new information.
So writes Justice and Security Minister Dilan Yeşilgöz-Zegerius in a response to written questions by Sylvana Simons (BIJ1) (1).
In late July, Trouw managed to get its hands on an internal police memo. It stated that the police receive an "endless stream of information" (2). According to the author of the memo, the police kept private data on everyone who ever came into contact with officers, including witnesses, suspects and offenders. Also, police received automatic updates when changes occurred in someone's life, such as a move, marriage, divorce or birth of a child.
In total, the personal data of more than 9 million Dutch citizens would be involved. Even if these data were no longer relevant to a case, the information nevertheless remained available to the police.
A police spokesman said no laws and regulations were violated. He did acknowledge, however, that officers may be able to do their jobs with less data. New legislation is on the way dictating that police may not retain data longer than absolutely necessary for a case. Only specific groups or individuals will then receive a recipient indication, such as members of a motorcycle gang or people with a gun permit.
Rejo Zenger, policy advisor at Bits of Freedom, strongly criticized the police's methods. In an interview with NRC, he described the police as "a proliferator" that violates the privacy of citizens. According to the privacy expert, the police should not collect more data than necessary.
"Internal police reports show that many of these systems do not comply with privacy regulations. There is not proper regulation that only authorized officers can access the data. Integrity investigations by the police themselves show every year that officers have accessed data unauthorized. If you add up all the incidents and investigations, you can conclude that the police themselves are a frequent offender. One that for years and on a large scale violates the rules that should ensure that our data is safe," Zenger told NRC.
A police spokesman revealed in a comment that it is doing its best to implement solutions. He pointed out that the police identified this weakness themselves. "We are constantly looking for possible weaknesses and adapting police systems accordingly," the spokesman told reporters.
Justice and Security Minister Yeşilgöz-Zegerius is unaware of any wrongdoing, according to answers to written questions by Sylvana Simons (BIJ1). "The police have this customer indication to keep their data up to date. It is not about collecting new data, but updating already existing data," the minister stressed.
This is relevant to ensure the safety of those involved or the environment, or to inform victims of the progress of the investigation into certain crimes. "The police have the authority to process personal data necessary for their task (...) The police do so on the basis of the law," the minister wrote.
In her written questions, Simons referred to a study by Bits of Freedom. Based on its own research, the civil rights movement said in 2020, 36 key police systems are not in order. If an officer was transferred, he retained his authorization. Furthermore, police kept data for too long and security was not in order. Serious privacy violations that put citizens at enormous risk, the human rights movement concluded.
The MP wonders whether this does not put the police at unnecessary risk of a data leak by collecting so much personal data while the police systems are not in order. According to Minister Yeşilgöz-Zegerius, whether or not there is a recipient indication loose has nothing to do with the risk of a data leak. Furthermore, the Minister of Justice and Security says that the systems with a recipient indication will be "made compliant."
Finally, the minister indicates that she is not willing to have an investigation into whether there is not another way to prevent the police from collecting data on Dutch citizens "disproportionately and unnecessarily." "Supervision of, in a general sense, compliance with the Police Data Act is vested in the Personal Data Authority or, in the specific case of a criminal investigation, in the courts," the minister replied. In other words, it is not up to the minister to launch an investigation. She said that, moreover, she is in constant dialogue with the police on the subject of data processing.
https://www.tweedekamer.nl/kamerstukken/kamervragen/detail?id=2022D35102&did=2022D35102
https://www.trouw.nl/binnenland/politie-spaart-onnodig-data-van-burgers-op~b6f53b89/
