The performance of government tasks regularly comes up against obstacles as implementing organizations perceive the General Data Protection Regulation (AVG) as an obstacle. This can potentially have major consequences for citizens. The problems were avoidable if politicians had made clear choices earlier about the balance between privacy and the execution of government tasks.
So writes the Court of Audit in a letter to the House of Representatives.
The Court of Audit, which audits Rijksoverheid spending and revenue in the Netherlands, comes up with a number of examples of situations where privacy laws worked to the disadvantage of citizens. For example, elderly people living below the subsistence level were not informed that they are entitled to supplemental benefits, healthcare fraudsters were able to get away with their practices more easily, and important information about corona outbreaks was not shared.
"The sharing of personal data between government organizations is often insufficiently regulated by law, The parliament and cabinet should, when preparing new legislation, pay more attention to what personal data organizations need to do their work properly," the Court of Auditors advises. It is often too late, especially if implementation problems arise by then: "At an early stage of new legislation, parliament and cabinet should therefore consider the benefits of data processing against the impact on citizens' privacy."
Several organizations are, because of the AVG, more cautious about data processing and sharing. The word "fear" even comes up - fear of doing something wrong and thus violating the AVG. This is also evident from an article by Zorg&Sociaalweb last September. Cooperation within the social domain is crucial and data sharing can be a necessary part of that. But here, too, fear of the seemingly rigid AVG gets in the way.
Anke van de Laar, a lawyer and specialist on privacy and administrative law works a lot with data exchange and acts mainly for municipalities. She says in the article, "Many people are quick to shout: this is not allowed by the AVG. Then they refuse to provide information on that ground," she says. "So you see more and more often that information is blacked out because it should be from the AVG. Also in documents that have to be sent in proceedings to the court or appeals committees. This sometimes even involves names of the opposing party, even though they cannot be blacked out under the AVG."
Read the entire article here >
In addition, the Court also cannot rule out that the AVG is sometimes used as an occasional argument to avoid sharing information with other government parties. More knowledge about the AVG within organizations is desirable, is the Court's advice: "It helps when this knowledge is present not only among the Data Protection Officerbut also within teams with executive tasks." For example, it is good to know that it is sometimes necessary to apply safeguards when processing data to protect the privacy of citizens. For example, by anonymizing or pseudonymizing personal data.
