On July 1, 2025, the Data Processing Personal Approach to Radicalization and Terrorist Activities Act (PARTA Act) comes into effect. Coosje Jeekel, consultant at L2P, explains what the new laws and regulations mean for a municipality's Data Protection Officer (FG).
Many municipalities are already taking measures to identify radicalization and terrorist activities early. To this end, the municipality coordinates case meetings with the various chain partners involved in dealing with radicalized and radicalized persons. In the case meetings, the cooperating agencies share information about signals of radicalization and terrorism, and coordinate various interventions.
With the advent of the Data Processing Personalized Approach to Radicalization and Terrorist Activities Act (PARTA Act), effective July 1, 2025, the organization of case consultations will become a legal duty of mayors. The PARTA Act complements the existing Wgs: where the Wgs provides general frameworks for data sharing in collaborative efforts, PARTA provides a specific basis for the person-centered approach to radicalization and terrorism.
The law provides clear bases for processing personal data in case consultations, which are in line with the principles of the General Data Protection Regulation (GDPR).
An important part of the PARTA Act is the basis for data sharing in case consultations. Municipalities and chain partners - such as police, prosecutors, youth care and probation - are allowed to share personal data with each other, but only if it is necessary and proportionate. Although these requirements derive from the AVG, the PARTA Act makes these standards explicitly enforceable in the context of case consultations.
Article 8 of the law also makes it clear that cooperation between chain partners is not without obligation. If data sharing is necessary for the person-centered approach, the provision of the relevant personal data is mandatory. A participant in the case consultation may refuse to share data only if there are weighty objections.
The PARTA Act has explicit requirements for supervision and expertise with respect to the protection of personal data.
A case conference designates one Data Protection Officer (FG) as the coordinating point of contact.
The coordinating FG does not act as a point of contact for those involved, but has a substantive and organizational role within the case consultation: coordination between FGs, ensuring unity of advice, and monitoring privacy rules within the consultation.
Municipalities are required to establish an independent lawfulness committee. The committee reviews whether data processing is lawful, necessary and non-discriminatory.
All members of the legality committee and all those involved in case consultations are required to have sufficient expertise in privacy.
The law does not prescribe exactly what training is required, but municipalities must demonstrate that consultation and committee participants have sufficient knowledge of data protection. Regular training in privacy, ethics and information security is essential for this purpose.
Implementing the PARTA Act requires much more than a legal analysis. A municipality also needs to address various organizational issues. Concrete actions include:
Map existing consultation structures and agreements.
Update covenants and protocols.
Formalize the mayor's legal duty to organize case consultations
Appoint the coordinating FG.
Appoint the legality committee.
Organize training on the AVG, ethics and information security.
For an FG, the PARTA Act means that additional tasks may be thrown into an already full agenda. The law introduces a number of mandatory organizational and legal measures, such as setting up a compliance advisory committee, formalizing work structures and conducting necessity tests. Here, the FG acts as a critical sparring partner in setting up work processes and documentation.
If a coordinating FG is designated within the case consultation, he or she is responsible for coordinating with the FGs of other participating organizations. At the same time, each FG remains an independent supervisor within its own organization. This requires good working agreements and clear division of tasks, especially as the supervision of data sharing between different organizations becomes more complex.
The PARTA Act also requires mandatory training for case consultation participants as well as members of the legality committee. Here, FGs often play a role in organizing or assessing these training courses in data protection, information security and ethics.
With these legal changes, the role of the FG comes even more prominently into view within the security domain. This also provides an opportunity to draw structural attention to AVG compliance and privacy awareness in the municipal organization and in cooperation with chain partners.
