The publication below contains the full Data Protection Impact Assessments (DPIAs) associated with three new Dutch legislative proposals around data processing in collaborative, public order and radicalization approaches.
Core content and laws
These are a document set surrounding the Data Processing by Collaborative Groups Act (WGS), the Public Order Data Collection Act and legislation on radicalization and counterterrorism.
The DPIAs contain analyses on the processing of personal data by various parties in the above laws, including municipalities, police, Openbaar Ministerie, Child Protection Council and Probation Service.
Structure DPIAs
Every DPIA is built around fixed components:
Proposal Description
Categories of personal data and source
Data processing (including collection, analysis, sharing, destruction)
Processing purposes and parties involved
Legal and policy framework, retention periods
Necessity & proportionality, purpose limitation
Data subjects' rights and legal exceptions
Risk analysis (including profiling, big data, stigmatization, privacy breach)
Mitigating measures such as technical and organizational safeguards, independent oversight, audits and privacy by design.
Key findings/conclusions
For each bill, privacy and data protection safeguards are analyzed from AVG/GDPR and national laws.
Checks and balances are described: for example, authorization by a magistrate judge for police powers, destruction of irrelevant personal data, periodic audits and designation of responsible parties.
The DPIAs emphasize that the processing of special and criminal personal data should only take place under strict legal conditions, and always requires a balancing of interests between national security/public order and the privacy of citizens.
It warns of risks such as: more data sharing than strictly necessary, profiling, unjustified labeling, escalating access to sensitive personal data and the need for transparent procedures and strict confidentiality.
Practical impact
Municipalities, police and other chain partners will have a clear legal framework for joint data processing in complex social issues such as radicalization, crime and public order disturbances.
The DPIAs provide concrete guidelines for privacy by design, periodic evaluation, and structural testing of risks, as well as obligations regarding transparency towards data subjects and coordination with Autoriteit Persoonsgegevens.
