AP (The Netherlands) - 25.11.2021: Difference between revisions
No edit summary |
m (Ar moved page AP (The Netherlands) - Tax Administration fined for discriminatory and unlawful data processing to AP (The Netherlands) - 25.11.2021) |
||
(8 intermediate revisions by 3 users not shown) | |||
Line 40: | Line 40: | ||
|Type=Other | |Type=Other | ||
|Outcome= | |Outcome=n/a | ||
|Date_Decided=25.11.2021 | |Date_Decided=25.11.2021 | ||
|Date_Published=07.12.2021 | |Date_Published=07.12.2021 | ||
|Year=2021 | |Year=2021 | ||
|Fine= | |Fine=2,750,000 | ||
|Currency=EUR | |Currency=EUR | ||
Line 62: | Line 62: | ||
|National_Law_Link_2=https://wetten.overheid.nl/jci1.3:c:BWBR0011468&hoofdstuk=2¶graaf=1&artikel=8&z=2018-05-01&g=2018-05-01 | |National_Law_Link_2=https://wetten.overheid.nl/jci1.3:c:BWBR0011468&hoofdstuk=2¶graaf=1&artikel=8&z=2018-05-01&g=2018-05-01 | ||
|Party_Name_1 | |Party_Name_1=The Ministry of Finance | ||
|Party_Link_1=https://www.rijksoverheid.nl/ministeries/ministerie-van-financien | |||
|Party_Name_2=Autoriteit persoonsgegevens (DPA) | |||
|Party_Link_2=https://autoriteitpersoonsgegevens.nl/en | |||
| | |||
| | |||
| | |||
|Appeal_To_Body= | |Appeal_To_Body= | ||
Line 79: | Line 73: | ||
|Initial_Contributor=n/a | |Initial_Contributor=n/a | ||
| | |}} | ||
}} | |||
The Dutch DPA (AP) imposed a fine of €2,750,000 on the Dutch Tax Administration for processing personal data without a legal basis, violating [[Article 5 GDPR#1a|Article 5(1)(a)]] in conjunction with [[Article 6 GDPR#1e|Article 6(1)(e) GDPR]], and Article 6 in conjunction with Article 8 Personal Data Protection Act (Wbp). | The Dutch DPA (AP) imposed a fine of €2,750,000 on the Dutch Tax Administration for processing personal data without a legal basis and in breach of the fairness principle, violating [[Article 5 GDPR#1a|Article 5(1)(a)]] in conjunction with [[Article 6 GDPR#1e|Article 6(1)(e) GDPR]], and [https://wetten.overheid.nl/jci1.3:c:BWBR0011468&hoofdstuk=2¶graaf=1&artikel=6&z=2018-05-01&g=2018-05-01 Article 6] in conjunction with [https://wetten.overheid.nl/jci1.3:c:BWBR0011468&hoofdstuk=2¶graaf=1&artikel=8&z=2018-05-01&g=2018-05-01 Article 8 Personal Data Protection Act (Wbp)]. | ||
== English Summary == | == English Summary == | ||
Line 89: | Line 82: | ||
Between 2013 and 2019, the authorities wrongly accused an estimated 26,000 parents of making fraudulent childcare benefit claims, requiring them to pay back the allowances they had received in their entirety. In many cases, this sum amounted to tens of thousands of euros, driving families into severe financial hardship. This is at the centre of the ensuing "childcare benefits scandal": https://en.wikipedia.org/wiki/Dutch_childcare_benefits_scandal. | Between 2013 and 2019, the authorities wrongly accused an estimated 26,000 parents of making fraudulent childcare benefit claims, requiring them to pay back the allowances they had received in their entirety. In many cases, this sum amounted to tens of thousands of euros, driving families into severe financial hardship. This is at the centre of the ensuing "childcare benefits scandal": https://en.wikipedia.org/wiki/Dutch_childcare_benefits_scandal. | ||
The AP launched an investigation, ex officio, into the processing of the nationality of applicants for childcare benefits by the Tax and Customs Administration (hereafter: the Administration), more specifically the “Benefits Department” (Afdeling Toeslagen), since this department is responsible for the granting, payment, and reclamation of benefits, but ''also'' the detection and prevention of benefits-related fraud. The AP did so, because they received a warning in April 2017 about the Benefits Department's possible processing of the dual nationality of applicants for childcare benefits. This investigation resulted in the adoption by the AP of a report of findings on 16 July 2020 (hereinafter: the investigation report). | The AP launched an investigation, ex officio, into the processing of the nationality of applicants for childcare benefits by the Tax and Customs Administration (hereafter: the Administration), more specifically the “Benefits Department” (Afdeling Toeslagen), since this department is not only responsible for the granting, payment, and reclamation of benefits, but ''also'' for the detection and prevention of benefits-related fraud. The AP did so, because they received a warning in April 2017 about the Benefits Department's possible processing of the dual nationality of applicants for childcare benefits. This investigation resulted in the adoption by the AP of a report of findings on 16 July 2020 (hereinafter: the investigation report). | ||
Before discussing the main findings of the report, however, it is important to notice that, on 6 January 2014, a replacement law (Dutch: de Wet basisregistratie personen) was enacted for its citizen registration. One of the resulting changes was that if a person has the Dutch nationality, dual nationalities were no longer recorded. | Before discussing the main findings of the report, however, it is important to notice that, on 6 January 2014, a replacement law (Dutch: de Wet basisregistratie personen) was enacted for its citizen registration. One of the resulting changes was that if a person has the Dutch nationality, dual nationalities were no longer recorded. | ||
Line 95: | Line 88: | ||
The main findings of the investigation report were: | The main findings of the investigation report were: | ||
* The Benefits Department retained the registration of Dutch nationals with dual | * The Benefits Department retained the registration of Dutch nationals with dual nationalities, even after the enactment of the replacement law on 6 January 2014. In May 2018, approximately 1.4 million Dutch citizens with dual nationalities were still registered in a database of the Benefits Department. | ||
* Between March 2016 and October 2018, the Benefits Department used the applicants' nationality (Dutch/not Dutch) as an indicator in an automated "risk-classification model", to assess which applications should be further investigated. | * Between March 2016 and October 2018, the Benefits Department used the applicants' nationality (Dutch/not Dutch) as an indicator in an automated "risk-classification model", to assess which applications should be further investigated. | ||
* Between 2013 and June 2019, the Benefits Department used applicants' nationality to detect and tackle organised fraud. | * Between 2013 and June 2019, the Benefits Department used applicants' nationality to detect and tackle organised fraud. | ||
The letter imposing the fine is addressed at the current Minister of Finance, Wobke Hoekstra, as the Tax | The letter imposing the fine is addressed at the current Minister of Finance, Wobke Hoekstra, as the Tax and Customs Administration are part of the Ministry of Finance's responsibilities, and therefore the Minister of Finance's responsibilities. The DPA sent an advance notice to the Minister of Finance on 13 August 2020 of their intention to impose a fine, and asked for their response. In the reply (dated September 10th 2020) the Minister recognised the violations and did not refute the facts surfaced in the previous investigation report. | ||
=== Holding === | === Holding === | ||
'''Holding''' | |||
The | The AP addressed the findings against both the GDPR and Wbp, since the violations occurred between 2013 and 2020. These violations will be discussed separately. | ||
''Unlawful processing'' | |||
First, the DPA found that there were three instances of unlawful processing, violating [[Article 5 GDPR#1e|Article 5(1)(e)]], in conjunction with [[Article 6 GDPR#1|Article 6(1) GDPR]], and Article 6, in conjunction with Article 8 Wbp for the processing that occurred before 25 May 2018. | |||
The first unlawful processing related to the processing of dual nationalities in the FSV database, the DPA found that the Benefits department processed the dual nationalities of 1,400,000 Dutch nationals. The DPA acknowledged that the Benefits department can, in principle, rely on [[Article 6 GDPR#1e|Article 6(1)(e) GDPR]] since they process personal to fulfill a public task, namely the granting, payment, and reclamation of benefits. Moreover, since the Dutch nationality needs to be confirmed, it is necessary to process this personal data for the fulfillment of that public task. However, the Benefits department also processed the dual nationalities that were retained in the TSV database since 6 January 2014. Since this processing was not necessary for the fulfillment of their public task, the Benefits department therefore unlawfully processed this personal data. | |||
The second unlawful processing related to the processing of the applicants’ nationality (Dutch/non-Dutch) as indicator in their risk-classification model, when assessing which applications should be assessed further. In their investigation, the DPA found that the result “non-Dutch” led to a higher risk-score. This indicator, however, did not meet the requirement of necessity. Because the indicator “possession of Dutch nationality, or EU nationality with registration in a Dutch municipality, or non-EU nationality and a valid residence permit”, rather than “Dutch citizenship/non-Dutch citizenship”, also answered the question of whether an applicant was eligible for childcare benefits, a less far-reaching form of processing was also possible. | |||
The third unlawful processing related to the processing of the applicants’ nationality in the activities of detection and prevention of benefits-related fraud. The Benefits department clarified that nationality could be an indication of the homogeneity of the research population and that experience would have shown that citizens in the same living environment, including on the basis of nationality, could be an indication of organised abuse. However, the DPA found that this processing did not comply with the principles of proportionality and subsidiarity since a less far-reaching form of processing was also possible, namely to only check the nationality if there were more concrete indications that there was organised abuse. | |||
''Breach of principle of fairness'' | |||
Second, the DPA found that the second-, and third processing operation violated the principle of fairness within the meaning of [[Article 5 GDPR#1e|Article 5(1)(e) GDPR]] and Article 6 Wbp. | |||
# €750.000 for the first processing | Concerning the processing of the nationality-criterion in the risk-classification model, the DPA considered that it is decisive whether the Benefits department used the criterion “nationality” although there was no objective justification, which means that this was discriminatory. The use of this criterion in the risk-classification model was not proportionate since it was not ultimately decisive in the overall assessment, and a more objective criterion, like “holds Dutch nationality, or an EU nationality with registration in Dutch municipality, or a non-EU nationality and a valid residence permit" would have also sufficed. | ||
Considering the use of the nationality-criterion related to the processing of the applicants’ nationality in the activities of detection and prevention of benefits-related fraud, the DPA held that this was not proportionate. Certain nationalities were more linked to fraud than others. Applicants with one of those nationalities, therefore, had an increased chance of being checked compared to applicants who did not belong to a nationality with increased activity. This distinction made is not reasonable and not objectively justified. The resulting disadvantage in treatment is not reasonable and proportionate to the objective pursued. | |||
''Assessment of the fine'' | |||
The DPA imposed an administrative fine, under [[Article 58 GDPR#2|Article 58(2)]] in conjunction with [[Article 83 GDPR]], as it believed the violations were severe, took place over multiple years, and were attributable. The height of the fine was determined as follows: based on the DPA's guidelines in determining the fine amount (see para 2.3 [https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/stcrt-2019-14586_0.pdf Boetebeleidsregels Autoriteit Persoonsgegevens 2019]), a €750,000 fine per violation would suffice considering the severity and the "Category III" violations. However, the DPA took many more factors into account, like: | |||
* the severity, scale, duration and deliberateness/negligence on part of the data processor; | |||
* the power imbalance between the government body and its citizens; | |||
* the systemic nature of the violations; | |||
* the large impact on the lives of affected people; and | |||
* insufficient cooperation in the investigation and minimizing consequences. | |||
The DPA believed that a fine of €750,000 was not an appropriate punishment and decided to scale the second- and third processing operation as violations that require “Category IV” fines (see para 8.1 [https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/stcrt-2019-14586_0.pdf Boetebeleidsregels Autoriteit Persoonsgegevens 2019]), with a maximum of €1,000,000 per violation. Hence, it imposed a fine of €750.000 for the first processing operation, €1.000.000 for the second processing operation, and €1.000.000 for the third processing operation, which brings the total fine to €2,750,000. | |||
== Comment == | == Comment == | ||
''Share your comments here!'' | |||
== Further Resources == | == Further Resources == | ||
December 7th 2021, State Secretary of Finance, Alexandra C. van Huffelen wrote a letter to government stating she does not intend to appeal the fine. https://www.tweedekamer.nl/kamerstukken/brieven_regering/detail?id=2021Z22818&did=2021D48434 | December 7th 2021, State Secretary of Finance, Alexandra C. van Huffelen wrote a letter to government stating she does not intend to appeal the fine. https://www.tweedekamer.nl/kamerstukken/brieven_regering/detail?id=2021Z22818&did=2021D48434 | ||
== English Machine Translation of the Decision == | == English Machine Translation of the Decision == |
Latest revision as of 17:08, 12 December 2023
AP (The Netherlands) - Tax Administration fined for discriminatory and unlawful data processing | |
---|---|
Authority: | AP (The Netherlands) |
Jurisdiction: | Netherlands |
Relevant Law: | Article 5(1)(a) GDPR Article 6(1)(e) GDPR Article 58(2)(i) GDPR Article 83(5) GDPR Article 6 Wbp Article 8 Wbp |
Type: | Other |
Outcome: | n/a |
Started: | |
Decided: | 25.11.2021 |
Published: | 07.12.2021 |
Fine: | 2,750,000 EUR |
Parties: | The Ministry of Finance Autoriteit persoonsgegevens (DPA) |
National Case Number/Name: | Tax Administration fined for discriminatory and unlawful data processing |
European Case Law Identifier: | n/a |
Appeal: | Not appealed |
Original Language(s): | Dutch English |
Original Source: | DPA policy for determining administrative fines (in NL) DPA's fine decision letter (in EN) |
Initial Contributor: | n/a |
The Dutch DPA (AP) imposed a fine of €2,750,000 on the Dutch Tax Administration for processing personal data without a legal basis and in breach of the fairness principle, violating Article 5(1)(a) in conjunction with Article 6(1)(e) GDPR, and Article 6 in conjunction with Article 8 Personal Data Protection Act (Wbp).
English Summary
Facts
Between 2013 and 2019, the authorities wrongly accused an estimated 26,000 parents of making fraudulent childcare benefit claims, requiring them to pay back the allowances they had received in their entirety. In many cases, this sum amounted to tens of thousands of euros, driving families into severe financial hardship. This is at the centre of the ensuing "childcare benefits scandal": https://en.wikipedia.org/wiki/Dutch_childcare_benefits_scandal.
The AP launched an investigation, ex officio, into the processing of the nationality of applicants for childcare benefits by the Tax and Customs Administration (hereafter: the Administration), more specifically the “Benefits Department” (Afdeling Toeslagen), since this department is not only responsible for the granting, payment, and reclamation of benefits, but also for the detection and prevention of benefits-related fraud. The AP did so, because they received a warning in April 2017 about the Benefits Department's possible processing of the dual nationality of applicants for childcare benefits. This investigation resulted in the adoption by the AP of a report of findings on 16 July 2020 (hereinafter: the investigation report).
Before discussing the main findings of the report, however, it is important to notice that, on 6 January 2014, a replacement law (Dutch: de Wet basisregistratie personen) was enacted for its citizen registration. One of the resulting changes was that if a person has the Dutch nationality, dual nationalities were no longer recorded.
The main findings of the investigation report were:
- The Benefits Department retained the registration of Dutch nationals with dual nationalities, even after the enactment of the replacement law on 6 January 2014. In May 2018, approximately 1.4 million Dutch citizens with dual nationalities were still registered in a database of the Benefits Department.
- Between March 2016 and October 2018, the Benefits Department used the applicants' nationality (Dutch/not Dutch) as an indicator in an automated "risk-classification model", to assess which applications should be further investigated.
- Between 2013 and June 2019, the Benefits Department used applicants' nationality to detect and tackle organised fraud.
The letter imposing the fine is addressed at the current Minister of Finance, Wobke Hoekstra, as the Tax and Customs Administration are part of the Ministry of Finance's responsibilities, and therefore the Minister of Finance's responsibilities. The DPA sent an advance notice to the Minister of Finance on 13 August 2020 of their intention to impose a fine, and asked for their response. In the reply (dated September 10th 2020) the Minister recognised the violations and did not refute the facts surfaced in the previous investigation report.
Holding
Holding
The AP addressed the findings against both the GDPR and Wbp, since the violations occurred between 2013 and 2020. These violations will be discussed separately.
Unlawful processing
First, the DPA found that there were three instances of unlawful processing, violating Article 5(1)(e), in conjunction with Article 6(1) GDPR, and Article 6, in conjunction with Article 8 Wbp for the processing that occurred before 25 May 2018.
The first unlawful processing related to the processing of dual nationalities in the FSV database, the DPA found that the Benefits department processed the dual nationalities of 1,400,000 Dutch nationals. The DPA acknowledged that the Benefits department can, in principle, rely on Article 6(1)(e) GDPR since they process personal to fulfill a public task, namely the granting, payment, and reclamation of benefits. Moreover, since the Dutch nationality needs to be confirmed, it is necessary to process this personal data for the fulfillment of that public task. However, the Benefits department also processed the dual nationalities that were retained in the TSV database since 6 January 2014. Since this processing was not necessary for the fulfillment of their public task, the Benefits department therefore unlawfully processed this personal data.
The second unlawful processing related to the processing of the applicants’ nationality (Dutch/non-Dutch) as indicator in their risk-classification model, when assessing which applications should be assessed further. In their investigation, the DPA found that the result “non-Dutch” led to a higher risk-score. This indicator, however, did not meet the requirement of necessity. Because the indicator “possession of Dutch nationality, or EU nationality with registration in a Dutch municipality, or non-EU nationality and a valid residence permit”, rather than “Dutch citizenship/non-Dutch citizenship”, also answered the question of whether an applicant was eligible for childcare benefits, a less far-reaching form of processing was also possible.
The third unlawful processing related to the processing of the applicants’ nationality in the activities of detection and prevention of benefits-related fraud. The Benefits department clarified that nationality could be an indication of the homogeneity of the research population and that experience would have shown that citizens in the same living environment, including on the basis of nationality, could be an indication of organised abuse. However, the DPA found that this processing did not comply with the principles of proportionality and subsidiarity since a less far-reaching form of processing was also possible, namely to only check the nationality if there were more concrete indications that there was organised abuse.
Breach of principle of fairness
Second, the DPA found that the second-, and third processing operation violated the principle of fairness within the meaning of Article 5(1)(e) GDPR and Article 6 Wbp.
Concerning the processing of the nationality-criterion in the risk-classification model, the DPA considered that it is decisive whether the Benefits department used the criterion “nationality” although there was no objective justification, which means that this was discriminatory. The use of this criterion in the risk-classification model was not proportionate since it was not ultimately decisive in the overall assessment, and a more objective criterion, like “holds Dutch nationality, or an EU nationality with registration in Dutch municipality, or a non-EU nationality and a valid residence permit" would have also sufficed.
Considering the use of the nationality-criterion related to the processing of the applicants’ nationality in the activities of detection and prevention of benefits-related fraud, the DPA held that this was not proportionate. Certain nationalities were more linked to fraud than others. Applicants with one of those nationalities, therefore, had an increased chance of being checked compared to applicants who did not belong to a nationality with increased activity. This distinction made is not reasonable and not objectively justified. The resulting disadvantage in treatment is not reasonable and proportionate to the objective pursued.
Assessment of the fine
The DPA imposed an administrative fine, under Article 58(2) in conjunction with Article 83 GDPR, as it believed the violations were severe, took place over multiple years, and were attributable. The height of the fine was determined as follows: based on the DPA's guidelines in determining the fine amount (see para 2.3 Boetebeleidsregels Autoriteit Persoonsgegevens 2019), a €750,000 fine per violation would suffice considering the severity and the "Category III" violations. However, the DPA took many more factors into account, like:
- the severity, scale, duration and deliberateness/negligence on part of the data processor;
- the power imbalance between the government body and its citizens;
- the systemic nature of the violations;
- the large impact on the lives of affected people; and
- insufficient cooperation in the investigation and minimizing consequences.
The DPA believed that a fine of €750,000 was not an appropriate punishment and decided to scale the second- and third processing operation as violations that require “Category IV” fines (see para 8.1 Boetebeleidsregels Autoriteit Persoonsgegevens 2019), with a maximum of €1,000,000 per violation. Hence, it imposed a fine of €750.000 for the first processing operation, €1.000.000 for the second processing operation, and €1.000.000 for the third processing operation, which brings the total fine to €2,750,000.
Comment
Share your comments here!
Further Resources
December 7th 2021, State Secretary of Finance, Alexandra C. van Huffelen wrote a letter to government stating she does not intend to appeal the fine. https://www.tweedekamer.nl/kamerstukken/brieven_regering/detail?id=2021Z22818&did=2021D48434
English Machine Translation of the Decision
The decision below is a machine translation of the Dutch original. Please refer to the Dutch original for more details.
November 25, 2021 [CONFIDENTIAL] Subject Decision to impose a fine Dear Hoekstra, The AP has decided to issue the Minister of Finance (hereinafter: the Minister) with administrative fines from intotal to impose €2,750,000 for violation of article 5, first paragraph, preamble and below, in read in conjunction with article 6, first paragraph, opening words, under, of the General Ordinance data protection (hereinafter: AVG), and article 6 read in conjunction with article 8 of the Act data protection (hereinafter: Wbp). This is because the Tax Authorities / Allowances (hereinafter also: Surcharges) without a lawful basis(1) in any case from January 1, 2016 to June 30, 2020, the double nationality of the Dutch continued to be kept in his so-called Allowances Benefits in kind System, (2) in in any case from March 2016 to October 2018 the nationality of applicants for childcare allowance processed for an indicator in its so-called risk classification models (3) in any case from 1 January2016to February2019thenationalityofapplicantsforchildcarebenefitprocessedforthe detectingorganizedfraud.Theseprocessingwasnotnecessaryforthe fulfillment of apublictaskofSurcharges.In addition,Supplieshasto the abovementionedprocessingintheframe oftheriskclassificationmodelsandinthedetectionoftheorganizedfraudacted contrary to the principle of propriety as laid down in article 5, first paragraph, preamble and under a, of the AVG article 6 of the Wbp. 1 Date Unidentified November 25, 2021 [CONFIDENTIAL] In this decision, the administrative fines are explained. To this end, (1) the legal framework, (2) the investigation results, (3) the course of the proceedings, (4) the relevant facts, (5) the Minister's view, (6) the violations, (7) the amount of the fines and (8) the decision the imposition of the fines and remedies clause. 1.Legal framework 1 Article 5, first paragraph, preamble, below, of the GDPR specifies that personal data must be processed in a way that is lawful, appropriate and transparent in regard to the data subject. 2 Pursuant to article 6, first paragraph, of the AVG, the processing of personal data is only lawful submit to the extent that at least one of the conditions stated in that provision is met. The indie provision, under the condition stated, that the processing is necessary for the fulfillment of a task of public interest or of a task in the context of the exercise of public authority data to the controller is assigned. 3 Article 6 of the Wbp stipulates that personal data is in accordance with knowledge in proper way are processed. 4 Article 8, preamble below, of the Wbp stipulates that personal data may only be processed if the data processing is necessary for the proper fulfillment of a public-law task by the relevant administrative body or the administrative body to which the data is provided. 2.Research of the AP 5 TheAPisofficiallystartedaninvestigationintotheprocessingofthenationalityofapplicantsof childcare allowances by Allowances. This following a signal received in April 2017 about the possible processing of the dual nationality of applicants for childcare allowance by Surcharges. This investigation has resulted in the AP having a report of findings on July 16, 2020 established (hereinafter: the investigation report). 2 6 The research report sets out that Allowances is the organizational part of the Tax and Customs Administration, that is charged with allocating, paying and reclaiming the childcare allowance. Also the supervision of compliance with the regulations with regard to childcare allowance is part of the public task of 1One person can have multiple nationalities. It is possible to possess multiple nationalities by, among others, descent or naturalization. In this decision, the term 'double nationality' is used and not 'second nationality'. the infringement may be given priority to a particular nationality, while nationality has no hierarchy. 2Research report of the AP of 16 July 2020, “Tax authorities/Allowances, The processing of the nationality of applicants childcare allowance”. The public version of the research report was published on 17 July 2020 on the AP website: research_belastingdienst_kinderopvangtoeslag.pdf (authority data.nl). 2/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] Surcharges.Used for the implementation of this publictaskSurchargesdatafromthe population administration, including the nationality of persons. 7 In the research report, the AP first of all assessed the lawfulness of various processing of the nationality of applicants for childcare allowance assessed. With regard to three types processing, the AP has established that these are unlawful and/or were and that the Ministerals controller for the processing of Allowances, with this article 5, first paragraph, preamble and below, of the AVGjo.article6, first paragraph, preamble and below, of the AVG, as well asarticle6jo.article8 vandeWbp has violated. 8 The first processing concerns the processing of double nationalities of Dutch applicants. In the research report concluded that this data has been kept in the surcharges used by surcharges in kind System (hereinafter: TVS) and that surcharges these does not need data for the performance of its task are allowed to process.According to the investigation report, this violation has been initiated on January 6, 2014 and the time of adoption of the report was not yet fully completed. 3 9 The second processing looks at the use of the nationality of applicants for an indicator in a system that automatically selects risky applications on which human resources are deployed, the so-called risk classification model. The AP concluded in the investigation report that it use of nationality was not necessary for this, because a less far-reaching form of processing was possible. This violation lasted for the period from March 2016 until October 2018. 10 The third processing refers to the use of the nationality of applicants for childcare allowance in the framework of the investigation of fraud organized. In the investigation report, the AP has concluded that the use of nationality was not necessary for this purpose. This violation has lasted for the period from 2013 to June 2019. 11 The AP then assessed the appropriateness of the aforementioned processing processing are also discriminatory according to the research report and therefore inappropriate, because distinguish them on the basis of nationality, without any objective justification for it exists. As a result, the Minister also has Article 5, first paragraph, preamble and below, of the AVG, as well as Article 6 of the Wbp has been violated. According to the investigation report, these improper processing and place at least from March 2016 to October 2018 and from 2013 to February 2019. 3 According to the research report, on April 20, 2020, not all double nationalities of the Dutch had been removed from the TVS. 3/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] 3.Process flow 12 For a detailed view of the investigation procedure, reference is made to chapter 1 of the research report. 13 By letter dated 13 August 2020, the AP informed the Minister of its intention to to impose an administrative sanction and the Minister to be given the opportunity orally or in writing to put forward a view. In that same letter, the AP also requested the Minister to opinionsubstantiated byindicating if, and if so, when, measures have been taken or will be taken termination of the violations identified in the investigation report. In addition, the AP has the research report handed over to the State Secretary for Finance and Allowances on July 17, 2020 Customs (hereinafter: the State Secretary). 14 By letter dated 10 September 2020, received by the AP on 14 September 2020, the Minister bijmonde submitted a written opinion from the State Secretary, in which the aforementioned violations have been acknowledged and in which further steps are taken on the measures taken/to be taken. 4.Facts 15 NudeMinisterdidrecognizedviolationsintheinvestigationreportandrecognisedinthe investigation report has not contradicted established facts, the AP in this decision is based on the investigation report established facts. 16 For an extended view of the established facts, reference is therefore made to chapter 2 of the research report. 5.View of the Minister 17 With regard to the violations identified in the investigation report, the Minister– summarized so far as relevant – the following stated. 18 First of all, the Minister has endorsed the conclusions from the investigation report of 16 July 2020. The findings in the report are considered very serious by the Minister. In addition, the Ministerdeclaredwillimplementtherecommendationsintheresearch report. 5 4The Secretary of State has noted in his written opinion that – in view of the division of tasks within the Ministry of Finance–submitted the opinion. For the sake of the legibility of this decision, the designation “Minister” is hereinafter referred to used. 5See also the Cabinet's response of July 17, 2020 to the AP report of July 16, 2020 on the processing of the nationality of applicants for childcare allowance and the letter of 17 November 2020 from the State Secretary for Finance to the House of Representatives, withanswerstoquestionsaboutthecabinetresponse,in whichtheconclusionsfromtheresearchreportoftheAPofJuly16,2020 be endorsed. 4/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] The preservation of double nationalities of the Dutch in the TVS (initial processing) 19 About the retention of dual nationalities of applicants with Dutch nationality in the TVS has the Minister further stated to share the finding of the AP that this processing is not is necessary for the Allowances task. The Minister also noted the following in this regard. 20 Until 31 January 2015, the Tax and Customs Administration also received the any double nationality from the Municipal Basic Administration (hereinafter: GBA) and this was the Tax and Customs Administration processes in the 'Management' system used by all parts of the Tax and Customs Administration vanRelations' (hereinafter: BVR). The dual nationalities were subsequently taken over by the TVS. The Basic Registration Persons (hereinafter referred to as: BRP) does not register for new registrations as of January 6, 2014 second(dual) nationality for persons with a Dutch nationality. That also applies to persons who receive the Dutch nationality: the preceding 'other nationality' becomes at the Obtaining Dutch nationality removed. As of January 31, 2015, the Brp will not give any second/other registered nationality (besides the Dutch) moredoor.Before the until January 31, 2015 due to the Brpprovided double nationality to persons with a Dutch nationality, this were registered in BVR, but were cleared on July 23, 2015. In the period between January 31, 2015 and July 23, 2015, the BVR thus still provided information about dual nationalities (in addition to the Dutch nationalityalsotheothernationality)tocustomersintheBelastingdienst.Thedataof personswithdoublenationalitywhobeforeJanuary6,2014alinBVRandwiththattheTVS, remained longer registered in the TVS with a double nationality. The Minister stated that measures have been taken to ensure that access to the dual nationality for Benefits employees would be shut down and that the historical data would be out of the systems to be achieved.InTVSisthecleanupofthishistoricaldatafromsummer2019,andon 30june2020completely completed. The use of the nationality of childcare allowance applicants for an indicator in automatic selection of risky applications (the risk classification model) (second processing) 21 With regard to the use of nationality in risk selection, the Minister, insofar as it is relevant here, has next noted. 22 Whether an applicant is entitled to an allowance under the law and regulations. Allowances have been used since 2013 risk classification modelin which a self-learning algorithm based on dozens of indicators estimates ofer possibleaproblemisintherequest.Theriskclassificationmodelisusedandincreased predict the risk of errors in an allowance application. This is done on the basis of indicators. The indicators give an indication of the facts and circumstances within which an application is made one of the indicators related to Dutch citizenship/non-Dutch citizenship. This indicator was in the model included in response to observations of past surveillance activities 5/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] application from non-Dutch citizens in combination with the presence of other indicators therefore had a greater chance of being selected for a check than in the case of Dutch nationality. 23 The Minister has acknowledged that the use of such indicators is properly and objectively substantiated must beanddeclareditverygreatlyregrettablethatthiswasnotthecaseinviewofthe indicator Dutch nationality/non-Dutch nationality. Allowance applicants with only one or more foreign nationalities were regarded as non-Dutch nationals a higher chance that their allowance application was manually assessed to determine the entitlement to allowance. This should never have happened, according to the Minister. Since October 2018, nationality is not more used in the risk classification model for childcare allowance. With that comes nationality no longer in this risk classification model. The use of the nationality of applicants for childcare allowance in the context of the investigation of organized fraud (third-party processing) 24 The Minister has stated that he deeply regrets that nationality has been used in the investigation into organized fraud with childcare allowance. In investigation into organized abuse of allowances were requested in accordance with the (possibly double) nationality of the applicant concerned. 25 In this connection, the Minister has yet stated that Allowances in June 2019 has formally decided not to 6 so-called nationality-based queries more to do/query. Queries from the past that still walked through, stopped immediately after discovery and reported to the AP. 6.Review 6.1General 7 26 As of May 25, 2018, the GDPR is applicable. Since the events in this study took place between In 2013 and 2020, the AP tested both against the Wb and the AVG. 27 The research report explains in detail which processing of nationality in Benefits taking place and have taken place in recent years. The AP explains the research report and findings contained therein on the basis of this decision–insofar as not applicable in this decision is deviated from. In this decision it will suffice with a brief discussion of the AP detected violations. For a complete overview of all relevant actual behaviors, –insofar as they are not mentioned here–referred to chapter 2 in the research report. 6 7Aqueryisindicatingasearchsearchforadatabase,inthiscaseincludingtheBVRandTVS. Withdrawn on that date pursuant to article 51 of the UAVG and the Personal Data Protection Act (Wbp). 6/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] 6.2 Processing of data and processing responsibility 6.2.1Processing of personal data 28 Below, the AP assesses whether in the three processing described above, whether or not the processing of personal data. 29 Allowancesischargedwithgranting,payingandreclaimingextras.Theapplicants of childcare allowance (and supplementary allowance partners) are natural persons paid by Toeslagendirect can be identified. This is inherent in the task of Allowances for allowances to individuals and from It follows from chapter 2 of the research report that Allowances also possesses nationality oftheapplicant.ThisinformationaboutanaturalpersonidentifiableforBenefits.The nationality of the applicant is therefore a personal data within the meaning of article 4, opening words under 1, of the AVG and article 1, preamble under a, of the Wbp. The applicants are involved in the sense of article4, preambles under 1, of the AVG and article 1, preambles under f, of the Wbp. 30 It follows from paragraphs 2.1 to 2.4 of the survey report that Allowances data on the nationality of applicants, among other things, collects, stores, uses, retrieves and records Processed Benefits data as referred to in article 4, opening lines under 2, of the AVG article1, preamble, of the Wbp. 31 It follows from paragraph 2.3 of the research report that Allowances uses a risk- classification model. The use of the risk classification model by Surcharges is a form of profiling, because this processing meets all three conditions mentioned in article 4, preambles 8 under 4, of the AVG. Firstly, there is an automated form of processing. The risk classificationmodelisjustanalgorithmthatautomaticallyselectsapplicationswhichpersonnel capacity is used. Second, the processing relates to personal data model indicators used include the number of children of the applicant or the applicant or does not possess the Dutch nationality. The information used for the indicators in the risk classification model are personal data as referred to in article 4, opening words under 1, of the AVG. Tendertheprocessingwithriskclassificationmodelsaimtotestindividualcharacteristics evaluate and categorize.The applicant is evaluated on the basis of the applicant's personal aspects based on this, it is estimated how great the risk is that the applicant has submitted an incorrect application, and supervision is adjusted accordingly. 8 Profiling was not defined in the Wbp. Profiling is a way of processing personal data. risk-classificationmodelsidesthetimeofthewbpthereforearequalifiedasaprocessingofpersonaldatainthe sense of article 1, preamble under b, of the Wbp. 7/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] 6.2.2Responsibility for processing 32 Based on what is stated in paragraph 3.1.2. of the investigation report, the AP concludes that the Minister for the three processing described above and the controller is a controller in the sense of article4, preambles under 7, of the AVG and article 1, preambles, of the Wbp, for processing of data on the nationality of applicants for childcare allowance by Allowances. For the justification, the AP refers to paragraph 3.1.2 of the investigation report. 6.3. Violation of lawfulness in the three processing operations 33 Article 5, first paragraph, preamble, under a, of the GDPR specifies that personal data must be processed in a way that is lawful, appropriate and transparent in regard to the data subject under article 6, first paragraph, of the AVG, a processing of personal data is only lawful submit provided that at least one of the conditions mentioned in that article is satisfied (principles). At the time of the Wbp, the processing of personal data should also become unified based on one of the conditions mentioned in article 8 of the Wbp. Article 6, first paragraph, of the AVG and article 8 of the Wbp aim to guarantee the same legal interests and there is no (substantial) material change of the regulations on this point. 34 On the basis of the basis mentioned in article 6, first paragraph, under, of the GDPR, a processing of personal data only lawful if the processing is necessary for the fulfillment of a task of the public interest or of a task in the context of the exercise of public authority data and the controller is assigned (hereinafter: public task). 35 From the considerations 41 and 45 of the considerans it follows that the AVG does not prescribe that for every separate processing specific legislation is required basisfunctionsforseveralprocessing.Thatlegislationmustbeclearlyaccurateand its application must be predictable for those and to whom it applies. 36 The preamble laid down in article 6, first paragraph, preamble below, of the GDPR, contains the necessity requirement thatshouldbecompliancewiththeprinciplesofproportionalitysubsidiarity.It principle of proportionality means that the infringement of the interests of the processing of the personal data persons concerned may not be disproportionate in relation to the processing under the subsidiarity principle, the purpose for which the data may be are reasonably not processed in another, for the processing of personal data person involved, can be achieved in a less negative way. The concrete test is or less The infringing means are available to achieve the same purpose. 8/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] 37 In this context, allowances may only process personal data if they are willing to do so can invoke the basis of the AVG, such as the performance of a public task, and processing for it necessary. 6.3.1Public Task 38 The research report established that Allowances has a public task, which is the implementation of granting, paying out and reclaiming childcare allowance. This public task is defined in the Childcare Act (hereinafter: Wko) and the General Act on income-dependent schemes (hereinafter: 9 awir). In the Awir, read in conjunction with Decision designationsupervisors Awir, is also determined thatAdditionstaxesthesupervisionofthecompliancewiththecertainbyorundertheAwir. 10 The nationality of applicants from the BRP receives benefits Authorization decisions on the basis stating which data is provided and with which target that happens. The Authorization Decrees have been published in the Government Gazette and the website of the State Service for identity information and publicly available. 39 For the detailed justification, the AP refers to paragraphs 3.4.2, 3.5.2 and 3.6.2 of the research report. In the research report, the AP concludes on the basis of the foregoing that Allowances have a public task and that is the basis for the processing of nationality for those involved is sufficiently accountable. The Minister has justified these findings in his view not contested. The AP therefore assumes the following. 6.3.2 Necessity Processing double nationality of the Dutch in the TVS (first processing) 40 The AP has established in the investigation report that Allowances unlawfully double nationalities processed from Dutch applicants for childcare allowance. 41 To qualify for childcare allowance, the applicant for childcare allowance(s) must his/her allowance partner, hereinafter jointly also: applicant) possess or should the Dutch nationality applicant is a foreign national who has lawful residence in the Netherlands personal data nationality is therefore necessary for the public task of Benefits. Without this processing it would not be possible for Allowances to claim childcare allowance determine and be able to properly perform its public task at this point. As in the research report has been explained, the requirements of proportionality and subsidiarity are also met here. 9 10iearticle1.3, first third paragraph, of the Wko. Article 43 of the Awir, read in conjunction with Article 1 of the DecreeinstructiondesignationsupervisorsAwir. 9/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] however only for the nationality which is relevant for determining the entitlement to childcare allowance. 42 The research report established that Allowances does not only include the nationality of persons animals are relevant for determining entitlement to childcare allowance, but also about dual nationalities of Dutchmen who have been collected from the GBA since January 6, 2014 in the 11 TVS have been preserved. It is judged–in summary–that these data are not relevant to determining the entitlement of childcare allowances not necessary for the public task of Surcharges, since the Dutch nationality already claims. This means that it is in conflict actedwiththeprinciplelaid downintheGDPRthatpersonaldatamustbeprocessedina way that is lawful to the persons involved and therefore concluded that from January 6, 2014 to at least April 10, 2020, there is a violation of article 5, first paragraph, opening words, undera, of the GDPR read in conjunction with article 6, first paragraph, of the AVG and 6 of the Wbp, read in conjunction with article 8 of the Wbp. 43 In his view, the Minister has acknowledged the established facts and the conclusion as well as the motivation in did not contest the investigation report. The finding of the AP that the processing of the duplicate nationality of the Dutch is not necessary for the task of Allowances is determined by the Minister In addition, the Minister has stated that the historical data in the TVS on 30 June 2020 is completely the systems have been purged. 44 In view of this, the AP concludes that the Minister in the processing of the double nationality of Dutch people have committed a violation of article 5, first paragraph, opening words and below, read the AVG in connection with article 6, first paragraph, of the GDPR. This also constitutes a violation of article 6 of the Wbpin has been read in connection with article 8 of the Wbp, insofar as it has been committed in the period before May 25, 2018. For the justification, the AP also refers to paragraph 3.4.2 of the investigation report. This violation was started on January 6, 2014 and ended on June 30, 2020. The use of personal data nationality for an indicator in the risk classification model (second processing) 45 The AP has established in the investigation report that Benefits has been using the so-called risk classification model to deploy control capacity on (individual) requests changes of childcare allowance with an increased risk of inaccuracy. classificationmodeltestsallapplicationsselectsdraftdecisionswheresuch 1As set out above, on that date the BRP Act came into effect, whereby persons with Dutch nationality no more double nationality is mentioned in the BrP, but only the Dutch nationality. 1On May 25, 2018, a total of 1.4 million citizens with a double nationality were registered in the TVS. The tax authorities failed to find out how many of these Dutch citizens have applied for childcare allowance.See file document134. 10/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] increasedrisk exists.Theseselecteddraftdecisionsarenotautomaticallytransformed informal decisions, but manually reviewed by a Benefits employee. 46 The risk classification model tests all applications for nine months and uses a self-learning algorithm, based on which it automatically selects requests based on which staff capacity is used. The model estimates on the basis of various indicators how high the risk is that a incorrect application was submitted. Those 100 applications that have the highest risk score in that month will be then presented for a manual check by an employee. One of the indicators of the model concerned at least from March 2016 to October 2018 the indicator “Dutch nationality/non- Dutch nationality”. With a double nationality, including Dutch, it was assumed that Dutch citizenship. 47 The AP has established – in summary – in the investigation report that non-Dutch citizenship (whereby no consideration was given to which nationality it concerned) in combination with other indicators could result in a higher risk score and lead to manual checking by an employee of Surcharges. In certain cases, the nationality of the applicant contributed to the chance of an extra check. 48 The AP has ruled in the investigation report that the processing of the data is “non- Dutch citizenship’ in the risk classification model did not comply with the subsidiarity principles therewith not on the requirement of necessity. The indicator Dutch nationality/non-Dutch nationality did not give any answer to the question of whether an applicant was eligible on the basis of his (dual) nationality childcare allowance; a more accurate indicator that would say more about entitlement to childcare are “possessed Dutch nationality, or EU nationality with registration in the Dutch municipality, or non-EU nationalities a valid residence permit”. That means a less far-reaching form of processing was possible, namely by not basing the indicator solely on nationality. 49 In his view, the Minister has acknowledged the established facts and the conclusion as well as the motivation in did not contest the investigation report. Furthermore, the Minister stated that the indicator Dutch citizenship/non-Dutch citizenship in the risk classification model not appropriate and not objective was substantiated. Allowance applicants who were not in possession of the Dutch nationality were regarded as non-Dutch, so that they had a relatively high chance that their allowance application was selected to be manually assessed. This should never have happened, according to the Minister. Furthermore, the Minister has stated that nationality will no longer be used in the risk classification model for childcare allowance. 50 In view of this, the AP concludes that the Minister also with the processing of nationality for the indicator Dutch nationality/non-Dutch nationality article 5, first paragraph, opening words, undera, of the AVG read in connection with article 6, first paragraph, of the GDPR. This also provides a 11/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] violation of article 6 of the WbPin coherence read with article 8 of the Wbp, insofar as this was started in the period before 25 May 2018. For the justification, the AP also refers to paragraph 3.5.2 oftheinvestigationreport.In any case,thisviolationhasstartedinMarch2016andhas ended inoctober2018. The use of personal data nationality in detecting organized fraud (third-party processing) 51 The AP has established in the investigation report that Allowances from 2013 to June 2019 the personal datanationality(has)usedtodetectorganizedfraudwith childcare allowance. 52 It follows from the investigation report that in the context of anti-fraud, the nationality of applicants for Childcare Allowance by Allowances was processed by executing queries. 53 Firstly, the nationality of applicants was used by Benefits from 9 July 2013 to the activity to visualize groups of applicants by running periodic queries on the nationality of all applicants for the allowance, or an amendment thereof, in the Allowances Portal A picture emerged of the number of applications per nationality. 54 Second, from 2013, queries from, among others, the TVSwereperformed on–amongst others–the personal data nationalities possible double nationality as a concrete fraud signal to that end gave rise to. TheresultsweredisplayedinanExcelfiles–ifthere was fromaresearchworthysignal–from 2014, further processed in the form of a table and recorded in an internal document, a so-called quick scan. In the period from May 25, 2018 to February 14, 2019 14 intotaal213queries executed. Nationality was requested for all queries. 55 The main reason the tax authorities put forward for this processing was that nationality a could be an indication of the homogeneity of the research population and that the experience would have shown that citizens in the same living environment, including on the basis of nationality, could provide an indication are caught organized abuse. 56 Tenderdetheresearchreportidentifiedtwocasesfrom2014inwhichAllowancesto as a result of a fraud signal had requested additional data from all applicants of a certainnationality.It concernsti)aqueryforallcitizenswiththeGhanaiannationalitythatopor 13 For example, fraud signals could see on hour registrations of host parents that are not correct, too many children present at certain childminders, incomplete contracts or few to no evaluations or progress discussions with childminders through the childminder agency.A fraud signal could also be located in the short after logging in to the Allowances portal with different BSNs from one IP address. 14See file document134. 12/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] after 1 January 2013 had applied for a surcharge and ii) a query to all applicants with the Bulgarian 16 nationality who had applied for an allowance between 1 June 2013 and 1 January 2014. This applicants could also be in possession of Dutch nationality. In fact, this means that applicants who had both Dutch and other nationalities, despite their Dutch nationalitybased ontheirothersnationalitythere was a chance thattheir allowance application was assessed for fraud. 57 The research report also notes that Allowances decided to stop on June 7, 2019 withaskingapplicants'nationalityinqueryrequeststoavoid nationalitycanbepartofanalysisandresearchinthe context of the investigation of organized fraud with childcare allowance. In addition, the AP has all queries and quick scans advanced with which the nationality of applicants was requested. In the period from 25 May 2018 up to 14 February 2019, a total of 213 queries were performed. after February 14, 2019 the query process as well as the format is modified and the given 'nationality' is not 17 more is included in the query results. 58 In the summary of the investigation report, the AP has ruled that the above-mentioned processing were necessary for the detection of fraud with childcare allowance because the requirements were not met the requirements of proportionality and subsidiarity. 59 To get groups of applicants into the picture, a less far-reaching form of processing is possible by only to investigate whether there was increased activity within a nationality if there is more concrete reasons for this. In addition, the Tax and Customs Administration stated during the investigation that mapping the nationality of all applicants for childcare allowance in the Allowance portal did not meet the requirements of proportions and subsidiarity. 60 Furthermore, the research report concludes that queries and quick scans performed by Surcharges are used do not offer any support for the position that nationality is a relevant factor in the detection of organized abuse of childcare allowances advanced form of processing possible to determine the degree of homogeneity of a group. Allowances has also not been able to substantiate why the processing of the nationality of childcare allowance applicants inqueries and quick scans in response to a fraud signal was necessary for the detection and fight against fraud with childcare allowance. On the contrary, the During the investigation, the Tax and Customs Administration correctly stated that Allowances are met with questions and use of the nationality of the applicants has failed to pay enough attention to a fraud signal 15From the result of this query it follows that 6,074citizens with a Ghanaian nationality had applied for a childcare allowance. 16Fromtheresultofthisqueryitfollowsthat363citizensappliedwithaBulgariannationalitychildcare allowance. 17See file document134. 18Only one indication that something is wrong with one BSN, for example, is insufficient. 13/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] fortherequirementsofsubsidiaritiesproportionalitiesthatBenefitshas been overshot in the fraud approach. 61 With regard to the two cases identified in 2014 where Allowances had additional data requested from all applicants of a particular nationality is also included in the research report concludedthattheuseofnationalitywasnotnecessaryinthedetectionoforganized fraud and that no relevant data could be derived from nationality with which fraud could be so the processing was not necessary for the fulfillment of a public task of Allowances. During the investigation, the Tax and Customs Administration also stated that with today's knowledge, the query where only is selected on nationality, is disproportionate. 62 In this view, the Minister has acknowledged the established facts and stated that in research into organized abuse of allowances in accordance with the (possibly double) nationality of the person concerned applicant was questioned. This should never have happened, according to the Minister. The conclusion as well as the motivation in the investigation report are not contested. Furthermore, the Minister has reiterated that Surcharges in June 2019 has formally decided not to conduct or opt for queries based on nationality to ask. 63 In view of this, the AP concludes that the Minister also uses the nationality of applicants ofchildcare allowanceindetecting theorganizedarticle5, first paragraph, opening words, undera, of has violated the AVG read in connection with article 6, first paragraph, of the AVG. This also provides violation of article 6 of the WbPin coherence read with article 8 of the Wbp, insofar as this was started in the period before 25 May 2018. For the justification, the AP also refers to paragraph 3.6.2 of the investigative report. This violation was in any case caught in 2013 and ended in February2019.9 6.4. Violation of propriety in the last two processings 64 The investigation report further established that some of the processings discussed above were also inappropriate within the meaning of article 5, first paragraph, preamble and below, of the AVG article 6 of the Wbp. Article 5, first paragraph, opening words, under a, of the AVG and article 6 of the Wbp aim to guarantee the same legal interests and there is no (substantial) material change of the regulations on this point. 65 The controller is obliged to provide personal data in an appropriate manner to process.The principle of propriety in the context of the AVG brings, among other things, that personal data should be processed in a fair and transparent way processing not May be contrary to common law principles and fundamental rights of data subjects, such as 1On 14 February 2019, the last query was carried out in which nationality was requested. 14/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] the prohibition of discrimination, which is inter alia laid down in Article 21 of the Charter of Fundamental Rights of the European Union (hereinafter: Charter). 66 In the assessment of whether discrimination is involved, it is important that it is not required that respect to similar cases.Importantiswhetherthecasesinvolvedinrelevantrespects be sufficiently comparable. Furthermore, the prohibition of discrimination does not stand in the way of any unequal treatmentofrelevantrespectssimilarcases,butonlytothattreatmentthatas unjustified distinction must be considered, because for the distinction made no reasonable and objective justification exists. This occurs if the distinction is not legitimate target, unless there is a reasonable, proportional ratio between the resources used and the target that 21 it is intended to realize. This testing framework applies equally to article 26 of the ICCPR, Article 21 of the Charter, Article 1 of Protocol No. 12 to the ECHR, Article 1 of the International Convention on the Elimination of All Forms of Racial Discrimination and 24 article 1 of the Constitution . 67 The AP has investigated whether Allowances has the nationality of the applicant for childcare allowance used as a distinguishing criterion, or as a consideration in the supervision of childcare allowance, without there being an objective justification. Such processing is in short to be regarded as discriminating for that reason contrary to the principle of propriety in the sense of article 5, first paragraph, preamble, under a, of the GDPR. To determine whether the various processing of nationality described in the investigation report were discriminatory, the processing and tested 25 to the following cumulative criteria : 1. the opposing interests are sufficiently comparable in relevant respects; 2.a distinction has been made between these cases; 3. the distinction has led to a disadvantage in treatment; and 4. the distinction is not reasonably and objectively justified, because it serves no legitimate purpose/or there is no reasonable and proportional relationship between the differentiation and the intended purpose. 68 The research report established that the use of personal data nationality as an indicator intherisk0classificationmodelismarkasadiscriminatingprocessingandcontradictsit is with propriety within the meaning of article 5, first paragraph, preamble and below, of the AVG article 6 of the Wbp. This also applies to all processing related to the nationality of diets 2Par.56 of the ECHR judgment of 13 December 2011 (Ludana against Slovakia), ECLI:CE:ECHR:2011:1213JUD003182702). 2Par.125 of the ECHR judgment of 22 March 2012 (KonstantinMarkin against Russia), ECLI:CE:ECHR:2012:0322JUD003007806) and par.90 of the ECHR judgment of 25 March 2014 (Biao against Denmark), ECLI:CE:ECHR:2016:0524JUD003859010). 2CompareABRvS30March2016,ECLINL:RVS:2016:865,ow.2.4 23 24, similarly, the judgment of the HR of 13 April 2018, ECLI: NL: HR: 2018: 429, ow.2.5.2. Compare the judgment of the HR of 18 October 2004, ECLI:NL:HR: 2004:AP0424, ow.3.4.2 and the judgment of the HR of 4 November 2016, ECLI:NL:HR:2016:2495,ow.2.4.1. 2For a comprehensive legal framework, reference is made to section 3.7.1. of the investigation report. 15/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] organized fraud have taken place for the purpose of detecting. In this processing, the AP concluded that they discriminate on the basis of nationality, without there being any objectivejustificationforexists.Theseinappropriateprocessingandconsideredthe research reportplace at least from March 2016 to October 2018 and from 2013 to february2019. The propriety of using nationality for an indicator in the risk classification model (second processing) 69 According to the research report, the distinction made in the risk classification model is not reasonable and objectively justified. The distinction between the two opposing cases, and the resulting disadvantage in treatment is not in a reasonable and proportionate relationship totheintendedgoal.Theindicatorsintherisk-classificationmodelaretheyareto requestandselectchangeswiththehighestriskofincorrectness.Theindicator Dutch citizenship/non-Dutch citizenship did not provide a complete answer to the question of whether an applicant on the basis of his or her (dual) nationality, he was eligible for childcare allowance alsorelevantifanapplicantif notregisteredinaDutchmunicipalityorlawfullyin resides in the Netherlands. For determining whether there is a lawful residence, there are half of more criteria important.There is therefore no objective justification for the choice to stay within lawful residence to look exclusively at Dutch nationality/non-Dutch nationality. An objective indicator that more says about the entitlement to supplementary allowance: “possess the Dutch nationality, or an EU nationality with registration in a Dutch municipality, or a non-EU nationality and a valid residence permit”. such indicator would reduce the chance that the action of Allowances partly depended on the nationality. This means that a less far-reaching form of processing was possible, namely through not to base the indicator solely on nationality. 70 As before in margin number 49, the Minister has set out the established facts in this view acknowledged the conclusion as well as the motivation in the research report. Furthermore, the Minister declared that the indicator Dutch nationality/non-Dutch nationality in the risk classificationmodelnotproperandnotobjectivewassubstantiatedthatnationality since October 2018 is no longer used in the risk classification model for childcare allowance. 71 In view of this, the AP concludes that the processing of nationality for the indicator Dutch citizenship/non-Dutch citizenship is an improper processing, and that the Minister has violated article 5, first paragraph, preamble, below, of the GDPR. This also constitutes a violation of article 6 of the Wbp, insofar as this violation was committed in the period before 25 May 2018. For the justification, the AP also refers to paragraph 3.7 of the investigation report. This Violation Any case lasted from March 2016 to October 2018. 16/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] The propriety of using nationality in detecting organized fraud (third-party processing) 72 With regard to the use of the nationality of applicants by Allowances for the activity of In order to get groups of applicants in mind, the research report–summarizes–the following concluded. A distinction was made by dividing individual applicants on the basis of nationality, which has resulted in a disadvantage for applicants with a nationality with an increased number of requests. An increased activity within a certain nationality could, in combination with other variables for Allowances are grounds for further research. These applicants had a increased chance of being checked against applicants who did not belong to a nationalitywithincreasedactivity.Thedistinctionmadeisnotreasonableandnotobjective justified. The resulting disadvantage in treatment is not in a reasonable and proportionalrelationtotheintendedtarget.After all, a less drastic form is possible by only investigating whether there was an increased activity within a nationality like there more concrete reasons for for all nationalities an overview of the number of applications. 73 Regarding the processing of nationality inquick scans in response to a fraud signal the research report – summarized – concludes as follows. There was a distinction createdbetweenallapplicantsandapplicantsincludedinqueriesandquick- scansforafraudsignal.Benefitsusedwithincludesnationality.The the intention was to use this to assess the homogeneity of the research population; according to Surcharges indicate organized abuse of allowances. This distinction has resulted in disadvantage in the treatmentforapplicantswhowereincludedinsuchqueryandquickscanandisnotreasonableandnot objectively justified. The resulting disadvantage in the treatment is not in a reasonable andproportionaltotheintendedtargetbecausethenecessityofprocessing the nationality of the applicant has not been apparent from the relevant law and regulations, nor from the results of the processing in practice. In addition, the Minister has the necessity of this unable to demonstrate processing and the director-general has corrected allowances during the investigation acknowledged that Allowances did not pay enough attention to the requirements of subsidiarities proportionality. 74 With regard to the two cases identified in 2014 where Allowances had additional data requested from all applicants of a particular nationality is included in the research report– summarized–concluded the following. A distinction was made by running a query with the request for additional information about all applicants of a specific nationality for a certain period. This distinction has led to a disadvantage in processing because applicants with the GhanaianrespectivelytheBulgariannationalityweretoanadditionalsurveillance act 17/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] 26 subject. There is a suspicious distinction because it is only aimed at applicants with a specific nationality.According to constant ECHR case law, it is wrong to make suspect distinction only allowed if there are very serious reasons for it. Surcharges cannot be made on very serious grounds and appeals. The necessity of processing the nationality of the application is also not apparent here from the relevant laws and regulations, nor from the results oftheprocessinginpractice.In addition,theMinister hasthenecessityofthisprocessing neither were able to demonstrate and the Director-General for Allowances acknowledged during the investigation that Allowances here too have not paid sufficient attention to the requirements of subsidiarities and proportionality. 75 As before in margin number 62, the Minister has set out in this way the established facts acknowledgeddeclared that in the investigation of organized abuse of allowances, the rules (possibly dual) nationality of the applicant concerned was questioned, which should never happen. The conclusion as well as the motivation in the research report are not contested. 76 In view of this, the AP concludes that the Minister also uses the nationality of the applicants of childcare allowance in the detection of fraud organized in article 5, first paragraph, opening words belowa, has violated the GDPR deposited propriety requirement. This also provides violation of article 6 of the Wbp, insofar as this violation was committed during the period before 25 May 2018. For the justification, the AP also refers to paragraph 3.8 of the research report. This violation lasted from 2013 to February 2019. 7. Fines 7.1 Introduction 77 In view of the seriousness of the infringements and the extent to which they can be blamed on the Minister, the AP considers the imposition of fines appropriate use its powers to demand that the Minister impose fines for the various processing where the AVG is violated. 78 Since in this case there are continuous violations that fall under both the Personal Data Protection Act and the AVG have taken place, the AP has checked against the substantive right as it applied at the time when the behavior took place. In this case, both the articles are article 6 and 8 of the Wb as the Articles 5, first paragraph, preamble and 6, first paragraph, of the GDPR. These provisions aim at the same to guarantee legal interests and there is no (substantial) material change of the regulations on this point. 2 Incidentally, this was also the case when these applicants were also in possession of the Dutch nationality. 18/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] The AP motivates the imposition of the fines in the following processing and named for which the fines are imposed (7.2) and then the amount of the to impose fines (7.3). Finally, it is assessed whether the application of the fine policy is not leads to a disproportionate result(7.4). 7.2Finishingprocesses 79 The AP concludes that the Minister's article 6, read in conjunction with article 8 of the Wbp, as well as article 5, first paragraph, opening words, under a, of the AVG, read in conjunction with article 6, first paragraph, of the GDPR, has violated three different processing operations, namely: - the unnecessary retention of the double nationality of the Dutch in the TVS (first processing); - the unnecessary use of the nationality of applicants for an indicator in the risk classification model(second processing); - the unnecessary use of the nationality of applicants in the investigation of organized fraud (third-party processing). 80 In addition, in the second and third processing, the Minister has the principle of propriety, such as laid down in article 6 of the Wb and article 5, first paragraph, preamble and below a, of the AVG. 81 The AP makes use of its powers for the established violations to impose ministerial fines to impose in respect of the first, second and third processing, because the requirement of lawfulness was violated. At the second and third processing, which also involved violation of the principle of propriety, the AP takes that fact into account when assessing the seriousness of the violations and thereby in determining the amount of the fines. 7.3 Determination of the amount of the fines 82 On the basis of article 58, second paragraph, preamble and article 83, fifth paragraph, of the AVG, read in in connection with article 14, third paragraph, in conjunction with article 18 of the UAVG, the AP is authorized by the Minister in case ofviolationofarticles5and6oftheGDPRNoimpossibleadministrativefineuptoan amount of €20,000,000. The AP has established fine policies regarding the fulfillment of the aforementioned 27 authority to impose an administrative fine, including determining the amount thereof (hereafter: the Penalties Policies). bandwidth system. It is laid down in the Penalty Policy Rules that for the violation of article 5, 28 first paragraph, undera, of the AVG and article 6 of the AVG fine category III applies. This applies too 27 28oetepoliciesAuthorityPersonalty2019,Stcrt.2019,14586,March 14,2019. The fine for violation of article 5, first paragraph, subparagraph, of the GDPR, is dependent on the underlying violation provision. In the present case, that is article 6, which is part of category III of the Policy Rules. 19/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] fine bandwidth between a minimum of €300,000 and a maximum of €750,000 and a basic fine of € 525,000.--. Increase fines (article 6, 7 and 8 of the Fine Policy) 83 Article 83, second paragraph, of the GDPR, provides that the supervisory authority, when determining the The amount of the fine takes into account the factors mentioned under at/mk. These factors are also adopted in Articles 6 and 7 of the Fine Policy, which – in short – determines the basic fine on can be increased or decreased within the fine bandwidth due to the aforementioned factors. 84 In view of the factors mentioned in article 83, second paragraph, of the AVG and article 7 of the Fine Policy Rules The AP sees the first reason to increase all three (basic) fines to a maximum amount of 750,000.--. Here the AP specifically takes into account the factors mentioned under a, benf, which hereinafter are discussed.Secondly,theAPconsideredthatwiththesecondthird processing involves inappropriate processing that violates the fundamental right of many citizens violated. This leads to the AP being of the opinion that the category of fine linked to the violation, with a maximum fine of 750,000.--, does not allow an appropriate penalty for these two violations. The AP considers it very serious that a government agency has discriminatory processing carried out. In view of the foregoing and hereafter discussing applicable factors, therefore, they decide with application of article 8.1 of the fine policy rules in determining the amount of the fine for the apply the second third processing the next higher category (IV), and decide within the allowedbandwidthtoincreasethefinemaximumtoan amount€1,000,000.--.TheAPmotivates thisas follows. 85 With regard to the nature of the violations, the AP weighs heavily on processing of discrimination-sensitive data, namely nationality, the processing of which is a higher than usual risk entails that persons are unnecessarily placed in certain groups divided up In addition, applicants for benefits are in a strong position with regard to the government dependent on an unequal position. The costs for child care are so high that parents without generally cannot bear childcare allowance. This means that they are often forced to to have the processing of their personal data in the context of obtaining it by the government of a free choice, or the possibility for parent to refuse this processing, is then no question either. In such a dependent and unequal position it is extra important that the government acts with the utmost care and observes all relevant laws and regulations, including the AVG. The AP considers that this has not happened as very serious. Also the systematic – and therefore not incidental – character of the violation, where prolonged systematically unnecessary processing of personal data, is taken into account in determining the seriousness of the violations. 20/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] 86 With regard to the extent of the violations, the AP takes the following into account. In the TVS On May 25, 2018, 1.4 million citizens had registered dual nationality. In addition, it turns out figures from CBS that Surcharges in the years 2016 to 2018, in which they use the risk classification model used, annual childcare allowance has been granted to between 543,000 and 634,000 households. 30 Furthermore, the investigative report established that the approach to tackle organized fraud from July 2013 monthly and overview with the number of applicants per nationality was supplied. In the period from May 25, 2018 to February 14, 2019, a total of 213 queries were executed. processing and cannot be established from the available information, it is plausible that probably hundreds of thousands and possibly more than a million people to a greater or lesser extent have been affected by the violation. 87 In addition, the processing has been played out over a long time. Thus, the double nationality of Dutch from 2014storedinTVSandwasinfebruary2020stillnotdouble nationality of all Dutch citizens removed from the TVS. The nationality of the applicant is in any case from March 2016 to October 2018 used for an indicator in the risk classification model. For the tacklingorganizedfraudwereexecuted from2013 onqueriesfrom among others the TVSon– inter alia–the personal datanationalitiesanydoublenationalityasaconcrete fraud signal gave rise to this. The results were displayed in an Excel file –if there was a signal worth investigating–from 2014, further processed in the form of a tableandrecordedinaninternaldocument,aso-calledquickscan.Intheperiodfrom25May2018 Up to 14 February 2019, a total of 213 queries were performed. Nationality was requested for all queries. Since the APpass since January 1, 2016, has the authority to in the context of the (increase of the) fine, she takes only the duration from 1 January 2016 in view.Also, in that case, there are long-term violations. 88 In addition, the violations have had a major impact on the lives of those involved unnecessary processing of their nationality, applicants ran a higher risk of wrongly acting as a fraudster be noted. As in the aftermath of the Allowances affair it has become clear that this that some households had to repay tens of thousands of euros in allowances already received. Many applicants have ended up in serious financial problems for years because of this, which is a has (had) a major impact on their personal life. 29See file document 110b, p.13. According to the Tax and Customs Administration, it is not possible to find out how many of this number were Dutch. 30See “Extension Childcare Allowance, 2013-2019” on the CBS website: https://www.cbs.nl/nl- nl/maatwerk/2021/16/extension-kinderopvangtoeslag-2013-2019. 31Becausetheresultsofqueriesareremovedwhichisnotdeterminedwhenthecommandisfinished,seealsosection 2.4.1.and 3.9.3.oftheresearch report.It has been noted that on June 7, 2019, Allowances decided to stop questioning the nationalityofapplicantsinqueryrequeststoavoidthatnationalitycanbepartofanalysisand investigation in the context of the detection of organized fraud with childcare allowance, see paragraph 2.4.5 and 3.9.3 of the research report. 21/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] 89 With regard to the intentional or negligent nature of the infringements, the AP recommends that Surcharges if governing body has a special responsibility to deal carefully with the personal data that it processes. Citizens should be able to trust that their data is with Surcharges are in good hands and are only processed if necessary. This is in particular important in the processing of a personal data as nationality, where careless processing can lead to discriminatory consequences should limit the minimum and with such safeguards and need to dress so that the risk of discriminatory processing and was excluded as much as possible nationality of the persons involved and must limit to what was necessary for the execution of the bijor undertheWkundeAwiranthetasksassignedtoit.Nevertheless,for a long time they have periods and large-scale unlawful, inappropriate and discriminatory processing occurred. 90 In addition, the AP has already recommended in 2012 that the unnecessary processing of double nationalitiesofcitizenstasktoremovethisdatafromtheBRP. Since the 32 entry into force of the BRP on January 6, 2014, the dual nationality of citizens with the Dutch nationality is no longer included in the personal registration. Because it's going to be TVS filled with data from the BRP also had benefits at the time of the dual nationality of citizens with the Dutch nationality should be removed from the TVS with 2020thedoublenationalityofcitizenswiththeDutchnationalityprocessedintheTVS.This while the AP in July 2017 still inquired about the use of double nationality by Surcharges. 91 In conclusion, the Minister did not cooperate sufficiently with the AP to remedy the breach limiting possible negative consequences by making incorrect statements during the investigation that have hindered the investigation of the AP. For example, the director-general of the Belastingdienstdeclaredon18july2017thattheBelastingdienst/Allowanceshasnodataonthe dual nationality of Dutch applicants for childcare allowance. He also has time stated that nationality was not used as a selection criterion for precisely these applicants of childcare allowance to carry out (extra) supervision. Pasinapril2019hasthegeneral director Surcharges declare that the above statements are not accurate or complete. With that incorrect statements has been wrong with the AP, which means the further course of the 32See “Advisory proposal to amend the Basic Registration Persons Act”, of the College Protection personal data, 9 August 2012. Can be found on the website of the Data Authority: 33tps://autoriteitpersoonsgegevens.nl/nl/nieuws/cbp-advises-over-beperken-registratie-double-nationaliteit. See article 2.7, first paragraph, subparagraph, sub 5, of the BRP Act: “In the basic registration, only the following data included: a. general data: (…)5: data on nationality, provided that no data according to foreign nationality are included in addition to data about Dutch citizenship or the fact that the person concerned is Dutch person is being treated”. 34See file document8. 35See file document 23a and 26a. 22/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] investigation difficult and delayed. In addition, the AP should have information on 13 September 2019 progress because the information request of July 8, 2019 had still not been answered, despite the AP 36 the initial response period of 31 July 2019 had already been extended three times at the request of the tax authorities. The APReceives this to the Tax and Customs Administration as a government body. 7.4Proportionality 92 Finally, the AP assesses pursuant to Articles 3:4 and 5:46 of the General Administrative Law Act (hereinafter: Awb) or the application of its policy for determining the amount of the fine in view of the circumstances of the specific case, does not lead to a disproportionate outcome. 93 The AP is of the opinion that (the amount of) the fine is proportional. In this opinion, the AP has taken the seriousness of the violation, the extent to which it can be blamed on the Minister, and other circumstances taken into account. For example, there was talk of discriminatory processing of a sensitive data such as nationalityofcitizensbyagovernmentorganisation.In addition,there were a large number of involved, the violation lasted a long time, there was a major impact on involved and there was a case of intentional or negligent action by the Minister, in which case failed to work with the AP to remedy the breach and adversely affect it limit. The AP qualifies this breach of the AVG as very serious. 94 As set out above, the AP concluded that the Minister has the requirement of lawfulness violatewiththreedifferentprocessings(i.not-necessary to keep the double nationality of the Dutch in the TVS, ii. the unnecessary use of the nationality of applicantsforanindicatorintheriskclassificationmodelandiii.theunnecessaryuseofthe nationality of applicants in the investigation of organized fraud.) In addition, the AP concluded that the minister in the second and third processing has the principle of propriety offence.TheAPeighttheimpositionofseparatefinesbeforethelastmentionedviolationsofthe principle of quite disproportionate because the facts from which these violations arise already be punished for the violations of the requirement of lawfulness. Instead, the AP has violations of the principle of propriety taken into account in determining the height of the fines for violation of lawfulness in the second and third processing. 95 In view of the foregoing, the AP sees no reason to set the amount of the fine on the basis of the proportionality endendFinancepolicy rulesmentionedcircumstances,ifapplicableinthesubject case, further increase or decrease. 3See file document48a. 23/25 Date Unidentified November 25, 2021 [CONFIDENTIAL] 7.5Conclusion 96 In view of the foregoing, the AP fixes the following fine: - for the violation of lawfulness at the first processing: €750,000 - for the violation of lawfulness in the second processing: €1,000,000 - for the violation of lawfulness at the third processing: € 1,000,000 8.Dictum Fines I TheAP explains to the Minister of Finance an administrative fine in the amount of €750,000 (in words: seven hundred and fifty thousand euros), for violation of article 5, first paragraph, preamble suba, of the GDPR read in connection with article 6, first paragraph, of the GDPR violation ofarticle6oftheWbpincoherencereadwitharticle8ofthewbpwhensavingthe dual nationalities of the Dutch in the TVS; II The AP imposes an administrative fine on the Minister of Finance in the amount of €1,000,000 - (in words: one million euros), for violation of article 5, first paragraph, opening words, undera, of the GDPR read in connection with article 6, first paragraph, of the GDPR Violation of article 6 of the Wbpin read in conjunction with article 8 of the Wbp when using the nationality of applicants for an indicator in the risk classification model; III The AP imposes on the Minister of Finance an administrative fine in the amount of € 1,000,000 - (in words: one million euros), for violation of article 5, first paragraph, opening words, undera, of the GDPR read in connection with article 6, first paragraph, of the GDPR has violated and violated ofarticle6of the Wbpin read in conjunction with article 8 of the Wbpwhen using the nationality of applicants in the detection of organized fraud. 37 3The AP will hand over the aforementioned claim to the Central Judicial Collection Agency (CJIB). 24/25Date Unidentified November 25, 2021 [CONFIDENTIAL] Yours faithfully, AuthorityPersonal Data, w.g. drs.C.E.Mur board member Remedies Clause If you do not agree with this decision, you can within six weeks of the date of shipment of the decide to submit an objection digitally or on paper to the Data Protection Authority. In accordance with article 38 of the UAVG suspends the submission of an objection to the effect of the decision imposition of the administrative fine. For submitting a digital objection, see www.autoriteitpersoonsgegevens.nl,onderhetkopjeBezwaarmakentegeneenbesluit,bottom page under the heading Contact with the Data Authority. The address for submission on paper is:Authority Personal Data, PO Box93374,2509AJDenHaag. Mention 'Awb-objection' on the envelope and put 'objection' in the title of your letter. Write in your letter of objection at least: - your name and address; - the date of your notice of objection; - the reference (case number) mentioned in this letter; or attach a copy of this decision; - the reason(s) why you do not agree with this decision; -your signature. 25/25