12 November, 2014
Dutch municipalities are facing concerns about the way privacy is safeguarded within their organizations. The Dutch Parliament has announced that municipalities that are found lacking in security in relation to the use of the DigiD (a service that is used to gain online access to hundreds of Dutch government websites) will face temporary depravation of the service. Member of the Dutch Democrats D66, Kees Verhoeven, announced the proposed measure this week after the emergence of a report last October on the lack in security of the municipalities. The report mentioned that, for fourteen months, usage of the DigiD had been subject to possible abuse within twelve municipalities. Additionally, the Dutch Data Protection Authority expressed concerns about the privacy aspects of the proposed decentralization as incorporated in upcoming revisions to the laws concerning social support and youth care.
The possibility to deprive the municipalities of the use of the DigiD already exists in Dutch legislation. However, this power has thus far only been used reticently. However, insecure DigiD connections could lead to abuse of the personal data of citizens, which could result in wrongfully awarded benefits or unauthorized alterations of personal data. D66 filed a proposal that should see a stricter and more regular inspection of the municipalities’ security. A majority in the Dutch Parliament currently supports the proposal. When the proposal is executed it should see an increase in the speed at which municipalities will be deprived of the use of the DigiD. Depravation of the DigiD will have major consequences for the municipalities and their inhabitants. Citizens will have to visit the city hall to take care of their government-related business. However, according to the government, this situation is more desirable than citizens facing the danger of abuse of their personal data due to insecure connections. Verhoeven hopes the dire consequences of failing to reach a certain level of security will stimulate the municipalities to increase their efforts.
The abovementioned issue is not the only thing the municipalities are currently dealing with. Also this week, the Dutch Data Protection Authority (DDPA) published a letter in which the authority expressed scepticism about the current state of affairs in relation to the upcoming decentralisations in the Dutch health care sector. In the letter, the DDPA voiced concerns about the legitimacy of the processing of personal data by municipalities with regards to the processing purposes.. The municipalities will not always be able to find a legitimate ground for their processing activities, resulting a violation of the Dutch Data Protection Act. The DDPA advised the Dutch government to adopt an adequate legal base as soon as possible. Such a legal base should improve the legal certainty and transparency for municipalities and citizens when it concerns the purpose, the necessity and the legitimacy of the processing of personal data by municipalities.
Don’t hesitate to contact our privacy experts if you would like to know more about privacy or if you need help with implementing privacy within your own organisation!
Last week, the EU Justice Council discussed the latest draft of the General European Data...