NETHERLANDS: Dutch state sued for risk profiling of citizens

(Nederlands Juristen Comité voor de Mensenrechten) On March 27, 2018, a coalition of NGO’s (NCJM,  Privacy First, KDVP, Platform Bescherming Burgerrechten and the Landelijke Cliëntenraad) and two Dutch writers (Tommy Wieringa and Maxim Februari) have started a court case against SyRI. This is a PILP-NJCM case, the case lawyers are Anton Ekker and Douwe Linders from firm Deikwijs. Read the summons (in Dutch) here.

Honours students of the University of Utrecht presented their research to the PILP in May 2016. The students examined whether the Dutch rules on the anti-fraud data-processing system comply with data protection principles protected by EU law, and compared the Dutch system with practice in the United Kingdom, Germany and the US.

System Risk Indication (SyRI)

Citizens provide governments with a lot of information about themselves. For example, when they apply for a permit or for an unemployment benefit, when they report their tax returns, or when they get married. The ‘System Risk Indication’ (SyRI), an implementation tool of the Dutch Work and Income Act, enables the government to use the information they receive for purposes other than that for which it was provided.

The SyRI, an instrument based on Article 64 and Article 65 of the Dutch Work and Income Act, allows government departments to exchange information about citizens to detect fraud. It also authorizes the government to use big data analytics to look for patterns of possible fraudulent behaviour.

Risk profiles

On the basis of data available within the SyRI, risk profiles are constructed. If a person fits a certain profile, he or she will be investigated further. Thus, under the guise of fraud prevention, anyone can be investigated without reasonable suspicion. Citizens can unknowingly become suspects in an investigation as a consequence of this profiling. According to an article in the Volkskrant, information on citizens is gathered in the same way as would normally be carried out in a criminal investigation.

The Dutch Council of State and the Dutch Data Protection Authority have both strongly criticized the government’s use of the SyRI. The Council of State expressed concern in an advisory opinion, in which it spoke of a ‘far-reaching restriction of the right to respect one’s private life.’ The Council of State concluded that there is hardly any personal information that may not be processed within the SyRI. The list of data that may be analysed seems to have been written to give government agencies more room to manoeuvre. This is against the statutory duty of the government to only collect data that is strictly necessary in order to achieve a specific purpose. The Data Protection Authority is of the opinion that it is imperative to carefully select data before it is transferred to the Minister for processing within the SyRI.

An alarm sounds outside of the usual circles as well. Dutch writer Tommy Wieringa warns the public in his Rudy Kousbroek address: the “SyRI makes use of anti-grassroots software. The control it exercises is ever-present. The government and the terrorist have the same view of humanity: nobody is innocent.”

What does the PILP do?

Gathering and exchanging personal data that has not specifically been provided for, and the use of big data analytics, hold the potential to breach the right to respect for private life and other related human rights. Together with the Platform for the Protection of Civil Rights, the PILP is investigating the legal options to challenge the use of the SyRI. The proceedings were initially supported by lawyers at Boekx, and now Deikwijs.

Source: Nederlands Juristen Comité voor de Mensenrechten

Featured image: ‘Shepard Fairey in London: Big Brother Is Watching YOU’ by Tim Rich and Lesley Katon