HR | Talent | DiversityFuture of Business TechnologyCulture & LeadershipSustainability | Green IT

Wouter Hoeffnagel - March 07, 2025

Share this article

Secretary of State: 'Tax authorities made a mistake with the risk analysis system'

For twenty years, the Dutch tax authorities used a risk analysis system that did not comply with privacy legislation. The Risk Analysis Model (RAM) was decommissioned shortly before the introduction of the AVG, but was already found to be in violation of the previous privacy law. In addition, data was kept longer than allowed.

juridicalPrivacy

This is what State Secretary Tjebbe van Oostenbruggen of Taxation, Tax Administration and Customs writes in a letter to the House of Representatives. The system dates back to 1998 and is a database that the tax authorities use to detect fraud. The cabinet investigated whether RAM is in violation of legislation, which indeed appears to be the case.

“Does not comply with applicable legal requirements”

“Based on KPMG's investigation, I conclude that the use of RAM did not meet the (legal) requirements applicable at the time in terms of privacy legislation, security regulations and the Archives Act. I note that the tax authorities should not and should not have used RAM and I regret that. The Data Protection Authority (AP) has indicated that it will further investigate RAM. In addition, the tax authorities are investigating whether the use of RAM data in specific situations may have led to a violation of fundamental rights,” writes the Secretary of State.

“Citizens and companies must be able to be sure that the tax authorities work in accordance with laws and regulations, including the general principles of good administration, and that they can trust the tax authorities. From 2018, improvements have been made that lead to a better balance between supervision and data protection. Raising awareness and introducing safeguards, among other things, have led to better dealing with data protection and security. Today's tax authorities therefore function differently than the tax authorities of the past. Supervision is still being carried out and this remains a data-intensive task, but with the necessary safeguards. Nevertheless, there is still a lot of work to do, as evidenced by the AP's recent advice.”

The full letter is here to find.

Tip: the editors

‍

Everything about legal

About Wouter Hoeffnagel

Wouter Hoeffnagel is Online Content Manager at Dutch IT Media

He is an expert in the field of ICT and has been writing about this for years in the form of news reports and insightful articles.

Author page

Sending

• Projects
  • HR & Talent
  • Culture & Leadership
  • Future & Innovation
  • Sustainability & CSR
• Dutch IT Leaders
  • All events
  • Magazines
  • Marketing and Content Opportunities 2026
  • Events and sponsorship opportunities 2026
  • Our team
  • Colophon
  • Tip: the editors
• Want to receive a NEWSLETTER?

Sending

• Contact

• Dutchit.com
  De Bleek 17
  3447 GV Woerden
  redactie@dutchitchannel.nl
  Mail us
  
  Advertising or event participation?
  Peter Reyneveld
  06 - 118 84 784
  peter@dutchit.com
• Follow us

General Terms and Conditions | Privacy Statement

Tech partner IGNE

‍

‍