Tax authorities reprimanded for privacy risks in systems
NOS NEWS•Thursday, July 10, 8:31 PM
Tax authorities reprimanded for privacy risks in systems
Share this article
The tax authorities must stop using two systems as soon as possible because they thereby violate the privacy law. That's what the Data Protection Authority says. Four other systems need to be adapted.
This involves the “Customer Supervision Model” and a system called “Information Template”. In the Customer Supervision Model, employees can see all the information that is known about someone. There are no restrictions that ensure that employees can only see the information they need for work. It has to be.
With “Information Template”, large amounts of data can be poured into an Excel file. The objection of the Data Protection Authority here is that the data thus ends up outside the protected environment of the system.
The privacy watchdog also has difficulty with four other systems, including one at Customs, but these are less serious problems. However, the tax authorities must also make adjustments to this as soon as possible.
It is not possible to quit the two most problematic systems immediately, but at least 4,000 employees will no longer be able to use them for the time being. Permission will later be withdrawn for 5,000 other employees. The tax authorities must come up with a thorough plan by mid-October to replace the systems as soon as possible.
Selections by nationality
In response to the benefits affair, a report on the Tax Administration's “Risk Analysis Model” was published earlier this year. This broke the privacy law for twenty years. From that database with data about citizens and companies, for example, selections were made based on nationality, without good reasons. That can be discrimination. The tax authorities are still investigating what those selections were made for and whether people were disadvantaged as a result.
The report stated that twelve systems similar to the Risk Analysis Model are still in use. That is why the Authority also looked at it. As far as we know, these systems have not yet occurred, but the privacy watchdog does not consider the risk there to be acceptable either.
.avif)