Privacy and data protection play a key role in citizens’ trust in a digital government and society. Lawful, proper and transparent data processing ensures trust. EU legislation lays a solid foundation for protecting privacy, but the implementation of existing and upcoming new legislation is complex. Public confidence in the government is declining. The government must be transparent about what data it uses for what purpose and that it adheres to data minimisation principles.
Goals
- Authorities and government agencies apply privacy by design. Citizens can count on authorities and government agencies (statutory exceptions may apply) to adhere to the GDPR and Police Data Act (in Dutch Wet politiegegevens or Wpg). Government data exchanges are mapped where possible and relevant (open data sharing). Authorities and government agencies do not use facial recognition without a legal framework and checks.
- Authorities and government agencies have adequate levels of knowledge and capacity in the area of privacy and data protection.
- Public sector organisations receive assistance in responsible data use and privacy.
- The government is transparent about responsible data use (open processing registers).
- Strengthen supervision and increase consistency among digital regulators where necessary.
Results achieved by 2023
- The Responsible Data Use Advisory Function (part of the inter-administrative data strategy) has been set up and has provided advice on six case studies regarding what is technically possible, permitted by law and ethically desirable when it comes to data use.
- A new user-friendly version of the State Model DPIA (Data Protection Impact Assessment) is delivered.
- Regulations on micro-targeting enhanced through the Digital Services Act (DSA).
- Data Protection Authority’s oversight of cookies and online tracking increased.
- A developed guidebook gives municipalities more clarity on what is and is not allowed when conducting online research for public, law and order and safety purposes.
- Launch of the National Innovation Centre’s Privacy Enhancing Technologies (Nicpet) during the IBDS System Day. Privacy-enhancing technologies (PETs) are technologies that enable the secure and ethical exchange of data. Nicpet is aimed at exchanging knowledge and experience in this field in the public sector.
What are our forthcoming actions?
To find out the goals we are setting for the upcoming year to ensure privacy, responsible data use and transparency regarding data processing and exchange, click here.
Indicators
- Minimise the number of incidents and sanctions by the Data Protection Authority.
- Degree of maturity in the privacy work field. The CIP’s Privacy Baseline is often used as a basis for this.
- Establish privacy governance (including setting up the CPO system – see priority 4.3 “Strengthen the Government’s ICT Organisation and Systems”).
- Keep the GDPR processing register up to date.
- Degree of accessibility of the GDPR processing register for citizens.
- A DPIA must have been conducted, including FG recommendation, for any high-risk project. A KIA is required if it impacts children.