For Caribbean and international professionals working on government digitalisation

Logo Rijksoverheid, to the homepage
Two guards standing in front of a safe to protect the online data kept inside.

2.3 Privacy, Responsible Data Use and Transparency Regarding Data Processing and Exchange

Social challenges

Privacy and data protection play a key role in citizens’ trust in a digital government and society. Lawful, proper and transparent data processing ensures trust. EU legislation lays a solid foundation for protecting privacy, but the implementation of existing and upcoming new legislation is complex. Public confidence in the government is declining. The government must be transparent about what data it uses for what purpose and that it adheres to data minimisation principles.

Results achieved by 2023

  • The Responsible Data Use Advisory Function (part of the inter-administrative data strategy) has been set up and has provided advice on six case studies regarding what is technically possible, permitted by law and ethically desirable when it comes to data use.
  • A new user-friendly version of the State Model DPIA (Data Protection Impact Assessment) is delivered.
  • Regulations on micro-targeting enhanced through the Digital Services Act (DSA).
  • Data Protection Authority’s oversight of cookies and online tracking increased.
  • A developed guidebook gives municipalities more clarity on what is and is not allowed when conducting online research for public, law and order and safety purposes.
  • Launch of the National Innovation Centre’s Privacy Enhancing Technologies (Nicpet) during the IBDS System Day. Privacy-enhancing technologies (PETs) are technologies that enable the secure and ethical exchange of data. Nicpet is aimed at exchanging knowledge and experience in this field in the public sector.

Goals & indicators

Goals and indicators
Goals Indicators
1.

  • Authorities and government agencies (If applicable, statutory exceptions apply) apply privacy by design. Citizens can count on authorities and government agencies4 to adhere to the GDPR and Wpg. Government data exchanges are mapped where possible and relevant (open data sharing). Authorities and government agencies do not use facial recognition without a legal framework and checks
  • Minimise the number of incidents and sanctions by the Data Protection Authority.
2.

  • Authorities and government agencies have adequate levels of knowledge and capacity in the area of privacy and data protection.
  • Public sector organisations receive assistance in responsible data use and privacy.
  • Degree of maturity in the privacy work field. The CIP’s Privacy Baseline is often used as a basis for this.
  • Establish privacy governance (including setting up the CPO system – see 4.3 “Strengthen the government’s ICT organisation and systems”)
3.

  • The government is transparent about responsible data use (open processing registers).
  • Strengthen supervision and increase consistency among digital regulators where necessary.
  • Keep the GDPR processing register up to date.
  • Degree of accessibility of the GDPR processing register for citizens.
  • A DPIA must have been conducted, including FG recommendation, for any high-risk project. A KIA is required if it impacts children.

What are our forthcoming actions?

To find out the goals we are setting for the upcoming year to ensure privacy, responsible data use and transparency regarding data processing and exchange, see priority 2.3 actions.

 

Got a query, thought, comment, or suggestion?

If you're working on digitalising the government and got something on your mind, please share your thoughts with us.