Tax authorities broke blacklist law: ‘Severe privacy violation’

The Tax Authorities broke the law for at least 7 years with the fraud lists that contained 270,000 people, including minors. The Personal Data Authority finds that the core principles of the GDPR Privacy Act have been seriously violated.

โ€œObviously, the Tax Authorities have to deal with fraud. But our investigation shows that the Tax Authorities registered and used fraud signals in a way that is absolutely not allowed. Innocent people have been duped by this,โ€ said Aleid Wolfsen, AP chairman.

The AP is still investigating whether the Tax Authorities are fined. Demissionary Minister of Finance Wopke Hoekstra will first have the opportunity to respond to the investigation.

Third Party Tips

People were blacklisted if the Tax Authorities received so-called risk signals. A risk signal could be if people reported high deductions in their income tax return. But others were also able to give tips to the service, which labeled someone as a potential fraudster.

โ€œAlso tips from neighbors, a vengeful ex or arguing with your neighbor could make sure you got into that system. And if you were in it, you were suspected as a fraud,โ€ says Wolfsen.

Also, simply requesting information by other institutions, such as the UWV in a benefit, could be understood as a signal by the tax authorities to blacklist someone. The Tax Authorities are currently investigating the files to find out why people have been listed. It is expected that half of the people cannot find out.

Financial Implications

What the consequences have been for people is not known for all cases yet. The Ministry of Finance has already announced that some 5,000 to 15,000 blacklisted people have suffered disadvantages from the registration. For example, a personal payment arrangement or amicable debt restructuring was wrongly rejected. It could also be that their return was more rigorously controlled by the Tax Authorities.

This is what Wolfsen says about any compensation:

The Fraud Alert Facility (FSV) was used from 2013 to March 2020, and the precursor of that system had been in existence since 2001, according to research by the AP. The blacklists were discontinued when Trouw and RTL News discovered them.

Later research showed that peoples privacy was violated: too many tax office employees had access to the system and personal data was retained for too long. It also recorded health data of 20,000 people.

PwC is currently researching the effects of registration on the blacklist for people and entrepreneurs.