A new investigation by the Dutch Data Protection Authority in the Tax Authority. Now because of the controversial ‘super database’ RAM

The Dutch Data Protection Authority (AP) is conducting an investigation into the use of RAM’s complex data system by the Tax Authority. An AP spokesperson confirmed this NRC.

The privacy watchdog decided to conduct an investigation after a report by the NRC, which revealed extensive use of RAM by the Revenue Authority. The government also previously announced that it would conduct an external inquiry into RAM.

Using the Risk Analysis Model (RAM), which was developed by the Tax Authorities themselves in the late 1990s, staff can integrate and analyze information from all existing databases within the service. Through RAM it was possible to “associate almost everything with everything,” the service wrote in an internal report in 2017. compromise. This involved hundreds of pieces of data for each citizen, including personal information that the service had ‘deleted’ from the internet.

This program was popular with tax auditors because RAM made it easy to identify returns completed in error by potential tax cheats. There was no internal discussion about the need to monitor taxpayers through data analysis. However, there was growing concern about how this was done with RAM.

This allowed employees to gain uncontrolled access to the sensitive personal information of millions of Dutch people through RAM. Auditors may also perform discriminant analysis, for example because the taxpayer’s first and second nationalities were listed in the RAM. The service was able to link this information with data on home ownership, cars and bank balances. There was considerable skepticism within the ministry about the legitimacy of this. RAM was officially disabled when the new privacy law was introduced in 2018.

Fines worth millions

In recent years, the Dutch Data Protection Authority has already imposed two million fines on the Tax Authority for illegal handling of personal data. The the first fine, of 2.75 million euros, a service received for the processing of dual citizenship among applicants for childcare allowance. The second fineof 3.7 million, AP laid because the Tax Authorities processed personal data for years illegally through the so-called FSV list (Fraud Signaling Center), which contributed significantly to the Benefit Scam.

Also read
Therefore, Tax Authorities became frequent perpetrators of misuse of personal data

New pieces that the Secretary of State Marnix van Rij (CDA, Tax) shared with the House of Representatives last week, to make more clear about the way in which the Tax Authorities used the RAM. Inspectors in the SME department used the application the most, followed by the Large Business department and FIOD. The RAM connected a total of 72 databases together. The Department of Benefits database and FSV list were in the top 25 of the most consulted sources.

In 2018, the SME department considered almost 10,000 inquiries among entrepreneurs about search on RAM, 44 percent of the total. An undated report indicates that a total of 35,000 questions were entered into the RAM in one year. The authors of this piece called RAM “necessary” for management.

The application was used in several projects aimed at detecting fraud, helped to identify taxpayers abroad and was used in “smart intelligence” of entrepreneurs. For example, in one project the service analyzed entrepreneurs in Beverwijk Bazaar. RAM also provided ‘surprise addresses’, where, based on the data collected, there are possible deviant (read: suspicious) behavioral patterns.

According to internal information, thanks to RAM, the Tax Authorities had hundreds of profiles with risk indicators that entrepreneurs in sectors such as the catering industry, the car business and the temporary employment sector can be evaluated.

After RAM was officially shut down in 2018, a copy of the system remained available to employees. The intention was to ‘sanitize’ the article so that, for example, racist searches based on nationality would no longer be possible. But due to a “human error” the copied version still listed the citizen’s first and second citizenships, according to a presentation Van Rij shared with Parliament last week. The service discovered this in January 2021 and decided to cancel the article immediately.

Nationality associated with bank details

An internal investigation later showed that the copied version contained 23 files in which the citizen’s nationality was linked to other data. In seven files, the service linked nationality to bank details, and in nine cases linked nationality to the WOZ value of the house. Most of these shares were created between 2012 and 2016. What exactly the inspectors did with this information is unknown, because the Tax Authority did not track who had access to it.

State Secretary Van Rij was already warned by his officials in February 2022 about the publicity risk of RAM, according to another letter. In pieces published by RTL Nieuws and Honesty were requested under the Freedom of Information Act (WOB), it contained “sensitive email about RAM”. In the letter, the officials warned Van Rij that, among other things, searches by nationality would be possible in the copied version of the RAM after 2018.

Van Rij did not share this information with Parliament at the time. Inside of short as of March 2022, RAM usage was only briefly mentioned. According to the Ministry of Finance, Van Rij did not give further details at the time because he first wanted to see if further research on RAM was necessary.

Moreover, the ministry’s focus during that period was mainly on the recovery of Faida, and the fact that the original version of the RAM and copy was closed was the reason, the ministry said in the response.

To participate





Email the editor