Senate approves Data Processing by Partnerships Act
Today the Dutch Senate approved the Data Processing by Partnerships Act (Wet gegevensverwerking door samenwerkingsverbanden, Wgs). This law clarifies the strict conditions under which information can be processed within 4 existing healthcare and security partnerships in the fight against organised crime and the tackling of money laundering and criminal assets.
The law relates to 4 existing partnerships:
- The Care and Safety Houses (ZVHs) when it comes to complex problems that transcend the criminal, care and municipal domains, such as domestic violence, (youth) crime and misunderstood, seriously confused behaviour.
- The Regional Information and Expertise Centres (RIECs), which are fighting organised and undermining crime.
- The Financial Expertise Centre (FEC), whose goal is to enhance the integrity of the financial sector and, by doing so, reduce illicit financial flows in and through the Netherlands.
- The Criminal and Unaccountable Assets Infobox (iCOV), which drafts reports that can be used to trace the location of hidden and potentially criminal or tax-evaded assets.
As Minister Yeşilgöz-Zegerius explains, "The current rules are often unclear, complex and not geared to cooperation, nor conducive to a careful exchange of information. Moreover, ambiguity can create an impasse precisely at times when joint action is needed. The new rules therefore set clearer frameworks regarding what the various agencies in the fields of healthcare, the justice chain and public administration are allowed to do with personal data, in other words what information can be shared, for what purpose and how this is safeguarded. In this way personal data will be protected more effectively. At the same time it allows us to prevent agencies from having an unnecessarily incomplete, fragmented or compartmentalised picture when it comes to tackling organised crime and providing help in situations involving domestic violence or complex problems
Safeguards
The aim is for the Wgs to enter into force by 1 January 2025 and earlier if possible, although this will partly depend on when the Data Processing Partnerships Decree can be published in the Bulletin of Acts and Decrees. The State Council's Advisory Division has been asked to advise on this order in council, which further clarifies the bases for data sharing and incorporates more safeguards for personal data protection. The process involves taking account of questions from parliament and opinions from the Netherlands Institute for Human Rights, the Data Protection Authority and information from the Advisory Division of the Council of State, which were issued at the request of the Senate.
The entry into force of the Wgs will therefore ensure that safeguards are put in place regarding the criteria that a signal, request or case must meet in order to constitute grounds for data processing within the partnerships. Other safeguards include the appointment of a legitimacy advisory committee to evaluate legality and combat risks of discrimination, the requirement for independent privacy audits; quality assessments of data and the establishment of a point of contact provided by the partnerships themselves so that members of the public can exercise their rights on the grounds of the General Data Protection Regulation (GDPR). Implementation is also going to be subject to a duty to provide appropriate training and education on data processing. During the discussion of the Wgs in the Senate Minister Yeşilgöz also promised that an implementation test will be carried out after 1 year. This will specifically examine how key safeguards and due diligence requirements are being met and will be additional to the usual review of a new law after 5 years.