Record fine to the tax authorities due to blacklist


NOS NewsChanged

The Dutch Data Protection Authority (AP) is imposing a record fine of 3.7 million euros on the blacklist for the Ministry of Finance, on which the tax authorities kept personal information about possible fraudsters for years. With this so-called Fraud Signaling Facility (FSV), Skat has in many respects violated the GDPR privacy law, AP believes.

The AP mentions a large number of violations. For example, Tax did not have the authority to process the personal data on the list. Without such a GDPR basis, the processing of personal data is prohibited.

In addition, personal information was often incorrect. As a result, people were mistakenly registered as possible scammers. Furthermore, security on the list was not in order and the internal privacy supervisor was not involved in setting up the list in a timely manner.

Due to the seriousness, the major consequences and the long persistence of the violation, the AP has sentenced the highest fine so far.

“The Dutch data protection authority’s assessment of FSV is harsh and unmistakable and shows once again that fundamental improvements are needed in the tax and customs services,” said Marnix van Rij, State Secretary for Taxation and Taxation. “Citizens have the right to the government to handle their data with care.” He emphasizes the urgent need to improve data processing and internal supervision.

In the past, the supervisory authority has already imposed a fine of 2.75 million euros on the tax authorities for the case of childcare allowance, where parents had to repay a lot of money due to unfair suspicions of fraud. Then the AP concluded that for years the tax authorities had treated the dual citizenship of the parents in an illegal, discriminatory and therefore inappropriate way.

Victims of the benefits scandal also sometimes ended up on the blacklist, but the blacklist was about more than just the benefits.


The blacklist included a total of 270,000 people, including 2,000 minors, as well as companies.

From 2013 to March 2020, Tax has registered personal information about possible fraudsters. The predecessors of that system had existed since 2001. The system was discontinued when research showed that it violated people’s privacy. Personal data was stored for too long, without valid reason or clear purpose, and too many employees of Tax had access to the poorly secured system.

People ended up on the blacklist if Tax got so-called risk signals. Manuals have been found that show that nationality and age played a role, show two new studies from the auditing and consulting firm PwC. A gift to a mosque could already be a reason for the tax authorities to link the risk of fraud to someone’s name.

Furthermore, the following ‘criminal profile’ was created: “someone with, among other things, low income, average salary, usually young (…) and often of foreign origin”.

Tax has previously announced that 5,000 to 15,000 people have experienced economic negative effects of the blacklist. For example, they received neither debt consolidation nor student finance, nor did they run into financial problems in other ways. It is also possible that their tax returns were more strictly controlled by the tax authorities.

Leave a Comment