Senate approves Partnership Data Processing Act | News

News | 18-06-2024 | 15:00

The law affects four existing partnerships:

• Care and Safe Homes (ZVH) deal with complex issues that transcend the criminal, care and municipal fields, such as domestic violence, (juvenile) crime and misunderstood and seriously disturbed behaviour.
• The Regional Information and Expertise Centre (RIEC) works to combat organised and disruptive crime.
• The goal of the Financial Expertise Centre (FEC) is to increase the integrity of the financial sector and thereby reduce illicit financial flows in and through the Netherlands.
• The Criminal and Irresponsible Assets Information Box (iCOV) produces reports that can be used to track the location of hidden, potential criminal or tax evasion assets.

As Minister Yeşilgöz-Zegerius explains, “The current rules are often unclear, complex and do not facilitate cooperation or the careful exchange of information. Moreover, ambiguity creates deadlocks precisely when joint action is needed. Therefore, the new rules set a clearer framework for what the various institutions in the fields of healthcare, the justice chain and public administration can do with personal data, in other words, which information can be shared, for what purposes and how it should be protected. In this way, personal data will be protected more effectively. At the same time, it allows us to prevent an unnecessary incompleteness, fragmentation or compartmentalization of the institutions in the fight against organized crime and in providing help in cases involving domestic violence or complex issues.”

Safety precautions

The working group aims to have it enter into force by 1 January 2025, or as early as possible, although this will depend in part on when the Decree on Data Processing Partnerships can be published in the Decree Gazette. The advisory arm of the Council of State has been asked to advise on this Decree in Council, which further clarifies the basis for data sharing and incorporates additional safeguards for the protection of personal data. This process took into account questions raised by Parliament, the Netherlands Institute for Human Rights, the Data Protection Authority and information from the advisory arm of the Council of State, which was published at the request of the Senate.

The entry into force of the working group will therefore ensure that safeguards are in place to ensure that a signal, request or case meets the criteria to constitute a justification for data processing within the partnership. Other safeguards include the appointment of a Legality Advisory Committee to assess legality and combat discrimination risks, the requirement for an independent privacy audit; data quality assessments and the establishment of a contact point provided by the partnership itself so that the public can exercise their rights under the General Data Protection Regulation (GDPR). Implementation will also be subject to the obligation to provide appropriate data processing training and education. During the Senate working group discussions, Minister Yeşilgöz also promised that an implementation test will be carried out after 1 year. This will specifically check the fulfilment of key safeguards and due diligence requirements and will be in addition to the regular review of the new law after 5 years.