The tax authorities reintroduced three risk models they had temporarily disabled in 2021 because they did not comply with the GDPR. However, privacy research for one of the risk models has not yet been completed, as can be read in the government’s response.

Outgoing Ministers of State Alexandra van Heuvelen (Home Affairs) and Marnix van Rij (Finance) Write in a comment To the House of Representatives that the tax authorities conducted a risk assessment when using the risk models that were disabled in 2021: “Sales tax circular fraud”, “VAT number issuance” and “Negative sales tax”. This decision could have resulted in reuse of the models. Any risks that may arise are considered “acceptable,” Van Heuvelen and Van Rij wrote.

Although the “negative sales tax” model has been reused, it still needs to be equipped with a data protection impact assessment. GEB examines the privacy risks that exist when processing data, so that the necessary measures can be taken to mitigate the risks. It is not clear when the privacy investigation should be completed. Risk models should also be included in the algorithm’s history in the context of transparency.

Investigative journalism platform Follow the money It was reported last December that tax authorities may still be violating the law through the three risk models. Although the risk of discrimination was considered high, the algorithms were running again after a short pause. However, the merits issue has already underscored that discriminatory algorithms, insufficient transparency, and careless processing of data can have disastrous consequences for citizens.