Government Algorithms Fail to Meet EU Data Protection Standards

By Netvora Tech News

---

The Dutch government's algorithms for determining social benefits and tax assessments have failed to meet EU data protection standards, according to a recent audit by the General Inspectorate. The audit evaluated three algorithms, finding that only the one used by the Dutch Employees Insurance Agency (UWV) was largely compliant. The algorithms in question are used to provide personalized support to parents facing financial difficulties due to childcare benefits. The Dutch Tax Authority's algorithm, meanwhile, is designed to detect carousel fraud. However, both algorithms lack essential safeguards, including a data protection impact assessment (DPIA), which is required by the General Data Protection Regulation (GDPR). The audit found that the algorithm used by the Social Benefits Agency (Toeslagen) failed to provide adequate protection for sensitive personal data, particularly for vulnerable groups such as low-income families. The agency's failure to conduct a DPIA before implementing the algorithm means that it did not adequately assess the privacy risks associated with processing personal data. The audit also identified concerns over the potential use of data collected through the agency's coaching program for other purposes, such as surveillance or fraud prevention. Similarly, the tax authority's algorithm lacks transparency, with the agency failing to actively inform citizens and businesses about the processing of their personal data. The General Inspectorate is urging the government to establish clear standards for complex algorithms and AI systems, including adequate data protection, proper IT management, and measures to prevent discrimination. The audit's findings serve as a stark reminder of the need for governments to prioritize privacy and data protection in the development and implementation of algorithmic systems.