The Fraud Helpdesk is not allowed to collect and store the personal data of possible fraudsters. This is because it is not an investigative agency and does not need any criminal information to carry out its task. Moreover, the people in the systems of the Fraud Helpdesk do not have the same rights as suspects who appear in the systems of the police.
This has been determined by the Dutch Data Protection Authority. The regulator, therefore, rejected the license application last summer.
Fraud helpdesk wants to take care of registration of possible fraudsters
The Fraud Helpdesk, which was established ten years ago at the initiative of the government, fulfils two important tasks. In the first place, she advises people, companies and organizations that have become victims of fraud. Then you have to think of phishing, spoofing, identity fraud, helpdesk fraud, WhatsApp fraud, and so on. In addition, the Fraud Helpdesk organizes information campaigns for citizens and companies. For example, if a malicious e-mail from a leading authority or government body is circulating, the Fraud Helpdesk will warn us about it.
If it is up to the Fraud Helpdesk, it will take on a third task: registering fraud reports. Then the agency not only records details about the working methods of the scammers but also personal data of the suspected perpetrators. We are talking about things like names, residential addresses, telephone numbers and e-mail addresses.
AP: fighting fraud is the task of the police
Katja Mur, the board member of the Dutch Data Protection Authority, acknowledges that fraud is a major problem in the Netherlands. She applauds that there are bodies such as the Fraud Helpdesk, where citizens who are victims of fraud can go for information. “But for that, it is not necessary to collect criminal personal data,” says Mur.
According to her, this is not for nothing. “The police and the judiciary have all kinds of safeguards built in to prevent unauthorized persons from accessing that data and to guarantee that people can defend themselves against accusations. In an interrogation at the police station, a suspect can tell his side of the story. That is not the case with the Fraud Helpdesk.”
Detecting fraudsters is also important. Fighting fraud is therefore a task of the police. “If the police have too little capacity for fraud cases, that is a serious problem. But the solution to that problem should not be to transfer police tasks to a foundation, which lacks the important guarantees for citizens,” says Mur.
‘You carry a stigma with you for the rest of your life’
The board member points out that there are major privacy risks if the Fraud Helpdesk records criminal data of suspected fraudsters. Especially if people are wrongly included in such a database. “The consequences for people in that database are then incalculable. If you are known as a fraudster, even if this is unjustified, you could be fired, for example. Then it may be difficult to get a loan or to rent a home. You then carry a stigma with you for the rest of your life,” says Mur.
In addition, the supervisor points out the dangers if this data ends up on the street. Then all kinds of personal and privacy-sensitive data of citizens roam the internet. If this information ends up in the wrong hands, those on the registry are even further from home. For hackers and cybercriminals, this data is worth its weight in gold: they use it to scam people or sell it to the highest bidder.
Second time that AP rejects Helpdesk fraud permit application
It is not the first time that the Dutch Data Protection Authority has rejected a license application from the Fraud Helpdesk. In 2019, Safecin, the foundation that includes the Fraud Helpdesk, also applied for a license to process criminal personal data. In November of that year, the regulator rejected the application because the application was not careful enough.
AP board chairman Aleid Wolfsen said at the time that the Fraud Helpdesk ‘should do its homework better. Almost two years later, the Fraud Helpdesk is still unable to convince the regulator.
Catch up on more articles here
Follow us on Twitter here