Machine translations by Deepl

Minister Hoekstra: prevent rampant export of EU personal data!

The Finance Ministry is about to require companies to export personal data on a large scale. The measure is hidden in a side sentence of a Finance Minister's parliamentary letter, but has major implications.

The measure requires companies to send customer data with 'virtual assets' (digitally tradable goods such as bitcoins, real estate but also purchases in computer games). The information of all parties involved will remain visible to everyone in the value chain.

Consumers, businesses and citizens cannot object to the mandatory addition of their personal data. Political attention does not get this issue because it is presented as a technical measure. In the Chamber letter of 21 March 2019, the minister fails to point out the large scope and impact. It does suggest that market responses will be responded to through a consultation round.

Privacy First and VBNL (United Bitcoin Companies Netherlands) have since understood that global objections to the measure are being ignored. That is why today we sent a fire letter to the Minister of Finance. We ask him to study the issue more closely, with all relevant Ministries and above all: to better inform parliament. In doing so, we point out the conflict the measure may have with other international agreements and treaties that protect privacy.

Where consumers are known to be very reluctant to make their own data available, the government should be too. Privacy First finds it extremely objectionable that the Ministry of Finance seems to be planning to grant permission for unrestrained export of personal data on behalf of all Dutch consumers and companies until the end of time.

The argument that this would be a necessary counter-terrorism measure is unfounded. Experts at Europol (!) indicate that the said international proposal is "overkill" and not necessary for detection. The rule adds nothing to the existing European framework to combat money laundering and terrorist financing and only increases the risk of unwanted data breaches.

Privacy First and VBNL hope that the fire letter will make parliament realise that this is a measure that goes even further than PSD2. Indeed, under PSD2, consumers can decide themselves to share data. Under this proposal, that right would be taken away for all kinds of economic transactions, indefinitely. We therefore call on parliamentarians to protect consumers and businesses from this unnecessary proposed measure.

Our entire letter is read here (pdf).

This post was also published on