Your bank account: the shortcut to your private life (part 3)

What is the WGS?

The proposed Data Processing by Collaborative Groups Act (WGS) will allow government and industry to structurally share data in so-called collaborative groups to fight various forms of crime and offences. Some four such collaborations already exist, while the WGS is not yet in place. The law aims to provide these existing collaborations with a legal basis, but also to enable more far-reaching collaboration and even make participation in them mandatory for private parties.

What does the WGS have to do with my bank details?

Currently, there are already two partnerships in which your bank details and other financial data can be shared between participating parties. The main partnership is the Financial Expertise Centre (FEC), but bank details can also be shared in the Infobox Criminal and Unexplained Assets (iCOV). In the FEC and iCOV, bodies such as the police, OM, FIU-NL, FIOD and the Tax Authority work together with the aim of combating financial-economic crime and tracing criminal and 'unexplained' assets. The financial regulators, De Nederlandsche Bank (DNB) and the Financial Markets Authority (AFM), are also involved in the FEC and the iCOV. What is special about the FEC is that banks participate in it together with these government agencies. Data exchange currently takes place on the basis of mutually concluded covenants.[1]

Together, the participants in the FEC and the iCOV hold countless financial data on citizens and businesses and can share this data for very broadly defined purposes. What exactly happens within these bodies and how strictly they treat rights of citizens whose data is shared is unclear: the FEC and iCOV are effectively black boxes.

The FEC and the iCOV publish annual reports, but little tangible conclusion about their effectiveness can be drawn on this basis. Concerns about that effectiveness do exist: the Court of Audit characterised government policies to take away as many criminally acquired assets as possible, and in which the iCOV plays an important role, in 2022 as "much sown and limited harvested.^[2]

The WGS makes it possible to create even more partnerships like the FEC and iCOV and makes the possibilities of data sharing much greater and more structured. Until now, data sharing between public authorities and private parties has been done on the basis of protocols, because confidentiality obligations and legal guarantees for citizens have to be taken into account. These barriers are removed in one fell swoop with the WGS. The WGS allows banking data to be combined with all kinds of other data for investigation purposes. Data sharing is not limited to facts, but also includes sharing 'signals', suspicions and blacklists.

Under the WGS, private parties of all kinds may be required to share data with the government. From a recent interview with the chairman of the FEC[3] shows that it hopes, for example, to "cooperate" with several other money-laundering gatekeepers such as lawyers and notaries.

What information will be shared under the WGS?

Use of and combining all conceivable data becomes possible: identification data of persons and their financial data, asset data, data on relations between persons and assets, information on previous illegalities, on relations or contacts, police data, judicial and criminal data, etc. etc.

Who checks that partnerships are acting correctly?

The WGS provides for a legality advisory committee to review the working practices of the collaboratives. The partnerships must commission a periodic privacy audit and prepare annual reports, reporting on the usefulness of the results. The results of privacy audits are not public. The WGS has no mechanism that leads to termination or suspension of a collaboration if data sharing is found to have been unlawful or disproportionate. Finally, the law does not specify when partnerships can be considered effective.

Privacy First position

Privacy First learned of the WGS in 2020 with dismay and does not understand why neither Minister nor Parliament have since repented. The proposal lays the groundwork for mass surveillance on an unprecedented scale, and a new Sleep Act is in the making: public and private parties will participate in a wide variety of new black boxes. In these, all possible financial and other data on citizens will be able to be continuously exchanged and used for unforeseen purposes through data mining and profiling. The WGS unlocks new opportunities for public authorities to structurally and widely access your bank data, while citizens cannot do without bank accounts.

The WGS is currently under consideration in the Senate. The SyRI Coalition, the civil society coalition that won the lawsuit against the Systemic Risk Indication (SyRI) in early 2020 and of which Privacy First is a part, has already told the Senate repeatedly urged not to adopt the WGS bill. Privacy First finds previously expressed objections to this proposal unabated in scope and seriousness.

Privacy First hopes the Senate will now follow through and reject the bill.

[1] Covenant FEC 2014: https://zoek.officielebekendmakingen.nl/stcrt-2014-2351.html
Covenant iCOV 2018: https://zoek.officielebekendmakingen.nl/stcrt-2019-11302.html

[2] Court of Audit report Criminal asset recovery: https://www.rekenkamer.nl/publicaties/rapporten/2022/06/08/strafrechtelijk-afpakken-van-crimineel-vermogen

[3] AFM boss Van Geest hopes for 'new drag law' against financial criminals, Financial Daily, 4 February 2024.