Timeline

Timeline of the Childcare Benefits Scandal

1998

The Belastingdienst launches the Risk Assessment Model (RAM), a surveillance system that will profile virtually all taxpayers for 20 years by linking 69 source systems including nationality data, criminal records, and scraped internet data.

2007

The Fraud Signalling Facility (FSV — Fraud Signalerings Voorziening) becomes operational, registering citizens as fraud suspects without verification, due process, or notification.

2013

• Deloitte builds risk classification models for childcare and housing allowances using “BVR Nationaliteit” as fixed source data in SAS models trained on only 200 examples.
• The Belastingdienst/Toeslagen deploys Heidi, a logging system that collects portal data from the benefits website, tracking user behavior including clicks and form interactions.

2013-2015

The Ministerial Commission on Fraud Approach (Ministeriële Commissie Aanpak Fraude), led by Prime Minister Mark Rutte, coordinates 10 prioritized fraud themes across dozens of teams.

2014

• Internal reports flag discriminatory practices in risk profiling. No corrective action is taken.
• 11,236 tax returns are selected for additional scrutiny based on second nationality (2012-2014).

2015

The Combiteam Aanpak Facilitators (CAF) applies an 80/20 assumption to gastouderbureaus (childcare agencies): 80% assumed guilty, collective punishment of ~2,200 connected families.

2017

• September: Heidi log files are deleted or transferred.
• July: Security audit rates RAM vulnerabilities as CRITICAL and HIGH, recommending immediate shutdown.

2018

• RTL Nieuws investigative reports expose the scale of wrongful fraud accusations.
• May 24: RAM is deactivated — one day before the GDPR (AVG) takes effect.

2019

• Government acknowledges institutional failure.
• ~9,000 paper objection files are prematurely destroyed.
• May: 64 million unsorted files are moved to a “data vault” (datakluis) as an emergency GDPR measure.

2020

• February 27: FSV is taken offline after the AP (Data Protection Authority) finds the practice unlawful and discriminatory.
• March: Commissie-Donner report “Omzien in verwondering” published.
• December: Parliamentary inquiry committee “Ongekend Onrecht” publishes findings.

2021

• January: Cabinet Rutte III resigns over the scandal.
• The Autoriteit Persoonsgegevens fines the Belastingdienst €2.75 million for FSV violations (total fine: €3.7 million).
• December 22: Catshuis agreement sets flat compensation at €30,000 per affected parent.

2022

• PwC confidential working document (February) documents institutional racism: “allochtoon” as primary selection criterion, “…IC” surnames as risk indicator, mosques as standard risk category.
• KPMG begins investigation into RAM.

2023

• ECLI:NL:RBDHA:2023:11856: First court ruling accepting discrimination “cannot be excluded” in Belastingdienst investigations (As-Soennah mosque).
• ECLI:NL:RBGEL:2023:4646: Court orders Belastingdienst to search beyond FSV into all 600 processes and 800 applications.

2025

• February: KPMG publishes 330-page RAM investigation report.
• July: AP report confirms “discriminating processing” in RAM, identifies 6 comparable systems (Gruff, Informatiesjabloon, KTA, IHP, SMOB, PRISMA).
• April 15: Datakluis with 64 million files revealed to parliament — 9 months after rediscovery.

2026

• March 19: Commission for Actual Damage (CWS) stops accepting new cases. ~7,000 parents redirected to flat-rate routes.
• Recovery operation reports 69,000+ registrations assessed, ~€3.36 billion total compensation paid.
• Inspectie OE starts exploratory investigation into datakluis (April 22).