Timeline
Timeline of the Childcare Benefits Scandal
1998
The Belastingdienst launches the Risk Assessment Model (RAM), a surveillance system that profiles virtually all taxpayers for 20 years by linking 69 source systems including nationality data, criminal records and scraped internet data.
2007
The Fraud Signalling Facility (FSV — Fraud Signalerings Voorziening) becomes operational, registering citizens as fraud suspects without verification, due process or notification.
2013
- Deloitte builds risk classification models for childcare and housing allowances using “BVR Nationaliteit” as fixed source data in SAS models trained on only 200 examples.
- The Belastingdienst/Toeslagen deploys Heidi, a logging system that collects portal data from the benefits website, tracking user behavior including clicks and form interactions.
2013-2015
The Ministerial Commission on Fraud Approach (Ministeriële Commissie Aanpak Fraude), led by Prime Minister Mark Rutte, coordinates 10 prioritized fraud themes across dozens of teams.
2014
- Internal reports flag discriminatory practices in risk profiling. No corrective action is taken.
- 11,236 tax returns are selected for additional scrutiny based on second nationality (2012-2014).
2015
The Combiteam Aanpak Facilitators (CAF) applies an 80/20 assumption to gastouderbureaus (childcare agencies): 80% assumed guilty, collective punishment of ~2,200 connected families.
2017
- September: Heidi log files are deleted or transferred.
- July: Security audit rates RAM vulnerabilities as CRITICAL and HIGH, recommending immediate shutdown.
2018
- RTL Nieuws investigative reports expose the scale of wrongful fraud accusations.
- May 24: RAM is deactivated, one day before the GDPR (AVG) takes effect.
2019
- Government acknowledges institutional failure.
- ~9,000 paper objection files are prematurely destroyed.
- May: 64 million unsorted files are moved to a “data vault” (datakluis) as an emergency GDPR measure.
2020
- February 27: FSV is taken offline after the AP (Data Protection Authority) finds the practice unlawful and discriminatory.
- March: Commissie-Donner report “Omzien in verwondering” published.
- December: Parliamentary inquiry committee “Ongekend Onrecht” publishes findings.
2021
- January: Cabinet Rutte III resigns over the scandal.
- The Autoriteit Persoonsgegevens fines the Belastingdienst €2.75 million for FSV violations (total fine: €3.7 million).
- December 22: Catshuis agreement sets flat compensation at €30,000 per affected parent.
2022
- PwC confidential working document (February) documents institutional racism: “allochtoon” as primary selection criterion, “…IC” surnames as risk indicator, mosques as standard risk category.
- KPMG begins investigation into RAM.
2023
- ECLI:NL:RBDHA:2023:11856: First court ruling accepting discrimination “cannot be excluded” in Belastingdienst investigations (As-Soennah mosque).
- ECLI:NL:RBGEL:2023:4646: Court orders Belastingdienst to search beyond FSV into all 600 processes and 800 applications.
2025
- February: KPMG publishes 330-page RAM investigation report.
- July: AP report confirms “discriminating processing” in RAM, identifies 6 comparable systems (Gruff, Informatiesjabloon, KTA, IHP, SMOB, PRISMA).
- April 15: Datakluis with 64 million files revealed to parliament — 9 months after rediscovery.
2026
- March 19: Commission for Actual Damage (CWS) stops accepting new cases. ~7,000 parents redirected to flat-rate routes.
- Recovery operation reports 69,000+ registrations assessed, ~€3.36 billion total compensation paid.
- Inspectie OE starts exploratory investigation into datakluis (April 22).
