Government Algorithms and Rights Violations at the Belastingdienst
The Dutch Tax Authority (Belastingdienst) operates 68 registered algorithms, of which more than 50 have been ruled discriminatory and unlawful by the Data Protection Authority (AP). The Algemene Rekenkamer confirms systematic AVG violations. This investigation exposes the scale of algorithmic rights violations and their direct link to the childcare benefits scandal.
Executive Summary
The Belastingdienst runs 68 registered algorithms, 65 classified as “impactful,” affecting millions of citizens and businesses. The Autoriteit Persoonsgegevens (AP) concluded that more than 50 of these algorithms are discriminatory and unlawful. The historical Risico Analyse Model (RAM) made distinctions based on nationality, a flagrant violation of the prohibition on discrimination. Despite government claims of compliance, 67 of 68 algorithms have no completed Data Protection Impact Assessments (DPIAs).
What Happened
The Dutch government’s Algorithm Register (algoritmes.overheid.nl) lists 1,416 algorithms across all government organizations. The Belastingdienst alone accounts for 68, nearly all in active use. In October 2025, the AP found that over 50 of these algorithms discriminate on prohibited grounds, potentially invalidating millions of tax assessments. The Rekenkamer’s May 2025 audit of the carousel fraud algorithm confirmed it failed AVG requirements for DPIA, bias testing, and change management. The Dienst Toeslagen scored “insufficient” on eight of sixteen audit criteria.
Evidence
Key findings from the AP ruling on RAM: the Belastingdienst unlawfully processed special category personal data and criminal records, made distinctions based on nationality without objective justification, failed to implement adequate security measures, and evaded oversight for years. The Rekenkamer confirmed both the Belastingdienst and Dienst Toeslagen fail to meet AVG standards. The SyRI system was ruled in violation of Article 8 ECHR by the District Court of The Hague in February 2020. The Belastingdienst’s own website claims compliance with AVG and transparency, yet 67 of 68 algorithms lack completed impact assessments.
Analysis
The pattern is structural, not incidental. The Belastingdienst operates a “toezichtarrangement” with the AP, indicating ongoing regulatory concern. When an algorithm is unlawful, decisions based on it are voidable under Article 8:72 AwB, and the State may face liability under Article 6:98 BW. The “impactful” label has been applied to 65 of 68 algorithms, rendering it meaningless as a risk classification. The Algorithm Register relies on self-registration with no legal obligation to comply, meaning the actual number of algorithms in use is likely higher. The chain effect through the Schuldenknooppunt and municipal systems extends Belastingdienst data without adequate safeguards.
Sources
- algoritmes.overheid.nl (April 2026, 1,416 registered algorithms)
- AP ruling on RAM and 50+ discriminatory algorithms (2025)
- Algemene Rekenkamer audit of Belastingdienst, Dienst Toeslagen, UWV algorithms (21-05-2025)
- Follow the Money: “Meer dan 50 algoritmes van de Belastingdienst zijn onrechtmatig” (11-10-2025)
- Rechtbank Den Haag SyRI ruling (EVRM Art. 8 violation, February 2020)
- KPMG report on RAM (7 February 2025)
- over-ons.belastingdienst.nl/onderwerpen/omgaan-met-gegevens/algoritmeregister/
- NOS: Belastingdienst op de vingers getikt (2025)
Sources
- algoritmes.overheid.nl - Algoritmeregister (April 2026)
- Autoriteit Persoonsgegevens - AP Belastingdienst moet systemen stopzetten (2025)
- Algemene Rekenkamer - Privacyproblemen bij algoritmes (21-05-2025)
- Follow the Money - Meer dan 50 algoritmes van de Belastingdienst zijn onrechtmatig (11-10-2025)
- Rechtbank Den Haag - SyRI ruling (February 2020)
- over-ons.belastingdienst.nl - Algoritmeregister pagina
- Dataethiek.info - AP bevindingen (11-11-2025)
- NOS - Belastingdienst privacyrisico's (2025)
- College voor de Rechten van de Mens - Overheid en algoritmes