RIEC/LIEC: How Tax Data Flowed to Crime-Fighting Centers Without Citizens' Knowledge

Summary

The Belastingdienst shared surveillance data from RAM and FSV with the Regionaal Informatie en Expertise Centrum (RIEC) and Landelijk Informatie en Expertise Centrum (LIEC) — interagency crime-fighting centers that coordinate administrative, criminal, and fiscal interventions against organized crime. Citizens were never informed that their tax data was being used for criminal investigations. The KPMG RAM report (February 2025) confirms that RAM was used for “integral consideration of fiscal interest in combating organized crime in RIEC and LIEC.” This constitutes a purpose shift (doelverschuiving) violating AVG/GDPR Article 5(1)(b).

Context

What are RIEC and LIEC?

RIEC (Regionaal Informatie en Expertise Centrum) consists of 10 regional centers across the Netherlands. LIEC (Landelijk Informatie en Expertise Centrum) is the national coordination body. Together, they:

• Produce “integrale handhavingsadviezen” (integral enforcement advice)
• Coordinate administrative, criminal, and fiscal interventions
• Bring together: municipalities, provinces, police (politie), Public Prosecution Service (OM), Belastingdienst, FIOD, Douane, IND, UWV, KMar, ISZW, NVWA

The data flow

RAM operated from 1998 to 2018, profiling virtually all taxpayers. FSV operated from 2007 to 2020, registering ~180,000 citizens as fraud suspects. Both systems fed data into RIEC/LIEC channels without:

• Informing affected citizens
• Establishing a separate legal basis for criminal-law use of tax data
• Weighing the content of signals before sharing
• Maintaining an audit trail of what was shared with whom

What happened

The KPMG report (February 2025) explicitly states that RAM was used for “integraal meewegen fiscale belang bij de aanpak van georganiseerde criminaliteit in Regionale Informatie en Expertise Centra (RIEC) en het Landelijk Informatie en Expertisecentrum (LIEC).”

The PwC working document (February 2022) confirms that FSV data flowed into RAM for RIEC/LIEC projects without weighing the content of signals. FSV registrations — which included citizens registered without verification or due process — were used in RAM analyses for crime-fighting purposes.

The AP report (July 2025) found that the Belastingdienst “systematically evaded oversight” by not registering data processing with the FG and CBP/CPB as legally required.

Evidence

Analysis

Legal violations

• AVG/GDPR art. 5(1)(b) (purpose limitation): Tax data collected for tax purposes was repurposed for criminal investigations without a separate legal basis.
• AVG/GDPR art. 6 (lawfulness): No specific legal basis for sharing tax data with criminal investigation bodies.
• AVG/GDPR art. 9 (special categories): RAM contained nationality data, criminal justice data, and data from which sexual orientation could be derived — all shared without adequate safeguards.
• ECHR art. 8 (private life): Uncontrolled sharing of personal data across 600 processes and 800 applications.
• ECHR art. 6 (fair trial): Citizens cannot challenge data sharing they are unaware of.

Scope

The Belastingdienst operated 600 processes and 800 applications at the time of ECLI:NL:RBGEL:2023:4646 (August 2023). The AP identified 6 comparable systems still active: Gruff, Informatiesjabloon, KTA (18,000 employees with access), IHP, SMOB, and PRISMA. The potential scope of data sharing with RIEC/LIEC across all these systems is enormous and uninvestigated.

Sources

• KPMG, Rapport onderzoek RAM bij Belastingdienst, Dienst Toeslagen en Douane, 25 februari 2025
• PwC, Onderzoek effecten FSV MKB, 17 maart 2022
• Autoriteit Persoonsgegevens, Onderzoek naar RAM en vergelijkbare systemen, 9 juli 2025
• ECLI:NL:RBGEL:2023:4646 — Rechtbank Gelderland, 15 augustus 2023
• ECLI:NL:RBDHA:2023:11856 — Rechtbank Den Haag, 8 augustus 2023
• RIEC/LIEC Jaarverslag 2022, Rijksoverheid
• Jaarverslag RIEC/LIEC 2021, Eerste Kamer