WRR Working Paper 21: Big Data Fraud Prevention — Pre-Scandal Warning
WRR Working Paper 21, published April 2016, documented the Belastingdienst's data analytics practices — including the BI&A unit processing data on 11 million citizens, SyRI's predecessor called 'Black Box' operating without legal basis, and indirect discrimination through profiling using vacation destinations and nationality as proxies for fraud risk — years before the toeslagenaffaire scandal broke.
Executive Summary
WRR Working Paper 21, authored by investigative journalist Peter Olsthoorn and published in April 2016, is the definitive pre-scandal document about Belastingdienst data practices. Written before the toeslagenaffaire erupted, it describes the exact systems, methods, and risks that would lead to the largest government scandal in Dutch history.
What Happened
The Belastingdienst operated a Business Intelligence & Analytics (BI&A) unit of approximately 40 young academics processing data from 11 million citizens, 1.5 million companies, and 1 million daily transactions. This unit developed “self-learning” risk models that would later prove discriminatory. The document reveals that SyRI was previously called “Black Box” and operated for years without individual legal basis under the name, within the rules of the Wet bescherming persoonsgegevens but “largely hidden from public scrutiny.”
The paper documented how indirect discrimination occurred through profiling: not selecting by ethnicity directly, but using vacation destinations, vacation duration, and family size as indicators that effectively targeted allochtonen. The Hague’s SmartBox system refused transparency, stating they did not wish to communicate “because we can derail our own success.”
Evidence
Specific evidence includes: (1) SyRI predecessor “Black Box” operated without separate legal basis until Wet SUWI art. 64-65 provided one per January 1, 2014; (2) 17 categories of data including fiscal data, benefits data, housing data, and health insurance data were combined; (3) The Belastingdienst had “virtually unlimited” access to its own big data for fraud prevention; (4) A proposed framework law would shift the default from “no, unless” to “yes, unless” for data sharing; (5) The WRR warned that “an enormous and rapidly growing data complex” was emerging “largely unnoticed.”
Analysis
This document is critical because it proves the risks were known and documented before the scandal. The WRR explicitly warned that profiling was “a logical consequence” of the intertwining of social policy domains with criminal justice. The paper’s cross-references with later investigative reports (PwC, Deloitte, Data Vault) confirm that every warning went unheeded. The BI&A “breeding chamber” directly produced the discriminatory models later confirmed by the AP’s €2.75 million fine. WRR Report 97 (2017) used childcare benefits explicitly as a negative example, yet no action was taken.
Sources
- WRR Working Paper 21 — Big Data voor Fraudebestrijding, april 2016, ISBN 978-94-90186-30-2
- WRR Rapport 95 — Big Data in een vrije en veilige samenleving (2016)
- WRR Rapport 97 — Weten is nog geen doen (2017)
- Rapport 8 — PwC Werkdocument FSV Effecten
- Rapport 9 — Risicoclassificatie Toeslagen met Deloitte (2013)
Sources
- WRR Working Paper 21 — Big Data voor Fraudebestrijding, april 2016
- WRR Rapport 95 — Big Data in een vrije en veilige samenleving, 2016
- WRR Rapport 97 — Weten is nog geen doen, 2017
- Rapport 8 — PwC Werkdocument FSV Effecten
- Rapport 9 — Risicoclassificatie Toeslagen met Deloitte (2013)