Success should be celebrated. Last month, the European Digital Markets Act was passed. A new European law that curbs the market power of big tech companies and brings back competition in the digital domain. Together with a number of other European laws (DSA, AI Act, Data Act), this should counter the data greed of Big Tech. The tide seems to be turning.
But a great deal of work still needs to be done. For example, the government’s hunger for data is still not satiated. Despite the numerous examples of how damaging data collection and automated analysis by the government can be. The Dutch childcare benefits scandal speaks for itself, of course. But the illegal tracking of activists by the National Coordinator for Counterterrorism and Security (NCTV) also leads to them quitting their legitimate activism, and that erodes our democracy.
There are examples of people whose welfare benefits were wrongfully cut based on data on water use. Clearly, the trust in the government is gone among these people. Not to mention the vast amounts of taxpayer money wasted each year on these types of systems.
Personal Records Database Act
Yet almost every week new laws are presented that allow more data to be collected, linked and analyzed. Examples are the expansion of the Intelligence and Security Services Act, the NCTV Act, and an amendment of the Personal Records Database Act.
That the government continues to collect, link and analyze more data despite all that has gone wrong is due to a deep-seated belief in data. The belief that collecting more data leads to better outcomes. Undeniably, in some cases it does, but the balance has now been lost.
Nowhere is that belief in data more prevalent than in the security domain. In recent years, intelligence agencies, police and other investigative services have been granted a host of additional powers. Mass Internet taps, ANPR cameras that monitor 5 million cars every day, phone hacking, storing passenger data of everyone who books a flight, ‘living labs’ with automated systems that combine data from ANPR cameras, heart rate monitors and other sensors, facial recognition, drones and so on.
More efficient expenditure
The question is: is this really effective? The only reason to curtail people’s fundamental rights so profoundly is if it contributes in a concrete way to our security. Moreover: how much does it cost? Couldn’t the money that we now spend on sensors, data systems and algorithms be spent in a more efficient way? On community policing, for one thing. These are tough questions to answer. Overviews of the costs are hardly ever made. Evaluations are lacking or are very flawed. Nonetheless, some indications that can be found.
Take the evaluation of the so-called PNR Act (Dutch Act on the Use of Passenger Data to Combat Terrorist and Serious Crimes) whereby passenger data of every flight that departs or arrives in the Netherlands is stored: ‘On the basis of the available information, it is virtually impossible to ascertain the role that such passenger data has played in criminal investigations. To date, no verdict by a criminal court has been pronounced wherein passenger data was used as evidence on the basis of the PNR Act’.
In a word: ineffective. Costs: 22 million euros per year. Or take the evaluation of the powers of the ANPR. Again, for this authorization, storing all license plates that pass by ANPR cameras has not proven to be effective. Cost: not transparent, but storing so many photos costs millions, probably tens of millions, of euros per year in any event.
If the Dutch House of Representatives is serious about its monitoring role and budgetary rights, these kinds of powers need to be better scrutinized. Those tens of millions that are wasted each year on ineffective regulatory powers could also be spent on community policing or vice squads. Things that really make us safer.
There is a need for a rethink about the usefulness of collecting, linking and analyzing data. Over the past few years it has been blindly assumed that it would deliver added value, but that has not turned out to be the case. It is now time for a more mature discussion about data collection.