Investigation exposes widespread mismanagement of personal data by Dutch police force

The Dutch police force is facing scrutiny over its management of sensitive personal data, following an investigation by Follow the Money. The report raises concerns about the police’s reliance on automated data analysis, which has led to the buildup of large databases containing reportedly unlawfully obtained and outdated information. Experts warn the situation could have serious consequences for both public trust and the integrity of law enforcement.

As digital technology has advanced, the police have increasingly used automated systems to process large amounts of digital information. These tools, including methods used in high-profile cases such as the cracking of encrypted messaging networks Encrochat and Sky ECC, have become central to investigations. However, experts say the growing use of automated data analysis also increases the risk of errors and breaches in data management.

Research based on requests under the Dutch Open Government Act points to systemic problems in the police’s data management practices. Internal audits reportedly show that the police have violated nearly every regulation concerning the collection, processing, and storage of personal data. Despite repeated commitments to address these issues, the police have struggled to maintain data hygiene and ensure the integrity of their systems, the investigation found.

The police have been criticized for retaining information longer than legally allowed, collecting more data than necessary, and failing to protect sensitive data from unauthorized access. Experts say these shortcomings could expose citizens to risks including misuse of their information, discrimination, and wrongful arrests.

Reports from the police’s Data Authority describe a lack of clear responsibility for data management within the organization. Privacy expertise among personnel is described as “basic,” and the capacity to perform necessary tasks is reportedly insufficient. These challenges have contributed to the accumulation of sensitive data, including biometric information such as fingerprints and facial recognition data, without proper legal justification, according to the investigation.

Documents obtained by Follow the Money also show that personal data has been stored on private communication platforms, including WhatsApp, and that records of who accessed sensitive information were not always properly maintained. This lack of oversight has led to incidents of unauthorized data sharing and potential leaks, the investigation found.

Experts say the broader impact of the police’s data management issues extends beyond privacy concerns. They warn that an over-reliance on automated systems could erode officers' ability to make independent judgments and increase the risk of biased or unjust decisions based on flawed data.

Marc Schuilenburg, a professor of Digital Surveillance at Erasmus University, called the situation a “fundamentally rotten system.” He told Follow the Money that the growing use of digital tools without proper safeguards threatens public trust in the police and undermines the legitimacy of their work.

Wouter Landman, a policing scholar, said the focus on data-driven policing must be matched with strict standards for data quality and security. Without addressing these issues, he warned, the integrity of police work could be compromised.