Tax office says it has to work with Microsoft, despite data privacy concerns

The Dutch Tax Administration plans to shift much of its digital workplace to Microsoft’s cloud services, caretaker State Secretary Eugène Heijnen (Tax Administration) told the Tweede Kamer, the lower house of Dutch parliament. According to Heijnen, no suitable alternatives were found, despite efforts to explore European providers.

According to privacy advocates and experts, using U.S.-based cloud services for storing and processing sensitive personal data raises concerns under European privacy law. They warn that GDPR compliance could be at risk, particularly when data is transferred outside the EU.

European cloud providers, including those based in France and Germany, have been considered as potential alternatives. However, many of them fall short of the functional, legal, and technical standards required by Dutch government agencies, particularly when it comes to latency, scalability, security, and interoperability.

Employees have complained that the current system is inefficient and difficult to use. While the work environment will move to Microsoft, sensitive documents and data will continue to be stored on internal servers.

The decision comes despite longstanding calls in parliament for the government to reduce its dependence on major U.S. tech companies. One concern is the risk of “vendor lock-in,” meaning that after choosing a major provider like Microsoft, moving to another service later can become both complicated and expensive.

The Court of Audit also noted that the Dutch government is already relying heavily on public cloud services, but not all of these services have been subjected to thorough risk assessments. According to the same report, roughly 67 percent of the key public cloud services lacked a proper risk assessment.