Risk profiling Act SyRI off the table
This week the regional court in The Hague gave a ruling that has attracted international attention. The State of the Netherlands (Ministry of Social Affairs) was taken to court by two famous writers, Wieringa and Februari, several NGOs and a trade union.
The object of the legal battle was the profiling system the government had developed to detect possible fraud with social benefits. The system, called SyRI, was founded on special legislation, the SyRI Act which was adopted in 2013. One might think that the role of privacy or other fundamental rights in relation to technology was debated less back then than it is nowadays. This is not the case. The Dutch Data Protection Authority and the Council of State advised publicly against the Act. Nor did the responsible minister lack knowledge in the area; a few years before he became a professional politician, he wrote a PhD thesis on the relationship between the constitutional protection of freedom of expression and communications secrecy and the information society.
The idea behind SyRI is to gather all kinds of personal data and analyze it. The data is collected from all kinds of separate public agencies: data on income, house ownership, benefits, address, family relations, debts, and data on the use of water and energy. In the Netherlands, many governmental tasks are divided over many separate agencies. With the rise of ICT, it became possible to share large amounts of data on many inhabitants. Using algorithms, people could be scored, the highest score leading to the label ‘worth investigating’.
If this was the case, the data of these people and the score were sent to the responsible agency to conduct an investigation: administrative desk research, a house visit to check the legitimacy of the benefit, or a hearing to prepare sanctions. In its ruling, the court stated that the SyRI Act conflicts with Article 8 of the European Convention on Human Rights (ECHR). The ruling was covered in international media, including The Guardian:
The court ruled that the SyRI legislation contained insufficient safeguards against privacy intrusions and criticised a 'serious lack of transparency' about how it worked. It concluded in its ruling that, in the absence of more information, the system may, in targeting poor neighbourhoods, amount to discrimination on the basis of socioeconomic or migrant status.
The system did not pass the test required by the European convention on human rights of a 'fair balance' between its objectives, namely to prevent and combat fraud in the interest of economic wellbeing, and the violation of privacy that its use entailed, the court added, declaring the legislation was therefore unlawful. The Dutch government can appeal against the decision.
Marlies van Eck, Assistant Professor Digital Government at eLaw in Leiden, was in the courtroom when the court gave its ruling. ‘There was a surreal atmosphere. You could hear annoying beeps coming out of bags: several ‘Siri’s’ responded automatically every time the judge read the word SyRI.’
Van Eck, who conducted her PhD research on automated decision-making by the government in relation to administrative justice and legal protection, sees a global trend in the awareness of the potential harm of these large-scale governmental systems.
'The use of technology by the government is more than a matter of data protection rights. It can be used selectively and, by doing so, adversely affect certain groups of people. The equality principle is at stake. The risk of abuse of power. It may infringe on the non-discrimination obligations we already know as our fundamental rights. But it can also lead to stigmatization, based on socioeconomic status or pretty random correlations like owning a red car or having two dogs.' Van Eck warns:
'This may seem like a victory for the rule of law: citizens opposing these systems and demanding the legislature takes the ECHR into account. And it is. But this was a very rare system, namely the only one in the Netherlands that is based upon a special act. It is very hard to know what other systems are used in other projects by other agencies. This legal case shows how important it is that the information is at least publicly available, so that the use of the system can be challenged.”