The proposal for the database is still in its infancy, but the AP's concerns cast a shadow over the plans.
The government is working on plans for a central database with information about all taxi rides in the Netherlands. Among other things, the GPS coordinates of the start and end points of each ride would be stored. The Dutch Data Protection Authority (AP) has strongly criticized the proposal, which it says does not sufficiently protect the privacy of passengers and entails serious risks.
The central database is intended to help the Human Environment and Transport Inspectorate (ILT) check whether taxi drivers comply with the rules. At present, journey data is only stored locally on the on-board computers in taxis. ILT inspectors have to physically read this data, which is time-consuming. With the new proposal, the journey data would be sent directly to the ILT and stored in a single national database. This should make monitoring more efficient, but according to privacy experts, it raises questions about proportionality and data protection.
privacy risks
AP board member Katja Mur says not a chip left unturned of the proposal. “We understand that the government wants to facilitate supervision,” says Mur. “But by storing the exact GPS coordinates of each ride in one central database, you unnecessarily expose people who use a taxi to privacy risks. Passengers deserve better protection.”
GPS coordinates make it possible to know exactly where someone was picked up and where they were taken. According to Mur, this can lead to uncomfortable and even harmful situations. “Imagine you live on a remote street with few neighbors. With this data, someone can quite easily find out where you go, for example to a therapist or a plastic surgery clinic every week. These are personal matters that people need to be able to trust to remain private.”
danger of data leaks
The AP emphasizes that the risk of data leaks is real. “A data leak is often just around the corner,” warns Mur. “Whether it is a human error, a malicious employee or a hacker. We have often seen that this can go wrong, even at government institutions.”
In addition, the AP points to the risk of 'function creep', where data is ultimately used for purposes other than originally intended. "Perhaps the police will want access to this data at some point," says Mur. "Or the Tax Authorities and municipalities see it as a useful tool for detecting possible fraud. By linking this data to other data, the government can closely monitor people. We absolutely should not want that."
The AP points out to the cabinet that it must eliminate the major risks in a new version of the proposal. For example, the ILT may only collect location data if the cabinet can provide good reasons why this is absolutely necessary. The cabinet is not providing those reasons now.
Another point of criticism is that the current proposal does not make clear how long the data will be retained. “There needs to be a hard limit,” says Mur. “As soon as the data is no longer needed, it needs to be destroyed. Because data that you do not have cannot leak.” The AP also proposes to make the collected GPS data less accurate. This would reduce the risk that individual passengers can be traced. Finally, the supervisory authority urges the government to first provide hard arguments as to why the storage of location data is necessary at all.
political pressure
Social organizations and privacy activists have now expressed their support for the critical notes of the AP. At the same time, the government is under pressure to organize better supervision of the taxi industry, where abuses such as illegal work and unfair competition remain a problem. How the government intends to strike a balance between more efficient surveillance and the protection of privacy remains unclear for the time being. With the strong warnings from the AP, it seems certain that adjustments are needed before the proposal can gain political and social support.