The Dutch Data Protection Authority (AP) said that the governmentโs plan to create a centralized database for all the personal data people provide when applying for passports, including photos, fingerprints, and signatures, would create a โgoldmine for hackers.โ
Currently, the data is stored at the municipality where someone is applying for the passport. However, the government wants to amend the Passport Act to create a central national database. The fingerprints would be stored until the issuance of the passport, but the photos and signatures would be stored for longer.
AP chair Aleid Wolfsen said: โThe passport photos and signature of almost all Dutch people together, and then also the fingerprints of the people waiting for a passport: thatโs a goldmine for cybercriminals. Instead of having to break into over 300 municipalitiesโ databases, criminals will soon be done with one hack.โ
Wolfsen further noted that such data would be highly-valuable to criminal hackers as it can be used โto commit identity fraud or to discriminate against people.โ
He also said that non-criminal access to the data could also be dangerous.
โThis is a slippery slope,โ he said. โWe can end up in very undesirable situations with very small steps. First, the police want to use those fingerprints to solve very serious crimes, then also for slightly less serious crimesโฆ Where does it end? You have to think about that carefully before you opt for a central database.โ
The data watchdog argued that the government did not explain the necessity for the central database.
โIt mainly mentions the advantages of a central system, but the disadvantages are not properly mapped out and weighed up.โ
It is also unclear who will be responsible for the database, meaning โthe government can hide behind each other if something goes wrong.โ
The AP advised the government to reconsider the plan.
