On Dec. 17, the Interior Minister answered critical Parliamentary questions:
To the question "What is the legal basis for requiring businesses to file returns using eHerkenning (which, unlike DigiD, is not free and is only commercially available)?" he answered as follows:
The Minister's response is as follows:
It follows from article 2:15, first paragraph, of the General Administrative Law Act follows that an administrative body is authorized to set further requirements for the use of electronic means. This power is used by the Belastingdienst. Such requirements are generally of a technical nature nature and relate to ensuring the reliability and confidentiality of data exchange. In addition information systems, which process personal data, pursuant to the General Data Protection Regulation (AVG), information systems that process personal data must meet certain requirements with respect to of access security. Via the EU regulation no. 910/2014 (eIDAS regulation) and the Digital Government Act pending before your Parliament, the standard regarding the adequate security of access to digital services is further specified. Regardless of whether the further specification of the standard by entry into force of the Digital Government Act, the Belastingdienst authorized and obliged to ensure that the personal data on its portal are adequately secured. The Belastingdienst in view of Article 5, para, letter f, AVG obliged to take appropriate technical security measures. The term "appropriate" implies that the security is in accordance with the state of the art and that the level of security corresponds with the nature of the personal data to be processed. The state of the art is highly time-dependent.
Both the state of the art and the amount of privacy-sensitive data, which is displayed in the portal for business owners is advancing. eHerkenning is currently the only available login tool for organizations that offers an appropriate level of security for the payroll tax return and the corporate income tax returns in 2020.
The Personal Data Authority (AP) oversees the application of the AVG and has long believed that the assurance level of government login tools should be increased. This is evidenced, among other things, by the conditional periodic penalty imposed by the AP in 2018 on the UWV imposed. For this reason, the UWV is also already moving ahead of the Digital Government Act to the mandatory use of eHerkenning, level 3.
Appendix:
For further information, please contact Reconi's managing partner, Mr. F.J. Jonker at the e-mail address below: