Go to content

Main navigation

Police Data Act

Information about data use to comply with the Police Data Act (Wpg)


What personal information do we use?

Processing personal data to perform a police task (police data) is covered by the Wpg. Special investigators employed by the NS must comply with the legal requirements set by the Wpg and support the investigative duties of the police. In this case, personal data may include information collected to track offenses, maintain public order, or provide emergency services. To collect these data, we may have to process personal data such as your contact details or camera footage.

What do we use your personal information for?

The principle behind data processing is: compliance with a legal obligation

Regular policing duties (Art. 9 Wpg): police data may be processed in the context of regular policing duties: enforcing rules and regulations, providing emergency services, surveillance, directing traffic, and basic investigations.

More extensive investigations and repeat offender files (art. 9 Wpg): police data can be processed in a targeted manner for investigations aimed at reinforcing the rule of law in specific circumstances. This may include collecting data about specific people or as a result of a specific event.

Supporting policing duties (art.13 Wpg): police data processed on the basis of article 8 or 9  may also be used for other purposes, such as to identify suspects or other people. If necessary, we are authorised to collect several kinds of personal data, depending on the investigation and goal in question, including:

  • personal information (name, first name, address, date of birth)
  • special personal data, such as race

Our information systems make use of the records and registers of government agencies with public-law-related duties, such as the Dutch Population Register (BRP) maintained by the National Office for Identity Data (RvIG). We are also authorised to collect personal data from these registers. As soon as we process these data, they are considered police data.

Some (personal) data are collected on the basis of other laws. We will highlight three key laws:

Code of Criminal Procedure

According to the code of Criminal Procedure, (special) investigators are obliged to determine the identity of a suspect. The Suspect, Convict and Witness Identity Determination Act - as well as the accompanying decree - indicate which data we must use for this purpose. Based on these guidelines, we process the name, first name, place of birth, data of birth, address (as specified in the BRP), and factual place of residence of the person in question. In special circumstances, special personal data may also be collected. The identity of a person may also be determined by taking pictures, which will be done with those suspected of an offense that gives cause for temporary detention.

Special investigator decree

Special investigators are also authorised to collect personal data to perform their investigative duties. Personal data collected by special investigators are covered by the Wpg.

General Bylaw (APV)

An APV is a general, municipal bylaw that applies to everyone in the municipality in question. An APV may contain regulations that must be enforced by special investigators.

With whom do we share this information?

We contract third parties to provide IT services. These third parties process our information solely for our own internal use, and for no other purpose. We have made agreements with these parties pertaining to the processing of personal information.

Only authorised employees will have access to data. They may only access data that they need to perform their duties. We may also grant access to employees of the police or the municipality. Again, they will only be given access to the data they need to perform their duties.

All actions performed by employees in systems are logged. We always track who performs which action at which time in which specific file.

All logged information can be used to inform the Dutch Data Protection Authority (AP) of any data leaks, or to grant any citizen or employee their right of access.

Logged information is used:

  • to check the lawfulness of data processing;
  • for internal checks;
  • to guarantee the integrity and security of police data;
  • for public trials.

We are authorised to share your information for the purpose of tracking and preventing criminal activities to investigative agencies, such as the police.

We will not share your personal data with legal entities or persons outside the European Economic Area unless we are legally obliged to.

How long do we store your information?

The Wpg specifies fixed retention periods for police data. Police data processed with the purpose of performing daily policing duties will be retained for up to 5 years after the data are first processed. Camera footage will be retained for 28 days, unless further processing is required for the purpose of performing daily policing duties or supporting police duties. Copies of fines will be retained until the fine has been paid in full or until it has been transferred to the Public Prosecutor, but in no case for a period of more than 5 years after the date that the data are first processed.

Data subject rights in the Wpg

The rights of data subjects in the Wpg are different from GDPR rights. The person to whom the personal or police data apply is called the data subject. The data subject has a right to:

  • access;
  • rectification;
  • data erasure;
  • limit data processing;
  • object.

In the context of our policing duties, we are obliged to inform you of any data that are processed. We will also let you know when we have complied with your request for rectification, erasure, or limitation of data processing.

If you want more information about how your personal data are processed, you can submit a written request. If you believe that your data are not correct, you can submit a written request to us, specifying what must be changed.

We have the right to deny your request if:

  • This would obstruct legal investigations or procedures;
  • This would have negative consequences for our ability to prevent criminal behaviour, to track offenders, to investigate criminal actions, to prosecute suspects, or to punish offenders;
  • This would jeopardise public safety
  • This would violate the rights and freedoms of third parties;
  • This would jeopardise national security. A request may also be denied if it is clearly an ungrounded or excessive request.