Model Privacy Protocol (Ondermijning) — Skill Reference
Overview
This skill provides quick, accurate guidance based on the Model Privacy Protocol for binnengemeentelijke gegevensuitwisseling (intra-municipal data sharing) in support of the administrative/integrated approach to undermining crime (ondermijning).
It helps users navigate:
- •The 4-phase workflow (signal intake → weighting → source check → plan of approach)
- •The two privacy check moments (Privacy check 1; Privacy check 2A/2B)
- •The required legal reasoning: purpose limitation / compatibility, necessity & proportionality, and subsidiarity
- •Practical safeguards: retention, information duties, and data minimization
When to Use
Use this skill when you need to:
- •Explain or apply Phase 1–4 steps in the protocol
- •Decide whether a signal is in scope (ondermijning + municipal task + municipal territory)
- •Determine whether you may query sources using hit/no-hit
- •Decide whether gathered data may be shared internally for case handling (2A) and for executing the chosen approach (2B)
- •Clarify privacy/legal guardrails (AVG/UAVG + sectoral laws) and required documentation
What This Skill Covers
Phase Summary (Protocol Workflow)
Phase 1 — Receipt & intake of the signal
- •Qualify: does the signal relate to ondermijning (using the checklist / indicators)?
- •Check: is there a municipal task or power that could apply (2A)?
- •Check: does it concern the municipality’s territory (2B)?
Phase 2 — Weighting the signal
- •Assess severity/concreteness/relevance using objective local criteria.
- •Decide: no action vs route internally vs route externally/RIEC vs continue to Phase 3.
Phase 3 — Source research (Bronnenonderzoek)
- •Execute Privacy check 1 to determine:
- •which municipal sources may be queried
- •hit/no-hit first (data minimization), then only relevant “what-information” if justified
- •After hits: weigh results and decide whether to move to Phase 4.
Phase 4 — Plan of approach (Plan van aanpak)
- •Before the signal/case meeting: do Privacy check 2A (what may be shared for deciding the approach).
- •After approach is chosen: do Privacy check 2B (what sharing is allowed/necessary to execute the approach + intended legal powers).
Privacy Checks (Core Logic)
Privacy check 1 (start Phase 3)
Answer per case:
A) What is the legal basis of the primary collection/use of the data?
B) Is further use for “combatting undermining” compatible with the original purpose?
- •Apply the compatibility factors (context, data type, impact, safeguards, etc.) C) Is it necessary & proportionate, and does it meet subsidiarity?
- •Start with hit/no-hit where possible; avoid opening underlying details unless needed.
Privacy check 2A (start Phase 4)
- •Which of the gathered Phase 1–3 data may be shared with which internal participants to determine the approach?
- •Share only with the domains that need it (role-based minimization).
Privacy check 2B (during Phase 4 execution planning)
- •Given the chosen intervention and legal powers, confirm whether additional internal sharing is:
- •legally allowed (sectoral regime may restrict)
- •necessary and proportionate for the concrete execution
Inputs This Skill Expects
Provide (as available):
- •The signal (what happened, when, who/what is involved)
- •Whether it concerns an object (location/premises) or subject (person/entity)
- •The suspected phenomenon (e.g., exploitation, drugs, fraud, etc.)
- •Intended municipal task/power you think might apply (if known)
- •Which internal domains/sources might be relevant (if known)
Outputs This Skill Should Produce
Depending on the request, return one of:
- •A phase-by-phase next step (what to do now, what to document)
- •A privacy check decision summary, including:
- •primary legal basis
- •compatibility reasoning
- •necessity/proportionality/subsidiarity notes
- •“hit/no-hit first” guidance
- •A sharing recommendation for Phase 4:
- •who can receive what data (2A)
- •what additional sharing is allowed for execution (2B)
- •A short risk/guardrail note: retention, transparency/information duties, and limits
Guardrails & Non-Goals
- •Do not invent legal permissions. If the applicable sectoral regime is unclear, state what must be verified.
- •Prefer minimal data use and hit/no-hit before opening detailed records.
- •The protocol is a model; municipalities must adapt it to local structure/policy