Netherlands Government

Safe data sharing for Dutch citizens worked with the Dutch government to help citizens share personal data successfully completed a proof of concept with the Dutch government to securely share official data with citizens and external service providers.

By law, Dutch citizens moving house are required to register their address change. They can do this online with their local authority, using webforms which update the national citizen registry.

The interoperable data-sharing exchange enabled citizens to connect to this government system and obtain a validated copy of their records. Such records are similar to the existing physical paper extract (“uittreksel bevolkingsregister”). Once the citizen owned and controlled a validated copy of their records, they could share it with service providers in return for a service – in this case an automated, highly trustworthy official change of address, digitally stamped by the Netherlands government.

The setup required a two-step process:

1. Individuals used’s Postbox feature to own and control their own citizen registry data, comprising the web form data plus an extract of the official national registration data. Postbox is a unique push-API feature enabling source providers, such as governments and organisations, to retain control on what data to push to their users and when. This is a reverse of pull-APIs, such as those used in the financial sector (PSD2 APIs) which can encounter DDoS hacker attacks.

2. The individual was able to notify their official address change by sharing elements of their citizen records. This happened by means of a simple scan of a QR code for each third party – in this instance not-for-profit organisations like the Dutch Red Cross, faith institutions and sports organisations. The privacy protecting solution was enabled by using the Private Sharing technology to route the data.

This unique new capability had several immediate benefits over and above the individual owning and controlling their data:

The government does not know who the user has shared data with, so isn’t aware of potentially sensitive faith, social and political interests, trade union affiliations, or personal interests;

It reduces address fraud, as service providers receive official government records (with a digital signing – validated claim) directly from users;

It is more convenient for the user (scan and 1-click authorisation process to share);

User can easily retract any data shared and exercise their EU GDPR Right to be Forgotten;

Usability and comprehension of the process was high in the user group – tested on senior citizens;

The user’s account is always up to date;

Government retains control over its own registration systems for source data and does not need to make any changes to allow for sharing with citizens.

Additional benefits are that people remain central to their data at all times, in control of it and where it is shared, as well as more easily able to make purchases.

User feedback from a final test using a cohort with an average age of 61 and below average digital skills found the process was positive, easily understandable and convenient. Sharing data with one consent certificate for one purpose, using various data sources, was deemed to be clear and effective to carry out, while’s citizen-centric, interoperable and universally applicable capabilities to engage with service providers on user’s terms, were seen as important and welcome in today’s digital age.

For this practical test,’s product was translated to Dutch, and a local version can be downloaded from app stores.

Best international practice for UX in consent was also used, resulting in a colour scheme, button styling, and messaging which was appropriate for users with dyslexia, autism or reduced vision.’s privacy-by-design architecture is decentralised and completely private, and itself never sees, touches or holds user data. This means the user is always fully in control.

Download the case study