The data broker for ‘the good’ | Friedrich Lindenberg’s open sanctions database | AML, CFT, sanctions, PEPs

Geplaatst op 27 maart 2024 door Ellen Timmer

You do not matter if you are not included in a database and if you are not profiled. That’s the new world. It is not only adtech companies that are creating private population registers. Journalists pretending they are promoting a good cause are doing the same.

The open sanctions database

When trying to look up certain names on the internet I came across the site opensanctions.org created by a German data broker, OpenSanctions Datenbanken GmbH [1], that contained an unsecured txt-file.
The data broker writes that in their database the public can find ‘sanctions targets and persons of interest‘ and that their database will assist the public in “finding evidence of corruption, money laundering and other criminal activity“.

The data broker is selling its database to companies and hides behind third-party data providers for the accuracy of the data [2]:

The data of the third-party providers is the sole responsibility of the named third-party providers. OpenSanctions does not check the data and therefore assumes no liability for the topicality, completeness, suitability, quality and accuracy of the information, details and data of the third-party providers.

even though the company is a data controller, like the Dutch credit registration foundation Stichting Bureau Kredietregistratie (BKR) [3].

What is it about?

However, it is highly peculiar that the database is full of decent citizens. On 25 March I saw that there are 239,505 entries about people in the database:

The data broker explains that topics are risk categories.

It is clear from this list that only a minority is criminal, look at the division:

 

The majority of people in the database are suspected of becoming criminals in the future, according to the description accompanying those not in the ‘criminal’ category:

They have not been found on international sanctions lists.

This data broker maintains a peculiar mode of registration. They not only apply their own definition of politically-exposed person (PEP) and ‘close associate’, that is different from the European definitions. They also include people that are dead and people that have ceased to be ‘politically-exposed’ for a long time.

Listing of former Queen Juliana
Even former Queen Juliana is registered, mentioning:

Juliana
Close Associate

Juliana is a family member or associate of a politically exposed person. They have not been found on international sanctions lists. (…)

Birth date 1909-04-30
Place of birth The Hague
Death date 2004-03-20 (…)
Queen of the Netherlands from 1948 to 1980

Other deceased Dutch people still in the database are e.g. prince Bernhard, Ed van Thijn and J.H.A. Lokin, which shows that once you have been politically prominent, you remain suspicious for the rest of your life and even when you have died.

Former politicians and family members
The database includes former Dutch politicians like Ad Melkert and Arend Jan Boekestijn and family members [4] of, for example, people who are now members of the Dutch parliament.

Enrichment of the personal data
Currently the information on people I found in the public database is limited. Details of assets were not mentioned, nor did I come across any information on identity documents.
It is the intention of the data broker to add that kind of information also to the database, look at the data dictionary page. The data base registers amongst others:

  • full addresses,
  • e-mail address,
  • phone number,
  • details of identification documents (like passports),
  • non-family associations,
  • family relationships,
  • employments,
  • memberships,
  • occupancies (positions [5] held),
  • representative roles [6],
  • directorships,
  • publications about the data subject,
  • gender,
  • ethnicity,
  • religion,
  • political association,
  • education.

Regarding assets, anything can be registered:

  • bank accounts (including SWIFT/BIC),
  • cryptocurrency wallets,
  • vehicles,
  • vessels,
  • securities,
  • (other) assets and shares,
  • (other) ownerships,
  • other objects (‘things’)

and the value of these assets. It is anticipating the global asset register advocated by some parties.

Risk categories
It is interesting to see which risk categories (‘topics’) have been defined by the data broker:

According to this overview, lawyers, accountants, journalists and activists have a role with risk attached. The same applies to financial services and the ‘PEP’ categories under ‘roles’, ‘government’ and ‘corporate’.

Criminal uses
The database contains personal data on living people that can be useful in identity fraud and other forms of fraud. For most people, their full first names, surname, date of birth and place of birth are disclosed, which is useful information for criminals.
However, on the site I don’t come across anything about integrity testing of the data broker’s clients. Which is logical, since everything collected is made public.
The overview of data to be registered shows that the residential address is also registered, but in the items I looked at, I did not come across that address. With a residential address, the criminal opportunities become even greater.

Perhaps the enriched data are only for those who pay or are officially recognised, which could include criminals.

Final remark

This database shows there is no difference between adtech data brokers and anti-crime data brokers. They all go for commercial gain and neglect the interests of data subjects in our surveillance society.

 

Notes:

[1] Further information on this page. The site does not provide ownership information or annual accounts. The company is not registered in its own database. It is registered with Open Corporates; at Open Ownership no information is registered on the beneficial owner(s). According to the team page the company was founded by data specialist Friedrich Lindenberg (pudo): interview neo4j.com, page TCIJ.
[2] See par. 2.3 of the General Terms and Conditions for Data Licensing.
[3] The Dutch supreme court (Hoge Raad) decided in 2021 that Stichting Bureau Kredietregistratie is a data controller.
[4] Family members are registered with the tag ‘close associate’.
[5] It not only refers to PEP-positions. The data broker explains on this page: “A post, role or position within an organization or body. This describes a position one or more people may occupy and not the occupation of the post by a specific individual at a specific point in time.
[6] Explanation on this page: “Representations. A mediatory, intermediary, middleman, or broker acting on behalf of a legal entity.

Over Ellen Timmer

Weblog: https://ellentimmer.com/ ||| Microblog: https://mastodon.nl/@ellent ||| Motto: goede bedoelingen rechtvaardigen geen slechte regels
Dit bericht werd geplaatst in English - posts in English on this blog, Financieel recht, onder meer Wft, Wtt, Fraude, witwasbestrijding, Wwft, Grondrechten, ICT, privacy, e-commerce, Sanctieregels en getagged met , , , , , , , , , , . Maak dit favoriet permalink.

Plaats een reactie