There is talk of improper conduct
The Dutch Minister of Interior Affairs and the Dutch secret services refused to remove the data before, because it is "not necessarily irrelevant." But this reason can substantially legitimise the storage of every piece of information, as one day it may be relevant. The law doesn't provide that much room to keep data at all. The Complaints Department now states that the Minister's view is incorrect, and endorses the opinion that the Oversight Department gave already since 2019: the retention of these data is unlawful, and therefore now also improper and has to be deleted immediately.
To make straight what is crooked, the Minister had drawn up a Temporary regulation for the further processing of bulk datasets in November 2020. This gave the secret services more leeway than the law provides for. The investigation by the Complaints Department now shows that the secret services exceeded even these extra-wide boundaries. For example, the MIVD only began to examine whether the data were still relevant after we had submitted the complaint. And the guarantee that only a limited number of employees of the secret services would have access to the data was not fulfilled.
Moreover, the longer deadlines in that Temporary regulation are contrary to a higher law, and therefore not valid at all.
Even when the Complaints Department asked the secret services to explain exactly what they needed this data for, they were unable to do so. They didn't get much further than the number of times they had queried the datasets. But that, of course, says nothing about what that yields in concrete terms.