In a quest to optimize welfare management, Denmark built a surveillance behemoth
Udbetaling Danmark was created in 2012 to streamline the payment of welfare benefits. Its fraud control algorithms can access the personal data of millions of citizens, not all of whom receive welfare payments.
In the mid-2000s, Denmark’s government embarked on an ambitious reorganization of local administration. The number of municipalities was cut from 271 to 98. The mergers were expected to create economies of scale and increase efficiency in public services.
Part of the economies of scale took the form of Udbetaling Danmark (Danish for “Payout Denmark”, abbreviated UDK). The organization, which is run by the agency for the digitization of the ministry of finance, was set up to centralize the payment of welfare benefits overseen by municipalities: pensions and benefits related to housing, family, disability, and maternity leave. At the time, the government claimed that the move would save 35% in administrative costs (officials from several municipalities disputed this figure).
UDK started operations in 2012, and service was cut to the bare minimum from the start. In-person meetings became impossible, as all communication with beneficiaries was to be done over the phone. This did not go down well with Danes. In a 2017 survey, one-third of respondents claimed that public service deteriorated since the reforms, with only one in ten seeing an improvement.
The caseworkers who used to work for municipalities were re-hired by UDK when it was created. However, the nature of their work shifted from a focus on beneficiaries to a focus on data. In 2013, the organization started to link data on its two million beneficiaries with external databases from other administrations such as the tax and employment authorities, and the business registers (municipalities have had the same powers since 2011, but it is unclear if they ever made use of them). This data network allowed UDK to automate the checks required before benefits are granted to a requester, such as whether their income level or their wealth were low enough.
This process also allows UDK to perform controls after a benefit has been granted to verify that a beneficiary’s situation has not changed. Since 2015, UDK can access data about the housemates or the family of a beneficiary in order to spot irregularities. The data comes from the civil register, the housing register, or the tax authorities.
A 2019 report by the Danish public service broadcaster gave an example of such checks. In it, a member of UDK’s “Joint Data Unit” explained that they looked for cases where women were employed by the company of a family member just long enough to be eligible for maternity leave. Such a case could be a sign of fictitious employment, they said. (UDK did not disclose how many false-positives this method produced.)
91 referrals to the police
In 2017 and 2018, controls by UDK and municipalities unveiled half a billion Danish crowns in erroneous payment (approximately 70 million euros). It is unclear how much was recovered, what was not recovered due to the beneficiary’s incapacity to repay, and what was an accounting trick (the figure includes future payments that were averted because of the control).
UDK does not split the amount between honest errors and actual cheats. In 2017, UDK and municipalities reported a total of 91 individuals to the police for welfare fraud.
In 2018, ostensibly to improve UDK’s fraud-detection capabilities, the Danish government attempted to give UDK access to the electricity consumption of welfare beneficiaries and people close to them. The bill was eventually withdrawn after a public outcry.
It remains unclear if UDK’s automated checks focus exclusively on fraud from beneficiaries or if they also verify that beneficiaries receive the amounts they are entitled to. In 2013, for instance, it was found that 300,000 pensioners were cheated of several hundred Danish crowns a month, in a scheme that totaled 700 million crowns (94 million euros) a year. While the government argued the mistake was not deliberate, others called it “legalized social fraud”. In 2015, another irregularity, this time directly attributable to UDK, led to 325,000 households receiving lower housing benefits (the error was fixed in subsequent months). UDK had implemented a provision found in a bill before the Danish parliament had made it into law (the bill never passed).
It is unclear if UDK verifies the quality of the data it processes, and whether its programs are audited. In Novem- ber 2019, UDK provided the tax authorities with erroneous information about 111,000 households. Tax authorities subsequently sent a letter to each taxpayer to inform them of the mistake.
The agency for the digitization of the ministry of finance, which runs UDK, did not answer our requests for comment.
In Denmark, the conversation about UDK’s powers was revived in July 2019, when Justitia, a think-tank, released a report that detailed its activities, which they called “systematic surveillance”. UDK does not provide the actual number of individuals receiving payments, but estimates range between 2.1 and 2.7 million, in a country of 5.8 million inhabitants. Because UDK also collects data on other household members and the immediate family, Justitia considers it likely that UDK processes data on the whole population of the country, sometimes pulling information at daily intervals.
Birgitte Arent Eiriksson, who wrote the Justitia report, is now part of the Danish Data Ethics Council, which has advised the government since 2018. She chairs a working group on data linkage for public authorities. (While UDK is not named in the description of the working group, there is little doubt that the issue under scrutiny is related to UDK’s appetite for merging databases). They will provide the government with “a concrete tool that the authorities can use to incorporate data ethics when they want to link personal data and use new technology,” to be delivered later in 2020, Ms. Arent Eiriksson told AlgorithmWatch.
The DPA strikes
In early 2019, in a case related to housing benefits, a Danish man found out that UDK’s database held a lot of information about him, although he was not a beneficiary. He subsequently filed a complaint to the Danish Data Protection Authority (DPA). The DPA ruled that the blanket collection of data on relatives of beneficiaries infringed the General Data Protection Regulation, which prohibits the collection of unnecessary data. UDK refused to comply, explaining that their mission of fraud control made the data collection necessary and proportionate.
The DPA reopened the case in 2020 and made clear to UDK that they had to delete data on individuals who were not beneficiaries nor suspected of fraud. In March 2020, UDK told the DPA that they had complied with the decision and removed the data they had collected illegally. Whether or not UDK applied the change just to housing benefits or to their whole data management system is unclear. (The case referred to the DPA was about housing benefits only, so that the DPA could not give an opinion on UDK’s other activities).
Whether or not UDK limits the scope of its surveillance, and whether or not the Data Ethics Council succeeds in tooling up the government for its ethical challenges, the automation of welfare management still fundamentally changes the relationship between the state and its citizens.
Søren Skaarup, the former head of citizen services in Albertslund Municipality and now a post-doctoral researcher at the IT University of Copenhagen, published his PhD on the mediation of authority in 2013. In it, he warned that automation, while it can speed up many bureaucratic processes, also reduces the room for negotiation between citizens and caseworkers. The recognition of a beneficiary’s individuality, and the construction of trust, are mostly born of face-to-face interactions, Mr. Skaarup wrote. Removing these interactions risks weakening the sense of justice and fairness between citizens and the state.