Udbetaling Danmark was created in 2012 to streamline the payment of welfare benefits. Its fraud control algorithms can access the personal data of millions of citizens, not all of whom receive welfare payments.
In the mid-2000s, Denmark’s government embarked on an ambitious reorganization of local administration. The number of municipalities was cut from 271 to 98. The mergers were expected to create economies of scale and increase efficiency in public services.
Part of the economies of scale took the form of Udbetaling Danmark (Danish for “Payout Denmark”, abbreviated UDK). The organization, which is run by the agency for digitization of the ministry of finance, was set up to centralize the payment of welfare benefits overseen by municipalities: pensions and benefits related to housing, family, disability and maternity leave. At the time, the government claimed that the move would save 35% in administrative costs (officials from several municipalities disputed this figure).
UDK started operations in 2012, and service was cut to the bare minimum from the start. In-person meetings became impossible, as all communication with beneficiaries were to be done over the phone. (This did not go well with Danes. In a 2017 survey, one third of respondents claimed that public service deteriorated since the reforms, with only one in ten seeing an improvement.)
Although the caseworkers who used to work for municipalities were re-hired by UDK when it was created, the nature of their work shifted from a focus on beneficiaries to a focus on data. In 2013, the organization started to link data on its 2 million beneficiaries with external databases from other administrations such as the tax and employment authorities and the business registers (municipalities had the same powers since 2011 but it is unclear if they made use of them). This allowed UDK to automate the checks required before benefits are granted to a requester, such as whether their income level or their wealth were low enough.
This also allows UDK to perform controls after a benefit has been granted, in order to verify that a beneficiary’s situation has not changed. Since 2015, UDK can access data about the housemates or the family of a beneficiary in order to spot irregularities. The data comes from the civil register, the housing register or from the tax authorities.
A 2019 report by the Danish public service broadcaster gave an example of such checks. In it, a member of UDK’s “Joint Data Unit” explained that they looked for cases where women were employed by the company of a family member just long enough to be eligible to maternity leave. This could be a sign of fictitious employment, they said. (UDK did not disclose how many false-positives this method produced.)
91 referrals to the police
In 2017 and 2018, controls by UDK and municipalities unveiled half a billion Danish crowns in erroneous payment (approximately 70 million euros). It is unclear what amount was recovered, what was not recovered due to the beneficiary’s incapacity to repay, and what was an accounting trick (the figure includes future payments that were averted because of the control).
UDK does not split the amount between honest errors and actual cheats. In 2017, UDK and municipalities reported a total of 91 individuals to the police for welfare fraud.
In 2018, ostensibly to improve UDK’s fraud-detection capabilities, the Danish government attempted to give UDK access to the electricity consumption of welfare beneficiaries and people close to them. The bill was eventually withdrawn after a public outcry.
It remains unclear if UDK’s automated checks focus exclusively on fraud from beneficiaries or if they also verify that beneficiaries receive the amounts they are entitled to. In 2013, for instance, it was found that 300,000 pensioners were cheated of several hundred Danish crowns a month, in a scheme that totaled 700 million crowns (94 million euros) a year. While the government argued the mistake was not deliberate, others called it “legalized social fraud”. In 2015, another irregularity, this time directly attributable to UDK, led to 325,000 households receiving lower housing benefits (the error was fixed in subsequent months). UDK had implemented a provision found in a bill before the Danish parliament turned it into a law (the bill never passed).
It is unclear if UDK verifies the quality of the data it processes, and whether its programs are audited. In November 2019, UDK provided the tax authorities with erroneous information about 111,000 households. Tax authorities subsequently sent a letter to each taxpayer to inform them of the mistake.
The agency for digitization of the ministry of finance, which runs UDK, did not answer our requests for comment.
In Denmark, the conversation about UDK’s powers was revived in July 2019, when Justitia, a think-tank, released a report that detailed its activities, which they called “systematic surveillance”. UDK does not provide the actual number of individuals receiving payments, but estimates range between 2.1 and 2.7 million, in a country of 5.8 million inhabitants. Because UDK also collects data on other household members and the immediate family, Justitia considers it likely that UDK processes data on the whole population of the country, sometimes pulling information at daily intervals.
Birgitte Arent Eiriksson, who wrote the Justitia report, is now part of the Danish Data Ethics Council, which advises the government since 2018. She chairs a working group on data linkage for public authorities. (While UDK is not named in the description of the working group, there is little doubt that the issue under scrutiny is related to UDK’s appetite for merging databases). They will provide the government with “a concrete tool that the authorities can use to incorporate data ethics when they want to link personal data and use new technology,” to be delivered in later this summer, Ms Arent Eiriksson told AlgorithmWatch.
The DPA strikes
In early 2019, in a case related to housing benefits, a Dane found out that UDK’s database held much information about him although he was not a beneficiary. He subsequently filed a complaint to the Danish Data Protection Authority (DPA). The DPA ruled that the blanket collection of data on relatives of beneficiaries infringed the General Data Protection Regulation, which prohibits the collection of unnecessary data. UDK refused to comply, explaining that their mission of fraud control made the data collection necessary and proportionate.
The DPA reopened the case in 2020 and made clear to UDK that they had to delete data on individuals who were not beneficiaries or suspected of fraud. In March 2020, UDK told the DPA that they had complied with the decision and removed the data they had collected illegally. Whether or not UDK applied the change to housing benefits or to their whole data management system is unclear. (The case referred to the DPA was about housing benefits only, so that the DPA could not give an opinion about UDK’s other activities).
Whether or not UDK limits the scope of its surveillance, and whether or not the Data Ethics Council succeeds in tooling up the government for its ethical challenges, the automation of welfare management still fundamentally changes the relationship between the state and its citizens.
Søren Skaarup, the former head of citizen services at Albertslund Municipality and now a post-doctoral researcher at the IT University of Copenhagen, published his PhD on the mediation of authority in 2013. In it, he warned that automation, while it can speed up many bureaucratic processes, is often implemented in a way that reduces the room for negotiation of meaning, power and identity, which can be very important to citizens when they interact with government. Allowing for this negotiation often requires access to interpersonal interaction face-to-face or by phone, Mr Skaarup wrote. Limiting the possibilities for this negotiation may limit the possibilities for recognizing the individuality of citizens, for the construction and affirmation of trust in the authority, and weakens the citizens’ sense of justice and fairness.