Privacy, promotionalism and the proliferation of state-performed criminal record screening in the Netherlands: How a restrictive legal framework can still result in a steep increase of criminal background checks

The Netherlands has endorsed a unique system regarding the management, disclosure and screening of criminal records. Disclosure to third parties is strongly restricted, yet all (potential) employees can request a government agency to provide a risk assessment − known as a Certificate of Conduct (‘VOG’ in Dutch) − for every kind of employment application to determine whether they are fit for a given job. This article explains how and why this Dutch policy approach, deemed respectful of individual privacy rights, can nonetheless go hand in hand with the promotion, proliferation and pervasiveness of criminal record screening. It challenges the often dichotomic approach of the comparative literature on criminal record policies and helps understand that privacy protection alone cannot be fully equated with the rehabilitation and re-entry in society of people with a criminal history. Although the Dutch criminal record system avoids any unnecessary publicity of criminal record data, it nonetheless triggers adverse impairments on reintegration processes through stigmatisation and exclusion resulting from the ubiquitous use of Certificates of Conduct in the labour market. This questions the promotion of the Dutch screening instrument as an exemplary model for criminal record information sharing within Europe.


Introduction
Especially in recent decades, the reality of the burdensome ramifications attached to being involved with the criminal justice system has attracted academic attention to the so-called 'collateral consequences' of having a criminal record. The encroachment on rights and opportunities by these collateral ramifications in areas such as employment, housing, voting, education, and welfare benefits, to name but a few, challenges societies to find the right balance between legitimate crime prevention goals and respect for values like an individual's privacy and post-sentence reintegration. Today, the challenge of finding this balance has become even more apparent. Vetting and screening practices are now ubiquitous following the emergence of enhanced comprehensive strategies of risk management aimed at tackling crime sooner and more effectively (Boone and Kurtovic, 2015). Such practices are fuelled by shifts towards pre-emptive strategies, the overregulation of people's behaviour and digitalisation of government activities (e.g. Garland, 2001;Schuilenburg, 2015).
Western countries have considered and adopted different approaches to maintaining a legitimate and justifiable interference in the liberties of people with a criminal record for crime control purposes. In the United States, technological developments have enabled the widespread dissemination of digital criminal record data for extra-legal purposes (Lageson, 2022), resulting in the extensive use of criminal record checks in virtually all social domains (Jacobs, 2015). This information 'activates' over 40,000 collateral consequences at the federal, state and local levels (Corda and Kaspar, 2022;NICCC, 2023). In European countries, on the contrary, collateral consequences attached to having a criminal record are still considered to be limited in their scope, severity, frequency and discriminatory impact (but see Corda et al., This issue;Larrauri and Rovira, 2019).
Comparative research has established that, for the most part, the continental European approach to criminal record management is based on the concrete operationalisation of the 'right to be forgotten'. This is aimed at protecting the privacy of criminal record information, as well as promoting offender rehabilitation and re-entry into society (Herzog-Evans, 2011a;Jacobs, 2015). Mandatory occupational vetting and screening in the EU context is generally limited to certain professions involving contacts with vulnerable populations (Jacobs and Larrauri, 2016;Rovira, 2022). By and large, private employers do not pursue criminal record checks beyond the legal requirements because of the perceived confidential nature of criminal records (Larrauri, 2014).
This contrasts with the 'right to know' attitude dominant in most Anglosphere countries which favours transparency over privacy and stems from comparatively lower trust in the government (Brants, 2011;Damaška, 1973;Jacobs, 2015). From this perspective, the government should not be the exclusive keeper of criminal record information which should be freely accessible to all, thus allowing public access and scrutiny of government operations, including the criminal justice system (Corda, 2016). Protection of privacy is viewed primarily as guaranteeing freedom against undue government intrusion. In a continental European context, however, privacy is widely understood as respect for the dignity and honour of citizens (Whitman, 2004). In this sense, safeguarding the confidentiality of criminal record information rests on the government, which ought to protect people's personal public image from unwanted shame, humiliation or public forms of stigma and degradation.
In a special issue on judicial rehabilitation, the Dutch approach to criminal record management has been positioned in the middle ground, between these two opposing regimes, 'having one foot in common law countries and one foot in continental Europe jurisdictions' (Herzog-Evans, 2011a: 2). The Dutch system diverges from the two main approaches to criminal record management in at least two important aspects. First, it endorses an exceptionally 'closed record' system, where the government is the sole manager of criminal history information and indiscriminate disclosure of criminal records outside the criminal justice context is strictly forbidden. It is not possible for employers, and criminal record subjects themselves, to request a criminal record extract at will. Second, job applicants can request the Ministry of Justice and Security to issue a Certificate of Conduct (hereinafter also CoC) which states whether the individual is considered 'fit' for the job. If this certificate is issued, it will not contain any information regarding the actual criminal record. As a result, every employer has a right to know whether or not (potential) employees pose a risk based on their criminal record. Yet, the decision to issue a CoC is based on a state-centralised criminal record screening conducted by a national Screening Authority, Justis, which provides a comprehensive risk assessment of the applicant. In this way, the right to be forgotten is also assured since the government does not release any official documentation of run-ins with the law for employers to make their own informed decisions.
In the literature, the Dutch model of criminal background screening for employment purposes, run exclusively by a single state entity, is perceived to be better equipped to strike a fair balance between, on the one hand, the interests of employers (being fairly one-sidedly oriented towards increasing profits and avoiding risks) and, on the other hand, anti-discrimination and rehabilitation of individuals with a criminal background, a societal goal that goes beyond business necessities (Bushway and Kalra, 2021). Government agencies are considered to be better equipped to protect society against safety threats than employers (Larrauri, 2014), as they apply a standardised and consistent assessment process and a rational approach that typically demonstrates a higher risk tolerance (Denver and DeWitt, 2023;Lageson et al., 2015). Also, state powers infringing on the liberties of people with a criminal record are governed by a strict proportionality principle (Meijer, 2019) which allows for increased employment opportunities for individuals with a criminal record (Kurlychek et al., 2019). It is furthermore presumed that precisely because the Dutch model is so strongly protective of the privacy and confidentiality of criminal records, employers do not ask job applicants to apply for a CoC unless there is a clear business necessity − in other words, 'only where the employment of an ex-offender might be presumed to represent a certain risk' (Larrauri, 2014: 62).
The in-depth analysis of the Dutch system presented in this article allows to challenge and advance the comparative perspective on criminal record policies in the United States and Europe. Where scholarly discussions have traditionally relied on a public-private dichotomy regarding the nature of criminal history information (e.g. Jacobs and Larrauri, 2012), this article helps to understand that strong privacy protection concerning criminal records does not necessarily represent a proxy for rehabilitation and enhanced re-entry chances for people with a criminal history. The analysis therefore adds nuances and additional layers of complexity to the prevailing Western views of criminal record management when it comes to mechanisms to foster the successful reintegration of justice-involved individuals in society.
A close examination of the Dutch approach to criminal record screening is of further importance if one considers that the Netherlands has played a pioneering role in shaping criminal record sharing and harmonisation policy in Europe (Buysse et al., 2018). In addition to Dutch Euro-parliamentarians advocating mandatory screening in the childcare sector throughout the EU, 1 the Dutch government also entered into a Benelux Memorandum of Understanding with Belgium and Luxembourg expanding the international sharing of criminal records to sectors other than childcare, for example healthcare and civil aviation, and is striving to expand these agreements to other EU Member States (Justis, 2022a). It is apparent in this regard that the Dutch government regards its way of dealing with criminal records as a model worth propagating to other jurisdictions and even at the EU-wide level.
This article aims to explain how and why the Dutch policy model -apparently restrictive with regard to disclosure and respectful of individual privacy rights -can still go hand in hand with the extensive use of criminal records for employment screening purposes in practice. First, an explanation is given of the ways in which the current regime for the management of criminal records aimed to strengthen crime prevention, by enhancing both the scope and strictness of criminal record screening. Second, it is discussed how the logic of risk and crime control has increased the call for public protection both from and by the state, which is crucial for understanding the proliferation of criminal record screening for employment vetting. Third, this wide proliferation is explained by different strategies employed by the government, namely mandating and promoting state-centralised risk assessment alongside a responsibilisation of employers as co-producers of public safety. Finally, the virtually non-existent criminal record relief mechanisms are considered. This complicates the identification of the Dutch model, with its state suitability assessment, as an example to follow in promoting rehabilitation and desistance from crime.

Balancing risk prevention with privacy protection
During the 1990s, the Netherlands witnessed the emergence of a need to intensify prevention measures for crime control purposes beyond traditional criminal law, in the socalled risk society (Beck, 1992;Boutellier, 2005;Garland, 2001;Simon, 2005;Van Swaaningen, 2004). This new policy climate paved the way for the creation of a centralised criminal record system. Up to that point, criminal record information had been scattered across judicial districts. A new legal framework was created which aimed to establish a single accessible and reliable repository of criminal record information, by making this data digitally available at one location (Helsloot et al., 2013). The centralised criminal record system that has been operational since 2004 is referred to as a 'closed record' system, where information is managed and controlled exclusively by the government (Bushway and Kalra, 2021). One of the main goals of this policy option was to achieve a proper balance between crime prevention, on the one hand, and privacy protection of 'registered' individuals, on the other hand (Boone, 2011a). Therefore, the introduction of the General Data Protection Regulation in 2016 did not necessitate any changes to the Dutch criminal record policy.
The legislature anticipated that launching a centralised database under government auspices providing up-to-date and accurate criminal record information would increase its utility for reliable criminal record screening (Boone, 2011a;Helsloot et al., 2013). Before this new legislation was enacted, municipal authorities were designated to perform criminal record screening and issue CoCs for employment purposes. However, employers were wary of the risk assessment and decisions made. 2 This was attributed to several shortcomings of the pre-2004 legal framework, such as criminal record information often being scattered and outdated, and being limited to information on convictions only. Also, the screening made by municipal authorities lacked a unified approach. As a result, CoCs were frequently issued even where they should have been refused given the applicant's criminal history. 3 Hence, to unify and professionalise criminal record screening and incentivise employers to utilise and trust the government's screening procedure, a new, centralised administrative Screening Authority (Justis) was created. Justis would issue CoCs in lieu of local municipal authorities, drawing information from the newly established, centralised criminal record repository.
Hence, from 2004 onwards, if employers in the Netherlands want to be informed of whether a job candidate's criminal background poses a risk to the business, they can ask the candidate to hand over a CoC. In that case, the job applicant can request the Screening Authority to issue this certificate for the position applied for. The CoC is issued by the Ministry of Justice and Security through Justis and declares that the applicant did not commit any (recent) criminal offences that are relevant to the performance of their duties should they be hired. If a certificate is issued, the applicant is therefore considered 'fit' or 'cleared' for the job. If an apparent public danger is established, based on an assessment of the offence-employment nexus together with the recency and severity of the offences committed, the CoC will be refused (Van 't Zand- Kurtovic, 2017). 4 In case of refusal, the certificate will not be issued to prevent the disclosure of criminal background information to employers.
This new legal framework moreover introduced four important changes that aimed to increase crime prevention through criminal record screening, by expanding the possibilities for refusing CoCs. First, the 2004 reform established that requests for CoCs are admissible for all types of jobs. As a result, every kind of employment now a priori allows for the performance of criminal record screening, whereas previously a considerable societal interest needed to be at stake (Boone, 2012a). Second, the new rules created the possibility for the Screening Authority to include all kinds of criminal record information, except acquittals. Criminal record screening is therefore currently not limited to conviction information alone -like in most Western countries, among which Germany, France and Spain (Jacobs and Larrauri, 2012;Larrauri, 2014) -but includes, in spite of the presumption of innocence, all types of information gathered from the judiciary and the public prosecution service on a given subject, such as pending cases, dismissals, penal orders, out-of-court settlements and even police information. Recently, the legislature deemed it necessary to stretch the information included in the risk assessment to police information not leading to formal charges for positions requiring high integrity credentials in fields such as law enforcement, security and public safety. 5 Third, in the same vein, the 2004 legislation made it easier to refuse CoCs by establishing risk based on the impact the offence would have on society generally if repeated, rather than on an individualised assessment of the actual chance of recidivism, based on the facts or circumstances surrounding the past offence. 6 The fourth change to increase the crime preventive role of CoCs was the introduction of prolonged retention periods of criminal record data. Before 2004, convictions were expunged from a person's profile in the system after 4 years after a conviction becomes final (8 in case a prison term was imposed), whereas currently criminal record information is retained for 20 years for minor offences, 30 for serious offences and as long as 80 years for sexual offences (Helsloot et al., 2013). These new rules notwithstanding, the general retrospective period applied in criminal record screening by the Screening Authority is currently restricted to 4 years, meaning that after this period criminal offences become 'expired' in the sense that they can no longer be taken into account for the issuance of a CoC. However, there are several exceptions to this rule related to the seriousness of the crime or the sensitivity of the job at stake. Sexual offences, for example, never become expired and are always taken into account in the risk assessment process.

Public protection from and by the government
Contrary to most European countries (Larrauri, 2014), employers in the Netherlands need to rely on the government's Screening Authority as a single clearinghouse for criminal record information, which they cannot check themselves (Buysse et al., 2018). By making the country's criminal record database available only to criminal justice authorities and other selected public offices, among which the Screening Authority and the Immigration and Naturalisation Service, the Dutch system strongly opposes access to criminal records by third parties as well as so-called enforced subject access (Larrauri, 2014;Loucks et al., 1998). As the Dutch system of criminal record management does not allow any uncontrolled dissemination of criminal history data outside the criminal justice system, criminal records are inaccessible not only to employers and other third parties; even individuals with a record cannot themselves receive a copy or extract of it in any form at will. This is in order to prevent third parties from forcing them to hand over the information, most typically during the hiring process. Thus, the only way employers can 'indirectly' inquire about official criminal record information is by requiring potential employees to request and then present a CoC, which is only issued if the applicant is considered fit for the job following a government-run risk assessment.
From a comparative perspective, it is fair to say that since 2004, the Netherlands has tightly embraced the logics of risk that have permeated administrative agencies responsible for crime prevention outside the criminal justice system (Boone, 2012b;Boone and Van Swaaningen, 2013;Maurutto and Hannah-Moffat, 2006). Justis, the administrative screening agency, acts as the main provider, manager and screener of the criminal history information for employment purposes − something unheard of in other European countries where more standard forms of disclosure apply by which employers can get (direct or indirect) access to formal criminal record information (Corda et al., This issue). The United States has also witnessed a resurgence of risk assessment tools from the late 1970s onwards, as part of 'get tough' crime prevention strategies, yet these are limited to formal criminal justice operations − from policing and bail to sentencing and parole decisions (Simon, 2005). In the area of criminal background checking, most of the time decision-making is delegated to private actors (employers, landlords, etc.) based on 'naked information' obtained through either government or private databases. In contrast, in the Netherlands, Justis not only operates as a single clearinghouse of criminal record information but also performs centralised risk and fitness assessment every time a CoC is requested.
The logic of risk and crime control has moreover increasingly diminished the need for protection from the state in favour of a demand for protection by the state from crime, risk and insecurity (Garland, 2001). From a traditional, liberty perspective, widespread criminal record screening is considered to encapsulate a protection from the government, as it allows public access and scrutiny of government operations (Whitman, 2004). Over the last three decades, however, the call for criminal record screening seems to have expanded to include protective measures by the government, that is, strategies aimed at protecting individuals against the potential harms caused by fellow citizens by means of releasing criminal history information (De Graaf et al., 2015). This growing focus on public protection has conversely weakened concerns for unrestrained state intrusions in citizens' fundamental rights, such as privacy. In the United Kingdom, for example, farreaching screening mechanisms have been put in place predominantly to combat child sexual and domestic abuse (Hadjimatheou and Grace, 2021). In the United States, 'get tough' sex crimes policies have warranted sex offender registration and community notification, as well as residency restrictions (Levenson and Tewksbury, 2009). Whereas in countries like Germany and France, vetting measures are still mainly deployed to preserve integrity in public administrations (De Graaf et al., 2015).
Despite the strong focus on privacy guarantees with regard to access and disclosure of criminal history information, criminal record screening policy and practice in the Netherlands have been shaped by several concerns about public protection, both from and by the government (Van 't Zand- Kurtovic, 2017). Both concerns about preserving the integrity of public offices and protecting vulnerable people have seemingly played a role in the development of the criminal record screening system currently in place. Back in the 1990s, the involvement of public officers in corruption, fraud, embezzlement, bribes scandals and uncovered connections to organised crime led to renewed attention for screening mechanisms in order to foster the integrity and trustworthiness of the public administration in general and of civil servants in particular (De Graaf et al., 2015). Yet a so-called risk-rule reflex flowing from the broader logics of the risk society also prompted intensified criminal record screening, particularly following high-profile crimes and the ensuing public moral panic (Kruize and Gruter, 2016;Schram et al., 2021). For example, following outcries in the media when a schoolteacher was found to have been convicted of sexting with a minor in the past, the possibilities for issuing CoCs were reduced by taking sexual offences into account indefinitely without an expiry period. Other serious crimes, such as manslaughter and (threats of) terrorist attacks, have taken centre stage more recently in the national debate on enhanced screening (Van 't Zand et al., 2020).

Promotionalism, proliferation and pervasiveness
Despite, or maybe by virtue of, its particularly strong focus on privacy protection, the Dutch state-centralised system for criminal record screening was able to steadily expand its envisioned role in crime prevention since its inception as screening became a customary practice within the labour market. The number of requests for CoCs has increased eightfold since 2004, subjecting approximately one in seven job applicants to screening every year ( Van 't Zand et al., 2020). This proliferation of screening can be explained through different strategies employed by the government to promote its role in crime prevention. Since the enactment of the new framework in 2004, several changes have been introduced to make employers utilise and rely on the screening instrument, including increased mandatory screening in addition to extending its scope and depth.
First, the use of CoCs in the Dutch labour market became more routine due to a sharp increase of positions and sectors for which a CoC is required by law (Schram et al., 2021). The number of business sectors in which screening is required currently totals at least 57, ranging from the taxi business and long-term healthcare, to traffic controllers and commercial radio broadcasters (Nauta et al., 2021). Second, the possibility to detect risks increased via several changes that made the screening process stricter. Besides applying longer expiry periods for information that can be taken into account, a new form of continuous screening was introduced for positions in certain sectors (e.g. the taxi business, childcare and civil aviation). This continuous screening allows employers to ask current employees to request a new CoC after receiving a risk signal from the supervisory authority.
Finally, criminal record screening also proliferated as result of a strategy adopted by the government to actively promote the screening 'product' to the general public (Newburn, 2001). In addition to allowing risk assessment for every kind of employment, the government also gradually moved towards increasing the number of positions and sectors that are deemed 'sensitive' and therefore subject to criminal record screeningnot only by means of legal requirements but also by agreements with employers' representative associations (Nauta et al., 2021). This logic of promotionalism was also evident in the 'Free Certificates' media campaign rolled out in 2015 through which the Ministry of Justice and Security actively promoted the use of CoCs for volunteers working with children by issuing them free of charge. This boosted demand and resulted in a threefold increase in requests for CoCs for volunteer jobs (Justis, 2022b;Van der Klein et al., 2013).
Contrary to what has been observed in other countries (Jones and Newburn, 2006), in the Netherlands this so-called commodification of security is not primarily rolled out through a gradual privatisation and outsourcing of governmental responsibilities and functions to non-state actors, but instead is directed at increasing the role of and resources available to government crime control agencies. A recent policy evaluation found that the widespread state-managed screening procedure, coupled with the revenue it generates, has created a win-win situation for the government, considering that both volume (currently above 1.4 million per year) and prices of CoCs have increased substantially over time, leading to a surplus in the overall budget (TwynstraGudde, 2021: 49). In 2016, a 38% increase in the fee to request a CoC (from € 24.55 to € 33.85) generated € 6,200,000 in extra income. Of this, 7.5% was used to make the CoC cost effective and the remaining 30.5% was used to finance other 'screening products' of the Screening Authority, for example, screening of legal enterprises and licensing for the catering and real estate industries.
Although the promotion of the Dutch screening instrument is underpinned by a strong crime prevention discourse, in both the academic and policy debate there is surprisingly little scrutiny of not only its theoretical foundations and assumptions but also of its practical effects that emerge from empirical evidence. A policy evaluation published in 2013 revealed that, up to then, its preventive effect had been taken for granted and rested solely on untested assumptions (Ministry of Security and Justice, 2013). An empirical study exploring ways to measure the CoC's effectiveness demonstrated that measuring its effects on crime prevention is rather complex (Kruize and Gruter, 2016; see also Kurtovic and Boone, 2017). So far, both ex ante and ex post policy evaluations of its preventive effect are absent. Moreover, very few studies have empirically assessed decision-making factors and processes, both by officials working at the Screening Authority and judges dealing with appeal cases against CoC refusal decisions (Van 't Zand and Van den Berg, 2022). Apart from some US-focussed studies (e.g. Denver, 2020;Denver and Ewald, 2018), empirical findings on the role of decision-makers responsible for public or private criminal record screening decisions and their contribution to crime prevention are also largely missing in the international literature.

The responsibilisation of employers
The current pervasiveness of criminal record screening in sectors in which CoCs are not mandated by law − still making up the largest part of the Dutch labour market − can be understood through the lens of a responsibilisation strategy; an approach by which the state activates and shapes the powers and actions of non-state actors for the purpose of indirect crime control (Garland, 2001: 124). This approach aligns with global trends towards a gradual formalisation of informal social control (Jones and Newburn, 2002), in this case pursued by incentivising employers to take appropriate action (Larrauri, 2014;Saliba, 2013). In the Dutch case, screening as an instrument of crime prevention has partly redistributed crime control tasks to employers, who have been persuaded in several ways, as discussed above, to increase their reliance on CoCs. A survey among 875 Dutch employers demonstrated that 78% say they require CoCs because they feel 'obliged' to so do, whereas interviews revealed that most of them do not know whether this is required by law or merely a requirement deriving from the internal policy of the company or organisation (Valk et al., 2006).
From the employers' perspective, the possibility offered to request the government to perform a criminal background screening at a relatively low cost (if not for free in some cases) leaves them with little incentives or reasons not to make use of this preventive instrument, considering their responsibilities for managing risk and guaranteeing integrity within their own company or organisation. As the government has set no threshold, in a way it created a framework through which, regardless of the type of employment, at the 'wish' of employers the government is 'commanded' to perform an assessment of potential risks posed by any given job applicant. This strategy of responsibilisation coupled with a state-induced demand for CoCs by employers created a 'your wish is my command' dynamic that has led to a massive surge of screening in the employment setting.
The government thus seems to have succeeded in creating a culture of collective responsibilisation providing strong incentives for employers to resort to criminal record screening, even when this is not mandated by law as in most cases. Interestingly, a policy evaluation among various employers revealed that on average 40% perceived the CoC merely as an administrative burden without attaching any substantive value to it (Valk et al., 2006). What is more, a similar percentage would consider not requesting CoCs, or requesting them only in specific situations if they did not feel obliged to do so. Likewise, evaluations of the 'Free Certificate' programme for voluntary work with children have shown that organisations were sceptical about the added value of asking for CoCs. They saw it as an administrative burden because the certificate is no more than a snapshot and does not provide any guarantees for the future. According to these organisations, the CoC represents only a small aspect of a comprehensive set of safety measures necessary for the prevention of child sexual abuse (De Jong et al., 2016;Van der Klein et al., 2013).
Reasons for employers feeling responsibilised have so far not been explored in depth, yet none of the studies carried out among Dutch employers have thus far revealed any reference to a need to protect themselves against lawsuits, probably because no equivalent of the US negligent hiring doctrine exists in the Netherlands (Bushway et al., 2022;Jacobs, 2015). Nonetheless, the government's responsibilisation strategy seems to have somehow convinced them to play a crucial role as initiators and requesters of state-run risk assessments − a role that makes employers 'co-producers' of public safety, even when they are not legally required to do so. Consequently, there must be other reasons that explain why, despite not facing ominous risks of liability, employers decide to require CoCs from potential employees, even when they are not legally required to do so and can still lawfully hire candidates despite their not being able to obtain and produce the certificate because their request has been refused by the Screening Authority.
As empirical research revealed that a fair share of employers perceive requesting CoCs as an administrative burden, they seem to use it in practice as a simple (checklist) due diligence tool to avoid negative repercussions, including reputational harm in case an accident occurs (Van 't Zand- Kurtovic, 2017). A striking example of this is found in cases where the employer personally supports the job applicant during their appeal against the refusal of the CoC (see Ministry of Finance, 2021). In these cases, the employer is usually obliged, for example, by the company's internal policy, to require a certificate even though they perceive that the applicant's criminal background, of which they have been informed by the applicant, poses no substantive threat. Research on the crime-employment relationship in the Netherlands has demonstrated that Dutch employers are not predominantly unfavourable towards (considering) hiring ex-offenders (Dirkzwager et al., 2015;Ramakers et al., 2016, Van den Berg et al., 2020) and yet they seem nevertheless to feel obliged to resort to the state's screening procedure.
In addition, most employers usually seem to place trust in the government's adherence to principles of privacy and due process underlying its criminal record screening decisions for employment purposes. As a result, it seems that employers' trust in the screening instrument has grown significantly since 2004, as was envisioned by the legislature. The Netherlands is generally considered a high-trust country and one of the countries with most trust in government institutions (Bovens and Wille, 2011;Hudson, 2006;Mingo and Faggiano, 2020). In the United States, on the other hand, anti-paternalistic attitudes have led to the development of 'open record' systems (through courts and/or government-held databases) enabling (untrained) private individuals to assess criminal history-related risks (Corda, 2018;Corda and Lageson, 2020). Dutch employers seem to generally rely on the comprehensive suitability evaluations produced by the Screening Authority. These are based on published guidelines and can be scrutinised on appeal in administrative court procedures in the event a job applicant's request for the issuance of a CoC is denied. 7 Given this trust in the due process aspects of the screening procedure, the CoC functions as a fairly cheap, easily accessible (checklist) instrument that employers can resort to without having to assess risks flowing from criminal background information themselves. Instead, they can refer to the Screening Authority as a single, professional clearinghouse that determines suitability (Ministry of Finance, 2021;Van 't Zand et al., 2020), helping employers to make informed hiring decisions for the sake of crime prevention.

What possibilities for redemption?
The preceding discussion leads to the fundamental question of whether this exceptional closed record system is indeed the most beneficial policy option to support the rehabilitation and reintegration of those formerly convicted. In Dutch criminal law, a very narrow interpretation of the concept of rehabilitation is applied. This is limited to the sentence implementation stage and does not extend to collateral consequences that may emerge after the sentence has been served (Meijer, 2017). Moreover, the parliamentary debates that led to the 2004 legal reform of criminal record management only referred to the right to privacy and placed little emphasis on the rehabilitation of justice-involved individuals (Boone, 2011a). But the confidentiality of criminal records, preventing the indiscriminate access to criminal history information by third parties, does not in and of itself guarantee chances for rehabilitation and possibilities to re-enter the labour market.
Although refusal rates of CoCs are extremely low -with 3000 refusals a year on average; less than 1% of all requests are denied -the mere fact of having to subject oneself to the screening procedure has consistently been found to trigger adverse consequences, particularly in the form of the self-exclusion of people with criminal records from the Dutch labour market (Boekhoorn et al., 2019;Kruize and Gruter, 2016;Van 't Zand-Kurtovic, 2017). Justice-involved individuals often avoid applying for jobs that require a CoC or, if a CoC is requested but then refused, they abandon the process and never show up again out of shame for being labelled a criminal. Although information on previous convictions is not directly shared with employers, not being able to hand over a CoC already implies the 'mark' of a criminal past, with all the related implications in terms of stigma (Kurtovic and Rovira, 2017). This exclusionary impact is all the more pressing since the added value of preventive screening has not yet been clearly established, while these self-exclusionary dynamics, undermining the process of desistance from crime (McNeill et al., 2012), have been clearly documented.
To be able to effectively unstitch the mark of a criminal record, a predictable and clear rehabilitation policy seems to be required (Maruna, 2011;Van 't Zand-Kurtovic, 2017) that unburdens ex-offenders from their stigma and increases their possibilities to obtain stable employment (Van den Berg and Mesters, 2017;Verbruggen, 2014). To actively promote desistance from crime, society at large is also called on to play an active role by showing a willingness to reaccept ex-offenders into the social fabric (Maruna, 2014). This process, referred to as tertiary desistance, requires that society acknowledges longterm changes in ex-offenders and creates a sense of belonging (McNeill, 2016;Nugent and Schinkel, 2016) by undoing their prior negative label, that is, wiping the slate clean, or by issuing a certificate of rehabilitation or relief (Leasure and Zhang, 2021;McCann et al., 2021). Nonetheless, research on criminal careers and the time to redemption has demonstrated that it is rather challenging to determine when an ex-convict has 'truly desisted' (Farrington, 2019).
In the Netherlands, the option to earn a certificate of rehabilitation is absent and the option to clear one's criminal record is virtually non-existent. The expungement of criminal records only takes place automatically after a certain amount of time has lapsed without reoffending − ranging from 20 to 80 years depending on the seriousness of the offence − therefore not allowing for any kind of active or merit-based expungement based on demonstrated proof of desistance (Boone, 2011b). Although the law contains a hardship clause allowing for the deletion of a criminal record if exceptional personal circumstances justify it, in practice this possibility appears to be a dead letter (Van 't Zand and Van Oosten, 2021). This is probably because balancing the need to inspect one's previous offences for risk assessment and the need to allow ex-convicts to start over with a clean slate is a daunting task. Thus, while the Dutch system does not allow the disclosure of government-held criminal record data, the absence of effective legal relief mechanisms frustrates any real possibility for the clearance of one's criminal record and may leave people with a criminal history 'marked and open to surveillance and control' (Ewald, 2019: 720), with no real incentives for reform.

Discussion
Especially during the last couple of decades, Western societies have witnessed the spur of enhanced comprehensive strategies of public safety management targeting at-risk individuals. This has resulted, among other outcomes, in a wide range of burdensome and adverse consequences attached to having a criminal record. In spite of such trends, little academic discussion has been devoted to the issue of how to strike a fair balance between crime prevention measures and restraints on the individual liberties of those previously convicted, impacting their privacy and rehabilitation. Our analysis of the Dutch criminal record system has established how, in a culture preoccupied with crime control and risk management and, at the same time, concerned with the protection of individual privacy interests, a unique policy framework has emerged that challenges the traditional public-private divide in criminal record disclosure, as well as the privacyrehabilitation nexus.
While privacy is guaranteed by limiting undue access to criminal record information by third parties, phenomena have unfolded that can be described in terms of the promotionalism, proliferation and pervasiveness of risk prevention through criminal record screening. Given the eightfold increase in requests for CoCs since 2004, it has become apparent that while the government is basically the sole managing and screening entity of criminal records, and employers have no direct access to official criminal history information, but are merely able to obtain a state-issued CoC, reliance of employers on the screening procedure is comparatively strong, though in terms of a simple (checklist) due diligence tool. To enhance employers' utilisation of the state-centralised risk assessment, several strategies have been pursued. This has resulted in an expansion of the sheer volume, breadth and pervasiveness of criminal background screening through requests for a CoC. Not only did criminal record screening become legally allowed for all kinds of jobs, involving all kinds of criminal record information beyond mere court convictions, the possibilities for risk detection have also been expanded. The retention and expiry periods of criminal history information have been extended and screening for several occupations has been intensified, for example, by continuous screening and the inclusion of police data. What is more, risk assessment became focussed on the impact the offence would have on society generally if repeated, rather than on an individualised assessment of the actual recidivism rate based on relevant facts or circumstances which made it easier to refuse CoCs.
In addition, an ever-growing number of positions and ambits − most recently public housing (Van Tongeren, 2022) − for which a CoC is required, along with a strategy of both promotionalism and responsibilisation, have resulted in increased demand by employers and other officials, such as public housing agencies. This responsibilisation strategy may, to some extent, result in a sort of catch-22 situation for employers who, precisely because they can ask for a CoC from every job candidate, will nearly always systematically do so, driven by the responsibility placed on them for taking appropriate measures for risk management within their organisations. Future research, however, is needed to further explore their motives for requiring such state-conducted suitability evaluations.
Our analysis in this article highlights that privacy protection does not necessarily represent a proxy for rehabilitation and, therefore, cannot be fully equated with enhanced re-entry opportunities for people with a criminal history. In order to guarantee not only the protection of privacy but also rehabilitation of ex-offenders, the state seems designated to take responsibility, for example, by showing reluctance to give in to excessive risk aversion and limiting the expansion of the volume, breadth and pervasiveness of CoCs across Dutch society. Perhaps a previous threshold could be reinstated that made CoC requests inadmissible if filed for positions that pose relatively little threat to society.
The possibility to perform criminal record checks could be more strongly connected to the type of employment sought, and whether that necessitates a risk assessment, as is the case in neighbouring countries (Herzog-Evans, 2011b;Morgenstern, 2011). Indeed, state-performed criminal record screening could be disallowed for situations in which it merely serves to protect the organisation's commercial interests and no serious risk to society is at stake.

Conclusion
This article analysed how the current Dutch approach to the management, disclosure and expungement of criminal records distinguishes itself from the prevalent regimes in both common law and continental European jurisdictions. The system in the Netherlands is characterised by a strong focus on privacy and confidentiality of criminal records. The state acts as the sole managing and screening entity of criminal records, performing individualised risk assessment of job applicants for the issuance of Certificates of Conduct for employment vetting. It was explained how and why this model aims to achieve legitimate crime prevention goals and protection of privacy for individuals with a criminal background at the same time.
The analysis reveals that the Dutch system indeed offers a balanced policy option to reconcile managing reoffending risks with the avoidance of unnecessary publicity of criminal histories. However, it also triggers adverse impairments on reintegration through stigmatisation and exclusion from the labour market resulting from the need to request and obtain CoCs for virtually all positions. It is concluded, therefore, that a policy design that is predominantly concerned with crime prevention and risk management, conceiving the state as being the sole entity responsible for keeping and managing criminal records in a strictly confidential manner, should not be considered per se as an all-purpose solution. This is particularly salient since the Netherlands is actively seeking to expand international cooperation and criminal record sharing for employment screening and advocates a European criminal record screening instrument modelled in Dutch fashion (Justis, 2022a). The article's analysis helps in understanding that privacy protections cannot be fully equated with rehabilitation and enhanced re-entry opportunities for ex-offenders -especially if no effective legal relief mechanisms are in place that incentivise redemption and allow for the clearance of a person's criminal record.

Declaration of Conflicting Interests
The author(s) declared no potential conflicts of interest with respect to the research, authorship and/or publication of this article.

Funding
The author(s) received no financial support for the research, authorship and/or publication of this article.