The call for more transparency in the world, especially the tax world, can hardly be overstated. One of the most prominent ways to achieve tax transparency is the exchange of information between tax authorities. Achieving a proper balance between sharing information with other countries, tax confidentiality, and privacy, however, is quite a challenge. To what extent are taxpayers protected when using data for non-tax purposes and forwarding personal information to third states? In a recent article in Erasmus Law Review, Leiden University researchers Esther Huiskers-Stoop and Mark Nieuweboer, together with Maastricht University researcher Almut Breuer, explore the relationship between taxpayer’s rights to privacy and confidentiality, on the one hand, and the need to share tax information with other states to combat tax avoidance and tax fraud, on the other hand. They conclude that the current rules violate fundamental privacy rights.

The international exchange of information in tax matters has a long-standing tradition, with the first bilateral conventions dating back to 1927. This has since developed into an extensive network of bi- and multilateral agreements. In the mid-1970s, the European Council adopted the Directive on mutual assistance in the field of taxation. After numerous amendments and updates, the EU Directive on Administrative Cooperation (DAC) has now become the backbone of the automatic and spontaneous exchange of information between EU Member States. Recent additions include the obligation for financial professionals to disclose to the tax administration all international tax arrangements they advise and implement – including personal data of the taxpayers involved in such structures – and the obligation for financial service providers to report all financial accounts and account holders. From 2023, platforms such as Airbnb, eBay, and Shopify, must disclose data about the users of their platforms. The tax administrations share this information with their colleagues in all EU Member States.

The critical question is whether the systematic exchange of personal information violates the taxpayer’s fundamental right to privacy and data protection and, when breached, whether the taxpayer can seek legal remedies. In general, fundamental rights are not absolute rights and must be weighed against the state’s right to tax its subjects. Because states have broad powers of taxation, conflict with these rights does not easily occur in the context of taxation. In other words: it is impossible for a state to levy tax without obtaining and storing detailed personal and financial information about citizens. Nevertheless, a breach of the fundamental rights of privacy and the protection of personal data is only permitted if it has a legal basis and if it is necessary in the interest of the national security, public safety or economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. The question of whether an infringement is necessary and proportionate plays an important role in this. In order to assess this, it is also important to determine whether the data can also be obtained in another, less onerous way.

The authors elaborate on to what extent the international and European exchange obligations deserve particular attention in light of the privacy provisions of Article 8 of the European Convention on Human Rights and Articles 7 and 8 of the EU Charter of Fundamental Rights, when it comes to the use of information for non-tax purposes, the provision of information to other Member States and third states, and the exchange of information concerning legal entities. Note that tax information may also disclose personal beliefs, lifestyles or other individual circumstances, which in some countries may be relevant in areas other than tax. The fact that in some situations data traceable to taxpayers must also be exchanged with Member States that have no involvement and can also be used for non-tax purposes, seems to be contrary to the proportionality and even the legality requirement as a test component for the justification of an infringement of the rights of privacy and data protection. Although these rights are basically codified for natural persons, in the authors’ view under certain circumstances, their scope should also be extended to legal persons.

Read the full article, Exchange of Information, Tax Confidentiality, Privacy and Data Protection from an EU Perspective · Erasmus Law Review · Erasmus Law Review