Comment: Privacy v transparency – Withers’ Noseda on incoming OECD tax rules opening a new battle front
In almost every field of legal work, privacy is regarded as a primary and legitimate concern to protect the interests of individuals and organisations.
This was confirmed recently when the European Court of Justice (ECJ) struck down the US-EU data exchange agreement amid fears that data transferred to the US would end up in the hands of the US government – a fear fuelled by the revelations in 2013 by Edward Snowden of widespread electronic surveillance – as well as a US judge’s ruling ordering Microsoft to deliver information held on an Irish server. For the ECJ, the US-EU ‘safe harbour’ agreement violated Article 8 of the European Convention on Human Rights, which states that a private life is a human right and any interference with it must be proportionate and justified.
But in the area of tax, the converse position of complete transparency seems to be the only acceptable option these days. Is this proportionate and justifiable?
The Organisation for Economic Co-operation and Development (OECD) is currently engaged in the implementation of a new international standard for the automatic exchange of information in tax matters, under the moniker of the Common Reporting Standard (CRS). Under the CRS, governments will gather and automatically exchange information on anyone with any sort of financial account in a foreign country. Fifty-four countries have signed up as early adopters of CRS, including the UK, with information being exchanged from 2017.
The standard borrows heavily from the Foreign Account Tax Compliance Act (FATCA), which was introduced in the US in 2010 to capture worldwide tax information on American taxpayers. The CRS has a much more ambitious scope, however, and modelling the standard on the FATCA rules has created problems for implementing it in Europe.
FATCA was written using obscure tax jargon and complex drafting techniques designed to fit with the US tax system. As a result of the OECD’s copy-paste approach, European countries now have to deal with complex conceptual difficulties and a sprawling document that refers to such things as ‘FIs’ (financial institutions), ‘NFEs’ (non-financial institutions), ‘passive NFEs’ (‘NFEs that are not active NFEs’) and ‘active NFEs’ (‘NFEs that are not passive NFEs’). If that were not enough, the commentary published by the OECD is full of discrepancies and U-turns.
Against this backdrop, it is hardly surprising that national parliaments and the EU have rushed through the adoption of the CRS at the behest of supra-national and unelected bodies, without much debate on the wider implications for individuals’ right to privacy. Given the complexity of the rules, it is quite possible that a number of parliamentarians did not understand what was presented to them. In addition, the push for a standardised framework made amendments at national level virtually impossible. Finally, the branding of the new rules as a tool for the fight against terrorism and tax evasion ensured the least level of resistance and attrition.
One particular concern of CRS is the disclosure of information in relation to discretionary beneficiaries of trusts and foundations. Discretionary structures are frequently established for the protection of minors and vulnerable people, who may not be aware of the existence of the structure. The risk is that vulnerable people will receive a visit from their tax authorities in circumstances where the taxpayer may not be aware of the circumstances of the visit and without there being any tax at stake.
In our globally inter-connected environment, competing interests in information and in privacy must be balanced. The CRS rules have been pushed through in Europe partly on moral grounds, but it is hard to reconcile this stance with the principle of proportionality enshrined in Article 8. It is perhaps an irony that MEPs have been referred to the ECJ by a group of journalists over the European Parliament’s refusal to introduce transparency over MEPs’ expenses and that OECD employees do not seem to be subject to income tax (unlike the rest of us, who will be subject to CRS).
Underlying these concerns about privacy of tax information are broader issues about the way that data is handled and protected in the modern world and this should concern all of us in the legal industry who take the fundamental right of privacy to heart.