Tax Information Exchange Agreements and Data Protection: Conflict and Balance

A global economy with personal taxation on a world-wide basis can no longer accept territorial limitations to its taxing authority. Increased cross border flows of income and capital require states to coordinate their efforts. Territorial and sovereignty based limitations can no longer hinder the fight for fiscal justice. But fiscal justice can only be achieved by legal means and with respect for the fundamental human rights of each and every citizen and taxpayer. Exchange of a subject’s tax information is an infringement of the human right to data protection and self determination and can only be accepted by respecting the rule of law of a transparent authority.

The OECD issued a report on “Harmful Tax Competition”[1] in 1998. The report dealt with the adverse consequences of global tax competition (also known as the ‘race to the bottom’). The report identified tax havens on the basis of four criteria: no or minimal income tax, lack of effective information exchange for tax purposes, lack of transparency with respect to ownership companies, and no substantial activity.

The only surviving criterion has remained the lack of effective exchange of information for tax purposes.

The report therefore concluded with the recommendation to provide for cross border exchange of information for tax purposes. All OECD member states, with the exception of Switzerland, Belgium, Luxembourg and Austria, agreed to the report. These non-cooperative member states justified their position basically with the argument that they did not wish to end the bank secrecy provisions in their countries.

A serious revision of article 26 of the OECD Model treaty in 2002 by the tax committee of the OECD and the draft of a model TIEA (Tax Information Exchange Agreement)[2] led to new developments and practises. The OECD member states have forced the non-member states to accept the new ‘standard’ under pressure of being labelled ‘non-committed countries’. The revision of the OECD Model took place in 2005 with the adoption of paragraph 4 and 5 to article 26.

The major change brought in by paragraph 4 is that the treaty parties agree to provide the requested information even when this information is not necessary for their own tax purposes (in the requested country). The same applies for paragraph 5 that provides that a treaty partner cannot refuse to provide banking information on the reason that it is held by a bank or financial institution. This paragraph thus ends bank secrecy.

Austria, Luxembourg and Belgium filed reservations to paragraph 5, while Switzerland filed a reservation against the whole of article 26. The Swiss were prepared to provide assistance only when the information is necessary for the application of the tax treaty and in the case of tax fraud.

Many states which were invited to commit to the new standard did commit, but had by the end of 2008 not delivered any information.

In the autumn of 2008 new scandals on stolen banking information led to a more severe stance by the G20 member countries. In their meeting in Washington on 15 November 2008 the G20 member states announced severe repercussions for those countries that continued to refuse to enter into effective information exchange with at least 12 member states of the OECD.

The OECD secretariat had prepared a list of countries that had not converted to the ‘standard’ (the ‘blacklist’) or had not converted sufficiently (the ‘grey list’). In the meeting in London on 2 April 2009 the G20 decided to take protective measures against the non-cooperative states and it was because of these measures that the Swiss Government decided on 13 March 2009 to withdraw its reservations to article 26 OECD in all.

The other non-cooperating OECD member states, Austria, Belgium and Luxembourg, have done the same regarding their reservation to paragraph 5 of article 26. It is interesting to note that Switzerland had not, until recently, signed any TIEAs. It did, however, make amendments to existing DTAs, for example, with France, Germany, United Kingdom, United States and the Netherlands.

The latest development has been the launch of the so-called ‘peer review’ process. In a first step 18 jurisdictions will be reviewed as part of a three-year process approved in February 2010 by the Global Forum on Transparency and Exchange of Information. (For terms of reference, methodology and assessment criteria see the website of the OECD.) The reviews will be carried out in two phases: assessment of the legislative and regulatory framework (phase 1) and assessment of effective implementation in practise (phase 2).

The Standard

The standard for ‘effective exchange of information’ has two prongs – it must be ‘specific’ and it must be ‘justified’. This standard is implemented in the TIEA and in article 26 OECD Model.

Specific

A request is ‘specific’ if it relates to the tax affairs of an identified tax payer, which prohibits so-called ‘fishing expeditions’, that is a request for information “that is unlikely to be relevant to the tax affairs of a given tax payer”[3]. Fishing can also be described “as a roving inquiry, by means of examination and cross-examination of witnesses, which is not designed to establish by means of evidence, allegations of fact, which have been raised bona fide with adequate particulars, but to obtain information which may lead to obtaining evidence in general support of the party’s case”[4].

Article 5 of the standard TIEA deals with the conditions applicable to a request for information. Such a request can only be made when the requesting party has no other means of obtaining the information, with the exception in the situation that obtaining such information domestically would lead to incomparable difficulties. The requesting party must deliver a statement that the request is in conformity with domestic law and that the information sought would be obtainable under domestic law.

The request must be specific with regard to:

1. The identity of the person under examination or investigation (sometimes the identity can be given by other means than name and address).
2. The period for which the information is requested. (This is relevant in relation to the entry into force of the TIEA. A TIEA can not authorise request for information retroactively, dating back to periods before the entry into force of the TIEA, unless it is for criminal tax matters; always take article on entry into force in consideration).
3. The nature of the information sought and the form in which the requesting party would like to receive it. (Sometimes requesting party needs the information in specific format).
4. The tax purpose for which the information is sought (more or less must be established that the information relates to the assessment, recovery or investigation/ prosecution of criminal tax matters).
5. Grounds for believing that the information requested is held in the requestedcontracting party or is in the possession of or obtainable by a person within thejurisdiction of the requested contracting party.
6. The extent known, the name and address of any person believed to be in possession of the requested information,

Justified

The element of ‘justified’ is carried wit in the scope of the Agreement. The requested information must be ‘necessary’ or ‘foreseeably relevant’ for the administration and enforcement of the laws of the contracting parties concerning taxes covered by the agreement, including information that is “foreseeably relevant to the determination, assessment and collection of these taxes, the recovery and enforcement of tax claims, or the investigation or prosecution of criminal tax matters.”

A request is not ‘justified’ if the information sought is merely ‘useful’. The crucial element is ‘necessary’ in the meaning of ‘foreseeably relevant’. Data is foreseeably relevant if in the concrete case at hand there is the serious possibility that the other contracting party has a right to tax and there is nothing to indicate that the data is already known to the competent authority of the other contracting party or that the competent authority of the other contracting party would learn of the taxable object without the information.

It means that data collected by the requested party that appears not to be relevant or appears to be already in possession of the requesting party, shall not be exchanged. Of course it is not so easy for the requested party to verify if the data collected is foreseeably of relevance, and therefore the element of justification of the request becomes important.

The requested party must make its own assessment, which can be motivated and defended against scrutiny. It requires a concrete link or clue.

The request must be justified with respect to the reasons for believing that the information requested is foreseeably relevant to the tax administration and enforcement of the tax law of the requesting contracting party, and with respect to the person identified in subparagraph a).

Obligations of the requested party

A TIEA is an agreement by which the requested party undertakes to provide information to the requesting party. In the case that the information is not readily available, the requested party undertakes/commits to use all its investigative powers for the collection of the data, even if the requested party does not need the data for its own tax assessment.

Treaty parties that do not levy an income tax in particular will face a problem when having to investigate a certain subject in order to obtain the requested information. It will require these parties to introduce substantive legislation that authorizes the authorities to collect the information. The TIEA provides for the obligation to introduce prevailing legislation, but there will be limits to the undertakings by the contracting parties.

The choice of which investigative powers to use is at the discretion of the requested party. It has also discretion in the allocation of resources and material to this end. Although it is not said in so many words, the obligations of the requested party are thus qualified and depend on availability of resources. The law must provide for the possibility, but the party does not need to allocate more than reasonable resources. Because certain treaty partners will always be on the requesting side, it is reasonable that these parties give benefits to those countries that will be on the requested side. The Netherlands, for example, has in the beginning given other treaty benefits to the contracting party. With Jersey and Guernsey additional treaties have been signed with respect to participation exemption applicable to companies resident in Jersey and Guernsey. Also an undertaking to enter into full double tax agreements is sometimes a good compensation. But since the pressure on non-OECD members to enter into TIEAs has mounted , the Netherlands has refrained from giving such additional undertakings.

Investigations abroad

One of the additional obligations deriving from the TIEA is the obligation to accept a foreign official in an investigation. The commitment is subject to national rules. It does not commit the requested state to include such a possibility in its domestic rules, but if it does, it cannot refuse to accept the foreign visitors. Visitors are authorised to be present at an investigation, but are not allowed to ask questions or inspect documents without the approval of the person under investigation. This rule stems from UK Taxes Management Act, which allows the subject of the investigation to permit or refuse such an investigation. It gives a direct power to the subject of the investigation to refuse to be questioned in the investigation or have their documents looked at.

Protection of the data-subject.

Is the data-subject protected under the TIEA? A TIEA does not make much reference to the data-subject. The agreement is between states and does not contain clear provisions that are directly applicable to the data-subject. It is not in the power of the data subject to challenge the discretionary authority of the requested state or to challenge the questions. All that is in the hands of the competent authority.

In relation to data protection there are more options. Within the European Union there are strict data protection rules, which prohibit and prevent the exchange of data with third countries and non-EU member states. We will come to that soon. On the issue of confidentiality the TIEA often contains, besides the basic provision in article 8, additional provisions in the protocol to article 8.

The basic provision in this respect is that the information received will be held confidentially and can only be used for the specific purpose for which the request was made. The ‘purpose-specific’ information can also be used for other purposes with the consent of the requested party that has provided the information. The information may in general be disclosed in public court hearings and juridical judgements.

Violation of this ‘speciality’ rule can give rise to damage and compensation. This is specifically the case with respect to items subject to legal privilege, or any trade, business, industrial, commercial or professional secret or trade process, provided that information described in paragraph 4 of Article 5 shall not by reason of that fact alone be treated as such a secret or trade process. These items do not need to be exchanged. Whether or not an item is a commercial or professional secret can only be said by the subject of the investigation. He should then be made aware of the fact that the information has been obtained and will be exchanged, unless he invokes an exclusion. In such situations the information will only be exchanged after a notification procedure - that will be under his control. But it may be more difficult in situations of joint investigations or when no notification procedure is applied. These situations should be negotiated thoroughly before the information is passed on to the authorities.

Almost all TIEAs contain the provision that the involved person shall be informed about the nature of the information obtain and the use to which that information will be put. The requirement can be passed if it is in the interest of the investigation. It is the requesting state and not the information supplying state that has the obligation under the TIEA to inform the data subject[5] . In all aspects the data protection rules that remain applicable are those of the requested state. The obligation to inform the data subject is (often) made conditional upon an application by the data subject to the requesting authority; which is off course difficult in case the data subject has not been informed of the data exchange. In the Liechtenstein procedure, the data subject will already be informed once the request has been received by the Liechtenstein authority, unless this jeopardises the investigation. But in many cases it will be a surprise to the data subject that information on him has been exchanged.

Conflict with data-protection

The rules that relate to informing the data subject must not conflict with EU data protection rules. Firstly, an exchange is possible if it is necessary for a given purpose. Secondly, the data exchanged should be proportionate with the purpose, which precludes automatic and spontaneous exchange. Further, data can only be exchanged with third countries if that third country has a data protection law which is adequate and offers the same protection as the European system. Unless there is a decision of the European Commission to that effect, cross border exchange of information is forbidden [6]. So, European member states can receive information from outside the EU, but cannot provide information outside the EU, unless there are compatible systems.

Most TIEAs, either directly in article 8 or through the protocol, provide for data protection at a level equivalent to the ‘acquis européenne’. But that is not sufficient, because what matters is whether the requesting country has domestically a sufficient data protection system. Under the European system, the data controller is obliged to inform the data subject of the exchange of information relating to him. Almost all non EU countries, except for Liechtenstein and Switzerland, do not respect that strict legal obligation.

The data subject has a right to verify the accuracy of the information before it is exchanged, has a right of adjustment and has a right to compensation if it turns out that incorrect information has been exchanged. In most TIEAs the data subject has only recourse to his own government and not on the supplying agency. But based on the law of the supplying agency, he may have recourse to that agency. Therefore the TIEA provides that, between the states, the supplying agency will have recourse to the requesting agency in case it suffers damages because of the exchange.

The conflict between data protection and information exchange is far from being resolved. The OECD has stated that: “the rights and safeguards secured to persons by the laws or administrative practice of the Requested Party remain applicable to the extent that they do not unduly prevent or delay effective exchange of information”.

The problematic phrase is “to the extent”. The OECD wants to make domestic rights and safeguards subordinate to an effective exchange, which of course will not work. Germany has in most of its TIEAs deleted the sentence “to the extent etc”. In the conflict of norms, it is not said that ‘effective exchange of information’ is of a higher priority than complying with data protection rules.

Data-protection has increased since the promotion of article 286 TEC into article 16 TFEU (Principles of EU): “1. Everyone has the right to the protection of personal data concerning to them”.

It has been promoted from article 8 in the Charter of Fundamental Rights of the European Union, which is made directly applicable under article 6 TEU (old art 6 TEU) to being equivalent to a treaty provision. Article 8 reads:

“1. Everybody has the right to the protection of personal data concerning him or her.

2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the rights of access to data which has been collected concerning him or her, and the right to have it ratified.
3. Compliance with these rules shall be subject to control by an independent authority.”

Data protection is a fundamental human right and cannot be made subordinate to effective exchange of information, even if treaty partners have an obligation to create effective procedures to secure exchange of information. In can only be done with respect for domestic rights.

Conclusion.

The exchange of fiscal information is an infringement of a fundamental right, protected by the Charter of Fundamental Rights of the European Union and by article 16 of the Treaty on the Functioning of the European Union. It can be justified if it necessary for a given purpose, proportionate and subject to supervision and redress. Tax information exchange is not an ex-third pillar area (police cooperation and judicial cooperation in criminal matters), but even it is was, full data protection would still apply.

A TIEA will establish a legal basis for a specific transfer of personal data, but it will not constitute a legal framework for data protection. Such must be found in the domestic law of both the supplying and the receiving country. Without that framework there can be no exchange of information. There is no guarantee that individuals’ rights are actually respected. It is a right of every citizen to decide on the disclosure and use of his or her personal data.

 

 

[1] OECD report, Harmful Tax Competition, an emerging global issue. See www.oecd.org.

[2] OECD, see www.oecd.org/taxation/

[3] OECD commentary number 5, ad. art 26 paragraph 1.

[4] Kerr LJ, in Re State of Norway’s Application (No 1), Court of Appeal, Civil Division, All England Law reports/1989/Volume1/ReState of Norway’s Application (no1)-[1989]1All ER 661, pag 23 Issue E: Fishing.

[5] See for an example TIEA BRD-Gibraltar, protocol 1, sub e

[6] Approved countries are: Argentina, Australia, Canada, Faroe islands, Guernsey, Isle of Man, Jersey and Switzerland