Tax
Data Protection Clash With US FATCA - A London Lawsuit
Mishcon de Reya, the law firm, has for some time argued that modern data protection rules raise serious challenges for governments transferring data to other governments, such as for tax purposes. The London case involves the operation of US FATCA regulations.
This week, law firm Mishcon de Reya
has filed a claim before the High Court in London to defend a
person's privacy rights which, it says, have been breached under
European Union data protection laws.
The case has been brought on behalf of a client called “Jenny,”
who allegedly suffered privacy harm from the way in which the US
Foreign Account Taxation Compliance Act (FATCA) works in
practice. The story highlights how transfers of financial data to
enforce tax rules raise controversy about privacy.
The transfer of “Jenny’s” sensitive personal and financial
information under FATCA caused her personal damage and distress,
the law firm said in a statement. (The full name of the person is
not being disclosed.)
Transferring large sums of data to chase alleged tax dodgers
cranked up a gear after the financial crash of 2008 when
governments wanted to plug gaps in their budgets. After several
years, the US helped to pressure Switzerland to effectively end
its decades-old bank secrecy laws, as far as non-Swiss citizens
were concerned. Governments have also pressed for beneficial
ownership data on companies and other structures to be put into
the public domain. The US, almost uniquely, requires its citizens
to file taxes regardless of where they live.
Mishcon de Reya
has argued that in recent years financial privacy has been
under threat. It has called another network of data-sharing
agreements, collectively called the Common Reporting Standard
(the US is not a signatory to CRS),
a “disaster waiting to happen.”
The defendant in the “Jenny” case is HM Revenue & Customs, the UK
tax authority which is entrusted with carrying out data
processing under regulations enacted to implement a bilateral
agreement with the US, known as “Inter-Governmental Agreement,”
the law firm said.
"Jenny's claim is symptomatic of the steady erosion of
individuals' data-privacy rights by governments,” Filippo Noseda,
who has been representing “Jenny” in the claim, said.
The law firm said that as the alleged data breaches took place
before Brexit, “Jenny's” claim engages the GDPR regime of the
European Union as well as the previous EU Data Protection
Directive, which was at the heart of the recent "Schrems II"
judgment on the transfer of personal data to the US. In that
case, the Court of Justice of the European Union held that US
data protection rules are not essentially equivalent to those
required under EU law.