Mishcon de Reya, the law firm, has for some time argued that modern data protection rules raise serious challenges for governments transferring data to other governments, such as for tax purposes. The London case involves the operation of US FATCA regulations.
This week, law firm Mishcon de Reya has filed a claim before the High Court in London to defend a person's privacy rights which, it says, have been breached under European Union data protection laws.
The case has been brought on behalf of a client called “Jenny,” who allegedly suffered privacy harm from the way in which the US Foreign Account Taxation Compliance Act (FATCA) works in practice. The story highlights how transfers of financial data to enforce tax rules raise controversy about privacy.
The transfer of “Jenny’s” sensitive personal and financial information under FATCA caused her personal damage and distress, the law firm said in a statement. (The full name of the person is not being disclosed.)
Transferring large sums of data to chase alleged tax dodgers cranked up a gear after the financial crash of 2008 when governments wanted to plug gaps in their budgets. After several years, the US helped to pressure Switzerland to effectively end its decades-old bank secrecy laws, as far as non-Swiss citizens were concerned. Governments have also pressed for beneficial ownership data on companies and other structures to be put into the public domain. The US, almost uniquely, requires its citizens to file taxes regardless of where they live.
Mishcon de Reya has argued that in recent years financial privacy has been under threat. It has called another network of data-sharing agreements, collectively called the Common Reporting Standard (the US is not a signatory to CRS), a “disaster waiting to happen.”
The defendant in the “Jenny” case is HM Revenue & Customs, the UK tax authority which is entrusted with carrying out data processing under regulations enacted to implement a bilateral agreement with the US, known as “Inter-Governmental Agreement,” the law firm said.
"Jenny's claim is symptomatic of the steady erosion of individuals' data-privacy rights by governments,” Filippo Noseda, who has been representing “Jenny” in the claim, said.
The law firm said that as the alleged data breaches took place before Brexit, “Jenny's” claim engages the GDPR regime of the European Union as well as the previous EU Data Protection Directive, which was at the heart of the recent "Schrems II" judgment on the transfer of personal data to the US. In that case, the Court of Justice of the European Union held that US data protection rules are not essentially equivalent to those required under EU law.