Privacy in the international exchange of tax information

2018 | roadmap

see glossary

Directive 2011/16/EU (Administrative Cooperation in the Field of Taxation) established procedures for better cooperation between tax administrations in the European Union as regards information exchange, participation in administrative enquiries, simultaneous control, and notifications of tax decisions (the "Directive"). The Multilateral Convention on Mutual Administrative Assistance in Tax Matters of the OECD provides similar tools for states at an international level currently applicable in 112 jurisdictions (the "Convention"). Both legal instruments provide the obligation to exchange information between two or more states in tax matters. The following questions deal with privacy matters in relation to such international exchange of information.

Does bank secrecy or other confidential information prevent the exchange of information?
Under the Directive and the Convention, states may refuse to provide information that it is confidential towards the tax authorities or that may not be obtained based on the law or administrative practice. Information that would disclose any trade, business, industrial, commercial or professional secret or trade process or information contrary to the public policy (Art 17 (2) to (4) of the Directive, Art 21 (2) of the Convention) does not have to be provided.

On the other hand, no state may decline to provide information solely because it is held by a bank, other financial institution (bank secrecy), nominee or person acting in an agency or fiduciary capacity (fiduciary secrecy), or because it relates to ownership interests in a person (ownership information) (Art 18 (2) of the Directive, Art 21 (4) of the Convention).

Is exchanged information still subject to national tax secrecy?
Information provided by one state due to the exchange of information shall be covered by the obligation of official secrecy and enjoy the protection extended to similar information under the law of the state receiving the information. Such information shall be disclosed only to persons or authorities concerned with the assessment, collection, enforcement or prosecution of tax in relation to the taxes of the receiving state for which information may be exchanged (Art 16 (1) of the Directive, Art 21 (1) of the Convention).

Information may only be used for other purposes if authorised by the authority that provides the information and only insofar as such information can be used under the law of the receiving state (Art 16 (2) of the Directive, Art 22 (4) of the Convention).

How is personal data protected?
Under the Convention, any information obtained by a state is treated as a secret and protected to the extent needed to ensure the necessary level of protection of personal data, in accordance with the safeguards which may be specified by the state providing the information as required under its domestic law (Art 22 (1) of the Convention).

The Directive contains a special provision regarding data protection (Art 25), and thereby refers to Directive 95/46/EC on data protection (after 24 May 2018 replaced by Regulation (EU) 2016/679). Certain provisions are declared not applicable for the correct application of the exchange of information to the extent required in order to safeguard interests in taxation matters (Art 13 (1) (e) of Directive 95/46/EC; Art 23 (1) (e) of Regulation (EU) 2016/679). Financial institutions that report data and tax authorities shall be considered data controllers for the purposes of Directive 95/46/EC (Regulation (EU) 2016/679). Financial institutions must inform affected individuals sufficiently in advance that personal data will be reported to authorities so that these individuals may exercise their data protection rights.

see glossary

legal service: