Taking on the taxman
An attempt to stop Britain sharing expats’ data with Uncle Sam
Can “Jenny” succeed where data-protection watchdogs have failed?
UNLIKE CITIZENS of almost every other country, Americans abroad do not escape the long arm of their country’s tax laws. The United States operates a “worldwide” tax system, rather than residency, meaning Americans have to file returns even if they have lived and paid tax overseas for decades. This has led many expats and “accidental Americans”—most famously New York-born Boris Johnson—to give up their citizenship.
One disgruntled American is taking more extreme measures: suing in London to stop her data from being transferred. On October 27th lawyers for “Jenny”, a middle-aged woman who has lived, worked and paid tax in Britain since she arrived two decades ago, filed a claim in the High Court. The pseudonymous plaintiff is seeking to stop her financial information being sent by HMRC, Britain’s tax authority, to its American counterpart, the Internal Revenue Service (IRS).
HMRC is required to send the information under an agreement signed with America after the country passed a strict tax-compliance law in 2010. This law forces foreign financial institutions to cough up data on American clients, either directly or via their domestic tax agency, or face penalties. The intention is noble: to curb tax evasion through offshore banks. But is the compliance mechanism legal?
Jenny argues that it breaches the data-processing principles of the General Data Protection Regulation (GDPR), an eu law, of which Britain retains a version post-Brexit, and also violates the European Convention on Human Rights. Filippo Noseda of Mishcon de Reya, the law firm representing her, describes the case as “symptomatic of the steady erosion of individuals’ data-privacy rights by overbearing states”.
Britain is one of dozens of countries that have signed bilateral agreements to share tax data with America. Many worry that these deals, and other multilateral ones they have spawned, are heavy-handed. The European Parliament has hit out at both data transfers and America’s lack of reciprocity. Another worry is the security of shared data. A hack in 2015 compromised over 700,000 accounts at the IRS. The agency has increased spending on bits and bytes, but its systems remain creaky.
Despite unease among national watchdogs about data transfers, particularly in Europe, none has pushed back hard. Britain’s data-protection body, the Information Commissioner’s Office, even refused a request to consider their compatibility with the GDPR. Some suspect this is because of a reluctance to take on geopolitically sensitive issues.
Whether Jenny can single-handedly stem the flow of data across the pond remains to be seen. She will, though, have been encouraged by rulings by the European Court of Justice in 2015 and 2020, in cases brought by an Austrian privacy activist, that the GDPR mechanisms for sending personal data from the eu to America are illegal. These involved transfers by Facebook, not a government, but may still have a bearing on Jenny’s case.
HMRC, which declined to comment, is likely to argue that the data transfer is an important tool in the fight against tax-dodging, and thus proportionate. Should the High Court disagree, Jenny may trump Britain’s prime minister as the country’s bolshiest American tax rebel. ■