CRS campaign bears further fruits

24 February 17

2017 will be a momentous year for the fate of the Common Reporting Standard (CRS) and the EU beneficial ownership registers.

If you are affected by the issues discussed in this article, please get in touch.

1. Mounting criticism from data protection bodies

Notwithstanding the formal entry into force of the CRS on 1 January 2017 in the EU and for Early Adopters, concerns for the underlying privacy and data concern flaws at the heart of the CRS are mounting.

Readers will recall from a recent posting ('CRS campaign bears first fruits') that following active campaigning the UK tax authorities now acknowledge that the CRS may put lives in danger. This is too little, too late, as the CRS has now come into effect in the UK in its original form.

In a letter released today, the EU's independent data protection watchdog (Article 29 Data Protection Working Party) issued the following stark warning addressed to the OECD and the EU:

'Significant case law from the European Court of Justice has made it even more urgent to ensure that transfers of data from EU to third countries are accompanied by appropriate data protection safeguards and emphasized the role of data protection authorities in the supervision of such data transfers.

Against this background, the WP 29 wishes to reiterate its strong concerns regarding the repercussions on fundamental rights of mechanisms entailing major data processing and exchange operations such as those envisaged by the CRS.

Additional concerns in relation to the security of massive automatic data processing have been raised by recent reports in the media of high-profile cyber-attacks.

The WP29 … recalls that the entire range of data protection principles… require full compliance. Compliance with data protection principles is moreover important to reduce the risk of negative court decisions which may jeopardize the anti-evasion instruments at stake.

In particular the WP29 recommends that the OECD…ensure that tax evasion is countered without hampering individuals' rights.'

This follows hot on the heel of a hearing that took place in June 2016, in which I outlined the practical implications of the CRS for data protection and privacy. Subsequently, the OECD's director of tax policy and head of international cooperation was also heard from the European data protection authorities and the latest letter from WP29 suggests that Mr Kerfs was unable to allay the existing data protection concerns.

Separately and independently, on 2 February 2017 the European Data Protection Supervisor (EDPS) issued an opinion in which he criticised the lack of clarity on the nature of the public objective being pursued by the proposed EU's public registers on beneficial ownership. In the view of the EDPS the proposed amendments:

  • 'infringe the data protection principle of purpose limitation and threatens the implementation of the principle of proportionality.
  • remove existing safeguards that would have granted a certain degree of proportionality, for example, in setting the conditions for access to information on financial transactions by Financial Intelligence Units.
  • significantly broaden access to beneficial ownership information by both competent authorities and the public, as a policy tool to facilitate and optimise enforcement of tax obligations. We see, in the way such solution is implemented, a lack of proportionality, with significant and unnecessary risks for the individual rights to privacy and data protection.'

2. It is not about tax stupid!

These opinions confirm the view that is the CRS does not just deal with tax issues. Instead, the generalised collection and exchange or disclosure of personal data raises fundamental constitutional issues about the relationship between governments and their citizens.

The philosophical nature of the debate was highlighted by the EU's Attorney General in a recent case decided by the ECJ on 21 December 2016 concerning the retention of data:

‘In 1788, James Madison, one of the authors of the United States Constitution, wrote: ‘If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself.’

The retention of communications data enables ‘the government to control the governed’ by providing the competent authorities with a means of investigation that may prove useful in fighting serious crime (…). However, on the other hand, it is imperative to ‘oblige [the government] to control itself’, with respect to both the retention of data and access to the data retained, given the grave risks engendered by the existence of databases which encompass all communications made within the national territory.’

3. If men were angels

Interestingly, one of the original applicants of this ECJ case (David Davis) withdrew his name from the application after being appointed as Brexit secretary in Theresa May's government.

Careful readers will remember that Mrs May went on record in the past for suggesting that the UK should leave the European Convention on Human Rights and it was the former UK Chancellor George Osborne who, in a letter dated 14 April 2016, called for a new global standard for beneficial registers of beneficial ownership and their linking. However, this is not about domestic party politics, as the CRS was ushered in at the G-20 summit of 2009, organised by the then Prime Minister Gordon Brown, and Britain's technical capacity to tap into the cables that carry the world's communication was developed under successive governments following the terrorist attacks on 9/11.

4. I have written to the OECD – have you?

Readers will know that I am actively looking for a pilot case to bring before the courts. However, the OECD's and EU's silence on the issues of privacy and data protection requires an urgent response, not only from the data protection community (whose warnings have so far fallen on deaf ears), but also from concerned citizens.

For this reason, I have written to the OECD's director of tax policy and head of international cooperation using the emails that appear on WP29's letter (Pascal.Saint-Amans@oecd.org and Philip.Kerfs@oecd.org) and concerned readers may wish to do the same.

You are now leaving Withersworldwide and visiting Withers Consulting Group (WCG) website. Please note WCG does not offer legal services and is therefore not regulated by the Solicitors Regulation Authority or other regulating body. WCG works independently of Withersworldwide. For further information please see WCG's +Regulatory Notice +