After five years of lobbying, which includes appearances before the European Parliament and frequent correspondence with the EU on the data protection implications of automatic exchange of information ('AEOI'), data protection campaigners have scored their first substantial victory.
On 14 April 2021, the European Data Protection Board (EDPB), which brings together representatives of the national data protection authorities of all EU Member States, issued a statement in which it acknowledges the concerns raised by campaigners:
"The EDB invites the Member States to assess and, where necessary, review their international agreements that involve international transfers of personal data, such as those relating to taxation (e.g. to the automatic exchange of personal data for tax purposes)… in order to determine whether, while pursuing the important public interests covered by the agreements, further alignment with current Union legislation and case law on data protection, as well as EDPB guidance might be needed."
Mishcon partner Filippo Noseda, who has been leading the campaign said: "for almost five years, the European Commission and EU Member States, as well as the UK, have been ignoring calls from campaigners to address the breach of fundamental rights caused by automatic exchange of information. Now, after incessant lobbying, the European Data Protection Board acknowledged the problem. Although the latest statement is couched in diplomatic wordings and does not mention FATCA by name, an invitation by the EU's data protection watchdog to review automatic exchange of information agreements with third countries, including the US, cannot be ignored."
Filippo continued: "This development follows years of campaigning by concerned individuals, including our clients Jenny and Philipp, J.R. (who filed a petition before the European Parliament) as well as associations of Accidental Americans. We will continue to campaign to address the breach of fundamental rights caused by AEOI."
Background:
Mishcon de Reya has been at the forefront of an international strategic data protection litigation campaign focusing on the implications of various 'transparency' measures for individuals' fundamental rights. Filippo Noseda appeared before the EU data protection authorities in 2016 and the EU Parliament in Nov 2019 and Nov 2020. Our correspondence with the OECD and the EU (60+ letters) is available online, together with the Mishcon de Reya Hacking and Data Breaches List (now over 60 pages long) which shows very clearly the data protection risks created by unnecessary and disproportionate bulk processing of information.
We now have:
- a claim against the excessive nature of FATCA ('Jenny's case') – discussed here and here;
- a claim against the excessive nature of the CRS ('Philipp's case) before the Austrian and German courts – discussed here and here.
- a claim against the public nature of registers of beneficial ownership before the Luxembourg courts – discussed here and here;
- a potential arbitration against the OECD in relation to the Common Transmission System – discussed here.
Related coverage:
TIME Magazine
The Financial Times (1)
The Financial Times (2)
The Financial Times (3)
The Economist (1)
The Economist (2)
The Economist (3)
The Washington Post
Bloomberg
The Guardian
The American (1)
The American (2)
Tax Notes International (1)
Tax Notes International (2)
Tax Journal
Spear's Magazine