New proposals for HMRC to share taxpayers’ details with third parties including companies, research organisations and other public bodies have caused outrage. Although any legislative provisions enacted to implement the plan would provide that data is anonymised, Conservative MP David Davies captured the wider public reaction with his comments that it was “borderline insane”.
Government departments, including HMRC, have a chequered track record when it comes to data protection. The risks to the principle of taxpayer confidentiality and personal privacy are likely to fuel a heated debate if the proposals make further headway.
What Exactly is Being Proposed by HMRC?
The current laws around the sharing of HMRC data place strict constraints on what can and cannot be done with it. In practice there is virtually a total ban on releasing data beyond the confines of HMRC itself. Under the proposals HMRC is looking at ways to make aggregated individual tax payer and VAT registration information anonymous so that it can be shared with third parties under a charging system. A trial scheme has in fact already been carried out with VAT registration data which was released to three credit agencies.
According to HMRC the data would only be shared where sufficient safeguards were in place to protect taxpayer confidentiality. Furthermore, organisations would need to show that the sharing of data would deliver public benefits beyond the functions of HMRC before they received access. Where data was shared, those organisations would be under the same obligations as HMRC regarding privacy and confidentiality which would be backed by criminal sanctions for unlawful disclosure.
Will Safeguards be Enough to Reassure Taxpayers?
As noted already, government departments do not have the greatest track record when it comes to protecting confidentiality. HMRC has ended up in hot water before for accidentally releasing information about people’s bank details and separately, information about child benefit claimants.
On a technical level there are concerns that whatever method HMRC chooses for making data anonymous there is a risk that people will still be able to be identified. A recent trial with NHS medical information under the Care.data scheme ran into difficulties not least due to fears that as the information contained so much data it was theoretically possible to identify some patients.
Needless to say there is virtually no limit to the type of organisations that would find specific taxpayer information useful and detecting misuse of information may be virtually impossible.
These proposals raise serious concerns about taxpayer confidentiality and privacy. Even if UK laws are changed to make the use of such information legal within certain constraints there is a significant possibility of challenges being made under European law through the Human Rights Act.