Feeds

Draft law lets council bods snoop your tax records

Powers extend well beyond justification for data-sharing

The Power of One Infographic

Opinion The Local Government Finance Bill, now before Parliament, is drafted in such a way that it could permit the routine disclosure of tax records and other personal data held by HMRC to council officers for several council tax-related purposes.

The powers also allow HMRC to disclose such details directly to contractors of the council (eg, perhaps those IT service providers based overseas or in the cloud); this could permit tax details to go to many interesting destinations outside the European Economic Area.

Having said that there is one very important surprise in the legislation, which I explain at the end of this blog.

So how can we be confident that routine data sharing between councils and HMRC is a possible outcome? As readers know, there is an exemption from the non-disclosure provisions in section 29 of the Data Protection Act that covers the “assessment or collection of any tax or duty...”; clearly "council tax" is a “tax” as required by section 29.

This exemption from the non-disclosure provisions permits the disclosure of personal data by HMRC to a council assessing/collecting Council Tax, on a case-by-case basis, without the need to consider the Principles and the data subject rights that could interfere with such a disclosure (eg, right to object to disclosure). However, the HMRC has to be satisfied that failure to disclose to a council “would prejudice” the collection of council tax.

So, if the current law allows for disclosure in these important tax avoidance circumstances (eg, a case-by-case disclosure where prejudice to the collection of council tax exists), it follows that the new statutory gateway can permit disclosure in circumstances where these tax avoidance factors are not relevant to any decision by the HMRC on whether or not to disclose to a council. For instance, those disclosures which are not “case by case” (eg, routine) and where there is no “prejudice” to the collection or assessment of council tax.

Also note that the word “relate” is unqualified, so “purposes relating to council tax” could easily extend to any council purpose that depends on the collection of council tax; in this way many council functions become arguably related to council tax. This risk would not be present if the legislation stated that the disclosure was restricted to the “council tax purpose”.

For completeness I provide an annotated example of the data-sharing provisions (from clause 15 of the Bill):

(1) A Revenue and Customs official may supply information which is held by the Revenue and Customs in connection with a function of the Revenue and Customs to a qualifying person for prescribed purposes relating to council tax. (My emphasis)

(2) The following are qualifying persons for the purpose of this paragraph:

(a) a billing authority in England; (Comment: this is the council tax function; below are the powers to disclose directly to contractors);
(b) a person authorised to exercise any function of such an authority relating to council tax; and
(c) a person providing services to such an authority relating to council tax.

(3) Information supplied under this paragraph may be used for another prescribed purpose relating to council tax. (Comment: note the word “relating” means that the purpose has to have some relationship with council tax purpose – eg, purposes based on the need to collect council tax).

(4) Information supplied under this paragraph may be supplied to another qualifying person for a prescribed purpose relating to council tax (whether or not that is a purpose for which it was supplied). (Comment: this is a general provision to negate the protection offered by the Second Data Protection Principle – incompatibility of the purpose of disclosure to the purpose of collection of personal data). It also negates the Third Data Protection Principle if the data items to be disclose were to be specified in regulations.)

So how does the government explain the need for these data sharing provisions. The “Explanatory Notes” accompanying the Bill state:

Local authorities will need to use information held by HMRC to determine whether a person is entitled to a reduction in council tax. These provisions will reduce the need for authorities to collect information from persons claiming a reduction when it has already been supplied to HMRC and will help to ensure the information used to calculate a reduction is accurate. These information sharing powers are therefore needed to ensure local authorities are able to administer council tax efficiently and to help prevent fraudulent claims for a council tax reduction (Paragraph 127).

In other words, the justification proffered falls within the existing section 29 exemption. It amounts to a check on whether the HMRC and Local Authority agree that a person claiming a single person's council tax reduction also relates to a single person in relation to Child Benefit (what remains of it, I mean) or tax credit claims. You simply do not need general data-sharing powers relating to data subjects who are NOT claiming this reduction; you do not need powers that link to purposes that can extend well beyond the official justification.

Now we come to the really interesting bit I promised. There is a provision that states: “Regulations under this paragraph must not be made except with the consent of the Commissioners for Her Majesty’s Revenue and Customs”. This is the first time I have seen that the exercise of Ministerial Powers is to become subject to a veto by someone who is not the minister.

I think this has broken the ice in a very important way. Wouldn’t it be nice to see the following in ALL data-sharing powers similarly subject to an independent review – for instance, “Regulations under this paragraph must not be made except with the consent of the Information Commissioner”?

Now we can dream on, but such a provision would be real data protection from the excess of ministerial powers; and I can think of a number of places where I would put it! ®

References:

The Bill and its Explanatory Notes (at the time of presentation to the House of Lords) can be found here.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Boost IT visibility and business value

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.