Feeds

Draft law lets council bods snoop your tax records

Powers extend well beyond justification for data-sharing

High performance access to file storage

Opinion The Local Government Finance Bill, now before Parliament, is drafted in such a way that it could permit the routine disclosure of tax records and other personal data held by HMRC to council officers for several council tax-related purposes.

The powers also allow HMRC to disclose such details directly to contractors of the council (eg, perhaps those IT service providers based overseas or in the cloud); this could permit tax details to go to many interesting destinations outside the European Economic Area.

Having said that there is one very important surprise in the legislation, which I explain at the end of this blog.

So how can we be confident that routine data sharing between councils and HMRC is a possible outcome? As readers know, there is an exemption from the non-disclosure provisions in section 29 of the Data Protection Act that covers the “assessment or collection of any tax or duty...”; clearly "council tax" is a “tax” as required by section 29.

This exemption from the non-disclosure provisions permits the disclosure of personal data by HMRC to a council assessing/collecting Council Tax, on a case-by-case basis, without the need to consider the Principles and the data subject rights that could interfere with such a disclosure (eg, right to object to disclosure). However, the HMRC has to be satisfied that failure to disclose to a council “would prejudice” the collection of council tax.

So, if the current law allows for disclosure in these important tax avoidance circumstances (eg, a case-by-case disclosure where prejudice to the collection of council tax exists), it follows that the new statutory gateway can permit disclosure in circumstances where these tax avoidance factors are not relevant to any decision by the HMRC on whether or not to disclose to a council. For instance, those disclosures which are not “case by case” (eg, routine) and where there is no “prejudice” to the collection or assessment of council tax.

Also note that the word “relate” is unqualified, so “purposes relating to council tax” could easily extend to any council purpose that depends on the collection of council tax; in this way many council functions become arguably related to council tax. This risk would not be present if the legislation stated that the disclosure was restricted to the “council tax purpose”.

For completeness I provide an annotated example of the data-sharing provisions (from clause 15 of the Bill):

(1) A Revenue and Customs official may supply information which is held by the Revenue and Customs in connection with a function of the Revenue and Customs to a qualifying person for prescribed purposes relating to council tax. (My emphasis)

(2) The following are qualifying persons for the purpose of this paragraph:

(a) a billing authority in England; (Comment: this is the council tax function; below are the powers to disclose directly to contractors);
(b) a person authorised to exercise any function of such an authority relating to council tax; and
(c) a person providing services to such an authority relating to council tax.

(3) Information supplied under this paragraph may be used for another prescribed purpose relating to council tax. (Comment: note the word “relating” means that the purpose has to have some relationship with council tax purpose – eg, purposes based on the need to collect council tax).

(4) Information supplied under this paragraph may be supplied to another qualifying person for a prescribed purpose relating to council tax (whether or not that is a purpose for which it was supplied). (Comment: this is a general provision to negate the protection offered by the Second Data Protection Principle – incompatibility of the purpose of disclosure to the purpose of collection of personal data). It also negates the Third Data Protection Principle if the data items to be disclose were to be specified in regulations.)

So how does the government explain the need for these data sharing provisions. The “Explanatory Notes” accompanying the Bill state:

Local authorities will need to use information held by HMRC to determine whether a person is entitled to a reduction in council tax. These provisions will reduce the need for authorities to collect information from persons claiming a reduction when it has already been supplied to HMRC and will help to ensure the information used to calculate a reduction is accurate. These information sharing powers are therefore needed to ensure local authorities are able to administer council tax efficiently and to help prevent fraudulent claims for a council tax reduction (Paragraph 127).

In other words, the justification proffered falls within the existing section 29 exemption. It amounts to a check on whether the HMRC and Local Authority agree that a person claiming a single person's council tax reduction also relates to a single person in relation to Child Benefit (what remains of it, I mean) or tax credit claims. You simply do not need general data-sharing powers relating to data subjects who are NOT claiming this reduction; you do not need powers that link to purposes that can extend well beyond the official justification.

Now we come to the really interesting bit I promised. There is a provision that states: “Regulations under this paragraph must not be made except with the consent of the Commissioners for Her Majesty’s Revenue and Customs”. This is the first time I have seen that the exercise of Ministerial Powers is to become subject to a veto by someone who is not the minister.

I think this has broken the ice in a very important way. Wouldn’t it be nice to see the following in ALL data-sharing powers similarly subject to an independent review – for instance, “Regulations under this paragraph must not be made except with the consent of the Information Commissioner”?

Now we can dream on, but such a provision would be real data protection from the excess of ministerial powers; and I can think of a number of places where I would put it! ®

References:

The Bill and its Explanatory Notes (at the time of presentation to the House of Lords) can be found here.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.