The ‘Tax Administration 3.0’ model of governance: The OECD’s New Poisoned Apple?

Introduction

Technology is bearing disruptive effects on tax enforcement regimes, initially aligned with traditional format of business. Tax enforcement, designed with a model of ‘pen and paper’ in mind, is becoming increasingly obsolete. These frictions between traditional tax enforcement and modern mercantilism are triggering leading voices in taxation to propose novel models of fiscal governance. At the center of these proposals is the ‘tax administration 3.0’ system (‘3.0 model’) envisioned by the OECD’s Forum on Tax Administration (FTA).  The FTA claims that its 3.0 model of fiscal governance would be more agile, resilient, transparent, trustworthy, enhancing privacy and data protection of taxpayers, while being seamlessly embedded within taxpayers’ digital ecosystem. Simply put, the 3.0 model would according to the FTA, guarantee more compliance with less resources while strengthening the fundamental rights of taxpayers. All in all, the FTA claims to have conceptualized the perfect ‘win-win’ situation, both for taxpayers and for the administration.

Taking into account the different characteristics posited by the FTA, the objective is to critically inquire these claims, focusing in particular on taxpayers’ rights. Thus, the question is: “To what extent would the tax administration 3.0 model strengthen taxpayers’ rights?”

The main tenet of the tax administration 3.0 system

The core feature of the 3.0 model is that tax burdens would not be calculated by taxpayers and the administration, but would be computed in real-time by algorithms mandatorily embedded within taxpayers’ digital devices.

Traditionally, tax enforcement follows a declarative system, where taxpayers self-assess and declare their tax burden to the administration, who then verifies and validates the assessment. This system exhibits major shortcomings: it is a slow, inefficient and entirely retrospective process. Even with pre-filled tax returns, the administration is by default always lagging behind, validating the returns of the previous fiscal exercise which from a forensics accounting perspective is extremely problematic. Moreover, the process is to a large extent inefficient, as the administration receives millions, sometimes billions, of tax returns within very short delays rather than spread throughout the year. By virtue of this lengthiness, the declarative system can generate uncertainty for taxpayers who must wait a year, sometimes more, until their return is validated. In turn, this delayed enforcement causes numerous issues for taxpayers, such as liquidity shortages as was for instance observed during the toeslagenaffaire.

Aware of these shortcomings, the FTA is proposing to embed applications and algorithms of the tax administration directly on taxpayers’ personal and professional digital devices, i.e. their cellphone, laptops, desktop computers, etc. These algorithms would calculate a taxpayer’s tax burden, by directly monitoring taxpayers. This surveillance would be carried out through sensors on taxpayers’ devices, that would track each taxpayer’s geolocation, activities undertaken for different platforms, interactions with different governmental services, etc. The FTA’s report provides two fictitious examples: ‘Mary and Kim from 2030’, highly mobile factors of production conducting work in several jurisdictions throughout the year. The FTA conceptualizes that the 3.0 model would be embedded within their personal and professional operating systems, specifically citing Microsoft ‘My365’.  Accordingly, sensors within the 3.0 model would track when taxpayers cross a border, the amount of earnings in each jurisdiction, administrative obligations to complete, etc. Access to that application would rely on the verification of digital identity of each taxpayer, for which the FTA envisions biometric identification.

The 3.0 model’s effects on taxpayers’ privacy and data protection rights

Thus, the 3.0 model conceptualized by the FTA is a form of (quasi-)decentralized model of fiscal governance, where taxes are calculated directly on taxpayers’ IoT devices, based on inputs of sensors embedded within the application. The 3.0 model is foreseen to be equipped with other features, such as virtual conversational assistance (VCA) or chatbots, specific payroll ERP systems, cooperative compliance frameworks, etc. These ancillary features are not novel, in fact all of these are already under use. The sole novelty of the 3.0 model is the use of algorithms directly on taxpayers devices, with sensors tracking movement and taxable events.

Thus, right off the bat, the FTA’s report can be criticized by sheer virtue of the use of marketeering claims to present a concept that is neither revolutionary, nor novel. Among these claims is the argument that the 3.0 model would strengthen taxpayers’ privacy and data protection. The main point put forward to substantiate such claim is the fact that the 3.0 system could limit the data surrendered to the administration directly by taxpayers. However, minimizing data exchanges or ensuring better data minimization is not sufficient to qualify as complying with data protection, let alone enhancing it. A system could process less data but of a more sensitive nature, e.g. biometric data, thereby increasing the potential harms for data subjects. At the outset, qualifying the 3.0 model as strengthening taxpayers’ privacy and data protection rights solely based on a potential minimization of data exchanges is a weak, unconvincing argument.

Moreover, nothing in the report explains how the 3.0 model would minimize data exchanges between the taxpayer and the administration. Most strikingly, the report omits third-party data collection, focusing solely on self-reporting by taxpayers. Hence, the fact that the administration request less data directly to taxpayers, does not mean that they collect less data from other sources. For natural persons, tax returns can already be completed without a single direct input from taxpayers themselves, simply through recouping third-party data and data collected by the administration.

Besides, the report explicitly mentions that the administration would retain its prerogative to investigate taxpayers. Thus the administration could, at the behest of tax officials, still request all taxpayer data it wishes to process. Currently, the administration receives large volumes of data, but the vast majority of it is also processed through algorithmic means, upon which a selection is made of which returns to further audit. Comparing both archetypal models, the difference in volumes of data between the two models of governance seems negligible. If anything, the difference is simply one of storage location, rather than in volumes of data. Moreover, the 3.0 model would process biometric data, regarded as of the utmost sensitive nature. Biometric data is currently not processed by tax administrations and in several EU States, tax administrations cannot lawfully process such data. Therefore, the FTA’s claim of being privacy and data protection enhancing, is not sufficiently substantiated and when examined further seems entirely incorrect.

The FTA’s claim demonstrates that the report conflates privacy and data protection, two rights with different scopes and purposes. The right to data protection seeks to ensure the free movement of data while protecting data subjects from harms. The right to a private life protects a multitude of facets of a persons’ being, such as their home, their reputation, their body but also their personal digital space. Naturally, in a vertical context where most interactions occur through the realm of personal data, such as the relation between administration and taxpayers, the scope of the two rights strongly overlaps. Yet, the 3.0 model may be one of the rare instance where the two rights must be balanced against each other, as the model may potentially limit data exchanges, but with the caveat that taxpayers are obligated to install tracking sensors directly on their device. Thus, data minimization comes at the cost of a serious encroachment on taxpayers’ private digital space. Yet, while the potential to minimize data remains to be proven, the interference on taxpayers’ privacy would be immediate. In that regard, an important aspect to consider is individual autonomy and self-decision, a central aspect of the right to privacy. Despite their claims, the FTA did not conduct a single survey assessing whether taxpayers would be in favor of inviting tax administrations in their private digital space. Claims of trustworthiness are entirely baseless, which illustrates why the report reads more as a sales pitch rather than a serious policy report.  The fiasco of COVID tracing apps clearly indicates that citizens are extremely resistant to install governmental apps on their personal devices, even in jurisdictions where trust in the central government is at the highest. Early predictions claimed that 85% of citizens would download COVID tracing apps. In reality approximately 15% downloaded it.

Mandating taxpayers to install tracking sensors on their devices constitutes a grave intrusion on taxpayers’ privacy, which should be carefully balanced and not be dealt as casually as the FTA’s report does. If anything, such obligation should be strongly justified with tangible evidences of benefits for taxpayers. Yet, on that front, the 3.0 model again fall short of what it purports to do. Similarly to the declarative system, taxpayers under the 3.0 model would still have to input information to the application, calculate their yearly income and execute these tedious tasks. Studies show that 95% of taxpayers with a pre-filled tax return only spend a maximum of 5 hours annually to complete their returns. This time is not spent examining tax legislation, but compiling pay slips and financial documents, adding revenues, finding which box to fill, etc. These actions would still have to be undertaken by taxpayers under the 3.0 model. Thus the added-value of such system for the vast majority of taxpayers would be nil, with the caveat that now taxpayers are being surveilled directly through their personal devices. The only taxpayers for which the 3.0 model could be beneficial are hyper-mobile factors of production. For instance, the tiny fraction of cross-border workers who receive income from multiple sources and frequently cross borders to perform their function, e.g. university professors, consultants and policy makers. Coincidentally or not, these profiles constitute the majority of workers at institutions such as the OECD. For the remainder of taxpayers, the 3.0 model is as intrusive as unnecessary.

The 3.0 model’s effects on transparency

In addition to taxpayers’ privacy, the FTA claims that the 3.0 model would enhance the transparency of tax enforcement measures. Again, such a claim should be met with serious skepticism by virtue of its lack of substance. Recital 39 and Article 12 of the GDPR informs us that transparency obliges a data controller to provide complete, clear, concise and easily accessible information to data subjects. In the GDPR, several data subject rights sprout from that principle, namely the right to information, right of access, right to erasure, right to object and notification obligations concerning these rights. In recent years, transparency of the administration has gained serious momentum. Several cases were ruled in taxpayers’ favor by virtue of the lack of transparency of AI systems used for fiscal algorithmic governance. In the Netherlands, the Court of the Hague temporarily halted the use of SyRI, a risk-scoring AI system, by virtue of the lack of transparency of its legal basis. The Court found that the law authorizing the use of the AI system did not offer sufficient insights to verify whether risks to taxpayers’ rights were sufficiently mitigated. Similarly in eKasa and in SS SIA, the Constitutional Court of Slovakia and the CJEU respectively ruled that the systems leveraged by tax administrations should be authorized by a clear and transparent legal basis.

Nothing in the FTA’s report provides a clear pathway towards an enhancement of these different rights or towards a transparent legal basis. As stated, the 3.0 model is simply a swap from tax declarations on centralized platforms of the administration to a decentralized app embedded in an IoT device. While it may be more convenient, it does not make the system transparent. Similarly, having an app for Netflix or for Google directly on a phone does not provide one with information on their recommendation algorithms or source codes. Transparency is a holistic principle which obliges data controllers to provide clear information, from the inception of the data procession with a transparent legal basis, until the erasure of the data with notification obligations. Whether the data is transferred via a website or via an app is irrelevant, as all roads lead to the administrations’ data warehouse. Similarly to privacy and data protection, the missing part in the FTA’s report is the how: how will the 3.0 model ensure more transparency? Will the 3.0 model be regulated by transparent uniform standards of that sufficiently mitigate risks to their rights? Will taxpayers be provided with more information and more access on how their personal data are processed, where these have been obtained and how the data can be rectified or erased? Will taxpayers be alerted when data is exchanged between the app and the central data warehouse or when auditor control the taxpayers’ API? The total absence of these considerations from the FTA’s report suggests that, similarly to data protection and privacy, transparency is used trivially, more as a token rather than as a set of foundational principles to be upheld.

Conclusion

Conclusively, the 3.0 model would not strengthen taxpayers’ fundamental rights, if anything the opposite is true. The FTA by claiming that the 3.0 model would be enhancing privacy and data protection solely based on data minimization, is demonstrating its very shallow understanding of taxpayers’ rights. The FTA conflates both rights, making outlandish unsubstantiated claims. It is clear that privacy, data protection, transparency and trustworthiness are used as tokens, as hollow labels of marketeers, rather than objective policy statements. Accordingly, from the perspective of taxpayers’ rights, the 3.0 model as currently proposed by the FTA would by all means be a poisoned apple. That is not considering other problematic aspects, such as the foreseen cooperation between public and private actors; the tremendous difficulty in devising algorithms to automate heavily debated rules of taxation; potential mismatches between jurisdictions; or even the simple fact that almost half of the world population does not have access to the internet.

It must be acknowledged that the FTA does identify the shortcomings of the current declarative system, such as its inefficiency, cost of compliance and bureaucratic aspects. Yet, one should not throw the baby away with the bathwater. Strengthening regime of pre-populated returns, increasing the efficiency of the administration and reducing costs of compliance lies in performing minor changes both in the law, and in the organizational structure of the administration. It does not lie in a software overhaul. The FTA accurately pinpoints the taxpayers who may be prone to require a model of governance akin to the 3.0 model. Yet, as explicitly admitted in the report, these taxpayers constitute an infinitesimal minority of the entire tax population. Accordingly, mandating the 3.0 model on all taxpayers is nonsensical. The FTA should offer the 3.0 model as an alternative model to which taxpayers can voluntarily choose to ascribe to. In such setting, hyper-mobile factors of production willing to surrender some privacy could benefit from the concept. For the remainder of taxpayers, no amount of marketeering will be sufficient to force them to swallow such hefty pill.