Right to Privacy of Taxpayers: Balancing Privacy Rights with Tax Compliances

by Ritika Sharma, University Institute of Legal Studies, Panjab University


Taxpayers’ reckon that exchange of information for tax purposes lead to breach of their right to privacy as the tax authorities collect wide range of information which include personal details of the taxpayers. Moreover, disclosure of such information to third parties furthers the worries of the taxpayers. On the flip side, the tax administration looks for ways to regulate and reduce tax evasions. This write up is a traverse across assessing the privacy concerns of taxpayers in India, US and UK and scrutinising these from the angle of their tax regime.


Taxes are pivotal for generating revenue for the government and on the other hand, these lead to the violation of multifarious rights of the individuals, one of which is the Right to Privacy. The efforts to eliminate the scope of evasion of taxes often result in the formulation of measures that give rise to the drives of information exchange with respect to tax­­ matters. Tax administrations via several technological developments complete the process ­of collecting taxes and monitoring the auditing decisions. Exchange of information for tax purposes is necessary “to secure the effective suppression of tax evasion”. Information exchange gives the resident state the possibility to know the amount of income of its taxpayers, which is the first step to enforcing its tax law.[1]

Information and Communication Technology tools have been used to invigorate revenue administrations. Some examples of possible ICT tools used by tax authorities typically include e-filing of tax returns, e-payments, data sharing and data matching, taxpayer self-help portals, chatbots for technical enquiries. These instruments rely on automated data matching, precedent databases, campaign management and rules-based systems. Data matching is fueled by the information that was gathered through several records and includes third party information as well. This information is typically used to assess the information which was provided by the taxpayer and a database informs the formulation of tax rulings.[2] The 2016 OECD Survey has spotted two techniques adopted by the tax administrations i.e., predictive and prescriptive techniques. The former aims at pinning down the taxpayers who are “more likely to fail to meet their obligations” while in the latter, a specific structure is formulated to find out the methods in which the authorities can communicate with the taxpayers effectively.

Role of GDPR in taxpayers’ privacy

General Data Protection Regulation obligates businesses to ensure the privacy of their consumers. There are great concerns for controlling and analysing the accessibility of data by the tax authorities in order to strike a balance between the measures to put a curb on evasion of taxes and ensuring the right to privacy of the taxpayers. GDPR enunciates particular guarantees with respect to the information exchange in tax matters.

One of the requirements of GDPR is profiling in which there is an “automated processing” of personal information of the taxpayers such as health, preferences, interests, financial situation, etc. In order to test the veracity of the financial situation of the taxpayer, various economic and non-economic factors are taken into consideration. These factors include cultural, educational and medical costs.[3] After this process, the provision under Article 22 of the GDPR might come into force, according to which mismatches between the information provided by the taxpayers and the information gathered by the authorities on the basis of profiling are identified and tax assessment notices are issued to the relevant taxpayers.

Now, the question arises as to how the privacy rights of the taxpayers are ensured in this complete process? There are certain exceptions that can be called guards of the privacy of taxpayers. Article 6 contains the first exception according to which there should be a “legal basis” for the processing of taxpayers’ information which should also have a nexus with the “legitimate public interest” for which the process has been carried on. Furthermore, Article 9 provides a check by creating a sphere of “special categories of data” which are prohibited from processing under GDPR. These “special categories of data” include the “data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data to uniquely identify a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”. However, the application of this provision is subject to the proportionality test. This implies that case of processing will not be considered against privacy and illegal if the motive of processing of data is in relation to the “public interest”.

As GDPR gives discretion to the member states, there is no common auditing system and the scope of protecting the privacy of the taxpayers differ from one member state to the other which give gives rise to “misalignments”.

Privacy of Taxpayers in India

In India, in the landmark case of K.S. Puttaswamy v. Union of India,[4] the Right to Privacy was held to be an intrinsic part of Article 21 thereby giving it a status of a Fundamental Right. This Right has been codified in several laws which control the tax administration of the country. For example, Rule 3 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, makes “financial information” a part of “sensitive personal data or information”. The EU GDPR acted as an inspiration for India and it was enforced May 25, 2018. The Taxpayers’ Charter is committed to ensuring the confidentiality of the information submitted by taxpayers.

The Puttaswamy case[5]resulted in the formation of a Committee headed by Justice B.N. Shrikrishna and the Committee has drafted the Personal Data Protection Bill, 2018. Now, taking into consideration the provisions of GDPR, the Personal Data Protection Bill, 2019, has been introduced. The bill is still under examination. However, it is pertinent to note that “tax information”  has not got its place as “sensitive personal data” in the bill which has limited its scope to “financial data, health data, sex life, sexual orientation, biometric data, transgender status, caste or tribe, religious and political affiliations”. Some elements such as “ease of doing business” and simplified tax laws are being aimed at for a better understanding leading to better compliance of tax laws in the country.

Privacy of taxpayers in the US

In the US, the traces of privacy rights could be seen in the case of Griswold v. Connecticut,[6] when Justice William O. Douglas observed that a general right to privacy existed under the Constitution and after a decade, it was debated for the taxpayers. The Tax Reform Act, 1976, and the case of GM Leasing Corporation v United States,[7]are the two significant origins that ensured the privacy rights of the taxpayers primarily. In this case, it was contended that the investigation against Norman was against the spirit of the Fourth Amendment of the United States Constitution which says, “The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized”. This contention was accepted in the court but its decision was reversed in the Appellate Court where it was held that the investigation was within the scope of Section 6331(b) of the US Code which validates searches by “any means”. Therefore, the automobiles of the corporation were seized as the sole owner of the corporation was not able to comply with his tax liabilities.

The Tax Reform Act of 1976 answered the question of what information provided by the taxpayers could be disclosed to the interested parties without their consent. Section 1202 of this Act which came into effect on January 1, 1977, says that tax returns as well as return information are confidential and can be disclosed only in specific situations.

Huge discrepancies in the tax audit system led to the development of “Omnibus Taxpayer Bill of Rights”. The object of this Act of 1988 was, “to inject reason and protection for individual rights into the tax collection process”. Further emphasis on the rights of taxpayers was made through the introduction of the US Taxpayers Bill of Rights [TBOR] in the year 2014 which laid down 10 clear and more accessible Fundamental Rights of the taxpayers, one of which is the Right to Privacy. This guarantees that there will be limitations on the intrusion of privacy by respecting due process, rights and the protections while conducting search and seizures which was not paid heed to in the GM Leasing Corporation case[8]. For an instance, the IRS should not seek intrusive and extraneous information about the lifestyle during an audit if there is no reasonable indication that one has unreported income.[9]

Privacy of Taxpayers in the UK

In the United Kingdom, the Taxpayer’s Charter which was enacted in 2009 contains certain obligations as well as rights that are expected of a taxpayer from Her Majesty’s Revenue & Customs [HMRC]. One of the rights is “Protect your information and respect your privacy” which shows that the Charter strives to balance the system of taxation with the privacy right of the taxpayer.

Data protection laws namely, “UK General Data Protection Regulation” and “Data Protection Act, 2018” are taken into consideration while using personal information. Some Data protection principles say that personal information must be – (i) used lawfully, fairly and in a transparent way; (ii) Collected only for valid purposes that have been clearly explained to you and not used in any way that is incompatible with those purposes; (iii) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; (iv) Accurate and kept up to date; (v) Kept in a form that identifies you for only as long as necessary for the purposes we have told you about; and, (vi) Kept securely.[10] Although the EU GDPR is no longer applicable in the UK since early 2021, the Data Protection Act of 2018 already reflects the UK’s Compliance with the GDPR and this new regime is popularly known as “UK GDPR”.

Concluding Remarks

The information is provided to the tax authorities with certain trust that all necessary safeguards have been provided to ensure the Right to Privacy of taxpayers. Without acknowledging the privacy rights, there could be non-compliance with the correct procedures as the taxpayers would restrain themselves from providing their personal information. 

In order to maintain a balance between the taxpayers’ privacy rights and the efficiency of tax administrations, the tax authorities need to be provided with effective instruments which could control the evasion of taxes by giving importance to the Right to Privacy of the taxpayers. The structure of tax laws should reflect the principles of fairness and justice and protection of the taxpayers’ rights is nothing but legitimate enforcement of the laws by the tax authorities.

Disclaimer – All views and opinions expressed in this article are personal and belong solely to the author(s) and do not necessarily represent those of the LAABh Foundation or the individuals and institutions associated with LAABh Foundation.


[2] INTERNET POLICY REVIEW, https://policyreview.info/articles/analysis/tax-compliance-and-privacy-rights-profiling-and-automated-decision-making (Last visited August 18, 2021).

[3] Ibid.

[4] (2017) 10 SCC 1.

[5] K.S. Puttaswamy v. Union of India; (2017) 10 SCC 1.

[6] 381 U.S. 479 (1965).

[7] 429 U.S. 338 (1977).

[8] GM Leasing Corporation v. United States; 429 U.S. 338 (1977).

[9] TAXPAYER ADVOCATE SERVICE, https://www.taxpayeradvocate.irs.gov/get-help/taxpayer-rights/  (Last visited July 31, 2021).

[10] GOV UK, https://www.gov.uk/government/publications/data-protection-act-dpa-information-hm-revenue-and-customs-hold-about-you/data-protection-act-dpa-information-hm-revenue-and-customs-hold-about-you  (Last visited July 31, 2021).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: