26 Sep US born British citizen tests the limits of the IRS tax evasion scheme
A US-born British citizen is testing the limits of the Internal Revenue Services (IRS) strict tax enforcement regime. The citizen in question, known only as ‘Jenny’, is bringing a judicial review against HMRC (HM Revenue & Customs) using the EU’s new data protection rules, commonly known as GDPR.
GDPR stands for General Data Protection Regulation. It was introduced in May 2018 to modernise the laws surrounding the protection of personal information belonging to individuals within the EU. It was a mutually agreed law and replaced the protections that were first introduced in the 1990s and were struggling to keep up with the transformation of technology. Crucially, it boosts the legal rights of EU citizens and gives them more direct control over their information.
IRS tax enforcement scheme demands access to personal data
The ex-US citizen in this case argues that, under the GDPR regulations, her rights will be breached should HMRC pass her information to the US Government’s IRS. Jenny has launched a crowdfunding campaign to raise money for the judicial review. On the campaign site she further argues that if the UK’s tax authority gives her information directly to the IRS, she is at a higher risk of it being hacked.
Jenny is also adamant that she owes nothing to the US Government in taxes. Her supporting argument for this is that she earns way below the threshold set for US expats to pay tax. This year’s threshold is at $105,900. And while all US citizens, whether they are US expats or not, are legally required to submit a tax return to the IRS every year, those who have renounced their citizenship fall under different rules.
However, even US expats who choose to renounce their citizenship must ensure they are fully compliant with their obligations to the IRS. Not filing the required forms will mean the IRS using its tax evasion policies to investigate further.
Case highlights clash between GDPR and the IRS
This case highlights the difficulties that exist between the GDPR regulations, and the US Foreign Account Tax Compliance Act (FATCA). The latter came into effect in 2010, eight years before GDPR was introduced. FATCA is part of the IRS’ tools aimed at cracking down on tax evasion or US citizens hiding assets overseas.
Under FATCA, UK banks are obliged to report any of their clients that have links to the US. The banks report to HMRC, which then passes the information directly to the IRS. US law says that people have no privacy for their financial records, and do not have the right to know about this transfer of their data.
On her crowdfunding page, Jenny says that she agrees with the IRS that no-one should purposefully evade paying tax. Her issue lies not with FATCA’s final objective, but “the disproportionate nature of the measure to achieve its objective.”
First case of its kind
This case, which was first picked up by the Guardian, closely follows a recent hack on the tax authority of Bulgaria. The hack targeted the data of five million Bulgarian taxpayers. And the data obtained by the hackers includes information being passed between agencies under FATCA.
Jenny’s legal representation is from law firm Mishcon de Reya. According to an article in the Financial Times, Filippo Noseda, a partner from the law firm says this is the first case where FATCA is “challenged on the basis that its implementation in the EU breaches the GDPR and individuals’ fundamental rights enshrined in EU and UK legislation.”
HMRC’s statement on the case says that it can’t comment on individual tax issues. However, it does say that FATCA “plays an important part in the multinational fight against tax avoidance and evasion.”
Tom LR Griffiths is a US and UK tax specialist at Ingleton Partners.