University of Graz
Luisa Scarcella is a Ph.D. candidate at the Department of Tax and Fiscal Law of the Karl-Franzens University of Graz (Austria), where she has been working as research and teaching assistant. Her thesis concerns the tax treatment of cryptocurrencies with a special focus on Bitcoin and the Blockchain technology. Recently she has been awarded a scholarship by the Austrian Ministry of Research for doctoral students.
Within her researches, she has been focusing also on the digital economy and the impact of AI on the labour market from a tax law perspective. She received her Master of Laws degree from the University of Udine (Italy) in 2015. Before starting her Ph.D., she interned at the European Investment Bank (Luxembourg) in 2013 and at the European Central Bank (Frankfurt am Main) in 2015. She is also one of the coordinators of the Finance, Law and Economics Working Group of the Young Scholars Initiative – INET.
“Profiling and automated decision making in tax matters. Possible aspects of compatibility with the new GDPR”
As highlighted also by the OECD in more than one report, the introduction of big data combined to advanced data analytics represents a great opportunity for tax administrations. These instruments will enable tax administrations to collect their revenue more efficiently and assess in a more precise way tax avoidance and tax evasion cases.
During the last years, tax administrations around the world have been adopting technologies in order to improve their technical procedures recognizing the unfeasibility of checking every single taxpayer and started to implement taxpayers’ “profiling” systems for risk management purposes. These systems allow the analysis of an incredible amount of data which are mainly provided by third parties with whom the taxpayer engages, and after elaborating these data only the taxpayers which will be considered as more “risky” will be subjected to audits.
In the past, new technologies were able to simplify the relationship between tax administration and taxpayer (e.g. in prefilled tax return), and certainly, in the near future, big data analytics and the possibility of using AI as recommended by OECD and other international organizations, will be an indispensable instrument to counteract tax fraud and other tax related crimes. At the same time, being tax administrations one of the public administrations collecting and storing the highest amount of citizens´data, the right to privacy plays a fundamental role in how the tax administrations should use these technologies and ensuring the required level of protection of the private sphere.
If on one hand the OECD has been promoting in many of its policy recommendations the use of new technologies, on the other hand it has never referred to data protection so far. However, at European level, the new General Data Protection Regulation (GDPR) has been adopted. How these new technologies can and are implemented by national tax administrations when deciding which taxpayer will be subjected to auditing will need to be assessed also by taking into consideration these new provisions.
In particular, this paper aims to address questions regarding whether the profiling activity carried out by an algorithmic software used by tax administrations can fall under the definition of “profiling” according to the new GDPR and if so, whether the auditing of the taxpayer individuated through this activity shall be considered as the outcome of an automated decision. Moreover, the paper will assess the compatibility of these instruments under the GDPR and how provisions should be drafted at national level in order to strike the right balance between ensuring taxpayers’ data protection and collecting revenue which shall then be used for the general public interest.