I recently took part in a high-level roundtable on the topic of tax and revenue collection in the era of data protection. The discussion covered ways in which tax agencies could continue to improve citizen services and tax collection while still complying with new and complex data protection regulation.
One discussion point was how, within new approaches to data protection regulation, agencies can use technology to raise the quality of data capture, share data more effectively and analyse information in ways that improve agency performance as well as citizen services.
A number of Accenture surveys have shown that taxpayers struggle with taxation procedures and would be willing to share their data if this would lead to improved services. Making compliance quicker and easier has obvious benefits for agencies, but several key technical and governance questions arise for tax agencies looking to make greater use of taxpayer data, for instance:
- Is there such a thing as collecting too much data?
- How much protection and governance can be automated when analysing data at scale?
- Can newer technologies, like blockchain or AI, help agencies manage dynamic data sources or deploy real-time analytics while remaining transparent?
The frivolous answer to all these questions is: it depends. But there is a serious point here, particularly in the context of principles-based regulations, where much depends on the intent and approach of each data processing circumstance. Essentially, we need to accept the fundamental complexity of data protection and governance, particularly where citizen data is concerned. Blanket approaches seeking to either avoid or cover over the data protection nuances of each situation will limit both the effectiveness of the agency and protection of data.
Take the General Data Protection Regulation (GDPR) that came into force this year and was a key topic at the roundtable. The spirit of the regulation is clear: all personal data connected to a person (even if not identified) must be processed lawfully and with integrity.
With that comes some weighty obligations. For example, one participant described how GDPR has prompted their organization to adopt six principles covering how it can collect, use and retain data. It also defined seven client rights around their ability to access, rectify, move, erase, restrict the processing of data, or object to its use.
But GDPR still allows for taxpayer data to be used in new ways relevant to tax collection. Tax agencies, for example, will be able to use data profiling. Even the most intrusive methodology of predictive profiling to fight against tax evasion and tax fraud will not be forbidden under GDPR. The key is to ensure the process is transparent.
Similarly, the ‘right to obtain human intervention’ in the use of technology doesn’t restrict the ability to automate processes. The process must, however, be ‘human-centric’. For example, one tax agency – among the frontrunners in Europe in using data for more automated purposes, like taxpayer profiling – uses hundreds of automatic procedures, but with human intervention or oversight at the end points.
There is room within GDPR for tax agencies to improve the way they use data to improve revenue collection and citizen services. But at the same time, processing must be sufficiently transparent to ensure taxpayers can understand how their personal data is protected. Agencies must be particularly careful under GDPR regarding the sharing of data captured for tax purposes with other entities, including other government bodies. But agencies should continue to embrace the positive potential of data processing to automate and enhance tax administration. With due care and understanding, this potential can be realized while ensuring adherence to data protection rights.
Let me know if you agree by leaving your comments, thoughts, and suggestions at the bottom of this blog. To learn more about how to improve taxpayer experience through agility visit us here, and follow me on LinkedIn and Twitter.