This article has been subject to double-blind peer review.

Today, there is an ongoing debate on how tax administrations, in a context of globalization, need to improve and increase cooperation between them, if they want to control the application of national tax systems effectively and efficiently. At the European Union level, tax cooperation has been framed through Directive 2011/16/EU on administrative cooperation in the field of taxation (DAC) and its amendments. However, in this context it is obvious that interferences with the rights of taxpayers affected by this cooperation may arise (i.e. privacy, confidentiality, data protection and procedural rights). The question is whether these rights have been adequately protected under the scope of the DAC.

1 Introduction

International exchange of tax information is becoming increasingly important for the correct application of substantive tax rules. This is evident from the work of the OECD’s Global Forum on Exchange of Information as well as the multiple initiatives carried out at the international level over the past decades (e.g. FATCA).1 At the EU level, Directive 2011/16/EU on administrative cooperation in the field of taxation (DAC 1), which repealed Directive 77/799/EEC, is aimed at reinforcing the collaboration between EU tax administrations under a series of shared rules and practices. Thus, the Directive points out that the rise of economic globalization, of cross-border arrangements, the mobility of taxpayers and the internationalization of financial instruments, prevent the successful estimation of taxes. Admittedly, administrative cooperation plays a fundamental role when enforcing Member States’ tax legislations. However, the EU regulations on administrative tax cooperation, heavily influenced by the OECD initiatives, have evolved over the last few years and have been amended on up to seven different occasions to address emerging challenges, without there being a consolidated version of all these instruments.2 Further, progress in the regulation of taxpayers’ rights under the framework of the DAC has been minimal. In this regard, the DAC points out that “this Directive respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union”. And the same is emphasized by all amendments to the DAC. Nevertheless, it can be questioned whether this assertion is carried out in practice.

For the above, the purpose of this contribution is to analyze the relationship between the DAC and the taxpayers’ rights with the aim to conclude whether these rights have been adequately protected under the scope of the Directive and its amendments. Thus, Section 2 addresses the DAC and its seven amendments to clarify the administrative cooperation framework that exists at EU level and, particularly, regarding exchange of tax information. Section 3 discusses the complex relationship between the exchange of tax information under the DAC and the protection of taxpayers’ rights, primarily from the perspective of the EU rights to privacy, confidentiality, data protection and procedural rights.3 The contribution ends with some concluding remarks in Section 4.

The analysis has been carried out undertaking a doctrinal legal approach. This approach involves source-based research, and it is focused on traditional legal sources, such as legislation, case law and other legal documents. The research question is addressed here from a European perspective. Therefore, the EU sources will be of great importance throughout this contribution, in particular, the EU Directives and the case law of the ECJ. The study of EU law is based not only on primary empirical sources but also on secondary theoretical sources (academic monographies and journal articles focusing directly or indirectly on the selected topics).

On the relationship between different tax cooperation instruments, see Vanistendael, F. The International Information Exchange Puzzle. Tax Notes International, No. 75, 2014, 1152.

In this regard, the Commission published a Proposal for a formal codification of all the DACs in one single document in 2020 (COM(2020) 49 final).

These rights have been identified as the more controversial points where the Directive and all its amendments might collide with taxpayers’ fundamental rights. There are other rights that may pose specific problems with a particular amendment, e.g. DAC 6 and the right not to incriminate oneself, but for reasons of space they will not be further discussed here. For an in-depth analysis see Castro Bosque, M. Analysis of the DAC 6 in light of fundamental rights and guarantees. IBFD, forthcoming.

2 The Directive on Administrative Cooperation and its amendments

2.1 General overview

As mentioned, the DAC has been configured to be a multilateral and consistent instrument of tax cooperation within the EU. Thus, the DAC provides for “the rules and procedures under which the Member States shall cooperate with each other with a view to exchanging information that is foreseeably relevant to the administration and enforcement of their domestic laws” (Article 1).

In particular, the DAC lays down three procedures of exchange of information namely, on request, automatic and spontaneous, while also providing for other cooperation procedures. These methods of exchange are broadly in line with the standards agreed at international level, notably at the OECD level.4 Although criticized for creating ultimate dependence on the policies of non-EU legal operators,5 according to the Directorate-General for Taxation and Customs Union,6 “[t]he various policy measures consolidated in the DAC have their counterparts in the OECD framework, in which most EU Member States also participate. It is therefore essential […] that the EU and OECD obligations on administrative cooperation are and remain closely aligned”. Furthermore, “[t]he OECD documents, and particularly the OECD Commentary, are considered as relevant guidance for applying the DAC. This is possible because the DAC and the OECD framework not only provide for similar, when not identical, material obligations for the Member States, but also include the same legal definitions and standards (e.g. foreseeable relevance, taxes)”.

Broadly speaking, none of the three methods of information exchange prevails over the others as each one pursues a different purpose.7 Consequently, each has its own normative singularities and, in some cases, specific problems. Nevertheless, in the last years the DAC has boosted automatic exchange as the most effective tool to fight against illegitimate tax structures.8 In fact, at the beginning, automatic exchange of information was restricted to a few categories of income, nevertheless, its scope has been widely expanded over the years. Thus, the DAC 1 has been modified six times (plus an upcoming modification) and the information subject to exchange has been extended in an impressive way. Nowadays, the Directive is structured into seven Chapters and thirty-one Articles. Additionally, five Annexes have been added along with some of the amendments.

European Commission. Latest news on Administrative cooperation in (direct) taxation in the EU. 2018.

Somare, M. & Wöhner, V. Automatic Exchange of financial information under the Directive on Administrative Cooperation in the light of the Global Movement towards Transparency. Intertax, No. 12, 2015, 814.

Directorate-General for Taxation and Customs Union (DGTCU). Evaluation of Administrative Cooperation in Direct Taxation. Final Report. 2019, 122.

Schilcher, M.; Spies, K. & Zirngast, S. Mutual Assistance in Direct Tax Matters, in: Lang, M.; Pistone, P.; Schuch, J. & Staringer, C. Introduction to European Tax Law on Direct Taxation. Linde, Vienna, 2016, 212. For further information see Moreno González, S. The Council Directive 2011/16/EU in the global context of tax transparency and automatic exchange of information. Francis Lefebvre, 2018.

Against this background it shall be recalled that since 2012 political interest has increasingly focused on automatic exchange of information as a key aspect in the fight against tax evasion and avoidance, notably at the OECD level. See e.g. the OECD’s Reports A step change in tax transparency (2013) or the Declaration on Automatic Exchange of Information in Tax Matters (2013).

2.2 Objective

The DAC aims to address three closely interrelated but different needs, arising from the negative effects of globalization on the internal market. In the first place, the rise of tax evasion or tax avoidance structures which originate from the misalignment between the increasing internationalization of the economy and the national dimension of taxes.9 In the second place, the tax decisions with limited transparency, namely, cross-border advanced tax rulings and pricing agreements, which lead to harmful tax practices.10 As a result, financial flows and the location of companies may be affected leading to an unfair play for enterprises. Finally, the deviations in the enactment of commitments made at the G20/OECD level as some Member States may decide to act, while others not.11 From this perspective, a set of uniform and common rules enables Member States’ authorities to trust each other’s mechanisms.

Considering these needs, the Directive is aimed at, firstly, contributing to the proper functioning of the internal market, which comes directly from the legal basis of the DAC (Article 115 TFEU). Thus, all the amendments to the DAC highlight the aim of obtaining an “efficient administrative cooperation between Member States under conditions compatible with the proper functioning of the internal market”. Secondly, safeguarding Member States’ tax revenues, as the need to combat illegitimate tax structures constitutes the very raison d’être of exchange of information;12 in this regard, it shall be noted that, if the different amendments of the DAC are compared, the emphasis has gradually shifted from tax evasion to tax avoidance and in the DAC6 to also tackling other forms of tax minimization (e.g. aggressive tax planning). Thirdly, contributing to the improvement of the perceived fairness of the tax system13, which despite being of a political nature, is mentioned both by the Commission14 and the Council initiatives.15 Overall, the DAC is expected to achieve an enhanced ability to fight cross-border tax minimization structures by large taxpayers and, particularly, MNEs; less scope for harmful tax competition; and a “deterrent effect” to achieve spontaneous tax compliance in a timely manner.16

In fact, as noted in the DAC 1 proposal, that situation “makes it more and more difficult for Member States to assess taxes due properly, while they stick to national sovereignty as regards the level of taxes”. See European Commission. Proposal for a Council Directive on administrative cooperation in the field of taxation, COM(2009)29, para. 2.

Commission Staff Working Document. Technical analysis of focus and scope of the legal proposal Accompanying the document Proposal for a Council Directive amending Directive 2011/16/EU as regards exchange of information in the field of taxation, SWD(2015) 60, 2015, para. 15.

In this regard, the DAC 4 proposal considered that, “unilateral implementation of BEPS would risk national policy clashes and new obstacles in the Internal Market, which would continue to be fragmented in 28 constituent parts and suffer from mismatches and other distortions”. See Proposal for a Council Directive amending Directive 2011/16/EU as regards mandatory automatic exchange of information in the field of taxation, COM(2016) 25, 2016, para. 3.

A 2018 study found that profit-shifting activities cost EU Member States around EUR 36 billion each year, representing 0.3% of their GDP and the losses amount to 8% of the total EU revenues from corporate income tax. See Álvarez-Martínez, M.T. How Large is the Corporate Tax Base Erosion and Profit Shifting? A General Equilibrium Approach. CESifo Working Paper Series 6870, 2018.

According to the Eurobarometer, the fight against tax fraud is one of the areas in which EU intervention has the strongest support (about three-quarters of EU citizens). See European Parliament. Eurobarometer Survey 89.2. Delivering on Europe – citizens’ views on current and future EU action. A Public Opinion Monitoring Study. 2018.

See e.g. Report from the Commission to the European Parliament and the Council on the application of Council Directive (EU) 2011/16/EU on administrative cooperation in the field of direct taxation, COM/2017/0781, where it is stated that “administrative cooperation contributes […] to the overall objective of a fair taxation for all”. Recently, in the FAQ to the implementation of the DAC 8, the Commission points out that “Fair and efficient taxation is crucial to secure revenues for public investment and services”.

See e.g. Conclusions on the adoption of the DAC 2 (2013) where it was noted that “[i]n times of tight budgetary constraints, combatting tax fraud and tax evasion is more than an issue of tax fairness – it becomes essential for the political and social acceptability of fiscal consolidation”.

DGTCU (n 6), 33.

2.3 Scope of application

As Article 1 states, the Directive applies to all types of taxes levied by a Member State or its territorial or administrative subdivisions, but VAT, customs duties and excise duties covered by other EU legislation on administrative cooperation. The Directive neither applies to rules on mutual assistance in criminal matters nor to compulsory social security contributions.

Regarding the substantive scope of application, DAC applies to any person, with or without legal personality resident in an EU Member State.17 Particularly, according to the Directive, “person” means a natural person; a legal person; an association of persons recognized as having legal capacity; or any other legal arrangement of whatever nature, form or legal personality, owning or managing assets or income derived therefrom, subject to any of the taxes covered by the directive.

These limits regarding the scope of application are applicable to all the DACs, as amendments of the DAC 1.

Article 3(11) DAC: trusts, foundations and investment funds, and any new instrument which may be set up by taxpayers are also under the scope of application.

2.4 Types of exchange of information

2.4.1 Exchange of information on request

Exchange of information on request (EOIR) is regulated in Chapter 2, Section I of the Directive. Thus, when a Member State needs information in relation to taxpayers or arrangements accessible in another Member State, it can send a request for information to those tax authorities. Under these provisions, at the request of a Member State, the requested authority shall communicate all information related to the administration and management of taxes, held or obtained, as a result of administrative investigations. To this aim, it shall carry out any necessary administrative investigation and follow the same procedures as if acting on its own initiative. Information shall be communicated within two months following the request if the information is already at the disposal of the tax authority, or within six months if the information needs to be collected. If the information cannot be obtained, such circumstance shall be communicated immediately and, in any case, within one month.

Regarding the limits of EOIR, Article 17(1) establishes that the requested information shall be disclosed whenever the requesting tax authority has exhausted all its internal sources of information and that the information is of foreseeable relevance. Recital 9 of DAC1 specified that “the standard of ‘foreseeable relevance’ is intended to provide for exchange of information in tax matters to the widest possible extent and, at the same time, to clarify that Member States are not at liberty to engage in ‘fishing expeditions’ or to request information that is unlikely to be relevant to the tax affairs of a given taxpayer”. This requirement has been codified by the DAC 7, which, based on the ECJ’s case law, builds the requirement of “foreseeable relevance” as a backbone on which the legitimacy of a Member State’s requests for tax information is based.18 In addition, following the OECD’s guidelines, tax authorities cannot decline a request for information solely due to the lack of domestic interest in collecting such information, or if the information is kept by a financial institution. However, there is no obligation to exchange the information if “it would be contrary to its legislation to conduct such inquiries or to collect the information requested for its own purposes”. Also, the provision of information may be refused when the requesting Member State is legally unable to offer similar information (Article 17(3)). Finally, information may not be disclosed if it leads to the disclosure of commercial, industrial or professional secrets or if it is contrary to public order.

Article 5a. DAC 7: “1. […] the requested information is foreseeably relevant where, at the time the request is made, the requesting authority considers that, in accordance with its national law, there is a reasonable possibility that the requested information will be relevant to the tax affairs of one or several taxpayers, whether identified by name or otherwise, and be justified for the purposes of the investigation. 2. With the aim to demonstrate the foreseeable relevance of the requested information, the requesting authority shall provide at least the following information to the requested authority: a) the tax purpose for which the information is sought; and b) a specification of the information required for the administration or enforcement of its national law”.

2.4.2 Mandatory automatic exchange of information

Automatic exchange of information (AEOI) is regulated in Chapter 2, Section II of the Directive.19 The original version of the Directive (DAC 1) requires in Article 8(1) Member States to automatically exchange information on the following specific categories of income and assets regarding taxpayers residing in another Member State in relation to tax periods starting from 2014: a) income from employment; b) director’s fees; c) life insurance products; d) pensions; and e) ownership of and income from immovable property. The specific incomes and assets subject to exchange are not detailed in the wording of the DAC, the matter left to the national legislations. Information shall be accompanied by the so-called “identification elements” of the relevant taxpayers (name, address, etc.) and shall be communicated within six months after the information is available. In any case, the exchange of information is subject to availability and no additional efforts to collect the information are demanded.

As mentioned above, the increase of new tax structures has led to the modification of the Directive in seven different times (generally by adding new sections to Article 8).20

The amendment introduced in Article 8(3a) by Directive 2014/107/EU (DAC 2) broadened the scope of application of DAC beyond the five originally reportable categories of income to provide more transparency on financial assets (“it spells the definitive end of bank secrecy”).21 This amendment builds upon the FATCA and MCAA/CRS standards developed by the OECD, and it was applied to tax periods started as of 2016. Further details in relation to reporting requirements are provided in Annexes I and II to the DAC. According to the DAC 2 financial institutions (e.g. banks, insurance companies, investment funds) shall identify the reportable persons and accounts and collect information on the interest paid, dividends distributed and the end-of-year value of the account balance. The tax authorities then will forward the data to the competent tax authorities in the other state. The exchange of the information shall take place annually, within nine months after the end of the year to which the information relates.

With the aim to prevent corporate tax avoidance Directive 2015/2376 (DAC 3) extended, again, the scope of application of automatic exchange to certain cross-border advanced tax rulings (ATR) and pricing arrangements (APA) as of 2017. As in the case of DAC2, these provisions are based on previous work done at the OECD level (i.e. BEPS Action 5). This way, Article 8a requires the exchange of information on cross-border ATR issued for companies and APAs involving EU countries, including the identity of the beneficiary, a summary of the content, the date of issuance, and the amount of the transactions, although Member States might request further information (i.e. the complete text of the ruling). Exchanges shall take place within three months after the end of the semester during which the ATR/APA have been issued, amended or renewed, with a retroactive reporting period established for certain ATR/APA issued from 2012 to 2016.

In line with BEPS Action 13, the amendment made by Directive 2016/881 (DAC 4) introduced automatic exchange of information on country-by-country reports (CbCR) on an annual basis in Article 8aa. The CbCR is to be filed by companies (MNEs) located or operating in the EU, with a consolidated turnover exceeding EUR 750 million. Like DAC 2, the collection and disclosure of information is taken on by private parties, particularly, the Ultimate Parent Entity of the MNE Group. The CbCR template shall be structured following the model illustrated in Annex III and must include key financial data (i.e. revenue, profit/loss before tax, taxes paid and accrued, tangible assets), the number of employees and information on the MNE structure. Information is then automatically exchanged to the Member State where one or more Entities of the Group have their tax residency or are subject to tax because of the existence of a PE. Exchanges are mandatory from 2018 within 15 months after the end of the fiscal year of the Group.

Council Directive (EU) 2018/822 (DAC 6) introduces in Article 8 bis ter a mandatory disclosure regime of certain cross-border tax arrangements for the first time in the EU. Described as “the pinnacle of tax transparency”,22 the DAC 6 is complimentary to all other DACs reinforcing certain unresolved needs at the international level.23 Following the recommendations of BEPS Action 12, the DAC 6 requires mandatory disclosure by tax intermediaries or taxpayers of certain potentially aggressive tax planning arrangements which include any of the hallmarks as listed in Annex IV24 as of 2020.25 Subsequently this information is automatically exchanged between EU Member States. A tax intermediary is that person who designs, markets, makes available or manages the execution of an arrangement or who knows, or may reasonably be expected to know, that he has undertaken to provide aid, assistance or advice in such arrangements (i.e. lawyers, advisors, etc.).

The DAC 7 (Directive (EU) 2021/514), following OECD’s Model Rules for Reporting by Platform Operators with respect to Sellers in the Sharing and Gig Economy (2020), requires the exchange of information obtained from digital platform operators. Broadly speaking, under Article 8ac and Annex V, operators shall provide the tax administration of the Member State in which they are registered with certain information related to the economic activities in which they mediate, connecting the sellers of goods or providers of certain services and the users of such platforms as of January 2023. Not all economic activities are subject to the provision of information, but only the leasing of real estate and means of transportation, personal services, and sale of goods. Likewise, not all sellers using these digital platforms must be reported as there are several excluded sellers such as state-owned entities, listed entities, “occasional sellers” and “large landlords”.

Finally, on 16 May 2023, political agreement by EU Finance Ministers was reached on new tax transparency rules (DAC 8) for all service providers facilitating transactions in crypto-assets, e-money and digital currencies for customers resident in the EU. These new reporting requirements will enter into force on 1 January 2026. In particular, following the OECD Crypto-Asset Reporting Framework (CARF) and the amendments to the CRS, the Directive will require all crypto-asset providers based in the EU (irrespective of their size) to report both domestic and cross border transactions of clients residing in the EU. Moreover, the Directive also includes reporting obligations of financial institutions regarding e-money and digital currencies and the automatic exchange on ATR used by natural persons.

In this regard, DAC also notes that the automatic exchange procedure is independent from the procedures that Member States may agree in bilateral or multilateral agreements. However, those agreements shall also be communicated to the Commission (Article 8(8)).

In all those cases where private parties are forced to disclose the information that is subsequently exchanged, the different amendments to the Directive leave it to the Member States to introduce “effective, proportionate and dissuasive” penalties for failing to comply with the requirements of national legislation implementing the DACs.

European Commission. Communication on tax transparency to fight tax evasion and avoidance. COM (2015) 136.

Hashlener, W. & Pantazatou, K. Assessment of recent anti-tax avoidance and evasion measures (ATAD & DAC 6). Study Requested by the FISC Subcommittee, 2022.

See on this topic Baker, P. The BEPS Project: Disclosure of Aggressive Tax Planning Schemes. Intertax, Vol. 43, No. 1, 2015, 85–95.

Hallmarks are a series of circumstances that indicate “a potential risk of tax avoidance” and are classified in five categories in Annex IV. Some of these categories are linked to the so-called main benefit test (i.e. one of the main effects that can reasonably be expected from the arrangement is to obtain a tax benefit).

Initially, the first reporting deadline was 2020. Following the health crisis caused by COVID-19, Directive (EU) 2020/876 of June 24, 2020, deferred deadlines for implementation of the DAC 6 until February 2021.

2.4.3 Spontaneous exchange of information

The spontaneous exchange of information (SEOI), regulated Chapter 2, Section III, deals with the unsolicited communication of information to another Member State. According to Article 9, a Member State shall communicate spontaneously the information “that is foreseeably relevant to the administration and enforcement of the domestic laws” to the competent authority of any other Member State concerned, in any of the following circumstances: i) it is reasonable to conclude that there is a loss of tax; ii) a person subject to tax obtains a reduction or an exemption from tax in one Member State which would have increased tax or created liability to tax in other Member State; iii) a business dealing between two persons liable to tax in different Member States are conducted in such a way that results in a saving; iv) it is reasonable to conclude that a tax saving may result from artificial transfers of profits within enterprises; or v) any other information that may be relevant in assessing liability to tax in the other Member State. The exchange of information shall take place within one month after the availability of the information if it deals with a potential loss of or an increase in tax liabilities, whereas the exchange is voluntary in all other cases.

2.5 Other forms of administrative cooperation

As stated above, the DAC also regulates other forms of administrative cooperation besides from exchange of information, in particular: the Presence in Administrative Offices and Enquiries (PAOE); Simultaneous Controls (SC); Joint Inspections (JI) and Access on Anti Money Laundering (AML) information.

The PAOE enables in Article 11, if agreed by authorities, the presence of the officials of the requesting Member State in the offices and during administrative inspections of the other Member State. Further, the officials may also have the opportunity of examining records and interviewing individuals. Member States can also carry out SC on taxpayers of common or complementary interest under Article 12. To this aim, each Member State shall identify the concerned persons and communicate that to the other Member State together with the proposed controls and timing. If the requested States declines participation, such refusal must be reasoned. In addition, under the provisions of the DAC 7, JI may be carried out by the tax administrations of the Member States with respect to taxpayers of common interest. In this sense, a Member State may contact another Member State for the initiation of a joint inspection. Such a request must be answered within one month and may only be rejected if justified. In any case, the applicable legislation is the one of the hosting Member State, but the tax authorities will have to agree beforehand on the practical implementation of the inspection, for example, the applicable language regime. Finally, the conclusions derived from the inspection may be included in a final report that has to be notified to the interested parties.

Finally, the DAC 5 (Directive 2016/2258/EU) provisions require Member States to grant tax authorities access to selected information held by financial institutions as of 1 January 2018 under Article 5. In particular, the data concerns beneficial ownership (i.e. the persons who ultimately own or control a company, trust, or other legal entity) and other information collected under AML rules (i.e. Directive 2015/849/EU).

2.6 General provisions and organizational structure

In accordance with the principle of loyalty, cooperation duties under the DAC are of a mandatory nature.26 Nevertheless, cooperation might be refused in the five cases listed in Article 17. Particularly, if the provision of the information leads to the disclosure of commercial, industrial or professional secrets or if it is contrary to public order (i.e. if the general interest of the community is severely undermined). This may, for example, be the case if the information is collected illegally.27 In this regard, Article 18(2) expressly lays down that banking and ownership secrets are not under this waiver.

On the other hand, the DAC also includes some horizontal provisions to enhance administrative cooperation in its entirety by using standardized forms and channels of communication. Thus, to ensure security, the Common Communication Network (CCN)28 was developed. In addition, as required by Articles 20 and 21, exchanges of information shall be performed using standard and computerized formats (“e-forms”). In order to achieve a more direct and efficient communication between administrative services, Member States’ tax authorities shall appoint a Central Liaison Office and, if wanted, Liaison Departments and/or Competent Officials as required by Article 4. Moreover, the DAC highlights the importance of sharing experiences and best practices to ensure the coordinated running of the cooperation (Article 15).

Finally, to monitor the proper functioning of the Directive, Member States are required to provide annual statistics on the volume of exchanges; the costs and benefits relating to AEOI; and any other relevant information for evaluating the effectiveness of DAC provisions. Based on those statistics an evaluation Report and a proposal directed to the Council to strengthen the efficiency and the functioning of the exchange of information were already delivered.29 A second Report is expected in 2024.

Schilcher (n 7), 226.

Baker, P. & Pistone, P. General report, in: The Practical protection of Taxpayers’ fundamental rights. IFA Basel Congress 2015, 63.

An exception is made for information obtained under DAC 3 that shall be uploaded in a separate Secure Central Directory.

DGTCU (n 6).

3 The protection of the taxpayer’s rights under the DAC

3.1 Fundamental rights at the EU level

While the European Charter of Human Rights (CFR) does not include specific tax safeguards, several provisions might play a key role in protecting taxpayers’ interests. Similarly, general principles of EU law might be relevant for guaranteeing taxpayers’ rights.30 Admittedly, as Baker and Pistone greatly describe, “all taxpayers are persons and persons are holders of rights”.31 Therefore, a proper balance between the interest of the tax administration and the taxpayers’ rights is required.

In this regard, the European Court of Justice (ECJ) has repeatedly stated that “[a] directive must, like all secondary legislation, be interpreted in the light of the Treaty rules”,32 which undoubtedly includes fundamental rights. When it comes to the DAC and its amendments, considering the massive amount of sensitive information that tax administrations possess, concerns arise as to the potential infringement of taxpayers’ rights, such as privacy, confidentiality, data protection and the procedural rights necessary to protect the former rights. In fact, the unprecedented amount of data exchanged leaves taxpayers more vulnerable to abuse of power by authorities. This is especially worrisome in the automatic exchange of information procedure where, apparently, the individual circumstances of taxpayers are no longer relevant, as opposed to the right of the administration to obtain information.33 Against this background, there can be privacy concerns when tax authorities exchange sensitive taxpayer information (i.e. taxpayers may worry about the misuse or mishandling of their personal data). In this regard, it shall be made clear that even though privacy, confidentiality and data protection are usually grouped together, they are, however, separate fundamental rights. In particular, the former relates to the stage of collecting information, while the latter come into play at a later stage once the information is in the hands of the tax administration. Thus, although the three rights are rather intertwined, all of them have their own substantive nature and trigger different legal effects when exercised. In the case at stake, confidentiality and data protection issues are common to all the DAC while the right to privacy might only affect those versions of the DAC where the information is directly provided by the taxpayer.34

Against this background, as advanced, the DAC points out that “this Directive respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union”. Similarly, all the amendments to the DAC use exactly the same formula in their preamble. However, it might be questioned whether this statement is accurate. Therefore, in the following pages the protection of these rights under the DAC will be analyzed, paying special attention to the case law of the ECJ on the matter.35

Prior thereto, it shall be reminded that fundamental rights might be subject to limits. Proportionality as a general limitation clause is codified in Article 52(1) CFR which establishes that any restriction on a fundamental right shall i) be provided for by law; ii) be necessary and genuinely meet EU objectives of general interest or the need to protect the rights and freedoms of others; and iii) respect the essence of those rights. However, as Gutiérrez-Fons36 observes, proportionality “does not apply in the same fashion” to any fundamental right but it is a “variable geometry” that considers different elements such as the fundamental right at issue, the nature of that right, the seriousness of the infringement, or the object pursued.37

As inferred from Article 6 TEU, there are several instruments for the protection of fundamental rights in the EU, namely, the CFR, the European Convention of Human Rights (ECHR) and the general principles of EU law (this has been referred to as “multilevel protection”). For further information see Toth, A. Human Rights as General Principles of EU Law, in the Past and in the Future, in: Bernitz, U. & Joakim N. General Principles of European Community Law. Wolters Kluwer, 2000; or Imamović, Š. The Architecture of Fundamental Rights in the European Union. Oxford: Hart Publishing, 2021.

Baker & Pistone (n 27), 21.

ECJ, 1 October 2009, Gaz de France (C-247/08); 17 October 1996, Denkavit and Others (C-283/94). Also, Enging Sørensen, K. Review of Legality of Secondary Legislation Based on Infringements of the Rights of Free Movement, in: Weber, D. Traditional and Alternatives Routes to European Tax Integration. IBFD, 2010, 143–168.

Vanistendael (n 1), 1150.

Moreno González, S. El intercambio automático de información tributaria y la protección de datos personales en la Unión Europea. Reflexiones al hilo de los últimos progresos normativos y jurisprudenciales. Quincena Fiscal, No. 12, 2016, 39–70.

It shall be noted that it is not the purpose of this paper to address systematically all the cases, but rather to focus on the most significant case law that might have an impact on the DAC.

Gutiérrez-Fons, J. A. The Margin of Appreciation in the Case Law of the Court of Justice: Proportionality and Levels of Fundamental Rights Protection, in: Izquierdo-Sans, C., Martinez-Capdevila, C. & Nogueira-Guastavino, M. Fundamental Rights Challenges. Horizontal Effectiveness, Rule of Law and Margin of National Appreciation. Springer, 2021, 235.

See e.g. ECJ, 8 April 2014, Digital Reports (C-293/12 and C-549/12), para. 47.

3.2 The right to privacy

Privacy is described as “the right to keep one’s affairs secret”.38 It is a right to a personal sphere which entails respect for private and family life, home and correspondence.39 It also protects the economic information of natural persons inter alia, that relating to their economic status, or that enclosed in the tax returns.40 The DAC1, as advanced, notes that fundamental rights are respected under the Directive. However, it further clarifies that the right to privacy is limited under its scope, because this is “necessary and proportionate in view of the potential loss of revenue for Member States and the crucial importance of information covered by this Directive for the effectiveness of the fight against fraud”. Even though this reference to privacy is made, the DACs do not regulate any specific safeguards to protect this right. To frame it differently, this protection has been left at the discretion of EU Member States which, in every and each case, shall respect the limits deriving from EU law.

The CFR acknowledges the right to respect for private and family life in Article 7 in the following terms: “Everyone has the right to respect for his or her private and family life, home and communications”.41 The ECJ has ruled on this provision on numerous occasions. Thus, in Bara,42 the ECJ ruled that the collection and transfer of tax data in relation to the income and assets of natural persons constituted “information relating to an identified or identifiable natural person” and was regarded as personal data. Following the Court, the right to privacy is restricted to activities carried out in the private or family life of individuals, regardless of whether the information is sensitive, the affected individuals have been inconvenienced, or the way in which the information is subsequently used.43 Similarly, in Tele2 Sverige,44 it was ascertained that economic data (i.e. information referring to professional activities) was also part of the right to privacy. According to the Court that data allowed to draw very precise conclusions concerning the private lives, “such as everyday habits, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them”, and therefore constituted an interference in Article 7 CFR.

Particularly relevant for these purposes is the case Orde van Vlaamse Balies and Others45 where the ECJ addressed the issue of whether the DAC 6 was aligned with Articles 7 and 47 CFR (right to a fair trial). Following the conclusions of AG Rantos and the case law of the ECtHR, the ECJ concluded that the rights of defense are not undermined under the DAC but that the right to respect for private life may indeed be infringed. To reach this conclusion the ECJ recalled that all correspondence between individuals, including that between lawyers and their clients, is protected by the right of privacy. The protection of this provision covers legal advice both regarding its existence and content. Accordingly, when consulting a lawyer, it can be reasonably expected that such communication is private and only in extraordinary circumstances the lawyer will disclose, without consent, that he is being consulted. In view of the above the Court went on further by arguing that whenever an intermediary is waived from his reporting obligations under the DAC 6 due to professional secrecy but at the same time he is obliged to notify other intermediaries of their reporting obligations, those other intermediaries become aware of the identity of the notifying intermediary, of his assessment that the arrangement is under the scope of the DAC 6 and, of his having been consulted. Indirectly, the tax authorities also become aware of that information. This entails an interference with Article 7 CFR.

Henceforth, it was examined whether those interferences were in line with Article 52(1) CFR. To this aim, firstly, it was concluded that the principle of legality was complied with as the DAC 6 expressly lays down the obligation to notify other intermediaries of their reporting obligations. Secondly, the ECJ ascertained that such an obligation met an objective of general interest recognized by the EU (i.e. “preventing the risk of tax avoidance and evasion”). Following the ECJ, however, this obligation could not be regarded as being strictly necessary as “the purpose of the reporting and notification obligations […] is not to check that lawyer-intermediaries operate within those limits, but to combat potentially aggressive tax practices, by ensuring that the information concerning the reportable cross-border arrangements is filed with the competent authorities.” As a result, it was considered that the DAC 6 infringes the privacy right as enshrined in Article 7 CFR.46

In a nutshell, the cases previously discussed demonstrate that, despite the lack of regulation in the DAC, under the domain of EU law, as a general rule, disclosure of tax information is a breach of the right to privacy. However, “cooperation duties are an integral part of tax systems in rule of law states”.47 Collection of taxes per se involves the provision of information by taxpayers and that does not violate the right to privacy if it is in accordance with the law; serves a legitimate purpose; and is necessary in a democratic society. Notably, in the tax area, limitations on the right to privacy might be justified while protecting the economic well-being of a country or for the prevention of tax evasion and avoidance. Therefore, the provision of information under the DAC does not imply prima facie a disproportionate infringement of this right, except in specific cases (i.e. DAC 6 and professional secrecy).

Debelva, F. & Mosquera, I. Privacy and Confidentiality in Exchange of Information Procedures: Some Uncertainties, Many Issues, but Few Solutions. Intertax, Vol. 45, No. 5, 362–381.

Carlo Favaloro, G. A. The Exchange of Tax Information between EU Member States and Third Countries: Privacy and Data Protection Concerns. European Taxation, Vol. 61, No. 4, 2021, 133–138; Ferreira Liotti, B. Taxpayers’ Data Protection: Do International, Regional, and Domestic Instruments Guarantee Adequate Rights in Tax (A)EoI?. Intertax, Vol. 50, No. 2, 138–158; Hambre, A. Tax Confidentiality: A Legislative Proposal at National Level. World Tax Journal, Vol. 9, No. 2, 2017, 175 et seq.

Calderón Carrero, J. M. El derecho de los contribuyentes al secreto tributario. Fundamentación y consecuencias materiales y procedimentales. Netbiblio, 2009, 36; Baker, P. Privacy Rights in an Age of Transparency: A European Perspective. Tax Notes International, 2016, 583–586.

Article 8 ECHR also provides the right to respect for private and family life, and adopts the same expression as appeared in Article 7 CFR.

ECJ, 1 October 2015, Bara (C‑201/14).

ECJ, 16 December 2008, Satamedia (C-73/07).

ECJ, 21 December 2016, Tele2 Sverige (C-203/15 and C-698/15). Also, ECJ, 20 May 2003, Österreichischer Rundfunk and Others (C‑465/00, C‑138/01 and C‑139/01); 6 October 2015, Schrems (C‑362/14).

ECJ, 8 December 2022, Orde van Vlaamse Balies and Others (C-694/20).

This ruling has already had an impact in some EU Member States. For example, in Spain, the Spanish Supreme Court ordered as a precautionary measure the suspension of the obligation of the intermediary exempted by professional secrecy to communicate this circumstance to the other intermediaries involved in the arrangement or to the taxpayer concerned. See Spanish Supreme Court, Order of 27 February 2023, no. 153/2021; available at https://www.boe.es/buscar/doc.php?id=BOE-A-2023-9705 (accessed 25 Sept. 2023).

Dourado, A. P. & Silva Dias, A. Information Duties, Aggressive Tax Planning and nemo tenetur se ipsumin accusare in the light of Art. 6(1) of ECHR, in: Kofler, G.; Poiares Maduro, M. & Pistone P. Human Rights and Taxation in Europe and the World. IBFD, 2011, 131–152.

3.3 The right to confidentiality

Confidentiality provisions expressly prohibit the disclosure to the information exchanged to an unrelated third party whether on purpose or by accident. Thus, confidentiality is a personal duty of the tax authorities that obtain such information to keep it secret. In the domain of the DAC, taxpayers also shall be assured that the information “is used and disclosed only in accordance with the agreement on the basis of which it is exchanged”.48 As a result, these rules prevent the information obtained for purposes other than those established by the Directive.49 To this aim, the DAC outlines specific safeguards for the exchange of information, ensuring that data is transmitted securely and in accordance with confidentiality requirements.

According to Article 16(1), the information obtained under the DACs is protected by confidentiality rules and must be granted protection under the legislation of the receiving state.50 Therefore, the level of secrecy depends on the standards of the receiving jurisdiction. Further, the information exchanged under the provisions of DAC may only be used for the administration and enforcement of national regulations related to the taxes under the scope of the directive. However, since the approval of the DAC 7, the possibility of using the information obtained by means of the Directive for other taxes, such as VAT or other indirect taxes, has been opened up.51 Additionally, any information or documents obtained under the DAC may be invoked as evidence by the requesting Member State during judicial proceedings that may result in penalties due to the infringement of tax regulations.

Originally, information and documents received pursuant to DAC could be used for other purposes only if allowed by the Member State communicating information and “if the information can be used for similar purposes in the Member State communicating the information” (Article 16(2)). However, under the provisions of the DAC 7, the use of the information obtained through the DAC for other purposes is allowed, not only under the specific authorization of the Member State providing the information, but also under a new and discretionary system. This system creates a list of purposes authorized in advance by the Member States, so that individualized permission does not have to be requested in each case.

Finally, under Article 16(3) information might be transmitted to a third Member State if deemed to be useful for that State. In such a case, the Member State of origin of the information has the possibility to deny such exchange of information within a period of ten days.

In view of the foregoing, it can be observed that while it is true that the DAC regulates some aspects of the right of confidentiality, the lack of comprehensive regulation means that the safeguarding of these rights is left, again, to the discretion of each Member State, which have not made a uniform recognition of them.52 This situation might create distortions from the standpoint of taxpayers’ rights.

Wöhrer, V. Data Protection and Taxpayers’ Rights: Challenges Created by Automatic Exchange of Information. IBFD, 2018, 184; Debelva & Mosquera (n 37), 363.

Wöhrer, supra.

Note that there is a specific article on confidentiality and limited access to tax rulings (Article 23a).

DAC 7 Recital 30: “as a matter of principle, the information communicated under Directive 2011/16/EU is used for the assessment, administration and enforcement of taxes which are covered by the material scope of that Directive […] considering the significance that VAT has for the functioning of the internal market, it is appropriate to clarify that information communicated between Member States may also be used for the assessment, administration and enforcement of VAT and other indirect taxes”.

See in this regard, Calderón Carrero, J. M. Intercambio de información y fraude fiscal internacional. Centro de Estudios Financieros, 2000, 345.

3.4 Data protection

On the other hand, data protection entails specific procedural safeguards as data quality requirements.53 Data protection is an area of EU law that has undergone major changes in recent years. In 2016, the General Data Protection Regulation (GDPR)54 was adopted with the aim of improving the overall framework for the processing of personal data to keep up with the challenges of the digital world.55 The GDPR lays down rules relating to the protection of processed data of natural persons56 and to the free movement of personal data. Safeguards related to the right to the protection of personal data are also recognized in Article 8 CFR as follows: “1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified”.

DAC 1 recognizes in relation to data protection that all exchange of information under the DAC is subject to Directive 95/46/EC (repealed by GDPR)57. This is recognized in Article 25 DAC which, after consultation with the European Data Protection Supervisor, makes clear references to the EU data protection instruments. However, according to the Recitals of the DAC limitations of certain rights and obligations provided by the data protection instruments might be considered to safeguard objectives of general interest. In particular, that is the case of Articles 10, 11, 12 and 21 of Directive 95/46,58 which lay down, respectively, the right of natural persons to be informed of a personal data processing operation where those data are obtained from them; the right of natural persons to be informed of those operations where those data have not been obtained from them; the right of access to those data; and the publicizing of personal data processing operations. According to the DAC, “such limitations are necessary and proportionate in view of the potential loss of revenue for Member States and the crucial importance of information covered by this Directive for the effectiveness of the fight against fraud”. DAC 5 Recital 6 goes one step further by establishing that, “[w]here this Directive requires that access to personal data by tax authorities be provided by law, this does not necessarily require an act of parliament […]. However, such a law should be clear and precise, and its application should be clear and foreseeable to persons subject to it”. Nevertheless, Article 25 DAC does not constitute a clear legal basis for the limitation of these rights59 and, further, it does not clarify to what extent the rights might be limited.

In this regard, even though the ECJ has rendered some cases on the legality of measures of treatment and retention of personal data in the context of cooperation procedures, no specific decision has been delivered as regards the compatibility of automatic exchange of information with data protection safeguards.

As an example, according to the ECJ in Puškár,60 EU law does not preclude the processing of personal data by the authorities of a Member State for the purpose of collecting tax and combating tax fraud such as that affected by drawing up of a list of persons, without the consent of the data subjects, provided that all of the conditions for the lawfulness of that processing of personal data required by Directive 95/46 be satisfied. Conversely, in Digital Rights Ireland61 the Data Retention Directive (Directive 2006/24/EC) was declared invalid. In this case, the Court held that the obligation to retain data in relation to a person’s private life without the user being informed constituted serious breach of Articles 7 and 8 CFR as that lack of notification was “likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance”. Further, the data were subjected to automatic processing being, according to the Court, a significant risk of unlawful access.62 Even though the ECJ observed that the data was particularly important for the fight against organized crime, it was noted that the Directive retained data “without any differentiation, limitation or exception” and that no limitation on the access of competent authorities was granted. Recently, in Facebook Ireland and Schrems,63 the ECJ concluded that the instruments for the international exchange of tax information from the EU to the USA (Privacy Shield) violated the right to data protection under Article 8. The issue in the case at stake was that the limitations on the protection of personal data arising from US domestic legislation on access to and use by US authorities of transferred data (mainly in the context of law enforcement investigations) were not regulated by guarantees substantially equivalent to those required under EU law.

When it comes to the administrative cooperation procedure those safeguards might be subject to stricter limits. Thus, in Bara64 the ECJ found that, as a general rule, the subjects of the data shall be informed of the purposes of that processing and the categories of data concerned. However, according to the Court, that right could be limited if a legal basis exists, and appropriate safeguards were established, although those safeguards were not specified. For this reason, scholars argued that the relationship between taxation and data protection rules under the DAC was uncertain65 and that taxpayers’ rights were not sufficiently protected.

However, the situation improved slightly under the DAC 7 which extends the scope of protection of the rules of the GPDR for the purposes of the DACs by adding a new section to Article 25. Under this section, in the event of a breach of personal data, competent authorities of Member States may, as joint data controllers, ask the Commission to suspend exchanges of information with the Member States where the breach occurred. The rationale is to mitigate the risks of data breaches in the context of the exchange of information. According to the DAC 7, “This is in particular important for the purpose of ensuring legal certainty for data controllers and data processors […] while ensuring the protection of the rights of data subjects”. Thus, it can be observed that the DAC 7 to some extent widens the level of safeguards of data protection for taxpayers whose information is exchanged under the DACs.

Opinion of AG Sharpston, 17 June 2010, Volker und Markus Schecke (C-92/09 and C-93/02), para. 71.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data. In addition, Directive 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector; and Directive 2016/680 of 27 April 2016 on the protection of natural persons regarding the processing of personal data for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties shall be considered in this regard.

The Treaty of Lisbon has expressly drafted the right to personal data protection among the EU general principles in Article 16 TFEU. For further information see Kokott, J. & Pistone, P. Taxpayers in International Law. International Minimum Standards for the Protection of Taxpayers’ Rights. Hart Publishing, 2022, 381.

As is clear from Article 4(1) GDPR, natural persons are the only beneficiaries of data protection rules.

According to Article 94(2) GDPR references to Directive 95/46 are now to be construed as references to that regulation.

Articles 13, 14 and 15 GDPR reproduce and amend the provisions previously reflected in Articles 10, 11 and 12 of Directive 95/46.

Wöhrer (n 47), 192.

ECJ, 27 September 2017, Puškár (C-73/16).

ECJ, 8 April 2014, Digital Rights Ireland (C‑293/12 and C‑594/12).

For further information on data protection safeguards see e.g. ECJ, 13 May 2015, Google Spain (C-131/12); 18 June 2020, Commission vs. Hungary (C‑78/18).

ECJ, 16 July 2020, Facebook Ireland and Schrems (C-311/18).

ECJ, 1 October 2015, Bara (C‑201/14).

Maria Ronco, S. Data Protection in Direct Tax Matters and Developments from the EU Standpoint: The Case of Automatic Exchange of Information. IBFD, International Tax Studies, No. 4, 2020, 5; Wöhrer (n 47), 192.

3.5 Procedural rights

Finally, the exchange procedure may result in an interference with the right of defense enshrined in Article 47 CFR (right to an effective remedy). This occurs with respect to the position and participation of the parties concerned during the exchange of information. In this regard, the OECD has identified three specific guarantees applicable to the exchange of tax information, inter alia, the rights of notification, hearing and challenge.66 Again, the DAC does not regulate any provision regarding the position of taxpayers in the procedure for the exchange of tax information, however, the situation has been addressed by the ECJ.

In the Sabou67 case, the ECJ held that Directive 77/799/EEC on administrative cooperation (the precedent to the DAC) was only aimed at coordinating cross-border information exchanges from the perspective of Member States. The Directive did not “confer specific rights on the taxpayer”, particularly, the right to be heard, the right to be informed of a request for information or the right to verify the correctness of the data exchanged. To reach this conclusion, the ECJ distinguishes two phases in the tax inspection procedure: the investigation phase, in which information is collected; and the contradictory phase, in which a proposal of tax assessment is made. According to the Court, when the Administration proceeds to collect information, it is not obliged to inform the taxpayer or request his observations on the matter. Insofar as the request for tax information under the DAC falls within the first of the above-mentioned phases, the taxpayer concerned has no right to be informed. Similarly, in WebMindLicences,68 it was ruled that EU law does not preclude the tax authorities from using evidence obtained in an administrative cooperation procedure in the context of a parallel criminal procedure without the taxable person’s knowledge. This lack of taxpayers’ guarantees was criticized as “disappointing” from a taxpayer perspective.69

Shortly thereafter, in Berlioz70 the ECJ ascertained that the information requested by tax authorities was not foreseeably relevant within the meaning of DAC. Following the Court, the notion of foreseeable relevance as inferred from the DAC, “enable the requesting authority to obtain any information that seems to it to be justified for the purpose of its investigation, while not authorising it manifestly to exceed the parameters of that investigation nor to place an excessive burden on the requested authority”. Thus, the ECJ underlined that a taxpayer has the limited right to an effective judicial remedy to challenge the legality of the information order if it fails to meet the requirement of “foreseeable relevance”, although the material characteristics of this requirement were not defined. In addition, it was confirmed that the tax authorities of the requested state bear the burden of verifying whether the information requested under the DAC is indeed relevant to the tax investigation.

Finally, the ECJ addressed the reporting obligations under the DAC and the right to an effective remedy in État luxembourgeois.71 In the case at stake the Court ruled that information is not manifestly devoid of any foreseeable relevance “where it states the identity of the person holding the information in question, that of the taxpayer concerned by the investigation, and the period covered by that investigation, and where it relates to contracts, invoices and payments which, although not specifically identified, are defined by criteria relating, first, to the fact that they were concluded or carried out by the person holding the information, secondly, to the fact that they took place during the period covered by that investigation and, thirdly, to their connection with the taxpayer”. Following the ECJ, considering the need for the speed and efficiency of that cooperation, the CFR does not preclude the possibility that a Member State obliges a person to provide personal information, with the aim to respond on a request for exchange of information made by another Member State. Thus, when a person is obliged to provide information that affects his right to privacy or data protection, he must be granted the right to an effective remedy guaranteed by Article 47 CFR. Conversely, if the taxpayer concerned is not forced to disclose the information and therefore, he is not exposed to the risk of receiving a penalty in the event of non-compliance with that legal obligation, such a taxpayer is not able to exercise that right. Following the ECJ “only the last stage of that investigation, which begins with the sending of a proposal for correction or adjustment to the taxpayer concerned […] that taxpayer is able to exercise his or her right to be heard”.

All in all, according to the ECJ tax authorities are enabled to obtain information from a third party without notifying the taxpayer if it is well-founded to do so having achieved a proper balance between the interests of the individual and of those of the community in general. Further, the cases above described, demonstrate that the right to effective remedy is severely restricted in the administrative cooperation procedure. Thus, the taxpayer might directly challenge the legality of the information exchange whenever it is not “foreseeably relevant” or indirectly at a later stage (i.e. tax correction procedure) if the information is provided by a third party. In view of the above, it would be advisable that future amendments to the DAC or the Member States provide for some procedure or participation mechanisms in which the taxpayer concerned could be heard before the information is transmitted in order to verify that their right to privacy is not disproportionately affected or that no commercial, industrial or professional secrets are disclosed.72

See e.g. OECD. Taxpayers’ Rights and Obligations – Practice Note (2003) or Keeping It Safe (2012).

ECJ, 22 October 2013, Sabou (C‑276/12).

See ECJ, 17 December 2015, WebMindLicences (C-419/14).

Huang, X. Ensuring Taxpayer Rights in the Era of Automatic Exchange of Information: EU Data Protection Rules and Cases. Intertax, Vol. 46, No. 3, 2018, 225–239.

ECJ, 16 May 2017, Berlioz (C-682/15).

ECJ, 6 October 2020, État luxembourgeois (C‑245/19 and C‑246/19).

Same opinion is held by Calderón Carrero, J. M. La dimensión Europea del Proyecto BEPS. Quincena Fiscal, No. 6, 2016, 131–132.

4 Concluding remarks

The entry into force of the DAC has clearly helped to improve the ability of tax authorities to combat different types of tax evasion, tax avoidance and aggressive tax planning. Member States’ tax authorities have a wider range of cooperation tools at their service to detect tax minimization structures and act accordingly. It has also had a deterrent effect on the concealment of income and assets by taxpayers. Likewise, the exchange of information may at the same time have some benefits for taxpayers, as it can minimize the risks of double taxation and help to establish a fair playing field between taxpayers.73

However, in recent years, the DAC has undergone several amendments with the aim to introduce the new OECD and EU initiatives in the area of tax transparency. These amendments have broadened the scope of application of the Directive, mainly establishing new reporting obligations, followed by the automatic exchange of the reportable information to other Member States. Against this background, it is worth assessing whether the strategy as a whole manages to cohere and reinforce the EU cooperation procedures or whether, on the contrary, the different amendments are disjointed and constitute responses on the fly to problems as they arise. In fact, from the taxpayers’ perspective these cooperation rules are complex and scattered (there is no single consolidated document), leading to problems of legal certainty.

Likewise, compliance costs for taxpayers are increased without their rights being equally protected under the framework of the DAC. This is because at first exchanges took place in specific situations and generally in the event of irregular behavior of taxpayers, whereas nowadays there is a system of massive and automatic supply that does not consider whether there is a regular or irregular behavior and without specific safeguards being regulated for this situation. In particular, this contribution has discussed the protection of taxpayers’ rights under the DAC, from the perspective of the EU rights to privacy, confidentiality, data protection and procedural rights.

As far as the right to privacy is concerned, according to the ECJ, although this right is limited by the obligation to provide information to the tax administration under the DAC, such limitation is justified by reasons of general interest (i.e. the fight against evasion and avoidance). Only in the case of the DAC6 and professional secrecy has the ECJ held that there was a disproportional violation of the right to privacy. From the author’s standpoint, this approach seems to strike the right balance between the rights of taxpayers and the objectives of the cooperation obligations under the DAC.

In addition, DAC sets strict confidentiality requirements for tax authorities involved in the exchange of information. Tax authorities must ensure that the information they receive or transmit is kept confidential and used solely for tax purposes. Similarly, the DAC operates in compliance with EU data protection regulations, such as the GDPR. This means that the personal and financial data of taxpayers exchanged under DAC is subject to data protection principles, including lawful processing or data security. Still, it would be advisable to implement stronger protective measures to safeguard taxpayers’ rights and address confidentiality concerns. For example, in the author’s view, the DAC may prescribe penalties for tax authorities that breach the confidentiality and data protection requirements, ensuring accountability and deterrence against unauthorized disclosure. Furthermore, instead of letting the information obtained under the DACs be protected by the confidentiality rules of the receiving state, it would be advisable to establish a common protection framework for all Member States.

While in the case of the right to confidentiality and the right to data protection, the new amendments to the DAC have reinforced certain safeguards for the taxpayers, this has not been the case for procedural rights. In fact, these rights are completely unregulated under the DAC framework and the ECJ has generally ruled in favor of the tax authorities. In this regard, in the author’s opinion, taxpayers should have the right to know when their information is being shared under DAC, and they should have the right to challenge the exchange of information if they believe it violates their rights or it is inaccurate.

All in all, it is evident that in recent years there has been an imbalance in the progress or development of administrative powers and the rights and guarantees of taxpayers, in favor of the former. While it is true that the advances in the cooperation procedure are positive to achieve the objectives pursued by the DAC, this should not be at the expense of the rights and guarantees of taxpayers.

Marina Castro Bosque, LL.M, PhD, is an Assistant Professor in Tax Law at the Department of Law, UPNA (Spain).

Diepvens, N. & Debelva, F. The evolution of the Exchange of Information in Direct Tax Matters: the Taxpayer’s Rights under Pressure. EC Tax Review, No. 4, 2014, 214.