Belgium's data protection authority (DPA) has ruled that the transfer of so-called accidental Americans' financial account data to the US government under the US Foreign Account Tax Compliance Act (FATCA) is unlawful under European Union law.
The decision follows a number of complaints made under the EU's General Data Protection Regulation (GDPR) that argued that the FATCA reports exposed compliant bank account holders to disproportionate and unnecessary risks to their data protection and security.
Since 2014, FATCA and the associated bilateral intergovernmental agreements have required non-US banks to routinely report American clients' bank accounts to the US Internal Revenue Service, usually via their own domestic tax agencies acting as intermediaries. The reporting takes place annually without any checking for indications of tax evasion, and most financial institutions file reports regardless of the amounts held in relevant bank accounts.
This led certain expatriate Americans in Europe to challenge the intergovernmental agreements under the GDPR. Belgium is the first EU Member State to allow such challenges. The DPA’s statement said the data processing carried out under the Belgian agreement does not comply with all the principles of GDPR, including the rules on data transfers outside the EU, and instructed the Belgian Federal Public Service Finance (FPS Finance) to stop the transfers and alert the legislator of the law's shortcomings...
Login to see the whole story
For business consultation, please contact us