Dutch Supreme Court: Tax authorities are violating privacy of employees with company cars

On 24 February 2017 the Dutch Supreme court (de Hoge Raad)  issued a judgment on the question which information sources tax authorities can exert to ascertain the correctness of tax data provided by citizens, while still respecting their right to privacy.

According to currently applicable Dutch tax law (Wet op de Loonbelasting 1964), employees that are using company cars for private purposes as well, are obliged to document the amount of kilometres they had driven in a certain tax year. Of course, the Dutch tax authorities might assess the correctness of provided tax information by using legitimate investigation methods, which must find its legal basis in applicable law. An outcome of this can be that the employee must pay additional taxes (a so called naheffing).

In the current case, three employees were confronted with additional taxes because of private use of their cars by more than 500 kilometres per year. According to the tax authorities, the kilometre records provided by these employees did not match the data from the ‘Automatic Number Plate Recognition’-system (ANPR). This system is incorporated in the traffic cameras of the National Police (Korps landelijke politiediensten – KLPD), which cameras are placed along main traffic roads. Both the KLPD as well as tax authorities receive data from the ANPR. Tax authorities filter relevant fiscal data and store this information for a few years.

The court’s judgment

The question is whether the processing of these personal data (i.e. location, date, time, number plate) can find its justification in the generally formulated public task of tax authorities to secure a steady collection of taxes. In other words: had the tax authorities enough legally granted and sufficiently specified powers to use the ANPR data?

By referring to article 8 of the European Convention on Human Rights and article 10 of the Dutch constitution, which both protect our privacy against governmental interference, the court holds that a derogation to the right to privacy of civilians can only be admissible if this can be based on a sufficiently specified legal ground to do so.

In this case this legal ground was deemed particularly necessary, since the processing by the tax authorities was concerning systematic collection, recording, editing and years of data retention of the movement of vehicles at various locations in the Netherlands in such a way that the processed data could lead to an identifiable person and wherein it (also) was used to analyse the movement of that person.

The Supreme Court therefore ruled that the generally formulated public task of tax authorities to collect taxes was insufficiently specified to justify the processing of the ANPR-data. As a result, the decision to impose additional taxation on the employees was withdrawn.

Conclusion

Although this case was not directly based on obligations from the upcoming GDPR, it shows that privacy is a fundamental human right, and therefore should also take into account when it concerns ‘’business processes’’ of governmental organizations.

 

Source: ECLI:NL:HR:2017:288

Back to the overview