CNPD Opinion 22/2016 on draft legislation regarding tax issues
Pursuant to the European Directive 2014/107/EU applied in Portugal, the Law Decree 61/2013 of 10 May was approved to facilitate the exchange of banking information among member states in a bid to combat tax fraud.
At the beginning of 2015, the government approved a draft which allowed the taxman access to pension funds, retirement and insurance plans, which had been applicable not only within their own country but also allowing foreign countries with which Portugal shares a Dual Taxation Agreement, to get all kind of information about Portuguese bank accounts.
In this regard, the CNPD declared illegal the attempt by the new Portuguese Government to gain access to all data in bank accounts. It considered that its effective implementation would translate into disproportionate, excessive and unnecessary restriction of the citizens’ data rights by forcing banks to hand over bank balances and detailed reports.
According to the CNPD´s Opinion “Allowing the Government to create the compulsory communication to the AT of all bank balances of people residing in Portugal would translate into disproportionate, unnecessary and excessive restriction of the fundamental rights of people’s data and private lives. This is in clear violation of Article 18 of the Constitution”. The Commission has concluded that “This measure fails to demonstrate that it adequately protects against tax evasion and that the knowledge of bank account balances is not one that will necessarily prevent or fight tax evasion”.
The Portuguese Data Protection Authority launches its Activities Plan for 2016
On April 2016, the Portuguese Data Protection Authority (hereinafter, CNPD) published the “Plano de Atividades CNPD 2016”. This Plan provides a legal analysis which aims to address the transition to the new European legal framework for the current and following years.
More specifically, the subsequent actions has been defined:
1. The preparation for the implementation of the General Data Protection Regulation (GDPR);
2. New enforcement measures for data processing operations in the field of public sector and marketing communications.
This document also deals with handling of personal data in some specific areas such as; the identity theft, the personal data for administrative transparency reasons and the impact of Internet of Things on citizens’ privacy.
Besides, particular mention needs to be made to the Institutional Cooperation established in part E of the Plan more precisely, the establishment of new protocols with higher education institutions (first point), the implementation of the Center Safe Internet highlighting the area of ??prevention in the field of data protection among young people using the Internet (fourth point), the Cooperation with the Cape Verdean counterpart authority, in exchange of information and experiences of the plan, technical training, integration in the various international data protection forums and support in the preparatory work for the recognition of the adequacy of data protection level (fifth point) and the consolidation of cooperation with the Personal Data Protection Office (OPPD) in the Region of Macao (sixth point).