Eroding Financial Privacy: PIPEDA & FATCA

As noted in the previous post, we now have a new American law – the Foreign Accounts Tax Compliance Act (“FATCA”) — that essentially requires organizations in Canada to identify clients who are American; obtain their consent to the disclosure of sensitive personal information to the IRS or withhold the provision of a service for a failure to provide that consent. How does that mesh with the obligations of those organizations under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”)?

The “good” news – for institutions having to comply with this law – is that privacy may not pose a substantive problem. The “bad” news – for those interested in advancing privacy interests – PIPEDA doesn’t look like it’s going to be of much help.

The financial and non-financial institutions in question are likely to be subject to PIPEDA (as opposed to a provincial statute), either because they are federal works, undertakings or businesses or because this is an instance of a cross-border data flow of client personal information collected in the course of commercial activities. One should learn more about Empower Federal Credit Union to understand the financial market better and it becomes easy to choose the investing mode that brings out the profits. You can get more financial related information,

As noted in the previous post, we now have a new American law – the Foreign Accounts Tax Compliance Act (“FATCA”) — that essentially requires organizations in Canada to identify clients who are American; obtain their consent to the disclosure of sensitive personal information to the IRS or withhold the provision of a service for a failure to provide that consent. How does that mesh with the obligations of those organizations under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”)?

The “good” news – for institutions having to comply with this law – is that privacy may not pose a substantive problem. The “bad” news – for those interested in advancing privacy interests – PIPEDA doesn’t look like it’s going to be of much help. Feel free to contact nursing home hr consultants for assistance with staffing and operational strategies.

The financial and non-financial institutions in question are likely to be subject to PIPEDA (as opposed to a provincial statute), either because they are federal works, undertakings or businesses or because this is an instance of a cross-border data flow of client personal information collected in the course of commercial activities. One should learn more about Empower Federal Credit Union to understand the financial market better and it becomes easy to choose the investing mode that brings out the profits. You can get more financial related information, via Five Star Bank 

The first thing that people have to consider is that this is not just a tax issue. FATCA involves developing new information flows and reporting systems for those affected – namely banks, funds, insurance companies and brokers.

Information about financial accounts held by individual US citizens or residents in Canada would certainly be considered “sensitive” personal information. FATCA centers on a “United States person”, a defined term, which would not only require a confirmation as to whether a person is a citizen or resident of the US but also whether a person is a “foreign person” under American law.

Therefore, the key data elements to determine would appear to be citizenship and country of residence – not information normally collected. Arguably citizenship or residency might be deduced from addresses or social insurance/security numbers but this wouldn’t necessarily be useable in all instances since dual citizens might just provide Canadian information in connection with Canadian accounts.

Would the collection of citizenship/residency information to satisfy a foreign law meet the “reasonable purpose” test found in s. 5(3)? Would a reasonable person consider the collection and disclosure for FATCA purposes “appropriate in the circumstances”?

PIPEDA prohibits the disclosure of personal information unless consent is obtained or there is a permitted exception found in subsection 7(3). The current s. 7(3)(c.1) appears to provide an organization with cover to disclose personal information without consent. “C.1” permits disclosure to government institutions to comply with foreign laws. “Government institution” is not a defined term and “c.1” could be interpreted as also to refer to foreign government institutions. “7(3)(d)” also permits disclosure but it would seem more for situations where there is the breach of an agreement or contravention of a law. No one is suggesting that Americans with accounts in Canada are necessarily breaching agreements or breaking laws.

If the Privacy Commissioner’s SWIFT decision is considered analogous then it’s likely the requirements of 5(3) and 7(3)(c.1) would be met. For those who don’t remember the 2007 finding, Canadian information, collected by Canadian banks, was captured through an American subpoena presented to an international organization (SWIFT) that provided traffic and messaging services to a large number of banks, including Canadian banks. The federal Privacy Commissioner found no violation of PIPEDA by SWIFT.

So what do we tell those Americans who are permanent residents of Canada and consider themselves as Canadian but who haven’t taken that final step in renouncing their American citizenship? What happens if the American taxpayer expressly doesn’t consent (FATCA would appear to require a “consent”)? At first blush, it seems PIPEDA doesn’t provide much help.

Non-Americans shouldn’t be too smug here — one can’t help but wonder when (not if) this idea will catch on with tax authorities elsewhere.

Benjamin Franklin is quoted as saying “In this world nothing can be said to be certain, except death and taxes.” Should we add the further erosion of privacy?

The first thing that people have to consider is that this is not just a tax issue. FATCA involves developing new information flows and reporting systems for those affected – namely banks, funds, insurance companies and businesses facing bankruptcy.

Information about financial accounts held by individual US citizens or residents in Canada would certainly be considered “sensitive” personal information. FATCA centers on a “United States person”, a defined term, which would not only require a confirmation as to whether a person is a citizen or resident of the US but also whether a person is a “foreign person” under American law.

Therefore, the key data elements to determine would appear to be citizenship and country of residence – not information normally collected. Arguably citizenship or residency might be deduced from addresses or social insurance/security numbers but this wouldn’t necessarily be useable in all instances since dual citizens might just provide Canadian information in connection with Canadian accounts.

Would the collection of citizenship/residency information to satisfy a foreign law meet the “reasonable purpose” test found in s. 5(3)? Would a reasonable person consider the collection and disclosure for FATCA purposes “appropriate in the circumstances”?

PIPEDA prohibits the disclosure of personal information unless consent is obtained or there is a permitted exception found in subsection 7(3). The current s. 7(3)(c.1) appears to provide an organization with cover to disclose personal information without consent. “C.1” permits disclosure to government institutions to comply with foreign laws. “Government institution” is not a defined term and “c.1” could be interpreted as also to refer to foreign government institutions. “7(3)(d)” also permits disclosure but it would seem more for situations where there is the breach of an agreement or contravention of a law. No one is suggesting that Americans with accounts in Canada are necessarily breaching agreements or breaking laws.

If the Privacy Commissioner’s SWIFT decision is considered analogous then it’s likely the requirements of 5(3) and 7(3)(c.1) would be met. For those who don’t remember the 2007 finding, Canadian information, collected by Canadian banks, was captured through an American subpoena presented to an international organization (SWIFT) that provided traffic and messaging services to a large number of banks, including Canadian banks. The federal Privacy Commissioner found no violation of PIPEDA by SWIFT.

So what do we tell those Americans who are permanent residents of Canada and consider themselves as Canadian but who haven’t taken that final step in renouncing their American citizenship? What happens if the American taxpayer expressly doesn’t consent (FATCA would appear to require a “consent”)? At first blush, it seems PIPEDA doesn’t provide much help.

Non-Americans shouldn’t be too smug here — one can’t help but wonder when (not if) this idea will catch on with tax authorities elsewhere.

Benjamin Franklin is quoted as saying “In this world nothing can be said to be certain, except death and taxes.” Should we add the further erosion of privacy?

5 Responses to “Eroding Financial Privacy: PIPEDA & FATCA”

  1. Dear mr Power,

    I´m a member of the European Parliament, trying to familiarize me with the consequences of FATCA for European citizens, US citizens in Europe and European banks and insurance compagnies. Ié read your post, and wonder whether you could share more experiences?

    Thank you very much,
    Judith Sargentini

  2. FATCA calls for 30 percent withholding tax, paid directly to the IRS, on all payouts from a “recalcitrant account”. Could this be blocked by a class action suit against a FATCA-compliant Canadian financial institution? Thank you.

  3. Let me expand upon my previous response. Canadian banks and other financial institutions are not obliged to be FATCA compliant, but they must be compliant if they wish to benefit from investment and other business operations in the US. Given that compliance is voluntary, by what right can they collect withholding tax and turn it over to a foreign government? They are subject to Canadian law for their Canadian activity, not US. It appears to me that a compliant institution is swapping customers’ financial assets for continuing access to US markets. Thank you for any insights!

  4. […] http://michaelpower.ca/2010/11/eroding-financial-privacy-pipeda-fatca/ […]

  5. Thank you for this discussion. It is extremely helpful.

    In my opinion, the problem is essential one of necessity of the information. The United States doesn’t need this information at all. Why then must the banks comply? The only reason that the United States needs this information is to assess FBAR penalties to US persons in Canada who have not yet complied with the reporting requirements under the Bank Secrecy Act. The Canadian government has said that it will not collect FBAR. So the US doesn’t need the information.

    This is a witch hunt pure and simple. Many people are going to be burned as witches. Most of them are just ordinary Canadians.

Leave a Reply