Robert Goulder of Tax Notes talks with Jenny Webster and her legal counsel, Filippo Noseda, about her lawsuit before the United Kingdom High Court challenging the Foreign Account Tax Compliance Act.
This transcript has been edited for length and clarity.
Robert Goulder: Hello, I’m Bob Goulder, a contributing editor with Tax Notes. Welcome to the January edition of In the Pages, where we take a closer look at content from our print and online publications.
Our featured article for this month is “The FATCA Wars: Jenny Goes to Court.” If you follow international taxation, you will know what the headline refers to. We’re talking about Jenny’s case, which is now pending before the U.K. High Court. We are delighted to have the litigant herself, Jenny Webster, on the program.
Our other guest is Filippo Noseda, of the London-based law firm Mischon de Reya LLP, an expert in taxpayer rights, data protection, and governmental transparency. He also represents Ms. Webster.
Welcome to In the Pages.
Jenny Webster: Thank you.
Filippo Noseda: Thank you for having us.
Robert Goulder: Jenny, can you tell us about your story? How did you become a U.K. taxpayer?
Jenny Webster: I grew up in Maryland in the United States and moved to the U.K. in 2000 when I was 22 years old. I came over to study and I met my husband when I was at university. Then, when we graduated, we settled here in the Lancashire village where he grew up.
I work at a university as a research associate, and I do other freelance work, editing publications and supporting deaf students and deaf academics with their writing. I’ve been a U.K. taxpayer my whole adult life since I graduated university here.
Robert Goulder: OK. You are living and working in England, and paying British taxes on your earnings as one would expect. How and when did you learn that you could still be on the hook for U.S. taxes?
Jenny Webster: In 2016 I got a letter from my bank suddenly saying that I may have tax obligations in the U.S., and that the bank was going to send information about me and my accounts to the IRS.
I was confused by this and did some research online. I had never heard of FATCA, the Foreign Account Tax Compliance Act, or anything to do with why they would need to send my data to a foreign tax authority where I hadn’t lived since I was quite young.
They gave me a really short time frame to reply, so it caused quite a lot of panic. I did the online research and called some accountants. I found one that said he could help me figure out how to address it. He did the tax forms that I needed to do, apparently, and they said that I didn’t owe any U.S. tax.
Robert Goulder: You had to take some remedial measures, correct? That’s what you’re referring to when you said you had to hire an accountant and take care of some filings?
Jenny Webster: Yeah. He helped me with what they called the streamline program, which involved filing three years of taxes and six years of foreign bank account reporting which goes to the Financial Crimes Enforcement Network.
For all the years that he filed, I didn’t owe any U.S. tax. All my accounts were British, so everything that I had went to this Crimes Enforcement Network.
Robert Goulder: Internal Revenue Code section 911 has an exclusion for foreign earned income. Did that relieve double taxation?
Jenny Webster: My income is well below the $108,000 threshold, or whatever it is now. I was nowhere near that, and probably never will be anywhere near that threshold.
Filippo Noseda: Bob, Jenny, can I jump in very quickly? Because I had to do some research on the background of this.
Reading about the foreign earned income exemption, it was interesting to find out that it was introduced in the 1980s at the height of a recession. The U.S. government was really trying to encourage Americans to go abroad, in effect, to represent American trade interests.
At the time it was $50,000, and with inflation it has gone up. It’s interesting the government, rather than relying on credits as too complicated, it said if you go abroad and you earn a modest living we don’t want to see you, just go out and sell to the world.
Now, you have the FBAR and FATCA that effectively recaptures all those people. And just to put things in proportions $108,000, we calculate how much that is in British pounds. According to statistics from the U.K. tax authorities, less than 10% of taxpayers in the U.K. earn the equivalent of $108,000 or more.
We’re going to see later that we asked the government for information on this. They didn’t provide any information, so we can only make conjecture. If we assume the U.S. population in the U.K. matches the profile of the Brits in the U.K., then 90% of Americans residing in the U.K. would not owe any U.S. tax by virtue of earning less than the $108,000 equivalent. But nevertheless, under FATCA their information goes to the U.S.
Robert Goulder: OK, I can see that. Around 90% of the people in this situation would owe no U.S. tax. And that’s not the result of foreign tax credits, just section 911.
Filippo Noseda: Correct.
Robert Goulder: Let’s talk about citizenship. There was a period, Jenny, when you were a dual citizen, is that correct? What motivated you to become a U.K. citizen?
Jenny Webster: I wanted to be a U.K. citizen ever since I got married to my husband and I decided to settle here. There was no question about that.
I became a U.K. citizen in 2010. It was never a question to be a dual citizen then, because I had an American childhood and a British adulthood. Dual citizenship felt like the normal and natural thing for me personally to have.
It was through learning about FATCA that it started to sink in. This was going to be a big problem going forward. I had all these different filings, and some data transfers, and things going on that were beyond me.
I couldn’t afford this expensive help to always figure out what was going on at every single financial decision. It was just going to be unbelievably complicated. And I was never able to find out what was happening with this data. What did this mean? Why was this being sent when I didn’t owe any U.S. tax?
I realized, also, that I couldn’t get an investment account. For me and my husband, as I tend to do the finances for us, I like to be able to do things with my own money and with our money. I couldn’t open an investment account because of being a U.S. citizen, for example. There was just a lot of things. I was hitting a wall with my U.S. citizenship.
It started to dawn on me in 2016, and that just increased until 2018, by which time I had written to my member of Parliament and to HM Treasury a number of times, to the U.S. ambassador, to several members of Congress. I had submitted evidence to the U.S. Senate Finance Committee and Freedom of Information Act requests here to try to find out about FATCA — what it was actually doing and how people could find out what was happening to their data.
I was just at the end of my rope. With a very, very heavy heart in late 2018, I applied to renounce my U.S. citizenship.
Robert Goulder: When I first heard about your case, somebody here tapped me on the shoulder and said, “Hey, did you hear about this person who is crowdfunding her legal expenses?” I hadn’t heard of anyone doing that before. Where did the idea come from?
Jenny Webster: Those of us impacted by FATCA have formed an online community. It has people like me who are American immigrants who moved. A lot of people moved at a young age like me, in their early twenties. And others who left the U.S. when they were babies or toddlers. Or accidental Americans.
We have this online community to support each other and help new people who are coming into this and panicking, like most of us did. It helps them figure out what to do.
It was somebody in that group who runs a website in Australia called Fix the Tax Treaty. She sent me a conference panel video that talked about FATCA and data transfers. One of the people on the panel was British. I loved what he said; it really resonated with me. I looked online to find out who he was. He is Philip Baker QC and I found he had written a lot about this topic. I just emailed him to say, “Thank you so much, I really liked what you said and thank you for speaking out about this.”
He put me in touch with Filippo. And then over many months we started talking and I told him about my Freedom of Information request. He had worked with the predecessor to the European Data Protection Board. He had loads of experience doing this long before I ever knew about FATCA. It arose out of that, because I had been through all these avenues with the ICO and I’d had the door slammed in my face so many times. The only way of really going forward was through the courts, and the only way of doing that was crowdfunding. It had to be done that way, really.
Robert Goulder: Filippo, let’s talk about the legal analysis. I have mentioned FATCA a few times, but your client has renounced her U.S. citizenship so she is no longer subject to that regime. What is the basis for your current legal challenge?
Filippo Noseda: That she was American and therefore, up to her renunciation of citizenship, she was under this regime. We know that her data was processed and was exchanged. Exchanges processed by banks, maybe with the help of external providers or cloud services.
From there the information we know went to HM Revenue & Customs which used some software — maybe internal, maybe external, maybe on the cloud — which then sent information over the Internet through a system called IDES, International Data Exchange Software, developed by a company with close links to the National Security Agency, which went to the U.S.
Notwithstanding the fact that she renounced her citizenship, multiple stages of transfers of data took place and exposed her to the risk of hacking. We also believe it was against the principle of proportionality on the basis that data was exchanged in circumstances where Uncle Sam did not want any tax from her. Even if her data is no longer currently being exchanged, violations of fundamental rights have taken place. The legal basis is data protection legislation.
We know that following the revelations by Edward Snowden, there was a big discussion about whether or not states should be entitled to collect and process information of citizens on a bulk basis. Historically, the idea came out of the 9/11 attacks. States believed philosophically that they had a right to do that. For the U.S. government under Obama, and in the U.K., there was a big discussion as to whether that was right.
In the EU, in particular the European Parliament, it was felt that the pendulum had swung too much towards state powers. The GDPR, the General Data Protection Regulation, was voted on in 2016 and entered into effect for all EU member states in 2018. It provides for some precise safeguards on how data should be collected.
If you forgive me for becoming philosophical, the backbone of that legislation is the European Convention of Human Rights, which is a multilateral convention that was signed in 1950, five years after the Holocaust and at the time when Stalin was still around. It was really a philosophical statement by the west saying that we differentiate ourselves from communism, which is communal, by putting the individual at the center of the political edifice and then we build the state around it. Article 8 of that convention says that there is a fundamental right to privacy. In 1950 privacy was that important after totalitarianism.
Article 8 says that right is fundamental. Of course, it is not absolute. The state must be able to come into your house for an arrest, but you need a warrant. You need a law. You need a public objective, which you have here because FATCA seeks to fight tax evasion.
Article 8 of the European Convention of Human Right says that any limitation by a public authority of the rights to privacy needs to be necessary in a democratic society to achieve the objective. That article was taken up by the European Union in 2000 just before the Eastern European bloc, following the fall of the Berlin Wall, joined the EU. The EU was effectively saying to former communist states, “If you are coming over here these are the principles we want you to abide to.”
The EU effectively signed up a new convention called the European Charter of Fundamental Rights, that replicated and modernized the old 1950 convention. In addition to the right to privacy, it introduced the right to data protection, because of course, we had the internet in the meantime. Article 52 of the European Charter of Fundamental Rights, again, says that limitations to fundamental rights, including the right to data protection and privacy, need to be necessary in order to achieve the objective.
Now, fast forward to 2018 with the GDPR. The GDPR contains a number of principles, one of which is called Data Minimization, which says that personal data should only be processed to the extent that is necessary to achieve the objective. As you can see, there is a thread going through the whole thing between Jenny’s case, her data, and the 1950s convention.
We now have two bits of legislation which have extraterritorial effect. There’s FATCA, through bilateral agreement, forces foreign banks to provide information to the U.S., either directly or indirectly depending on which model agreement you have, and so is extraterritorial. Then you have this EU legislation that says EU data should not be transferred to a third country unless the data processing abides to the EU standards including data minimization as a necessity.
So there we are. That’s the legal basis of our claim, and the jury’s out on that one.
Robert Goulder: You mentioned the GDPR, which comes from the EU framework, but we’ve had Brexit. Can you touch on how Brexit affects the situation?
Filippo Noseda: Since the U.K. joined the European Economic Community in 1973, a lot of U.K. legislation has derived from the EU. When Theresa May tried to decouple the U.K. from the EU, it became apparent that you can’t simply leave the club, renounce all the body of rules and pretend it don’t exist, to go back to your domestic law.
The EU is a huge trading partner for the U.K. and in data protection if you do not abide to the principles of EU law, U.K. businesses, banks, and others will not be able to do e-commerce with the EU. That’s because the EU will not be able to transfer data to the U.K.
So, what the U.K. did was to come up with a very strong slogan: Take back control over our borders and our laws. But in practice, not much has happened because under the (Withdrawal) Act 2018, the idea is that the existing EU legislation remains part of U.K. law, so effective nothing changes.
For the GDPR, we call it the U.K.-GDPR, it’s the same thing. Going forward the government and U.K. courts may have power to depart from that law. Because of this continuity between EU law and what we call retained EU law, even case law from the Court of Justice of the European Union remains relevant.
Now, you haven’t got the hierarchy of the CJEU dictating how the U.K. courts should behave, so there is no precedence anymore. However, when interpreting the retained EU law, if there is a case from the CJEU — the U.K. judges are supposed to take that into account. They’re free to depart from it, but there needs to be a reason for that.
Going back to our timeline for Jenny, FATCA became law effectively in the U.K. in 2016. Why? Because you have FATCA, which is a U.S. law and you can say whatever you want in the tax code, but the reality is that you cannot implement it in a foreign country unless you invaded.
So, really what you need is for the other countries to say, yes, we effectively agree — we will plug into the system. The way that happens is through Intergovernmental Agreements, which are bilateral agreements whereby foreign trading countries say to the U.S., “Look we will switch on FATCA domestically.” And the U.K. did that, as the first EU country to do so, in 2012.
Interestingly, two months after, the European Data Protection Authorities issued a damning opinion to say that FATCA was disproportionate. Anyway, this is what U.K. did and the rest of the EU followed suit. It was effectively switched on in the U.K. in 2016. That’s when Jenny’s data started to be exchanged. At that point the GDPR was not in force yet.
Under the claim we are applying pre-GDPR case law and legislation, it’s called a Data Protection Act 1998. There was an EU directive, then from 2018 onwards it becomes the GDPR with a lot of case law, and then we got Brexit.
Although the claim has been brought following Brexit, Brexit is not relevant for us because the transfer of Jenny’s data took place and stopped before Brexit. So, Brexit is sort of a background noise in our claim. It’s all effectively EU law.
Robert Goulder: In your experience here, how well does the Information Commissioner’s Office (ICO) safeguard the interests of Jenny, specifically, or British taxpayers generally?
Filippo Noseda: Well, a dyslexic friend of mine sent me a message to say we have an email from the incoherence commissioner’s office. It is incoherent because the mission statement is to be vigilant; to be a policeman of a government. It’s supposed to be independent.
The reality is that the ICO has been happy to apply the GDPR and come up with fines and what not — as the rest of the EU data protection authority have been — when it comes to e-commerce. There are huge fines around Facebook, but not when it comes to governments.
It was before my time when Jenny tried to get information out of HMRC, they said transparency is an interesting principle but it only goes one way: We want your data, and why should we give you our data. HMRC said that to provide you with our data will jeopardize our relationship with foreign countries. Very much 007 kind of stuff.
Jenny, before my time, appealed to the ICO and the ICO sided with the tax authorities. If you read the ICO decision, it says, at the time of the request the U.S. was one of the closest allies of the U.K. And therefore, to provide information to Jenny is likely to prejudice international relationship with our friends.
And that’s odd, because the ICO should not give a hoot about politics. But it did, it’s been subservient, we believe, to HMRC.
When we then appealed to the ICO and made them aware of a lot of case law from the EU that said data protection is really important and you need to apply it, they sat on it for, I believe, 11 months. When pushed, they said, “Oh, sorry, we still need to get policy inputs in relation to Jenny’s case.”
Now, when an independent body asks for a policy inputs, in my book that ain’t independent. We do feel the ICO has let Jenny down.
If you go to the ICO, they would say that they are very independent. But if you look at the history we found, oh, if I can open a bit of a can of worms here. Through Jenny’s connections we came in touch with an accidental America called “J.R.”
J.R. in 2016 filed a petition with the European Parliament, just about the time the GDPR was being adopted. It asked the European Parliament to consider the extraterritoriality of FATCA and the implications for data protection.
We got in touch with him, and through him, we got in touch with a Dutch member of European Parliament, Sophie in ‘t Veld, who fought three or four years against the commission. We got ahold of documents and they make for very interesting reading.
The commission later denied the existence of negotiations, but we saw that in 2010 — even before FATCA became law in the U.S. — the European Commission had active negotiations with the Secretary of the Treasury to say that there were concerns that FATCA could not be exported into the EU because of data protection, the European Convention on Human Rights, and so forth and so on.
There were interesting letters by the European Banking Federation and the British Bankers’ Association saying that FATCA was disproportionate. There was a letter by the British Bankers’ Association to say that the board of directors of our members simply cannot sign up to this unless these issues have been resolved. And the European Commission was really trying to mediate and asked the Independent Data Protection body to look into it.
In June 2012, two years after FATCA came in and before the IGAs were signed, this body came up with a five- or six-page opinion which says that FATCA needs to be seen as necessary from an EU perspective. And nearly verbatim, that body said that the bulk collection of data of citizens without any conditionality of tax evasion is not the correct or right way to achieve FATCA’s objective.
And that body went on to say that less invasive alternative systems need to be considered. Two months later the U.K. signs up to FATCA. So, that’s the U.K. already playing its own way, but also the U.K. never quite understood privacy, although the European Convention on Human Rights was really the brainchild of Churchill.
The U.K. government decided to act against the advice of the European Commission, and the Independent Data Protection Board, opening a floodgate. Because at that point the European Commission said, “Forget data protection. They want a level playing field. We can’t have the City of London doing business with Americans, while Paris and Frankfurt are cut out.” At that point everything changed.
Also, the French finance minister who signed the French IGA was appointed European Commissioner. Clearly, it was impossible for him to say that what he had done was against fundamental rights, and we’ve seen a cover-up.
Back to your question, it was interesting to see that European Data Protection Authorities had very independently looked into this matter and said, “This doesn’t work.” HMRC plays politics and behind them ICO says, “Absolutely, that’s fine because that would prejudice the relations with a close ally.” It’s called the Information Commissioner’s Office, but there’s no information coming out of it. That’s a big problem in my view.
Robert Goulder: If you look at the European Union, every country has its own national data protection agency, but isn’t there some piece of the EU infrastructure that oversees them? Was it the European Data Protection Board?
Filippo Noseda: Correct. The opinion issued in 2012 at the behest of the commission was published by the Working Party Article 29, named after an article of the pre-GDPR directive. Article 29 said that there should be an independent body and umbrella organization bringing together all member states’ National Data Protection Authorities, and to advise the commission on legislation. That’s exactly what they did.
With the GDPR, this was WP 29, Working Party 29, and it was checked by a fiery French lady, who, in the dying days of the WP 29, sent a strong letter to the European Commission and the OECD to say that automatic exchange of information was very worrying. And that the OECD and the European Commission were not taking into account case law developments. Soon after she wrote the letter, that body disappeared.
Because article 29 of the directive disappeared, it was replaced by the European Data Protection Board. Its remit is similar. It has to advise the Commission on data protection issues, and it has to coordinate the work of National Data Protection Authorities. There isn’t a right by that board to take legal action, but we’ve been trying now for three years.
We published on our website correspondence, about 110 letters, we wrote to the EU asking the European Data Protection body to take seriously its duty to supervise and coordinate. We say there is no coordination, because you have bodies who really are not working in line with the GDPR, and who are working against case law, but they are not doing anything. We found evidence of reports that the European Commission was meddling with the work of the European Data Protection Board, because they want FATCA to remain.
The reason why the EU wants FATCA to remain is partly to do with the U.S. and partly because out of FATCA came the Common Reporting Standard. Clearly it is in the EU’s own political interest to receive information from third countries.
That’s becomes very complicated because three days ago we sent out letters to Commissioners Paolo Gentiloni and Věra Jourová, asking them for a reply in respect of evidence we’ve seen through documents unearthed by the Dutch MEP that clearly suggests the European Commission tried to negotiate with the U.S. This current administration went on to deny the existence of any negotiations with the U.S., against any clear evidence and trying to bury everything under the carpet.
We believe that like the ICO, the European Data Protection Board is not independent and is not discharging its duties. Last year it issued a statement inviting member states to renegotiate the IGAs to the extent that there is a breach of the GDPR.
Now, that is an interesting view because if the right is fundamental, and why would you leave to governments the renegotiation of a political instrument that infringes fundamental rights? We believe there is an endless ping-pong game which has been played very consciously to frustrate any attempt to bring justice in this area. If it’s not conscious, then there is a staggering level of incompetence at the heart of the mechanism that is supposed to enforce the GDPR.
Robert Goulder: What role did the Freedom of Information Act play in this litigation?
Filippo Noseda: Well, Jenny asked HMRC to disclose aggregate data based on a FOIA request, under the Freedom of Information Act 2000. The HMRC and the ICO hid behind an exemption.
There is now a lot of evidence to suggest that the U.K. government is suppressing information to citizens. This is where things become interesting.
In 2013, when FATCA was being debated in the EU, then-Prime Minister David Cameron called a G-8 meeting in Northern Ireland. One of the things they discussed was public registers of beneficial ownership because we need to have transparency. But they said transparency goes both ways.
If you look at the communique by the leaders, it was the G-7 plus Russia. Putin was there. They came up with the idea of an open government charter. Now, if you have a meeting with Putin, you know that that’s not going to happen. But there is a negation by governments of the rights provided for transparency.
We know that in the U.K., this government has been very active in trying to stifle any criticism by citizens following the number of court cases that went against the government. The government is really trying to say to judges that they should not meddle, and citizens should not bring claims against the government. If you watch the news now about our prime minister’s shenanigans in relation to COVID-19, you’re not surprised.
Although FATCA is just about tax and Jenny’s data is just about bank accounts, if you think about it, I think there is a huge peril that we are at a breaking point of our democratic process where citizens are not allowed to ask the state for information. The state is imposing a lot of transparency on citizens based on a very noble objective of fighting against tax evasion, but using a hammer to crack a nut.
I’m Swiss by background. I was a Zürich lawyer before I came to the U.K. Clearly what was happening in the 1990s and what came out of the Levin reports on tax evasion and Swiss banks was despicable. Diamonds being taken offshore through toothpaste tubs and that kind of stuff.
FATCA was designed to prevent “fat cat” rich Americans from hiding money offshore. Interestingly, in 2010, the British Bankers’ Association and the European [Banking] Federation used to say but this has gone too far because you’re now capturing anyone, even people who do not pay tax and people who do not have money offshore. Because to say that Jenny, whose bank is 500 yards from her home, that she is hiding money from Uncle Sam by placing it offshore, that’s a bit rich. And so disproportionate.
Nobody’s saying that FATCA is wrong. Nobody says that FATCA the principal isn’t right. It’s the way the governments have gone about it that is wrong. A very noble principle has been applied disproportionately and governments do not want to be held accountable for that. That is the big problem. And so, Freedom of Information Act has turned out to be on the face of it toothless.
Robert Goulder: With all we’ve absorbed from this discussion, what does a successful outcome look like, for you and your client? How is justice achieved here?
Filippo Noseda: It’s simply that we would have a determination that Jenny’s rights have been violated. And that’s the end of it. Then it’s for others to decide what that means for the bigger picture.
Now, I’ve been philosophical about the past, I could be philosophical about the future, but the reality is that this is an individual claim by an individual person who believes that her individual rights have been violated. That individual violation of individual rights must be ascertained by a court.
If that happens, there may or may not be ripple effects. A government might feel that Jenny was in a completely isolated and unique position. Or other claimants might feel that judgment could apply to them as well.
It’s not really for us, as advocates, to start playing politics. This is not a public interest case. This is an individual case that attracts public interest. Those are different things, so our aim is to get a nice judgment to say, “Yes, the ICO has not done its job and HMRC have not done the job. Jenny’s data were collected, processed and sent across the pond in a way that breached fundamental rights.” Period.
Robert Goulder: There you have it. Thank you for your comments. We will continue to monitor this story because we know that our readers are very interested in what happens next.
Jenny Webster: Thank you Robert,
Filippo Noseda: Thank you.