The need to cap the ATO's access to personal data


By Nicole Kelly, Founder, TaxTank*
Tuesday, 23 July, 2024


The need to cap the ATO's access to personal data

With the ongoing cost-of-living crisis coinciding with the start of the financial year, the ATO has seen taxpayers rushing to make their tax returns. Unfortunately, not only did the ATO’s system crash under the pressure of the spike in online traffic, but taxpayers are facing yet another year of increased scrutiny based on further measures the ATO is taking to access their personal data.

The ATO’s heavy investment in taking further compliance measures, including cracking down on inaccurate tax return submissions and chasing late payments, is starting to look like it has no bounds. Whether it is accessing property investor bank data, or online shopping data from major ecommerce companies such as Amazon and eBay, the ATO is using its data-matching program to seemingly go to any lengths necessary to optimise its financial returns.

For taxpayers, whose names, birthdates, financial transactions, visa information and more are being pried into, it sends a clear message that taxpayers cannot be trusted. Now, further investment in Digital ID to extend its access to Australians’ personal data is another statement in itself highlighting the importance of catching out ‘dodgy’ claims.

But it’s time for a fairer approach, in my opinion.

The ATO’s access to personal data should have limits

The vast majority of Australians understand they need to protect their data amid growing cybersecurity and privacy threats. Yet the ATO continues to extend its reach into taxpayers’ personal information without their explicit consent. Unlike other entities governed by the Privacy Act 1988, which mandates clear opt-out options and proper disclosures for data collection and usage, the ATO’s practices lack similar transparency and user control mechanisms.

Under the Privacy Act, businesses must notify individuals of the collection of their personal information, its primary purpose, and any secondary purposes for which it might be used. They must also provide clear opt-out options and ensure that personal information is used only for the purposes that individuals reasonably expect or have consented to.

However, the ATO matched data from over 600 million transactions last year, often without providing explicit disclosures or opt-out options, leaving many individuals unaware of how their data is being used. This extensive data matching, combined with AI and automation to analyse vast datasets for patterns and anomalies, raises significant privacy concerns. The ATO’s ability to assess various parameters, such as spending behaviours and income patterns, gives it an unchecked advantage in tax enforcement, often making assumptions that can lead to a ‘guilty until proven innocent’ scenario for taxpayers.

Taxpayers should be asking to what end this invasion of privacy is meant to go. If we are to judge by the ATO’s actions in recent years alongside the federal government’s repeated multimillion-dollar investments into the ATO’s compliance measures, the only thing that is clear is there is no end point.

Can the government ensure security and safety with Digital ID?

Coming into effect in November, Digital ID aims to streamline the process of collecting dozens of pieces of personal information to enable Australians to quickly and easily identify themselves. While it has been designed with the ambition to be more secure than the current range of systems the government uses to collect and verify identity data, it will not be completely bulletproof, according to experts.

As well as the cybersecurity measures the government will need to take, taxpayers and the tax ecosystem should also recognise the ATO’s own faults in its systems. This includes the recent faulty software that caused over 1000 wrong transactions and is contributing to the ATO’s reputation for starting ‘Robotax’, an automated system seen by many to be using inaccurate information to unfairly force taxpayers to make payments they should not owe.

Leveraging tech for good

The ATO’s renowned Tax 3.0 vision, where every corner of the tax ecosystem is based on digital-first approaches, is still just that: a vision. Taxpayers, accountants and fintechs are far from experiencing a tax system that ‘just works’ and, despite the ATO’s tech-driven challenges to date, the solution to delivering the future that the tax ecosystem is waiting for lies in technology.

By adopting digital technologies with individual taxpayers’ best interests at the core of their design, and aligning them with the ATO’s compliance-driven processes and operations, there can be a common ground where both the taxpayer and ATO come out as winners. However, this needs to start with assuming good intent on both sides and stopping the current approach of privacy invasion at all costs.

*Nicole Kelly is the CEO and founder of TaxTank, which produces cloud-based tax management software for individual taxpayers. Nicole is an MBA, CPA and tax specialist with over 18 years of leadership experience across diverse industries. She founded TaxTank to help tackle the inefficiencies plaguing today’s tax systems.

Image credit: iStock.com/Vertigo3d

Related Articles

Demystifying zero trust for government

As zero trust becomes more central to ICT environments, it needs to be considered not just as an...

Cyberwarfare 2025: the rise of AI weapons, zero-days and state-sponsored chaos

Nation-states and rogue factions are rapidly integrating cyber attacks into their military...

Phishing‍-‍resistant MFA: elevating security standards in the public sector

Phishing remains a significant issue for government agencies, and current MFA solutions often...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd