As published on law360.com, Monday 9 August, 2021.
Law360 (August 9, 2021, 12:21 PM EDT) -- The Irish data protection authority will engage with the appropriate bodies within the country to ensure Ireland's agreement that allows the transfer of financial information to the United States is in line with European Union data law, the authority said.
In a letter dated Aug. 6, the data authority acknowledged concerns raised by a group of American citizens living in Europe that agreements allowing information about U.S. citizens to be sent to the U.S. violate Europe's privacy rules.
"Insofar as the concerns you raise relate to the processing of personal data, the DPC will engage with the appropriate Irish authorities," said Ian Chambers, the assistant commissioner of Ireland's Data Protection Commission, in the letter. He added that this included "seeking details on any plans to update the international agreement with the U.S. IRS on the operation of FATCA," referring to America's Foreign Account Tax Compliance Act.
A group of people known as accidental Americans, because they generally left the U.S. at very young ages, has been fighting for years to overturn America's FATCA legislation, arguing that compliance rules imposed on banks make it difficult for the individuals to access basic financial services.
Under FATCA, countries exchange information with the U.S. through bilateral intergovernmental agreements, or IGAs. Foreign financial institutions must disclose information on U.S. citizens' accounts or face a 30% withholding tax on payments from the U.S. This threat of a withholding tax has prompted claims that foreign banks are violating customers' privacy by sharing their information with the U.S. government or discriminating against them by denying banking access.
"This letter is proof that member states will have to revise FATCA to make it GDPR compliant," said Fabien Lehagre, president of a group of accidental Americans, in an email to Law360, referring to the EU's landmark data protection law, the General Data Protection Regulation.
Earlier this year, the European Data Protection Board invited national data protection authorities to assess international agreements that involve the transfer of personal information concluded prior to May 2016 to see if they need to be brought into line with EU law on data protection. The Irish-American arrangement on FATCA was agreed in 2012. The EDPB declined additional comment.
Last month, the Lithuanian data protection office said that the U.S. and Lithuania should consider revising their agreement on data transfer and decide whether it should be amended.
Neither the Irish data protection office nor the Irish revenue authority's office had immediate responses to a request for comment. The U.S. Treasury also didn't have an immediate response to a request for comment.