The tax authorities and Customs can now access our data published on social networks, under certain conditions. A decree adopted on December 31, 2024 and published on Monday, January 1, 2025 in the Official Journal has extended the prerogatives of the tax administration, which could already access the data that we publish on sales or rental platforms between individuals (Airbnb, Le Bon Coin, etc.) for the purpose of detecting fraud.
And in principle, the system extended to social networks was deemed sufficiently protective by the National Commission for Information Technology and Civil Liberties (CNIL). The authority that guarantees our privacy noted, in its November 2024 deliberation also published 24 hours ago, "satisfactory guarantees", although it has certain reservations.
Since 2021, administrative agents of the Tax and Customs have been able to monitor our activities on websites and applications: the initial three-year experiment, which was highly criticized at the time of its adoption, was finally extended for two additional years. And the decree published on January 1st also gave tax inspectors the possibility of creating accounts on social networks, and therefore of collecting public data from these platforms - elements to which they did not yet have access until now.
The system excluded social networks
Originally, the administration wanted to be able to confirm that the lifestyle of a taxpayer presented on the Web coincided with their tax return. It also wanted to be able, via automated AI systems, to identify people who live in France, while they claim to be domiciled abroad, in order to avoid paying income tax. A first decree, on February 11, 2021, gave it the right to collect a certain amount of data in order to compare tax returns of individuals or companies with data disseminated online. But after initial opinions from the CNIL and the Constitutional Council, the system was finally reduced.
The two bodies considered that the data - which could be swallowed up by the automated systems of the Tax or Customs authorities - should be freely accessible, without requiring registration or a password on the site in question. The rule therefore excluded access to data shared on Facebook, TikTok and the majority of social networks. In other words, the system was limited to peer-to-peer rental or sales platforms such as Leboncoin, Vinted, eBay, or Airbnb.
A review of the first three years “not sufficiently supported”
But now, this limit no longer exists. The system is being extended to social networks, because agents will be able to create accounts to access public data published on the platforms. The CNIL points out that this data is limited to “content that is freely accessible and clearly made public by users”, which excludes private messages or content. It adds that the collection must be done only to “search for evidence relating to the commission of certain offences exhaustively listed by law”. The decree also extends the collection system to two new grounds for suspected fraud: "understatements or concealment of revenue by companies".
While the CNIL gives the green light, it nevertheless regrets that the assessment of the first three years of the system, which was sent to it by the Ministry of the Economy, "is not sufficiently supported to allow it to assess (its) proportionality and (its) efficiency". It notes in its purely advisory opinion that the document sent "does not include elements of analysis that would have allowed an assessment (...) of the proportionality between the objective pursued (the reinforcement of efficiency in the fight against fraud) and the infringement of individual freedoms".
Agents will not be able to act in disguise
In terms of guarantees, the authority specifies that agents will not be able to use "false identities" when collecting data on social networks. The latter will have to clearly "make it clear, in plain language, that it is a tax or customs administration account". The organization also recommends that the Ministry of Finance put in place "an employment doctrine for the agents concerned" to ensure proper compliance with this provision.
It should be noted that no data collection may take place on "sensitive" platforms such as "dating or health applications", adds the CNIL. Finally, the authority considers that the administration will have to exercise "a certain caution" in setting up these artificial intelligence systems that will collect and analyze data, particularly because of the biases they may present.
Source: Deliberation No. 2024-081 of November 14, 2024 of the CNIL
0 Comments