The tax code does not entitle taxpayers to access the files of the tax authorities. However, it is currently discussed whether Article 15 GDPR also provides a right of access to files in the financial authorities procedure. Especially in external audits, requests for information about the data processed by the tax authority are often made. We explain whether and when access to files must be granted.

When accessing the files, the taxpayer requires the tax authority to gain insight into the data registered about him. Access to the files of the financial authorities can be decisive, especially in disputes in the context of an audit or in the context of appeal procedures. Jurisdictional errors or the circumstances on which the legal constitution in the external audit is substantially based may only arise under certain circumstances from the tax office file. Therefore, access to documents is important.

The financial authority regularly rejects requests for access to files. The legality of such negative decisions has recently been the subject of various decisions by the tax courts and the Bundesfinanzhof. At present, a number of appeals and appeals for non-admission are still pending. The access to the file was also taken into account in the ECJ decision on the legal case “Ispas” of 9 November 2007.

For some time, however, the financial administration has been pushing for a change in the financial authority process towards cooperation and transparency. The draft bill for the implementation of the DAC 7 Directive and the modernization of tax procedural law of 12.7.2022 provides for further transparency obligations of the taxpayer. While, for example, according to the current legal situation, transfer pricing documentation must only be submitted on request in the context of an external audit, the bill provides for the possibility of a request at any time even without the order of an external audit. In addition, if an external audit has been ordered, the transfer pricing documentation shall be submitted without further request within 30 days of the announcement of the audit order.

More cooperation and transparency also applies to the financial authority. The draft therefore provides for new transparency obligations for the financial authority. External auditors should, for example, identify audit priorities (§ 197 paragraph 4 AO-E) and hold interim discussions (§ 199 paragraph 2 sentence 2 AO-E).

The tax code does not provide for any claim for taxpayers to have access to the file vis-à-vis the tax authority. When the tax code was recast in 1975, the Finance Committee had considered laying down a right of access to files for parties involved in tax proceedings. For practical reasons, however, it decided against it. This was justified by the fact that tax files often also contained information from third parties subject to tax secrecy. Such information must therefore be identified and sorted out before access to the file. This was identified as impractical, so that the introduction of a file access claim was waived.

However, the rule of law (Article 20(3) GG) and the principle of effective legal protection (Article 19(4) GG) confer a right to a discretionary decision on the request for access to the file. The taxpayer can obtain effective legal protection only if he is aware of the facts on which the tax office bases his legal opinion.

The Finance Court (FG) has accepted a reduction of discretion to zero in the request for access to the file submitted by the applicant. Therefore, the refusal of the request for access to the file by the tax authority was discretionary. The tax authority has erroneously weighed the interests of the plaintiff against those of the authorities. The Authority has invoked, inter alia, unreasonable administrative burdens and damage to the legitimate interests of third parties.

In the corresponding decision, the FG has now also made demands on the nature and extent of the weighing of interests in the event that the tax authority wants to justify the rejection of the application with an unreasonable administrative burden and the impairment of the legitimate interests of third parties.

For now, the administrative burden associated with access to files must be described in concrete terms. This must be compared with the effort that an appeal procedure would cause, which the applicant is expected to face against the refusal of the request for access to the file. Furthermore, information about a tax advisor who appeared exclusively on behalf of the person concerned in the investigation procedure is not worthy of protection, personal data of a third party. Therefore, they do not preclude access to files. Even control messages that are in the files can be easily sorted out. Therefore, they do not preclude access to files. In this way, the financial authority must fully justify the refusal of applications for access to files.

In accordance with Article 15 paragraph 1 half sentence 2 GDPR, data subjects have the right to access various additional information mentioned therein, such as processing purposes, data transfers made or planned to third parties or the origin of the data, if they have not been determined by the data subject. The controller has to provide the data subject pursuant to Art. 15 paragraph 3 sentence 1 GDPR with a copy of the personal data about which information is to be provided.

Since the tax authority processes personal data of the taxpayer, the right to information under Art. 15 paragraph 1 GDPR in the field of application of tax law comes very close to a right of access to files. Therefore, more and more requests for access to files based on Article 15 GDPR have been made to the financial authority. However, the specific data protection claims of taxpayers vis-à-vis the tax administration are disputed in the previous tax court case law and literature. In the highest courts, they are largely unresolved.

In the financial authority procedure, the GDPR is directly applicable, because the financial authorities according to Article 4 number 7 GDPR are responsible in the sense of the GDPR. The personal scope of the GDPR is open according to Article 2 paragraph 1 in conjunction with Article 4 number 1 GDPR only for natural persons. Section 2a paragraph 5 AO also extends it to legal persons. In addition, the factual scope of the GDPR extends not only to indirect, but also to direct taxes – i.e. taxes that are not harmonised by the EU.

Based on a decision of the ECJ, it is generally held that the tax office file contains almost exclusively personal data of the taxpayer. According to article 4, number 1, GDPR, personal data is any information relating to an identified or identifiable natural person. The only determining factor for qualification as personal data is whether the information is linked to a particular person by virtue of its content, purpose or impact. Since the concept of personal data is to be understood in a broad sense, assessments, value judgments, assessments of the case handler, internal assessments, conclusions, calculations, estimates and the like are also to be regarded as such data. Even legal arguments qualify as personal data insofar as they refer to the taxpayer. This includes, for example, the subsumption of the financial court. Therefore, abstract legal statements within the legal assessment are not data within the meaning of the GDPR.

According to Article 4 number 2 GDPR, the processing includes, for example, collection, collection, organization, ordering, storage or modification. As part of an external audit, personal data is collected, ordered, stored, read out and used.

It is already problematic which type of action in the case of requests in conjunction with an information provision according to Article 15 GDPR in the opened financial legal procedure applies. on the one hand, that the commitment action is admissible and, on the other hand, that a general action for performance is admissible with an action for appeal against the negative administrative act. The appeal procedure IX R 20/22 concerns, inter alia, explicitly the legal question of the legal nature of the action in connection with the request for information to be given to the tax administration. For the plaintiff, however, it is irrelevant whether he has submitted the correct claim. The tax court interprets the lawsuit in an emergency so that the right type of lawsuit has been chosen.

It must also be clarified whether the data subject rights under Article 15(1) GDPR (right to access personal data) and Article 15(3) GDPR (right to provide a copy of personal data) are two different claims or a uniform claim.

On the general legal question of the extent to which the GDPR gives rise to a claim to information vis-à-vis the tax authority, revision proceedings are pending with the BFH under the file numbers IX R 34/21, IX R 24/22, IX R 25/22 and IX R 26/22.

The right of access pursuant to Article 15 paragraph 1 GDPR applies exclusively to personal data and accordingly does not grant the right of access to components of a file, as far as no personal data is filed there. This includes in particular preparatory work and evaluations of the auditor, such as legal opinions, draft decisions, calculations or investigation results.

Furthermore, any claim for access to files pursuant to § 32c paragraph 1 no. 1 AO in conjunction with § 32b paragraph 1 no. 1 letter a AO is limited due to overriding interests of third parties, in particular tax secrecy. In this respect, it is to be seen how the BFH will decide in numerous pending revision proceedings.

In practice, therefore, it makes sense to base your claim on both bases and to file an action against a possible rejection.