TY - JOUR AU - Jijena-Leiva, Renato AB - Key Points When exercising its functions, the Chilean Internal Revenue Service (SII) is legally enabled to treat taxpayers’ personal data, which involves handling information that identifies people or makes them identifiable. According to Chilean legislation, data treatment includes data collection, analysis, processing, and sharing to third parties. The treatment of personal data made by the tax authority is vital to ensure compliance with tax liability. Therefore, the law obligates taxpayers to collaborate, which means they must submit relevant tax data to the SII. At the same time, the tax authority must protect data, which is also subject to tax secrecy or duty of confidentiality. The question is whether or not the data obtained and elaborated by the SII are duly protected by this tax secrecy or duty of confidentiality. The matter is crucial since there are decisions made by Chile’s highest court that request the SII to hand over taxpayers’ information when third parties ask for it based on the general right to access public information. After reviewing the Constitution, the personal data protection regulation, the taxpayers’ rights, and the tax secrecy or confidentiality obligation, this article establishes that the standard of protection of personal data is higher in taxation than in the rest of the legal system. The latter means there are strong obligations placed upon the tax authority, which include respecting the tax secrecy or confidentiality responsibility. The tax authority cannot share with third parties the information, except in those cases where there is an explicit provision in the law. Introduction Handling personal data is increasingly important for both business development and the affairs of state. In fact, data are often referred to as the new ‘oil’1 of the information society. The State requires this information to regulate tax compliance, prosecute tax evasion, deter tax avoidance, and provide services to taxpayers.2 Taxpayers finance public expenditures through tax payments by reporting taxable transactions, receipt of income, payment of deductible expenses, and self-reporting the resultant taxes due. Tax authorities review filed tax declarations to ensure that tax liabilities are properly quantified and that payment, where applicable, has been timely made. Tax authorities require taxpayers’ tax information and personal data to ensure that the correct amounts of taxes are collected and that any overpayments of taxes are refunded. Taxpayers are therefore obligated both to pay taxes to finance public expenditures and communicate necessary information to the taxing authority, an obligation that ‘encompasses the [taxing authority’s] duty to inform third parties and the taxpayer’s own duty to collaborate’.3 Consequently, tax administrators possess large amounts of personal data of a tax, financial and commercial nature. Such data could be used to build profiles of individual taxpayers’ purchasing and payment habits. The increased collection of taxpayer data is directly related to the accelerated development of information technologies.4 Of course, tax authorities can obtain, process, and share taxpayer data only as permitted by law, with due respect for the taxpayer’s rights.5 Tax authorities and their employees are obligated to maintain the confidentiality of taxpayers’ personal information6 and are subject to sanctions for failing to do so. It is therefore essential to determine the legal and protected status of taxpayers’ personal information, both to prevent it from being stolen by third parties and because tax authorities guarantee its security while, at the same time, collecting, processing, and sharing it with third parties. Sharing taxpayer information with third parties is particularly problematic for several reasons. For example, taxing authorities may agree to exchange information with other governmental agencies. More importantly, as government agencies, taxing authorities may be required by regulations that promote transparency of government actions and the integrity of public bodies, to supply information to the general public on request. This article analyses the protected status of taxpayers’ personal data received by the Chilean Tax Administration Chile’s Internal Revenue Service (Servicio de Impuestos Internos, abbreviated as SII). The SII is often pressured to provide access to taxpayers’ personal data.7 This article determines what information the SII is both entitled and required to share, bearing in mind its obligations to maintain confidentiality of tax matters and to protect taxpayers’ rights, and the constitutional and legal regulations that protect personal data and private life. This task is marked by characteristics already common to the tax regulatory system—its lack of order, coherence, and systematization—that make dogmatic reconstruction more complex. Differentiation between the different types of data processed by the SII The different types of data: personal and private Both the Chilean Constitution and its tax laws provide personal information and fundamental guarantees for private life. From a tax perspective, it is important to distinguish between personal information and private life: the Chilean Constitution recognizes them separately and with autonomy within the fundamental guarantees, and the tax legislation itself recognizes it as a taxpayer’s right. As a result, when conducting audits, the SII is obligated to respect the taxpayer’s personal life and protect the taxpayer’s personal data in accordance with law.8 Thus, like the Constitution, tax law considers that, although both rights are inherent on an individual’s capacity as such, they are not synonymous. They account for different, autonomous rights that have different levels of protection. Hence, it is essential to define the concepts of personal information and private life. As previously mentioned, the Chilean Constitution recognizes, on the one hand, the fundamental right to privacy and, separately, the fundamental right to the protection of personal data.9 The protection of personal data was not always recognized as a constitutional right,10 but once included in the Constitution it is considered an autonomous right, different than the right to privacy, but of a generic nature, leaving the details of the processing and protection of these personal data to enacted laws.11 This regulation is currently contained in Law No 19.628 of 1999, on the protection of privacy.12 Because privacy depends on the circumstances of each natural person, it is a relative concept. An even more narrow definition of this concept would be ‘intimacy’.13 The Chilean Constitutional Court has held that the right to privacy includes the personal data that Law No 19.628, on the Protection of Private Life, classifies as ‘sensitive’. The legislature has declared that ‘sensitive’ data refer to the physical or moral characteristics of persons and to facts and circumstances of private lives and intimacy. Examples of ‘sensitive’ data are one’s personal habits, racial origins, ideologies and political opinions, religious beliefs and convictions, physical and mental health status, and sex life.14 Because sensitive data are presumptively protected by law, natural persons must affirmatively consent to ‘processing’ of certain data, documentation, events, and background information before that information can be shared with a third party.15 If the person so consents, or if an express legal regulation so requires, the sphere of protection gives way to a ‘more public’ sphere. The treatment of personal data takes a different approach. Personal data are considered data that identify a natural or legal person or make that person identifiable, without necessarily referring to the personal rights or dignity of the owner of the data. The scope of personal data is more restrictive, because the law limits it to information concerning identified or identifiable natural persons,16 excluding legal persons. Therefore, personal data include all economic, financial, banking, and commercial information concerning identifiable natural persons.17 The legal concept of personal data is generic and broad because it requires only that the data identify a person or make him/her identifiable. Consequently, the existing amount of personal data is enormous. The type of protection to which one is entitled is derived from this broad concept of personal data, which depends on the type of personal data in question. In fact, according to the traditional German theory of concentric spheres of privacy:18 some personal data belongs in the privacy sphere, which in turn has four subdivisions—the individual sphere, the private sphere, the sphere of trust, and the secrecy sphere—which possess a higher degree of protection. Although there are common elements among these spheres, the secrecy sphere makes data inaccessible to others unless the data owner entrusts it to a third party.19 Within the private sphere are biometric fingerprints and facial data; self-portraits; DNA; religious beliefs; sexual preferences; travel, hobbies, and pastimes; medical, health, and disease information, whether or not they appear in medical records; credit history; income information; positive personal asset information; and the IP addresses, internet browsing histories or sites visited that are tracked through ‘cookies’. other personal data belongs in a social, public sphere that is easily and necessarily accessible by third parties connected to the data owner. In tax matters, for example, name; the National Tax No. (RUT); gender, ages, and date of birth; home and work addresses; profession, and nominative e-mail addresses (eg pedro@perez.cl) are all in the social or public sphere. The tax administrator can, of course, access public information, but it may also obtain personal data found in the private spheres with prior legal authorization. Access will be limited according to the purpose of access and may not include the ‘private’ sphere of information (sexual orientation, medical information, etc.). On the other hand, a taxpayer’s credit card purchases and electronic transactions are personal data that may be submitted to the tax administration to determine whether taxes may be applied. If the tax authority disaggregates, profiles, or cross-references these data, it may be able to identify ‘secret’ data within the private sphere having nothing to do with the purpose for which it was submitted to the government. Doing so is an illegal act that affects fundamental rights to privacy and data protection. The Chilean taxing authority’s access to this private information obligates the authority to maintain its confidentiality, an issue that may give rise to legal conflicts that have not been resolved. For example, suppose that while reviewing a taxpayer’s credit card purchases to determine their deductibility, an SII employee detects some personal information that he/she is not authorized to see, such as purchases on the internet downloadable child pornography.20 This hypothetical situation creates a real-life clash of obligations. On the one hand, as a government agency, the SII and its employees are obligated to maintain the confidentiality of taxpayers’ information. On the other hand, the SII employee may be legally required to report to prosecutors any crimes that come to their knowledge while performing their duties.21 Thus, processing personal data may give rise to the obligation to file a criminal complaint, a situation that Chilean law does not expressly address. Some taxpayer data come from a private, intimate, or confidential sphere; other taxpayer data come from a more social, public sphere that is easily and necessarily accessible by third parties connected to the data owner.22 Considering that data can be captured or cross-referenced to create profiles, generating new data from this process (eg, a taxpayer profile created by the SII) may produce data that identify specific individuals. For the tax authority, this allows profiling and algorithmically classifying taxpayers according to their degree of tax compliance, from which the authority can focus its audits on areas of the economy in which taxpayers have similar levels of non-compliance and detect and analyse those whose tax filings appear unusual. A series of regulations obligate both taxpayers and third parties to provide information to the SII. For example, the SII must be notified of commercial activities that are taxable or may be taxable.23 To do so, the taxpayer must provide the SII with name, address, Personal Tax ID number and, in some cases, profession. Therefore, the SII will have this information in its database from the very start of any business activity. In addition, third parties, such as banks, send taxpayer information, such as income earned by the taxpayer from investments, to the SII.24 In principle, the SII might deal only with non-sensitive personal data. However, the line between non-sensitive and sensitive personal data is very fine, when it is defined at all. Thus, in both theory and practice, the SII could learn about or process some sensitive information derived from personal data. However, according to the General Data Protection Regulation of the European Union of 2016 (the GDPR),25 the treatment of sensitive, very personal, or ‘highly protected’ data is even more restricted than the treatment of personal data in general. In principle, highly protected data should not be included within the purposes for which the SII processes taxpayer data.26 SII processing of personal data In legal terms, personal data processing is understood to refer to any operation or set of operations or technical procedures, automated or not, that collect, store, record, organize, create, select, extract, confront, interconnect, disassociate, communicate, transmit or cancel personal data, or use it in any way.27 This process can be done only when authorized by law or when the owner of the data expressly consents.28 Certain tax regulations expressly allow the SII to handle taxpayers’ personal information. In other cases, such as advice notices, the taxpayer must consent before the SII can use the collected data.29 As a government entity, the SII is legally entitled to process personal information, provided it uses the information solely for the purpose of its Public Law functions30 and keeps it secret, as will be explained later. Sources of the SII tax data collection According to the RAE (official Spanish Language Dictionary), ‘data’ are a piece of information necessary to obtain the exact knowledge of something or to deduce the legitimate consequences of a fact31. In other words, ‘data’ always provide some knowledge. An organized set of data, according to the general theory of systems,32 are information and within its ‘life cycle’ premises are transmitted between a sender and a receiver in the communication process, allowing inference in relation to its object. The SII collects tax-relevant personal data from several sources. First, every Chilean taxpayer, whether a legal or natural person, is registered with an identification number, which is known variously as one’s ‘Individual National ID Number’ (RUN) or ‘Individual Tax ID Number’ (RUT).33 Secondly, every taxpayer must provide information to the SII during the taxpayer’s ‘life cycle’. For example, the information to be provided by legal persons during the business’s life cycle includes information required at the start of business activities, periodic updates of the reported data, authorization of tax documentation [such as receipts and purchase orders (almost all of which is done electronically)] and at the closing of the business. Thirdly, all taxpayers must provide sworn statements, which may be tax return filings or sworn affidavits reporting relevant personal or third-party background information, and sworn affidavits of tax behaviour, in compliance or non-compliance. Fourthly, the SII maintains a registry of properties identified by unique numbers for the assessment of real estate taxes to be paid by the owner or occupant of the property. This registry includes property transfer information provided by notaries, real estate registrars,34 and municipal offices.35 Fifthly, now that value-added tax (VAT) is assessed on digital services, access to a massive amount of personal data is necessary for the SII to determine the amount of VAT due.36 Sixthly, with the lifting of bank secrecy in appropriate cases, and with the protection of obtained information by the banking reserve.37 Seventhly, the SII has access to information made available to it or exchanged with other governmental bodies through internal systems for cross-referencing information on web services platforms. Finally, the SII obtains relevant tax information through exchanges of information with tax administrators in other countries through double-taxation agreements and information exchange agreements. Personal data protection When collecting relevant tax information, the tax authority must avoid misuse of these data. In 1977, the Privacy Protection Study Commission urged that ‘extraordinary precautions’ were necessary to prevent the misuse of the information provided by taxpayers to the tax authority: [T]he fact that tax collection is essential to government justifies an extraordinary intrusion into personal privacy by the IRS but is also the reason why extraordinary precautions must be taken against misuse of the information the Service collects from the taxpayers.38 Like other governmental bodies, the SII uses ‘Big Data’ tools, known as data analytics, to manage the massive volume of information it receives. Moreover, the SII outsources the processing of that information to external providers, such as cloud computing servers,39 making computer security essential. Computer security aims to reduce risks and avoid possible vulnerabilities associated with the management of computer networks, telematic systems (such as websites), and transfers through open or closed telematic networks, especially on the internet.40 The Chilean Data Protection Act establishes as fundamental duties both: (i) the confidentiality of processed data and (ii) that processed data be used only for those purposes defined by law as the reason for its collection.41 Any violation gives rise to the right to contractual or extra-contractual compensation, due to patrimonial and moral damage caused by the improper processing of data, and the obligation to eliminate, modify, or block the data as required by its data owner or as ordered by a court.42 In addition, officials are subject to administrative rules under Article 44 of Act No 18.575. Supreme Decree No 83-2005 of the General Secretariat of the Presidency imposed uniform technical standards for security and confidentiality of electronic documents upon the entire State Executive Branch. These standards include requirements and recommendations to guarantee a minimum level of security in the use, storage, access, and distribution of electronic documents. The Decree thus facilitates an electronic relationship among State Administration bodies and between State Administration bodies and the public and private sectors. Finally, the Decree ensures the safety and reliability of electronic documents in the government’s hands. In addition, Act No 19.799 addresses the authentication, integrity, non-repudiation, and confidentiality of tax documents. In Chile, therefore, all relevant actors must consider the cybersecurity standards that protect personal data by automatically providing high-level encryption of taxpayer information held by the Administration.43 To comply with those standards, the SII implemented an Information Security Management System (ISMS),44 which includes references to information asset controls that comply with International Organization for Standardization (ISO) 27001, 27002, 27301 Standards and their updates.45 The ISMS defines minimum conditions and requirements for public officials’ diligent management of information and restricts access to that information to only authorized and identified officials.46 Failure to maintain the secrecy of information can result in administrative sanctions, after due investigation, on officials who have been negligent in their preventive and security systems management obligations. In addition, criminal sanctions apply to those who improperly access data after a vulnerability has been detected.47 Although this specific protection is required by Supreme Decree No 83-2005, it is general and technical and therefore insufficient to protect taxpayers’ personal data.48 In general, the State is liable for damages caused by state agencies in the exercise of their duties. Liability could arise when a security breach occurs due to negligence in the administration’s use of computing resources. Tax secrecy or confidentiality and disclosure of information Because the SII is empowered by law to ‘collect’ and ‘process’ taxpayer data, the question becomes whether and when it can reveal taxpayer data. In other words, under what circumstances can the Tax Administration make these data available to third parties or carry out a process that includes communicating them to third parties? Data may be communicated because of a political decision, a request for information from citizens under the law mandating transparency of government, or information exchange agreements with government agencies of other countries.49 The answer to this question is crucial. There is a potential conflict between taxpayers’ right to privacy and the citizens’ right to transparent government. This concept was not so important in Chile until the 2008 financial crisis and, more recently, until the Lux Leaks and revelations of the Panama Papers and Pandora Papers. These scandals have created pressure for changes in policy design and an increase in fiscal transparency.50 In this respect, some have opined that, to a greater or lesser extent, the SII may provide certain information for certain specific, legal, and exceptional purposes. For example, the General Comptroller of the Republic has opined that the SII can sign agreements allowing a third party to have access to the data it holds under two conditions: (i) the information is not considered secret51 and (ii) sharing the data fulfils a function assigned by law to the SII (such as to combat tax evasion).52 In addition, minority opinions by some justices of the Supreme Court of Chile indicate that the SII must disclose the information it holds. These pronouncements generally arise in connection with judicial review of the SII’s refusal to produce data upon a request made under the transparency norms of Act No 20.285.53 In several rulings, Supreme Court Judge Sergio Muñoz has affirmed that officials may not refuse to produce, on grounds of secrecy or tax confidentiality, information that Act No 20.285 requires to be produced.54 In this regard, Act No 20.285, on access to public information, determines when a public entity may refuse to provide information. Under Act No 20.285, a public entity may refuse to produce ‘documents, data, or information that a qualified quorum law has declared confidential or secret, according to the causes indicated in article 8 of the Political Constitution [of Chile]’. According to Judge Muñoz’s interpretation of Act No 20.285, tax information is not considered confidential or secret and must therefore be produced upon demand. Failure to produce the requested tax information upon demand would affect the individual persons involved, namely, the Director of the SII and various SII officials, rather than the institution itself. Any infraction would therefore be subject to administrative and/or criminal punishment. In contrast, Judge Muñoz opines that the duties of disclosure and transparency are addressed to State entities.55 Disclosure and transparency of public information is considered a requirement for good government,56 and for democratic and technical control of government and is required to maintain the rule of law.57 However, disclosure and transparency can hardly be reconciled with respect to private life, data protection, or the confidentiality of tax information held under a duty of reserve or secrecy. This essay supports the contrary hypothesis, namely, that the information and personal data held by the SII is secret, both as an obligation of the State and as the right of the taxpayer. This right and obligation have been refined and extended in recent years. Therefore, this article concludes that the general rule should be that, unless expressly authorized by law, tax information cannot be shared with third parties, whether public or private institutions, natural or legal persons. This article reaches this conclusion after analysing constitutional norms, the corresponding personal data processing law, and applicable tax regulations. Tax secrecy or reserve under the Tax Code The legal and regulatory tax system establishes different limits on the power to ‘share information’: the tax secret or reserve, and the newly established taxpayer’s right. The secrecy of tax information stems from the second paragraph of Article 35 of the Tax Code, which prohibits ‘disclos[ure]’ of information collected by the Tax Administration and is referred to as ‘tax secrecy or reserve’. Chilean doctrine and jurisprudence have defined tax secrecy or reserve as complete and absolute.58 This definition is an essential element of the current tax system, which relies on the information provided by taxpayers.59 However, the assertions of complete and absolute secrecy are not supported by a dogmatic theory of tax reserve. The lack of doctrinal development shows how unimportant secrecy of tax information has been in the past.60 In fact, Chilean law does not provide a doctrinal definition of tax secrecy or reserve. To define the concept, it is necessary to resort to foreign commentators, who conceptualize it as ‘an exception to […] the basic principle of disclosure and transparency’ inherent in democracies: [T]he regime of protection and reserve of the information obtained by the Tax Administration against its disclosure to third parties and its misuse. Thus, the regulations governing tax secrecy or reserve establishes a ‘reserve’ or a restriction to use and disclose tax information. Therefore, this regime of confidentiality of tax information implies an exception to democratic States’ basic principle of disclosure and transparency.61 Under Article 35 of the Tax Code, two matters are subject to secrecy or reserve: (i) information that appears in compulsory declarations and (ii) information used and produced during tax compliance proceedings. Each of these is examined in turn. With respect to compulsory tax declarations, Article 35 prohibits their disclosure outside the SII, ‘except as may be necessary to comply with [the Tax] Code or other legal provisions’: [T]he amount or source of income, losses, expenses or any data relating thereto contained in the compulsory declarations may not be disclosed, nor shall the compulsory declarations or copies thereof or books or papers containing extracts or data taken therefrom be made known to any person outside the Service except as may be necessary to comply with the provisions of this Code or other legal provisions. This limitation has been present in Chilean law since December 1925. In fact, it has been included in Article 94 of the Income Tax Law since 1925.62 The secrecy or reserve rule applied to compulsory declarations required by the Income Tax Law. The secrecy or reserve rule was in the 1925 law under the same Title contemplated in previous laws on this matter. These compulsory tax declarations include both self-assessed tax returns and other purely informative declarations. The secrecy or reserve rule was incorporated into the Tax Code of December 1974 with the enactment of Decree Law No 830, which expanded the sources of information protected by secrecy or reserve. Thus, the new law applies to both the information appearing in compulsory tax returns required by the Income Tax Law and any other compulsory statement required in tax matters for other domestic taxes, including self-assessed tax returns filings and the compulsory solely informative return,63 understood as such, for which the failure to file is penalized.64 The second paragraph of Article 35 of the Tax Code bars the disclosure of: economic background data, specifically the amount and source of income and expenses, losses and basically ‘any information related to them’. In other words, Article 35 bars disclosure of any background information that appears in a compulsory declaration related to income, its source, or the taxpayer’s expenses. ‘the declarations, their copies, or the accounting books or papers that contain extracts or data taken from them.’ This paragraph goes one step further to apply to more than the purely economic information listed in the first sentence of the second paragraph. In fact, the phrase ‘data taken from them’ extends the non-disclosure obligation to any information or ‘data’ appearing in the said declaration or in emails, addresses, legal information, and so forth; and ‘the content of any compliance monitoring process carried out in accordance with tax laws, intended to determine tax obligations or to sanction a taxpayer.’ This paragraph was added to Article 35 in February 2020 by Law No 21.210, extending the non-disclosure obligation to existing information outside the declarations but obtained ‘in compliance monitoring processes’. Based on even a cursory reading, the legislature, starting from its very first regulations, established an obligation of non-disclosure. In addition, this obligation has been expanded over time, first by its transfer from the Income Tax Law to the Tax Code, where it applies to all domestic taxes (not only to income taxes), and then by adding information obtained during audits as subject to the duty of confidentiality. Finally, as a consequence of its expansion, the law now sanctions its violation. If an official from the SII or from the Treasury Department discloses these data,65 he/she may be suspended from employment for 2 months.66 Serious and repeated cases may lead to the removal from office, notwithstanding other sanctions of the criminal law. If the defendant is a third party who receives or processes information, he/she may be imprisoned (penalties that in some cases can be served in parole) and fined 5–100 UTM (monthly tax units).67 The second limitation on the Tax Administration’s ability to share tax-related information is the taxpayer’s rights under Article 8 bis No 9 of the Tax Code.68 Article 8 bis both prevents the SII from disclosing data and background information collected as part of its regulatory activity and affects the ‘collection or access’ of the data. In fact, Article 8 bis guarantees the taxpayer ‘that in regulatory actions, private life is respected, and personal data is protected in accordance with the law; and that tax returns, except in cases of legal exception, are confidential, in the terms provided by this Code.’69 Article 8 bis No 9 relates to the fundamental rights of respect and protection of private life and personal data.70 The protection of personal data was made a constitutional guarantee in August 2018, which created a new paradigm in this matter. Therefore, every aspect of ‘data protection’ will be examined here. By also establishing ‘private life’ as a limitation on regulatory control, Article 8 bis No 9 of the Tax Code specifically applied the fundamental right of Article 19, No 4 of the Constitution to tax matters, protecting this area of life from scrutiny by the SII, even when exercising its legal authority and duty to inspect. Nevertheless, by introducing the concept of ‘private life’ into the Tax Code, the legislature gave a broader view of the information issue, where the prohibitions on disclosure cover both sharing information with third parties, as historically recognized in the Tax Code, and information accessed by the public authority itself. In this case, information associated with one’s private life (although this is certainly a relative concept as it depends on the circumstances of each person) has an essentially protected core, which are the ‘sensitive’ data: the physical or moral characteristics of people and the facts and circumstances of their private lives and intimacy, such as personal habits, racial origin, political ideologies and opinions, religious beliefs or convictions, physical or mental health conditions, and sexual life. This legislative change is indicative of a systemic vision of information that safeguards both its sharing and its collection. With this legislative change, the law has moved closer to the idea of data processing contained in Article 2 of Law No 19.628. The third sentence of Article 8 bis No 9 of the Tax Code establishes as a taxpayer right the ‘reserved nature’ of ‘tax returns’. ‘Tax returns’ could be limited to tax assessment returns (in this sense, self-assessment). It could also refer broadly to any compulsory return. The question is therefore whether the definition of ‘tax returns’ includes the right to privacy: Does ‘tax return’ include only tax return filings themselves or extend more broadly to the several types of documents that taxpayers must send to the Tax Administration? This article asserts that the law uses the expression ‘tax returns’ in a broad sense, given the common use of the word ‘tax’, which according to the Official Spanish Dictionary means related to taxes. In addition to this dictionary definition, a broad interpretation is consistent with Article 35 of the Code, which applies to any compulsory statement. Therefore, to interpret ‘tax return’ narrowly would create a statutory conflict. Finally, the meaning given to Article 8 bis of the Tax Code also supports interpreting ‘tax return’ broadly. In fact, in introducing the Bill of Law that would become Act No 21.210, the Executive Branch claimed that it would provide taxpayers with effective rights. If ‘tax return’ is interpreted narrowly, tax officials’ duty of reserve is limited and the taxpayer’s right to protection is restricted to a single type of statement (tax-paying returns). On the other hand, if ‘tax return’ is interpreted broadly, data protection extends to the information contained in all compulsory declarations. A broad interpretation of ‘tax return’ strengthens the non-disclosure obligation of Article 35 of the Tax Code in two ways. First, the duty of reserve extends to data in any compulsory declaration. Secondly, the obligation to protect the data acquires the character of an active right. In fact, before the passage of Act No 21.210, this obligation had the character of an active right because of the sanctions in Article 101, No 5, of the Tax Code. However, with the incorporation of this rule in the catalogue of rights, it acquires active effectiveness, in that the taxpayer can demand compliance through administrative and judicial remedies that the law establishes in Articles 8 bis (recourse for protection [recurso de resguardo]) and 155ff of the Tax Code (recourse for violation of rights). The following justifications have been traditionally offered for the duty of secrecy or tax reserve, which now is established as a right. First, the duty of secrecy is intended to avoid public revelation of the assets of natural or legal persons,71 as this information is private to each individual. Therefore, if all the information contained in filings of income tax, VAT and, eventually, inheritance and land taxes were made public, the assets of the affected taxpayers would become public. The same logic applies to data extracted from the sworn statements that taxpayers must send to the SII and from those sworn statements sent by third parties regarding the assets of a particular person. This justifies tax secrecy or reserve. In addition, the legislation specifically establishes a confidentiality statute that creates an exception to the rules of presumptive disclosure and transparency typical of democratic States.72 Secondly, the information could indirectly provide insight into people’s private lives. Although the requirement to provide information presupposes that the shared information is of an anonymized nature, people would be less inclined to provide information if they knew that the data they provided to the SII may be shared with third parties. Thirdly, and no less important, the disclosure of this information could reveal company secrets and, ultimately, impede fair competition. Moreover, therefore legislation forbids even the SII from accessing even information considered to be commercial or business secrets when it is connected to the taxpayer’s electronic accounting systems.73 These first three reasons ensure that the taxpayer’s privacy is protected and safeguarded. These guarantees are intended to ensure both the duty and the right of secrecy or tax reserve for the taxpayer’s private life. Fourthly, tax secrecy or reserve contributes to tax efficiency because it generates trust. In fact, taxpayers must be confident that their tax information will not be disclosed to third parties. That the Tax Administration shared some anonymized tax disclosures would therefore not be a valid reason for taxpayers to refuse to comply with tax obligations. Lastly, these obligations of the Tax Administration are a counterweight to the enormous powers it has. In Chile, taxpayers have no bargaining power against the Tax Administration: They are obligated to provide the required information. Only the regulations governing the secrecy or confidentiality and protection of the information given to or processed data by third parties protect its privacy.74 In summary, we believe the legislature has long recognized the duty of non-disclosure or secrecy or tax reserve on the part of the taxing authority, focusing mainly on the non-sharing of information. On the one hand, the right of non-disclosure has over time been extended to all data in compulsory declarations, both economic and otherwise (Articles 35 and 8 bis No 9). At the same time, the right to privacy has been strengthened, becoming not only a Tax Administration duty but also a taxpayer’s right and, therefore, enforceable. The legislature has broadened the concept of information and privacy rights. Both the information provided by taxpayers and also respect for private life have limited the collection of tax information. This is confirmed when analysing the provisions referring to data protection. The justifications for tax secrecy or reserve are varied and include efficiency, generation of trust, and counterweight to the powers of the Tax Administration. However, it is based mainly on the protection of the taxpayer,75 and taxpayers’ constitutionally protected spheres of privacy. Legal exceptions to tax secrecy or reserve In certain exceptional cases, the circumstances that justify lifting the protections of the tax secrecy or reserve are more important than the guarantee to the taxpayer of secrecy.76 Those exceptional cases are enumerated in Article 35 of the Tax Code. For example, the examination of declarations at the request of the courts is admitted when there are tax lawsuits; when there are civil lawsuits in which alimony is disputed; and when the examination or information is needed by the Public Prosecutor’s Office for criminal prosecutions. Likewise, anonymized (de-identified) statistical data may be published. When deemed appropriate, the General Comptroller of the Republic may also review or examine tax returns. Similarly, the General Treasury of the Republic has access to all tax returns and all other information held by the SII for the sole purpose of determining the taxpayer’s assets in judicial proceedings to collect taxes owed, in accordance with Article 168 of the Tax Code.77 To these exceptions contemplated in the tax legislation must be added the exception established in Article 49 of the Labour Code. Article 49 allows the SII to determine the amount of the employer’s own capital invested in a company to calculate the company’s net profit. These data may be used only to define the amount of bonuses to be paid. When the exchange of information is admitted, as a limited exception to secrecy or reserve, the institutions that receive information may use it only for the intended purposes, in accordance with the law. A new paradigm of tax law: the protection of personal data The second sentence of Article 8 bis No 9 of the Tax Code imposes on the SII the obligation to ensure the right to ‘protection of personal data’, which are those data that identify the taxpayer or make the taxpayer identifiable. This is an explicit recognition of the fundamental right to the ‘protection of personal data’ included in Article 19 No 4 of the Constitutional Reform of 2018. Article 8 bis introduces a new paradigm for the State Administration and for tax law, creating both a duty not to disclose information subject to secrecy or reserve and the right of the taxpayer to demand that data collected by the SII remain confidential. It applies to all actions related to the processing of personal data regulated in Act No 19.628 regarding the exchange, collection, and use of information.78 Consequently, the legal basis for limiting the processing of data by the SII is no longer solely the protection of the taxpayer and his/her private life, as was the case in the previous tax law dating back to the beginning of the twentieth century. As of 2018, the fundamental right to the protection of personal data is constitutionally enshrined, followed by its recognition in the 2020 Tax Code. Since 2018, the owners of the data may access their data, control it, and self-define it (which came to be called habeas data). These rights impose burdens and restrictions on the SII, further expanding and strengthening the taxpayers’ right to the non-disclosure of tax information. To adequately guarantee this right, taxpayers may file a special claim before the courts79 and may appeal to the SII itself to correct any infringement of the right.80 The general regulatory system restricts the protection of personal data to identified or identifiable natural persons,81 excluding legal persons, an issue that has been questioned in a ruling by Chile’s highest court.82 The distinction between legal and natural persons does not apply in tax law because the protection of personal data, as established in the first paragraph of Article 8 bis of the Tax Code, is a taxpayers’ right, without distinguishing between natural and legal persons. As such, it is valid for all subjects or entities that meet the said condition. Article 8 bis No 5 of the Tax Code specifically defines ‘taxpayer’ as ‘any natural or legal person’. In summary, in tax matters, the right to data protection extends to data belonging to any taxpayer, whether a natural person or not. Under Article 4 of Act No 19.628, the SII is authorized to process data to regulate tax obligations. The law itself authorizes the SII to process taxpayer data without the express consent of taxpayers.83 The authorization for processing data allows for the collection and sharing of information and for other operations, such as storage and various forms of organization and the use of information. The use of taxpayer information in these other operations will not be analysed here.84 Article 7 of Law No 19.628 requires any person who works in data processing, in the public or private sector, to keep taxpayer data secret. The law itself restricts its subject matter to the duty of confidentiality, stating that the is limited to personal data that ‘come from or have been collected from non-public sources, as well as other data and background related to the data bank’. A large part of tax information is collected from sources not accessible to the public because: (i) it is information that natural and legal persons, state and private, deliver exclusively to the SII through tax return filings or (ii) it comes from information obtained by the SII using its powers of control. Because this information does not come from public sources, it is subject to the duty of secrecy (or reserve) or non-disclosure, the breach of which is sanctioned and protected by the aforementioned administrative and judicial resources. Thus, the following are not protected: (i) data collected by the SII from public sources for the processing of personal data and (ii) individual information generated by the Tax Administration, such as the real estate cadastre. The latter is naturally public information because Article 3 of the Land Tax Law requires that the cadastre be publicly accessible. The next question to address is whether the SII can share this information directly with third parties that request it, or whether it can enter into an agreement to provide a private actor with tax records. In our opinion, the answer to both is negative. Articles 9 and 20 of Act No 19.628 establish the purposes and limits of the SII’s powers. Data collected by the SII may be used only ‘for the purposes for which it was collected’ and the processing may be carried out with due regard to only those matters within its authority. The Tax Administration exists to regulate, control, and ensure payment of all internal taxes.85 However, it does not have, among its purposes and powers, the provision of information to third parties. In short, providing information to third parties is not the reason for the existence of the SII. Therefore, the provision of this information, which is a form of data processing, is outside its powers and responsibilities. The SII is not empowered to share the information it possesses, even if it has been collected from public sources, or the information it prepares, giving priority to the constitutional and legal protection of the data managed by this Tax Authority.86 As the Chilean Supreme Court has observed, limiting the use of this information exclusively to tax purposes ‘protects the essential content of the right to privacy and the confidentiality of personal data. It may also protect other legal assets with constitutional significance, such as rights of commercial or economic nature’.87 Notwithstanding the above, this limit is itself limited when the requesting party is another public entity, in accordance with the duty of collaboration among public bodies, as required by Article 4 of the State’s Administration General Law. In addition, Article 4 expressly contemplates the exchange of information. The rationale for this new limitation on the transfer of personal data to a third party is derived from the constitutional protection of personal data as a fundamental guarantee for every person.88 The rationale for limiting information sharing may also be based on a property right (Article 19 No 24 of the Constitution) to personal data, because the information belongs to a specific person in an absolute, exclusive, and perpetual way.89 In addition, personal data are incorporated in the moral heritage of people as an attribute of their personality and an even more personal right. Therefore, it is protected by the Constitution from the perspectives of both personal and moral rights.90 Essentially, the Latin American systems of personal data protection credit the Spanish Constitutional Court ruling 292/2000 with having clearly defined the content of the fundamental right to the protection of personal data and the distinction between it and intimacy or privacy.91 This ruling was considered a landmark decision on the right to personal data protection in Spain. It explicitly establishes the protection of personal data as a fundamental right. In addition, it defines the difference between the protection of personal data and privacy or, strictly speaking, with intimacy, referring to Section 18.4 of the Spanish Constitution. Thus, the sixth sentence’s legal basis establishes that [T]he fundamental right to data protection seeks to guarantee that a person has the power of control over his/her personal data, over its use and destination, in order to prevent any illicit and harmful traffic for the dignity and rights of the affected person. This way, the sixth sentence recognizes that data protection guarantees individuals the power to dispose of data and declares that the fundamental right to data protection extends to all personal data: the object of protection of the fundamental right to data protection is not limited only to the intimate data of individuals, but to any type of personal data, whether intimate or not, whose knowledge or use by third parties may affect the rights of the person, if they are fundamental or not, because its object is not only individual privacy–because this is the protection that art. 18.1 CE. [article 18.1 of the Spanish Constitution] grants–but all personal data.92 In conclusion, the implementation of the fundamental right of data protection with respect to tax information changes the paradigm to the extent that the implementation of these newly defined rights extends and supports both the obligation of the Tax Administration not to disclose data and the right of the taxpayer not to have personal data disclosed. Instead, it establishes a strong, but not absolute, ban on disclosure. As a general rule, data protection prevents the sharing of information with third parties, including both information processed by the SII itself and information obtained from public sources. As stated before, this is the general rule; only the law itself can establish exceptions.93 Conclusions In today’s society, data management has become essential for both business and public service functions. For tax authorities, processing taxpayers’ data is essential to monitor tax compliance, combat tax evasion and tax avoidance, and provide taxpayer services. This last aspect has gained importance from the work of the OECD, which advocates for collaboration between tax agencies and taxpayers. In Chile, the SII collects a large part of internal taxes, and, certainly, those that are most important in terms of sources of revenue. To carry out this task, the law imposes on the SII the obligation to provide information on taxpayers and third parties, sanctioning non-compliance. However, as a counterpart to these extensive powers, in recent years a statute was enacted to protect the personal data of taxpayers legally collected and processed. Likewise, high-security standards have been established to protect this information from improper access, establishing legal liabilities when this happens. This taxpayer information is no longer limited to the traditional secrecy or tax reserve, which prevents the SII from disclosing taxpayer information to third parties, as has been the case since 1925. In fact, today’s general regulations respect the taxpayer’s private life and protect personal data in accordance with the law. Today’s general regulations also provide that tax returns, except for legal exceptions, are confidential, in the terms provided by the Code. The protection of fundamental rights in tax matters is increasing, consistent with the European trend of protecting taxpayer data. Neither the SII, the Council for Transparency nor the Courts of Justice can share or order the exchange of these data. Because taxpayer rights to secrecy or reserve of taxpayer information are specially protected by both the Constitution and by law, sharing such information could violate the law. Tax Administration and legal actors could face sanctions for the violation of secrecy or reservation of information: first, under the special tax regulations; and secondly, under the special protections accorded to personal data in Chile. Because of the constitutional and legal changes that have recently occurred in Chile, the statute that protects personal data in tax matters is stricter than the statute that protects data in the rest of the legal system: It is an obligation of the SII to protect taxpayers’ personal data and a correlative right of the taxpayer to the protection of their personal data. Establishing this guarantee as a taxpayer’s right establishes protection for any person or entity that transcends the traditional categories of natural person and legal person. In addition, specific forms of protection against violations of this right are contemplated. Only in the cases expressly indicated by law may the SII share the personal data it collects and processes, whether with other public services or with individuals. In any of these cases, there must always be a legitimate interest that supports these exceptions to the duty of secrecy or reserve. Otherwise, it is the violation of the Constitution. Conflict of interest: R.J.L. reports personal fees from Chilean Internal Revenue Service. The work leading to this manuscript was funded by the Fondecyt de Iniciación Project No 11200366 “Bases para la construcción de una teoría general del régimen sancionatorio previsto en Chile para combatir las conductas elusivas” [Bases for the construction of a general theory of the sanctioning regime envisaged in Chile to combat elusive conduct]. Footnotes 1 According to the European Parliament, in 2008 the largest global firms produced goods using fixed assets. Many of those large firms were oil companies. By 2018, the largest global firms were technology companies, making data the most valuable asset in the modern economy. European Parliament, ‘Is Data the New Oil? Competition Issues in the Digital Economy’ (2020) accessed 3 December 2021. 2 For example, tax authorities use the information in their possession to pay refunds to taxpayers who have overpaid their taxes and to assess additional taxes on those who have underpaid. See Organization for Economic Co-operation and Development (OECD), Co-operative Compliance: A Framework – From Enhanced Relationship to Co-operative Compliance (OECD Publishing, Paris 2013). accessed 1 November 2021. 3 Marina Serrat, Los Derechos y Garantías de los Contribuyentes en la Era Digital. Transparencia e Intercambio de Información (Aranzadi, Cizur Menor 2018) 104. 4 Bernardo Olivares, Protección de Datos, Administración Tributaria y Tratamiento de alto Riesgo en la Unión Europea (Aranzadi, Cizur Menor 2018) 26. 5 Juan Herrero de Egaña Espinosa de los Monteros, ‘Intimidad, Tributos y Protección de Datos Personales’ (2007) 2 InDret 1, 5. 6 Philip Baker and Pasquale Pistone, ‘General Report’ in International Fiscal Association, 69th Congress of the International Fiscal Association, vol 100b (IFA 2015) 23, 26. 7 See Act No 20.285 on access to public information. 8 Art 8 bis No 9 of the Tax Code. 9 Art 19 No 4 of the Constitution. 10 Art 19 No 4 of the Constitution was amended in 2018 by Act No 21.096. 11 In this way, the Chilean Constitution follows the trend of Comparative Law. The structure of Latin personal data protection systems is attributed to the criterion established by ruling 292/2000 of the Spanish Constitutional Court, having clearly outlined the content of the fundamental right to the protection of personal data and differentiating it from intimacy or privacy. See Ricard Martínez, ‘El Derecho Fundamental a la Protección de Datos: Perspectivas’ (2007) 5 Revista d’Internet Dret i Política 47, 49ff. In any event, this distinction is recognized by the countries of the European Union. 12 The aforementioned law has been criticized by doctrine because it regulates only sensitive data, which are one kind of personal data, and, in addition, protects data that are not related to private life, privacy, or intimacy. 13 The Constitutional Acts of the constituent debate of the Chilean Constitution of 1980 account for this, specifically, an intervention by Mr Jaime Guzmán E. who visualized them as related in the same way that gender is related to species. 14 Art 2(g) of Act No 19.628. 15 An example would be preventing disclosure of political affiliation or religious creed. 16 Art 2(f) of Act No 19.628. 17 Act No 19.628, art 4(5) and Title III. 18 Developed by Heinrich Hubmann, ‘Der Zivilrechtliche Schutz der Persönlichkeit gegen Indiskretion’ (1957) 17, JuristenZeitung 521, and applied to criminal law by Heinrich Henkel, ‘Der Strafschutz des Privatlebens gegen Indiskretion’, in Verhandlungen des Deutschen Juristentages (Mohr 1958) 60ff. 19 Raúl Cervini, ‘El Elemento Estatutario del Secreto como Instrumento de Efectiva Realización de las Garantías’ (2006) 1 Revista de Derecho, 59ff. 20 Art 374 bis of the Criminal Code. 21 Art 175(b) of the Criminal Procedure Code. 22 Such is the case for antecedents such as name, National Tax No. (RUT), address, profession, and email address. 23 Art 68 of Tax Code. 24 See in this regard, for example, Affidavits Nos 1890 and 1944. 25 EU General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119/1. 26 The reference in the Chilean case is relevant because the data protection law that is being processed in the National Congress closely follows the European model. See Bulletin No 11.144-07 Consolidated with Bulletin No 11.092-07, accessed 20 November 2021. 27 Art 2(o) of Act No 19.628. 28 Art 4 of Act No 19.628. 29 In fact, the regulations make it the taxpayer’s right to access, rectify, erase, and even oppose the processing of their personal data, but also (and on this point, without expressing our opinion) to be informed of the models, formulas, and algorithms used to collect and process this information. See Antonio Faúndez-Ugalde, Rafael Mellado-Silva, and Eduardo Aldunate-Lizana, ‘Use of Artificial Intelligence by Tax Administrations: An Analysis Regarding Taxpayers’ Rights in Latin American Countries’ (2020) 38 Computer Law & Security Review 2. 30 This requirement was established by art 20 of Act No 19.628. 31 See https://dle.rae.es/dato. 32 See Ludwig von Bertalanffy, General System Theory (George Braziller, New York 1968). 33 RUT was established in Decree with Force of Law No 3 of 1969, in order to identify each taxpayer without the possibility of error or confusion, and to maintain control of tax compliance that could not be achieved only through the use of names and surnames. An RUT is unique, safe, and current. Marcelo Matus and Abundio Pérez, Manual de Código Tributario (12th edn, Thomson Reuters 2021) 94. 34 Affidavit No 2890. 35 The obligation of municipalities to deliver information to the SII is established and regulated in arts 16, No 2, and 83 of the Tax Code; in Exempt Resolution SII No 79, of 29 May 2009, which creates Form 2911; and in Circular SII No 48, of 21 August 2009. 36 Sandra Benedetto and Jonatan Israel, ‘Digital Services Tax, Technological Assessments, and Data Protection’ (2020) accessed 29 November 2021. 37 The point was resolved by the Chilean Supreme Court’s ruling of 25 March 2013, ‘BBVA y otros v SII’ case no 8.038-2011, which indicated that banking secrecy is the exception because of the impossibility of knowing the information on bank deposit and fund-raising operations of any nature that banks receive. There are cases of active and other passive transparency. Regarding the latter, the SII can access the information following a procedure regulated in arts 62 and 62 bis of the Tax Code. Instead, the resolution provides a lesser degree of confidentiality and the release of the information can take place. Regarding delivery to the SII, it has demanded that the institution demonstrate that it has a legitimate interest in obtaining it and that it is not foreseeable that knowledge of this information could cause patrimonial damage to the client. 38 Personal Privacy in an Information Society, ‘The Report of The Privacy Protection Study Commission’ (1977) 537 accessed 10 December 2021. 39 Cloud computing contracts should be carefully reviewed to ensure that ownership of the data is not modified when it is processed in cloud environments. In this sense, Rodrigo Campos, ‘Cloud Computing en la Administración Pública: Sobre la Utilización de Servidores Para la Externalización del Almacenamiento de Información’ (2020) 13(1) Ius Novum 63, 90 indicates that special security measures must be adopted when, as the SII does, the Administration uploads information subject to secrecy or confidentiality to cloud computing, indicating that confidentiality clauses should be adopted. 40 This point is relevant and timely. Regarding the annulment of the award of tender ID 545854-12-LR20 of the Chilean Civil Registry, apparently one of the factors supporting annulment was how the Chinese company would protect passports and identity cards issued by Chile. 41 Arts 7 and 9, Act No 19.628. 42 Art 44, Act No 19.628. 43 Observatory on the Protection of Taxpayers’ Rights, The IBFD Yearbook on Taxpayers’ Rights (IBFD 2020) 49 accessed 16 December 2021. 44 This obligation is required by Supreme Decree No 83-2005. 45 In fact, to maintain business continuity and resilience, it is important to ensure that cloud providers are certified according to business continuity standards, such as ISO22301/ ISO27001. CSIRT, ‘Nuestra vida en la nube’ (2021) 9, 10 CIBERSUCESOS accessed 29 November 2021 and CSIRT, ‘Coordinación internacional: Cloud Security Alliance’ (2021) 13, 10 CIBERSUCESOS accessed 29 November 2021. 46 Observatory on the Protection of Taxpayers’ Rights (n 43) 49. 47 See, in this regard, the four criminal types related to computing considered in Act No 19.223. 48 Also, Benedetto and Israel (n 36). 49 All problems arising from the exchange of information between tax administrations of different States are excluded from this analysis. 50 Observatory on the Protection of Taxpayers’ Rights (n 43) 47. 51 As the opinion indicates, information is not considered secret when it is generated by the state body itself, such as tax identification numbers, property appraisals, and motor vehicle appraisals. 52 Opinion No 10.322 (21 March 2001). 53 This tension between personal data protection standards and transparency standards was noted by Renato Jijena, ‘Tratamiento de Datos Personales en el Estado y Acceso a la Información Pública’ (2013) 2(2) Revista Chilena de Derecho y Tecnología 49, 51, 61, for whom these two regulations respond to radically different philosophies. In any case, the author states that the protection of personal data is a limitation on the exercise of the right of access to information. 54 Regulated in art 35 of the Tax Code. The expressions ‘secret’ and ‘tax reserve’ are treated here as synonyms because court rulings make them comparable on occasions and Chilean doctrine sometimes opts for one or another expression to refer to the same content. See Christian Aste, Curso Sobre Derecho y Código Tributario, vol 1 (8th edn, Thomson Reuters, Santiago 2020) 683ff and Matus and Pérez (n 33) 141ff. 55 Among others, a minority vote of the Chilean Supreme Court ruling of 4 December 2019, ‘Samuel Enrique Donoso Boassi v SII’, case no 17.315-2019. On occasions, it has been a majority vote but in obiter dicta. See Chilean Supreme Court’s sentence of 27 November 2013, ‘Daniel Vásquez Medina v SII’, case no 3.002-2013. 56 Baker and Pistone (n 6) 22 compare the concept of good tax administration with the protection of taxpayer rights. Thus, they affirm that generally, both will apply in a specific case, but they point out that in case of conflict, the latter must prevail. 57 Serrat (n 3) 142. Three entities have an interest in an application for disclosure of information in the possession of the SII but belonging to a third party: the applicant, the SII, and the owner of the personal data and information of a tax nature. 58 Matus and Pérez (n 33) 141. 59 Pedro Massone, Principios de Derecho Tributario, vol 3 (4th edn, Thomson Reuters, Santiago 2016) 1702. 60 Classic Chilean texts that analyse the Tax Code do not make further analysis of this aspect. See Ángela Radovic, Obligación Tributaria (ConoSur, Santiago 1998), Manuel Vargas, Obligación Civil y Obligación Tributaria (ConoSur, Santiago 1987) and José Zavala, Manual de Derecho Tributario (Thomson Reuters, Santiago 2009). 61 José Calderón, El derecho de los Contribuyentes al Secreto Tributario. Fundamentación y Consecuencias Materiales y Procedimentales (Netbioblo, La Coruña 2009) 20. 62 This disposition was later changed to art 94 of this Act. 63 These are contained in arts 30 and 33 bis of the Tax Code. 64 Infringements are regulated by ss 1 and 2 of art 97 of the Tax Code. 65 Art 168 of the Tax Code imposes this obligation on officials of the General Treasury of the Republic who review tax returns, as well as any other information held by the SII, applying the sanctions that the Code imposes on SII officials in relation to the secrecy of the documentation. 66 Art 101 No 5 of the Tax Code. 67 Art 30 of the Tax Code. UTM (monthly tax unit) is an indexation tax measurement unit that is determined on a monthly basis. In accordance with the provisions of art 8 No 10 of the Tax Code, a tax unit is understood as the amount of money whose amount, determined by law and permanently updated, serves as a measure or as a tax reference point. 68 See Act No 21.210. 69 The mediate antecedent of art 8 bis No 9 of the Tax Code can be found in Circular No 41 (2006), which linked the reserved nature of the declarations with both art 8 of the Constitution and tax secrecy or reserve under art 35. In effect, the Circular indicated that it was a taxpayer’s right ‘[t]hat their tax returns have a reserved nature and can only be used for the effective application of the taxes whose supervision is entrusted to the Internal Tax Service (SII), without being able to be transferred or communicated to third parties, except in the cases provided for by law’ (art 8 of the Political Constitution of the Republic, in relation to art 35 of the Tax Code). 70 Art 19 No 4 of the Constitution. 71 This idea appears in the pronouncements of the Chilean Supreme Court of 6 April 2020, ‘Alberto Herrmann Erdmann v SII’ case no 21.220-2019, 6 April 2020, ‘Alberto Herrmann Erdmann v SII” case No. 21.221-2019 and December 16, 2019, “Juan Miguel Quintana Marcó v SII’ case no 18.704-2019. 72 Chilean Supreme Court ruling of 31 December 2018, ‘Matías Rojas Arce v SII’ case no 6.333-2018.On the need for confidentiality of tax information held by the SII and that which has been delivered to third parties, see Massone (n 59) 1702. 73 Art 60 bis of the Tax Code defines commercial or business secrets as information ‘not available to the general public and that is essential for the production, distribution, provision of services or commercialization, as long as they are not part of the aforementioned records and books’. 74 Serrat (n 3), 110, 113–14, 159. 75 Heinrich Kruse, Derecho tributario. Parte General (Perfecto Yebra Martul-Ortega tr, Editorial de Derecho Financiero 1978) 349. 76 Alejandro Altamirano, Derecho Tributario. Teoría General (Marcial Pons, Buenos Aires 2012) 497. 77 The Treasury is subject to the obligations and penalties that the Code imposes on SII officials in relation to the secrecy of taxpayer information. 78 Art 3(o) of Act No 19.628. 79 Before the jurisdiction was created by the Tax and Customs Courts, a claim procedure for the violation of rights could be started. 80 Taxpayers may file an appeal for protection with the Regional Director or the Director of the institution, depending on the rank of the official who violated the taxpayer’s right. 81 Art 2(f), of Act No 19.628. 82 Chilean Supreme Court Judgment of 30 October 2017, ‘Semillas Generación Dos Mil Limitada v Servicios Equifax Chile Limitada’, case no 27.889-2017. Hearing an appeal for protection, the Court ruled in a divided decision that Act No 19.628 was applicable to legal persons. 83 Art 1 of Decree with Force of Law No 7, of the Ministry of Finance, of 1980 [Ley Orgánica del SII = Tax Administration Organization Act]; among many regulations, see art 33 bis and 60 of the Tax Code. 84 See art 2(o) of Act No 19.628. 85 See in this regard art 1 of SII Organic Law, Decree with Force of Law No 7, of the Ministry of Finance, of 1980. 86 Against, the minority vote of Minister Muñoz, in Process of 6 April 2020, ‘Alberto Herrmann Erdmann v SII’ case no 21.220-2019 and 6 April 2020, ‘Alberto Herrmann Erdmann v SII’ case no 21.221-2019. 87 Chilean Supreme Court Sentences, of 6 April 2020, ‘Alberto Herrmann Erdmann v SII’ case no 21.221-2019, 4 December 2019, ‘Samuel Enrique Donoso Boassi v SII’ case no 17.315-2019 and 31 December 2018, ‘Matías Rojas Arce v SII’ case no 6.333-2018. 88 Access to personal tax information via transparency law has been termed habeas data. Faúndez, Mellado, and Aldunate (n 29), report a case in which the taxpayer requested access to its own information via transparency, contemplated in a technological tool of the SII (SIIC), whose access was initially denied, but whose delivery was later ordered by the Council of Transparency in decision C-1034-11. The discussion has taken place in Brazil, see Luís Schoueri and Ricardo Galendi Júnior, ‘Human Rights and Taxation: Due Process of Law and Transparency under the Brazilian Constitution’ in César Ruiz (ed), Derecho Tributario y Derechos Humanos. Diálogo en México y el Mundo (Tirant lo Blanch, Ciudad de México 2016), 479ff with the prevention that art 31 of the Act on Access of Information (No 12.527 / 2011) prevents the delivery of personal data. 89 For a contrary view, see Natalia Jara, ‘El derecho de Propiedad Sobre los Datos’ (2021) thematic issue Revista Chilena de Derecho 101, 142. 90 Art 19 No 24 of the Constitution. 91 On the subject and for its detailed analysis, see Martínez (n 11) 49ff. 92 The Spanish Constitutional Court continues to develop this last idea by indicating that the fundamental right to data protection extends the constitutional guarantee to those data that are relevant or affect the exercise of any right of the person, whether constitutional or not and whether or not the data refers to honour, ideology, personal and family privacy, or any other constitutionally protected asset. 93 Art 8 bis no 9 of the Tax Code. © The Author(s) 2022. Published by Oxford University Press. All rights reserved. For permissions, please email: journals.permissions@oup.com This article is published and distributed under the terms of the Oxford University Press, Standard Journals Publication Model (https://academic.oup.com/pages/standard-publication-reuse-rights) TI - Personal data protection: the new paradigm of the tax secret or tax reserve in Chile JO - International Data Privacy Law DO - 10.1093/idpl/ipac020 DA - 2022-12-24 UR - https://www.deepdyve.com/lp/oxford-university-press/personal-data-protection-the-new-paradigm-of-the-tax-secret-or-tax-r025Hi2j4W SP - 79 EP - 91 VL - 13 IS - 1 DP - DeepDyve ER -