Recapping

As already discussed in the previous sections of this article, the specific challenges of integrating Tax Administration systems with the rest of the tax ecosystem to achieve “Tax Administration 3.0” can be grouped into three key areas.

In the first group the technical challenges have been identified, occupying a prominent place on the agenda, the harmonization of architectures, protocols, and standards between the different systems so that they can interoperate without difficulties.

In the second group, the functional challenges have been concentrated where it has been seen that in order for the systems to be integrated, the use of a common language applied to the data is required, in order to facilitate frictionless interaction between systems. In this line, the relevance of the management of master data and reference data has been highlighted, encouraging the allocation of responsibilities over their administration so that they can be used throughout the public sector. Likewise, we have reviewed the importance of managing the quality of the data from the design of the tools, aiming at an active approach to their continuous improvement.

The framework described demands the existence of a robust regulatory framework that ensures compliance with standards in terms of security and information protection, with special emphasis on the protection of personal data. This requirement acquires particular relevance given the sensitive nature of taxpayers’ data, linked to their assets and tax situation.

This third section will delve into the ethical and legal challenges associated with these requirements, covering the aspects related to the secure management of information, the observance of human rights and the assurance of regulatory compliance.

Regulation 

The Tax Administrations must face a regulatory compendium that they must fulfill and provide them with a framework of ethical and legal responsibility for their actions.

These frameworks regulate, among other issues, privacy and protection of personal data, access to information, transparency and accountability, taxpayers’ rights, and dispute resolution.

Rights of taxpayers

Ensuring respect for the rights of taxpayers is an essential principle for the functioning of a tax system within the framework of a democratic state governed by the rule of law. In the field of Tax Administration, acting in accordance with a clear regime of rights and obligations contributes to strengthening public confidence in tax institutions, consequently promoting voluntary compliance by citizens.

On the contrary, regulatory non-compliance translates into an economic cost, compared to the application of sanctions or fines, and even into operational cost. At the same time, it can generate a symbolic cost, reflected in the loss of the organization’s reputation, which translates into a lack of trust and credibility, impacting on the perception and behavior of taxpayers.

Access to public information and transparency

Following the Guide for the protection and ethical use of information held by tax administrations prepared by CIAT according to UNESCO, access to information can be defined as the “right to seek, receive and disseminate information held by public bodies.” This is one of the fundamental rights recognized by the Universal Declaration of Human Rights. In turn, transparency could be defined as the “set of government decisions and actions that aim to provide citizens with clear, accurate, accessible and abundant information on various dimensions of government performance. Both are fundamental pillars of an effective and ethical tax administration.

In line with what CIAT has expressed, the appropriate use of the information held by tax administrations facilitates accountability, makes it possible to combat tax evasion and promotes an equitable distribution of the tax burden. However, this access must be regulated to safeguard the privacy and rights of taxpayers, thus maintaining a balance between access to information and the protection of data privacy and confidentiality.

Privacy and protection of personal data

Digitalization is advancing rapidly, and legislation often does not keep pace. Innovation and technological change impose situations that require new ethical and legal approaches. In particular, in recent years, in the world and in the region, there has been an update of national regulations on the protection of personal data, with cases such as Chile, Brazil and Ecuador. This movement is often motivated by the need to achieve modern standards such as those promoted by the General Data Protection Regulation of the European Union and by the need to offer clear rules against the new forms of data processing of citizens.

The tax administrations are immersed in this context, which is why they are driven to apply the changes in their policies derived from the current international debates. Precisely, as stated in the aforementioned CIAT guide, the protection of personal data plays a crucial role in tax administrations by safeguarding the integrity and confidentiality of tax data.

In this sense, the integration of systems must address the ethical and legal aspects related to the processing of personal data, considering fundamental national, regional, and international principles, and including the analysis of the regulatory differences that exist between countries in the case of cross-border exchanges. This challenge involves driving an integration that addresses the proper use of data and the compliance, assigning ethical and legal responsibility for their treatment.

Likewise, tax information, by its nature, requires robust safeguards to prevent unauthorized access, alterations or improper disclosures that could compromise taxpayers’ privacy (CIAT, 2024). In this sense, information security occupies a main place to generate the conditions for integration in line with regulatory compliance.

Information security: confidentiality, availability, and integrity

The Principle of Confidentiality and Access Control

As previously mentioned, in an environment marked by the increasing digitalization of public services, tax administrations face a key challenge: protecting taxpayers’ confidential information. The sensitive nature of tax data – including income, wealth, payment history, deductions, financial relationships – requires robust security, especially around the principle of confidentiality, access control, digital identity management, and strict compliance with the regulatory framework. It should be mentioned that the issue of building a digital identity, due to its complexity, requires a separate approach. There is a natural tension between these aspects and the integration of the systems that must be addressed comprehensively.

Confidentiality as a Pillar of Fiscal Security

Confidentiality implies keeping the information available only to those who have the proper authorization. In a Moderna tax administration, this means not only protecting information from unauthorized external access (such as cyber-attacks), but also carefully managing internal access. This is where a fundamental question comes into play: Who sees what data? Within the framework of integration, it implies that the necessary technical and organizational measures can be applied to guarantee this aspect as part of interoperability.

Access Control and Information Segmentation

In an organization with multiple areas and levels of responsibility, not all employees need to access the same set of data. Therefore, it is essential to establish controls that clearly define what information can be viewed, modified, or shared by each role.

This involves applying principles such as:

• Principle of least privilege: each user should have access only to the information strictly necessary to fulfill their functions. The same principle applies to information shared through the integration of systems.
• Segregation of duties: critical tasks should be performed by different people, reducing the risk of fraud or abuse of power.
• Audit and traceability: all access to tax information should be recorded and reviewed periodically.

In line with what has been addressed, the public trust and the credibility of the tax administration depend on the security of the managed information, which becomes particularly relevant in Tax Administration 3.0. The effective implementation of protection measures not only protects tax information from internal and external threats but also contributes to the legitimacy and transparency of tax operations, thus strengthening the relationship between the tax administration and taxpayers. (CIAT, 2024)

Addressing these challenges

In terms of information security, the risk of a tax data breach can undoubtedly affect the institutional reputation and even lead to fraud, extortion, economic losses and legal responsibilities for the administration and its officials. Trust in the Tax Administration is essential for an integration with taxpayers’ systems to take place, therefore, a security breach has a greater negative impact in the context of the 3.0 model of Tax Administration.

Therefore, technological measures must necessarily be complemented by:

• Continuous training of personnel.
• Clear policies for classification and treatment of information.
• Organizational culture oriented to data protection.
• Periodic risk assessments and internal audits.
• Training of the general public, as a mechanism to strengthen the security of all integrated systems.

As far as regulatory frameworks are concerned, it could be said that it is necessary:

• Evaluate the consequences that data processing and the application of measures could have, from a multidisciplinary perspective (legal, business, and technical areas) by conducting impact assessments and managing risks, considering the challenges inherent to integrated systems.

Some conclusions

Tax Administration 3.0 is a paradigm shift that requires, in a gradual process, cooperation between public sector agencies and with the private sector, including with an international perspective, to promote the integration of systems that facilitate and promote compliance with tax obligations. To achieve this, it is necessary to address the challenges that have been detailed in the three parts of this article: the technical, the functional and the ethical and legal ones.

On this latter aspect, the adoption of measures to guarantee the security of tax information, including its confidentiality, integrity and availability, become key tools to ensure regulatory compliance. Providing guarantees on the right to access public information and the creation of transparency and accountability mechanisms, as well as data processing that respects privacy and the protection of personal data, are fundamental dimensions to preserve taxpayers’ trust and strengthen the legitimacy of tax administrations in a constantly evolving digital environment.

Sources and References

ISO/IEC 27001:2022 – Information Technology – Security Techniques – Information Security Management Systems – Requirements Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). International standard for information security management. Risk-based approach protects confidentiality, integrity, and availability. Key controls: access management (Annex A).
https://www.iso.org/standard/27001

OECD – Guidelines on the Protection of Privacy and Cross-Border Flows of Personal Data (Revised, 2013) Organization for Economic Co-operation and Development (OECD). Principles to protect data in digital environments; restricted, informed and proportional access for tax purposes.
https://www.oecd.org/sti/ieconomy/oecdprivacyframework.htm https://www.oecd.org/en/publications/oecd-guidelines-on-the-protection-of-privacy-and-transborder-flows-of-personal-data_9789264196391-en.html

CIAT – Manual of Good Practices in Information Security for Tax Administrations (2020) Inter-American Center of Tax Administrations (CIAT). Document prepared with the support of GIZ and IDB. Specific guide for tax administrations in Latin America. It includes digital identity management, portal security, internal access prevention and formal tax information policies.
https://www.ciat.org/manual-de-buenas-practicas-en-seguridad-de-la-informacion/

NIST Special Publication 800-53 Rev.5 – Security and Privacy Controls for Information Systems and Organizations (2020) National Institute of Standards and Technology (NIST), USA. Security and privacy controls for information systems, widely adopted in government environments.
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

ISACA – COBIT 2019 Framework: Governance and Management Objectives ISACA – Information Systems Audit and Control Association. Framework for governance and management of information systems.
https://www.isaca.org/resources/cobit

CIAT (2024) Guide for the protection and ethical use of information held by tax administrations.
https://www.ciat.org/Biblioteca/DocumentosTecnicos/Espanol/2024_Guia_proteccion_datos_AT_CIAT_GIZ.pdf

OECD (2024) Tax Administration 3.0: The digital transformation of tax administration. OECD Publishing, Paris.
https://doi.org/10.1787/f30c1100-es

OAS (2021) Updated Principles on Privacy and Protection of Personal Data. Retrieved from:
https://www.oas.org/es/sla/cji/docs/Publicacion_Proteccion_Datos_Personales_Principios_Actualizados_2021.pdf

RIPD (2017) Personal Data Protection Standards for the Ibero-American States.
https://www.redipd.org/documento/estandares-iberoamericanos-2017.pdf

Ruz, C. (2025) The integration of systems in Tax Administration 3.0, Part 1, and Part 2. CIAT Blog.
Part 1: https://www.ciat.org/la-integracion-de-sistemas-en-la-administracion-tributaria-3-0-parte-1/
Part 2: https://www.ciat.org/la-integracion-de-sistemas-en-la-administracion-tributaria-3-0-parte-2/

26 total views, 26 views today