THE TRANSATLANTIC MAGAZINE
Earlier this week, reports emerged that Russian Hackers had been able to breach the US Treasury and Commerce departments. The news has prompted UK Lawyer Filippo Noseda, a prominent figure in the ongoing question of FATCA and its impact on overseas Americans, to reiterate earlier warnings on the security vulnerabilities of sharing data about US Citizens living abroad.
In a letter dated December 14, Mr Noseda wrote to Dr Andrea Jelinek, Chair of the European Data Protection Board (EDPB), explaining that "hacking of FATCA data is a question of when, not if." It's a warning Noseda has already given before, describing FATCA earlier this year as a "Data Privacy Disaster Waiting to Happen".
In his latest letter, Noseda explains that hacking and is a growing problem. Noseda and legal firm Mishcon de Reya have been maintaining a list of incidents relating to hacking and data breaches in the context of regulations including Automatic Exchange of Information (AEOI), FATCA and the Common Reporting Standard (CRS). When the list was first launched in November 2019, it was 14 pages long, whereas the list is now 55 pages.
In the letter, Mr Noseda argues that "Many incidents, such as the attack reported today against the US Treasury or the news that HMRC reported 11 'serious' data breaches incidents to the ICO affecting over 23,000 UK taxpayers, are directly relevant to our claim that through its excessive nature, FATCA (as well as the CRS) unnecessarily expose millions ofcompliant citizens to the real risk of hacking."
FATCA is a regulation which requires banks and other financial institutions outside of America to report data on US-connected clients back to the USA. The regulation means that US Citizens living abroad, as well as 'accidental Americans' who have acquired US citizenship through being born in America or to American parents, face a number of difficulties when applying for basic financial services including bank and savings accounts, loans, credit cards etc.
In his ongoing case against FATCA, privacy has become a key argument, with claims that FATCA not only infringes on the liberties and rights of those individuals affected, but also represents a data security risk to them as well.
Noseda goes on to warn that when a hacking does occur, "and the music stops, public opinion will ask why it has taken the EDPB over a year to 'look into' the problem without coming up with any recommendations, nor engage with campaigners who have been raising awareness on the data protection implications of systems of automatic exchange of information."
To see the letter, and further correspondence relating to Noseda's case against FATCA, go to www.mishcon.com/news/correspondence