Esther Huiskers-Stoop and Tofigh Hasen Nezhad Nisi
Since the early 2000s, the international exchange of information has become an essential tool in the global fight against tax evasion, tax fraud, and other financial crimes. As governments aim to secure fair and effective tax systems, their ability to access relevant data across borders has become increasingly critical. However, this growing reliance on data sharing presents a legal challenge: how to uphold public values, particularly the protection of taxpayer privacy and personal data, while enforcing tax compliance. This dual obligation of strengthening enforcement and safeguarding rights has led to the development of new legal frameworks and innovative technologies. One such initiative is the Financial and/or Criminal Investigation network, known as FCInet, a decentralised government computer system, initiated by the Forum of Heads of Tax Crime Investigation (held under the auspices of the OECD). FCInet allows public administrations in different countries to collaborate, while respecting their national autonomy. Embedded within this system is ma3tch, a privacy enhancing technology designed to support international cooperation in a legally compliant and secure manner.[1]
This blogpost draws on the findings of the research report “The Standard of Foreseeable Relevance in Privacy Enhanced Tax Information Exchange – Case study on FCInet ma3tch technology”, conducted in collaboration between the Tax an Criminal Law departments of Leiden University. The blogpost examines how the standard of foreseeable relevance, a central requirement in international tax information exchange, is applied in the context of FCInet’s ma3tch technology. It also explores the broader legal, technical, and policy implications of using privacy enhancing tools, to ensure that data exchange is both efficient and respectful of this fundamental right of taxpayers.
Legal Frameworks for Tax Information Exchange
The international exchange of information in tax matters has a long tradition, based on the understanding that transparency is necessary for the effective functioning of a tax system. Over the past century, this has developed into an extensive network of bilateral and multilateral instruments. These instruments aim to strengthen administrative cooperation and increase transparency, thereby improving the ability of states to detect and combat tax fraud and other financial crimes.
Whereas the application of FCInet ma3tch technology involves bilateral information exchanges, an essential instrument in this context is Article 26 of the OECD Model Tax Convention, which provides a framework for three methods of exchange: exchange on request, automatic exchange in specific situations, and spontaneous exchange. Central to all three forms is the requirement that any information exchanged must be foreseeably relevant for the administration or enforcement of the domestic laws of the receiving state. This standard aims to protect taxpayers from unspecified, speculative, and irrelevant requests or data storage, and is meant to prevent what is often referred to as a fishing expedition.
The UN Model Tax Convention, which seeks to promote cooperation between developed and developing countries, contains in its Article 26 a provision that closely mirrors the OECD standard. It includes an additional clarification that information should be exchanged to the widest possible extent, especially to prevent tax avoidance or evasion. In the absence of a bilateral tax treaty, states may rely on the OECD Agreement on Exchange of Information on Tax matters (TIEA). Though primarily designed for exchange upon request, the language of the TIEA closely aligns with Article 26 OECD Model Convention. It provides for the exchange of any information that is foreseeably relevant to the enforcement of tax laws and emphasises confidentiality and legal safeguards.
The Multilateral Convention on Mutual Administrative Assistance in Tax Matters (MAAC), developed by the OECD and the Council of Europe, allows for all forms of administrative cooperation and currently applies to more than 150 countries. This Convention also adopts the foreseeable relevance standard in its general provision on the exchange of information. At the EU level, the Directive on Administrative Cooperation (DAC) governs such exchanges between Member States. Although it has been amended several times to expand its scope, the requirement that exchanged information must be foreseeably relevant remains central.
In all cases, the foreseeable relevance standard functions as a safeguard for taxpayer rights. It requires that there must be a reasonable possibility that the requested or exchanged information will be of use to the receiving state. Its interpretation and application are indispensable for the legal and operational success of cross-border tax cooperation.
Innovation with Privacy by Design
Although tax authorities have a range of instruments for the exchange of information at their disposal, many countries continue to face legal as well as practical challenges within the realm of information exchange. These include a lack of resources to create information management systems that are both compliant with legal standards and feasible to implement and maintain.
The FCInet ma3tch technology is designed to support a more efficient and privacy-friendly exchange of tax information. This technology generates a filter from local data sources that are autonomously selected by the sending organisation. The filter consists of aggregated multi-hashed (personal) data, making it impossible to reverse or trace the data back to individual records, unless a hit is validated. Filters can be shared with selected peer organisations, who can anonymously check whether selected keys from their own database are present in the shared filter.
The exchange proceeds in four technical phases: the start-up phase (which includes selecting, standardising and processing the data), the execution phase (spontaneously sharing the filter), the verification phase (validation of hits), and the completion phase (possible follow-up request for specific tax information). At each phase, the technology is designed to minimise data sharing and maximise compliance with applicable privacy regulations. The receiving state can compare its own data with the received filter. If a ‘hit’ leads to identification of a taxpayer, the receiving state submits a tax information request through mutual legal assistance channels. The sending state verifies compliance with legal standards before providing the information.
In this way, FCInet ma3tch supports the spontaneous exchange of information while limiting interference with the right to privacy and data protection. It enables participating authorities to comply with their international commitments in a legally secure and privacy conscious manner.
Legal and Technical Interpretation
The standard of foreseeable relevance plays a central role in the international exchange of tax information. It is intended to ensure that information provided by one state to another is not speculative, but potentially useful for the administration or enforcement of tax laws. In the context of FCInet ma3tch technology, the application of this standard raises several legal and technical questions, particularly in relation to the spontaneous exchange of information.
One of the questions under debate is whether all data used to generate a ma3tch filter must, before sharing, have a visible connection to the jurisdiction of the receiving state. According to the findings of the study, this question must be answered in the negative. The data used for the filter does not need to show a visible relationship with the receiving jurisdiction before it is shared. Exceptions may exist in jurisdictions where, for example, prior authorisation could be required for the use of data for non-tax purposes or for transmission to third parties.
Another issue is whether a hit or commonality detected by a receiving organisation through the filter, is in itself sufficient to satisfy the requirement of foreseeable relevance. The study concludes that this is not the case. A hit alone cannot be considered relevant, unless it is validated by the sending state. Relevance, therefore, depends on the qualified confirmation that the data indeed relates to an individual who is already under investigation or examination in the sending jurisdiction.
A further point of discussion is whether the sharing of filters amounts to a prohibited fishing expedition. According to the report, this concern is unfounded. The filters used in ma3tch technology are based on individuals who are, in principle, subject to an investigation for a specific fraudulent typology or scheme. This context is generally sufficient to fall outside the scope of what would be considered a fishing expedition, as defined under Article 26 of the OECD Model Convention.
In sum, the ma3tch technology enables the application of the foreseeable relevance standard in a manner that is both legally sound and operationally effective. It ensures that information is in principle exchanged only within the context of an existing investigation and validated by the sending authority. Through this process, the data protection rights of taxpayers within international cooperation are safeguarded as much as possible.
Comparative Country Perspectives
To understand how the standard of foreseeable relevance is applied in practice, a comparative analysis was carried out across eleven jurisdictions, both within and outside the European Union. The study focused on how domestic legal frameworks, administrative practices, and data protection standards influence the interpretation and implementation of this principle in the context of spontaneous exchange of information.
The findings reveal that, while most jurisdictions adhere to the OECD standard, important national variations remain. Some countries, for example, require prior authorisation from a competent authority, before data can be shared. In very rare cases, advance notification to the taxpayer could also be necessary. In other jurisdictions, such requirements are absent, allowing for more immediate data sharing once the standard of foreseeable relevance is deemed to be met.
There are also differences in how received information may be used. Some countries restrict the use of such information to tax purposes. Others allow broader use, including for money laundering investigations or oversight activities, provided that legal conditions are satisfied. In certain jurisdictions, only tax authorities are authorised to receive and act on exchanged information, whereas others permit law enforcement agencies, supervisory bodies, or even third countries to access the data.
Countries with more developed and clearly defined legal frameworks for information exchange, such as the United States and France, tend to show both a higher frequency and a broader scope of exchanges. These jurisdictions have established procedural safeguards and operational clarity that support effective application of the foreseeable relevance standard.
Despite these differences, the general requirement remains that the foreseeability of relevance must be established at the moment the filter is shared. In practice, cases requiring prior authorisation or notification are decreasing in number, in line with the global trend toward broader and more timely exchange of tax information. The comparative analysis underscores the importance of aligning privacy protection with international standards, while also recognising the value of jurisdictional flexibility in operationalising the standard.
Legal and Policy Recommendations
To enhance the effectiveness of international tax information exchange using technologies such as FCInet ma3tch, several legal and policy refinements should be considered. These address both the developing technological climate and the need for strong taxpayer safeguards in cross border cooperation.
A first step is to revisit the concept of foreseeable relevance. As digital tools and data protection rules play an increasingly prominent role in administrative cooperation, there is a need to review and clarify how this standard should apply in practice. In particular, the legal interpretation of this principle, as reflected in bilateral tax treaties and international instruments, should be updated to account for new methods of data exchange. This may require revisions to treaty language, or the introduction of supplementary protocols, to facilitate lawful and effective collaboration between tax authorities and other competent bodies, such as anti-money laundering agencies or supervisory authorities.
Moreover, countries are encouraged to adopt a more precise definition of foreseeable relevance that supports efficient information exchange. The formulation used in the European Union’s recent DAC7, where information is considered foreseeably relevant if there is a reasonable possibility that it will be useful to a specific investigation, can serve as an example. This approach finds a middle ground between legal certainty and operational flexibility, which allows both the sending and receiving states to apply the standard appropriately within their own systems.
In few cases, domestic laws may still require prior authorisation before tax information can be shared for non-tax purposes or with third countries. Where such rules exist, the standard of foreseeable relevance must be met at the moment that authorisation is granted, not merely at the point of exchange. A practical solution could be the use of a predefined list of cases where prior authorisation is not required, a so-called ‘whitelist’. Likewise, in jurisdictions that require notifying the taxpayer in advance, authorities must be able to demonstrate that the information meets the relevance threshold at the time of notification.
It is also essential to account for differences in privacy and tax secrecy standards. Some states may hesitate to share information with jurisdictions that do not offer equivalent protections for personal data. Aligning national privacy laws with international standards, such as the EU General Data Protection Regulation (GDPR), is essential to safeguard privacy and data protection and to ensure a lawful exchange. Many countries are already adapting their legal frameworks accordingly.
The use of ma3tch technology brings clear advantages in terms of data minimisation and privacy protection. However, technical precision is key. Filters must be based on high-quality, well-structured data to prevent missing hits. In the event of a hit, validation by the sending authority should always occur before any personal information is passed on to a third party. This safeguard is incorporated in the FCInet User Protocol. It helps prevent inappropriate disclosures, such as in cases where investigative functions overlap and data may be shared prematurely between tax and criminal authorities.
Participants in FCInet must ensure that their use of the system is consistent with both international and domestic legal obligations. Although ma3tch uses pseudonymised data and is designed to minimise intrusions into privacy, its use still constitutes a form of data processing that must meet applicable standards. Compared to traditional exchange mechanisms, however, ma3tch reduces the breach of personal data protection or does not breach at all when no hit occurs.
Finally, unlike legal instruments in tax law, many instruments for cooperation in criminal matters exist. Although these instruments do not use the concept of foreseeable relevance, they do include other requirements that can be compared to the principle of foreseeable relevance. The technology in question does, in principle, not seem to be incompatible with criminal law standards. It appears to be even more protective compared to individual rights, such as the rights to privacy and data protection, that are usually affected. However, it could be useful to establish common rules to prevent possible discriminatory elements in the filters. This could include technical and procedural standards to be agreed upon and embedded within the FCInet framework. Ensuring legal and operational symmetry across the network, will strengthen cooperation and maintain the credibility of cross border information exchange.
Conclusion
The increasing reliance on international tax information exchange has brought with it new challenges, particularly in balancing effective enforcement with the protection of taxpayer privacy. The principle of foreseeable relevance serves as a foundational safeguard within this framework, and ensures that exchanges are targeted, justified, and legally sound. As the global digital climate develops, so too must the interpretation and application of this standard.
The introduction of privacy enhancing technologies, such as FCInet ma3tch, demonstrates that it is possible to support spontaneous and efficient data exchange, while respecting the rights of individuals. By design, ma3tch limits access to personal data, enforces validation procedures, and allows for cooperation without compromising legal autonomy. Its use could provide a move toward data minimisation and context specific filtering, that prioritises both relevance and discretion.
At the same time, differences in domestic legal systems continue to affect how foreseeable relevance is applied in practice. These variations call for a harmonisation of legal definitions, clarifying procedural requirements, and aligning privacy protections with international standards. Updated domestic laws and shared protocols, can help bridge gaps between jurisdictions and improve the consistency of information exchanges.
Ultimately, the effectiveness of international tax information exchange depends not only on technological innovation, but also on legal precision, procedural fairness, and mutual trust between participating organisations. By refining the foreseeable relevance standard and embedding safeguards into the tools and practices used, states can support meaningful cooperation that is both operationally robust and respectful of individual rights. In doing so, they strengthen the legitimacy and sustainability of global tax enforcement efforts in the digital age.
———————
This blogpost is based entirely on the research report The Standard of Foreseeable Relevance in Privacy Enhanced Tax Information Exchange − Case study on FCInet ma3tch technology, conducted by Esther Huiskers-Stoop, Tofigh Hasen Nezhad Nisi, Irma Mosquera Valderrama, Anna Mosna and Jannemieke Ouwerkerk at Leiden University. The full report is available at the Leiden University Repository Link here
[1] For more information on the FCINET see website FCINET. Furthermore, on the FCInet ma3tch technology in the light of tax data protection see Chapter 4 of the Report: The Standard of Foreseeable Relevance in Privacy Enhanced Tax Information Exchange – Case study on FCInet ma3tch technology.