Skip to main content
Inland Revenue

Tax Policy

Chapter 3 – Information collection

Summary of proposals

Include a new provision in the Act that empowers the making of regulations governing the repeat collection of external datasets and provides transparency regarding such collection.

Clarify that information collected for one particular function can be used for any other function of Inland Revenue.

In Chapter 3 of Towards a new Tax Administration Act the Government set out some areas where it considered Inland Revenue’s information collection powers might require updating. Broadly, the Government considers Inland Revenue’s information-collection powers are working well; however, some areas need modernisation:

  • clarifying Inland Revenue’s powers for access to large third-party datasets
  • clarifying Inland Revenue’s access to remotely stored information.

The Government considers that the current standard for collection of information is appropriate and should remain. This gives the continued assurance that Inland Revenue will only use its information-gathering powers to obtain information that is needed.

The main focus of this chapter is on access to large third-party datasets, in particular a proposed framework for situations where repeated access to the same data is considered necessary or relevant. This chapter also clarifies that information collected for one particular function can be used for any other function of Inland Revenue.

Clarifying the rules regarding remote access is being explored in conjunction with the statutory review of the Search and Surveillance Act 2012.[39]

External datasets

The Data Futures Forum opened their first discussion paper with an observation that the world is changing significantly in how we use and share data about ourselves.[40] Digital technology has become a ubiquitous part of daily life, and more and more of our lives and activities are being stored digitally. In addition, New Zealand already has one of the more advanced systems of digital government in the world, and this is a trend that is expected to continue.

The collection and use of information is an integral part of the tax administration system. Information is critical to the efficient and effective collection of revenue and disbursement of payments. The future tax administration will involve more automated and streamlined information flows from customers and third parties, and a broader approach to compliance based on better use and understanding of data. Prepopulating returns with information already held by Inland Revenue will also play an increased role.

Inland Revenue’s information collection powers are long established and generally work well. The change proposed in this chapter focuses on situations where the regular, repeated collection of datasets is considered necessary or relevant. The current rules work well for one-off and ad hoc collection of both individual taxpayer data and wider datasets. In this context, the collection of large external datasets is not new, and the courts have made it clear that Inland Revenue’s current information collection power does enable the collection of such datasets. However, the Government considers that when such information is required on a regular, repeating basis, more specific rules are required. The proposal is a clarification for specific circumstances and therefore does not affect the existing information collection powers set out in the TAA.

As the digitisation of the economy is increasing so is the availability and usefulness of large datasets. Data matching is becoming increasingly common in both the public and private sector. In New Zealand the Privacy Commissioner has recognised both the inevitability of wider use and re-use of information, and the benefits that can be obtained from this. The Privacy Commissioner noted that the potential ability of data use in the public sector to design better policies and more efficiently target resources made re-use of data in some sense a responsibility as much as an opportunity.[41]

Turning specifically to the tax context, the use of large datasets for compliance and educative work has been part of the toolkit for revenue agencies around the world for some time. The international exchange of tax information has moved to focus on regular automated exchange of large quantities of information. Many revenue agencies are also routinely using large datasets in domestic compliance, education and service improvement work.

The ATO undertakes a number of large data matching exercises using external datasets. This matching is used to assist with prepopulating returns and for education and compliance purposes. The ATO outlines on its website the types of datasets it obtains and the work done using this information. This website states that the ATO collects information from a wide range of sources, with over 600 million transactions a year reported to the ATO. A number of data matching protocols are also published, including protocols dealing with information collection from specialised payment systems, credit and debit cards, and motor vehicle registries.

More recently, new legislation has been passed in Australia to introduce third-party reporting of real property, shares and units, business transactions made through payment systems, and government grants and payments data. This legislation received royal assent on 30 November 2015 and creates an obligation for formal regular reporting of these classes of information. Previously, much of this information was obtained via data matching programmes using the Australian equivalent of section 17 of the TAA. As the ATO was seeking to have the information in a more regular and timely way, including for use in prepopulating returns, formalised third-party reporting rules were considered appropriate.

The United Kingdom has extensive and very prescriptive rules about the collection of information from “relevant data holders”. “Relevant data holders” are identified in primary legislation, and Her Majesty’s Treasury is then empowered to make regulations specifying what “relevant data” is for each type of data holder. Data collected under these rules is stated to be for risk analysis purposes; however, nothing in the rules restricts its use so it can be used for any revenue function, subject to the ordinary rules about wider use.

Use of bulk data is stated to be essential to Her Majesty’s Revenue and Customs’ (HMRC) compliance function and is primarily used to understand the risk of the amount of tax paid by any given taxpayer or group of taxpayers being incorrect.

  • It allows HMRC to target publicity and support if there is a risk tax has been overpaid.
  • It is used to target HMRC’s compliance checks on cases with a risk that tax has been underpaid, so that compliant people see fewer checks overall.
  • It helps to make sure that HMRC takes the right approach when checking, indicating whether the check should start with a quick phone call or an in-depth investigation.

Towards a new Tax Administration Act suggested that a general rule could be applied in the case of data collected for compliance or education reasons, and that if the focus was on information for prepopulating returns, formal third-party reporting rules would be appropriate. However, the proposal now is that the Act should contain a single provision for the repeated collection of external datasets. Information collected will be used in a range of ways, and rather than trying to set different rules based on use, one overarching provision will cover all scenarios.

Submitters on Towards a new Tax Administration Act expressed conditional support for a more explicit collection power for large datasets. Some submitters noted that Inland Revenue already has extensive information collection powers and, while supportive of more explicit powers, were not necessarily supportive of expanded powers.

The Government notes these comments and emphasises that what is being considered is consistent with the existing powers and more in the nature of clarification than expansion. The courts have made clear in the past that large datasets do fall within the existing general collection powers. The proposed framework would be additional to the existing collection mechanisms, which would still apply for one-off collection or occasional repeat collection of data. The Government considers that for regular, repeated data collection, greater transparency is needed.

The Government considers that a regulatory framework will provide a degree of flexibility to work in an environment where the availability of datasets and the capacity to analyse and use these datasets for a range of purposes is continuing to evolve rapidly. It will also provide greater transparency for these types of regular collection than using the existing general collection powers.

Consistent with the approach proposed in Chapter 2 for information sharing, and with the proposals in Chapter 6 for a more hierarchical drafting approach, the Government proposes these changes:

  • A new provision will be included in the TAA to empower regulations authorising repeat collection of external datasets.
  • Regulations will be made by order in council, be disallowable instruments, and be subject to scrutiny by Cabinet and the Regulations Review Committee.
  • Regulations will specify the type of data, the class of data holder (or if there is only one data holder, that entity), the frequency of reporting required and any specifications as to how the data is to be reported.
  • A recommendation for regulations must outline why the information sought under the proposed regulations is considered “necessary or relevant” and the proposed use of the data.[42]

As a general rule, Inland Revenue would have previously trialled the collection of data (or data of a similar type) using the general collection power before seeking a regulation. Such previous collection and analysis of the dataset would help demonstrate that it was considered “necessary or relevant” to collect the data regularly.

There may be situations when the exact use of the collected data is not made public, as it could, for example, reveal information about compliance activity that assists taxpayers to “game the system”. However, in general, and following the Australian and United Kingdom examples, the Government considers that transparency about the general parameters and use of this form of data collection is appropriate and will assist with public understanding and trust in government, as well as assisting with compliance.

Transparency reporting

Internationally, companies such as Vodafone, Google and Microsoft have begun to publish their own transparency reports. Although still relatively limited, in New Zealand there has also been a more recent trend towards transparency reporting as it relates to information requests received by companies. According to the Office of the Privacy Commissioner, “transparency reporting” is when companies report publicly about the information requested by and disclosed to government agencies, usually for law enforcement or national security purposes. Such reporting is said to provide insight into how government agencies are using their powers and reveal the extent to which companies cooperate with such requests.

In 2015 the Office of the Privacy Commissioner undertook a three month transparency reporting trial with reporting from 10 companies in the financial services, telecommunications and utilities sectors. In addition, Trade Me recently published its fourth annual transparency report, outlining requests the company has received for personal information, and its responses.

The Office of the Privacy Commissioner has noted an apparent paradox for transparency reporting in New Zealand, by reference to a 2015 Horizon Research survey. The survey indicated a possible lack of public understanding about information request powers, and concern about organisations that provided information to government agencies without (and in some cases even with) a warrant. In fact, as the Office of the Privacy Commissioner observes, significant numbers of information requests are made and answered without requirement for a warrant. The paradox referred to was that organisations are required to respond to legitimate requests by government agencies for information. However, the negative reaction by the public to such disclosures acts as a disincentive to report such disclosures – particularly if other organisations in the sector do not report.

Another issue that arises around transparency reporting is whether organisations should notify their customers when their information has been provided under an information request. In Australia, the ATO complies with voluntary guidelines issued by the Office of the Australian Information Commissioner in respect of their large data matching programmes. Under these guidelines, data matching protocols are published outlining the data sought, the intended use, and other details about the programme. The protocols include a section detailing any publicity about the programme, and whether data providers have been advised that they can inform their customers that their data has been shared.

In New Zealand, there is no requirement to notify someone when their information has been released under a government agency request. Trade Me, in its 2016 transparency report, stated it does not have a blanket policy of notifying individual members when their information is released (although in certain circumstances it did, for example in relation to Disputes Tribunal and insurance investigators). However, in relation to law enforcement, Trade Me stated it had considered whether the risk of compromising legitimate investigations outweighed the desire to notify, and that given the obvious sensitivities and the difficulty in knowing when notification could jeopardise an investigation, a notification policy was impractical.

To assist with transparency, the Government proposes that when Inland Revenue is seeking regular, repeating access to a particular dataset (or datasets), an order in council will be required. Inland Revenue should also be required to publish summary information about large data acquisition and matching programmes undertaken under these regulations. This is consistent with the approach taken in the United Kingdom and Australia. Submissions on Towards a New Tax Administration Act also suggested that a more open approach like that of Australia could be considered if the data collection power was made more explicit.

Using the power to obtain repeated large datasets

Inland Revenue already undertakes the collection of many large datasets for a range of purposes. With improved systems, analytical capability and a greater focus on prepopulated returns, the case for regularly obtaining data increases. On the other hand, the impact of such data collection on data holders must also be considered, hence the Government proposes retaining the long-established “necessary or relevant” test.

Some third-party reporting regimes are already covered in the tax legislation – for example, employer monthly schedules and information about investment income. As part of Inland Revenue’s Business Transformation process both these sets of third-party reporting rules are being examined. Given the significance of these forms of information, the breadth of data providers they affect, and their established nature as specific regimes, it is not proposed to move this information within the new framework at this time.

Some examples of possible uses of the new rules are set out below. These illustrate areas the Government might examine for regular collection of data once the proposed framework is in place, and are not firm proposals that this particular data be collected regularly.

Government agency data about businesses

Other government agencies hold information that could be used to establish payments to, or activity undertaken by, taxpayers, or assist in establishing the existence and/or identity of entities that are engaged in activity affecting the tax system. If this is primarily “personal information” Inland Revenue may be able to obtain it through approved information-sharing agreements. However, if it is not personal information but relates to businesses or entities, the approved information-sharing agreement mechanism in the Privacy Act would not apply. In such situations, to ensure both clear authority for the collection of the information, and to provide a greater degree of transparency regarding its collection, regulations under the proposed new provision could be used.

Wider state sector information about social policy customers and outcomes

Analysing information about customers can provide Inland Revenue with the ability to better tailor services and to understand what can lead to customers’ compliance or non-compliance. This is true not just for tax, but across the different product types that Inland Revenue administers. For example, managing the student loan debt book is an important aspect of Inland Revenue’s functions. Information that enhances understanding of why student loan borrowers default on their debt would be of significant use in tailoring services and managing debt. Such information could also be of benefit to the government more broadly in understanding outcomes and the drivers of value in tertiary education.

Payments information

Another area where the power might be considered is in obtaining data about payments to businesses. Both the United Kingdom and Australian legislation include a requirement for reporting from electronic payment systems. In Australia, information is collected from banks and, more recently, alternative payments systems providers. The credit/debit card aspect of the programme has been running since the 2008–09 financial year. The ATO states this allows it to obtain external data to cross-reference with internal data, and identify relevant cases for compliance and educational action. These are the stated objectives.[43]

Objectives of the credit and debit data matching program are to:

  • promote voluntary compliance with taxation obligations and increase awareness in the community of the ways the ATO uses data matching to address non-compliance, by publishing this program protocol
  • identify liquidated or de-registered businesses that are continuing to trade
  • assist in identifying ‘cash only’ businesses, by exception
  • assist the ATO in building intelligence about businesses including broader risk, trend and strategic analysis
  • ensure compliance with registration, lodgement, correct reporting and payment of taxation obligations.

The Australian programme is not focused on individuals’ transaction data, but rather collects monthly transaction totals for businesses, enabling a picture to be established of trading activity.

Information gathered for one purpose being used for other purposes within Inland Revenue

Inland Revenue has a very broad range of functions. In many cases interactions with a customer may be for a particular purpose, or in relation to a particular product type, for example personal income tax or Working for Families tax credits. However, the information obtained may also be relevant for other purposes, for example the customer’s student loan or child support accounts. In many cases customers, both personal and business, have a range of different interaction needs with Inland Revenue and therefore information can be relevant for a range of purposes linked to Inland Revenue’s various functions.

The TAA charges the Commissioner of Inland Revenue with the care and management of the taxes and with other functions conferred. The care and management responsibility encompasses the requirement that the Commissioner carry out her various functions in a way that makes the most efficient use of her resources. This requirement, coupled with the overarching responsibility to protect the integrity of the tax system, suggests that the Commissioner should be able to make the most efficient use of information at her disposal in order to fulfil her various functions and responsibilities.

Inland Revenue’s view is that information gathered for the purpose of one of its functions is also able to be used for any of its other functions. However, to make this clear, the Government proposes to include this principle in legislation. A similar approach is taken in the equivalent UK legislation which expressly provides “information acquired by the Revenue and Customs in connection with a function may be used by them in connection with any other function”.[44]

In proposing this clarification, the Government notes that the Privacy Act contains exceptions to the privacy principles regarding collection, use and disclosure if non-compliance with those principles is for the protection of the public revenue.


[39] Section 357 requires that the operation of the Act be reviewed by the Law Commission and Ministry of Justice. This review is currently underway.


[41] New Zealand’s data future: A view from the Privacy Commissioner, available at

[42] Note that this differs from the requirements of section 17 of the Tax Administration Act 1994 where the Commissioner needs only to be of the view that the information requested is necessary or relevant and is not required to provide reasons why this is the case. The proposed framework is not intended to alter the requirements of section 17.


[44] Commissioners of Revenue and Customs Act 2005, section 17.