Online Shopping and Tax Privacy

By Adam Thimmesch

The privacy implications of online commerce are complicated and fascinating. On the one hand, it allows individuals to protect their privacy by shopping for sensitive items without the knowing glances of store clerks, fellow patrons, or those passing by. On the other hand, it creates a digital trail that can connect them to a particular vendor or purchase in perpetuity. This can occur with respect to items that are politically, medically, or sexually sensitive and with respect to items that they’d just prefer to keep a secret. (For example, if you forget to browse in private mode, you might find that your wife’s Facebook feed now includes ads for the items that you were searching out for her birthday. Woops. Sorry dear.)

Your online shopping habits might also soon be known to your state revenue authority. Given states’ limited jurisdiction to require online vendors to collect sales taxes from consumers, some states have taken a new approach—requiring those vendors to, instead, rat out their customers to the state. Colorado began this movement in 2010, and it is spreading across the country. That has been aided in large part by a recent 10th Circuit opinion upholding those requirements under the Dormant Commerce Clause and the Multistate Tax Commission’s work on a model notice and reporting statute. Most recently, the Governor of Washington signed a bill containing those requirements into law this month.

Here’s how this approach generally works. First, vendors that do not collect the state’s sales tax are required to instead inform consumers about their own use-tax obligations at the point of sale. Second, those vendors are required to mail their customers an annual summary of their purchasing activity. Third, they are required to provide the state with a summary of that activity as well. (Note to our Colorado friends: these obligations became effective July 1.)

These requirements ostensibly serve the function of facilitating individuals’ payments of use taxes on their online purchases. Few people currently pay those taxes, and the revenue losses for states are immense. (I’ve previously written extensively on these issues here and here.) In theory, then, the notice requirement and the information reports could help states to close that revenue gap if they were willing to follow through with individual enforcement actions. But that can be difficult for both economic and political reasons.

As an economic matter, each individual consumer owes a relatively small amount of tax, so it is more efficient for states to pursue tax from the vendors. It is also politically much easier for a state to pursue remote vendors than it is to pursue its own residents (and voters). It thus seems fair to question whether this movement is as much about pressuring vendors into collecting as it is about encouraging individual compliance. I’ll save that discussion for another day.

Regardless of its intended effect, one result of this approach is to raise some unique privacy concerns. The collection of purchasing data by the government seems to push the boundaries of our expectations regarding the government’s surveillance of our every day activities. Indeed, the lawsuit challenging Colorado’s statute contained a privacy claim, and at least one group has indicated that it will challenge the Washington statute on the same ground.

The problem with these claims is that “privacy” is a concept that is difficult to define, and it is an even squishier legal right. The constitutional right to privacy has never been applied in a tax matter in this way, and rights under state law will vary widely, if they even exist.

Perhaps tellingly, the privacy claim was never actually litigated in the Colorado case. The issue was simply dropped after the 10th Circuit rejected the plaintiff’s Dormant Commerce Clause challenge. Privacy concerns were considered more fully in litigation between Amazon and the state of North Carolina when the state wanted individual consumers’ purchasing data in an effort to assess tax against Amazon. A federal district court judge ruled that the state’s information request violated both the First Amendment and federal statutory protections for consumers, and the case was subsequently settled.

The judge often referenced “privacy” in her opinion, but she did not analyze the state’s request under an independent, general right of privacy. The only privacy analysis in the opinion was done under the federal Video Privacy Protection Act, which protects individuals against certain disclosures of their video rental records. That statute provides a limited privacy right in that it restricts access to the specific materials listed in the statute, but that information is still accessible under a number of conditions, including when the government shows a “compelling need” in a civil matter. The judge ruled that North Carolina had failed to provide the required compelling need and was therefore not entitled to a detailed list of each customer’s purchases.

In light of the North Carolina case, it is important to note that the new use-tax reporting requirements being considered or adopted by states require only that aggregate purchasing data be provided to the state. That might satisfy some that the requirements do not impermissibly interfere with individual privacy rights–whether constitutional or statutory. However, individual purchasing information could come up on an audit to determine the taxability of certain items, and the information reports do disclose the existence and scope of a commercial relationship between consumers and particular entities. That might not be problematic if the entity is a general retailer like Amazon.com, but it could create issues if it is a vendor with more particular, sensitive offerings.

The sum of this discussion is that the scope and viability of any potential privacy claim against a state’s notice and reporting requirements is unclear, as a legal matter. It is equally unclear whether those requirements raise privacy concerns as a theoretical matter. Privacy scholars struggle with how to define privacy, and many different conceptions exist in the literature. The general public also has a range of views on privacy. Some people are very sensitive to the disclosure of their information while others view it as a natural part of living in today’s society. I’m exploring these issues in a larger work, but suffice it to say that they make it difficult to analyze tax choices under a privacy framework.

What does seem clear, though, is that the privacy issues raised by states’ notice and reporting requirements would appear to have some force in the court of public opinion, and that those issues are important to consider. Realizing that there are privacy interests at stake could help to enrich Congressional discussions of legislation like the Marketplace Fairness Act. This is not just an economic issue. Allowing states the authority to collect taxes directly from online vendors would also alleviate these privacy concerns.

Now I’m not naive enough to think that privacy concerns will cause Congress to finally act on this issue, but it is certainly an interest that should be considered in the course of discussion. Until we get some resolution, though, shop carefully.