By Adam Thimmesch
The privacy implications of online commerce are complicated and fascinating. On the one hand, it allows individuals to protect their privacy by shopping for sensitive items without the knowing glances of store clerks, fellow patrons, or those passing by. On the other hand, it creates a digital trail that can connect them to a particular vendor or purchase in perpetuity. This can occur with respect to items that are politically, medically, or sexually sensitive and with respect to items that they’d just prefer to keep a secret. (For example, if you forget to browse in private mode, you might find that your wife’s Facebook feed now includes ads for the items that you were searching out for her birthday. Woops. Sorry dear.)
Your online shopping habits might also soon be known to your state revenue authority. Given states’ limited jurisdiction to require online vendors to collect sales taxes from consumers, some states have taken a new approach—requiring those vendors to, instead, rat out their customers to the state. Colorado began this movement in 2010, and it is spreading across the country. That has been aided in large part by a recent 10th Circuit opinion upholding those requirements under the Dormant Commerce Clause and the Multistate Tax Commission’s work on a model notice and reporting statute. Most recently, the Governor of Washington signed a bill containing those requirements into law this month.
Here’s how this approach generally works. First, vendors that do not collect the state’s sales tax are required to instead inform consumers about their own use-tax obligations at the point of sale. Second, those vendors are required to mail their customers an annual summary of their purchasing activity. Third, they are required to provide the state with a summary of that activity as well. (Note to our Colorado friends: these obligations became effective July 1.)
These requirements ostensibly serve the function of facilitating individuals’ payments of use taxes on their online purchases. Few people currently pay those taxes, and the revenue losses for states are immense. (I’ve previously written extensively on these issues here and here.) In theory, then, the notice requirement and the information reports could help states to close that revenue gap if they were willing to follow through with individual enforcement actions. But that can be difficult for both economic and political reasons.
As an economic matter, each individual consumer owes a relatively small amount of tax, so it is more efficient for states to pursue tax from the vendors. It is also politically much easier for a state to pursue remote vendors than it is to pursue its own residents (and voters). It thus seems fair to question whether this movement is as much about pressuring vendors into collecting as it is about encouraging individual compliance. I’ll save that discussion for another day.
Regardless of its intended effect, one result of this approach is to raise some unique privacy concerns. The collection of purchasing data by the government seems to push the boundaries of our expectations regarding the government’s surveillance of our every day activities. Indeed, the lawsuit challenging Colorado’s statute contained a privacy claim, and at least one group has indicated that it will challenge the Washington statute on the same ground.
The problem with these claims is that “privacy” is a concept that is difficult to define, and it is an even squishier legal right. The constitutional right to privacy has never been applied in a tax matter in this way, and rights under state law will vary widely, if they even exist.
Perhaps tellingly, the privacy claim was never actually litigated in the Colorado case. The issue was simply dropped after the 10th Circuit rejected the plaintiff’s Dormant Commerce Clause challenge. Privacy concerns were considered more fully in litigation between Amazon and the state of North Carolina when the state wanted individual consumers’ purchasing data in an effort to assess tax against Amazon. A federal district court judge ruled that the state’s information request violated both the First Amendment and federal statutory protections for consumers, and the case was subsequently settled.
The judge often referenced “privacy” in her opinion, but she did not analyze the state’s request under an independent, general right of privacy. The only privacy analysis in the opinion was done under the federal Video Privacy Protection Act, which protects individuals against certain disclosures of their video rental records. That statute provides a limited privacy right in that it restricts access to the specific materials listed in the statute, but that information is still accessible under a number of conditions, including when the government shows a “compelling need” in a civil matter. The judge ruled that North Carolina had failed to provide the required compelling need and was therefore not entitled to a detailed list of each customer’s purchases.
In light of the North Carolina case, it is important to note that the new use-tax reporting requirements being considered or adopted by states require only that aggregate purchasing data be provided to the state. That might satisfy some that the requirements do not impermissibly interfere with individual privacy rights–whether constitutional or statutory. However, individual purchasing information could come up on an audit to determine the taxability of certain items, and the information reports do disclose the existence and scope of a commercial relationship between consumers and particular entities. That might not be problematic if the entity is a general retailer like Amazon.com, but it could create issues if it is a vendor with more particular, sensitive offerings.
The sum of this discussion is that the scope and viability of any potential privacy claim against a state’s notice and reporting requirements is unclear, as a legal matter. It is equally unclear whether those requirements raise privacy concerns as a theoretical matter. Privacy scholars struggle with how to define privacy, and many different conceptions exist in the literature. The general public also has a range of views on privacy. Some people are very sensitive to the disclosure of their information while others view it as a natural part of living in today’s society. I’m exploring these issues in a larger work, but suffice it to say that they make it difficult to analyze tax choices under a privacy framework.
What does seem clear, though, is that the privacy issues raised by states’ notice and reporting requirements would appear to have some force in the court of public opinion, and that those issues are important to consider. Realizing that there are privacy interests at stake could help to enrich Congressional discussions of legislation like the Marketplace Fairness Act. This is not just an economic issue. Allowing states the authority to collect taxes directly from online vendors would also alleviate these privacy concerns.
Now I’m not naive enough to think that privacy concerns will cause Congress to finally act on this issue, but it is certainly an interest that should be considered in the course of discussion. Until we get some resolution, though, shop carefully.
4 thoughts on “Online Shopping and Tax Privacy”
Great post; these privacy issues are interesting and novel. I suspect we’ll learn a bit more about what judges think in the coming years. One thing that struck me as interested about the Amazon NC case was that the materials the judge referred to were books and DVDs, i.e., expressive content. I tend to agree with the court finding that the consumers had a right not to have their personal information related to those purchases disclosed to the government because of the potential chilling effect on speech. (As an aside, that case is really interesting because Amazon did provide the NC DOR with a ton of information about its sales into the state.) But I’ve always wondered if that right would extend to today’s Amazon–would the disclosure that a person bought a 100 pack of toilet paper have the potential to chill speech? I think not…
Another interesting thing is that NC was trying to assess Amazon, not the customers. If the state was assessing the customers instead, could it have gotten the all the information it wanted? Surely there is some limit on the granularity of the information the state can legitimately collect. I think there’s a good chance the state would have successfully argued that it was entitled to the information it wanted (and a good chance it wouldn’t), but it might have had to go directly to the customers. And good luck with that.