What can the tax authority see — my bank, my platforms, my life?
Verdict: A lot, by law — with algorithmic limits courts enforce
Tax authorities hold real statutory access: bank reporting, platform earnings, cross-border exchange. What they cannot do — and have been struck down for — is opaque algorithmic suspicion.
Little consent theatre here: tax processing runs on legal obligation and public task, and the pipes are wide by design. What flows automatically: employer wage data; bank interest and account reporting under national law plus cross-border exchange (CRS/DAC — your foreign accounts report home); and since DAC7, platform earnings — Airbnb, eBay, Etsy, Uber and the rest report sellers’ income EU-wide, which is why casual sellers get letters now. Crypto exchanges join via DAC8. Targeted access: transaction-level bank interrogation typically needs an open inquiry into you, per national procedure — fishing expeditions are the line, and where authorities blurred it, courts pushed back. The algorithm line — the big one: risk-scoring taxpayers with opaque models produced Europe’s loudest data scandals (the Dutch childcare-benefits affair, struck-down fraud-scoring systems like SyRI), and the combination of GDPR Art. 22, the AI Act’s high-risk tier and constitutional courts now boxes in algorithmic tax suspicion: significant decisions need human review and explainability — demandable when a decision smells machine-made. Your rights survive taxation: access to your file (with investigation-phase carve-outs), rectification of wrong data feeding assessments, and — administrative appeal deadlines being brutally short everywhere — the practical rule: respond to every letter within its window, and dispute data errors in writing immediately, not at the hearing.
Verified against the sources above on 18 July 2026. Information, not legal advice.