Online selling – 2014–15 to 2022–23 financial years

The Australian Taxation Office's (ATO) online selling data-matching program has been in place since 2008.

This protocol consolidates the existing online selling data matching programs for:

• 2015–16 to 2017–18 financial years (gazetted 26 September 2016)
• 2014–15 financial year data (gazetted 8 October 2015).

The protocol outlines our approach to collecting a further three years of online selling data. This will be up to and including the 2022–23 financial year.

We developed the program to ensure businesses and individuals selling goods and services online are:

• registering correctly with us
• lodging their returns
• reporting the payments they receive
• paying the correct amount of tax.

We have collected details of online selling platforms registrants who sold goods or services with a total annual value of:

• $12,000 or more for the 2015–16 to 2017–18 financial years
• $10,000 or more for the 2014–15 financial year.

Our data-matching programs follow the Office of the Australian Information Commissioner’s (OAIC) Guidelines on data matching in Australian Government administration (2014). These guidelines assist Australian Government agencies to use data-matching as an administrative tool in a way that complies with the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Privacy Act). They are consistent with good privacy practice.

The ATO has responsibility to protect public revenue and to maintain community confidence in the integrity of the tax system. Our data-matching programs assist us to undertake these responsibilities.

Find out about:

• Why we look at online selling data
• Program objectives
• Data-related matters
• Public notification of the program
• Our lawful role
• Why we undertake data-matching
• How we undertake data-matching

Why we look at online selling data

The online selling data-matching program will allow us to identify and address a number of taxation risks, including:

• incorrect reporting of income within tax returns and business activity statements (BAS)
• failure to comply with ABN and GST registration obligations when online sellers transition from hobby status to being 'in business'
• failure to meet registration, reporting, payment or lodgment obligations.

Insights from the program inform treatment strategies to improve voluntary compliance through education on taxation obligations. This is particularly helpful for those transitioning from a hobby to a business. It gives assurance that participants are doing the right thing.

Guidance to assist participants to understand whether they are operating as a hobby or carrying on a business is available at Online selling – hobby or business?

Program objectives

The objectives of the online selling data-matching program are to:

• promote voluntary compliance and increase community confidence in the integrity of the tax and superannuation systems
• gain insights from the data to help develop and implement engagement strategies to improve voluntary compliance, which may include educational or compliance activities
• identify and educate individuals and businesses who may be failing to meet their registration or lodgment obligations and assist them to comply
• help ensure individuals and businesses are fulfilling their tax and superannuation obligations.

How we use the data

We use the data in this program:

• for discrepancy matching to help
  • detect potentially unreported income
  • identify taxpayers operating a business but failing to meet their registration, lodgment, reporting or payment obligations
   
• increase our understanding of the behaviours and compliance profiles of individuals and businesses that sell goods or services via online selling platforms
• with other ATO-held data in analytical models to detect high risk activity
• to identify possible compliance issues and develop and implement engagement and assurance strategies to increase voluntary compliance, which may include educational or compliance activities.

The data in this program will not be used directly to initiate automated compliance activity.

Our previous related programs

The ongoing collection of this data enables us to review and educate online sellers who may be transitioning from hobby status to being in business.

The data collection has promoted awareness in the community of our data-matching capabilities. Publishing the data-matching protocol generates media interest, which promotes awareness and education of the risk.

Where the online selling data reveals discrepancies between online sales and information declared in the sellers' tax returns, we will investigate further.

Online selling data is used to deliver compliance outcomes for income tax and GST from taxpayer audits, voluntary disclosures and lodgments.

Data providers

The ATO is the matching agency and the sole user of the data obtained in the course of this data-matching program.

We obtain data from the following providers:

• eBay Australia and New Zealand Pty Ltd
• Amazon Commercial Services Pty Ltd.

Eligibility as a data provider

We adopt a principles-based approach to ensure our selection of data providers is fair and transparent. Inclusion of a data provider is based on the following principles:

• the data owner or its subsidiary operates a business in Australia that is governed by Australian law
• the data owner provides an online marketplace for businesses and individuals to buy and sell goods and services
• the data owner tracks the activity of registered sellers
• the data owner has clients whose annual trading activity amount to
  • $12,000 or more for the 2015–16 to 2022–23 financial years
  • $10,000 or more for the 2014–15 financial year
   
• the data owner provided an online marketplace for the years in focus
• where the client base of a data provider does not present a risk, or the administrative or financial cost of collecting the data exceeds the benefit the data may provide, the data owner may be excluded from the program.

The data providers for this program will be reviewed annually against the eligibility principles.

Our formal information gathering powers

We will obtain the data under our formal information gathering powers contained in section 353-10 of Schedule 1 to the Taxation Administration Act 1953.

This is a coercive power that obligates the data providers to provide the information requested. We will use the information for tax and superannuation engagement and assurance purposes.

Privacy Act

Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act, and in particular:

• APP6.2(b) – the use of the information is required or authorised by an Australian law
• APP6.2(e) – the ATO reasonably believes that the use of the information is reasonably necessary for our enforcement-related activities.

Keeping data safe

The data-matching program will be conducted on our secure systems that comply with the requirements of:

• the Australian Government Information Security ManualExternal Link produced by the Australian Signals Directorate, which governs the security of government information and communication technology (ICT) systems
• the Australian Government Protective Security Policy FrameworkExternal Link, which provides guidance on security governance, personnel security, physical security and information security.

All ATO computer systems are strictly controlled according to Australian Government security standards for government ICT systems. Security features include:

• system access controls and security groupings
• log in identification codes and password protection
• full audit trails of data files and system accesses.

We will use our secure web-based data transfer facility to obtain the data from source entities.

Data elements collected

Data will be collected from online marketplaces whose registrants sold goods or services with a total annual value of $12,000 or more in the applicable financial year.

We negotiate with the selected data providers individually to obtain data held within their systems. The collected data may contain all or a selection of the fields listed below.

Client identification details – individuals

• Given and surname(s) (if more than one name on the account)
• Date(s) of birth
• Account holders' addresses (residential, postal, other)
• Australian business number (if applicable)
• Email address
• Contact phone number(s)

Client identification details – non-individuals

• Business name
• Addresses (business, postal, registered, other)
• Australian business number
• Contact name
• Email address
• Contact phone number(s)

Account details

• Account name
• Account identification number
• Account registration date
• Account registration type
• Store type
• Seller status
• IP Address
• Seller's linked PayPal account
• Number of annual sales transactions
• Value of annual sales transactions
• Number of monthly sales transactions
• Value of monthly sales transactions

Number of records

We estimate the total number of account records obtained to be between 20,000 and 30,000 each financial year. We expect around half of the matched accounts will relate to individuals.

Data quality

We anticipate the data quality will be of a high standard. Online market providers have sophisticated computer systems. The data providers' systems facilitate processing of information about their members' transactions.

The data is sourced from providers' systems and may not be available in a format that can be readily processed by our systems. We apply extra levels of scrutiny and analytics to verify the quality of the data. This includes but is not limited to:

• meeting with data providers to understand their data holdings, including their data use, data currency, formats, compatibility and natural systems
• sampling data to ensure it is fit for purpose before fully engaging providers on task
• verification practices at receipt of data to check against requested specifications we then use algorithms and other analytical methods to refine the data.

Data is transformed into a standardised format. It is validated to ensure it contains the required data elements prior to loading to our computer systems. We undertake program evaluations to measure effectiveness before determining whether to continue to collect future years of the data or to discontinue the program.

To assure data is fit for consumption and maintains integrity throughout the data-matching program, it is assessed against the 11 dimensions of the ATO data-quality framework.

ATO data quality framework

Data retention

The collection of data under this program includes all financial years from 2014–15 to 2022–23. The data collection occurs annually following the end of each financial year.

We work co-operatively with the data providers and aim to balance our requests against peaks and troughs of demand in a data provider's own business.

The collection of 2014–15 data was conducted in January 2016. The collection of the 2015–16, 2016–17 and 2017–18 data was collected between September and November following the end of each financial year.

The Privacy Commissioner granted the ATO an exemption from the usual 12-month period. We are able to retain the data for five years from receipt of all verified data files from the data providers. The exemption request was required to satisfy the National Archives of Australia's General Disposal Authority 24 (GDA24) – Records relating to data matching exercises. GDA24 has now been revoked.

We destroy data that is no longer required, in accordance with the Archives Act 1983, the records authorities issued by the National Archives of Australia, both general and ATO-specific.

We will retain each financial year’s data for five years from receipt of the final instalment of verified data files from the data providers. The data is required for this period for the protection of public revenue as:

• retaining data for five years enables us to conduct long-term trend analysis in the constantly evolving online selling market to develop targeted assistance and education programs
• the data enhances our ability to identify taxpayers who may not be complying with their tax and superannuation obligations, which is integral to the protecting the integrity of the tax and superannuation systems
• it enables us to cross reference taxpayer records retrospectively
• retaining data for five years supports our general compliance approach of reviewing an assessment within the standard period of review, which also aligns with the requirements for taxpayers to keep their records
• the data is also used in multiple risk models, including models that establish retrospective profiles over multiple years aligned with period of review.

While increased data-retention periods may increase the risk to privacy, we have a range of safeguards to appropriately manage and minimise this. ATO systems and controls are designed to ensure the privacy and security of the data we manage.

Find out about:

• Our lawful role
• How we undertake data-matching
• Why we undertake data-matching

Public notification of the program

We will notify the public of our intention to collect 2018–19 to 2023–23 data by:

• publishing a notice in the Federal Register of Legislation gazettes in the week commencing 23 November 2020
• publishing this data-matching program protocol on our website at Data matching protocols
• advising the data providers that they
  • can notify their clients of their participation in this program
  • should update their privacy policies to note that personal information is disclosed to the ATO for data-matching purposes.
   

Gazette notice content

The following information about the data-matching program appears as a gazette notice in the Federal Register of Legislation.