Canadian injunction against Mandatory Disclosure Rules for legal professionals

Lawyers are exempt from Canada’s MDR until at least October 20, 2023.

In the 2021 Canadian Budget, it was announced that Canada would be amending the Income Tax Act to require certain transactions to be reported to the Canadian Revenue Agency (CRA). These new Mandatory Disclosure Rules are set to be implemented in 2023, but compliance will now be delayed until at least October 20, 2023.

In February 2022 the Canadian Department of Finance released draft legislation which included a description of mandatory disclosure measures which will ultimately help the  CRA to become aware of tax evasion ­and aggressive tax avoidance much earlier on in a transaction.

A revised version of the draft legislation was released in August 2022 and included a lower threshold for informing the CRA about relevant “notifiable” transactions and “uncertain tax treatments”.

On 22 June 2023, this revised version under Bill C-47 became law.

However on September 11, 2023, the Federation of Law Societies of Canada, on behalf of all law societies in Canada, filed an application in the British Columbia Supreme Court, challenging the constitutionality of the amendments to the mandatory disclosure rules in the Income Tax Act. 

 Following this challenge, the government agreed to exempt legal professionals across Canada from the mandatory disclosure provisions in sections  237.3 and 237.4 of the Income Tax Act. This will be until at least November 2023, as the case is due to be heard on October 20, 2023. 

Despite the Income Tax Act, the Budget Implementation Act 2023 ensures that disclosure of information is not required if it is reasonable to believe that the information is subject to solicitor-client privilege. 

Critically for lawyers, the new rules place the onus on every advisor or promoter involved in a reportable or notifiable transaction to make their own separate disclosure to the CRA, rather than relying on a single report from the taxpayer.

While taxpayers and their other advisors — including financial advisors — are still subject to the reporting requirement, lawyers will be exempted until at least Oct. 20 under the terms of an interim injunction agreed between the FLSC and Canada’s attorney general.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.