Resumen.

According to the EC estimates presented in November 2018, the so-called VAT gap amounted to approximately EUR 150 billion with organized crime groups largely responsible for its creation.
Therefore, it is not surprising that states, while protecting their economic interests, are implementing new measures aimed at detecting and preventing tax crime. Poland is also pursuing this type of activity, and a number of innovative measures in the field of tax law have been introduced over the last few years. One such solution is the automatic system of analysing transaction data from financial institutions (System Teleinformatyczny Izby Rozliczeniowej, STIR). The way this system works – combining the collection of enormous sets of personal data including sensitive information with confidential analytics and composing reports for tax authorities and law enforcement purposes – must raise doubts as to its compliance with human rights standards. In terms of its operation, STIR resembles electronic surveillance systems in other EU Member States; the difference is that, instead of capturing telecommunications data, it aggregates bulk amounts of information on financial transactions. The purpose of this article is to discuss the regulations that establish the legal framework of STIR and to present recommendations on how to ensure its compliance with the privacy and data protection model functioning in the EU. Special attention will be paid to assessing the proportionality and quality of legal safeguards implemented to limit the risk of abuse of power according to standards established in the case law of the European Court of Human Rights (ECtHR) and the Court of Justice of the European Union (CJEU).