The UK government has confirmed that HMRC has been quietly using AI to monitor social media for years in criminal investigations. What does this mean for privacy rights and data protection?

The Revelation

In August 2025, HM Revenue & Customs (HMRC) publicly admitted for the first time that it uses artificial intelligence to monitor taxpayers’ social media posts as part of criminal tax investigations. This admission has sparked intense debate about digital privacy, government surveillance powers, and the potential for algorithmic errors in tax enforcement.

The practice has reportedly been in place for several years, with HMRC maintaining that all uses of the technology are within the law. The tax authority emphasizes that AI for social media monitoring is “restricted to criminal investigations and subject to legal oversight”, but privacy advocates remain concerned about the implications of this systematic surveillance.

How the System Works

HMRC’s AI tools analyze social media posts alongside financial records and spending habits to identify discrepancies that could indicate tax evasion. The system specifically flags individuals whose online lifestyle appears inconsistent with their declared income.

The system flags “red flag” purchases like expensive holidays or luxury items if they appear inconsistent with a person’s declared income. For example, posts about luxury vacations, expensive cars, or high-end purchases could trigger investigations if they contradict tax filings showing modest earnings.

This AI surveillance operates alongside HMRC’s existing Connect system, a powerful data gathering system developed over seven years at a cost of £80 million that can analyze vast amounts of personal and financial data. The Connect system can access credit card transactions, DVLA records, earnings and benefits information, and even web browsing history under certain circumstances.

The Scale of Surveillance

The scope of HMRC’s data collection capabilities is extensive. The system can access activity on online platforms like eBay and Airbnb, DVLA records to check vehicle purchases, earnings from casual employers, company benefits, and can scrape public social media accounts to gather information about lifestyle or evidence of unusually high expenditure.

HMRC simultaneously plans to expand the use of AI into “everyday” tax processes, aiming to close a £7bn tax gap and move toward a more automated, data-driven approach. This expansion raises questions about the future scope of AI surveillance beyond just criminal investigations.

A concerning development is HMRC’s updated privacy policy, which now guarantees “human involvement” rather than “human judgement” in AI-driven decisions. This subtle but critical change suggests that while a human may have the final say, the initial and possibly most influential decision-making will be driven by an algorithm.

Under UK data protection law, HMRC must ensure AI use complies with the UK GDPR and Data Protection Act 2018, and individuals have rights regarding automated decision-making, including the right to request human review. However, the practical implementation of these protections in the context of tax investigations remains unclear.

Oversight and Safeguards

HMRC maintains that AI has “robust safeguards in place and does not replace human decision-making”. The agency states that “Greater use of AI will enable our staff to spend less time on admin and more time helping taxpayers, as well as better target fraud and evasion to bring in more money for public services”.

However, the specific nature of these safeguards and oversight mechanisms remains largely opaque. The agency insists data is handled ethically, complying with UK data protection laws, yet questions linger about consent and the breadth of data collection.

Parliamentary and Expert Concerns

The revelation has prompted alarm among senior MPs and privacy experts. Sir John Hayes, a former security minister, warned against automated processes, stating “the idea that a machine must always be right is what led to the Post Office scandal”. Bob Blackman MP described potential legal action based on AI findings as “draconian” and “very challenging”.

MPs have raised alarms about “Horizon-type” errors—referencing the infamous Post Office scandal where faulty software ruined lives. This concern highlights the potential for algorithmic bias and false positives in automated surveillance systems.

The Broader Context: UK Government Social Media Surveillance

HMRC’s AI surveillance is part of a broader pattern of UK government social media monitoring. Previous investigations have revealed that UK government units are exploiting ready access to public social media posts to carry out targeted surveillance of individuals when there is no suggestion that the latter are involved in illegal activities.

This surveillance has included monitoring the expression of high-profile figures, including democratically elected politicians, journalists and human rights campaigners, on discussions regarding public policy.

Privacy Implications and Data Protection Concerns

The use of AI for social media surveillance raises several critical privacy concerns:

Scope Creep

The expansion of AI into “everyday” tax processes suggests the technology may not remain limited to criminal investigations. This raises concerns about mission creep and the normalization of surveillance.

Data Minimization

The principle of data minimization under GDPR requires that personal data collection be limited to what is necessary. The broad sweep of social media monitoring may violate this principle by collecting information beyond what is strictly necessary for tax enforcement.

Questions linger about consent and the breadth of data collection. Most social media users are unlikely to be aware that their posts are being systematically monitored by tax authorities.

Algorithmic Bias

AI systems can perpetuate and amplify existing biases, potentially leading to discriminatory enforcement practices. The lack of transparency about HMRC’s algorithms makes it difficult to assess whether such biases exist.

International Context: The US IRS Parallel

The UK’s HMRC surveillance practices mirror concerning developments across the Atlantic. The US Internal Revenue Service (IRS) has implemented its own extensive AI surveillance program, raising similar privacy concerns and sparking congressional investigations.

The IRS’s $99 Million AI Investment

In September 2018, the IRS signed a seven-year, $99 million deal with Palantir Technologies for AI and machine learning capabilities, with early announcements signaling that AI could be used to monitor social media accounts. The project uses machine learning algorithms and artificial intelligence to examine and analyze filed tax returns, bank reports, property records and social media posts.

The “87,000 Agent” Controversy

The IRS expansion became a flashpoint in US politics when the Inflation Reduction Act included roughly $79-80 billion for the IRS over 10 years, with claims that this would fund “87,000 new IRS agents”. While most of those hires would not be Internal Revenue agents and wouldn’t be new positions, the expansion has enabled significant investment in AI surveillance capabilities.

The IRS announced a “sweeping, historic effort” using AI to help “compliance teams better detect tax cheating, identify emerging compliance threats and improve case selection tools”. Beginning in 2024, the IRS plans to use a new AI model to help identify taxpayers for audit that are more likely to owe additional taxes.

Congressional Investigations and Surveillance Concerns

In September 2024, House Republicans opened an inquiry into the IRS’s use of AI to surveil Americans’ financial information, expressing concern that the IRS and Department of Justice are “actively monitoring millions of Americans’ private transactions, bank accounts, and related financial information—without any legal process—using an AI-powered system”.

Particularly concerning was video footage that appeared to capture an IRS official admitting that the IRS has ‘a new system’ that uses AI to target ‘potential abusers’ by examining all returns, bank statements, and related financial information, with the ability to access and monitor ‘all the information from all the companies in the world’.

Algorithmic Bias and Civil Rights Concerns

The IRS’s AI implementation has faced criticism for perpetuating bias. A study conducted with support from the U.S. Treasury Department using IRS data found that Black taxpayers were selected for audits at significantly higher rates than other taxpayers. This highlights the risk of algorithmic discrimination in automated tax enforcement systems.

Similarities with HMRC Approach

The parallels between the IRS and HMRC AI surveillance programs are striking:

  • Social Media Monitoring: Both agencies monitor social media posts for lifestyle inconsistencies with declared income- Comprehensive Data Analysis: Both systems combine tax returns, bank records, property data, and social media information- Criminal Investigation Focus: Both agencies claim surveillance is primarily for criminal cases- Lack of Transparency: Neither agency provides detailed information about oversight mechanisms or algorithmic decision-making processes

European Regulatory Framework

The UK’s approach contrasts with the EU’s more comprehensive AI regulation framework. The EU AI Act, which became effective in August 2025, sets out risk-based rules for AI developers and deployers, including transparency and copyright-related rules.

The UK is considering its own AI regulation bill, which could establish an AI Authority similar to the EU AI Office, but the UK government remains committed to a pro-innovation approach to AI regulation, favoring a sector-specific and principles-based approach.

Implications for Individuals and Businesses

The revelation that HMRC monitors social media has immediate practical implications:

Digital Footprint Awareness

Accountants may need to proactively educate clients on the tax implications of their public online presence, as a client’s social media post about a new car or expensive holiday could trigger a “red flag” if their declared income doesn’t seem to support such a purchase.

Professional Responsibilities

For accountants, this development introduces a new layer of due diligence, as advising clients now extends beyond traditional financial records to include an awareness of their digital footprint.

Chilling Effects

Posts on social media reflect widespread sentiment where users decry the practice as “1984-style surveillance,” warning of a slippery slope toward broader government spying. This could lead to self-censorship and reduced social media engagement.

Looking Forward: The Need for Greater Transparency

While HMRC’s use of AI for criminal tax investigations may serve legitimate law enforcement purposes, the lack of transparency around oversight mechanisms and safeguards is concerning. Several key questions remain unanswered:

  1. **What specific safeguards prevent abuse of the surveillance system?**2. **How are algorithmic decisions reviewed and challenged?**3. **What data retention and deletion policies govern social media information?**4. **How is the system audited for bias and accuracy?**5. What notification rights do individuals have when they are subject to AI surveillance?

Recommendations for Stronger Privacy Protection

To address these concerns, several measures should be considered:

Legislative Reform

Parliament should establish clear statutory limits on government use of AI for surveillance, with specific provisions for social media monitoring that ensure proportionality and necessity.

Transparency Requirements

HMRC should publish detailed information about its AI systems, including their capabilities, limitations, accuracy rates, and oversight mechanisms.

Independent Oversight

An independent body should be established to audit government AI surveillance systems and investigate complaints about algorithmic bias or errors.

Enhanced Individual Rights

Individuals should have clear rights to know when they are subject to AI surveillance, to challenge algorithmic decisions, and to seek redress for errors.

🎧 Related Podcast Episode

Conclusion

HMRC’s revelation that it uses AI to monitor social media posts for criminal tax investigations has sparked a heated debate on data privacy, the potential for automated errors, and the chilling effect of digital surveillance on a scale unseen before.

While the use of AI to combat tax evasion may be efficient and cost-effective, it raises fundamental questions about the balance between law enforcement efficiency and privacy rights. As one tax advisor noted, “The line between vigilance and violation is thinner than ever”.

The challenge moving forward is ensuring that technological capabilities are balanced with robust safeguards, transparency, and accountability. Without these protections, the risk is not just privacy violations, but also the erosion of public trust in both tax authorities and digital platforms.

As AI surveillance becomes more prevalent across government agencies, the HMRC case serves as a critical test of whether the UK can develop effective governance frameworks that protect individual rights while enabling legitimate law enforcement activities. The outcome will likely influence how other government agencies deploy AI surveillance technologies and shape the broader debate about algorithmic accountability in public administration.

This article is based on publicly available information as of August 2025. Privacy laws and government surveillance practices continue to evolve, and readers should seek current legal advice for specific situations.