Author: Paul Verhaeghe

1. The electronic payments Directive covers both personal and business data and offers an explicit legal stand-alone base to impose, on all providers of such services in a Member State, the obligation to organise an office on the territory of that state.

All providers of such services could therefor fall under the scope of the existing definition of Permanent Establishments of Articles 5, § 2 (b) and (c) OECD MC.

The personal data protection Directive offers a non-explicit legal base to require from all entities, which collect personal data from users in a Member State, to organise an office in that Member State.  National law could further justify this obligation under various other safety and prevention requirements combined with the implementation of the personal data protection Directive.

As far as non-personal data obtained through free services was collected in a Member State, that Member State could declare similar provisions applicable since this type of service does not fall under the scope of Article 57 TFUE.  The Member State could motivate such a national legislation with references to the same concerns of safety and prevention.

By defining under national law that all national legal requirements for national based providers of services also apply to the company that collects the income from such services, these national requirements would then generally also lead to a criterion of localisation under OECD rules for Permanent Establishment purposes.

2. Combined together, these non-tax law measures may lead to Permanent Establishments for large portions of the digital economy in the territory of a Member State which at present does not have a Permanent Establishment under existing OCDE criteria.

Falling under the Union law and the national tax law of that Member State, according to to existing tax treaty criteria, is the first condition to effectively address tax distortion of the Internal market by various anti-avoidance measures.

While waiting for more effective measures such as Virtual Permanent Establishments to be adopted and take effect, this strategy may prove effective in reducing existing tax distortion through digital activities.

3. As mentioned in the beginning of this article, new VAT rules on electronic commerce[1] are part of the EU’s ‘digital single market’ strategy of the Council.  This strategy, adopted by the Council on 13^th September[2], has given cause to draft a regulation for the free flow of non-personal data in the European Union, adopted by the Council on 17^th December 2017.  This draft was made public by the Council on 20^th December 2017[3].

This draft of regulation on non-personal data is currently under discussion in the European Parliament and prohibits Member States to impose any kind of physical presence on the provider of electronic services that don’t relate to personal data under the Data Protection Union law.

Consequently, this draft of Regulation allows a free choice of where serves are located within the territory of the European Union. The only exception under the present Article 4, relates to public security.

4. A debatable question is if the freedom of localisation of servers in the European Union, granted under this draft text, needs to include terminals who can grant full access to these servers.

That would prohibit Member States who seek effective taxation of digital profits originated in their territory, to impose a physical presence of a server or a terminal for other reasons than public security.

Such other reasons may be : consumer protection ; fake news ; criminal investigations, tax investigations ..

Attempts of Member States to bypass unwillingness on both European and international levels in creating timely tools of effective taxation in the digitally shifting economy could thus, to a certain extent, be rendered ineffective with regard to non-personal data.

There is also the linked question of ‘mixed’ data which is partially non-personal and partially personal. Who will control and qualify the content of alleged non-personal data? Which directive is then to receive priority?

5. The author therefor finds it more prudent, for the purpose of taxing digital activities and discussions over permanent establishments which will inevitably occur, that under Article 4 of the draft Regulation on the Digital Single Market the same criteria should be considered as under the Union law as was discussed above :

a) Directive 2006/123 of 12^th December 2006 on services in the Internal Market ; article 2 (3) excludes the field of taxation of its scope.
b) Directive 2000/31 of 8^th June 2000 on electronic commerce under Article 1 (5).
c) Article 3(4) a of the Directive 2000/31 of 8^th June 2000 on electronic commerce : protection of consumers, including investors, public policy (criminal, racism, personal insults (fake news)), public health and public security ?

Only the last reason is included under Article 4 of the draft of Regulation on the Digital Single Market.

These larger exceptions would still have to be proportionate: mainframes and other heavy installations could still be placed at the location of the provider’s discretion.  But Member States could then require from that provider, in accordance with the larger exceptions, a physical access point on their territory to that stored data.  Such a point could consist of an office that can offer assistance in the national language and the national procedures in accessing the servers through a terminal located in that office.

6. Consequently, in accordance to the ongoing efforts of the Commission that relate to addressing disinformation and fake news, national access points or storage for all kinds of data, may prove necessary. Isn’t the user the first in line who must be capacitated to check the stored data which relates to him? How to capacitate him better then by organising his right to check this information in an office in his country, assisted by the provider, in his own national language?

Why does non-personal data remain unchecked by Member States for other reasons than public security?  What makes it different from personal data for those other reasons?  Because it is considered business related content?

Why should information, spread by a professional website or mails in the territory of a Member State, be less harmful than content in personal mails?

Hopefully a serious debate will be held in the European Parliament regarding the question if those other reasons aren’t legitimate enough to allow Member States to use their right to require a direct liaison in their territory for data control purpose.  This liaison does not necessarily require a server, but the minimal requirement of the presence of a terminal which grants full access, seems logic.  Such monitoring can only be effective by enforcing that a server is located or is made accessible to the national authorities through a terminal in an office of the provider on the territory of the Member State.

Following the German legislation which requests Facebook to monitor information exchange and eradicate fake news / terror etc., this will in due time result in over a 1000 people who will be employed by Facebook in Germany in order to comply to this policy alone.

7. The issue of taxing digital activities and the power to do so under existing tax treaties will certainly give cause for major discussions both in and outside the European Union in 2018.

Inside the European Union Member States who at the moment tax digital activities or are considering to tax digital activities, would do well to closely follow up new European law on the Digital Single Market if they still wish to be able to effectively tax digital activities on their territory in the near future.

[1] http://www.consilium.europa.eu/en/press/press-releases/2017/12/05/vat-on-electronic-commerce-new-rules-adopted/
[2] http://data.consilium.europa.eu/doc/document/ST-12202-2017-INIT/en/pdf
[3] http://www.consilium.europa.eu/nl/press/press-releases/2017/12/20/removing-barriers-to-free-flow-of-data-council-agrees-its-position/