Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Document 52023XX0328(01)

Summary of the Opinion of the European Data Protection Supervisor on the package of legislative proposals on VAT in the Digital Age 2023/C 113/11 (The full text of this Opinion can be found in English, French and German on the EDPS website https://edps.europa.eu)

OJ C 113, 28.3.2023, pp. 26–28 (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

28.3.2023   

EN

Official Journal of the European Union

C 113/26

Summary of the Opinion of the European Data Protection Supervisor on the package of legislative proposals on VAT in the Digital Age

(2023/C 113/11)

(The full text of this Opinion can be found in English, French and German on the EDPS website https://edps.europa.eu)

On 8 December 2022, the European Commission issued the package of legislative proposals on VAT in the Digital Age that consists of: a proposal for a Council Directive amending Directive 2006/112/EC as regards VAT rules for the digital age (1); a proposal for a Council Regulation amending Regulation (EU) No 904/2010 as regards the VAT administrative cooperation arrangements needed for the digital age (2); and a proposal for a Council Implementing Regulation amending Implementing Regulation (EU) No 282/2011 as regards information requirements for certain VAT schemes (3).

The EDPS welcomes the objectives pursued by the VAT in the Digital Age package, notably the modernisation of VAT reporting obligations, the adaptation of VAT rules applicable to platform economy and the introduction of Single VAT Registration. Having regard to the new rules on digital reporting envisaged by the proposal for a Council Directive, the EDPS recalls that any processing of personal data must fully comply with the GDPR (4) and the EUDPR (5), including the principles of purpose limitation and data minimisation. To ensure compliance with the principle of purpose limitation, the EDPS recommends explicitly specifying in the enacting terms of the proposal that the information collected may only be processed for the purpose of fighting VAT fraud by the competent tax administration.

Information contained in invoices may reveal sensitive information concerning specific natural persons, such as information concerning purchased goods (including intimate products), travel arrangements or legal services. The EDPS welcomes that the information to be provided to the tax administration under the digital reporting requirements are an extract (a specified subset) of the information from the invoice and not the whole invoice as such. This is a key safeguard to ensure compliance with the principle of data minimisation under Article 5(1)(c) of the GDPR and Article 4(1)(c) of the EUDPR and to reduce the impact of the processing of personal data on the rights and freedoms of the data subjects. In this regard, the EDPS welcomes that the proposal for a Council Directive excludes the name and address of the customer and the taxable person from the information to be transmitted.

The EDPS also welcomes that the proposal for a Council Regulation explicitly designates the roles of the Member States and Commission under EU data protection law. At the same time, the EDPS recalls that the designation must be aligned with the responsibilities assigned to each actor. Moreover, any further specification of the responsibilities of the Member States and the Commission by way of implementing acts must be fully in line with the roles established by the legislative act.

Finally, the EDPS highlights that the safeguards laid down under Chapter XV of Council Regulation (EU) No 904/2010 (6) (Conditions governing the exchange of information) should remain applicable to the processing of personal data laid down in the proposal for a Council Regulation.

1.   INTRODUCTION

1.

 On 8 December 2022, the European Commission (‘Commission’) issued a proposal for a Council Directive amending Directive 2006/112/EC as regards VAT rules for the digital age (‘the proposal for a Council Directive’); a proposal for a Council Regulation amending Regulation (EU) No 904/2010 as regards the VAT administrative cooperation arrangements needed for the digital age (‘the proposal for a Council Regulation’); a proposal for a Council Implementing Regulation amending Implementing Regulation (EU) No 282/2011 as regards information requirements for certain VAT schemes (‘the proposal for a Council Implementing Regulation’). In the context of this Opinion, we refer to the three legislative proposals as the ‘VAT in the Digital Age package’.

2.

 The VAT in the Digital Age package is part of the Commission’s 2020 Action Plan for fair and simple taxation supporting the recovery (7). It has three main objectives (8):

1)

modernising VAT reporting obligations, by introducing Digital Reporting Requirements, which will standardise the information that needs to be submitted by taxable persons on each transaction to the tax authorities in an electronic format and, at the same time, it will impose the use of e-invoicing for cross-border transactions;

2)

updating the VAT rules applicable to the platform economy, in particular by enhancing the role of the platforms in the collection of VAT;

3)

avoiding the need for multiple VAT registrations in the EU and improving the functioning of the tool implemented to declare and pay the VAT due on distance sales of goods, by introducing Single VAT Registration (SVR), improving and expanding the existing systems of One-Stop Shop (OSS)/Import One-Stop Shop (IOSS) and reverse charge in order to minimise the instances for which a taxable person is required to register in another Member State.

3.

 In addition, the proposal for a Council Regulation introduces a set of amendments to Regulation (EU) 904/2010, establishing among others a new central system at EU level for the exchange of VAT information between Member States’ tax administrations that is adapted to the specificities of Digital Reporting Requirements (‘central VIES system’) (9).

4.

 The present Opinion of the EDPS is issued in response to a consultation by the European Commission of 10 January 2023, pursuant to Article 42(1) of EUDPR. The EDPS welcomes the reference to this consultation in recital 25 of the proposal for a Council Regulation. A reference to this consultation is however absent in the recitals of the proposal for a Council Directive and in the recitals of the proposal for a Council Implementing Regulation. The EDPS therefore recommends inserting a reference to this consultation in both proposals.

4.   CONCLUSIONS

28.

 In light of the above, the EDPS makes the following recommendations:

with regard to the proposal for a Council Directive:

(1)

to add a recital recalling that the proposal ensures full respect for the fundamental rights to privacy and to the protection of personal data, as well as the applicability of GDPR and the EUDPR to the processing of personal data in the context of the proposal;

(2)

to explicitly specify in the enacting terms of the proposal that the information collected may only be processed for the purpose of fighting VAT fraud by the competent tax administration;

with regard to the proposal for a Council Regulation:

(3)

to delete in recital 24 the words ‘seeks to’ in order to indicate clearly that this Regulation ‘ensures’ full respect for the right of protection of personal data laid down in Article 8 of the Charter and to explicitly recall the applicability of GDPR and the EUDPR to the processing of personal data in the context of the proposal.

Brussels, 3 March 2023.

Wojciech Rafał WIEWIÓROWSKI

(1)  COM(2022) 701 final.

(2)  COM(2022) 703 final.

(3)  COM(2022) 704 final.

(4)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

(5)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

(6)  Council Regulation (EU) No 904/2010 of 7 October 2010 on administrative cooperation and combating fraud in the field of value added tax (OJ L 268, 12.10.2010, p. 1).

(7)  COM(2022) 701 final, p 1.

(8)  COM(2022) 701 final, p. 2.

(9)  COM(2022) 703 final, p. 3.

Top