Opinion of the European Economic and Social Committee on ‘Proposal for a Council Regulation amending Regulation (EU) No 904/2010 as regards measures to strengthen administrative cooperation in order to combat VAT fraud’

(COM(2018) 813 final — 2018/0413 (CNS))

(2019/C 240/07)

Rapporteur: Krister ANDERSSON

Consultation	Council of the European Union, 20.12.2018
Legal basis	Article 113 of the Treaty on the Functioning of the European Union
Plenary Assembly decision	13.12.2018
Section responsible	Economic and Monetary Union and Economic and Social Cohesion
Adopted in section	12.4.2019
Adopted at plenary	15.5.2019
Plenary session No	543
Outcome of vote (for/against/abstentions)	212/2/2

1.   Conclusions and recommendations

1.1.

The EESC supports the Commission’s objective of establishing advanced operational collaboration between tax authorities with regard to VAT fraud in the e-commerce sector based on clear legislative provisions.

1.2.

The EESC recommends that the response of the public authorities to sophisticated forms of VAT fraud continuously improve as regards the effectiveness of enforcement — using appropriate technologies such as, for example, artificial intelligence — and in terms of cooperation between the national authorities involved. Such authorities should work in synergy to guarantee a comprehensive and effective European answer to VAT fraud.

1.3.

At the same time, the EESC notes that — from the consumer side — the proposal will incur new exchanges and processing of VAT-related personal information, regulated by the General Data Protection Regulation (‘GDPR’). The EESC stresses the need to keep derogations and limitations to the GDPR provisions limited and aimed at the strictly defined objective of fighting VAT fraud. As specific exceptions to general and mandatory rules protecting personal data and individual privacy, such derogations should be narrowly and carefully interpreted by law enforcers.

1.4.

In this respect, great attention should be paid to: i) the objective of the data processing, which will have to be possible only in order to fight illegal conduct; ii) the individuals allowed to access the data collected, stored and exchanged, who should be only officials of Eurofisc under specific conditions and for well-known and limited purposes related to the fight against VAT fraud; iii) the subsequent utilisation of data in order to trigger potential investigations and law enforcement activities.

1.5.

All the above-mentioned aspects are formally taken into consideration by the Commission proposal and that is surely a positive feature of the proposal itself. Having said that, the EESC requires that the Commission guarantees, in the future everyday-practice of the system, full and effective implementation of all the safeguards for fundamental freedoms embedded in the proposal, thus striking an appropriate balance between robust enforcement of VAT rules and the necessary protection of individual rights and fundamental freedoms.

2.   Proposal of the Commission and general context

2.1.

The Commission proposal to amend Council Regulation (EU) No 904/2010 lays down rules for Member States to collect in a harmonised way the records made electronically available by payment service providers pursuant to Article 243b of the VAT Directive.

2.2.

The e-commerce sector has witnessed spectacular growth in recent years and consumers can now easily choose between thousands of suppliers, products and brands through their computers or smartphones. However, these opportunities are also exploited by fraudulent businesses to avoid their VAT obligations.

2.3.

The total VAT loss within the Member States on cross-border supplies of goods has been estimated at around EUR 5 billion per year and, more recently, this estimate has been updated to reach an even more remarkable amount ranging from EUR 7 to 10 billion. A strong response on behalf of the public authorities is therefore necessary and should be based on effective collaboration between tax enforcers both within the EU and at international level.

2.4.

In practical terms, the proposal sets up a new central electronic system for collecting, storing and processing payment information and for the further processing of this information by anti-fraud officials in the Member States within Eurofisc, the network for the multilateral exchange of early-warning signals to fight VAT fraud.

2.5.

After a careful and extensive impact assessment analysis, a central European system for the collection and exchange of payment data (‘CESOP’) has been considered by the Commission to be the most effective way to ensure that tax authorities have a complete overview in order to control compliance with VAT rules on e-commerce and to fight VAT fraud. The system will allow Member States to exchange payments information that they store at national level, helping to effectively fight e-commerce VAT fraud.

2.6.

CESOP will be able to: i) aggregate all VAT-relevant payment information transmitted by the Member States per payee; ii) allow the creation of a complete overview of payments received by payees from payers in the EU; iii) recognise any multiple recording of the same payment transaction; iv) clean the information received by the Member States; v) allow Eurofisc liaison officials to crosscheck payment data with VAT information exchanged; vi) retain the information only for the period necessary, for tax authorities, to carry out VAT controls.

2.7.

The storage period of the information in CESOP will be two years and Eurofisc liaison officials will be able to see whether the payments received by a given payee in a given period exceed EUR 10 000 across the Member States. The system would only be accessible to Eurofisc liaison officials from the Member States, and the only purpose for which CESOP would allow enquiries is for investigations into suspected or detected VAT fraud.

2.8.

The Commission will report to the European Parliament and the Council on the functioning of the new administrative cooperation tool every five years.

3.   General and specific comments

3.1.

The EESC supports the Commission’s objective of establishing operative advanced collaboration between tax authorities with regard to VAT fraud in the e-commerce sector based on clear legislative provisions. Fostering mutual administrative assistance between tax authorities will ensure increased financial resources both for the national and the EU budgets, as well as a simplified level playing field for tax-abiding businesses.

3.2.

The growing use of communications technologies by market operators entails the need to constantly update anti-fraud legislation to reflect the various ways in which tax rules and VAT obligations are circumvented. It is therefore crucial that the response of the public authorities to sophisticated forms of VAT fraud continuously improve as regards the effectiveness of enforcement (using appropriate technologies) and in terms of cooperation between the national authorities involved. Such authorities should work in synergy with the support of the Commission to guarantee a comprehensive and effective European answer to VAT fraud pursuant to the subsidiarity principle as established by the Treaties.

3.3.

In this respect, according to the EESC, investing in artificial intelligence in order to detect VAT fraud within the new system under construction might be beneficial and useful in order to make the new system fully operative, provided that the fundamental rights of individuals and specific EU rules, such as the General Data Protection Regulation (GDPR) (1), are fully respected within the new operative scenario, involving the utilisation of new technologies and AI to support the activity of public enforcers.

3.4.

Given the cross-border nature of VAT fraud and the increasing ease (facilitated by technology) with which illegal practices can rapidly be developed — an example is the speed with which money gained from VAT fraud can be moved — closer cooperation needs to be developed not only within the EU, but between authorities worldwide. Measures to fight VAT fraud can only succeed if countries’ tax administrations cooperate more closely in a spirit of mutual trust, which will require the exchange of relevant information to be able to perform their tasks.

3.5.

To this end, the OECD recommends reinforcing international administrative cooperation on VAT or sales tax to address the challenges of collecting VAT from non-resident suppliers, particularly in B2C trade, as duly noted by the impact assessment analysis performed by the Commission.

3.6.

A step forward in this direction is the agreement between the EU and Norway in the field of VAT administrative cooperation (June 2018) that also includes specific instruments for the recovery of VAT claims. The EESC hopes that the EU will further promote international anti-fraud cooperation in order to develop an effective and coordinated response to activities that go beyond States and continental borders, harming both the EU and national budgets.

3.7.

The EESC underlines that, from the consumer side, the proposal will incur new exchanges and processing of VAT-related personal information, regulated by the General Data Protection Regulation (GDPR), recently approved and implemented across Europe, with significant compliance costs for EU businesses.

3.8.

The GDPR gives a wide definition of personal data, including any information on an identified or identifiable natural person, who can be identified directly or indirectly. As a consequence, the payment information covered by the Commission proposal falls under the scope and the principles applicable for the protection of personal data as laid down in the Charter of Fundamental Rights.

3.9.

According to the Commission, ‘taxation is an important objective of general public interest of the Union and of the Member States and this has been recognised in relation to the restrictions that may be imposed on the obligations and rights under Regulation (EU) 2016/679 of the European Parliament and of the Council (2) and in respect of the protection of information under Regulation (EU) 2018/1725 of the European Parliament and of the Council (3). Limitations in relation to data protection rights are necessary due to the nature and volume of that information which originates from payment service providers and should be based on the specific and predefined conditions and details laid down in Articles 243b to 243d of Council Directive 2006/112/EC (4)’.

3.10.

The EESC strongly underlines the need to keep derogations and limitations to the GDPR provisions limited and aimed at the single and strictly defined objective of fighting VAT fraud. As specific exceptions to general and mandatory rules protecting personal data and individual privacy, such derogations should be narrowly and carefully interpreted by law enforcers. In this respect, great attention should be paid to: i) the objective of the data processing, which will have to be possible only in order to fight illegal conduct; ii) the individuals allowed to access the data collected, stored and exchanged, who should be only officials of Eurofisc under specific conditions and for well-known and limited purposes related to the fight against VAT fraud; iii) the subsequent utilisation of data in order to trigger potential investigations and law enforcement activities.

3.11.

All the above-mentioned aspects are formally taken into consideration by the Commission proposal and that is surely a positive feature of the proposal itself. Having said that, the EESC requires that the Commission guarantee, in the future everyday-practice of the system, full and effective implementation of all the guarantees for fundamental freedoms embedded in the proposal, thus striking an appropriate balance between robust enforcement of VAT rules and the necessary safeguarding of individual rights and fundamental freedoms.

3.12.

As to the latter, the EESC requires that the competent national authorities carefully monitor and verify whether the rules limiting the utilisation of data and information within the proposal, as well as the provisions of the GDPR, are fully and concretely complied with. The EESC calls on the Commission — when collecting feedback from Member States which is due to be completed by the end of 2024 — to carefully check — alongside the national authorities in charge of personal data protection and the European Data Protection Supervisor — whether the provisions of the GDPR have been fully complied with and report to the European Parliament and the Council within its planned report on the functioning of the new administrative cooperation tool (Article 59 of Regulation (EU) No 904/2010). Should distortions or wrongdoings be detected, they must of course be immediately prevented and corrected.

3.13.

With regard to the protection of European businesses operating in the e-commerce field, the EESC recommends that the new system be able to effectively safeguard and guarantee trade secrets both in the preliminary monitoring stage of the data collection and analysis and especially in the subsequent (hypothetical) stage of law enforcement. In this respect, the experience accrued by the European Commission in protecting intellectual property and industrial secrets within competition law cases could be useful as a comparative standard.

---

(1)  https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

(2)  General Data Protection Regulation: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

(3)  https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32018R1725&from=EN

(4)  VAT Directive: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32006L0112&from=EN