EU Tax Man Cometh for Apple

The EU tax man is catching up with Apple. On Friday Apple put $1.76 billion into a tax escrow to comply with the 2016 EU order that Ireland reclaim back taxes  from Apple. Two years ago the EU Commission ruled that Ireland’s tax arrangements with Apple amounted to state aid, violating EU competition law.  While Apple and Dublin are challenging the ruling, they were forced to establish and start funding an escrow account for the $16 billion in back taxes and interest.

Over the years many EU countries — prominently Ireland, the Netherlands and Luxembourg  — have encouraged US companies to set up offshoots in their countries with very favorable tax incentives.  In Europe, these tax schemes were dubbed “double Irish” or “Dutch sandwich” in the 1980s. The tax strategies were a way for some EU countries to grow their economies and employment ranks with local big foreign brand operations. Today, Apple employs around 5,000 people in its Cork facility.

Under similar EU rulings Starbucks paid back taxes to the Netherlands, while Amazon and Fiat paid Luxembourg tax authorities.

In recent years, Margrethe Vestager, EU Competition Commissioner, has stepped up investigations of behemoth US tech companies for various competition transgressions.  EU countries who now rely on US and other international companies for significant employment and tax revenues worry about the ramifications of the zealous commissioner. Other EU nations applaud the actions they see as long overdue.Margrethe Vestager

Ready for New EU Data Protection?

I recently did a Guest Blog for AccessData on the sweeping new changes to the European Union data protection regulations. An end to a patchwork of national laws, bigger fines, faster breach notice and the “right to be forgotten” are just a few of the many changes businesses selling in Europe will want to know about.  Be sure to check out the practical tips on how to get ready for 2018 when the new regulations go live.

Safe Harbor Chess Game Heats Up.

It is fascinating to watch this chess game unfold, with knights, bishops, kings and queens making their moves. The sudden October abolishment of the Safe Harbor framework for data flows – moving personal information like payroll data, user information and marketing data from the EU to the US — literally threw out the rules of the game.  For over fifteen years, US companies have been able to self-certify, under the Commerce Department Safe Harbor program, that their data protection protocols satisfy EU laws.

That all came to an end when the European Court of Justice invalidated Safe Harbor in a case still underway calling for a halt to Facebook’s transfer of EU user information from its Irish subsidiary to Facebook US. The high court essentially agreed with complainant Max Schrems, that the Snowden revelations demonstrate that European’s private data is not safe from the prying eyes of US intelligence agencies. The ruling ricocheted simmering EU-US privacy and security policy discussions to center stage.

EU Data Protection Gets Hot.
Europeans have some of the most advanced protections for personal data, currently being updated in a massive EU modernizing effort. Keeping personal data private is a fundamental right of every person, according to the EU Charter of Fundamental Rights. This right has emotional roots in the transgressions of European totalitarian regimes and their secret police activities.  Leaders in Germany and France were livid when they learned from the Snowden documents that US intelligence was likely tapping their personal cell phones.  Over the last few years, things have heated up in EU data protection authorities’ investigations of Facebook  and Google over privacy violations.  This is especially true in privacy-sensitive Germany, where the DPA announced immediate investigations of former Safe Harbor companies such as the internet behemoths.

An EU Move: New Safe Harbor Rests in US Hands.  
On the eve of continued Safe Harbor 2.0 negotiations in Washington DC this week, the European Commission shared its official views and guidance for US companies after the momentous high court ruling. They also made their negotiating position very clear: any new agreement must uphold the court’s ruling, “… notably as regards limitations and safeguards on access to personal data by U.S. public authorities.”

Late last week, Vĕra Jourová, the European Commissioner for Justice and Consumers and lead Safe Harbor negotiator, said she expects the U.S. to show clear conditions and limits on US intelligence access to European private data. The Commission also indicated that a solution is urgently needed, but expects negotiations to take three months – a target set earlier by the pan-EU data protection authorities group, known as the Article 29 Working Party.

Is this soon enough?  US Secretary of Commerce, Penny Pritzker tweeted on November 9th: “Safe Harbor and cross-border data flows are vital for American business. I heard a sense urgency on resolving this at #Techonomy15”. Tech company trade associations encourage policy makers to arrive at a bullet proof agreement sooner than 3 months. Many guess that more US surveillance reforms to narrow intelligence gathering, and passage of the redress rights bill giving European citizens access to US courts for privacy violations, are part of the equation to restore trust and move forward.  Things like this take time.  Meanwhile US companies spend time and money trying to figuring out how to stay inside the lines.

More Chess to Come.
No doubt we will see some master chess moves over the next few months.  Let’s hope so – keeping the digital economy vibrant while modernizing global privacy and security policy is no easy game to play.