BRUSSELS, Belgium — Large international Tech corporations like, Apple, Google, Facebook and Spotify who dominate the market, could take the biggest hits as the European Commission may soon warrant a new tax to digital companies’ gross revenues at rates between 1 and 5 percent – based on where their users are located and how much advertising revenue they bring in.
The Commission plans to unveil its “digital tax” proposals this week. This follows a decision by the Trump administration declaring it will impose a 25 per cent tariff on steel and a 10 per cent tariff on aluminium.
“International progress does not give cause for much optimism on either the pace or scope of digital tax reforms we can expect. There has been very little appetite among key global players to find concrete solutions,” said Pierre Moscovici, the EU’s commissioner for tax.
EU officials stressed that Brussels’ tax plan for digital revenues did not solely target US tech groups and said the levy would hit more than 100 companies around the world. The proposal would alter a longstanding consensus to tax companies based on profits by instead targeting revenues in Europe.
“Some of these companies are among the greatest contributors to US job creation and economic growth,” Mr Mnuchin said, adding: “Imposing new and redundant tax burdens would inhibit growth and ultimately harm workers and consumers.”
This comes just before the GDPR is set to go into affect on May 25 which was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.
Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.
The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.