can prove that such taxation is not in line with applicable national or EU law .
c . B2C : Change of VAT regime in January 2015 Since January 1 , 2015 the place of supply of electronically supplied services to private individuals is the place where that person is established and has his permanent address or where that person usually resides . Therefore remote gaming can be subject to VAT unless gambling is exempted from VAT like in many EU states . But countries like Ireland or Germany have not or not completely exempted remote gambling activities from VAT . As a consequence operators are obliged to file VAT either via national tax authorities or the MOSS system . Due to the fact that this change still is rather new a number of details still have not been clarified or decided by competent courts ( including the question whether sports bets or live casinos are qualified as electronic services ). As stated above the management of an operator is well advised to seek expert advice and to establish sufficient documentation confirming its view .
d . B2B : Taxation of Cross Border Transactions with Providers Each party of a cross border transaction first of all is taxable at the place of this party ’ s place of residence . However , cross border transactions may also be subject to limited taxation in the state of the contractual partner . This particularly applies to license fees in license agreements where a licensee may be obligated to pay withholding taxes to national tax authorities . In case of applicable agreements for the avoidance of double taxation it will have to be assessed whether and to what extent taxes under national tax law are excluded or limited ( as set forth in Art . 12 of the OECD Model Tax Convention on income and on Capital ). The availability of applicable double taxation agreements may have influence on the choice of preferable service providers or the place of business .
e . International Tax Law – Transfer Pricing – Dealing at Arm ’ s Length In many cases the operation of a gambling website is the result of a collaboration of different group companies . Generally speaking international contractual agreements between affiliated companies should be concluded tax-wise in accordance with the dealing at arm ’ s length principle . Transfer prices should be based on an analysis of pricing in comparable transactions between unrelated parties . The appropriateness of transfer prices should be laid down in a respective documentation . Further details will be found in national transfer pricing regulations .
In general , it will have to be considered that there is a tendency on an international level to combat tax avoidance strategies or aggressive tax practices with a focus on the digital economy ( like the OECD measures against base erosion and profit shifting BEPS ).
f . Liability for Taxes , Enforcement of Tax Duties Depending on additional requirements under applicable national law non-compliance with tax obligations may result in liability of an operator , its management or even involved contractual parties . Different from some other obligations under national law the enforcement of taxes on an international basis is covered by international agreements . Cooperation between tax authorities is well established within Europe . Moreover , tax liabilities may be subject to long limitation periods . Therefore , compliance with applicable tax provisions is crucial to all involved parties of a gaming operation as well as their management .
3 . Data Protection The provision of gambling services involves the processing of personal data . When gambling online , individuals regularly disclose personal information such as their names , telephone numbers , birth date and address . Furthermore gambling activities of customers including IP addresses are stored and result in detailed profiles . Where third parties are appointed for the provision of specific services ( e . g . customer support , call centres , payment providers , risk assessment ) they need to access customers personal data .
a . General Principle Traditionally , the guiding principle of European data protection law sets forth that processing of personal data generally is prohibited unless it is permitted by a binding legal provision or the person whose data are processed has consented to such processing . As a consequence the transfer of personal data to third parties including data processors is only permitted if the person whose data are processed has consented to such transfer or if such transfer is obligatory for the performance of contractual obligations .
b . The new General Data Protection Regulation The Directive 95 / 46 / EC established a regulatory framework which seeks to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data with the European Union . EU member states were obliged to implement the Directive into national law . Therefore data protection law within the EU has been harmonised although there were differences in the interpretation and implementation of the Directive .
On April 27 , 2016 the new General Data Protection Regulation ( GDPR ) has been adopted . It will enter into force on May 25 , 2018 . Different from the old Directive it does not require an implementation into national law . It constitutes the future framework for the processing of personal data . It comprises well known and new principles including the requirement of the consent of the data subject ( Art . 6 ), the right to erasure ( Art . 17 ), data portability ( Art . 18 ), privacy by design ( Art . 25 ), the obligation to notify data breaches ( Art . 31 ), data processing by processors ( Art . 28 ) and appointment of a data protection officer ( Art . 37 ).
One decisive change , however , is the option to impose penalties in case of infringements of the GDPR . Art . 83 sets forth administrative fines of up to 20.000.000 € or up to 4 % of the total worldwide annual turnover of the preceding financial year , whichever is higher .
In the past data protection law for many operators and their contractual partners has been unpopular and has not been considered intensively . In future such negligence could become expensive . Therefore , operators are well advised to completely reconsider and review their data protection policies . This
European Gaming Lawyer | Autumn Issue | 2016 | 25