joepie91's Ramblings

home RSS

The EU may have just banned the anonymous sale of online goods and services

13 Jan 2015

Well, not exactly a cheerful topic for my first post of 2015, but it has to be said.

The EU has introduced new VAT (Value Added Tax) legislation that is supposedly meant to prevent companies like Amazon from 'reducing their tax burden'.

Roughly summarized, the change of legislation means that VAT is now calculated based on the country of residence of the buyer, rather than that of the seller. Which sounds like a great idea, until you look at the way it's implemented.

I've just finished reading the official proposal for these changes, and as far as I can tell - the proposal does not actually define 'electronic service' anywhere like it claimed it would - these changes basically mean that it is no longer legally possible to, as a company, sell (online) goods or services to an anonymous customer.

Again, due to the lack of definition for 'electronic service' it is unclear whether this also entails physical goods that are bought over the internet.

The proposal lists nine options for establishing the country of residence, of which a minimum of two are required. I have quoted the list below, highlighting the options that are relevant to online sales.

(a) customer details such as the billing address of the customer;

(b) the Internet Protocol (IP) address of the device used by the customer or any method of geolocation;

(c) bank details such as the place where the bank account used for payment is and the billing address of the customer held by that bank;

(d) the Mobile Country Code (MCC) of the International Mobile Subscriber Identity (IMSI) stored on the Subscriber Identity Module (SIM) card used by the customer;

(e) the location of the residential fixed land line through which the service is supplied to the customer;

(f) in relation to a customer who is selling goods via the Internet or similar electronic network, the place where the transport or dispatch of the goods sold by that customer initially begins;

(g) in relation to a customer who is buying goods via the Internet or similar electronic network, the place where the transport or dispatch of the goods bought by that customer finally ends;

(h) registration details of the means of transport hired by the customer, if registration of that means of transport is required at the place where it is used, and other similar information;

(i) other commercially relevant information obtained by the supplier.

As you can see, practically every relevant item in the list would expose the identity of the customer, and businesses are required to collect this information "for VAT purposes".

The only thing that could potentially be spoofed is the IP address, and even there it is not unreasonable to assume that the tax office will complain about business who do not block known proxies or Tor relays.

While other forms of proof may also be admissible, it is very likely that they will be held to a similar standard of identity verification.

According to a well-known Dutch (IT) lawyer, Arnoud Engelfriet, this information is supposed to be kept for 10 years and accessible to any foreign tax office. While the proposal does list individual privacy as a consideration, this is not expanded upon in the rest of the proposal.

The consequences will be especially dire for businesses (and their customers) that use micropayments or cryptocurrencies like Bitcoin. Effectively, the only way to still serve your anonymous customers, is through tax evasion.

While I'm not a lawyer, I have read through the proposal a few times now, and I really see no other interpretation of it than the above. Whether this side-effect of banning anonymous sales was an oversight or intentional... I'll leave that as an exercise to the reader.