The cloud, e-commerce, and the EU legal patchwork The potential for cloud services and their impact on how data can be utilised is huge, but a concern remains that the possibilities these services enable are inhibited by the patchwork of EU legislation that relates to e-services. Peter Howitt, Solicitor at Ramparts Law, examines this concern and suggests solutions at an EU level to help enable the full potential not only of the cloud but of e-commerce services in general. Cloud technologies ('cloud') are the latest evolution in the story of the internet revolution, quickening the changing ways in which people interact in an increasingly electronically symbiotic world. The cloud reflects an earlier form of computing architecture involving a powerful mainframe and relatively dumb terminals (one must try hard not to be fooled by our new devices with their lovely colours, touch-sensitive glass and glorious heft). Whereas the PC represented a grand delusion of personal computing power, an ever-increasing diversity of devices and the need to maintain a semblance of sense between you and these devices has latterly resulted in device agnostic webbased application architecture1. In addition, the inherent difference in available computing capacity between centralised servers and mobile and personal computer devices means that cloud technologies are able to more fully capitalise on Moore's law of exponential growth in computational processing power2. Economically, cloud technologies allow companies like Google, Microsoft, Amazon and Apple to aggregate and monetise data related to individual creativity and consumption, relationships,
locations and communications in a way that has not previously been technically possible. Interestingly, so far there appears to be relatively little consumer backlash to this accumulation of information power in the grasp of a handful of entities3. Whatever the particular set-up for the current cloud architectures, they all have in common the ability to process, slice and recombine a huge quantity and variety of data in different ways in and from multiple locations and devices. However, the data must ultimately condense in a meaningful way for both the end user/producer and the organisations that control the architecture and data. Existing jurisprudence and legislation has not been sufficiently developed for the modularity and mobility afforded by the cloud and the increased globalisation of other capital and resources. The European Union is looking at the broader issue of cloud technologies on a number of fronts, including with respect to the need to ensure that European data protection law remains effective in protecting individual rights whilst also being (hopefully) practically workable and commercially sensible. In July 2012 the EU Data Protection Working Party adopted Opinion 05/2012 WP 196 on cloud computing and the processing of personal data in the cloud. In addition, the recent strongly worded letter by the EU Data Protection Working Party to Larry Page shows that, irrespective of the relevant technical structures used, the unprecedented scale of the value and power of ecommerce and cloud technologies is not being lost on the regulatory authorities. Within Europe, there is no legislation directly applicable to the cloud. However, the main legislation directly applicable to the
regulation of the provision of eservices is the E-Commerce Directive 2000/31/CE ('ECD'). This Directive provides that, inter alia, European e-commerce businesses should not be subject to additional authorisation or regulatory requirements outside of the laws of the country in which they are established ('Home State') i.e. they should not be unnecessarily restricted when providing eservices from a Home State to any other territories ('Host States'). Despite the ECD's wellintentioned efforts to make it simpler and easier for e-commerce businesses to carry out business across European borders, the fact is that the Directive appears to have had little appreciable effect on the growth of the European digital economy4. In my experience the lack of a more holistic regulatory approach means that exercising commercial rights to provide services remotely within Europe (on a Home State basis alone) is simply not possible - businesses always need to conduct a detailed country by country conduct of business study due to the fragmented laws relevant to eservices5. Use of the cloud also gives rise to significant issues for tax authorities. The tax philosophies, rules and percentages applicable to corporate profits and value added services differ significantly across Europe. The effect of the patchwork European tax framework is that the rules differ between EEA operators and non-EEA operators, between operators established or using equipment or services in different Member States and also depending on whether the cloud services are deemed supplies of software or the leasing of hardware. Despite attempts to simplify and harmonise the treatment and application of VAT within Europe E-Commerce Law & Policy - March 2013
to prevent competitive distortion, the rules relating to VAT for eservices continue to offer competitive advantages for costconscious businesses. One measure within the European e-service VAT regime that could be improved and extended across a wider range of laws is use of the European onestop shop approach. This allows operators outside of the EEA to choose one Member State in which to register for the return of VAT receipts for all taxable supplies made to European customers. With suitable modification one could envisage a wider scheme whereby e-commerce companies outside of Europe could register in a chosen Member State and meet their legal requirements for all European supplies for any areas of law that are subject to minimum framework European laws (see further below). Careful use of contracts and cloud technologies to offer eservices to customers across borders has the interesting effect that, depending on the interaction of various local and European laws, you might have (or might be able to structure your business and services such that there is): ! a/no place of establishment for data protection purposes; ! a/no place of permanent establishment for corporate taxation purposes; ! a/no place of supply and fixed establishment for VAT purposes; ! some/no licensable or authorised activities (e.g., for financial services or gaming licensing purposes). Whilst this difference in applicable laws creates good work for advisors and opportunities for e-commerce savvy clients, there is significant capacity to further simplify the applicable laws and procedures for doing business across European borders on a E-Commerce Law & Policy - March 2013
One measure within the European eservice VAT regime that could be improved and extended across a wider range of laws is use of the European one-stop shop approach.
Home State basis. Simplification would be particularly helpful for European e-commerce entrepreneurs and start-ups (who already face significant capitalraising, cultural and language barriers within Europe) and would also foster increased trade, efficiencies and legal compliance for those companies doing business with Europeans. For example, consideration should be given to enabling e-commerce businesses established within Europe to fully rely upon compliance with their Home State laws, at least in all areas in which there is European Community framework legislation that sets minimum standards (e.g. consumer protection, data protection, anti-money laundering, VAT). This would have the commercially sobering effect that Member States who chose to go further than these already detailed minimum requirements would need to consider much more carefully the economic impact of such gold-plating. In the ongoing European legislative policy reviews of ecommerce, the danger is that European lawmakers will not achieve their purpose of encouraging the flourishing ecommerce sector within the context of ensuring the proper protection of their people's commercial and civil liberties. The objectives are achievable if a dialogue with the right crosssection of stakeholders is undertaken and if greater reliance is placed on the principle of jurisdictional and legal equivalence within Europe. It is clear that in many respects the existing laws are simply not fit for the brave new world. Given the relative novelty and essentially borderless nature of the internet, ecommerce may represent the best opportunity for Europe6 and its
Member States to move beyond their historic national differences and capitalise on their diverse cultures. The opportunity is out there in the ether. Peter Howitt Solicitor Ramparts Law firstname.lastname@example.org 1. See, for example, 'How New Internet Standards Will Finally Deliver a Mobile Revolution,' by Ben Korkmaz and Richard Lee, April 2011 (McKinsey Quarterly). 2. "In little more than 20 years, the capabilities of a laptop to process data (or play games) have increased more than a thousand-fold... [in the same period] the world's most powerful supercomputer [has increased capacity by] some 170,000 times." A Brief Future of Computing by Dr Francis Wray, (c) 2012 The University of Edinburgh. 3. It is interesting that consumers appear to trust remote entities that have no direct democratic relationship (and often little physical presence) with information that they would be loathe to entrust to their own elected representative Governments. 4. A public consultation was conducted between August and November 2011 to analyse the reasons why electronic commerce remains limited to less than 4% of total retail service sales in the EU over 10 years after it started. 5. This is the case even where a maximum harmonisation Directive is implemented to avoid 'gold-plating' during implementation of a European law: as European e-money issuers have found when seeking to rely on their financial services passport across the EEA under the 2nd E-Money Directive. 6. Use of the term 'Europe' still puts me in mind of Ghandi's comment - when he was asked what he thought about Western civilisation, he replied: "It sounds like a good idea."