It is twenty years too late for someone to realise that taxes should be paid on transactions based on data. But the real issues are the ownership of (or on) information and the urgency to stop believing in ‘digital’ and ‘cyberspace’ by Andrea Monti – Initially published in Italian by Strategikon – an Italian Tech blog.It is not for its merits – the ‘patrimonial’ nature of data – but for the time that has elapsed since a public authority first decided that personal data could be a way of paying for services that the news of the opening of an investigation by the Milan Prosecutor’s Office into alleged VAT evasion by Meta concerning the use of data in exchange for the benefit of its services is so striking.
Far from being ‘innovative’, the inquiry is lethargically late and the archetype of the failures caused by belief in the ‘digital rights’ and ‘cyberspace’ narratives.
On 17 February 2000, based on an ALCEI report, the Competition and Market Authority, in its decision 8051/00, found that the advertising of an operator (Libero-Infostrada) was misleading. The provider presented a service as “free”, but to use it, the user had to agree to be profiled and to receive personalised advertising. In the parallel proceedings before the Data Protection Agency, the Agency also noted the lack of adequate information provided to the potential customer, who could not fully assess the consequences of choosing to subscribe to the “free” service. The Agency considered that
without prejudice to respect for the will of citizens and consumers to accept the transfer of identification data or data relating to tastes, preferences and interests to obtain certain services free of charge, the persons concerned must be put in a position to express their choice consciously and freely.
More “recently”, the first civil section of the Court of Cassation, in judgment 17278/18, ruled that
the law does not prohibit the exchange of personal data, but it requires that such an exchange be the result of full and in no way coerced consent.
The judgement of 29 March 2021, no. 2631, issued by the Sixth Section of the Council of State, returned to the issue and, without commenting on the merits of the possibility of using personal data as the price of a service, stated that
the capitalisation of personal data, which in the present case takes place unwittingly (in the opinion of the authority, when it accuses a misleading information in the exercise of the practice in question), is the result of the intervention of companies through the provision of data – and the profiling of the user – for commercial purposes.
The inescapable conclusion of the reasoning of the two authorities, the Court of Cassation and the Council of State, is, therefore, that personal data are intangible assets whose economic value can be quantified, for example, in the cost that the user would have incurred if he had to pay for the service in money.
The same conclusion can be reached if we take the mainstream narrative (albeit a bit old-fashioned by now) that ‘data is the new gold’ or ‘data is the new oil’. Gold and oil are not ‘currencies’ but have value, so taxes are paid on transactions involving them. So, for the sake of consistency, there is no reason to argue that personal data should be treated differently.
The impact of this approach, if confirmed, would be disruptive because it would have implications not only for big tech but for all companies in all sectors that have based their marketing strategies on the provision of ‘free’ services in exchange for personal data. The possible infringements, which can be traced back for around ten years, would not only concern VAT evasion but also the accuracy of financial statements, the correct capitalisation of data and even the reliability of accounting records. It is not easy to know the size of the fines, but it would not be surprising if they were astronomical in total.
Only time and some good tax experts will be able to unravel this web, but, curiously, Big Tech’s best defence comes, unwittingly, from the (new) Data Protection Authority.
In 2021, an article appeared on the authority’s website that essentially questioned the approach of the Libero-Infostrada measure, asking whether it was really legal to ‘pay’ for personal data.
A detailed analysis of this reasoning is a matter for a law journal, but – in summary – the authors’ thesis is that since consumers always have the power to revoke consent to processing and the contract with the platform still stands, personal data is not “consideration” for the service. In other words:
– the platform offers a service that, among other things, asks for permission to process your personal data,
– after some time, you, the customer, revoke this permission,
– however, I continue to provide you with the service,
– consenting to processing personal data is, therefore, not a form of ‘payment’.
Instead, the authors argue, one should ask whether granting a right (the right to process personal data) can be a quid pro quo, and they conclude that the answer is no.
This would imply – although it is not explicitly stated in the article – the unlawfulness of the processing and the possibility of sanctioning those who operate in this way, either by ordering the deletion of the data or by the imposition of administrative sanctions and, in theory, even the consideration of the act as a criminal offence.
Such an approach is unacceptable because the user can withdraw at any time (subject to any prior notice stipulated in the contract), for example, in the case of “supply contracts” (energy, telecommunications services, etc.). Similarly, in the case of an online platform, revoking of consent to the processing of personal data may amount to withdrawal. In other words, if the withdrawal of consent to data processing implies the impossibility of further use of the service, the ‘quid pro quo’ nature of personal data is difficult to deny.
The point, however, is not to embark on a legal argument about the supremacy of the law over the economy or the other way around. Law is as arbitrary as you can imagine, so interpretations of the rules are not necessarily consistent or objective. Just think, as is taught in the first year of law school, that a judicial decision facit de albo, nigro – turns white into black.
As I said, there is no objective legal answer to whether (personal) data should or can be considered an intangible economic good and whether transactions involving it are subject to taxation. Unlike the speed of light, which – as Piero Angela used to say – is not decided by raising one’s hand, the law is settled by lifting one’s hand. So even in court, Cassius Clay’s law applies: impossible is nothing, and a judge may rule in Meta’s favour, overturning the prosecutor’s claims.
But it is more interesting to analyse the matter from a cultural and political point of view.
We are faced with yet another example of what it means to have believed, and to continue to believe, that the adjective ‘digital’ or the prefix ‘cyber’ changes the nature of objects, human relations and personal rights.
So, to come back to the point, nothing (would) prevent the public decision-maker from taking a clear position and putting citizens and companies in a place to operate within a (reasonably) clear legal framework. However, governments of all colours have systematically ignored the question of what to do about an industrial model based on the accumulation of data, despite more than twenty years of proclamations about the ‘information society’ and now the ‘digital transition’.
The subject is difficult to understand and complex to manage, so it is understandable that, over time, successive legislators and governments have not gone much beyond declarations of principle or, although animated by a “will to do”, have remained hypnotised by sirens whose song sounded visionary but was, in reality, fatuous and insubstantial.
Meanwhile, fact reality carried on independently, sustained by the obnoxious attitude of not caring what people believe. So while our ‘digital selves’ have ventured into ‘virtual space’, the oxen have bolted from the stable and are now about to cause a stampede that, once started, will be hard to stop.
The solution to the Meta case is unlikely to be purely judicial. If the prosecution’s case is confirmed, consistency would require the opening of tens of thousands of similar proceedings against all those who have built their business models on the capitalisation of personal data, relying on the narrative based on ‘virtual’ and ‘digital’. The impact on the ‘digital transition’ would be enormous, if only in terms of uncertainty for the industry’s economic activities.
It is not (yet) too late for a systemic intervention that addresses the question of the legal nature of (also) personal data in a strategic – i.e. long-term – way, for example, by establishing that it is a common – a public – good whose use, similar to property, can be restricted for socially valuable purposes. Or, on the contrary, the political decision could be taken to establish that personal data are the ‘exclusive property’ of those to whom they refer and that, as such, they can be subjected to economic transactions. Or on the other hand, the legislator’s choice could be an even different, namely the denial of any value to the information.
Such a decision, whatever it may be, would not be subject to review since politics is ultimately free in defining its goals. However, banning using terms like ‘digital rights’ and using words like ‘virtual’ or ‘cyber’ in legislation and regulation would be a good starting point. This would force legislators to keep their feet on the ground and thus avoid creating a fragile hook on which to hang a chain of fanciful delusions which, as the Meta case shows, could sooner or later break with unimaginable but certainly anything but ‘virtual’ consequences.