Industry Contributor
16 Sep 2019 -
3 min read
Why Australia should heed the French on tech taxes and consumer data
By Isabelle Dunn
- Chief Digital Officer, Hearts & Science
Donald Trump was outraged at France for lumping a 3 per cent tax on revenues generated by the US tech giants, who have proven masterful in their ability to tango with tax obligations. (The Guardian)
Key points
- France has not backed down from its tax on tech giants although it will adopt the OECD’s framework when it is finalised
- France is also behind the largest fine to date under GDPR legislation, hitting Google with a €50m fine for breaching GDPR privacy rules around advertising
The French are often the first to stand their ground on social and economic issues. You may think I am biased, because I am French. Yes, I am a French native, but that’s exactly why I have a unique insight into their unique background and history. And why I believe they are perfectly placed to lead from the front. They were also the first to introduce recently a controversial tax on tech giants like Amazon, Facebook and Google.
With the release of the ACCC final report last month and the rise of GDPR regulations being adopted in Australia, looking at what is happening overseas, especially in the EU, may be a good lens for the future of digital platforms in Australia. What could the impact be on these huge companies and what will it take to reach a sustainable outcome for all parties involved?
The new French digital tax will apply 3 per cent on large tech companies’ local revenues. This is their total sales in France, not the profit they make. It will apply to tech companies with global sales of over €750m, and which make more than €25m a year in France; retroactively applied from January 2019. It is anticipated to raise around €400m this year alone.
US President Trump has ordered an investigation into the tax, clearly upset that most of the companies it targets are from the US. And because it will clearly impact global profits and returns for various stakeholders. But while he may come across as the sulky child, France, by contrast, is like the scolding authoritative parent. Teaching its child what’s right and wrong, while maintaining a sense of control.
If France is the leader, the rest of Europe could soon follow, with Germany and Italy looking to introduce their own versions of the tax. But what are the key things we need to know?
Firstly, it’s important to point out that this is 40 years in the making. Unlike most capitalist countries, France was one of the first to vote for a ‘Computers and Liberty’ law. This involved the creation and funding of an independent control authority.
The French independent data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), was established in 1978. Its mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data. With GDPR coming into force in May 2018, CNIL has taken a lead role in clarifying what it means for businesses, issuing guidelines and providing clear steps towards compliance. This makes France one of the most progressive countries in the world.
So, what does all this look like in practice?
On January 21st, 2019, CNIL hit Google with a €50m fine for breaching GDPR through its use of targeted advertising, the biggest yet levied under the new legislation.
The message was clear: Data Protection Authorities (DPAs) intend to use their powers. While this is necessary to uphold the integrity of the law, DPAs can also look to develop their own internal values that ensure their hand is a firm but nurturing one.
The CNIL already does this. Its mission is to inform, educate and protect consumers, as much as it is to regulate, inspect and control businesses. There are many things that DPAs in Australia could learn about the way the CNIL operates, like giving companies a grace period to become compliant, rather than immediately imposing fines. Recently in France, a couple of location businesses were publicly called out due to anonymous location data being captured without specific consent, but they were given 90 days to cure their consent defects before being sanctioned.
If we agree this is a good indicator of what a progressive approach to data, digital and technology could look like, here is the key learning I’ve taken from it:
While the Government is still in the process of reviewing the ACCC Digital Platforms Final Report, we will soon have more clarity on specific recommendations to act upon. Having said that, introducing significant long-term funding will be key to create capacity and capability for effective management and regulation.
With the release of the ACCC final report last month and the rise of GDPR regulations being adopted in Australia, looking at what is happening overseas, especially in the EU, may be a good lens for the future of digital platforms in Australia. What could the impact be on these huge companies and what will it take to reach a sustainable outcome for all parties involved?
The new French digital tax will apply 3 per cent on large tech companies’ local revenues. This is their total sales in France, not the profit they make. It will apply to tech companies with global sales of over €750m, and which make more than €25m a year in France; retroactively applied from January 2019. It is anticipated to raise around €400m this year alone.
US President Trump has ordered an investigation into the tax, clearly upset that most of the companies it targets are from the US. And because it will clearly impact global profits and returns for various stakeholders. But while he may come across as the sulky child, France, by contrast, is like the scolding authoritative parent. Teaching its child what’s right and wrong, while maintaining a sense of control.
If France is the leader, the rest of Europe could soon follow, with Germany and Italy looking to introduce their own versions of the tax. But what are the key things we need to know?
Firstly, it’s important to point out that this is 40 years in the making. Unlike most capitalist countries, France was one of the first to vote for a ‘Computers and Liberty’ law. This involved the creation and funding of an independent control authority.
The French independent data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), was established in 1978. Its mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data. With GDPR coming into force in May 2018, CNIL has taken a lead role in clarifying what it means for businesses, issuing guidelines and providing clear steps towards compliance. This makes France one of the most progressive countries in the world.
So, what does all this look like in practice?
On January 21st, 2019, CNIL hit Google with a €50m fine for breaching GDPR through its use of targeted advertising, the biggest yet levied under the new legislation.
The message was clear: Data Protection Authorities (DPAs) intend to use their powers. While this is necessary to uphold the integrity of the law, DPAs can also look to develop their own internal values that ensure their hand is a firm but nurturing one.
The CNIL already does this. Its mission is to inform, educate and protect consumers, as much as it is to regulate, inspect and control businesses. There are many things that DPAs in Australia could learn about the way the CNIL operates, like giving companies a grace period to become compliant, rather than immediately imposing fines. Recently in France, a couple of location businesses were publicly called out due to anonymous location data being captured without specific consent, but they were given 90 days to cure their consent defects before being sanctioned.
If we agree this is a good indicator of what a progressive approach to data, digital and technology could look like, here is the key learning I’ve taken from it:
- An independent data authority is critical – but it should support consumers, advertisers and publishers and tech suppliers alike, not just levy fines.
- We need to invest in an expert independent entity, to work with existing bodies such as the ANAA, the MFA, and the IAB.
- It will take long term commitment, experience and perspective to earn credibility, trust and respect.
- One size does not fit all, and adopting a nuanced approach is key for better results.
- Bold moves like the Tech Tax don’t happen overnight and take long term planning & preparation.
While the Government is still in the process of reviewing the ACCC Digital Platforms Final Report, we will soon have more clarity on specific recommendations to act upon. Having said that, introducing significant long-term funding will be key to create capacity and capability for effective management and regulation.