EDPS issues Opinion on EU proposal for direct VAT data access to fight fraud
The European Data Protection Supervisor (EDPS) has issued an opinion on the European Commission’s proposal to amend Regulation (EU) No 904/2010. The amendment aims to strengthen the fight against intra-Community value added tax (VAT) fraud by granting the European Public Prosecutor’s Office (EPPO) and the European Anti-Fraud Office (OLAF) direct and centralized access to VAT information at the EU level. This proposal targets large-scale cross-border VAT fraud, particularly Missing Trader Intra-Community (MTIC) schemes, which continue to cause significant financial losses across the European Union.
The EDPS acknowledges the importance of combating VAT fraud to protect public finances and the integrity of the internal market. It recognizes that specific, limited direct access to VAT data by EPPO and OLAF can be necessary for effective investigations and enforcement actions. However, the EDPS emphasizes that such access must remain exceptional, clearly defined, and safeguarded to prevent it from becoming a routine or broad practice that could undermine data protection principles.
The proposal sits at a sensitive intersection between administrative VAT cooperation and criminal law enforcement. The EDPS highlights that processing personal data for administrative purposes is governed by different legal frameworks than processing for criminal enforcement. Therefore, the legal framework must clearly reflect this distinction to ensure compliance with EU data protection laws, including principles of purpose limitation, data minimization, and accountability.
The EDPS calls for stronger legal, technical, and organizational safeguards to accompany the proposal. While some details can be addressed through implementing acts, core parameters must be established in the primary legislation. This approach will help prevent misuse and ensure that access to VAT information is limited, targeted, and compliant with EU data protection standards.
