As the web developed over the years it was increasingly easy to go global and deliver content across the world’s networks to new markets, despite unclear tax regimes, unclear conditions to register a business in many countries, and opaque legal obligations. Some countries consciously looked the other way, others had no law to govern web-delivered services.
This allowed companies to sell “cross-border” without paying those pesky VAT people or having to register an office locally and comply with any local laws. In many cases this practice still continues, but there are signs that things are changing. Russia’s efforts to address the issue have resulted in new laws, which are sometimes described as an Iron Curtain round the Internet, similar to China’s Great Internet Wall.
Bad man of the Internet?
Russia was singled out as the Bad Man of the Internet by the European and US press back in September 2015 when the Information Law Amendment FZ242 came into force.
The issue became even more visible this month when a Moscow court upheld a complaint by the regulatory authorities against LinkedIn for flouting the rules and the website was subsequently blocked in Russia - and is still blocked as I write.
Russia may be criticized for many things but one thing it does well is administration – laws do surprisingly get obeyed, no matter what we are led to believe by press groupthink and cliches. Russia is twelfth in the World for ability to enforce contracts for example, as assessed by the World Bank, ahead of the US, UK Sweden and France for example (see doingbusiness.org).
Since Russia’s move, other countries have begun to follow suit. Data sovereignty has become a big issue as many countries seek to on-shore their Internet and reap the benefits in terms of data security, inward investment, jobs and taxes, realizing that if data is the new oil then they can get paid for it.
Canada, Australia, Germany, France are just a few enacting or enforcing laws in this area.
Addressing tax inequalities
Germany’s Federal IT administration has now ruled on how cloud computing can be used within government: “Information which needs to be protected (e.g., business secrets and sensitive data about the federal IT infrastructure) must exclusively be processed in Germany. Cloud providers must enter into a Non-Disclosure Agreement, whereby such data may not become subject to foreign disclosure and access obligations.”
In France, the Digital Bill as voted for by the French Senate on 3 May 2016 includes a data localization provision: “Data shall be stored in a data center located within any EU Member State territory, without prejudice to international agreements to which France and the EU are parties. They cannot be subject to a transfer to a third country”.
Data sovereignty can also have a positive tax effect. By locating servers (or even arguably the data) physically in a country, a legal presence is created and discussions about revenue and VAT can begin. It’s all part of growing up for the bigger web players.
So this month’s ruling in Russia about LinkedIn is nothing more than a sovereign state enforcing its laws - in this case, one that came into effect more than a year ago in September 2015.
In my view, if you want revenue from a country, then you should abide by its laws and behave as a good corporate citizen… or else not operate in that country at all.
Russia’s Information Law Amendment FZ242 stipulates that Russian citizens’ information must be stored within the Russian Federation. This essentially means that the master copy of the data (phone number, address, credit card details etc) must be held in a server on Russian soil. The database can be worked on from anywhere in the world however.
Many big names seem to have found this easy to comply with: Booking.com, Apple and La Redoute addressed the issue back in 2015, according to media reports.
Forcing compliance with these laws obviously has a positive effect on the economy. In the case of Germany it ensures that all cloud services sold into government will be hosted in Germany, so Germany will have more data centers (and hence more inward investment), more servers and more jobs for technical staff.
Having a physical presence also enables a country to charge taxes. In Europe, for example, when I was president of Equinix Europe, we were aware of the taxation issues surrounding a number of big names in the Internet. These big names were already paying tax and abiding by all necessary laws (as they still do today). But the EC had woken up to the fact that tax inequality between member states had created an area of conflict, an issue which it is still trying to address today.
An issue of fairness
The question of fairness has become a bigger issue in emerging markets, where typically Internet players had the excuse that local laws were unclear, so why bother abiding by them? If a company has no servers and no legal presence in that market, then presumably it can offer its service VAT free (taking payment by credit card) and not pay any tax as no revenues are declared for that country. It can also sell advertising on the basis of its information on users in that country.
In my view, if you want revenue from a country, then you should abide by its laws and behave as a good corporate citizen… or else not operate in that country at all.
Secondly, if you need to comply, then show willingness to do so. First take some concrete steps, such as renting data center space or contracting with a local cloud provider, and then engage in a dialog with the regulatory authorities. You’d be surprised how friendly these pesky Russians can be if you take the time to talk to them!
Guy Willner is chairman and CEO of IXcellerate Moscow