Data and Taxes

In 2016 Jennifer Daskal gave wrote an article entitled The Un-Territoriality of Data1, where she describes the authority of the US government to seize data, and the enforceability of warrant jurisdictions. "Territoriality" is taken to mean crossing physical boundaries on data stored elsewhere, in this case, the Microsoft Corp. v. United States litigation2.

Long story short, a warrant was issued for Microsoft to turn over email data, however the servers that stored the email data were located in Dublin. As a result, Microsoft refused to provide the emails, and numerous appeals were made. Interestingly enough, this drew the the Irish government's own privacy laws as well as the EU's Data Protection Directive. Ultimately the cause worked its way up to the Supreme Court, although the case was rendered moot by the CLOUD act3, which then proceeded to refactor the existing laws. Both the US Department of Justice and Microsoft supported the CLOUD act, which ended up stating that US companies must provide data when given a warrant, but also allows for the companies or courts to challenge if they are incompatible with the laws the physical data lies in. Bilateral agreements can be made by the executive to streamline data transfer between two countries regarding data of US citizens.

Setting aside the numerous privacy issues4, this represents a unique moment for data regulation. While the micro-level effects of the CLOUD act relate to privacy, it's more useful to think of this as a moment for the assertion of "sovereignty". The US asserts (within some limitations) that data produced by US citizens, passing through US companies, are allowed to be searched regardless of where the data is physically located. This is akin to the US's expat taxation scheme, where expats are taxed on their income anywhere they live in the world.

Now, unlike expats, US companies are not de jure taxed on their international profits, given the existence of tax havens. Returning to Ireland, it's status as a tax haven for Apple was widely debated a few years back5. Tax havens (and special economic zones) exist as grey areas in a country's sovereignty: they allow companies to evade some set of tariffs and laws. If a country's sovereignty is defined as its laws and how it enforces those laws, tax havens are effectively "blind spots", where sovereignty cannot effectively be enforced. The history of the Panama papers is a particular note, where masses of the wealthy were found to be stashing their wealth overseas to avoid taxes.

Nils Gilman wrote an article in 2014 called "The Twin Insurgency"6, where he describes how sovereignty in the modern era has been weakened by two sets of actors: criminals who resist or modify the laws, such as drug cartels and human traffickers, and oligarchs and globalized elites who hide from the laws. These two groups, Gilman states, weaken the state but do not destroy it, they seek to carve out zones of autonomous action where they can reign and profit. Easy flow of capital has enabled both sets of actors to exist simultaneously, the] shadow of the global economy gives rise to criminals, the heights of the global economy lifts up the elite.

This is equally applicable to data. James Bridle writes in his book "New Dark Age"7 how the explosion of information has lead to the overbearing nature of network effects: information empowers those entrenched while also making it more difficult for new actors to enter. Bridle gives the example of financial data, financial data has allowed for massively improved efficiency for market actors, such as high frequency trading firms and banks, while making it all the more difficult for individual investors to get in. Silicon Valley VC's are obsessed with the idea of "network effects", emphasizing how data is key, such as in the "AI"8 sector. This is because network effects allow you to become more profitable while simultaneously locking out competitors, any businessman's dream.

Bringing this back to Ireland once again, we are currently seeing the rise of Ireland as a pseudo-data haven. GDPR, the EU's general directive towards privacy, is enforced through a "one-stop shop" mechanism, where the company resides is the one dealing with enforcement of GDPR. In other words, "a Spanish complaint against Twitter should be dealt with by the IDPC [Irish Data Protection Commission]"9. Ireland, having been so popular for tech companies for low taxes, is now in the position of de facto enforcement of GDPR, a role that the IDPC have repeatedly show little motivation and resources in doing.

It is the difference between tax laws across countries that creates arbitrage, and it is this arbitrage that brings in tax havens. In the same way, if the Irish authorities continue to be the weak point of GDPR enforcement while also regulating the bulk of tech companies, Ireland becomes a data haven, a place where companies can go to skirt data laws.

Southeast Asia should be watched to see if data havens will arise. Currently, Southeast Asia is the only place in the world where cloud computing firms of US and China can compete open10. FT has a useful diagram of the APAC region10:

se-asia-cloud.png

How these companies choose to store data, and how Malaysia, Singapore, Indonesia, China, and the US choose to regulate will determine the future of data territoriality. Unlike capital, data has real transmission costs (mostly the speed of light), which is why these companies choose to locate their servers so close to this growing market. Lax regulation could turn Southeast Asia into a data version of the Caribbean tax havens.

As tax havens reduce revenue for a state and ultimately harms the common citizen, data havens harm the common citizen by placing their personal data at risk. It is the dual insurgency of Gilman describes, computer hackers and criminal outfits from the bottom up, globalized elites from the top down, only to result in the harm of the citizenry in between. Tax havens represent a forfeit of sovereignty for a country, and has yet to be seen if countries will learn these lessons when it comes to data. The CLOUD act is just the starting shot of the next few decades.

Posted: 2020-06-13
Filed Under: tech