We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.

Data body’s concern on EU’s VAT proposal
(Pic: Shutterstock)
08 Jan 2026 eu Print

Data body’s concern on EU’s VAT proposal

A European data watchdog has warned that a European Commission proposal aimed at tackling VAT fraud must be more clearly explained.

The commission has proposed amending an EU regulation to grant the European Public Prosecutor’s Office (EPPO) and the European Anti-Fraud Office (OLAF) specific direct and centralised access to VAT information at EU level.

The commission has estimated that VAT fraud costs the EU and member states between €12.5 billion and €32.8 billion a year. It has argued that current rules to combat such activity are not suitable for investigating complex cross-border fraud.

‘Blurring’ of boundaries

In an opinion, the European Data Protection Supervisor (EDPS) welcomed the proposal’s objectives and acknowledged that “specific and limited” direct access to certain VAT information by the EPPO and OLAF could be needed to ensure effective investigations and enforcement.

The watchdog, however, warned against blurring administrative and criminal boundaries.

“Processing personal data for administrative purposes and for criminal-enforcement purposes follows distinct legal regimes and principles, and this separation must be carefully reflected in the legal framework,” it stated.

‘Exceptional’ access

Supervisor Wojciech Wiewiórowski acknowledged that fighting VAT fraud was essential to protect public revenues and the integrity of the internal market.

“However, exceptional access to administrative databases for law enforcement purposes must remain precisely that ­– exceptional. It must be clearly circumscribed and carefully safeguarded, and should not become a backdoor precedent for broad or routine access,” he warned.

The EDPS said that the proposal should “more clearly explain and underline” the exceptional nature of providing direct access to administrative databases for law-enforcement purposes.

“Further clarification is warranted to avoid any risk that the proposal could be misconstrued or later relied upon as precedent for more general application,” the body said.

The EDPS is an independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland

Related EU content

EU
Pharma market exclusivity reduces

Extra protection for ‘breakthrough’ products

eu
EU deal on ‘safe third countries’ for asylum

No automatic right to remain during appeals
eu
EU renews post-Brexit data decision

British framework provides ‘robust safeguards’

eu
Data body’s concern on EU’s VAT proposal

Anti-fraud plan would give agencies greater access
Copyright © 2026 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.