External data protection officers act commercially

Key Facts

An external data protection officer is a commercial entrepreneur, even if he also works as a lawyer.
On 14.01.2020, the BFH ruled that there is no freelance activity pursuant to Section 18 (1) EStG.
A trade tax liability arises if certain profit limits are exceeded, as does the obligation to keep accounts.
The plaintiff was an independent lawyer and external data protection officer.
The tax office considered the plaintiff's activity to be commercial and assessed trade tax.
The BFH confirmed that the plaintiff was working in an independent profession, not as a lawyer.
The data protection officer requires interdisciplinary knowledge, but no specific academic training.

An external data protection officer is a commercial entrepreneur, even if he also works as a lawyer. As the Federal Fiscal Court (Bundesfinanzhof, BFH) decided in its ruling of January 14, 2020 (VIII R 27/17), there is no freelance activity within the meaning of § 18 para. 1 EStG exists. The external data protection officer is therefore subject to trade tax and – if certain profit limits are exceeded – also subject to accounting.

In the case in question, the plaintiff worked as an independent lawyer in the field of IT law. In addition, he worked for various larger companies as an external data protection officer. The tax office regarded this activity as commercial. It assessed trade tax and claimed that the plaintiff was a commercial entrepreneur pursuant to sec. § Section 141 of the German Fiscal Code (AO) to keep books and prepare financial statements as of the following year. The plaintiff’s appeal against this 2012 request was unsuccessful, as was the subsequent action before the Tax Court.

The BFH has now confirmed the previous decision. As a data protection officer, the plaintiff does not exercise an activity reserved for the profession of a lawyer. Rather, he is engaged in an independent profession that must be distinguished from his work as a lawyer. The data protection officer advises in interdisciplinary areas of knowledge. In addition to data protection expertise, he must also have specialist knowledge in other areas (e.g. information and communications technology and business administration). However, unlike the lawyer, he does not have to provide evidence of specific academic training.

For this reason, the plaintiff as data protection officer is also not active in a profession similar to that of a lawyer. Finally – according to the BFH – no other self-employed work within the meaning of § 18 para. 1 No. 3 EStG to be assumed. There was a lack of the necessary comparability with the standard examples mentioned there.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: Data protection Law Federal Fiscal Court Information IT Law Lawsuit Privacy