Wednesday, 18 November 2020
Monday, 16 November 2020
On November 11th the CJEU delivered a judgment in C-287/19 DenizBank AG v Verein für Konsumenteninformation on the interpretation of Directive 2015/2366 on Payment Services (PSD2).
VKI an Austrian consumer protection organization brought proceeding for a prohibitory injunction infront of Handelsgericht Wien asking the court to prohibit DenizBank from using several clauses in their standard terms with consumers on grounds that they are null and void. The validity of these clauses were questions in relation to the card’s NFC (Near Field Communication) functionality that enables customers to use contactless payment for low value transactions. The case provided an opportunity to the CJEU to provide interpretation on several aspects of PSD2.
Validity of tacit consent to contract variation
With the first question the Austrian Supreme Court asked whether Article 52(6)(a) of Directive 2015/2366, read in conjunction with Article 54(1), should be interpreted to mean that the payment service providers may agree with the payment service users (who are in this case also consumers) in the framework contract to include a presumption that when the conditions laid down in the contract are satisfied, the payment service users tacitly consented to contract variation.
The CJEU reminded that the tacit consent that is provided for and thus agreed between the parties in advance at the point of contract conclusion of the framework contract is only valid if the change in terms and conditions is of minor importance to the contract. The court emphasized that in case of changing any of the essential terms that would result in a new contract, tacit consent would not be enough. Although the CJEU does not specify, it might be important to note that a framework contract here should be the contract that provides the card, in case of debit cards, this would be the bank account.
The CJEU confirmed that the provision indeed provide for a freedom of payment service providers and users to include these kind of clauses into their contracts, because PSD2 does not lay down restrictions regarding the status of the user or the type of contractual terms that may be the subject of such tacit consent. In principle therefore the validity of tacit consent could not be ruled out. However, in transactions with consumers, the clause should also be subject to an independent review under the Directive 1993/13/EC on unfair terms and may thus be removed from the contract for being unfair.
Meaning of a ‘payment instrument’
With the second question the referring national court asked for clarifying meaning of payment instrument in Article 4(14). More specifically, whether the NFC functionality of personalised multifunctional bank cards by means of which low-value payments are debited from the bank account associated with that card constitutes a ‘payment instrument’.
Under Article 4(14) a ‘payment instrument’ is ‘a personalised device(s) and/or set of procedures agreed between the payment service user and the payment service provider and used in order to initiate a payment order’.
According to the CJEU, the NFC functionality of a multifunctional bank card associated with a specific bank account does not constitute a ‘personalised device’, since the use of that function, in itself, does not allow the payment service provider to verify that the payment order was initiated by a user authorised for that purpose, unlike the other functions of that card which require the use of personalised security data, such as a PIN code or a signature. However, the NFC functionality is capable of constituting, in itself, a non-personalised ‘set of procedures’, within the definition and can thus be considered a ‘payment instrument’ for the purposes of the application of PDS2.
Meaning of ‘anonymous’ use
Further on, the CJEU also had an opportunity in this case to interpret the meaning of ‘anonymous’ within Article 63(1)(b), specifically, whether contactless low-value payment using the NFC functionality of a personalised multifunctional bank card constitutes ‘anonymous’ use of the payment instrument.
Article 63 allows for contracting parties to agree to several important derogations from the protective framework of PDS2 for low value individual payment transactions not exceeding EUR 30 or which either have a spending limit of EUR 150, or store funds which do not exceed EUR 150 at any time. These include derogation from Article 72 which requires the provider to prove the authentication and execution of payment transactions; from Article 73 which establishes the principle that the service provider is liable for unauthorised payment transactions; and from Article 74(1) and (3) which enables the parties to confer some responsibility for unauthorised payments on the payer for up to EUR 50. These derogations are only possible under Article 63(1)(b) where ‘the payment instrument is used anonymously’ or where ‘the payment service provider is not in a position for other reasons which are intrinsic to the payment instrument to prove that a payment transaction was authorised’.
The CJEU held that despite the facts that the card itself is personalized, connected to a bank account of a particular customer, the use of the NFC functionality for the purpose of making low-value payments constitutes ‘anonymous’ use, within the meaning of Article 63(1)(b). The payment service provider is objectively unable to identify the person who paid using that functionality and thus unable to verify, or even prove, that the transaction was duly authorised by the account holder.
Consequently, contactless low-value payment using the NFC functionality of a personalised multifunctional bank card constitutes ‘anonymous’ use of the payment instrument in question, within the meaning of Article 63(1)(b).
The ways to prove impossibility to block or prevention of future use of payment instrument
Article 63(1)(a) allows the payment service provider and the
user to agree on further derogations from the protecting framework of PDS2,
that is, from Article 69(1)(b) which requires the user to inform the
provider without delay of the loss, theft, misappropriation or any unauthorised
use of the payment instrument concerned; from Article 70(1)(c) and (d) of which
requires the provider to make available to the user means to make that
notification free of charge or to request unblocking of that instrument; and from
Article 74(3) which relieves the payer, except where he or she has acted
fraudulently, from the financial consequences of any use of the lost, stolen or
misappropriated instrument that takes place after that notification.
These derogations are possible to achieve if the payment instrument does not allow its blocking or prevention of its further use. So the question infront of the CJEU was whether payment service providers may simply declare that it is impossible to block the payment instrument concerned or to prevent its continued use, where, in the light of the objective state of available technical knowledge, that impossibility cannot be established.
The CJEU concluded that this is not the case. The ‘payment service provider wishing to exercise the option provided for in Article 63(1)(a) … may not, in order to relieve itself from its own obligations, simply state, in the framework contract relating to the payment instrument concerned, that it is unable to block that instrument or to prevent its further use. That service provider must establish, with the burden of proof being on that provider in the event of a dispute, that that instrument in no way allows, on account of technical reasons, its blocking or prevention of its further use. If the court hearing those proceedings considers that it would have been physically possible to carry out such blocking or to prevent such use, having regard to the objective state of available technical knowledge, but that the provider did not make use of that knowledge, Article 63(1)(a) may not be applied to the benefit of that provider’ (para 98).
Friday, 13 November 2020
Dark patterns and conditions for a valid consent to data processing - judgment of the CJEU in C‑61/19 Orange Romania
The dispute goes back to a fine imposed by the Romanian data protection authority on the provider of mobile telecommunications services, Orange România, for an allegedly unlawful storage of the copies of customers' identity documents. In particular, the authority argued, the data controller failed to demonstrate that the data subjects had given their valid consent to the contested processing. What makes the case interesting is that the storage of ID cards was, in fact, explicitly mentioned in the contracts which Orange concluded with its customers. Specifically, the following wording is cited:
As seen from above, both the declaration of "consent" and the confirmation of having
received the associated information were pre-forumlated by
the trader. At least in certain cases they were also already "pre-ticked". In fact, however, consent to the storage of the copies of ID cards was not necessery for entering into a contract and customers, who refused to consent, were not prevented from the contract conclusion. Data subjects who did not wish their ID cards to be copied, though, were asked to go through additional steps, most notably confirm their refusal in a specific form, which, like pre-ticked checkboxes, can be regarded as an example of dark patterns in action (or, in this case, "sludge").
Against this backgroud, doubts have been raised, among others, as to whether the clauses on data processing were sufficiently distinct from the remaining parts of the documents, whether the data subjects were not
misled about the possibility of refusing consent to the storage of ID cards and, if so, whether this could have an impact on the validity of their consent.
Even though the contested fine was imposed on Orange România prior to the date of application of the GDPR, the Court of Justice decided to provide guidance on both Directive 95/46/EC and Regulation 2016/679. Key norms subject to the analysis where those laying down conditions for a valid consent. Focusing on the GDPR, attention should be drawn to its Article 6(1)(a), listing data subject's consent among the grounds for the lawful professing of his or her personal data, and to Article 4(11), which defines "consent" as any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Of relevance are further the associated information duties in Article 13 as well as (non-binding) clarification of the above in recitals 32 and 42.
Judgment of the Court
While the specific assessment of the case at hand has been left to the national court (in line with the nature of preliminary reference procedure), the judgment provides important guidance on the legal provisions to be applied. In particular:
- The Court recalls that for consent to be validly expressed (by the data subject) and later demonstrated (by the controller), the corresponding wish of the data subject should be reflected in his or her active behaviour. In particular, unambiguous and informed consent cannot be inferred from the fact that the data subject did not deselect a pre-ticked checkbox (paras. 35-37, 45-46; on the burden of proof, see also paras. 42, 51).
- The judgment goes on to discuss the definition of consent as a "specific" indication of data subject wishes, highlighting the requirements of Article 7(2) (presentation of the request for consent in a manner which is clearly distinguishable from the other matters) and recital 42 of the GDPR (presentation of pre-formulated declarations in an intelligible and easily accessible form, using clear and plain language). The latter is especially worth highlighting, as it directly refers to Directive 93/13/EEC on unfair terms in consumer contracts. Transparency of declarations is also considered relevant for establishing whether consent so expressed has been informed. What is more, corresponding information provided by the controller "must enable the data subject to be able to determine easily the consequences of any consent he or she might give", which again brings to mind the requirements for substantive transparency known from consumer law stricto sensu (paras. 38-40, 47-48). The latter may have significant impliactions for the validity of consent to the processing of personal data in the context of automated decision-making.
- Finally, an important part of the judgment concerns the requirement for consent to be freely given (and again informed). In para. 41, the Court observes that "in order to ensure that the data subject enjoys genuine freedom of choice, the contractual terms must not mislead him or her as to the possibility of concluding the contract even if he or she refuses to consent to the processing of his or her data" (similarly para. 49). This brings to mind the notions of misleading actions and ommissions, known from Articles 6 and 7 of Directive 2005/29/EC on unfair commercial practices (note that the Directive refers directly to the "freedom of choice" only in the subsequent provision on aggressive practices). At a later point of the judgment, the Court also questions the free nature of consent in the case at hand in view of the additional burden (sludge) imposed by the controller on the data subjects who wish to refuse consent (para. 50). As in the other instances, however, an assessment is ultimately left to the referring court.
Overall, the judgment provides for a range of important reference points, which may help to increase the level of consumer and data protection in the EU. Worth noting are the recurring references to the requirement of an "informed" consent, which appears to complement and reinforce all other conditions. The judgment underlines the close connection between data protection and consumer law stricto sensu, which has long been observed in the literature. Recognition of the role of (substantive) transparency and of potentially misleading practices in assessing consent validity is also to be welcomed. Both seem especially relevant in the digital market, where the consequences of consent are often difficult to determine and where dark patterns remain prevalent.
Monday, 2 November 2020
In Case C‑529/19 (here), the CJEU interpreted the Consumer Rights Directive, particularly the right of withdrawal and its exceptions (Article 16). In this case, the consumer bought a fitted kitchen from Möbel Kraft (a German furniture company) at a trade fair. Later, the consumer communicated to Möbel Kraft its wish to withdraw from the contract. Consequently, the consumer refused to accepted delivery of the kitchen. In response, Möbel Kraft sued for breach of contract. Möbel Kraft had not yet started to manufacture the kitchen parts at issue when the consumer withdrew from the contract.
While Article 9 of the Consumer Rights Directive gives consumer the right to withdraw from an off-premises or distance contract, Article 16 lists several situations where that right does not apply. One of those situations is when the consumer buys goods made to the consumer’s specifications or clearly personalized (Article 16(c)). Given Article 16(c), the referring court asked the CJEU whether the consumer’s right to withdraw from an off-premises contract is also excluded in case where goods are made according to the consumer’s specifications, but the seller has not yet begun to produce the goods and therefore does not incur in any (or few) costs in case of the consumer’s withdrawal.
The CJEU starts by clarifying that the contract in question can only be considered an off-premises contract if it was not concluded at the trade fair stand, which can be seen as ‘business premises’ according to Article 2(9) of the Consumer Rights Directive. Then, the CJEU states that there is nothing in the Consumer Rights Directive that indicates that the exception of Article 16(c) is dependent on the occurrence of any event after the conclusion of the off-premises contract (para 24). In fact, the CJEU states that this exception is inherent to the subject matter of such a contract. In other words, the application of this exception is independent from the stage of performance of the contract (or the stage of production of the products in question) (para 24). Consequently, the CJEU determines that the exception to the right of withdrawal in off-premises contracts where the consumer acquires personalized goods applies from the outset of the contract. The CJEU extracted this conclusion not only from the literal element of Article 16(c) but also from its systematic element, since Article 6(1)(h) and (k) of the Consumer Rights Directive impose a pre-contractual duty on the trader to inform the consumer of the existence or absence of a right of withdrawal (para 25). If the existence of a right of withdrawal would be dependent on a decision of the trader (namely when to start performing the contract), the goal of providing the mandated pre-contractual information would be frustrated (para 27). Finally, to allow the right of withdrawal to depend on the moment in time where the trader starts to produce the goods would be contrary to legal certainty (para 28).
With this decision, the CJEU establishes the inflexible character not only of the right of withdrawal but also of its exceptions. The CJEU’s decision opts for legal certainty over consumer protection considering that, in practice, this means that every time that a consumer acquires a personalized product she can never withdraw from that contract, regardless of the actual costs suffered by the business. Therefore, the CJEU directly contradicts national case law from, for example, the Bundesgerichtshof, which previously determined that the right of withdrawal is not excluded if the goods can be restored at a low cost to the condition they were in prior to the personalization.
Thursday, 22 October 2020
Last week the CJEU delivered its judgment in C-778/18 Association francaise des usagers de banque v Ministre de l'Economie et des Finances, interpreting Directive 2007/64 on Payment Services as repealed by Directive 2015/22366, Directive 2014/17 on Mortgage Credit and Directive 2014/19 on Payment Accounts.
This judgment answers a very interesting question on a practice that may be common in some Member States: is it compliant with EU law to require the transfer of consumers' income to the mortgage provider as a condition for approving their mortgage loan applications?
This claim was initiated by a consumer association representing banking clients. It sought annulment of the relevant French law implementing the above directives on grounds of misuse of power. The organization explained that the law disregards the objective of customer mobility pursued by the directives because it authorizes credit institutions to require consumers to deposit their salaries or other income with them and fixes the maximum period of 10 years for which consumers can ripe advantage of such deposited money irrespective of the amount, maturity and duration of the loan they were applying for.
The scope of Art. 12(2)(a) Directive 2014/17/EU
The CJEU was in effect faced with interpretation of the scope of Art. 12(2)(a) Directive 2014/17/EU. This provision provides an exception from the general rule of the Directive in Art. 12 that prohibits tying practices. The exemption in Art. 12(2)(a) provides creditors with an option to request from consumers or their family members to 'open or maintain a payment or a savings account, where the only purpose of such an account is to accumulate capital to repay the credit, to service the credit, to pool resources to obtain the credit, or to provide additional security for the creditor in the event of default'. Given this exemption, the CJEU noted that the obligation to deposit income is in principle consistent with the Directive (para. 54). However, the CJEU goes on to clarify that the exemption must comply with the requirements of proportionality, that is, it should provide account of the characteristics of the loan concerned, its amount, maturity and duration (para 56). Any different interpretation would jeopardize the achievement of the objectives of the Directive to provide a high level of protection for consumers, and to secure consumer mobility between banks, especially in circumstances when consumers wish to conclude a number of loans with different lenders. Tying them to a single bank would stand on the way of having an opportunity to shop around and make informed decisions for better deals. The CJEU therefore concluded that Art. 12(2)(a) must be interpreted to preclude national legislation that allows lenders to grant loans conditional on the deposit of all borrowers income on the payment account opened with the creditor (para 58). In regard to the duration of this obligation to have the account opened with the mortgage lender, the CJEU highlighted that the Directive does not provide any limitations as to the duration of the loan, and in principle therefore, this requirement is not inconsistent with the Directive, as long as the purpose of the deposit/account complies with the requirements set out in Art. 12(2)(a) (para. 61).
The meaning of ‘charges’ or ‘fees’ in Directive 2007/64, Directive 2015/2366 and Directive 2014/92
The second question raised in this case related to the meaning of 'charges' and 'fees' within Directive 2007/64, Directive 2015/2366 and Directive 2014/92. To promote consumer mobility and account switching, these rules provide consumers with a freedom to terminate framework contracts such as a current account contract without being liable to pay compensation in the form of fees or charges. French law however provides that if borrowers case to satisfy the income deposit requirement, lenders may terminate for remainder of the duration of the mortgage loan any individual advantages that were conferred on consumers, for instance, a better interest rate. The question infront of the CJEU was whether this denial of the benefit can be understood as a fee or charge within the meaning of the above directives. The CJEU ruled that it cannot.
This judgment tackles a very interesting legal question. However, in addition to the bank account being extra security for the provided loan, another important aspect of transferring income in the mortgage provider bank is not considered in the judgment. Namely, not only that consumers' incomes provides additional security for banks that loans are going to be or at least they can be repaid, it also provides banks with additional data on customers. This enables banks to pull on a larger amount of data for profiling customers and monitoring their behavior. On the one hand, this may be beneficial for consumers, data could help banks to identify problems in repayment and income stream of the customer and address this with early intervention measures such as payment holidays. On the other hand, this additional information can help banks to provide new products to consumers that are tailored to their behavior and needs, that are arguably more likely to be taken by consumers than any products or services that does not suit them as much. The use of big data in banking is still in its infancy but having a bank account certainly provides extra opportunities for banks to get to know their customer, and represent a potential for extra profit. Perhaps this aspect could have also been taken into account in shaping the concept of fees and charges in the present context.
Thursday, 15 October 2020
As mentioned in our previous post on the Digital Finance Package (see here) on the September 24 the EU Commission also published a renewed Retail Payments Strategy as part of the Digital Finance Package.
The logic behind the need for a renewed strategy is the ever-increasing importance of payments for EU financial markets. Payments are the lifeblood of European economy. This is a very dynamic market, highly innovative and fast changing raising new opportunities and risks that needs to be dully mitigated. As the Commission notes:
"Innovation and digitalisation will continue to change how payments work. Increasingly payment service providers will abandon old channels and traditional payment instruments and develop new ways to initiate payments, such as ‘wearables’ (watches, glasses, belts etc.) or parts of the body, sometimes even eliminating the need to carry a payment device, building on advanced authentication technologies such as those relying on biometrics. As the internet of things further evolves, devices such as fridges, cars and industrial machinery will increasingly connect to the internet and become conduits for economic transactions".
The renewed strategy sets out the EU Commission's vision of payments market:
- Citizens and businesses in Europe benefit from a broad and diverse range of high-quality payment solutions, supported by a competitive and innovative payments market and based on safe, efficient and accessible infrastructures;
- Competitive home-grown and pan–European payment solutions are available,
- The EU makes a significant contribution to improving cross-border payments with non-EU jurisdictions, including remittances, thereby supporting the international role of the euro and the EU’s ‘open strategic autonomy’.
The vision will be achieved by following four strategic aims set out in detail; some of the key points would be the following:
1) Increasingly digital and instant payment solutions with pan-European reach
The development of instant payment systems is the top priority or is envisaged as the 'new normal'. Instant payments make payment immediately available- the framework should result in payment solutions that are efficient and work cross-border. Consumer trust is also of key importance here, and instant payments can create instant fraud. It is therefore crucial that payment service providers have in place appropriate and real-time fraud and money laundering/terrorist financing prevention tools.
Further in this context and within the upcoming revision of PSD2 the Commission will assess the extent to which the EU’s existing consumer protection measures (e.g. rights to refunds) can provide consumers with the high level of protection offered by other payment instruments. The Commission will assess the impact of charges levied on consumers for instant payments and, if relevant, require that they are no higher than those levied for regular credit transfers.
Payments is a network industry yet at EU level there is no trend of fintech companies scaling up in the internal market to become global players.
2) Innovative and competitive retail payments market
Within this strategic aim the Commission is strongly in favour of fully supporting open banking. Again, open banking will come under scrutiny within the review of PSD2 and interestingly the Commission also plans to present a legislative proposal for open finance that would include a broader range of providers in data sharing than only banks.
Further, within this strategic pillar the Commission needs to make sure the regulatory parameter is working well and that it is coupled with efficient supervision. As the Strategy notes, "big payments conglomerates may include both regulated and unregulated entities. Problems encountered by unregulated entities providing technical services to support some of the Group’s affiliates could potentially have a spill-over effect."
The payments market should also secure a fair level playing field, as "the world increasingly dominated by digital platforms, large technology providers are taking advantage of their vast customer base to offer front-end solutions to end-users."
efficient interoperability between clearing and settlement mechanisms. Payment service providers now must connect to several (national and/or European) clearing and settlement mechanisms.
In addition, it is also crucial to secure access for all payment service providers for necessary technical infrastructure, hardware and software for developing and offering innovative payment solutions.
Developing this pillar will require a cooperative approach of DG FISMA with at least the European Central Bank, DG Competition and DG Connect
The EU being not just a regional market but also an important global market player and to this effect, the Commission highlights the importance of supporting the development of payment solutions with third countries. Payments across the EU’s external borders are slower, costly, opaque and complex. The objective therefore is to have faster and more efficient payments systems set up with third countries. The Commission aims to help this by supporting the use of payment standards such as ISO 20022 and SEPA-like initiatives across the globe.
Friday, 9 October 2020
Wednesday, 7 October 2020
In addition to the new Action Plan on Capital Markets Union (see our report here), on the very same day, the 24 September 2020, the EU Commission also presented its Digital Finance Package. This very board package consists of: 1) the Digital Finance Strategy; 2) the Retail Payments Strategy; 3) the legislative proposal for an EU regulatory framework for digital operational resilience and 4) the legislative proposals for crypto-assets.
The package aims to improve Europe's global competitiveness in financial services and products provision not only by boosting consumer choice but also by ensuring consumer protection and financial stability. With the coronavirus pandemic and the rise in the use of digital services more than before, these sorts of initiatives from the Commission are more than welcome. Embracing digital innovation should not only create consumer choice, but also widen access to financial services for consumers, increase business opportunities for firms, especially SMEs, and thus facilitate Europe’s economic recovery.
The package is complex and far reaching. The strategies are necessarily general providing high level overall strategic aims, but some of the legislative proposals are concrete and ground-breaking. Most importantly, the package of proposals has been drafted based on careful consultation and intensive cooperation with business stakeholders and consumer advocates through public consultations and the innovative Digital Finance Outreach programme of DG FISMA over the summer (on which we reported here) that enabled anyone interested to get involved in shaping the solutions. DG FISMA continues its public approach, it is now holding biweekly seminars on the Digital Finance Package and these are open for attendance for anyone interested (see here). The first seminar focused on the Digital Finance Strategy, and thus this post will follow the same route, and the other elements of the Digital Finance Package are going to be covered after the Commission's events (so every 2 weeks).
The first and broadest element of the Digital Finance Package is the Digital Finance Strategy. It provides for the overall strategic objective to embrace digital innovation and the ways in which the more concrete proposals and the existing legislative framework fits within the picture. As the Commission rightly states: 'The future of finance is digital: consumers and businesses are more and more accessing financial services digitally, innovative market participants are deploying new technologies, and existing business models are changing.' To reflect this the strategy is focused around four key priority areas:
1) Tackle fragmentation in the Digital Single Market: this is the most general aim that intended to enable consumers to access financial services and products fully remotely.
To this effect, on the one hand, the strategy recognizes that the key to achieving this is the fitness of onboarding process (the recruitment of new customers) for digital age for which a crucial element is the interoperability of digital identities. Digital identification of customers remotely will be enabled with a review of the current regulatory framework provided by Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transaction. In addition to securing a framework for the development and use of digital identities, this regulation should also enable data sharing between providers to facilitate the advantages of open finance. Taking identification fully online also requires the strengthening of the anti-money laundering and terrorism financing legislation.
The other aspect of having access to digital financial services and product is passporting of firms. Passporting enables consumers and businesses to have access to cross-border services provided by firms established and supervised in another Member State in line with commonly agreed rules. Although passporting currently may work for mainstream providers, it does not seem to work well for fintech companies that comprise the bulk of the digital finance ecosystem. To overcome this, the Commission is planning a one-stop-shop licensing system for these firms that combined with passporting rules should help their operation throughout the EU. In addition, special passporting rules for areas of particular interest such as crowdfunding are also being considered. Finally, the Commission proposed the establishment of a new EU Digital Finance Platform to facilitate cooperation and communication between firms and supervisory authorities.
2) Adapt the EU regulatory framework to facilitates digital innovation: this aim relates to the creation and the review of the existing regulatory framework to fit the requirements of digital age. Within this aim, the EU Commission presented a legislative proposal on crypto-assets and placed as a strategic aim for a technology-neutral regulatory framework. It also pledges for clarifying the supervisory standards on the application of this legislative framework to artificial intelligence applications.
3) Create a European financial data space to facilitate data driven innovation: this dimension is connected to the European strategy for data and aims to facilitate access to data and data sharing within the EU, creating broader access to public and private data and real time data sharing. As part of these efforts, the Commission aims to set up a common financial data space through a number of more specific measures: promote innovative IT tools to promote supervision and promote business to business data sharing in EU financial sector and beyond. It is important to note that this open finance initiative is not going follow the UK's approach in mandating data sharing for firms (see our report here). Participation will be voluntary. The Commission will therefore propose legislation on a broader open finance framework that will build on the upcoming initiative focusing on data access, including the upcoming Data Act, and the Digital Services Act. Finally, the Commission is also reviewing its competition approach and the upcoming review of PSD2 is also going to be part of this framework.
4) Address new challenges and risks that come with digital innovation: with this aim, the EU Commission aims to work on future-proofing EU prudential and conduct supervision and regulation that should be fit to address both traditional firms as well as new entrants, especially technology companies that are increasingly present on financial markets. The objective will be proportionate regulation and supervision, based on the principle of “same activity, same risk, same rules” and pay particular attention to the risks of significant operators.
Monday, 28 September 2020
On the 24th of September, the European Commission revealed its new plans for the Capital Markets Union (here and here). With the post-coronavirus recovery in mind, the European Commission suggested a 16-point Action Plan. The Action Plan highlights the struggles that many businesses face in order to stay solvent in the medium and long term. When it comes to consumers, the new Action Plan intends to increase consumer choice regarding savings and investments, which involves better information and better overall protection. The European Commission also makes the case for market-based pension systems, in order to meet ‘the challenges posed by Europe’s ageing population’.
In particular, the Action Plan highlights that while Europe has one of the highest saving rates in the world, the level of individual investment remains low. In order to increase individual investment, the EU Commission promises to increase trust in capital markets by improving financial literacy. Additionally, the Action Plan highlights the importance of harmonizing disclosure duties on investment products so as to increase comparability of similar products that are currently covered by different legislation. In this sense, the Commission promises to assess whether it can introduce a requirement for Member States to promote educational measures in relation to responsible and long-term investing. Understandable information also plays a central role in the Commission’s plan of attracting more individual investors. In particular, the Commission stresses that although there are already duties in place that impose the disclosure of financial information, the documents produced under those rules are considered ‘long, complex, difficult to understand, misleading and inconsistent’. Additionally, these documents may result in information overload. In this context, the Commission distinguishes between the sophisticated investor – who does not need as much information – and the inexperienced investor – who needs more information. The Commission commits to looking into the applicable legislation and amend it so as to guarantee that consumers receive ‘clear and comparable product information’.
Additionally, the Commission promises to improve the regime applicable to retail investment, to guarantee that an individual investor benefits from, among other aspects, bias-free advice. The importance of transparent information and bias-free financial advice cannot be understated. Financial advisers must be obliged to disclose their own interest in the sale of a given financial product. As BEUC also highlights here, biased financial advice has resulted in considerable financial losses to consumers all over Europe in recent years (see, for example, the case of Banco Espírito Santo in Portugal). In this regard, the Commission acknowledges financial advisors’ role as gatekeepers of the financial system. As a specific point of action, the Commission promises to work towards the harmonization of the threshold of professional qualification of financial advisors, in order to increase consumers’ trust in their advice.
Thursday, 24 September 2020
Earlier this week the Court of Justice delivered its judgment in joined cases C-724/18 and C-727/18 Cali Apartments concerning the requirements imposed on Airbnb hosts by the French authorities. The judgment largely follows the opinion of Advocate General Bobek, on which we reported several months ago. Like the AG, the Court seems ready to accept a variety of restrictions, including the most controversial "offset requirement", as compatible with EU law - with certain caveats. The judgment is both detailed and technical, and comes out in favour of evidence-based decision-making, which may pose a challenge to the national courts. Meanwhile, legislative works on the so-called Digital Services Act are ongoing, in which the sharing of platform data with the local authorities is one of the contentious topics.
Background of the case
The case revolves around a number of restrictions imposed by the French law on the property owners wishing to let apartments for short periods to a transient clientele which does not take up residence there (hereafter simply 'tourists'). Most notably, in municipalities with more than 200 000 inhabitants, in order to change the use of residential premises to the one set out above, prior authorisation is required. Detailed conditions for obtaining such an authorisation are laid down at the local level and may include offset requirements in the form of a conversion of non-residential premises into housing. The appellants, who were sanctioned for letting their Parisian properties to tourists in violation of national and local rules, argued that the relevant requirements were contrary to Directive 2006/123/EC on services in the internal market.
Judgment of the Court
Scope of Directive 2006/123 and the notion of 'authorisation schemes'
Before moving to the key questions concerning the compatibility of contested national rules with the harmonised liberalisation framework, the Court first analysed whether they are subject to the Services Directive at all and if so, to which of its provisions. This part of the judgment is rather brief and essentially confirms the act's broad scope and recalls the distinction between authorisations and other requirements.
- Not surprisingly, according to the Court, an activity consisting in the repeated short-term letting, for remuneration, of furnished accommodation to tourists is covered by the concept of 'service' within the meaning of Article 4(1) of Directive 2006/123 (paras. 32-34).
- The Court further found that national norms targeting such an activity are not excluded from the scope of the Services Directive; in particular, they do not fall under the "rules concerning the development or use of land [and] town and country planning" referred to in recital 9 of Directive 2006/123 (see paras. 40-44).
- Finally, the Court confirmed that legislation requiring persons wishing to provide services mentioned above to obtain a formal decision from a competent
authority, enabling them to access and to exercise service activity, constitutes an 'authorisation scheme' within the meaning of Article 4(6) of Directive 2006/123 (paras. 51-52).
As for the case for establishing an authorisation scheme in the first place, the Court recognized that the objective of "dealing with the worsening conditions for access to housing and the exacerbation of tensions on the property markets [...] to protect owners and tenants, and to increase the supply of housing while maintaining balanced land use" constitutes an overriding reason relating to the public interest referred to in Article 9(1)(b) of the Services Directive (paras. 65-68). The Court further found that a scheme of ex ante authorisations, such as the one considered in the main proceedings, could be both suitable and proportionate to the objective pursued. In reaching this conclusion, the Court underlined the importance of economic data showing the gravity of the problem in the areas covered by relevant legislation (cf. paras. 69, 73).
A similar reasoning can be observed in the subsequent part of the judgment, concerned with the specific criteria for granting authorisations. To recall, pursuant to Article 10(1) of the Services Directive, authorisation schemes shall be based on criteria which preclude the competent authorities from exercising their power of assessment in an arbitrary manner. Paragraph 2 states, among others, that the criteria shall be non-discriminatory, justified by an overriding reason relating to the public interest and proportionate to that public interest objective, not unlike in the previously discussed Article 9. In this more specific context, however, the role of "studies and other objective analyses" of the local conditions appears to be considered even more important (cf. para. 88). Particular attention is drawn to the proportionality of the offset requirement as a condition of relevant authorisation schemes. Overall, in the case at issue, the Court considered such requirement to be potentially in line with the Services Directive, without, however, giving national authorities a carte blanche in this regard.
- Note, among others, the importance attached by the Court to the fact that the local authorities, chosing to impose an offset requirement in the case at issue, were supposedly required to ensure that, firstly, the requirement was strictly relevant to the specific situation of individual neighbourhoods or districts and that, secondly, the same was true for required quantum of the offsetting (e.g. para. 83).
- Another aspect highlighted in the judgment is the compatibility of the offset requirement with the exercise of services activities [of letting apartments to tourists], which appears to be somewhat intransparent way of saying that conditions of the scheme should not discourage such activities entirely (paras. 91-94).
The above suggests that establishing compliance of the offset requirements with the principle of proportionality in the Services Directive is all but black-and-white and requires considerable expertise on the part of national courts.
Other criteria for granting authorisations (Article 10 cont'd)
The last part of the judgment engages with the remaining conditions laid down in Article 10(2), namely unambiguity, objectivity, prior publicity, transparency and accessibility. Also in this respect, the Court provides a number of reference points, which national courts use to uphold authorisation schemes before them, without, again, providing them with unlimited discretion. It is highlighted, among others, that:
- the fact that relevant terms (such as 'repeated short-term letting of furnished accommodation to a transient clientele which does not take up residence there') are not defined using numeric thresholds does not, in itself, affect the requirements of clarity, non-ambiguity and objectivity (para. 98) → the terms should nonetheless be clarified in a way that prevents doubt as to the scope of the conditions and obligations, so that the concepts are not applied arbitrarily (para. 99-100);
- the fact the delegation of the power from the national to the local level is focused on the objectives which the local authorities must take into consideration cannot, in principle, lead to a finding that those conditions are insufficiently clear and objective → in so far as reference is also made to the objective factors on the basis of which the granting conditions are to be determined (paras. 102-103);
- the fact that the conditions for granting authorisations and the quantum of the offsets are to be determined by the municipal councils of individual municipalities does not, in itself, affect the transparency, accessibility and prior publicity requirements → what matters is rather whether all owners wishing to let furnished accommodation to tourists are in a position to familiarise themselves with the conditions for granting authorisations, before committing to activities in question. More specifically, the Court found that the publication of the minutes of municipal council meetings in the town hall and on a website is sufficient to meet the prior publicity, transparency and accessibility requirements → in so far as it effectively enables any interested person to be informed immediately of the existence of legislation likely to affect access to, or the exercise of, the activity concerned (paras. 104-107).
Overall, even though the judgment has reportedly been welcomed by the advocates of a stronger grip on platform-based activities, including by the mayor of Paris, it requires national courts to carry out a complex assessment of multiple criteria and does not give Member States an unconditional license to regulate services provided via platforms. The question remains: will national courts rise to the challenge?