CJEU in Fashion ID (C-40/17): some consequences of embedding social plugins

Yesterday, the CJEU published its judgment in Fashion ID, a case concerning mainly the notion of "controller" under EU data protection law.

The facts of the case are relatively simple: Fashion ID had placed a "like" button on its website which was connected to Facebook. What Fashion ID's customers may not realise is that - even if they did not use it - the button's presence meant that information concerning them was being transmitted to Facebook. In the proceedings it was uncontested that this information qualified as personal data.

Verbraucherzentrale NRW, a consumer association, brought an injunction against Fashion ID demanding that it abandon such practice. The question whether Fashion ID has any obligations in connection with the data processing - including the duty to inform consumers that their data are being collected and/or require their consent - depends on whether the website is to be considered a data controller.

The referring court doubted whether this is the case since the website operator has no control over the processing of the data transmitted to the plugin provider (para 37).

The Court, in essence, answered that the operator of the website acts as a controller, and is thus responsible for informing the consumer or collecting their consent, insofar as the collection of information and transmission to Facebook is concerned. In particular concerning the collection of the user's consent, the court highlighted that it would not be in line with efficient and timely protection of the subject's rights if the consent would be given only to the second controller, which is involved at a later stage (para 102). Even more strongly, when a customer is not a Facebook user, their data will be processed by the social media operator without them having any direct connection to the latter- which makes the responsibility of the other provider all the greater (para 83).

However, the website operator is not responsible vis à vis the data subjects for any other uses that Facebook itself will make of the data, nor for collecting their consent in that respect (para 102).

While the website has no control on the use of the transmitted data, the purpose of such collection is in part related to the website's benefit as it allows better promotion of its products (para 77-81).

As concerns the collection of data without the subject's consent - ie data that is necessary for the pursuit of a legitimate interest - the court importantly clarified that where both the website and the provider of the social plugin are controllers, they must both be pursuing a legitimate interest for the ground of processing to apply (para 96).

The decision interprets relevant provisions in the "old" Data pProtection directive, which has meanwhile been replaced by the GDPR - but the concepts that it deals with have been kept in the Regulation, so the decision can be transposed to the new rules.

Quite unsurprisingly, the Court rejected Fashion ID's claim that consumer associations would not be entitled to bring any claims under data protection rules - while article 80(2) of the GDPR quite

famously invites MS to set collective enforcement mechanisms, nothing in the previous directive, which only contained general indications on enforcement, can be seen to stand in the way of Member States allowing consumer associations to bring such claims (see in particular paras 57-62).

The Court seems to be aware of the potentially high-profile nature of this case and has accompanied the publication of its decision with a press release. 

Consequences of sub-optimal re-routing - CJEU in Rusu (C-354/18)

The Court of Justice came out of its summer break yesterday and published a judgment in the case Rusu (C-354/18), further clarifying the application of Regulation No 261/2004 on air passenger rights.

Mr and Mrs Rusu were supposed to fly with Blue Air airlines from Romania to the UK, but they were denied boarding due to a last minute change of an operating aircraft, which resulted in fewer seats and overbooking. They have then been re-routed on another flight, which only took place 5 days later. Blue Air first offered the passengers a free flight ticket as compensation, which offer has been rejected as not fully compensating their loss. Subsequently, they have been offered compensation from Regulation No 261/2004 - 400 Euro each. As the passengers experienced loss that was not covered by this amount of compensation, they filed a claim for further compensation to be paid out to them. This was to cover both material damages - having lost part of their earnings as they were not able to report to work on agreed time - and non-material damages - loss from having experienced a threat of being fired from their job. Blue Air claimed that further compensation should not be awarded to the passengers, as they have agreed to the proposed offer of re-routing, without explicitly emphasising the need to be re-routed on an earlier date, perhaps by another air carrier.

As a reminder, Art. 7(1) Regulation No 261/2004 awards passengers a right to compensation, which has been determined in CJEU's case law and scholarship to compensate passengers for the standardised loss of time (amount of compensation is dependant on the distance of the flight) (para. 30). Additional individual losses may be compensated further based on the provisions of national law, on the basis of Art. 12(1) of this Regulation, which provision also allows national courts to deduct the amount of compensation paid out pursuant to Art. 7(1) from the compensation awarded pursuant to Art. 12(1).

The CJEU indicates explicitly that the loss of earnings by the passengers is a clear example of an individualised loss, which is not covered by the standardised amount of compensation pursuant to Art. 7 Regulation (para. 32-34) and thus can be recovered on the basis of Art 12. It is then up to national courts to determine the individual damage, as well as whether the national requirements for recovering it have been fulfilled (para. 40). Whether the national court decides to deduct from it the amount of compensation paid out pursuant to Art. 7 of the Regulation is left to them to decide on the basis of applicable national or other international law, as well, as Art. 12(1) 2nd sentence provides for such a possibility but not an obligation of deduction (para. 44).

As the operating air carrier raised an issue of the passengers not explicitly emphasising the need to reach their destination as soon as possible, by the best/fastest re-routing possible, the CJEU also considered the scope of air carriers' obligations related to arranging the re-routing on the basis of Art. 8(1) Regulation No 261/2004. The CJEU highlights that this provision places the obligation on the operating air carrier not only to provide the passenger with the choice of reimbursement of their flight tickets or re-routing, but also with all appropriate information to make the choice between these options (para. 53-55). It is, therefore, not expected that the air passengers would actively seek any of the information that the operating air carrier is supposed to provide - e.g. on best re-routing options. As Art. 8(1)(b) of the Regulation requires that the re-routing takes place at the earliest possibility, it is up to the operating air carrier to prove that the proposal made by them to passengers complied with this requirement (para. 61). When putting together a re-routing proposal the air carrier should clearly  consider whether the re-routing proposal would transport passengers under similar conditions and at the earliest possibility based on its own resources, or whether it would require a help of another air carrier, in appropriate circumstances, depending on their available seats (para. 60).

Whilst the Regulation No 261/2004 does not place an obligation on operating air carriers to use services of other air carriers to find best re-routing options for their passengers, the CJEU clarifies that if they choose not to do so, they have to be prepared to pay damages under national law. The scope of these damages and under what conditions they will be awarded will differ amongst the Member States then.

Commission guidance note on Unfair Terms Directive

The European Commission adopted today a guidance note on unfair contract terms. It is intended to ensure that consumer associations and legal practitioners, including judges, will be better equipped to protect EU consumers from unfair contract terms. The guidance note is based on the case law of the EU Court of Justice on Directive 93/13. As a complement to the guidance note, European businesses organisations have drawn up recommendations on how mandatory consumer information as well as terms and conditions can be presented to consumers in a more user-friendly and transparent way.
Both initiatives follow up on the REFIT Fitness Check of EU consumer and marketing law, as announced in the Commission’s Communication on a New Deal for Consumers.

Source: https://www.pubaffairsbruxelles.eu/fighting-unfair-contract-terms-commission-issues-guidance-to-better-protect-consumers-eu-commission-press/ 

Connecting fligts come with air passengers rights - CJEU in České aerolinie (C-502/18)

Last Thursday, on July 11th, the CJEU published the judgment in the case České aerolinie (C-502/18) further interpreting provisions of Regulation No 261/2004 on compensation due in case of a delay of one of the connecting flights. Here, the uncertainty arose from the fact that whilst passengers booked flights from Prague (Czech Republic) to Bangkok (Thailand), they had a connection in Abu Dhabi (UAE), and only the flight Prague-Abu Dhabi was performed by the European air carrier (České aerolinie). The flight Abu Dhabi-Bangkok was operated by Etihad Airways (code-share agreement) and it is that second flight, which was delayed (488 minutes). The question was whether České aerolinie remained responsible for paying air passengers compensation in such a case.

The CJEU recalls its previous findings: that connecting flights subject to a single reservation should be seen as a whole for the purposes of Regulation No 261/2004 (para. 16); that delay at the final destination entitles passengers to compensation from Art. 7(1) Regulation No 261/2004 (para. 19); that it is the operating air carrier who has to pay the compensation (para. 20); that as the connecting flights are perceived as a whole unit, the air carrier operating the first of the connecting flights should bear the responsibility for the improper performance of the second one, even if another air carrier operated the latter (paras. 27, 29); that the air carrier who pays out compensation to passengers may seek recourse from third parties pursuant to Art. 13 Regulation No 261/2004 (para. 31).

This judgment reiterates, therefore, previously established rules. However, the clarification provided by it is important for practice: as European air carriers will not be able to escape liability for flight cancellations and delays by hiding behind code-share agreements with other non-European airlines.

Online traders may choose how to communicate with consumers - CJEU in Amazon EU (C-649/17)

On July 10, the CJEU supported AG Pitruzzella's opinion (Online chats...) in the case Amazon EU (C-649/17) that Article 6 of the Consumer Rights Directive does not place on distance selling traders an obligation to set up the means of communication specified in that provision (phone line, fax, e-mail). Such an interpretation could disproportionately burden especially small businesses (para. 48). Instead, this provision just specifies that the means of communication, which a given trader chooses, should facilitate quick and effective contact with consumers (para. 46).

Who covers for insolvent package tour organisers? States, not air carriers - CJEU in HQ and Others (C-163/18)

Today the CJEU issued a judgment in the case HQ and Others (C-163/18), which we previously discussed as the Aegean Airlines case (Avoiding double claims at all cost...). The CJEU followed the argumentation presented by AG Saugmandsgaard Øe and decided that as long as passengers have a right to claim a reimbursement of their air tickets' costs from a package tour organiser pursuant to the national rules implementing Package Travel Directive, they are prohibited from claiming such costs from an air carrier, as well. Irrespective of whether they are actually able to obtain actual compensation. 

This is a very literal interpretation of Article 8(2) Regulation 261/2004 (para. 31), which aims to prevent double compensation claims from being raised by passengers (para. 34). However, this interpretation does not help consumers in a situation like in the given case, where the package tour organiser is insolvent and the consumer is left without a recourse. The CJEU indicates that where the package tour organiser did not ensure sufficient insolvency protection pursuant to Article 7 Package Travel Directive, this provision has been improperly implemented and applied in a given Member State (paras. 41-42) and the passenger may claim his damages from the Member State under State liability rules (para. 43). The burden is placed, therefore, on passengers to continue with their search for justice.

CJEU in Kirschstein: the scope of UCPD is broad, but not infinite

Earlier today the Court of Justice delivered its judgment in a very interesting case C-393/17 Kirschstein. As reported in our earlier post on the opinion of Advocate-General, the case concerned the application of the Unfair Commercial Practices and the Services Directives in the sector of higher education. In the judgment issued today the Court agreed with the Advocate-General that the national requirement, according to which only accredited higher education establishments may award certain degrees, does not contradict the analysed directives. The part of Court's reasoning on the UCPD, however, clearly deviates from the arguments of AG Bobek. 

Facts of the case

The defendants were running a higher education institution which organised study programmes, upon the completion of which master's degrees were awarded, despite the lack of an accreditation. The Public Prosecution Service considered this practice to be in breach of Belgian law and initiated legal proceedings. The defendants argued that national legislation criminalising the act of conferring ‘master’s’ degrees, without having obtained the authorisation required for that purpose, was contrary to Directives 2005/29 and 2006/123.

Unfair Commercial Practices Directive

The questions referred by the national court are framed very generally and it is not entirely clear which part of the UCPD is considered to potentially preclude the contested national rules. The most likely argument seems to relate to the UCPD's black list. Indeed, from Plus Warenhandelsgesellschaft onwards, the Court of Justice has consistently found that national prohibitions, which pursue the objectives relating to consumer protection and are not included in the Annex I to the Directive, do not comply with the UCPD.  

The Court, however, did not even get to that stage and focused on the UCPD scope. It recalled the definition of a commercial practice, covering any act, omission, course of conduct or representation, commercial communication including advertising and marketing, by a trader, directly connected with the promotion, sale or supply of a product (including services) to consumers (Article 2(d)). However, unlike Advocate-General, who focused on the question whether the provision of higher education qualifies as a service or not, the Court directed its attention towards the aspects of service provision, which fall within the scope of the UCPD. More specifically, according to the Court, a distinction must be made between commercial practices which are closely linked to a commercial transaction involving a product (promotion and sale or supply) and the product (service) itself (para. 42). As a result, a national rule which aims to determine which operators are authorised to provide a service in a commercial transaction, without directly regulating the practices which that operator may subsequently implement to promote or "dispose of the sales of that service", does not qualify as a commercial practice within the meaning of Directive 2005/29 (para. 45). By "disposing of the sales of services" the Court appears to mean "putting into practice the marketing of a service" (following the Dutch version), i.e. the act of supplying the service as such. From this it follows that the UCPD does not apply to national legislation at issue in the main proceedings.

Services Directive

The second part of the judgment, one involving the interpretation of Services Directive, appears to be more aligned with the Advocate-General's opinion (even though again no references are made to the opinion). Similarly to the AG, the Court found that educational services in question can be regarded as neither non-economic services of general interest (Article 2(2)(a)), nor activities which are connected with the exercise of official authority (Article 2(2)(i)), and thus cannot be excluded en bloc from the scope of Directive 2006/123. It then went on to assess whether the authorisation scheme established by national law was compatible with requirements set out in Articles 9 and 10 of Services Directive. According to the Court the analysed framework did not seem to have a discriminatory nature, was justified by an overriding reason relating to the public interest (ensuring a high level of higher education and protecting the recipients of services) and pursued that objective with appropriate means, thus complied with Article 9 of the Directive. As regards Article 10, the Court established that the preliminary reference did not contain sufficient information about the conditions of the authorisation scheme and left the relevant assessment to the national court. 

Concluding thought

Case C-393/17 Kirschstein shows that services in higher education sector are not, by their very nature, excluded from the scope of either UCPD, or Services Directive. However, the judgment delivered today also underlines that not all national rules restricting the provisions of services must be analysed under UCPD. When it comes to the conditions imposed on the service as such - here: determination of the operators authorised to provide such a service - it is Services Directive that provides the relevant benchmark, not the UCPD. In making that distinction the Court put a limit to the overly expansive interpretation of the consequences of the UCPD's black list and brought the focus of the discussion back where it belongs.

Recent developments in online content moderation

The discussion about the role of platform operators in content moderation is perhaps as old as online intermediaries themselves. Since the very beginning it involved a delicate balance between conflicting considerations: eg how to protect the freedom of expression, the freedom to conduct a business and the right to an effective remedy while ensuring that intellectual property and personality rights are safeguarded and harmful content does not thrive. The solution established by Articles 14 and 15 of the E-Commerce Directive has continuously been put into test (for the latest installment in the CJEU case law series, see C-18/18 Glawischnig-Piesczek). The approach of choice of the outgoing European Commission has been to keep the legal framework intact for the time being, while pursuing a set of non-legislative initiatives such as recommendations and codes of conduct (eg on hate speech and online disinformation). 

Screenshot of Facebook website

This did not hinder national stakeholders from taking further action. In particular, in 2017 the German lawmaker came up with a new law - the so-called Network Enforcement Act (NetzDG), which imposed a legal obligation on the operators of social media platforms to take down illegal content within the set time limits and report the number of complaints. The act came into force in January 2018 and it has just shown its teeth for the first time: with a 2 million euro fine imposed on Facebook. Interestingly, the decision of the Federal Office of Justice (Bundesamt für Justiz) does not concern the failure of the platform operator to remove illegal content, but rather its alleged non-compliance with transparency duties. According to the German enforcer, the option for making a complaint under NetzDG was harder to find on Facebook than an option for complaining that a post violated the platform’s "community standards". Time will tell whether the decision holds in the appeal proceedings.

Meanwhile, allegations against insufficient blocking and reporting are not the only problems faced by the online platforms these days. Two ongoing legal proceedings in Poland offer an illustrative counterexample. In 2016 a case was brought against Facebook by the president of an association Reduta Dobrego Imienia (Polish League against Defamation) against an alleged overblocking of right-wing content. More recently, Facebook was yet again sued by a Polish NGO whose content was blocked by the platform operator, this time from the opposite side of the social-political spectrum. The dispute in SIN v. Facebook concerns the blocking of a site providing reliable information about the use of psychoactive substances; not to support their consumption, but as part of a harm reduction strategy. The cases are still pending, the big news so far is the in both cases Polish courts recognized their jurisdiction on the basis of Article 7(2) Regulation 1215/2012.

When CJEU case law travels from Spain to Slovenia: C-407/18 Addiko Bank

What happens when a Slovenian court asks the EU Court of Justice a question to which the answer should already clearly follow from previous case law on Directive 93/13? Then the Advocate General might not give an Opinion, but in Case C-407/18 Kuhar v Addiko Bank the Court provides a concise overview of its case law pertaining to, in particular, Spain and Poland, and explains what this means for Slovenia. Thus, the Court seems to understand what the referring court was looking for: back-up for its interpretation of Slovenian procedural law.

To readers of this blog, the case will look familiar: it reminds us of e.g. Banesto, Aziz, Profi Credit Polska and PKO Bank Polski. The CJEU also refers to Banco Popular Español, ERSTE Bank Hungary and Finanmadrid. What these cases have in common with Addiko Bank, is that they all concern the (limited) role of the court in expedited debt-collection procedures, i.e. mortgage enforcement or order-for-payment proceedings. The court only performs a formalities check and cannot assess the merits of the claim. It is the debtor who must initiate a contentious debate by challenging the claim or opposing the enforcement, and it is the (consumer-)debtor who must apply for a declaration of nullity of allegedly unfair contract terms and/or the loan agreement. The court cannot review unfair terms ex officio, and the enforcement is not automatically suspended. As the CJEU recalls, there is a real risk that consumers are unaware of their rights, especially if they do not receive legal aid and lack the financial means for legal representation. In Slovenia, an additional problem is that (consumer-)debtors must provide security for the payment of the debt when they apply for suspension of the enforcement. For a summary of the restrictive procedural conditions at issue, see para 50 of the judgment.

In paras 53-63, the CJEU elaborates why the constellation of procedural rules runs counter to the effectiveness of the Unfair Contract Terms Directive. The link with the Directive is that the mortgage loan agreement at hand appeared to contain an unfair foreign currency clause. In the enforcement proceedings, however, the emphasis was on the debtors' duty to meet their payment obligations rather than the question whether the enforcement was based on unfair terms. Whilst notaries can have a "preventive" role in respect of unfair terms in mortgage loan agreements and notarial deeds, the right of consumers to effective judicial protection must be observed by giving them the opportunity to exercise their rights under reasonable procedural conditions, in particular in respect to time-limits and costs. The mere existence of a means of recourse is not sufficient, as the Slovenian rules at issue show. If there is no ex officio control of unfair terms in the enforcement proceedings, and unfair terms control only takes place at a later stage, consumers will only be protected ex post. Financial compensation will not prevent the loss of their family home.

The Court does not only provide a synthesis of its case law on effective judicial protection in the context of the UCTD; it also discusses Slovenian procedural law in detail. Apparently, the Spanish and Polish cases (still) do not give enough guidance as to what level of procedural protection is required in light of the Directive. What happens in Spain, stays in Spain, and is not 'translated' to other jurisdictions - certainly not Slovenia, and as Padraic Kenna has pointed out, not in Ireland either. The CJEU has repeatedly urged national courts to apply their national laws in such a way as to ensure the full effect of the Directive (reiterated in paras 65-66 of the judgment), but Addiko Bank demonstrates this may not happen without CJEU back-up. The CJEU's case law must 'travel' from Spain and Poland to Slovenia first. Hopefully, the judgment will signal once again that effective judicial protection requires a genuine opportunity for consumers to exercise their rights, not a mere formality; and that the CJEU's case law on unfair terms control (ex officio) in mortgage enforcement proceedings transcends specific EU Member States.