Invalid consent and illegal sharing of sensitive data - € 6.5 million fine imposed by the Norwegian DPA on Grindr LLC

It would seem that quite strict requirements have been indicated in the General Data Protection Regulation in relation to consent as a legal basis for personal data processing. But even clear-cut conditions (indeed - not always easy to meet) will not force or encourage data controllers to adopt fully compliant practices, especially when the commercial interests are at stake. This time under scrutiny was Grindr - the world’s largest dating app for LGBTQ+ community. Last week the Norwegian Data Protection Authority imposed approximately € 6.5 million fine for several GDPR breaches. 

The main problem concerned the consent mechanism employed in the application. Grindr implemented a model where a user was only asked whether he or she „Cancel” or „Accept” the privacy policy while registering. If the „Cancel” button was chosen, the data subject could not use the app. What is more, users were not asked separately if they wanted to consent to the sharing of their personal data with Grindr’s partners for marketing purposes. They were forced to accept the policy in its entirety in order to use the app - a classical "take it or leave it" situation. And besides, the length of the privacy policy and the variety of information contained therein made it even more difficult to get acquainted with all relevant issues and make a "freely given, specific, informed and unambiguous" agreement to the processing (see: Art. 4(11) of the GDPR). Therefore in the DPA’s view Grindr did not collect valid consent:

"Where the controller has several different purposes for processing personal data, and it does not allow for separate consents to be given, there is a lack of freedom and control for the data subject. If the data subject cannot identify and opt in to the processing purposes for which the data subject wishes to give his or her consent […] there is no genuine free choice or control."(See: pp.17-18 of the decision). 

The DPA underlined also that in the case at hand the provision of behavioural advertisement was not an essential part of the service, and definitely was not the reason why data subjects used the app. Therefore user’s consent cannot be regarded as „freely given”, even if - as Grindr argued - data subjects were informed how to opt-out from data sharing with third parties. However, according to the GDPR, consent should take the form of a statement or a clear affirmative action. There is no doubt that opt-out model does not fulfill this condition. 

The last but not least, in the EU it is generally forbidden to process special categories of data, so called „sensitive data”. Information on sexual orientation is considered as sensitive (as indicated in Article 9(1) of the GDPR) and as such it enjoys a higher standard of protection. In order to process sensitive data a controller must rely on one of the legal basis stipulated in Article 9(2) of the GDPR. Since Grindr did not collect the consents for processing lawfully, it could not lawfully share the data. 

It is not the first and certainly not the last case where the consent mechanism turns out to be far from exemplary. Just for the record - the issue of consent validity in the context of cookies was examined, inter alia, by the Court of Justice in the Planet49 case (C-673/17; reported on this blog here). Despite clear rules referring to the consent as a legal basis for processing, many controllers still look for new ways to optimize the process of obtaining user consents. Some of them accept, consciously or not, to collect consents not necessarily in a manner consistent with the GDPR. Others try to mislead data subjects by showing in their privacy policies or cookie banners, usually in the first information layer, that there is no consent for processing of personal data by default, while in fact the processing takes place on the basis of the legitimate interests of the controller. What other practices will emerge in the future? We do not know yet, but will keep an eye on them.

To a HEALTHY 2022 - CJEU in Pro Reuchfrei (C-370/20) on tobacco labelling

This is another year when we are likely to wish each other staying in good health throughout year 2022. Interestingly, on December 9 CJEU issued a judgment in a Pro Reuchfrei case (C-370/20), pertaining to the labelling of cigarettes, which as we know is strictly regulated in order to protect consumer health.

Certain automatic vending machines for cigarette packets in use in German supermarkets did not clearly present these packets to consumers. This meant that whilst the buttons on the machine identified various brands, their geographical representation, etc, they did not display the health warnings which are mandated for cigarette packets themselves. As the selected by consumer cigarette packet would be directed immediately to the checkout conveyor belt, consumers may not get it in their hands until after they had paid for the product.

It is Directive 2014/40/EU that requires a clear display of health warnings on cigarette packets. Its Article 8(8) also requires that all 'images of unit packets' must display such health warnings. In this judgment the CJEU finds that following the everyday meaning of the word 'image', this requirement is not limited to the faithful depictions of unit packets of tobacco products (para 24). Also when consumers associate a design with the tobacco product, due to its proportions, colour, outline and brand logo, it would fall within the scope of this provision (para 31). It is for the referring national court though to determine, whether the images of cigarette brands displayed on the selection buttons of the automatic vending machines constituted such images. ... The discretion awarded to national courts seems illusionary, however, as it is difficult to see how this could not be the case.

Even if the consumer had a chance to see the health warnings on the packet of cigarettes before purchasing it, e.g. if the packet was handed out to consumers prior to the purchase being made, this would not make the display of an 'image of unit packets' without health warnings compliant with the Directive (para 36).

This is an interesting case on labelling requirements and the feasibility to broadly interpret a notion of an 'image', which may come in handy in other case law on the transparency of visual information notices.

(Not)Dashing through the snow - AG Athanasios Rantos on delayed flights in United Airlines (C-561/20)

On December 9, AG Athanasios Rantos issued an opinion in the case United Airlines (C-561/20), which concerned interpretation of Articles 5 and 7 of Regulation 261/2004 on air passenger rights. This is another case concerning a delayed connecting flight, through which airlines try to limit their obligation to pay out compensation, pursuant to the rules of the Regulation, to passengers affected by such a delay.

In this particular case, passengers were travelling from Brussels (Belgium) to San José International airport (the US) via Newark International (the US). One reservation was made for these flights with the Community air carrier, German Lufthansa. However, both flights were operated by United Airlines, a non-Community carrier. Due to a technical defect of a plane, the second connecting flight was delayed.

United Airlines refused to pay compensation, invoking the fact that the delay occurred during the second leg of the air travel, during a flight from an airport in the US to another airport in the US, and that they were not a Community carrier.  

Unsurprisingly, following the previous case law of the CJEU (e.g. Wegener, C-537/17, see more here, and Ceske aerolinie, C-502-18, see more here), AG Athanasios Rantos finds that passengers are due compensation, as when the delay occurs in connected flights is irrelevant, as long as one reservation has been made for the flights, which if treated as one unit fall within the scope of application of the Regulation. The slight difference in this case is that the passengers want to claim compensation from a non-Community air carrier, however, AG Athanasios Rantos does not consider this an issue, following the non-contested fact that United Airlines was an operating air carrier on these flights (para 52).

Three new guidance notices for Christmas

The European Commission has been busy in the past months and this resulted, amongst other things, in a publication of three new guidance notices, respectively concerning the interpretation of the Unfair Commercial Practices Directive, Consumer Rights Directive and Price Indication Directive. It will take some time to go through the hundreds of pages provided in these documents, but it is good to see that at a glance many of the current questions that the digitalisation raises are being tackled (such as personalised pricing, influencer marketing), as well as that there are some paragraphs on consumer protection (UCPD) dealing with the environmental claims.

All three documents may be found here.

Consumer organisations may bring proceedings to defend collective interests of consumers based on the GDPR, if national law so states: AG opinion in C-319/20, Facebook Ireland

Yesterday the Advocate-General Richard de la Tour delivered his opinion in case C-319/20, Facebook Ireland, considering whether consumer organisations can have a standing to bring judicial proceedings against infringements of the General Data Protection Regulation 2016/679, independently of actual infringements of data subjects' rights. Arguably, the importance of the case goes beyond the procedural dimension it involves (not least due to Directive 2020/1828 on representative actions which elaborates on the enforcement framework, including for the GDPR). In the expert report published by BEUC earlier this year, the case was highlighted as a possible "game changer" concerning the relation between consumer and data protection law (see also: New study on consumer protection in the digital age...). The direction of the AG's opinion is likely to be welcomed in the consumer protection community.

Facts of the case

The case involves a number of data processing practices identified by the German federation of consumer organisations (vzvb) on the Facebook platform back in 2012. Most notably, the federation argued that information about the processing of personal data in connection with third-party apps available in Facebook's App Centre failed to meet the appliable requirements. German courts generally agreed that the vzvb had a point on the merits. However, following the entry into force of the GDPR a doubt was raised if the federation continued to have standing in cases that involved violations of data subjects' rights, independently of specific infringements.

Opinion of the AG 

Standing of consumer organisations

The problem sounds familiar? That's because it is. A similar question was considered by the CJEU in 2019, in the context of the previously applicable Data Protection Directive (FashionID case). Back then the Court rejected an argument that consumer organisations should not be entitled to bring claims under data protection rules. According to the AG, this has not changed after the entry into force of the GDPR; quite the contrary, the regulation explicitly provides for collective redress and nothing in Article 80(2) of the act implies that an organisation can only bring proceedings if particular persons affected by the processing have been identified.

The conclusion reached by the AG in respect of the GDPR appears to be well-founded. The reasoning relies on both literal, systematic and teleological interpretation. The AG refers both to the definition of parties entitled to bring representative actions under Article 80 of the GDPR. According to the AG, that definition extends to "all entities which pursue an objective in the public interest that is connected with the protection of personal data", which also applies to consumer protection associations (para. 61). As regards further conditions for bringing representative actions, the AG found it sufficient for an entity to demonstrate "an infringement of the provisions of Regulation 2016/679 designed to protect the subjective rights of data subjects", without the necessity to verify if the rights of one or more specific persons have been infringed (para. 63). In addition, arguments concerning the effectiveness of the GDPR, its consistency with Directive 2020/1828, and a high level of protection of personal data have been cited.

Two broader points

Aside from the above, two further aspects of the opinion merit attention. Firstly, the AG considers the "particular characteristics" of the GDPR as a regulation and connects it to discussions on full harmonisation. The AG notes that while the GDPR "seems, at first sight, to tend towards full harmonisation ... the truth is more complex" (paras. 50-51). According to the AG:

"[T]he legal basis of Regulation 2016/679, namely Article 16 TFEU, precludes the view that in adopting that regulation the European Union would have pre-empted all the ramifications which the protection of personal data may have in other areas relating, in particular, to employment law, competition law or even consumer law, by depriving Member States of the possibility of adopting specific rules in those areas, more or less independently, depending on whether the area in question is governed by EU law. In that sense, although the protection of personal data is by nature cross-sectoral, the harmonisation implemented by Regulation 2016/679 is limited to the aspects specifically covered by that regulation in that area. Apart from those aspects, the Member States remain free to legislate, provided that they do not undermine the content and the objectives of that regulation." (para. 51)

One can wonder to what extent the above finding depends on the legal basis chosen. This is particularly important in the context of the ongoing legislative developments at EU level which equally take form of regulations, but are also based on Article 114 TFUE. A prominent case in point is the proposed Artificial Intelligence Act and the more recent proposal on political targeting. Arguably, doubts about the Member States' discretion can best be resolved by way of careful drafting that makes adequate use of 'opening clauses'.

Secondly, the opinion touches upon the broader relationship between consumer and data protection law. The AG admits that "unlike ... in the United States of America, in EU law the regulations relating to unfair commercial practices and those relating to the protection of personal data have developed separately" and "are thus the subject of different regulatory frameworks" (para. 79). The opinion further observes that unlike EU consumer law, the GDPR "is not based on a consumerist concept of the protection of natural persons in relation to the processing of personal data, but on the concept that that protection is ... a fundamental right" (para 82). A number of important connections between consumer and data protection law are nonetheless recognized, as illustrated below:

"[T]here is some interaction between the two areas, so that actions falling within the framework of the regulations relating to the protection of personal data may, at the same time and indirectly, contribute to putting an end to an unfair commercial practice. The opposite is also true." (para. 80)  

"[I]n the age of the digital economy, data subjects often have the capacity of consumers. It is for that reason that the rules designed to protect consumers are often relied on to ensure that consumers are protected against a processing of their personal data that is contrary to the provisions of Regulation 2016/679." (para. 83)

and finally

[T]here may be an overlap between the representative action provided for in Article 80(2) of Regulation 2016/679 and that provided for in Directive 2020/1828 in order to obtain injunctive relief when ‘data subjects’, within the meaning of that regulation, also have the capacity of ‘consumer’, within the meaning of Article 3(1) of that directive. I see there the sign of complementarity and convergence of the law relating to the protection of personal data with other areas of law, such as consumer law and competition law. With the adoption of that directive, the EU legislature went even further and expressly linked the protection of the collective interests of consumers with compliance with Regulation 2016/679. The effective application of the rules contained in that regulation cannot but be strengthened as a result." (para. 83)

Concluding thought

Overall, the AG not only speaks out in favour of consumer organisations' standing in cases involving data protection violations, but also supports a close relationship between consumer and data protection law. Arguably, both fields can also be aligned conceptually and, indeed, complement each other in the attainment of a high level of consumer and data protection. A judgment endorsing the AG's point of view would thus be very welcome.

Transparent language of consumer credit contracts - CJEU in A. S.A. (C-212/20)

makabera at Pixabay

On November 18, the CJEU issued a judgment in the Polish case A. S.A. (C-212/20), which once again inquired as to what exactly Polish consumers would need to prove to claim unfairness of a term in a credit contract indexed to Swiss francs, and as to consequences of finding such a term unfair. Consumers in a given case signed a statement, when concluding the mortgage contract, that they were aware of the risks of indexing their credit to a foreign currency. Further, the statement mentioned that consumers were informed about their credit rates being determined in a foreign currency, but needing to be paid back in PLN (Polish zlotys) pursuant to the rules in the attached bank regulation.

The contested provisions of the bank regulation refer to the way in which the indexation in the foreign currency should be calculated, which could be interpreted in more than one ways. Further, the national court inquired as to the feasibility of placing on banks an expectation to precisely determine how the credit rates should be paid back (and following which indexation mechanisms for a foreign currency), when a credit contract is concluded for 40 years and these mechanisms are likely to keep on changing (para 25). The national court asked whether it could look for a common intention of the parties as to the calculation of the credit rates to determine the precise effect of the indexation clause (para 26).

The judgment in this case unsurprisingly reiterates previously mentioned key points that courts should follow when interpreting consumer credit contracts and assessing their terms' fairness: 1) transparency is crucial; 2) courts may not interfere to alleviate the consequences of unfairness for the banks.

Ad 1)

The court clarifies first that the current case does not pertain to core terms, which means that the consumer credit terms needed to be transparent pursuant to Article 5 UCTD (which de facto is not much different than transparency requirement of Article 4(2) UCTD - see again para 38). The CJEU reiterates the most recent requirement for the national court to interpret and apply transparency requirements broadly (from BNP Paribas judgment, see here) (paras 41-42). An average consumer needs to understand the specific functioning of the calculation method of the interest rate to be able to assess on the basis of unambiguous and comprehensible criteria potentially significantly adverse economic consequences for consumers' financial obligations (para 42). The CJEU generally agrees that a credit contract concluded for 40 years may hinder the lender in foreseeing all the possible financial consequences which the indexation mechanism may lead to (para 51). However, this should not excuse the lender not specifying all the criteria used to determine the interest rate (para 53), which here seemed to be left unsaid (paras 46-48). The consumer may not know exactly how much they will need to pay at which point of time in the future, but they should know exactly how at any one point of time that interest rate will be calculated (paras 53-54). This would protect consumers against their information asymmetries.

Ad 2)

The CJEU reiterates that non-transparency of a standard term is one of the elements that courts should consider in the unfairness test (para 58). However, the Court does not doubt the unfairness of a term that prevents consumers from estimating the scope of their financial obligations under a credit contract (para 64). Further, the national courts continue to have to refrain from supplementing unfair contractual provisions in a way that would give them effect by eliminating the unfair element (paras 67-68). That prohibition applies even if the interpretation by the national court of the standard term attempted to give effect to the shared understanding of the clause by the parties.

European Data Protection authorities speak up on targeted advertisement

 Dear readers, 

this is a teaching-intensive autumn across European universities - with all the excitement, uncertainty and overall strains of being mostly back in class after over a year of mostly living room lecturing. 

This, however, should not mean that we let crucial developments go unnoticed: last week, in fact, the European Data Protection Board (EDPB) has issued its most resolved opinion yet on the matter of privacy and behavioural tracking. Cookies, in other words - a staple not only of many people's secret kitchen stashes but also of equally elusive locations on our devices. 

The occasion for issuing this opinion is commenting on the Commission's Digital Services Act, which according to the Board should be brought more clearly in line with data protection rules. Couched among guidelines and standpoints on a number of highly salient issues - from counterterrorism to face recognition AI - the EDBP has called for 

1) considering a phase-out of targeted ads based on "pervasive tracking";

2) in any event, prohibiting targeted ads addressed at children.   

The opinion does not expand on the reasons for such standpoint, but mainly refers to previous positions  contained in comments on the DSA by the European Data Protection Supervisor (EDPS) and the European Parliament. In fact, criticism of the current rules' focus on informed consent has been around at least for the better part of the past decade (see for a classic Frederik Borgesius). 

The European data protection board is composed of representatives from the national data protection authorities. As a collective body mirroring positions in the Member States, its position can perhaps have more sway than the occasionally more principled stances of the EDPS. 

Reflecting on EU (package) travel law in 2021: travel platforms in a regulatory blind spot?

The EU legislature has been pushing for the harmonisation of consumer protection in the travel sector for several decades now. The entire process has progressed in a piecemeal fashion, with a focus on selected transport services as well as package tours. Typically, after putting in place a set of common norms in one area, the EU would shift its attention to another, trying to build upon prior experience while also addressing new issues. Over time, discrepancies between harmonised norms across the different areas would become apparent and discussions would centre on the needed revisions. The Court has also remained quite busy responding to the questions posed by referring courts, especially in the field of air transport. References made in relation to other transport modes and package travel have been more limited, but not without importance, as the recent judgment in Kuoni Travel shows (see: Somber CJEU case on package travel...).

By contrast, travel services not covered by the main strand of regulatory debate (i.e. not qualifying as transport by air, rail, bus or coach, or as a package tour) have long escaped EU attention, partly for competence reasons. This has slightly changed when online travel platforms, such as Booking.com, Airbnb and Uber, entered the scene. First, the new Package Travel Directive of 2015 promised to take account of the ongoing developments in online travel markets. Second, in 2016 the European Commission adopted its agenda on collaborative economy, highlighting, among others, the associated challenges for consumer protection. Five years later, however, the EU law continues to have little to offer to consumers who plan their trips via online travel platforms. The 2015 Package Travel Directive (PTD) and its concept of linked travel arrangements (LTAs)* appears to complicate the regulatory landscape without bringing significant value to consumers, and travel platforms are only marginally affected (and some of them not at all - like Uber) by the recent work streams on consumer protection and online platforms. Finally, the impact of COVID-19 pandemic on EU travel law is yet to be seen, but a renewed focus on the well-established fields of EU travel law seems likely. 

Report on the Package Travel Directive

To get an idea of the current EU position on travel law it is worth taking a look at the Commission's report on the application of Package Travel Directive published earlier this year. The report is already several months old but remains worthy of attention, as it reflects the Commission's appraisal of the existing acquis and reveals the directions of future regulation.

 

Different services and consumer protection norms

The report begins with some illustrative stats. It notes that "in 2017, packages represented around 9% of all tourism trips of EU27 residents and had a share of around 21% of the total tourism expenditure." More recent numbers are not provided and even those given are not put into perspective, e.g. taking into account the corresponding shares of various stand-alone services and related trends.

To its credit, the report does recognize that the concept of a 'linked travel arrangement' and its distinction from a 'package' are somewhat problematic. In particular, with regard to 'click-through bookings' it seems very difficult to establish whether a package, an LTA or none of them was concluded. As the Commission admits:

"A travel service provider who, after completion of a booking, transfers the traveller’s name, payment details and e-mail address to another trader with whom a second service is booked within 24 hours of the confirmation of the first booking, is the organiser of a package and hence liable for the performance of both services. If one of those data elements is not transferred, the first trader facilitates a LTA and is only liable for the performance of its own service, provided the second booking happens within 24 hours. If it happens later, the PTD is not applicable at all" (p. 6). [Of course, there is also no LTA where the contract conclusion was facilitated for just one travel service, e.g. transport or accommodation. - AJ]

The report further points out that concerns have been raised as to what kind of obligations should be placed on the traders facilitating LTAs. These, for the time being, concern primarily insolvency protection and pre-contractual information. As regards the latter, several industry stakeholders argued that the information LTA facilitators are required to provide "could be considered confusing and deterrent, as travellers are primarily informed that they do not benefit from rights applying to packages" (p. 7). The Commission responded that it "was precisely the aim of this information requirement to draw the attention of consumers to the different level of protection offered by packages as opposed to LTAs and thus give them an informed choice between the two models." It is likely that a similar logic applied to the information duty which was recently added in Article 6a of the Consumer Rights Directive (CRD), concerning a different standard of protection in business-to-consumer (B2C) and peer-to-peer (P2P) contracts concluded via online marketplaces.  

Prima facie, the above regulatory approach seems reasonable, leaving consumers a variety of options at hand while providing them with information about relevant differences. However, on a closer look information duties in neither PTD (on LTAs), nor CRD (on the supplier's status) truly bring added value to consumers in online travel markets. In the Package Travel Directive, a choice is offered between broadly similar products (in both cases a combination of at least two travel services) with a key difference pertaining to the level of protection. That's fair enough, but in reality consumers may prefer to choose particular travel services at different points in time or from different providers, which is precisely what online platforms make possible. For this (arguably growing) group of consumers the choice between a higher and a lower level of protection is not available. Moreover, the recently amended Consumer Rights Directive could suggest that the level of consumer protection offered by EU law is higher in case of B2C contracts for stand-alone travel services as compared to P2P transactions. On a closer look, however, also this is does not really hold true. When we delve deeper into stand-alone travel services offered by businesses and by peer providers via online platforms (thus, e.g. excluding air or rail transport, for which P2P markets do not exist), we find that the protection offered to the consumers of those services by the EU acquis is almost non-existent, regardless of the supplier's status. Elsewhere in the report the Commission recognizes that a question remains open whether harmonised norms for linked travel arrangements should not be broadened, e.g. so as to also cover liability for the performance of relevant services and not only insolvency and information. Traders facilitating the conclusion of contracts for stand-alone travel services as well as individual providers of such services, however, are left out of the picture. As for the latter, one could think that the EU may not want to enter into the business or regulating small providers. These, nonetheless, can already be covered by the provisions of package travel law, as the commented report explicitly acknowledges (p. 5). Overall, the discussion about the scope of EU travel law and the corresponding role of package travel framework has not moved any further through the cited report.

Thomas Cook bankruptcy and COVID-19 pandemic

While reflection on the scope of the PTD, and EU travel law more generally, contained in the report falls short of expectations, the opposite is true for the extensive sections devoted to the impacts of Thomas Cook bankruptcy and the COVID-19 pandemic on the package travel sector. The analysis of both events is solid and contains valuable insights. For example, the Commission admits that the burden of Thomas Cook bankruptcy has been shared by the various travel guarantee funds and insurance companies, since the company continued to have insolvency protection in different Member States and did not rely on the PTD's mutual recognition mechanism. Nonetheless, the bankruptcy has not been without impact on the market for insolvency protection for package travel organisers and reportedly prompted a number of banks and insurance companies to pull out of the market. With this in mind, the report points to the need of new solutions to effectively protect travellers against the risk of insolvency, such as a "pan-EU guarantee fund as a kind of re-insurance for the first line guarantors" (p. 11). Moreover, following the disruptions caused by the COVID-19 pandemic, some stakeholders had argued that the protection of consumer refund claims should be extended beyond insolvency, and also cover termination due to unavoidable and extraordinary circumstances (p. 20-21). The Commission seems open to the idea and it seems, in general, that protection of the travellers in case of supplier's insolvency (in package travel and beyond) as well as, possibly, in case of major liquidity problems will be one of the upcoming goals for regulation. Indeed, it may be the lack of corresponding mechanisms that had led many travel service providers to withhold refund payments or to push consumers to accept vouchers instead of monetary refunds during the peak of COVID-19 crisis. The result of this was a serious mess, which consumer organisations are still working to clear up (see e.g. a recent press release by BEUC: Major airlines told to comply with passenger rights...).

Finally, the report can also be credited for drawing attention to characteristics of the value chains in the "travel ecosystem". For example, when discussing the possibility of limiting pre-payments and requiring travellers to pay only when they receive the service, possible negative impacts on suppliers' liquidity and ability to operate at scale are discussed. Moreover, a question has been raised whether suppliers of travel services (e.g. air transport) that are ultimately not provided to a given consumer following the latter's termination of a package travel contract should have a refund obligation towards the package organiser who reimbursed the traveller. Such an obligation is currently not in place, which - the report suggest - could lead to an unfair sharing of the burden among economic operators. Travel could therefore become another area in which B2B unfairness becomes a regulatory topic - after agriculture, food supply and online intermediation.

Concluding thought

 

The EU travel law is in need of rethinking. The current regulatory landscape looks like an increasingly complex patchwork, with some issues being addressed meticulously and other being resolved only at the surface. Admittedly, the analysis of well-established business models, such as package travel, is rich and detailed, yet the share of package tours in the overall travel sector pie is shrinking. While one can hardly imagine a field more fit for harmonisation, the EU approach to (online) travel markets remains fragmented. Clearly, the COVID-19 pandemic has surfaced challenges which we had previously not reckoned with and which now will need to be addressed. The Commission intends to do that as part of its upcoming analysis of EU package travel and transport law planned for 2022. It would be a waste of potential if stand-alone travel services and online travel platforms were to be kept, yet again, out of Commission's view.

 

* For a definition, see Article 3(5) PTD. Essentially an LTA means at least two different types of travel services purchased for the purpose of the same trip or holiday, not constituting a package, resulting in the conclusion of separate contracts with the individual travel service providers and facilitated by one trader in a specific way.

 

** The author carries out a research project on consumer protection in the collaborative economy, financed by the National Science Centre in Poland on the basis of decision no. DEC-2015/19/N/HS5/01557.

Rights of third party guarantors in payment services transactions - the CJEU in C-337/20 CRCAM

Last month the CJEU delivered another judgment on the interpretation of payment services rules. Case C-337/20 DM, LR v Casisse régionale de Crédit agricole mutuel (CRCAM)- Alpes-Provence tackles an interesting and highly important question of concurrent liability based on special and general legal rules.

Facts

CRCAM bank granted the company Groupe centrale automobile a current account credit facility guaranteed by joint and several security undertaken by LR. After terminating this credit facility, the bank ordered the guarantor to pay. The guarantor contended that by making transfers to third parties without authorization, the bank had breached its duties and the amount of those transfers should be deducted from its claim. 

The Cour d’appel considered the objection inadmissible. It held that in accordance with the Franch law implementing Directive 2007/64/EC (PSD1), the company had a 13-month period within which to contest the disputed transactions and since it failed to do so, the objection was precluded.

LR appealed and argued that not respecting the law that implemented PSD1 did not prevent the court to hold CRCAM liable for breaching their general duty of care provided for in the Civil Code.

Legal questions and rulings

The referring national court in the first place asked the CJEU whether the special provisions in Articles 58 and 60(1) of PSD1 as implemented into national law prevent courts to hold contracting parties accountable on the basis of other rules than those when some of the special rules had been breached?

The court ruled that special rules, in this case, those of PSD1 and its implementing legislation, get primacy over general rules of the Civil Code. The court first looked at the wording of the relevant provisions and concluded that they are clear; if the user failed to report to the payment service provider the unauthorized transaction within 13 months from the date of the transaction, liability of the payment service provider or compensation for the authorized transaction is no longer possible, neither based on special rules nor based on general rules. Secondly, the court looked at the context of the provision and highlighted its full harmonization nature, which means, that Member States cannot go beyond the said provisions of PSD1. This prohibition includes the utilization of more generally applicable rules of the Civil Code. Third, the court relied on teleological interpretation to support its ruling and concluded that alternative liability regimes should not contradict the harmonized liability regime established by PSD1. This would be contrary to legal certainty. Finally, the CJEU considered the background of PSD1 that also supported its conclusion.

Within the second question, the CJEU tackled the special situation that arose from a three-party relationship and the position of the guarantor. The CJEU held that the special, national provisions implementing PSD1 do not prevent the guarantor to rely on general civil law contractual liability of the payment service provider to challenge the amount of the guaranteed debt. In its reasoning, the court first emphasized that the special liability regime established via PSD1 only applies between the payment service user and the payment service provider (Art. 1(2) PSD1), or between 'payer' and 'payee' (Article 4.7 and 4.8 PSD1) without any reference to the guarantor. The contract of guarantee is thus not governed by PSD1 or indeed by any other EU law instrument. The court concluded that such contract continues to be subject to the rights and duties established under the applicable national law. Finally, the court noted that the liability regime provided by PSD1 is based on the balance between the two parties. The obligation to provide information (borne by the payment service provider) and the obligation to notify any authorized transaction within the period of 13 months (conferred on the payment service user). Thus, in order to trigger the liability of the payment service provider for any unauthorized transaction, the guarantor cannot benefit from the regime established by PSD1, it thus follows that the guarantor must have recourse to the possibilities provided for him/her under the applicable national law.

Our evaluation

Although this is not a typical consumer case, given that the main transaction was between two legal persons and the guarantor seems to have been the only consumer in the three-party relationship; the case nevertheless raises very interesting questions highly relevant for any contractual transaction, including consumer contracts. 

The first interesting aspect of the judgment is that it points to the unharmonized nature of guarantee contracts, contracts that are very relevant for modern financial services, and that are frequently sought for by banks when they provide loans.

The second relevant aspect of the judgment is that it contributes to craving out the relationship between lex generalis and lex specialis (in this case implemented EU legislation) confirming the supremacy or primacy of EU law over national law.  If we connect this case to C-303/20 Ultimo Portfolio Investment (see our report here) and C-686/19 Soho Group (access our report here) we can draw important conclusions. The message of the CJEU on the relationship between lex specialis and lex generalis seems to be that if the relevant EU law provision is one of a full harmonization, it gets primacy over national law and cannot be contradicted by traditional rules of eg. the civil code. However, as long as the provision is not of a full harmonization nature and the particular EU legal instrument is a directive, Member States can go beyond the directive and the relevant provision under scrutiny as long as the national law achieves the intended result pursued by the given directive. 

Where will the courts 'catch' mobile consumers?

As part of our effort to look back to last year and cover any cases that we might have missed at the height of the pandemic, the CJEU's order in case C-98/20 mBank S.A. v PA on Regulation 1215/2012 (Brussels I Recast) deserves a mention.   

The case involved the interpretation of Article 18(2) according to which '[p]roceedings may be brought against a consumer by the other party to the contract only in the courts of the Member State in which the consumer is domiciled,’ and raised the question of the time at which the consumer's domicile is to be determined. 

PA was a 'mobile' consumer who has concluded a consumer credit agreement with mBank in the Czech Republic where he/she was domiciled at the time when the contract was concluded, however, he/she subsequently moved and had her/his address in Slovak Republic at the time when mBank sued the consumer for payment default. 

The CJEU ruled that the concept of 'consumer's domicile must be interpreted as designating the consumer's domicile at the date on which the court action is brought. In justifying this approach the court looked at the literal interpretation of the provision that refers to ‘the Member State in which the consumer is domiciled (emphasis added)’; to requirements of legal certainty in situations where consumers could have changed their domicile even several times in the course of the given legal relationship and a similar solution offered by 1968 Brussels Convention. Importantly, the court also notes, this solution is consistent with the purpose of the special jurisdiction established for consumer contracts, that is, to protect the 'economically weaker and less experienced' party to the contract.

AG Saugmandsgaard Øe in EL and TP v Caixabank (C-385/20): Spanish restrictions on reimbursement of lawyer fees not against effectiveness

For those who have missed updates on impossibly complicated fact-rule patterns in UCTD adjudication, this month has offered a nice pick-me-up in the form of a new AG opinion on procedural rules and principle of effectiveness. Brace, brace for C-385/20: EL and TP v Caixabank!

The dispute in EL and TP v Caixabank concerns not so much unfair terms (the contract between the parties was found in national proceedings to be based on unfair currency terms and hence converted) but the consumer's ability to recover their legal expenses (lawyer fees) after having won an unfair terms case. 

In the case at stake, the claimants had sued Caixabank indicating that the entirety of the dispute was uncertain at start. For such cases, Spanish law has no specific provisions concerning the reimbursable fees; however, courts have concluded by analogy that the disputed amount can be put down to a fictitious lumpsum for the purpose of calculating lawyers fees - which can be, in turn, maximum 1/3rd of the overall value of the dispute. In the dispute underlying this case, the disputed amount had been automatically set at 30000 euros by the court and the reimbursable fees to 10000 euros - less than half of the fee due by the consumers to their lawyers. The entity of the dispute thus set could not later be challenged or altered at the consumer's request.

In essence, the referring court wants to know whether the working of the two rules, which ultimately mean that the consumers must bear a large part of their legal costs on their own despite having won the dispute is against Articles 6 and 7 of the Unfair Contract Terms Directive, requiring the consumer to be put in the same position where they would have been if unfair terms had never become part of the contract. 

The opinion answers two separate questions: whether it is against the effectiveness of Articles 6-7 UCTD that the value of a dispute is set at a certain lumpsum level and cannot be modified by the consumer; whether a rule that caps lawyer fees at a certain proportion of the value of the dispute may again be in breach of the same provisions. The Advocate General considers the arguments proposed by, in particular, the claimants and the European Commission - on one side - and the Polish and Spanish governments on the other side. Saugmandsgaard Øe is not particularly impressed by the Commission's submission that asking consumers to pay out-of-pocket lawyer fees would go against the principle of full compensation established in Gutierrez Naranjo: this principle, according to the AG (para 46) does not regulate the question of legal expenses; in this respect, the AG agrees with the Polish government's submission that some out-of-pocket expenses are allowed as long as they do not make it practically impossible for the consumer to pursue their rights. This may be controversial as such and may not hold well, I think, if the Court decides to answer the questions in a different order. Quite understandably, the AG further brushes off some purely national interpretive issues (see eg para 79) in respect of one of the questions, considering them essentially irrelevant to the purpose of answering the questions posed to the court. 

To both those questions, the AG gives a negative answer in principle: none of these rules are against the Directive insofar as, on the one hand, the lumpsum or otherwise established entity of the dispute ultimately approximates the value of the dispute to the consumer (the wording of the opinion is slightly different, but it seems to me that this is a more logical way of phrasing the condition), while on the other hand any existing cap must allow the consumer to obtain a reimbursement commensurate to the expenses that they had to face. 

In practice, both caveats suggest that the Spanish rules may have to be interpreted in a more consumer-friendly manner than some Spanish courts seem to do - however, the way in which the AG has formulated his opinion may lead some readers to interpret his guidance very differently. Whichever side the Court decided to take on this issue (it seems well possible that they may eg decide to rephrase the questions and answer them at once, looking at the cumulative impact of the rules rather than assessing them separately), it is to be hoped that the outcome will be formulated in slightly clearer terms. 

Energy price spike: Commission announces toolbox including consumer alleviation measures

Europe – like most of the world – sits in the middle of an energy crunch. Natural gas prices have gone up in the three digits (!) since 2020 and consumers are feeling the brunt: to give but an example, in the Netherlands several smaller companies have either informed their consumers that their monthly payments will have to go up considerably starting next January, or even have tried to terminate their fixed-term, fixed-price contracts in advance – to the point that the Consumer authority warned them that they do, in fact, need to comply with their contractual obligations (or go to court, one may add).

The spike in gas (and oil) prices has been mainly caused by the global production chains picking up again as the pandemic seems to have gone past its peak moment. For consumers, however, the origins of the phenomenon are less salient than its consequences on their ability to heat their homes this coming winter. Furthermore, energy anxiety in advanced and high-impact countries risk undermining the energy transition goals that have been set up in the past few years: suffice it to say that China has announced that its plans not to open new coal power plants will have to be reconsidered. 

Against this background, the Commission has announced this week a “toolbox” meant to guide Member States in the effort to soften the impact of this new crisis on consumers, and in particular vulnerable households who suffer or are exposed to energy poverty. While some elements in the toolbox are related to general energy policy and hence not so interesting to report on here, a few are worth mentioning, in particular:

•     Provide emergency income support for energy-poor consumers, for example through vouchers or partial bill payments, which can be supported with EU ETS revenues;
•       Authorise temporary deferrals of bill payments;
•       Put in place safeguards to avoid disconnections from the grid;
•       Provide temporary, targeted reductions in taxation rates for vulnerable households; 

The first measure seems to be inspired by actions recently taken in France, but also seems to mirror practice in the (formerly MS) UK. It goes without saying that this could be difficult for some MS to bear, especially after years of crisis in which the pandemic has already put a strain on public finances.  

Deferrals may be a more attractive option for public actors, but they may exacerbate problems for providers, some of which have – to take the UK’s example – already declared bankruptcy since last month.  

Safeguards against disconnections should be already part of the policy kit in this area. According to both the 2019 Electricity Directive and the Natural Gas Directive, Member States have the option to ban disconnections “at critical times” to protect vulnerable consumers. What these critical times are, however, is not defined, and neither is the notion of vulnerable consumers – which may or may not, according to the directive, refer to energy poverty.

The Commission’s communication emphasizes that in the long term, energy transition is the best insurance against price fluctuations on the fossil markets. This process, according to the Commission, should thus not be jeopardized by the current crisis. 

The toolbox has been positively received by BEUC; Member States, however, may or may not be receptive to the Commission’s push to put immediate relief centerstage, being divided on many points including the extent of the current threat for prices on their own as well as social cohesion. 

Reproducing copyright works in the cloud - do we need a new copyright levy?

Should authors and artists receive appropriate compensation when we store their works on a virtual disk such as a cloud? This question will be tackled by the Court of Justice in case between Austrian copyright collecting society Austro-Mechana and German company Strato AG which provides cloud services to its users (case C-433/20). Meanwhile, Advocate General Gerard Hogan has already issued his opinion in the case. 

Going into the details - the dispute mainly concerns the interpretation of Article 5(2)(b) of Directive 2001/29 on the harmonisation of certain aspects of copyright and related rights in the information society. As a rule, the exclusive right to authorise reproduction of protected works is vested in the rightholders, e.g. authors, performers, etc. However, this right may be restricted when the reproduction is done by a natural person for private use and not for direct or indirect commercial purposes. There is one condition - the copyright holders should receive fair compensation for this. Such compensation consists in so-called copyright levies, popular and introduced in many member states, which are included in the price of devices and media enabling reproduction of works, e.g. smartphones, tablets, computers, but also printers or blank media, such as CDs.

Many people nowadays use cloud services, storing various files there, including copyright-protected materials. The question is whether the exception provided for in Article 5(2)(b) of Directive 2001/29 also covers private copying of copyright-protected content by individuals in the  cloud? Since the provision uses the expression 'reproductions on any medium', does it concern only physical media or virtual as well? If so, should the rightholders receive appropriate compensation in such cases?

Replying to the first question, AG states that the provisions of Directive 2001/29 must be interpreted in a technologically neutral way in order to ensure that copyright protection in the EU does not become obsolete and out of date with technological progress and the emergence of new forms of exploitation of works. Nor does it appear that the EU lawmakers intended to limit the scope of the provision in question exclusively to physical media or carriers (para 35-36). Therefore, in the AG's view, the exception concerning reproduction on any medium also covers reproduction using cloud services.

On the other hand, answering the second question, he found that a copyright levy is not necessarily payable here. This is due to the fact that very often devices or carriers used for data transmission to the cloud are already subject to fees. AG emphasized that a fair compensation should be considered as a compensation that does not excessively or insufficiently compensate (para. 59). Thus, care must be taken not to disturb the balance between copyright holders and users by introducing new fees. After all, the purpose of setting copyright levies is to ensure that authors are not unduly harmed by the private reproduction of their works. Therefore, there is no need to introduce a separate fee for reproduction of a work by a natural person for private purposes using cloud services provided by a third party. The condition, however, is that the fees already charged for reprographic devices used to transmit files to the cloud must also reflect the harm caused to the rightholders by such reproduction (para 72). As he added, the rightholder may, nevertheless, try to show that the compensation obtained is inadequate in a given situation.

The long arm of Regulation 261/2004 - AG Saugmandsgaard Øe in Airhelp (C-451/20)

On October 6 also AG Saugmandsgaard Øe issued his opinion in another case pertaining to the interpretation of the provisions of Regulation 261/2004 on air passenger rights - Airhelp (C-451/20). We have previously commented on other cases concerning connecting flights, covered by one reservation, as often a question arises of the applicability of Regulation 261/2004 to these flights. The previous judgments concerned however connected flights were at least one of them took place outside the EU. Here, the passenger booked a flight with Austrian Airlines from Moldavia to their final destination in Thailand via Vienna. Thus, the operating air carrier was a Community carrier and each of the two flights within the reservation either arrived at or departed from a European airport. The original port of departure and the final destination were, however, outside the EU. Should Regulation 261/2004 apply?

AG Saugmandsgaard Øe believes - yes. He uses the literal interpretation of Article 3(1) Regulation 261/2004 to note that there is no limitation in the wording of this provision, which would demand looking for a European connection only with the first point of departure and final point of destination if connected flights were involved (para 30). Importantly, he also indicates that a different method of interpretation would expose some passengers to unequal treatment, as whether they would be entitled to the protection of Regulation 261/2004 could depend on whether their flight was a single flight or bought together with other flights (para 34). AG Saugmandsgaard Øe looks into the past case law, as well, drawing a paralell to the need to assure a high level of air passengers' protection, which requires a broad interpretation of the provisions of Regulation 261/2004. Thus if in the previous cases the Regulation was found to be applicable even if one of the connecting flights would, on its own, not be covered by it, it should then also apply if the connecting flights, separately, would have been covered by it, but if they were assessed as a one unit, the Regulation would not be applied (para 51).

Generally, this reasoning is appealing as it indeed satisfies the purpose that the Regulation 261/2004 aims to achieve and again looks to protecting passengers against different treatment in comparable conditions (which seems to be the ratio behind many judgments in this area). It does further extend the obligations of the operating air carriers, however.

The second question posed is less controversial, as it asked whether operating air carriers are liable pursuant to Regulation 261/2004 to pay out compensation for a delay of a flight that was arranged as an alternative travel arrangement, to relief them from that compensatory duty - pursuant to Article 5(1)(c)(iii) Regulation 261/2004. As that provision requires that the alternative flight reaches the final destination within 2 hours from the originally planned arrival time, a delay in meeting this timeframe leads to the air carrier not complying with this whole provision - and therefore, the need to pay compensation to the inconvenienced air passengers (para 70).

Strikes may spread, that's not extraordinary - CJEU in Eurowings (C-613/20)

Last week the CJEU confirmed again the strict and narrow interpretation of a 'strike' as an extraordinary circumstance that would allow airlines not to pay out compensation for cancelled or delayed flights. In the case Eurowings (C-613/12), the passenger's flight was cancelled due to a strike of the cabin crew of the operating air carrier. Eurowings tried to claim that they received a late notice about the strike pertaining also to their crews, as originally the notification mentioned only crews of Lufthansa as participating in that strike (Eurowings is a subsidiary of Lufthansa). Further, the strike was spontaneously extended and there was no reason for it, as Lufthansa gave in to the demands and announced pay rise on the day. Still, Eurowings showed they took mitigating measures and managed to arrange alternate flights for most of their traffic that day (para 10).

The CJEU first reminds that strike is inherent in the normal activity of air carriers, as this is an acceptable way for collective bargaining to manifest itself (para 20). It should also be expected that labour disputes could extend to different operating parts of a group of companies (para 23). The event was also not beyond the control of the operating air carrier, as the strike pertained to working conditions (which the air carrier may determine) and was announced (foreseeable event) (para 26). It should also be anticipated that employees of the subsidiary company may join such a strike in solidarity (para 27). The fact that the strike was unexpectedly extended is not decisive in considering whether it was within the air carrier's control (para 32). It could make such a strike unlawful, but that does not change its classification to an extraordinary event, as we found out in Krüsemann (see earlier Joint cases...).

This judgment heavily repeats previous reasoning in the case Airhelp, which we already commented on (Foreseeability...).

EDPB creates cookie banner taskforce

Last week European Data Protection Board (EDPB), which is a body that represents European data protection authorities (DPAs), decided to establish a cookie banner taskforce. Why? Because of 422 complaints filed with ten different DPAs by a non-profit organization None of Your Business (NOYB), founded by Max Schrems. Responding to all these complaints certainly requires coordinated action in order to ensure uniform application of GDPR across the EU, as well as to support DPAs and to facilitate communication between them. Hopefully, this will also accelerate national proceedings and provide better consumer protection in the context of cookies and data processing. 

Cookies and other tracking technologies have attracted the attention of some authorities in recent years. Some of them have adopted guidelines or FAQs (see for example Spanish DPA guidelines or French DPA guidelines and recommendations). The issue is important because in many cases the use of cookies is not in compliance with the GDPR, especially when it comes to providing information about them, collecting consent to data processing or allowing the withdrawal thereof. Not to mention that cookie banners can be annoying and rather discourage people from reading complex cookie policies. This is why NOYB analysed several thousand websites available in the EU to identify the most common breaches and then filed complaints where necessary. But firstly, letters notifying the infringements were sent directly to the site controllers. What’s interesting, based on NOYB statistics - 42% of all violations were remedied within 30 days. This is not a bad result, but certainly falls short of expectations. The most frequent violations include, inter alia: no option to reject cookies on the first layer, pre-ticked boxes, lack of possibility to withdraw consent as easily as it was given and using a deceptive contrast or color for the „reject button”. 

What do the violators say? According to an informal feedback that NOYB received, the companies usually fear that if they comply with the requirements they risk falling behind their competitors. Some of them also prefer to wait for a clear explanation from the DPAs before complying. 

In other words, the question remains the same - how to have your cake and eat it too? 

(No)Flight flurry - 3 opinions of AG Pikamäe on Regulation 261/2004

Yesterday, AG Priit Pikamäe issued three opinions related to the interpretation of various provisions of Regulation 261/2004 on air passenger rights: Airhelp (C-263/20), Corendon Airlines (C-395/20) and Corendon Airlines (joined cases C-146/20, C-188/20, C-196/20 and C-270/20).

 

 1. Airhelp - information about cancellation, confusion around email addresses used

 

In this case the question was whether passengers received information about a cancellation of their flight (the time of the departure was moved forward by more than 6 hours which should be perceived as a cancellation - see last point mentioned in this post) more than two weeks before the flight was scheduled. This would have released the operating air carrier from an obligation to pay compensation, pursuant to Article 5(1)(c) Regulation 261/2004. The air carrier claimed to have sent the notification in good time. The passengers claimed it did not reach them as instead of using their private email addresses, the air carrier used an email address generated by the booking platform for the purposes of that reservation having been made. When is the information on cancellation then properly communicated to passengers?

 

AG Pikamäe stresses the importance of placing the burden of proof on having communicated the information about the flight's cancellation on the air carrier (para 26). This means that they should not be able to rely on the presumption from the E-Commerce Directive (Art 11) that electronic communication reaches the recipient when it is retrievable by them, as that would reverse the burden of proof from Regulation 261/2004 which should be seen as lex specialis (para 28). Consequently, if the CJEU agrees with the opinion, air carriers will need to confirm that the information has reached air passengers in order to claim that it was effectively communicated.

 

2. Corendong Airlines (C-395/20) - postponement of a flight - delay or cancellation, coin toss?

 

This opinion of AG Pikamäe raises questions, as he tries to differentiate between the cancellation and a delay, when an air carrier postpones the flight, i.e. changes the time of the departure of an aircraft until later, but without further changing the itinerary and with maintaining the same aircraft (para 25). The opinion is a bit confusing. First, it seems AG Pikamäe suggests to classify such a situation as a delay, as long as there is no proof of the air carrier's intention to abandon the flight, but rather that they aim at temporarily suspending it (para 25). It is a novel suggestion to look at the subjective intention of the air carrier, which could actually increase the legal uncertainty for air passengers trying to identify their rights. That uncertainty is further increased by the second suggestion of AG Pikamäe, where he mentions that it could still be a cancellation if there was a 'significant' delay in the time of departure and if other circumstances pointed towards this (para 27). Commission's suggestion to focus on more objective elements to determine whether the flight was cancelled seems more passenger-friendly. The focus then would be e.g. on whether the change in departure time followed from a direct and planned action of the air carrier to change the departure time vs whether the change was not planned and not necessarily influenced by the carrier (then it would be a delay). The change in the timetable weeks before the departure time would have then indeed pointed towards cancellation rather than delay classification, if we followed the Commission's reasoning but not necessarily the AG's advice. 

 

3. Corendon Airlines (joined cases) - when do passengers have confirmed flight reservations?

 

When the travel is booked with a travel agency, it may occur that the flight times registered on the confirmation of such a reservation will not match the times of flights organised by the air carrier. One of the questions that arises is when should passengers rely on having a 'confirmed reservation', against which they could compare the actual travel times to determine any delays/cancellations occurring. AG Pikamäe considers the document stating that the travel reservation has been accepted by the travel agency (Reiseanmeldung) insufficient as a proof of a confirmed flight reservation. Only if that document would entitle the passengers to travel to a specific destination at a specific time could it be seen as a proof of a confirmed reservation and the intention of the carrier to be bound by the promises made in it. Informational documents, such as the acceptance of a travel reservation, do not have such a character (para 53). Especially if they indicate to the passengers that the flight times have only been estimated and require further confirmation (para 56).

 

However, if there is another proof of the confirmed reservation than a travel ticket, that other document may indicate scheduled travel times, on which the passengers may rely (para 79). Further, the fact that the travel agency did not notify the air carrier about making travel arrangements for the passengers prior to concluding contracts with them, does not hinder the recognition of an air carrier as an operating air carrier if they subsequently agree to transport such passengers (para 68). 

 

The next point of this opinion concerns qualification of a change in the planned time of departure to an earlier time. This has not been directly regulated in Regulation 261/2004 and AG Pikamäe differentiates it from a delay due to a different impact that such an action could have on passengers. A significant move forward of the planned time of departure should then be seen as a cancellation of a flight, due to the fact that the air carrier abandons its original travel plan (para 90). Moving the flight time forward always results from a decision of an air carrier to change the flight time (para 91) (which fits again with the Commission's point of view, as outlined above). AG gives an indication when the change should be considered as 'significant' - when a passenger who was taking proper actions to make the originally scheduled flight would not have managed to board the newly re-scheduled flight (para 99).

 

As moving the flight time forward does not relate to a delay, operating air carriers could not try to minimise the amount of compensation paid to passengers by claiming they minimised their delay in reaching their final destination, pursuant to Article 7(2) Regulation 261/2004 (para 112). What they could, however, achieve by moving the flight time forward is that this would be perceived as them offering the passengers a re-routing of a cancelled flight at the earliest opportunity, pursuant to Article 8(1)(b) Regulation 261/2004 (para 123).

 

Finally, the operating air carrier should provide passengers not only with the information on their rights as a result of a flight cancellation, but also with information on their name and address to which passengers could direct their claims, as well as the mention of any documents that they should attach to their claim (para 133).

CJEU case C-371/20 and the concept of ‘payment’ in the Unfair Commercial Practices Directive

Case C‑371/20 (here) deals with an interesting question that has been receiving increasing regulatory attention: whether the concept of ‘payment’ in consumer-related contracts covers only monetary consideration or whether other types of counter-performances can also be considered as ‘payment’. We have reported on this issue before (see here). However, the CJEU had so far not discussed this matter so directly, so this case is most welcome. This case concerns the Unfair Commercial Practices Directive, particularly point 11 of Annex I. Annex I of the Unfair Commercial Practices Directive contains a list of practices that are considered unfair in all circumstances. Point 11 of the Annex states that it is not allowed to use editorial content in the media to promote a product if the professional party has paid for that promotion and if that is not made clear to the consumer (known as an ‘advertorial’). In other words, it must be made clear that that editorial content is paid advertising.

The case concerns two competitors in the clothing retail business - Peek & Cloppenburg Düsseldorf and Peek & Cloppenburg Hamburg -, and the main issue at hand was whether to use editorial content as an advertising campaign was an unfair commercial practice. P&C Düsseldorf published a nationwide editorial campaign in a fashion magazine (Grazia magazine). In it, P&C Düsseldorf invited customers to a night of private shopping. The editorial content in question also displayed several images of goods to be sold on the night of the event. P&C Hamburg claimed that this practice was contrary to Point 11 of Annex I of the Unfair Commercial Practices Directive (and to the transposing German legislation) because P&C Düsseldorf used editorial content without disclosing that it had been paid for. The legal issue was therefore whether this campaign could be considered an ‘advertorial’ in the context of Point 11. The referring court’s doubt arose from that fact that, as argued by P&C Düsseldorf, no monetary sum was paid concerning the editorial content in question, as the costs of the event were to be shared between P&C Düsseldorf and the company that publishes the fashion magazine and the pictures used were provided by P&C Düsseldorf free of charge. In other words, P&C Düsseldorf argued that this was not an ad that was paid by them, which meant that it would fall outside the scope of Point 11 of Annex I. As a result, the referring court asked the CJEU whether in the context of the Unfair Commercial Practices Directive the terms ‘paid’ and ‘payment’ must necessarily involve a monetary sum in exchange for the editorial content or whether it also covers the supply of services or assets other than monetary performances. In this case, the pictures provided by P&C Düsseldorf without cost could be seen as non-cash consideration for the advertisement. Furthermore, in case the concept of ‘payment’ should be broadly interpreted, the referring court asked whether there is a payment where there is a joint promotional event intended to promote the sales of both organizing parties (in this case, P&C Düsseldorf and Grazia magazine).

In its reformulation of the referred question, the CJEU already hints at a delimitation of the concept of ‘payment’: in order to be considered ‘payment’, a counter-performance must entail an economic advantage to the party. When answering the questions, the CJEU explicitly took into account other language versions. In fact, it is interesting to note that while some language versions use explicit terms connected with a monetary sum (such as ‘paid for’ in the English version), other versions employ more neutral, broader terms (such as ‘financier’ in the French version). The CJEU clarified that, when interpreting EU law, the literal term only has indicative value since it is also necessary to take into account the context surrounding and the goals of the provision. The CJEU reminded that the goal of the Unfair Commercial Practice Directive is to achieve a high level of consumer protection, particularly when it comes to tackling the frequent information asymmetries between consumers and traders. The CJEU also highlighted that the goal of Point 11 of Annex I is to guarantee consumer protection and consumers’ confidence in the neutrality of the press. According to the CJEU, whether the payment of such editorial content is made through the provision of a monetary sum or through the provision of any other assets is irrelevant when it comes to achieving these goals. In that sense, the CJEU agreed with the Advocate-General and stated that interpreting the concept of ‘payment’ as meaning only the payment of a monetary sum would deprive this provision of effectiveness. This interpretation makes sense. In fact, as pointed out by the referring court, the goal of Point 11 of Annex I is to allow the consumer to identify the promotional character of a commercial practice. This seems to point towards a broad interpretation of the concept of ‘payment’.

Additionally, determining whether the performance at hand consisted of ‘payment’ (or of a performance that carried a benefit for the party) is for the national court to do. However, the CJEU stated that it is important to identify a link between the material benefit provided and the editorial content. In this case, the free provision of copyright protected images by P&C Düsseldorf to the fashion magazine can be considered as payment, since these images are an asset value directly related to the editorial content.

This interesting decision has implications for several other consumer law issues, such as the payment of products with personal data (which is the case mainly in digital content contracts, whereby consumers often acquire products or services apparently gratuitously but while agreeing to disclose unnecessary personal data in return) and influencer marketing (whereby social media ‘celebrities’ often advertise products or brands without making it clear to their followers that this is not a genuine opinion but a paid review). Interestingly, the CJEU referred to the ‘reality of journalistic and advertising practice’ and to how social media comments or posts that appear genuine but are actually hidden advertising or commercial practices are harmful to consumer confidence and competition law. A broad interpretation of the concept of ‘payment’ – not only under the Unfair Commercial Practices Directive but also under other EU consumer legislative instruments – is an important step towards adapting existing legislation to ever-changing digital business models.