C-526/24 Brillen Rottler: when does exercising your GDPR rights become abusive?

Have you ever tried to find out who is processing your data and exercised your right under Article 15 GDPR? It is a useful transparency tool for data subjects – who are in many circumstances consumers as well, for instance when subscribing to an online newsletter or creating an account with an e-commerce platform. Based on this right, you can obtain from a data controller (often a company in a B2C relationship) confirmation of whether your personal data are being processed, and if so – for whatpurposes, which categories of data, who has received access to them, etc. You can also request a copy of your data.

Some individuals, however, exercise this right not to verify the lawfulness of data processing, but to “provoke” a situation in which a refusal – or any procedural shortcoming – will trigger a compensation claim under Article 82 GDPR. This is precisely what the case C-526/24 Brillen Rottler GmbH & Co. KG v TC is about.

The facts are relatively simple: an individual subscribed to the newsletter of Brillen Rottler, a family-run optician company based in Arnsberg, Germany, by voluntarily entering his personal data on the company's website. Thirteen days later, he submitted a request for access to his personal data under Article 15 GDPR (paras. 12–14). Brillen Rottler refused to comply, arguing that the request was abusive, because press reports, blog posts and lawyers' newsletters showed that the individual systematically subscribed to newsletters from various companies, then submitted access requests and subsequently filed claims for compensation (para. 15). The data subject denied any abusive intent and claimed compensation of at least EUR 1,000 for non-material damage resulting from the refusal itself (para. 16).

Designed by Freepik

The Local Court of Arnsberg, before which the dispute was brought, referred several questions to the Court of Justice for a preliminary ruling (para. 20). In essence, it asked: first, can a first access request already be considered "excessive" within the meaning of Article 12(5) GDPR, and if so, under what conditions? Second, does the right to compensation under Article 82 GDPR extend to damage caused not by unlawful processing of data, but by a wrongful refusal to act on an access request? And third, can the causal link required under Article 82 be broken by the data subject's own conduct?

What did the CoJ find?

On the "excessive" first request (questions: 1-3, 7)

The Court confirmed that even a first access request – not just a series of repeated ones – may, in certain circumstances be regarded as "excessive" within the meaning of Article 12(5) GDPR, and thus refused. However, it stressed that this exception must be interpreted strictly. The concept of "excessive requests" is inherently exceptional, and there must be strict criteria for characterising a first request as such. Crucially, the burden of proving that excessiveness lies explicitly with the controller (para. 35). It is not enough to point to a pattern of behaviour visible in public sources – for instance, that the individual has submitted similar requests and claims to multiple controllers. Such information may be taken into account, but only if it is supported by other relevant material (para. 43). What is required is a combination of two elements: objective circumstances showing that "despite formal observance of the conditions laid down by the EU rules, the purpose of those rules has not been achieved"; and a subjective element "consisting in the intention of the data subject to obtain an advantage from the EU rules by artificially creating the conditions laid down for obtaining it" (para. 36).

In practical terms, the controller must demonstrate unequivocally that the access request was not made to become aware of, or verify the lawfulness of, the data processing, but solely to create a ground for compensation (para. 41). In making that assessment, the court should look at all circumstances of the case: did the data subject provide their data voluntarily and without any obligation? What was the purpose of doing so? How much time elapsed between the data submission and the access request? And how did the data subject behave throughout (para. 42)? 

On the scope of compensation under Article 82 GDPR (questions 5-6)

The second issue concerned a broader question: does Article 82(1) GDPR – which grants compensation for "damage resulting from an infringement" of the GDPR – cover situations where the damage stems not from the processing of personal data as such, but from a controller's wrongful refusal to respond to an access request?

The Court answered in the affirmative. It reasoned that many of the rights enshrined in Chapter III of the GDPR – including the right of access, rectification, erasure, restriction, and portability – by their very nature produce infringements through refusals to act, rather than through any particular act of processing (para. 51). If compensation under Article 82 were limited exclusively to damage caused by unlawful processing, the rights of data subjects laid down in Chapter III would be significantly weakened and the effectiveness of the provision undermined (para. 53). In other words, the Court opted for a broad interpretation of Article 82(1), consistent with its literal wording, which covers damage resulting from any "infringement of this Regulation" not merely from unlawful data processing as such.

On causation – and the data subject's own conduct (question 8)

The third and most practically significant finding concerns the causal link. Even where a GDPR infringement is established and damage is claimed, compensation is only available if the data subject demonstrates actual harm and a causal link between that harm and the infringement. That link is a condicio sine qua non of any claim under Article 82(1) (para. 66).

Critically, the Court held that the causal link may be broken by the data subject's own conduct – provided that conduct proves to be the determining cause of the damage (para. 65). Where a person has voluntarily provided their data to a controller with the specific aim of artificially creating the conditions for a compensation claim, the resulting loss of control over data or uncertainty as to their processing cannot be attributed to the controller. The data subject cannot then claim compensation for harm that was, in substance, the result of their own deliberate decision (para. 66).

Final remarks

The Brillen Rottler case is not a revolution. The Court builds on what it has already established in Österreichische Datenschutzbehörde (C-416/23), FT (C-307/22), and Österreichische Post (C-300/21), but takes it one step further. What is new is the clarity – a first access request can be abusive, the causal link in compensation claims can be broken by the data subject's own conduct, and Article 82(1) GDPR covers more than just unlawful processing. The CoJ tries to be fair to both sides – the data subjects and data controllers. 

It also comes at an interesting moment. In November 2025, the Commission published the Digital Omnibus proposal (COM(2025) 837 final), which among other things touches on the GDPR's right of access. Recital 35 of that proposal states that "the right of access, which is from the outset favourable to data subjects, should not be abused in the sense that the data subjects abuse them for purposes other than the protection of their data", and gives as an example a situation where "the data subject intends to cause the controller to refuse an access request, in order to subsequently demand the payment of compensation, potentially under the threat of bringing a claim for damages". The reformulated Article 14(5) of the GDPR (see Art. 4(4) of the proposal) would allow controllers to refuse requests that are "manifestly unfounded or excessive, in particular because of their repetitive character" - while keeping the burden of proof on the controller. The Court's reasoning and the Commission's proposal clearly point in the same direction. Whether the final legislation will look anything like the current draft is, of course, another question.

Commission opens official DSA investigation into SHEIN

 While the announced Digital Fairness Act proposal remains so far at the announcement stage, the last few months have brought to light the DSA's potential - if yet to be tested - to contribute to consumer protection beyond content moderation practices. In this sense, it particularly interesting that this month the European Commission has announced an official investigation into Shein's practices concerning several potential violations, namely:

- potential failure to limit the sale of illegal products, "including content which could constitute child sexual abuse material, such as child-like sex dolls";

- potential failure to monitor systemic risks linked to addictive design "including giving consumers points or rewards for engagement", and adequacy measures that Shein has in place in order to mitigate negative effects on "users' wellbeing and consumer protection"; and 

- potential failure to achieve sufficient transparency of the recommender systems in the platform. 

The press release does not provide a detailed legal basis for the specific elements, so we did this for you. 

First, illegal content. Under the DSA, platforms do not have to actively monitor for the presence of illegal content (article 6), but they have have several obligations that are triggered once a notice is filed (article 16 para 4,5,6), and they are assumed to be legally aware of the illegal content once a valid notice has been filed (art 16 para 3). The commission has previously asked Shein to provide information about how they manage their notice & action systems to counter illegal content and the investigation is meant to obtain further insight. 

"rewards for engagement" from couponfollow.com

Second, as concerns the systemic risks, the Commission's framing seems to leverage the understanding of "risk" (assessment, art 34 and mitigation, art 35) referred to in recitals 81 and 83, namely that of addictive features of a platform's design or exploitation of weaknesses, in particular when it comes to children. The gamification mechanisms mentioned in the investigation announcement may structurally encourage consumers to over-spend or just spend more time in the app that normal usage would require. 

Finally, the Commission wants to know more about how Shein informs consumers about the criteria according to which product presentation is organised and selection is ranked. According to art 27 DSA, this information can be provided in the platforms T&Cs *but* "when several options are available" users must be given the a directly and easily accessible option to choose among these alternatives. The Commission here also indicates that users should be provided with *at least one easily accessible option that is not based on profiling* for each recommender system. This requirement does not follow directly from the DSA but seems in line with the requirements for consent under the GDPR (as it seems unlikely that a webshop would be able to rely on a different legal basis for the profiling). 

We do not know how long this investigation will take - the press release makes it clear that the Commission doesn't want to commit to a specific timeline. Of course, the outcome in this file may have broader implications for DSA enforcement and consumer protection, so we will be following (and sharing) any developments with great interest!

Dutch court upholds Fortnite fine for UCPD violations

 While the "Digital Fairness Act" may or may not become a thing in the near future, it is interesting to see how regulators have started to perhaps gain more confidence in the enforcement of existing rules in the digital context. A most recent example comes from a Dutch decision published today in Epic Game's case against the Dutch Authority for Consumer and Market's decision to fine the Fortnite producer for a number of prohibited practices embedded in the game. 

According to the ACM, Epic Games exposed children to advertisements which directly exhorted them to buy a product (a banned practice under the UCPD's annex) and put them under pressure to decide about a complex and unclear offer within a short time (para 1 decision).

Epic Games had earlier accepted parts of the ACM's decision, in so far as it concerned timers in the Item Shop that created the false impression that an item or offer may soon run out or disappear. They challenged, however, 1) the existence of exhortation to purchase directed at children, as well as 2) the ACM's claim that the game's Item Shop was designed in such a way to create artificial scarcity, putting players under pressure to decide within a short period of time whether to buy certain items. 

As to the first point, this hinged on the interpretation of the text in the annex. From the judgment it appears that Epic Games wanted the District Court to decide on the ACM's assumption that "children" in the UCPD's annex covers all minors, which was challenged on the basis that it failed to differentiate between young children and older teenagers. The court considers that this distinction may matter for the amount of the fine but not for the question of whether the finding of an infringement was justified and hence declines to examine the issue in detail since Epic Games has not challenged the entity of the fine. Even without a detailed examination, this element in the decision may in fact embolden authorities, which have found it tricky to claim that practices constituted direct exhortation to buy directed at children whenever a product was not exclusively marketed to very small children. There was otherwise relatively little in the decision that tried to suggest that the practices at stake (see picture, from decision) did not constitute direct exhortation to purchase.

As to the second point, the ACM (see decision para 17 and sub-paras) was relying not on a direct prohibition but on a savvy reading of the general prohibition of unfair practices which go against "professional diligence" and distort the average consumer's decision making (art 5 UCPD). In this respect, the Court says, the ACM has understood professional diligence through "the principles and international rules on ethical design such as transparency and the avoidance of damaging or misleading design". The ACM also claims that professional diligence requires abstaining from exploiting behavioural pitfalls of consumers through so-called "dark patterns".  In particular, lack of transparency about the offer was due to a mix of several elements:  items potentially disappearing from the item shop, lack of information about the items' significance within the game and their rarity (which all connected to their price), all combined with time pressure (because the Item Shop content was refreshed every 24 hours), made it difficult for consumers/children to decide without excessive pressure. The Court has accepted the ACM's analysis and characterisation of the practice, rejecting Epic Games' contention that the analysis relied on the wrong test. 

A final challenge concerned the burden of proof: did the ACM need to prove that the concerned practices had actually influenced the behaviour of children as a result of the factors that its analysis identified? The Court finds that no proof has to be provided of actual influence: it is sufficient that the analysis makes it sufficiently plausible (aannemelijk) that these effects would occur. Among other things, the court points to ACM relies on research reporting that 37% of the kids playing the concerned version of the game (namely, Battle Royale) do make in-game purchases and that significant numbers of children who make in-game purchases regret their choices afterwards (see decision para 21.1). 

The confirmed fine amounts to 1.1 million euros. It is clear from the points raised in the case that Epic Games was here seeking to establish a principled precedent against the ACM's interpretation of the UCPD and their recent steps in digital enforcement. This may suggest that the decision will be appealed - which we should know within a few weeks. Interesting case in any event!

Customs duties and contracts: AG Ćapeta clarifies Article 5 CRD (C-488/24)

Photo by Imre Tomosvari on Unsplash

Last Thursday, AG Ćapeta delivered her opinion in Kigas (C-488/24), which primarily addresses the scope of information obligations under Article 5 of the Consumer Rights Directive. In this case, a consumer arranged for the transport of goods, such as motorcycles and washing machines, from Norway to Lithuania using a small transport company. They agreed price for the service was EUR 450. Based on the facts, both parties were taken by surprise when the shipment was stopped at the Swedish border and customs duties of approximately EUR 3,900 were imposed. The transport company paid these charges, delivered part of the shipment to the consumer, and withheld the remainder until the consumer reimbursed the customs payment. This raised the key question: Who bears the cost of customs duties when the contract is silent on the matter and how far service providers' duties to inform (about the main characteristics of the service and the price) stretch in this respect? 

The first part of AG's reasoning is unsurprising. It is evident that the potential payment of customs duties is one of the main characteristics of a contract for the international carriage of goods. After all, the physical transport of goods across borders requires carriers to ensure successful passage through border and customs checks (as reflected in para 62 of the opinion). Since Article 5(1)(a) CRD obliges traders to provide consumers with information on the main characteristics of the service prior to the conclusion of the contract, the carrier should indeed have informed the consumer that customs duties might be payable. 

The referring Lithuanian court views this a broader interpretation of the concept of an international carriage of goods contract (para 52), but in light of the CRD's objective, such an interpretation appears necessary (para 54). 

Based on the facts outlined in the opinion, this seems to have occurred in practice. There is mention that an employee of the carrier raised the issue of customs duties with the consumer, and that the consumer reassured them that no duties would be payable (para 7).

This brings us to the second part of the opinion: how detailed should the duty to inform be? Is the carrier obliged to verify whether customs duties will apply, identify the documents required by customs authorities, and estimate the potential charges? AG Ćapeta concludes that the scope of this duty depends on the nature of the carriage contract (para 67). If the carrier undertakes to act on consumers' behalf regarding customs - effectively concluding a brokerage agreement, they must liaise with the consumer on the specific documents required and provide an advance estimate of customs charges (para 72). AG Ćapeta acknowledges that custom tariffs for international carriage are not always predictable or fixed, but this does not absolve the carrier from providing a reasonable estimate and examples of applicable tariffs (para 76).

If, however, as in the present case, the contract is narrower in scope and limited to transportation, the carrier's information are correspondingly limited (para 82). This reflects the operational constraints faced by smaller carriers and the complexity of verifying the customs status of each item transported. Nevertheless, as AG notes (para 68), the carrier must inform the consumer, prior to contract formation, whether brokerage services are offered and who will be responsible for customs formalities. I agree that this enables consumers to make an informed choice, either to contract with the carrier or seek one that provides brokerage services (para 69). 

However, even smaller carriers occupy a stronger transactional and informational position than consumers, given their experience and repeated engagement in this market. Therefore, more should be required of them than merely stating that customs compliance is the consumers' responsibility. At a minimum, carriers should inform consumers of the types of documents typically required by customs, such as proof of the value of the goods. This duty does not extend to providing an exhaustive and detailed list of documents (para 88). Where brokerage service are not included, the carrier is not obliged to incorporate customs tariffs into the service price (para 89).

Overall, I find AG Ćapeta's opinion well-reasoned, striking an appropriate balance between consumer and trader interests. The applicability of Article 5 CRD is clear, but the scope of information duties often remains ambiguous under EU consumer law. Linking this scope to the breadth of the service provided is a sensible step towards greater legal certainty. Accordingly, where brokerage services are included, custom tariffs should be treated as part of the price to be disclosed, and carriers should assume greater responsibility for obtaining relevant information. Where brokerage services are absent, consumer should be clearly informed that they bear responsibility for customs compliance. Consumer protection objectives are nonetheless upheld if carriers remain obliged to guide consumers on the documents likely to be required and to warn them in advance that customs duties may apply. 

Labeling strikes again: non-alcoholic drinks cannot use the name "gin" (CJEU C-563/24 | PB Vi Goods)

It's been almost exactly one month since the CJEU issued a judgment which has left many non-lawyers (and also some lawyers) quite puzzled. The judgment may not concern consumer law strictly speaking, but will be of certain interest to those interested in consumer law and policy - and even more so with the holidays approaching. 

In PB VI Goods, the Court has sided with a German association in maintaining that PB VI Goods could not sell a beverage under the name "Virgin Alkoholfrei Gin". 

The decision is based on Regulation EU 2019/787, which concerns the "definition, description, presentation" and labelling of "spirits", including gin. The Regulation's stated aims include consumer protection, market transparency and fair competition, as well as the safeguarding of the Union's traditions and reputation in the field of spirits. This includes the protection of certain geographic designations  All three variants of Gin mentioned in the Regulation (Gin, Distilled gin and London Gin) have a minimum alcohol content of 37,5% and have to fulfil with other requirements concerning production process and allowed ingredients. 

Based on these facts, it is not too surprising that the CJEU declared that labelling a drink as "alcohol free Gin" goes against the Regulation: if that would be allowed, it would e.g. not be clear why a "reduced alcohol Gin" would have to be treated differently, whereas it is the Regulation's specific goal to prevent any variations other than those in line with the original designation to use the regulated denominations - not only in order to protect consumers against confusing terminology, but also to protect producers against exploitation of their reputation by competitors who are not bound by the same production standards. 

The Court also refers to its previous - and equally strict - decision in C-422/16, Tofutown.com, which similarly decided that plant-based drinks could not use the term "milk", even if indicating clearly in their name their non-dairy nature. The only allowed exceptions in that case were those made already within the relevant European rules, e.g. for products traditionally named as "milk" in some countries. 

PB VI's claim that the rules concerning spirits denominations may be against article 16 CFREU (freedom to conduct a business) were dismissed by the CJEU after a short analysis on the basis of the principle of proportionality. The restrictions were found to be appropriate to pursue legitimate aims (those discussed above) and not excessive, in particular due to the fact that they do not affect the ability to produce and market the concerned beverages, but only to call them "gin". For advocates of consumer choice and conscious lifestyles, the Court's argument that the designation may be misleading because of the role that "flavouring ethyl alcohol of agricultural origin with juniper berries" (and not, thus, water) plays in the production of Gin may sound formalistic and inconsequential - as consumers looking to replace alcoholic beverages with alcohol-free variants will likely be aware of the meaning conveyed by the terminology. 

At the same time, the literal meaning and spirit of the rules are quite unambiguous and the operation here consisten – regulated denominations are strictly enforced. Furthermore, there is no sense that a different approach could have plausibly anticipated on future developments as the European Parliament has just signalled a wish for stricter protectionof “traditional” food denominations, which would ban the use of “meat-related” names for non-meat products (think of “plant-based burgers” and similar terms). BEUC was among the first to point out that most consumers feel absolutely not confused by the practice, as well as to argue that the association is actually necessary/hepful for food replacements to find their audiences and play their role in the protein transition. 

Similarly, it seems that the rule concerning alcoholic beverages is likely to play out quite differently for different producers, favouring incumbents - whereas, for instance, an established gin producer will easily be able to leverage their brand recognition to also market their non-alcoholic product lines (imagine something like "Gordon's dry alcohol free"?), newcomers who want to focus on non-alcoholic drinks will not be able to signal their niche to customers will find it much more difficult to do so. 

We will keep an eye out for further developments!

2030 Consumer Agenda is here – What's next for EU consumer law

On 19 November 2025, the European Commission adopted the long-awaited 2030 Consumer Agenda, its strategic plan for EU consumer policy for the next five years. This is the most recent rendition of the Commission’s periodic consumer policy blueprints, preceded by the New Consumer Agenda 2020-2025. The 2030 Agenda is entitled ‘A new impulse for consumer protection, competitiveness and sustainable growth’, clearly aligning with the new Commission’s priority on boosting EU competitiveness.

Here is a rundown of the main priorities together with concrete action plans in the 2030 Agenda:

1. Completing the single market for consumers: This part complements the previously announced Single Market Strategy. The Commission aims to remove obstacles for consumers to access goods and services across the single market through, for example, an evaluation of the Geo-Blocking Regulation and tackling Territorial Supply Constraints. Particular attention is given to fostering cross-border financial services (e.g. the possibility of opening savings and investment accounts in another Member State) and cross-border mobility services (especially for rail travel, through, e.g., a single ticketing service).
2. Digital fairness and consumer protection online: The Commission reaffirmed its commitment to introduce a Digital Fairness Act to act against practices such as dark patterns, addictive design features or unfair personalisation, with a particular focus on the protection of minors. This initiative has already drawn tremendous attention. Other actions include fighting against online fraud (e.g., revising the Payment Services Directive) and fostering fair and transparent use of AI in consumer markets (though no specific action has been tabled besides the reference to the AI Act, which says little about consumer contracts).
3. Promoting sustainable consumption: Sustainable consumption was the centrepiece of the preview consumer agenda, shaped by the European Green Deal, and several sustainability instruments have been adopted since then. So the Commission’s new priority in this regard focuses on implementation. New actions include a Circular Economy Act (which in itself does not concern consumers too much) and the accompanying promotion of consumer returns of unused goods, second-hand markets and product-as-a-service business models, as well as measures to foster ‘green by design’ in e-commerce. In this ‘sustainability’ section, the Commission has also discussed its actions to ensure affordability (transport, energy, housing, food) and public health (forever chemicals, tobacco).
4. Effective enforcement and redress: This has been a perennial issue that has practically reappeared in all of the consumer agendas. The Commission will propose a revision of the Consumer Protection Cooperation Regulation to promote coordinated action in consumer enforcement across the EU. A major new challenge to enforcement comes from e-commerce and the growing circulation of unsafe or non-compliant products originating from third countries, which has already been flagged in the E-Commerce Communication. In this regard, the Commission is set to reform the Market Surveillance Regulation in the announced European Product Act.

In a time when ‘simplification’ and deregulation secure the Commission’s top priority, the 2030 Agenda seems to maintain a rather high standard of consumer protection, though consumer lawyers should probably proceed with utmost caution to ensure that ‘simplification efforts shouldn’t come at the expense of consumers’. The twin transitions still drive the agenda of EU consumer policy. Besides enforcement, digital fairness and e-commerce are likely to be the most relevant fields of EU consumer law for years to come. Sustainable consumption has not disappeared, though its prominence has undoubtedly diminished compared with the previous agenda. 

A couple of more personal reflections from my first reading of the Agenda: First, it is positive that the Commission has explicitly acknowledged the everyday experiences of European consumers shaped by the cost-of-living crisis and vowed, albeit in quite abstract terms, to tackle the uneven impact of rising energy, housing and food prices. Second, the Agenda seems to signal a shift in the background understanding of the image of EU consumers. Instead of only talking about confident consumers ‘reaping the benefits of the single market’ and empowered consumers ‘driving the green and digital transitions through informed choices’, the 2030 Agenda began to highlight the structural barriers holding consumers back. In particular, the Commission noted ‘barriers to choosing genuinely sustainable options, such as price, limited choice, unclear and inaccessible labelling, and mistrust of environmental claims’ (italics added). In a sense, the Agenda appears to rebalance – or at least complement – the emphasis on consumer responsibility to make informed choices with a stronger focus on regulatory responsibility to ensure fairness, affordability and sustainability ‘by design’. Of course, this may be a far-fetched (and optimistic) reading, and it remains to be seen how these grand commitments will unfold in the coming years.

The right of withdrawal, linked agreements and vehicle purchase contracts- the CJEU in C-143/23

On the 30th of October 2025, the CJEU delivered a judgment in the joined cases of consumers KI and FA against Mercedes-Benz Bank AG and Volkswagen Bank GmbH in C-143/23 , advancing the interpretation of Articles 10 and 14 of Directive 2008/48/EC on Consumer Credit.

 

The consumers entered into a credit agreement with their respective banks to purchase a motor vehicle for private use; where the car dealers from whom the vehicles were purchased acted as credit intermediaries and to whom the loans were paid in directly. The credit agreements did not inlcude the interest rate applicable to late payments at the time the agreement was concluded. Months and years after the contract had been concluded, the consumers notified their banks that they wished to withdraw from their credit agreements, arguing that the standard 14-day period did not begin to run due to omissions in the mandatory information included in their contracts. The referring Landgericht Ravensburg asked several questions to the CJEU.

 

 

The first question addressed by the CJEU was whether the consumers' right of withdrawal began to run despite the absence of mandatory information in their contract. According to Article 14(1)(b) of Directive 2008/48 the 14-day withdrawal period begins to run only on the day on which the information provided for in Article 10 has been received by the consumer, if that day is later than the day on which the credit agreement was concluded. Article 10(2)(l) provided that a credit agreement must state, in a clear and concise manner, the interest rate applicable to late payments, arrangements for its adjustment and any charges payable for default.

 

In its analysis, the CJEU emphasises the importance of mandatory information for consumers' informed decision-making, aimed at helping consumers in a weaker position vis-à-vis the bank. The CJEU then underlined the importance of informing consumers of the specific interest rate for late payment to enable consumers to be aware of the consequences of any late payment, information which is likely to influence not only the consumer’s decision to enter into the agreement, but also their ability to organise the repayment of the loan.

 

In view of the these reasons, the CJEU ruled that Article 10(2)(l) and Article 14(1)(b) of Directive 2008/48 must be interpreted as meaning that the withdrawal period provided for in Article 14(1) does not begin to run until the credit agreement does not specify, in the form of a specific percentage, the interest rate applicable in the event of late payment at the time of conclusion of the agreement, and until such information has been duly communicated to the consumer. With this, the CJEU confirmed its earlier position in C-33/20 (see our analysis here).

 

 

The second question tackled by the CJEU is interesting. The referring court asked directly whether the consumers’ potential intention to abuse their right can be considered here, in particular, that the consumer continues to use the vehicle until the national courts have ruled on the validity of the withdrawal and that the consumer refuses to pay compensation for the loss of value of that vehicle. The CJEU emphasised that a general legal principle is that EU law cannot be relied on for abusive or fraudulent ends. However, in the particular situation, the creditor cannot claim that the exercise of the right of withdrawal is unfair, as the withdrawal period has not, in such a case, begun to run. Under the circumstances, the credit cannot reply on the consumer’s improper exercise of the right of withdrawal provided for in Article 14(1).

 

The third question was what compensation should be provided to the creditor for the use of the vehicle. The CJEU referred to the 14th recital of the Directive, which stated that it was for the Member States to determine the conditions and arrangements following exercise of the right of withdrawal. Directive 2008/48 therefore grants Member States a margin of discretion leaving them to regulate matters relating to the return of the goods financed by the credit, which must follow the principle of effectiveness requiring that national provisions governing the consequences of the exercise of the right of withdrawal do not undermine the effectiveness and efficiency of that right to such an extent that it becomes impossible or excessively difficult to practice to exercise the right.

 

The CJEU, however, emphasised that compensation must be proportionate to the vehicle’s depreciation and its condition at the time of its return. Subject to the verifications to be carried out by the referring court, the CJEU was of the opinion that a method of calculation based solely on the difference in price between the purchase and resale of the vehicle, which includes factors unrelated to the use of that vehicle, such as commercial margins and resale costs – determined unilaterally by the car dealer – as well as value added tax, does not allow for the assessment of the depreciation of that vehicle resulting from its use by the consumer. In particular, if these circumstances are considered regardless of whether the vehicle has not been registered or used before the right of withdrawal is exercised. The CJEU concludes that this method, therefore, appears to impose on the consumer a burden resulting exclusively from the exercise of his or her right of withdrawal, and is likely to result in compensation that is disproportionate to the purchase price of that vehicle, making the exercise of the right of withdrawal impossible or excessively difficult to use in practice.

 

The CJEU ruled that Article 14(1) of Directive 2008/48 must be interpreted as precluding national case-law to calculate the amount of compensation for loss of value owed by consumer to the creditor by deducting from the sale price charged by the dealer at the time of the vehicle’s purchase the purchase price paid by the dealer at the time of the return of that vehicle, provided that that the method of calculation includes factors unrelated to the consumer’s use of that vehicle.

 

Fourth, the CJEU also addressed the question of payment of the interest for the credit agreement, ruling that Article 14(1) of Directive 2008/48 must be interpreted as not precluding national legislation under which a consumer who, after withdrawing from a consumer credit agreement linked to a vehicle purchase agreement, is required to pay the interest provided for in that first agreement for the period between the payment of the loan funds to the seller of the financed vehicle and the date of return of the vehicle to the creditor or seller.

 

Finally, the CJEU explicitly confirmed that Directive 2008/48 must be interpreted as not harmonising completely the rules relating to the consequences of the consumer’s exercise of his or her right of withdrawal from a credit agreement linked to a vehicle purchase agreement.

Why airlines can't rewrite the clock - CJEU in Corendon Airlines (C-558/24) on delay calculations

On 30 October, the CJEU delivered its judgment in Corendon Airlines (C-558/24), interpreting Articles 5(1)(c) and 7(1) of Regulation 261/2004, which regulate compensation for flight delays. 

Passengers were notified one day before departure that their scheduled departure and arrival times would be pushed back by 1 hour. On the day of travel, the flight was further delayed, and passengers ultimately arrived at their destination just under 3 hours later than the revised arrival time, but almost 4 hours later than the original schedule. The question referred to the CJEU was on the delay calculation. Should the delay be calculated against the original arrival time or the revised time notified to passengers in advance by the air carrier? 

The CJEU left no room for doubt: The delay must be calculated from the arrival time originally agreed between the parties. In this case, passengers are therefore entitled to compensation. This interpretation aligns with the Regulation's objective of ensuring a high level of consumer protection (para 25). It also prevents air carriers from unilaterally changing departure times from the ones contractually agreed upon (para 26). While advance notice of a  of a 1 hour delay may reduce inconvenience for passengers, it does not change the fact that the flight was postponed and qualifies as a delay in its own right (paras 19 and 27).

How can consumers' right to access payment accounts with basic features be reconciled with banks' anti-money laundering duties? AG de la Tour in Case C-81/24

The CJEU was recently asked to interpret Directive 2014/92/EU on access to payment accouts with basic features (PAD), which is to the best of my knowledge the first or at least one of the few preliminary rulings interpreting PAD. The question is how can the right to access payment accounts with basic features or basic bank accounts be reconciled with the bank's duty to comply with anti-money laundering rules. This essentially requires weighing two important policy goals, the financial inclusion of consumers, who have no other payment account, which is a cornerstone of financial inclusion,  and the aim to prevent the use of the the EU financial system for the purposes of money laundering and terrorist financing.

The question referred to the CJEU by the Slovenian Okrajno sodišče v Mariboru asks whether Article 16(4) of Directive 2014/92, read in the light of Directive 2015/849 or the Fourth Anti-Money Launderng Directive (4AMLD), may be interpreted as authorising Member States to require banks to reject a consumer’s application to open a payment account with basic features on the ground that he or she is included in a list of the Office of Foreign Assets Control (OFAC) of the United States Department of the Treasury. 

Article 16(1) of PAD provides a right for consumers to access basic payment accounts and confers a duty on Member States to ensure that all credit institutions or at least a sufficient number of them guarantee the provision of basic bank accounts. This right belongs to all consumers legally resident in the Member State, including asylum seekers or those with no fixed address (Article 16(2)). However, Article 16(4) provides an exception to the right. Banks can refuse the consumer's request to open the basic bank account where the opening of such an account would infringe the bank's duties to prevent money laundering and terrorism financing. The PAD therefore gives primary to national securty and financial stability matters over financial inclusion of individuals. However, the question is to what degree. The problem here was whether the mere fact of being included on an OFAC list, without having been convicted of any offence for which he is on that list, or having been subject to any restrictive measure from the United Nations, the European Union or a Member State is sufficient to constitute a breach of the provisions relating to the prevention of money laundering and terrorist financing which may therefore justify a refusal to open a payment account with basic features. Even if inclusion on such a list constitutes a special circumstance justifying increased vigilance, it was not clear whether it can justify a refusal to open a payment account with basic features.

As Advocate General Richard de la Tour notes in his Opinion delivered 4 Sepember 2025, the difficulty is that both directives are minimum harmonisation, allowing Member States to adopt more stringent measures. Nevertheless, the 4AMLD in Article 8 at minimum requires that Member States ensure banks have in place policies, controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing identified at the level of the Union, the Member State and the bank. These should include customer due diligence set out in Article 10, which includes identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source, assessing the purpose and intended nature of the business relationship and conducting ongoing monitoring of the business relationship. As the AG rightly notes in his analysis, while the fact of being included in OFAC may be a red flag warranting a more thorough due diligence, it should not be sufficient to outright refuse the open a basic bank account.

The AG therefore is of the opinion, that Article 16(4) of Directive must be interpreted as meaning that a banking institution may not refuse to open a payment account with basic features solely on the ground that the name of the consumer applying to open such an account is on the OFAC, unless, the applicable national law expressly provides for such a more stingent approach, given the minimum nature of the directives.

On the assignability of consumer claims under credit contracts: CJEU in Zwrotybankowe.pl (C‑80/24)

As consumer law remains under-enforced, it becomes all too common for consumers to assign their claims to third-party claim management companies, which typically operate on a contingency basis and take a percentage of the amounts successfully recovered. In Case C‑80/24, the consumer assigned their claim against a bank to Zwrotybankowe.pl, one such claim management company, which would retain 50% of the recovered amounts as remuneration. The assigned claim arose under Art. 30(1) of the Polish Law on Consumer Credit, which implements Art. 23 of the Consumer Credit Directive 2008 and imposes a penalty for the bank’s failure to comply with information obligations. In a proceeding brought by Zwrotybankowe.pl against the creditor bank, questions arose as to the assignability of the consumer claim in question and the court’s duty to assess the assignment agreement ex officio under the Unfair Terms Directive.

The first question concerns whether the Consumer Credit Directive precludes the assignment of consumer claims thereunder. This is because Art. 22(2) of said Directive prohibits the consumer from waiving their rights under it. A broad interpretation of this provision could suggest that consumers cannot assign claims arising under the Directive to third-party companies that make a profit from these legitimate claims (paras 13-14). However, the CJEU rejected such an interpretation. In particular, it drew an analogy with its reasoning in Case C‑11/23 concerning Art. 15 of Regulation (EC) No 261/2004, which similarly provides an ‘exclusion of waiver’. In that case, the airline’s general conditions included a prohibition of the transfer of passenger rights, in particular the right to compensation. The Court disallowed such a prohibition, in order ‘to ensure a high level of protection for air passengers and to enable [consumers] effectively to exercise their rights’, including ‘the freedom to choose the most effective way in which to defend his or her right’, such as ‘to transfer his or her claim to a third party in order to spare him- or herself difficulties and costs that might deter him or her from taking steps personally in relation to that carrier with the prospect of a limited financial return’ (para 27). Based on an analogous reasoning rooted in the rationale of weaker party protection, the Court held that Art. 22(2) of the Consumer Credit Directive likewise does not preclude the assignment of consumer claims arising under the Directive.

The second question goes on to ask: if the claim is assignable, should courts assess the unfairness of the assignment agreement ex officio – when the dispute before them arises from a different contract, namely the credit agreement? Recalling its case law on ex officio review under the Unfair Terms Directive, the Court confirmed that such a duty is limited to ‘the subject matter of the dispute’ (para 38). In this case, the assignment agreement ‘does not come within the limits of the subject matter of the dispute before it’ and therefore falls outside the ex officio review obligation under EU law (para 40). Moreover, since the consumer was not a party to the proceedings, the imbalance between a consumer and a trader, which justifies ex officio intervention, was also absent (paras 41-43). Accordingly, the Court concluded that the Unfair Terms Directive does not require national courts to assess the assignment agreement ex officio in such circumstances. Finally, the Court added that, where national law does allow such an ex officio review, the principle of effectiveness should serve to safeguard consumers’ procedural rights (para 46).

The reasoning in Zwrotybankowe.pl seems to give away a rather permissive stance towards third-party enforcement of consumer claims. Given that many instruments within the EU consumer acquis contain comparable prohibitions on waiver, one may ask whether the Court’s analogy extends to those regimes as well. Sure, consumers should have the freedom to spare themselves from the ‘difficulties and costs’ of private enforcement, but how much should they pay for such convenience? And if these ‘difficulties and costs’ stem from a systematic failure in consumer enforcement, is the privatisation of enforcement – and the shifting of its costs to consumers whose rights have been infringed in the first place – really the right call?