Posts Tagged E-commerce

Planet49: pre-ticked agreement with clauses in terms and conditions.

A quick flag to those of you following consumer protection and the Directive (2002/58) on privacy and electronic communications. In Case C-673/17 Planet49 the Court of Justice is being asked to clarify to what extent a website which pre-ticks boxes in general terms and conditions (here: to share relevant personal data) is compatible with relevant EU laws.

File of the case here (in Dutch only).



, , , , , , , , , , , ,

Leave a comment

Douez v Facebook: Consumers as protected categories in Canadian conflict of laws.

Thank you Stephen Pittel for flagging 2017 SCC 33 Douez v Facebook Inc.  Stephen also discusses the forum non conveniens issue and I shall leave that side of the debate over to him. What is interesting for comparative purposes is the Supreme Court’s analysis of the choice of court clause in consumer contracts, which it refuses to enforce under public policy reasons, tied to two particular angles:

  • ‘The burdens of forum selection clauses on consumers and their ability to access the court system range from added costs, logistical impediments and delays, to deterrent psychological effects. When online consumer contracts of adhesion contain terms that unduly impede the ability of consumers to vindicate their rights in domestic courts, particularly their quasi-constitutional or constitutional rights, public policy concerns outweigh those favouring enforceability of a forum selection clause.’ (emphasis added)

Infringement of privacy is considered such quasi-constitutional right.

  • ‘Tied to the public policy concerns is the “grossly uneven bargaining power” of the parties. Facebook is a multi-national corporation which operates in dozens of countries. D is a private citizen who had no input into the terms of the contract and, in reality, no meaningful choice as to whether to accept them given Facebook’s undisputed indispensability to online conversations.’

With both angles having to apply cumulatively, consumers are effectively invited to dress up their suits as involving a quasi-constitutional issue, even if all they really want is their PSP to be exchanged, so to speak. I suspect however Canadian courts will have means of sorting the pretended privacy suits from the real ones.

A great judgment for the comparative binder (see also Jutta Gangsted and mine paper on forum laboris in the EU and the US here).


, , , , , , , , , , , , , ,

Leave a comment

Wiseley v Amazon: on consumer contracts, click-wrap and putative laws.

Thank you Jeffrey Neuburger for flagging Wiseley v Amazon. Jeffrey has excellent overview and analysis so I will suffice with identifying a few tags: the issue of click-wrap agreements (when does one agree to GTCs contained in pop-ups and hyperlinks and the like); application of a putable law to a contract (the von Munchausen or ‘bootstrap’ principle); comparative dispute resolution law: how would EU law look at the issues? Have fun.



, , , , , , , , , , , , , , ,

Leave a comment

The Brussels Court of Appeal is spot on on Facebook, privacy, Belgium and jurisdiction.

The Brussels Court of Appeal has sided with Facebook  on 29 June. This post I am going to keep very, very simple: told you so. Geert.



, , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

Proposed EU e-commerce rules further reduce choice for consumer contracts.

I have referred repeatedly in the past to an inevitable attraction which some find in harmonising private, incuding contract law, in the Member States. The Common European Sales Law (CESL) proposal is dead, and for good reason. Its demise however has not led to the European Commission leaving the path of harmonisation in contract law. The EC has now selected bits and pieces of the CESL approach which it reckons might pass Member States objections. The proposed ‘fully harmonised’ rules on e-commerce formally do not close the door on party autonomy in the contracts under their scope of application. Yet in forcing regulatory convergence top-down, the aim is to make choice of law for these contracts effectively nugatory.

The EC itself formulates it as follows (COM(2015)634, p.1:

“This initiative is composed of (i) a proposal on certain aspects concerning contracts for the supply of digital content (COM(2015)634 final), and (ii) a proposal on certain aspects concerning contracts for the online and other distance sales of goods (COM(2015)635 final). These two proposals draw on the experience acquired during the negotiations for a Regulation on a Common European Sales Law. In particular, they no longer follow the approach of an optional regime and a comprehensive set of rules. Instead, the proposals contain a targeted and focused set of fully harmonised rules.”

Consequently the same proposal reads in recital 49 ‘Nothing in this Directive should prejudice the application of the rules of private international law, in particular Regulation (EC) No 593/2008 of the European Parliament and of the Council and Regulation (EC) No 1215/2012 of the European Parliament and the Council‘: that is, respectively, Rome I and Brussels I Recast’.

Consequently and gradually, choice of law for digital B2C contracts becomes redundant, for the content of national law converges. Support for this in my view is not rooted in fact (the EC’s data on the need for regulation have not fundamentally changed since its doomed CESL proposal), neither is it a good development even for the consumer. National consumer law is able to adapt, often precisely to the benefit of the consumer, through national Statute and case-law. Turning the EU regulatory tanker is much more cumbersome. The circular economy, recently often debated, is a case in point. Many national authorities point to limitations in contract law (incuding warranty periods and design requirements) as an obstacle to forcing manufacturers, including for consumer goods, to adopt more sustainable manufacturing and distribution models. The EC’s current proposals do no meet those challenges, rather, they obstruct them.


, , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

Cheers to that! The CJEU on excise duties, alcohol, packaging and regulatory autonomy in Valev Visnapuu.

Postscript 10 December 2015 For a similar exercise, see Sharpston AG in C-472/14 Canadian Oil.

Less is sometimes more so I shall not attempt to summarise all issues in Case C-198/14 Valev Visnapuu. The case makes for sometimes condensed reading however it perfectly illustrates the way to go about dealing with obstacles to trade put in place for environmental, public health or, as in this case, both reasons.

Mr Visnapuu essentially forum shops Estonia’s lower prices on alcohol by offering Finnish clients home delivery of alcoholic beverages purchased there. No declaration of import is made to Finish customs and excise, thereby circumventing (accusation of course is that this is illegal) a variety of excise duties imposed for public health and environmental reasons, as well as a number of requirements relating to retail licenses and container requirements (essentially a deposit-return system) for beverages.

Confronted with a demand to settle various tax debts, as well as with a suspended prison sentence, Mr Visnapuu turns to EU law as his defence in a criminal proceeding. The CJEU then had to settle a variety of classic trade and environment /public health questions: whether the packaging and packaging waste Directive is exhaustive on the issue of deposit-return system (answer: no and hence the system additionally needs to be assessed vis-a-vis EU primary law: Article 34 ff TFEU or Article 110 TFEU); whether in the context of that Directive excise duties on packaging may be imposed (yes) and packaging integrated into a functioning return system exempt (yes; in the absence of indications that imported systems are less likely to enjoy the exemption); whether the relevant excise duties fall under Article 34 ff TFEU or Article 110 TFEU (answer: it is part of an internal system of taxation hence needs to be judged vis-a-vis Article 110 TFEU); and finally whether the retail licence requirement needs to be judged viz Article 34 or Article 37 TFEU (answer: mixed, given the various requirements at stake). Final judgment on proportionality is down to the Finnish courts.

Readers in need of a tipple would be advised to postpone until after reading the judgment. Again though the case shows that if one keeps a clear head, classic structures of applying EU law go a long way in untangling even complex matters of law and fact.





, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

Not the way the datr cookie crumbles. Belgian courts on soggy jurisdictional grounds in Facebook privacy ruling.

Update 27 June 2017 Before the CJEU Case C-210/16 Wirtschaftsakademie Schleswig-Holstein GmbH v Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein relates to some issues with relevance for the case at hand: in particular the respective powers of various authorities in the Member States with the parent company outside of the EU and one one of the data protection authorities based in the Member State where the company’s establishment is responsible for data processing under the group’s internal division of tasks and responsibilities.

Update 11 July 2016 the Court of Appeal has sided with FB on 29 June. No surprises there! Update 27 June 2017 both initial ruling and the CA’s judgment relate to the provisionary measures. The case is now going through the same courts in ordinary (non-urgent) fashion.

Update 9 February 2016 the French privacy commission has now mirrored the Belgian action

Quite a lot of attention has been going to a Belgian court ordering Facebook to stop collecting data from non-users through the use of so-called datr cookies.  Applicant is Willem Debeuckelaere, the chairman of the Belgian privacy commission, in his capacity as chairman (not, therefore, as a private individual). Our interest here is of course in the court’s finding that it has jurisdiction to hear the case, and that it can apply Belgian law. The judgment is drafted in Dutch – an English (succinct) summary is available here.

Defendants are three parties: Facebook Inc, domiciled in California; Facebook Belgium BVBA, domiciled in Brussels; and Facebook Ireland Ltd., domiciled in Dublin. Facebook Belgium essentially is FB’s public affairs office in the EU. FB Ireland delivers FB services to the EU market.

Directive 95/46 and the Brussels I Recast Regulation operate in a parallel universe. The former dictates jurisdiction and applicable law at the level of the relationship between data protection authorities (DPAs), and data processors (the FBs, Googles etc. of this world). The latter concerns the relation between private individuals and both authorities and processors alike. That parallelism explains, for instance, why Mr Schrems is pursuing the Irish DPA in the Irish Courts, and additionally, FB in the Austrian courts.

Current litigation against FB lies squarely in the context of Directive 95/46. This need not have been the case: Mr Debeuckelaere, aforementioned, could have sued in his personal capacity. If he is not a FB customer, at the least vis-a-vis FB Ireland, this could have easily established jurisdiction on the basis of Article 7(2)’s jurisdiction for tort (here: invasion of privacy): with Belgium as the locus damni. Jurisdiction against FB Inc can not so be established in the basis of Article 7(2) (it does not apply to defendants based outside the EU). If the chairman qq natural person is a FB customer, jurisdiction for the Belgian courts may be based on the consumer contracts provisions of Regulation 1215/2012 – however that would have defeated the purpose of addressing FB’s policy vis-a-vis non-users, which I understand is what datr cookies are about.

Instead, the decision was taken (whether informed or not) to sue purely on the basis of the data protection Directive. This of course requires application of the jurisdictional trigger clarified in Google Spain. German precedent prior to the Google Spain judgment, did not look promising (Schleswig-Holstein v Facebook).

At the least, the Belgian court’s application of the Google Spain test, is debatable: as I note in the previous post,

Article 4(1)(a) of Directive 95/46 does not require the processing of personal data in question to be carried out ‘by’ the establishment concerned itself, but only that it be carried out ‘in the context of the activities’ of the establishment (at 52): that is the case if the latter is intended to promote and sell, in that Member State, advertising space offered by the search engine which serves to make the service offered by that engine profitable (at 55). The very display of personal data on a search results page constitutes processing of such data. Since that display of results is accompanied, on the same page, by the display of advertising linked to the search terms, it is clear that the processing of personal data in question is carried out in the context of the commercial and advertising activity of the controller’s establishment on the territory of a Member State, in this instance Spanish territory (at 57).

Google Spain’s task was providing support to the Google group’s advertising activity which is separate from its search engine service. Per the formula recalled above, this sufficed to trigger jurisdiction for the Spanish DPA. Google Spain is tasked to promote and sell, in that Member State, advertising space offered by the search engine which serves to make the service offered by that engine profitable. The Belgian court accepts jurisdiction on the basis of Facebook Belgium’s activities being ‘inseparably linked’ (at p.15) to Facebook’s activities. With respect, I do not think this was the intention of the CJEU in Google Spain. At the very least, the court’s finding undermines the one stop principle of the data protection Directive, for Belgium’s position viz the EU Institutions means that almost all data processors have some form of public interest representation in Belgium, often indeed taking the form of a BVBA or a VZW (the latter meaning a not for profit association).

The court further justifies (p.16) its jurisdiction on the basis of the measures being provisionary. Provisionary measures fall outside the jurisdictional matrix of the Brussels I (Recast), provided they are indeed provisionary, and provided there is a link between the territory concerned and the provisional measures imposed. How exactly such jurisdiction can be upheld vis-a-vis Facebook Ireland and Facebook Inc, is not clarified by the court.

The court does limit the provisionary measures territorially: FB is only ordered to stop using datr cookies tracking data of non-FB users ‘vis-a-vis internetusers on Belgian territory’, lest these be informed of same.

I mentioned above that the data protection Directive and the Brussels I recast can be quite clearly distinguished at the level of jurisdiction. However findings of courts or public authorities on the basis of either of them, do still face the hurdle of enforcement. That is no different in this case. Recognition and enforcement of the judgment vis-a-vis FB Inc will have to follow a rather complex route, and it is not inconceivable that the US (in particular, the State of California) will refuse recognition on the basis of perceived extraterritorial jurisdictional claims (see here for a pondering of the issues). Even vis-a-vis Facebook Ireland, however, one can imagine enforcement difficulties. Even if these provisionary measures are covered by the Brussels I Recast (which may not be the case given the public character of plaintiff), such measures issued by courts which lack jurisdiction as to the substance of the matter, are not covered by the enforcement Title of the Regulation.

All in all, plenty to be discussed in appeal.





, , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a comment

%d bloggers like this: