Tag: GDPR

Posted on

Quite the song and dance. Dutch TikTok class action passes jurisdictional hurdle at first instance, cutting many a((n) appealable) corner in the process.

I reported earlier on the ongoing collective claim against TikTok here. Thank you Xandra Kramer and Eduardo Silva de Freitas for signalling and discussing the first instance jurisdictional finding. I note already that the Court [5.28] has refused interim permission to appeal on the jurisdictional finding (as in i.a. the applicable law issue in Airbus). [5.22] it also refused a preliminary reference o the CJEU even though my concise discussion below already shows that more is at play here than the court has made out. TikTok will now first have to argue the case on the merits to then (presumably) appealing both substance and jurisdictional finding.

As I flagged earlier and as Xandra and Eduardo discuss, the issue here is firstly the relationship between GDPR and Brussels Ia at the jurisdictional level: I discuss that in this paper. Against TikTok Ireland, jurisdiction is established on the basis of A80 GDPR, with no further discussion of A79 (even if A80 partially refers to A79 for the action it establishes).

In my view the court quite carelessly muddles the various concepts used in A79-80, all too easily dismisses ia CJEU Schrems, does not clearly distinguish between assignment, subrogation, mandate etc., and certainly does not correctly delineates the authority which the collective organisations might have under the GDPR: for it is not at all clear that this authority, beyond injunctive relief,  includes a (collective) claim for damages.

[5.13] the court already announces that it may not in fact have jurisdiction for all individuals who are no longer habitually resident in The Netherlands, a concession which in my view in fact goes towards undermining its own reasoning.

[5.14] ff the court then reviews A4 and 7(2) BIa, as a supplementary jurisdictional ground for the GDPR related claims and as a stand-alone ground for the non-GDPR related claims. The court’s decision to apply CJEU Wikingerhof as leading to forum delicti and not forum contractus is in my view optimistic, and surely if A7(2) is at play then the CJEU’s authority ia in Schrems is, too. Yet the court [5.17] quite happily assimilates the harmed individuals’ COMI etc. with the collective organisation.

[5.19-20] the court summarily accepts jurisdiction against the other (non-EU) TikTok entities on the basis of Dutch residual rules for related cases.

Jurisdictional issues will most definitely return upon eventual appeal.

Geert.

(Handbook of) EU Private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2.5.

 

 

Posted on

The Belgian DPA yet again on processing of activities and Article 3(1) v 3(2) GDPR. Google appeals a prime example of circular reasoning.

The Belgian Data Protection Controller (DPA)’s decision of March 2022 (thank you Peter Craddock for alerting me to it at the time) has been travelling with me since it was issued mid March 2022: a late posting, I realise. There is however follow-up because Google have appealed.

The case concerns a classic ‘right to be forgotten’ aka delisting request, which Google refused, made by a practising solicitor with a criminal conviction and disciplinary measures taken against him. Google was rebuked, but not fined, for not dealing with the request promptly. However in substance the DPA agreed with Google’s refusal to delist, citing the link of the convictions to the applicant’s current profession, the recent nature of the conviction, and the severity of the facts.

This post however wants to signal the issue for which Google have appealed: the territorial reach of the GDPR under Article 3(1) v 3(2) GDPR,  as also explained in the European Data Protection Board (EDPA) December 2019 guidelines on the territorial scope of the GDPR (and something which the Belgian Court of Appeal has grappled with before, albeit not in the 3(1) v 3(2) setting).

Article 3(1) of the GDPR applies to “the processing of personal data in the context of the activities of an establishment of a controller or processor in the Union, regardless of whether processing takes place in the Union or not“. Article 3(2) applies the GDPR to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union, or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union“.

Google Ireland was fast out off the picture by consent among the parties and the DPA [39-40]: it had no role at all in any of the processing. Google LL.C. admitted [44] that Article 3(1) applies to it, while Google Belgium [53] posits that as a mere internal consultancy /lobbying outfit for the Google group, it, too, has no role in the processing of the data.

Citing earlier decisions and CJEU Google Spain, the DPA nevertheless takes a broad view of ‘data processing’, arguing [64] that Google Spain identifies an ‘inextricable link’ between the various units of a group as sufficient to trigger DPA jurisdiction, even if one of these units has no role in the data processing.  While this reasoning ([68] and [71] in particular) suggests the wide notion of inextricable link triggers Article 3(1), in subsequent paras ([69] in particular) suggest the opposite causality: suggesting that because Article 3(1) applies, the activities are inextricably linked. Clearly, as Peter Craddock had pointed out before (I read it at the time but cannot find the source anymore I fear) that is a case of circular reasoning.

For Google, application of the GDPR to the US based entity as opposed to the EU based ones clearly is of significant difference. Its appeal with the Court of Appeal will be heard in the autumn.

Geert.

EU private international law, 3rd. ed. 2021, 2.256 ff.

 

Posted on

Open Rights Group. The Court of Appeal on grace periods, the consequences of judicial review and remedies for breach of (supreme) retained EU law.

A posting that is long overdue but over at GAVC law  we have lots of things coming our way and the inevitable consequence is a bit of a queue on the blog. Open Rights Group & Anor, R (On the Application Of) v Secretary of State for the Home Department & Anor [2021] EWCA Civ 1573 was held end of October and discussed remedies for breach of retained EU law, that is in essence, EU law which has force in law in the UK by virtue of the Government’s copy /paste exercise following Brexit.

In April 2021 the CA had held that that the “Immigration Exemption” (which disapplies some data protection rights where their application would be likely to prejudice immigration control) of the UK Data Protection Act 2018 is contrary to Article 23 GDPR and Article 23 of the UK GDPR: [2021] EWCA Civ 800.  However in that judgment the CA had not specified at that stage what form of relief should be granted. It does now.

The claim form sought a declaratory order, the effect of which would be to “disapply” the Immigration Exemption. The Government argue it be granted a grace period to make regulations adding to or varying the provisions. The complicating factor is that even retained EU law enjoys supremacy (not by virtue of EU law but by virtue of the Government’s choice to do so). That means that any conflict between the GDPR and domestic legislation (including primary legislation) must be resolved in favour of the former: the domestic legislation must be overridden, treated as invalid or, in the conventional language, disapplied.

[15] A quashing order would not meet with the UK constitutional understanding and its limits to the rule of judges. However must supremacy, post Brexit, mean the courts must inevitably make an immediately binding order? Warby LJ sets out the principles of EU retained law as they follow from domestic legislation (the ‘EUWA’) at [23]:

(1) A UK court must now decide any question as to the validity, meaning or effect of any retained EU law for itself: it is no longer possible to refer any matter to the CJEU: EUWA s 6(1)(b).

(2) But the general rule is that the court must decide any such question in accordance with any retained case law and any retained general principles of EU law that are relevant: EUWA s 6(3). “Retained EU case law” and “retained general principles” mean principles laid down and decisions made by the CJEU before IP completion day.

(3) When it comes to principles laid down or decisions made by the CJEU after IP completion day, the court is not bound (EUWA s 6(1)) but “may have regard” to them (EUWA s 6(2)).

(4) The position is different in a “relevant court”, which includes the Court of Appeal. Subject to an exception that does not apply here, a relevant court is not absolutely bound by any retained EU case law: EUWA s 6(4)(ba) and Regulations 1 and 4. It can depart from that law; but the test to be applied in deciding whether to do so is “the same test as the Supreme Court would apply in deciding whether to depart from the case law of the Supreme Court”: EUWA 6(5A)(c) and Regulation 5.

(5) The test the Supreme Court applies is the one laid down by the House of Lords in its Practice Statement [1966] 1 WLR 1234, when Lord Gardiner LC said

“Their Lordships regard the use of precedent as an indispensable foundation upon which to decide what is the law and its application to individual cases. It provides at least some degree of certainty upon which individuals can rely in the conduct of their affairs, as well as a basis for orderly development of legal rules. Their Lordships nevertheless recognise that too rigid adherence to precedent may lead to injustice in a particular case and also unduly restrict the proper development of the law. They propose, therefore, to modify their present practice and, while treating former decisions of this House as normally binding, to depart from a previous decision when it appears right to do so. In this connection they will bear in mind the danger of disturbing retrospectively the basis on which contracts, settlements of property and fiscal arrangements have been entered into and also the especial need for certainty as to the criminal law. This announcement is not intended to affect the use of precedent elsewhere than in this House.”

Relevant CJEU authority is LibertyLa Quadrature, A v Gewestelijke Stedenbouwkundige Ambtenaar van het Department ruimte Vlaanderen (Case C-24/19) (“Gewestelijke”), and B v Latvijas Republikas Saeima Case C-439/19, EU-C-2021-504 (“B v Latvia”). [24] Gewestelijke was decided before IP completion day. We are not absolutely bound by them, but we should decide this case in accordance with the principles they set out, unless we think it right to depart from those cases for the reasons set out by Lord Gardiner. B v Latvia was decided after IP completion day, so we can “have regard” to it.

[26] Warby LJ suggests 3 options:

One is to hold that since the power to suspend relief in respect of substantive laws that is identified in Gewestelijke is one that can only be exercised by the CJEU, it cannot be exercised at all in E&W. This is rejected [27] as an unduly mechanistic and literal approach, tending to subvert rather than promote the legal policy that underlies this aspect of the CJEU jurisprudence: it would remove from the judicial armoury a power that is, by definition, essential. 

An alternative would be what Warby LJ called “the Regulation 5 approach”: to apply the principles laid down in the 1966 HoL Practice Statement and depart from the CJEU case-law, holding that the power which, in that jurisprudence, is reserved to the CJEU should now be treated as available to at least some UK Courts. This [28] enable a court to perform one of its essential tasks: averting legal disorder and is an option which Warby LJ suggests is open to the Court of Appeal.

A third option is to follow and apply the CJEU jurisprudence as to the existence and limits of the power to suspend, but not that aspect of the case-law that reserves the exercise of that power to the European Court. That [31] is Warby LJ’s preferred route however he decides (and the other LJs agree) that there is at this time no need to choose between both options for in essence they lead to the same result in the case at issue. The Court concludes that the Government were given time until 31 January 2022 for the Data Protection Act 2018 to be amended so as to remedy the incompatibility. Whether the Government have done so, I leave to data privacy lawyers to verify.

Underhill LJ emphasises one point [57] ‘that, as Warby LJ says at para. 13 of his judgment, our power to suspend our declaration – in practice, to suspend the disapplication of the Immigration Exemption – derives entirely from retained EU law. It was not argued that the Court had any equivalent power at common law.’

This is an important judgment viz the application of retained EU law but also wider, viz the consequences of judicial review which is a hot topic at the moment in more than just the UK.

Geert.

Posted on

Soriano’s successful appeal on the GDPR jurisdictional gateway confirms the potential for splintering of private GDPR enforcement.

In Soriano v Forensic News LLC & Ors [2021] EWCA Civ 1952 the Court of Appeal end of December allowed the claimant’s cross-appeal on the territorial reach of the GDPR. I reported the decision at the time but had not yet gotten round to post on it. I reviewed the High Court’s judgment here and readers may want to refer to that post to help them appreciate the issues. Like in my review of the first instance judgment I focus here on the GDPR’s jurisdictional gateway ([75] ff), not the libel issue.

Claimant’s case on A3 (2)(a) GDPR is set out as arguing that Defendants, to the extent that they are data controllers, offer services to readers in the UK irrespective of payment. As for A3.2(b), it is contended that the website places cookies on readers’ devices and processes their personal data using Facebook and Google analytics for the purpose of targeting advertisements, with Facebook Ireland Ltd and Google Ireland Ltd operating as the registered joint data controller. Further, it is submitted that Defendants were collecting and obtaining data about the Claimant and were monitoring his behaviour within the UK and the EU with a view to making publishing decisions.

CJEU authority discussed, on the meaning of ‘establishment’, is Weltimmo, Google Spain and Verein fur Konsumerenteninformation. At [78] ff Warby LJ relies to my taste somewhat excessively on the European Data Protection Board’s Guidelines 3/2018 on the Territorial Scope of the GDPR, holding [97] that defendants’ offer and acceptance of subscriptions in local currencies (Sterling cq Euros) is a “real and effective” activity that is “oriented” towards the UK and EU – that the effort only yielded 6 UK and EU subscriptions in total is irrelevant: defendants did more than merely making their journalism accessible over the world wide web. 

The result is that jurisdiction in E&W under the GDPR gateway is upheld – as is therefore, the potential which I predicted for extensive splintering of private GDPR enforcement, in contrast with the EU’s stated intent to have one-stop shop public GDPR enforcement.

Geert.

EU Private International Law, 3rd ed. 2021, Heading 2.2.9.2.5, para 2.258 ff.

Posted on

Lloyd v Google. More on the tort gateway and ‘damage’ under data protection law.

Update 7 October 2022 See Christopher Knight analysis here.

Update 6 October 2022 Sánchez-Bordona AG today opined in C-300/21, in a direction which largely would seem to follow the UKSC.

The UK Supreme Court in Lloyd v Google [2021] UKSC 50 held a few weeks back. It allowed the appeal, meaning the Court of Appeal‘s judgment is no longer good law and the High Court‘s approach is now the rule. The judgment essentially means that loss of control over private data is not considered ‘damage’ within the data protection Act 1998. The issue is one of statutory interpretation: on its proper interpretation, the SC understands the term “damage” in s. 13 to mean material damage (financial loss for instance) or mental distress, and not just unlawful processing. Loss of control therefore may still play a role in the common law tort of misuse of private information, and ‘damage’ was of course also considered flexibly in the context of consequential losses (Brownlie).

On class actions, the SC’s judgment is a set-back, too, with the judgment [80] holding

What limits the scope for claiming damages in representative proceedings is the compensatory principle on which damages for a civil wrong are awarded with the object of putting the claimant – as an individual – in the same position, as best money can do it, as if the wrong had not occurred. In the ordinary course, this necessitates an individualised assessment which raises no common issue and cannot fairly or effectively be carried out without the participation in the proceedings of the individuals concerned. A representative  action is therefore not a suitable vehicle for such an exercise.

Geert.

Posted on

Suing TikTok: on GDPR and ordinary jurisdiction, as well as applicable law in the Dutch collective claim.

A short note on the claim form for the collective claim by a group of parents based in The Netherlands against TikTok Technology Limited, domiciled at Dublin, Ireland.  It engages Article 79 GDPR, as well as the consumer section of Brussels Ia. At the applicable law level, it suggests application of Article 6 Rome I (consumer contracts; a logical counterpart of the jurisdictional analysis) and, in subsidiary fashion, Article 4 Rome II, each to suggest application of Dutch law.

I wrote on Article 79 here, and the problems which I signalled have in the meantime surfaced in case-law, as I signalled ia here.  Current case prima facie may not be entirely straightforward under GDPR, BIa and Rome I – one imagines a possible TikTok’s defence to go ia towards the meaning of ‘establishment’.

Geert.

Posted on

Soriano v Forensic News LLC & Ors. (Inter alia) the GDPR jurisdictional gateways being tested.

Soriano v Forensic News LLC & Ors [2021] EWHC 56 (QB) engages ia the jurisdictional implications of the GDPR (this post focuses solely on the data protection claim). Claimant  (habitually resident in the UK) sues in relation to ten internet publications and various social media postings including on Facebook and on Twitter. He relies on various causes of action including data protection, malicious falsehood, libel, harassment and misuse of private information. Defendants are all domiciled in various US States.

The Brussels Ia Regulation is not engaged; the GDPR is. (On the partial overlap and conflict between BIa and the GDPR see my paper here). A79 GDPR reads

“Right to an effective judicial remedy against a controller or processor

    1. Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
    2. Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers.”

At 45-47 the ‘establishment’ issue is not much discussed for the claimant at any rate meets with the habitual residence gateway. Focus of the discussion is on A3’s territorial scope provisions (I am not sure I agree with the suggestion at 46 that A79 logically comes before consideration of A3). Reference is made to Google Spain, Weltimmo and  Verein fur Konsumerentenininformation- see also my review with Yuliya Miadzvetskaya here. The European Data Protection Board’s Guidelines 3/2018 on the Territorial Scope of the GDPR are then turned to to consider targeting, processing and ‘related to’ per A3(2) GDPR.

At 60, Claimant’s case on A3 (2)(a) is set out as arguing that the Defendants, to the extent that they are data controllers, offer services to readers in the UK irrespective of payment. As for A3.2(b), it is contended that the website places cookies on readers’ devices and processes their personal data using Facebook and Google analytics for the purpose of targeting advertisements, with Facebook Ireland Ltd and Google Ireland Ltd operating as the registered joint data controller. Further, it is submitted (By Greg Callus – the same counsel as in the Court of Appeal judgment in Wright v Grannath which I reported yesterday) that the Defendants were collecting and obtaining data about the Claimant and were monitoring his behaviour within the UK and the EU with a view to making publishing decisions.

Justice Jay held claimant has no real prospect of success on either (a) or (b). At 64 ff: the ‘journalistic endeavour’ complained of is not oriented towards the UK in any relevant respect; as for article 3.2(a), there is nothing to suggest that the First Defendant is targeting the UK as regards the goods and services it offers; as for article 3.2(b), at 68

First Defendant’s use of cookies etc. is for the purpose of behavioural profiling or monitoring, but that is purely in the context of directing advertisement content. There is no evidence that the use of cookies has anything to do with the “monitoring” which forms the basis of the Claimant’s real complaint: the Defendant’s journalistic activities have been advanced not through any deployment of these cookies but by using the internet as an investigative tool. In my judgment, that is not the sort of “monitoring” that article 3.2(b) has in mind; or, put another way, the monitoring that does properly fall within this provision – the behavioural profiling that informs advertising choices – is not related to the processing that the Claimant complains about (assuming that carrying out research online about the Claimant amounts to monitoring at all).

(Obiter, at 69, it is held that had the good arguable case succeeded, the claim would have withstood a forum non conveniens argument).

At 112 ff the jurisdictional case for libel is upheld.

An interesting illustration of the unsettled nature of jurisdictional claims under the GDPR.

Geert.

EU Private International Law, 3rd ed. 2021, Heading 2.2.9.2.5, para 2.258 ff.

 

 

Posted on

Google and the jurisdictional reach of the Belgian DPA in right to be forgotten cases. Another piece misplaced in the puzzle?

Thank you Nathalie Smuha for first signalling the €600,000.00 fine which the Belgian Data Protection Authority (DPA) issued on Tuesday against Google Belgium, together with a delisting order of uncertain reach (see below) and an order to amend the public’s complaint forms. The decision will eventually be back up here I am assume (at vanished yesterday) however I have copy here.

Nauta Dutilh’s Peter Craddock and Vincent Wellens have very good summary and analysis up already, and I am happy to refer. Let me add a few things of additional note:

  • The one-stop shop principle of the GDPR must now be under severe strain. CNIL v Google already put it to the test and this Belgian decision further questions its operationalisation – without even without for the CJEU to answer the questions of the Brussels Court of Appeal in the Facebook case. At 31, the DPA refers to a letter which Google LLC had sent on 23 June 2020 (a few days therefore after the French decision) to the Irish DPA saying that it would no longer object to national DPAs exercising jurisdiction in right to be forgotten cases. Of note is that in ordinary litigation, deep-pocket claimants seeking mozaik jurisdiction seldom do that because it serves the general interest.
  • Having said that, the Belgian DPA still had to establish jurisdiction against Google Belgium. Here, CJEU Google v Spain, Google v CNIL, and Wirtschaftsakademie led the DPA to take a ‘realistic’ /business plan approach (such as Jääskinen AG in Google Spain) rather than a legally pure approach: at 80 following extensive reference to CJEU authority, and to the effet utile of the GDPR, the DPA holds that it matters little whether the actual processing of the date takes places outside of the EU, by Google employees ex-EU, and that Google Belgium’s activities are supportive only. A Belgian resident’s right to be forgotten has been infringed; a Google entity is available there: that would seem to suffice.
  • That left the issue of the territorial reach of the delisting request. The DPA arguably cuts a few corners on the Google Belgium issue; here, it is simply most vague: at 81 ff it refers to the jurisdictional decision in e-Date Advertising, that for infringement of privacy within Brussels Ia, the courts of the person’s centre of interests are best placed to hear the case in its entirety, holding this should be applied mutatis mutandis in GDPR cases and removal orders. It then holds at 85 that neither Google v CNIL nor Belgian law give it specific power to impose a worldwide delisting order, yet at 91 that an EU-wide delisting order would seem an effective means of redress, to end up in its final order (p.48-49) not identifying a territorial scope for delisting.

I am confused. I suspect I am not the only one.

Geert.

(Handbook of) EU private international law, 2nd ed.2016, chapter 2, Heading 2.2.8.2.5.

 

Posted on

The GDPR’s one stop shop principle put to the test in French Supreme Court confirmation of CNIL jurisdiction over Google Android case. The Court also rebukes the spaghetti bowl of consent ticking and unticking.

Thank you Gaetan Goldberg for flagging that the French Supreme Court has confirmed on 19 June last, jurisdiction of the French Data Protection Agency (‘DpA’), CNIL for issuing its fine (as well as confirming the fine itself) imposed on Google for the abuse of data obtained from Android users. The Court was invited to submit preliminary references to the CJEU on the one-stop shop principle of  the GPDR, but declined to do so.

Readers of the blog know that my interest in the GDPR lies in the jurisdictional issues – I trust date protection lawyers will have more to say on the judgment.

With respect to the one stop shop principle (see in particular A56 GDPR) the Court held at 5 ff that Google do not have a ‘main establishment’ in the EU at least not at the time of the fine complained of, given that the Irish Google office (the only candidate for being the ‘main establishment) at least at that time did not have effective control over the use and destination of the data that were being transferred – US Google offices pulling the strings on that decision. A call by the CNIL under the relevant EU procedure did not make any of the other DPAs come forward as wanting to co-ordinate the action.

On the issue of consent the SC referred to CJEU Cc-673/17 Planet49 and effectively held that the spaghetti bowl of consent, ticking and unticking of boxes which an Android user has to perform to link a Google account to Android and hence unlock crucial features of Android, do not amount to consent or proper compliance with GDPR requirements.

Geert.

Posted on

The CJEU in Reliantco on ‘consumers’ and complex financial markets. And again on contracts and tort.

C-500/18 AU v Reliantco was held by the CJEU on 2 April, in the early fog of the current pandemic. Reliantco is a company incorporated in Cyprus offering financial products and services through an online trading platform under the ‘UFX’ trade name – readers will recognise this from [2019] EWHC 879 (Comm) Ang v Reliantco. Claimant AU is an individual. The litigation concerns limit orders speculating on a fall in the price of petrol, placed by AU on an online platform owned by the defendants in the main proceedings, following which AU lost the entire sum being held in the frozen trading account, that is, 1 919 720 US dollars (USD) (around EUR 1 804 345).

Choice of court and law was made pro Cyprus.

The case brings to the fore the more or less dense relationship between secondary EU consumer law such as in particular the unfair terms Directive 93/13 and, here, Directive 2004/39 on markets in financial instruments (particularly viz the notion of ‘retail client’ and ‘consumer’).

First up is the consumer title under Brussels Ia: Must A17(1) BIa be interpreted as meaning that a natural person who under a contract concluded with a financial company, carries out financial transactions through that company may be classified as a ‘consumer’ in particular whether it is appropriate, for the purposes of that classification, to take into consideration factors such as the fact that that person carried out a high volume of transactions within a relatively short period or that he or she invested significant sums in those transactions, or that that person is a ‘retail client’ within the meaning of A4(1) point 12 Directive 2004/39?

The Court had the benefit of course of C-208/18 Petruchová – which Baker J did not have in Ang v ReliantcoIt is probably for that reason that the case went ahead without an Opinion of the AG. In Petruchová the Court had already held that factors such as

  • the value of transactions carried out under contracts such as CFDs,
  • the extent of the risks of financial loss associated with the conclusion of such contracts,
  • any knowledge or expertise that person has in the field of financial instruments or his or her active conduct in the context of such transactions
  • the fact that a person is classified as a ‘retail client’ within the meaning of Directive 2004/39 is, as such, in principle irrelevant for the purposes of classifying him or her as a ‘consumer’ within the meaning of BIa,

are, as such, in principle irrelevant to determine the qualification as a ‘consumer’. In Reliantco it now adds at 54 that ‘(t)he same is true of a situation in which the consumer carried out a high volume of transactions within a relatively short period or invested significant sums in those transactions.’

Next however comes the peculiarity that although AU claim jurisdiction for the Romanian courts against Reliantco Investments per the consumer title (which requires a ‘contract’ to be concluded), it bases its action on non-contractual liability, with applicable law to be determined by Rome II. (The action against the Cypriot subsidiary, with whom no contract has been concluded, must be one in tort. The Court does not go into analysis of the jurisdictional basis against that subsidiary, whose branch or independent basis or domicile is not entirely clear; anyone ready to clarify, please do).

At 68 the CJEU holds that the culpa in contrahendo action is indissociably linked to the contract concluded between the consumer and the seller or supplier, and at 71 that this conclusion is reinforced by A12(1) Rome II which makes the putative lex contractus, the lex causae for culpa in contrahendo. At 72 it emphasises the need for consistency between Rome II and Brussels IA in that both the law applicable to a non-contractual obligation arising out of dealings prior to the conclusion of a contract and the court having jurisdiction to hear an action concerning such an obligation, are determined by taking into consideration the proposed contract the conclusion of which is envisaged.

Interesting.

Geert.

(Handbook of) EU private International Law, 2nd ed. 2016, Chapter 2, Heading 2.2.8.2.

 

 

%d bloggers like this: