Document Actions
Statement
1
The legislative initiative of harmonising certain aspects of contracts for the supply of digital content and services across the EU via a specific directive (DCD) is certainly a welcome and necessary one. While examining scenarios in which consumers provide data (as opposed to money) in exchange for such content or services, it is important that the concept and ideally the specific wording of "data as counter-performance" is preserved in the language of the directive, and that the directive covers both personal and any other data in this context. The directive should further apply to data irrespective of the question whether the consumer provides them actively or passively.
2
It is of crucial importance to establish a harmonised level of consumer protection for embedded digital content and services by covering the digital element of smart goods. The existing differentiations between stand-alone and embedded digital content / services at the scope level should be removed. Specific rules for embedded digital content /services should be drafted and applied only when absolutely necessary. In addition, the consumer protection implications arising from multi-party scenarios in the context of supplying smart goods must be more intensively investigated and expressly addressed in the final text of the directive.
3
On the issue of portability of personal data, this matter should be governed exclusively by the GDPR. Regarding user-generated content (UGC) that is not personal information, the portability of such content should not be undermined by too broadly defined exceptions. The right to retrieve such content should only be excluded if it cannot be made available without disproportionate and unreasonable effort. Traders should have a clear duty to apply state-of-the-art technology to guarantee that consumers' UGC can be extracted separately, and that consumers' right to retrieve UGC should apply both against the trader and against any third party that stores and/or processes the content.
4
A harmonised level of consumer protection under the directive in the context of conformity should principally apply in an equal manner to consumers who provide data as counter-performance and paying consumers alike. Objective conformity requirements play an important role within the harmonised consumer protection scheme, and the type of counter-performance (data or price) should not result in lower requirements in the case of data as counter-performance contracts. However, the application of data protection law to some situations that are commercial in nature (such as the right to termination) marks the limits of the non-discrimination principle in favour of consumers who extend their personal data in exchange for commercial offers. The directive should not intentionally inhibit the ability of domestic contract laws to provide remedies to traders in the appropriate case and to the extent that such remedies are in line with the harmonised data protection law.
5
The Weizenbaum Institute [1] investigates the current changes in all aspects of society occurring in response to digitalisation. Its goals are to develop a comprehensive understanding of these changes based on rigorous academic analysis and to offer informed strategies to address them at a political and economic level.
6
The Weizenbaum Institute is funded by the Federal Ministry of Education and Research. The consortium is coordinated by the Berlin Social Science Center (“WZB”) and includes the four Berlin universities – Freie Universität Berlin, Humboldt-Universität zu Berlin, Technische Universität Berlin, Universität der Künste Berlin – as well as the Universität Potsdam and the Fraunhofer Institute for Open Communication Systems (“FOKUS”).
7
The Berlin-Brandenburg Consortium focuses on the interaction of the social sciences, economics and law with design research and computer science. Interdisciplinary basic research and the exploration of concrete solutions in practice-based labs are combined with knowledge transfer into politics, business, and society. The conceptual design of the Institute aims to achieve scientific excellence with a nationwide and international impact, as well as networking with cooperation partners from civil society, business, politics, and the media.
8
Our mission is to highlight a number of important issues within the larger debate around the Digital Content Directive (“DCD”) [2] and its legislative process. We focus for the most part on situations where consumers, in exchange for digital content / services, provide data and not money. Within our selected topics, we bring forward several recommendations concerning the preferred approaches with the aim of contributing to the continuing discussions they have evoked. As the legislative process is reaching its most critical stages, we present solutions that will hopefully be taken into consideration while the EU trilogue participants hammer out the final text of the DCD.
9
The structure of this position paper is as follows: first, we present the approaches of the European Commission (“COM”), the Council of the European Union (“Council”), and the European Parliament (“EP”) as reflected in their respective proposals in the form of a comparative table juxtaposing the relevant texts one next to the other. Then, for each topic, we add comments concluded by concrete recommendations.
10
Among the topics that are sought to be regulated under the directive, we focus on the principal question of (personal) data as counter-performance in the context of business-to-consumer contracts as well as on related issues of embedded digital content, portability rules, and conformity requirements.
|
European Commission (09.12.2015)I |
Council of the European Union (01.06.2017)II |
European Parliament (27.11.2017)III |
|
Recital (13) |
Footnote 15IV |
Recital (13) (Amendment 19)V |
|
In the digital economy, information about individuals is often and increasingly seen by market participants as having a value comparable to money. Digital content is often supplied not in exchange for a price but against counter-performance other than money i.e. by giving access to personal data or other data. Those specific business models apply in different forms in a considerable part of the market. Introducing a differentiation depending on the nature of the counter-performance would discriminate between different business models; it would provide an unjustified incentive for businesses to move towards offering digital content against data. A level playing field should be ensured. In addition, defects of the performance features of the digital content supplied against counter-performance other than money may have an impact on the economic interests of consumers. Therefore the applicability of the rules of this Directive should not depend on whether a price is paid for the specific digital content in question. |
An explanation along the following lines will be added in the recitals: "In the digital economy, digital content is often supplied without the payment of a price and suppliers use the consumer's personal data they have access to in the context of the supply of the digital content or digital service. Those specific business models apply in different forms in a considerable part of the market. A level playing field should be ensured. This Directive should apply to contracts where the supplier supplies or undertakes to supply digital content or a digital service to the consumer. Member States should remain free to determine whether the requirements for the existence of a contract under national law are fulfilled. The Directive should not apply where the consumer does not pay or does not undertake to pay a price and does not provide personal data to the supplier. […] |
In the digital economy, information about individuals is often and increasingly seen by market participants as having a value comparable to money. Digital content and digital services are often supplied not in exchange for a price but against data, i.e. by giving access to personal data or other data. Those specific business models apply in different forms in a considerable part of the market. Introducing a differentiation depending on the nature of the counter-performance would discriminate between different business models, which provides an unjustified incentive for businesses to move towards offering digital content or digital services against data. In addition, defects of the performance features of the digital content or digital service supplied against data as counter-performance may have an impact on the economic interests of consumers. In order to ensure a level playing-field, the applicability of the rules of this Directive should not depend on whether a price is paid for the specific digital content or digital service in question. |
|
Recital (14) |
Footnote 15 |
Recital 14 |
|
As regards digital content supplied not in exchange for a price but against counter-performance other than money, this Directive should apply only to contracts where the supplier requests and the consumer actively provides data, such as name and e-mail address or photos, directly or indirectly to the supplier for example through individual registration or on the basis of a contract which allows access to consumers' photos. […] This Directive should […] not apply to situations where the supplier collects information, including personal data, such as the IP address, or other automatically generated information such as information collected and transmitted by a cookie, without the consumer actively supplying it, even if the consumer accepts the cookie. […] |
“[…] This Directive should not apply to situations where the supplier only collects metadata, the IP address or other automatically generated information such as information collected and transmitted by cookies, except where this is considered as a contract by national law. […] However, Member States should remain free to extend the application of the rules of this Directive to such situations or to otherwise regulate such situations which are excluded from the scope of this Directive." |
As regards digital content and digital services supplied not in exchange for a price but when personal data is provided, this Directive should apply to contracts where the trader requests and the consumer provides personal data, as well as where the trader collects personal data. It would include, for example, the name and e-mail address or photos, provided directly or indirectly to the trader, for example through individual registration or on the basis of a contract which allows access to consumers' photos, or personal data collected by the trader, such as the IP address . […] |
|
Article 3 – Scope |
Article 3 – Scope |
Article 3 |
|
(1) This Directive shall apply to any contract where the trader supplies digital content to the consumer or undertakes to do so and, in exchange, a price is to be paid or the consumer actively provides counter-performance other than money in the form of personal data or any other data. |
(1) This Directive shall apply to any contract where the supplier supplies or undertakes to supply digital content or a digital service to the consumer (…). It shall not apply (…) to the supply of digital content or a digital service for which the consumer does not pay or undertake to pay a price and does not provide or undertake to provide personal data to the supplier. […] |
(1) This Directive shall apply to any contract where the trader supplies or undertakes to supply digital content or a digital service to the consumer whether through the payment of a price or under the condition that personal data is provided by the consumer or collected by the trader or a third party in the interest of the trader . |
I DCD-COM (n [2]).
II Council, ‘Proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the supply of digital content (First reading) – General approach’, 9901/17 ADD 1, 2015/0287 (COD), 01.06.2017 (hereinafter referred to as “DCD-Council”). Footnote(s) in the DCD-Council text omitted.
III EP, ‘Report on the proposal for a directive of the European Parliament and of the Council on certain aspects concerning contracts for the supply of digital content (COM(2015)0634 – C8-0394/2015 – 2015/0287(COD))’, A8-0375/2017, 27.11.2017; (hereinafter referred to as “DCD-EP”).
IV Footnote 15 is part of Article 3(1) DCD-Council.
V At the same time, EP states in Recital 13 – Amendment 20: “In the digital economy, information about individuals is often and increasingly seen by market participants as having a value. Specific business models have developed in which traders supply digital content or a digital service and the consumer is required to provide or give access to personal data. Those specific business models already apply in different forms in a considerable part of the market. This Directive does not intend to decide whether such contracts should be allowed or not. In addition, it leaves to national law the question of validity of contracts for the supply of digital content or a digital service where personal data are provided or accessed. This Directive should, in no way, give the impression that it legitimises or encourages a practice based on monetisation of personal data, as personal data cannot be compared to a price, and therefore cannot be considered as a commodity. However, introducing a differentiation in the rules applying to monetary and non-monetary transactions would provide an unjustified incentive for businesses to favour the supply of digital content or digital services on condition that personal data is provided. In addition, defects of the performance features of the digital content or digital service supplied when no price is paid might have an impact on the economic interests of consumers. With a view to ensuring a levelplaying-field and a high level of consumer protection, the applicability of the rules of this Directive should not depend on whether a price is paid for the specific digital content or digital service in question” (Emphasis in original).
11
Some of the key questions the Digital Content Directive (DCD) prompts already begin with its intended scope. The following discussion focuses on three of those questions: namely, the inquiry whether data should be considered counter-performance in the first place (1); whether treating data as counter-performance should apply to personal data only, or rather, also to any other data (2); and whether the scope of the DCD should cover actively provided data only or also data provided passively (3). Currently, the positions of the European Commission, the Council of the European Union, and the European Parliament [3] on these essential questions differ quite significantly.
12
Article 3(1) and Recital 13, 14 DCD-COM clearly state that counter-performance can be provided not only in the form of money, but also in the form of personal data or any other data. Notably, the General Approach document of the Council does not mention the notion of “counter-performance” by name. It seems that the Council prefers to avoid using this terminology by stating instead that the DCD “shall not apply […] to the supply of digital content […] for which the consumer does not pay […] a price and does not provide […] personal data”. [4] The EP shows a similar tendency by recommending to remove the phrase “counter-performance” from Article 3(1). Its amendment to Article 3(1) stipulates that the DCD “shall apply to any contract where the trader supplies […] digital content […] under the condition that personal data is provided or collected […]”. [5]
13
The debate whether data should be considered “counter-performance” or not reflects the tension between two regulative approaches to the intersection between markets, data protection and consumer protection; namely, recognizing data as counter-performance in the context of the DCD and thereby guaranteeing a high factual level of consumer protection might signal to market participants the acceptance of commercialisation of personal data. Alternatively, ignoring that type of counter-performance may signal a rejection of such commercialisation, but this would come at the price of lowering the factual level of consumer protection.
14
There are no clear answers to the general question regarding how far the legal system should “protect consumers from themselves” without risking becoming overly paternalistic. [6] At the same time, there seems to be a consensus around the recognition that “data [provided] against digital content” is today a prevalent business model that cannot be ignored. [7] Accordingly, the COM and EP agree that in the digital economy, information about individuals is being increasingly seen by market participants as having a value comparable to money. [8] Even the European Data Protection Supervisor (EDPS) in principle welcomes the intention of regulatory approaches to protecting consumers in the digital environment, including those who provide personal data in exchange for ostensibly “free services.” [9]
15
In fact, excluding data as counter-performance (hereinafter “DACP”) situations from the DCD would lead to discrimination between DACP-consumers and price-paying consumers. It is highly questionable whether discrimination solely on this basis across the board is justifiable. Obviously, DACP-consumers do not obtain the digital content “for free” and therefore there is no reason to assume that they deserve a lower level of protection. Their data has a substantial economic value to traders, and their economic interests are surely at stake when the trader deviates from its contractual obligations irrespective of the nature or their counter-performance. [10]
16
Recital 13 DCD-COM makes a double assumption according to which (1) differentiation would boost DACP business models, and (2) incentivising DACP business models in this way would be unjustified and should be avoided. These assumptions call for further scrutiny. Strictly speaking, excluding DACP-transactions from the scope of the DCD would mean a lack of harmonisation in this area, and by extension, result in any type and level of consumer protection a given Member State decides to grant. The DCD would thereby forgo an important opportunity to cover this aspect of digital markets. Increased fragmentation among domestic laws in their respective approaches of DACP-transactions would clearly undercut the harmonisation agenda of the DCD.
17
Apart from this, the emphasis of Recital 13 on discrimination between business models appears somewhat misplaced: The main instrument with which the DCD seeks to achieve the ultimate goal of fostering the growth of the Digital Single Market is not by equalizing incentives to pursue various business models, but more likely by harmonizing the level of consumer protection (or at least, some aspects thereof) and thus significantly increasing legal certainty across the European Union. The discrimination that needs to be avoided is therefore not so much between different business models as it is between different consumer groups. As also suggested by the COM and EP in Recital 13, an important consideration in this context is the impact on the economic interests of consumers: it is the discrimination between classes of consumers that generally should be avoided.
18
In addition, the human-rights aspect of personal data and the capacity of personal data to serve as counter-performance are not mutually exclusive. [11] In other legal disciplines it is well established that personality-related rights (such as authors' rights or publicity rights) can simultaneously have a monetary dimension, which their holders are free to realise. [12] Such duality can equally apply to the interface between data as reflecting a personal right (e.g., under the GDPR [13] ) and data as a commodity (e.g., under the DCD). [14] The direct reference from the DCD to the GDPR as having the regulative priority in all data protection-related matters effectively leaves the latter unaffected. [15] No erosion in the status and operation of data protection law is to be feared if the DCD merely targets the commercial facets of a market reality that data protection law cannot wipe away.
19
An impact in the opposite direction, namely, a foray of data protection law into the domain of contract law, should also be considered at this juncture. [16] The right to withdraw consent to the processing of personal data (e.g., as laid down in Article 7(3) GDPR) does not necessarily negate the possibility of a contract over personal data. The conclusion of a contract remains subject to national law. [17] In addition, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal (Article 7(3) GDPR).
20
The conclusion must be that the European legislator cannot turn a blind eye to DACP-transactions within the general project of promoting the Digital Single Market despite the potential tension with data protection law. The proposed Article 3(8) DCD-Council already points in a similar direction. That said, certain clarifications, for instance as suggested by the Council (in footnote 15) or by the EP (in Recital 13 – Amendment 20), may be useful in explaining the interplay between these two bodies of law. Avoiding the term “counter-performance” or any comparable terminology from the realm of contract law contributes nothing to achieving the goals of the DCD or serving any other regulative purpose. [18]
21
Whereas the COM relates to “personal data or any other data” as potentially replacing payment of price, both the Council and EP advocate for limiting the language to “personal data” only. The General Statement (Council) and the Report (EP) do not explain in detail the rationale for excluding “other data” from the scope of the DCD. A possible explanation is the wish to avoid the additional complexity resulting from the necessity to differentiate between the two types of data in the text of the directive. Another possible reason could be the underlying idea that specific regulation addressing non-personal data is less necessary provided that consumers, for the most part and in light of the broad concept of “personal data” under the GDPR, are not likely to provide non-personal data to traders.
22
The latter assumption is weakened if considered against available methods and technologies to anonymise data once it reaches the trader and further down the value chain. But even assuming that data preserves its original identity as personal or non-personal after entering the commercial cycle, differentiation at the scope level would immediately introduce the (sometimes nontrivial) task of determining which category the data provided by the consumer belongs to. Once this has been done, the assumption about the negligent importance of non-personal data in DACP-scenarios would have to be revisited under future business models that might increase the importance of such scenarios.
23
We therefore submit that including both personal and non-personal data would better serve the interests of efficiency, legal certainty and consumer protection. To the extent that the two data categories receive different treatment under the DCD in order to prevent friction with data protection law, a direct reference to the definition of personal data in the GDPR appears advisable. Once included, non-personal data should be controlled by the DCD norms that protect consumers against continued use of their data after termination. [19] The GDPR will continue to apply directly on such matters with regards to personal information. [20]
24
In the context of the DCD referring to GDPR norms where data protection law is implicated due to the nature of data as personal data, a general word of caution is warranted: reference to specific provisions in the GDPR should not necessarily mention provision numbers, but rather the intended data protection principles in order to prevent cross-reference errors in case the legislative texts are to be amended or replaced in the future. [21] Furthermore, a specific reference to the GDPR in one occasion should not open the door to argumentum e contrario where the GDPR should apply but is not mentioned in the text of the DCD. It is therefore advisable to explain (possibly in the Recitals) the relationship between the DCD and the GDPR and specifically exclude e contrario interpretations.
25
According to the COM, the DCD applies only to data that is actively provided by the consumer, whereas data collected by the trader that is not actively provided, such as the IP address or even data collected after the acceptance of a cookie, do not fall under its scope. [22] The Council, by comparison, would introduce a minimum harmonization standard, allowing member states to also extend the application of the DCD to passively provided data. [23] Shifting to the opposite extreme, the EP would apply the DCD irrespective of the question whether data was actively “provided by the consumer or collected by the trader or a third party in the interest of the trader” [24] in order to avoid loopholes. [25]
26
As pointed out by the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE), limiting the scope to actively provided data would create a perverse incentive for traders to not ask for the consumer's consent. [26] Simply assuming that data protection law will operate to protect a consumer whose data was passively collected in a manner that adversely affects his or her interests does not suffice. In case of passive collection that is unlawful under the GDPR, the protections of the DCD should apply all the more.
27
Excluding scenarios from the scope of the DCD where the counter-performance consists of passively provided data would in fact be counterproductive in terms of consumer protection. In case of non-personal data, neither the DCD nor the GDPR would apply. But also in case of personal data provided passively, where the GDPR does apply, the DCD can provide an additional layer of protection, e.g., a right to damages (Article 14 DCD-COM) if the digital content or service is not in conformity with the contract.
28
Moreover, it should be noted that the criteria set out in Recital 14 DCD-COM to distinguish between actively or passively provided data call for further clarification. This is especially true for the given example of cookies. There is no reason for consumers whose data is collected by the means of cookies to be less protected than consumers who actively consent to the collection of essentially the same data. [27] Passively collected data is neither less valuable than actively collected data, nor is it marginal in scope or importance. [28] In addition, the economic interests of both types of consumers are affected by the usage of the data in the same way. The conclusion is that discrimination between consumer groups on such basis would lack any plausible justification, and following a minimum harmonisation approach here would not suffice.
-
The concept of counter-performance should be maintained. The wording “counter-performance” introduced by DCD-COM is preferable to the solutions proposed by the Council and EP in Article 3 (1) DCD. Alternatively, the wording of Recital 13 DCD-EP – Amendment 19, referring to content or services provided “against data” could be an acceptable alternative.
-
The DCD should apply to both personal and any other data. The phrase “or any other data” should therefore be maintained. Alternatively, Article 3(1) DCD should use the term “data” without differentiating between personal and any other data. In this case, Article 2 DCD and the relevant Recitals should clarify that the term “data” covers both personal and any other data.
-
The DCD should apply to data irrespective of the question whether it is provided actively or passively by the consumer. The term “actively” in Article 3(1) and Recital 14 DCD-COM should hence be deleted and the term “or collected by the trader or a third party in the interest of the trader” as stated in Article 3(1) DCD-EP should be maintained.
|
European Commission (09.12.2015) |
Council of the European Union (01.06.2017) |
European Parliament (27.11.2017) |
|
Recital 11 |
Article 2(12)I |
Article 2(1)(1b)II |
|
(…) this Directive should not apply to digital content which is embedded in goods in such a way that it operates as an integral part of the goods and its functions are subordinate to the main functionalities of the goods. |
‘embedded digital content’ means digital content present in a good, whose absence would render the good inoperable or would prevent the good from performing its main functions, irrespective of whether that digital content was pre-installed at the moment of the conclusion of the contract relating to the good or according to that contract installed subsequently. |
‘embedded digital content or digital service’ means digital content or a digital service pre-installed in a good; |
|
Article 3(3) |
Article 3(3) |
Article 3(3) |
|
With the exception of Articles 5 and 11, this Directive shall apply to any durable medium incorporating digital content where the durable medium has been used exclusively as carrier of digital content. |
With the exception of Articles 5 and 11, this Directive shall apply also to any tangible medium which incorporates digital content in such a way that the tangible medium serves exclusively as carrier of digital content. Article 3(3a) This Directive shall not apply to embedded digital content. |
With the exception of Articles 5 and 11, this Directive shall apply to embedded digital content or embedded digital services. Unless otherwise provided, references to digital content or digital services in this Directive also cover embedded digital content or embedded digital services. As regards goods with embedded digital content or embedded digital services, the trader shall be liable under this Directive to the consumer for meeting his obligations only in respect of the embedded digital content or digital service. The rules of this Directive are without prejudice to the protection granted to consumers by the applicable Union law with respect to other elements of such goods.
|
I Footnotes in the DCD-Council text omitted. Emphasis in original.
II Emphasis in original.
29
The proposal of the EP to include embedded digital content and services (EDCS) within the scope of the DCD is a welcome development. Having considered this a step in the right direction, we would recommend following through by removing the unnecessary differentiation between stand-alone and embedded digital content or services.
30
Considering the regulative framework of the DCD alongside the current proposal for a directive of the European Parliament and of the Council on certain aspects concerning contracts for the online and other distance sales of goods (COM(2015) 635 final, hereinafter “OSD”) reveals a notable misconception: the OSD is often mentioned as providing a “safety net” to consumers due to its capacity to close loopholes in the DCD protection scheme. It must be mentioned in this context that the OSD only applies if the physical good is bought and paid for with money. The DCD is therefore indispensable to rental or lending situations.
31
The same holds true for cases in which the good is given away for free or in exchange for data. With the sinking cost of electronic gadgets and the growing market for Big Data and targeted marketing, companies have an increased incentive to distribute consumer electronics without charge. Already now, some consumer electronics are sold at the manufacturing price or less. The main purpose of such “giveaways” is the collection of data generated through use and monetising that data. Under the current OSD draft, this entire market segment is not covered (since the OSD does not cover data as counter-performance transactions), opening a regulatory gap that the DCD is capable of closing.
32
Even in cases where the OSD could serve as a safety net for consumers, its anticipated protection scheme remains insufficient as it does not cover crucial questions such as (security) updates or modifications that are necessary irrespective of whether the content is provided as a stand-alone product or embedded in a physical good. Many observers as well as the EP have already recognised the importance of including EDCS within the framework of the DCD. [29] Despite the difficult challenge of reasonably delineating the scope of the DCD and its coexistence alongside the OSD, leaving EDCS outside of the domain covered under the DCD would be a resounding mistake.
33
The main arguments for such inclusion are identical with the arguments for enacting the DCD in general: smart goods (or for the DCD in general digital content) are becoming ever more relevant, and they differ from conventional goods in ways that call for specific regulation. A harmonized set of rules in this area is essential in order to bolster consumer rights and increase legal certainty, which might hinder transactions and thus the development of a Digital Single Market. As already noted by others, a failure to cover the digital aspect of physical smart goods on an EU-level would lead to confusion, inconsistencies and a “serious gap in consumer protection”. [30]
34
The difficulties in implementing this approach, however, are rooted in the regulative perspective of the DCD, which focuses on the type of good (digital content), as opposed to the OSD that is tied to the legal consequences intended by the parties (transfer of ownership). The DCD's stance of focusing on the type of goods seems to contrast civil codes' regulative matrix in some Member States (including Germany). The resulting problems in aligning the DCD with the OSD are therefore likely to trickle down to future efforts of implementing the two instruments in national laws. [31] However, assuming that the basic structure of both directives will be upheld in the final versions, we submit that including EDCS products under the DCD is crucial.
35
The current proposals to include EDCS in the DCD share one shortcoming: these proposals would expressly include “embedded” digital content and services and separately define the term “embedded”. [32] Unfortunately, this approach tends to raise more questions than it can solve. [33] For instance, the latest EP proposal attempts to identify “embedded” digital content or services based on them being “pre-installed in a good”. Alas, the definition is ambiguous and potentially too narrow. Ambiguous, as it is not clear whether it covers content that remains on a cloud and is accessed through the good in the course of use. In addition, the term is not really fitting for digital services: usually, they are not “installed” on the device. In such cases, merely a client or interface might be pre-installed to allow access to the service. Would the DCD in such cases only apply to the client or also cover errors on the remote server?
36
The definition is also too narrow, as it leaves the door open for common business models to escape its application. If EDCS are to be included separately, the logic of the proposal would be that digital content or services delivered through a physical good were not to be covered per se, but only if they were “pre-installed”. Especially where content quickly runs out-of-date (e.g., maps on a Navisat), devices are only delivered with a basic environment and physical parts, while the majority of content must be downloaded after delivery. Such content would hence not be covered – a loophole the trader could take advantage of, even where there is no objective reason to deliver the digital content subsequent to providing the good.
37
To avoid such definition-based problems, we recommend to remove the differentiation between stand-alone and embedded digital content or services and instead to conceive EDCS as a special way of supplying digital content or services. There is no need for distinction at the scope level, as the two forms of supplying digital content do not differ to an extent that requires two sets of specific rules. In both cases, there are similar consumer interests and market challenges at stake. Additionally, in case differentiation would still make sense in a limited context, this can be done ad hoc within the relevant provision.
38
The challenge of distinguishing between physical products distributed with an embedded digital content or service (hence, subject to EDCS regulation) and the distribution of digital content or services that are merely embodied in a physical article or otherwise connected with it (hence potentially subject to mixed/linked contract regulation) is only expected to grow in the future. [34] For this reason, we recommend to extend the scope of the DCD to all digital content and services irrespective of the way in which they are delivered. To implement this understanding into the DCD, one could for example clarify the scope by changing the definition of “supply” and omit any definitions and exclusions or inclusions of EDCS (e.g. “’supply’ means providing access to digital content or services or making digital content or services available isolated or within or in connection with physical goods”). [35]
39
If, however, the EU legislature nonetheless chooses to follow the definition-based approach, we join the recommendations of the ELI advocating for the amendment of the notions of “embedded” and “ancillary” content or services. [36] To broaden the directive's scope, these terms should then be defined in such a way that they cover all digital content and services delivered within or in connection with a physical good in fulfilment of a contractual obligation. [37]
40
That there is no basic need for differentiation becomes clear if one is to investigate the rules that have been proposed by the EP specifically for EDCS. Those EDCS-specific provisions set out in Article 3(3), 9(1)(c), 10(1)(b), 13b(2) DCD-EP are superfluous and should hence be deleted:
-
Article 3(3) DCD-EP should not exclude Article 5 and Article 11 DCD-EP (duty to supply the digital content and remedies for the failure to supply) for EDCS. Although Article 18 of Directive 2011/83/EG (Consumer Rights Directive, hereinafter “CRD”) already covers those rights with regard to physical goods, Articles 5 and 11 DCD-EP should additionally apply to the digital part of the good. As Article 18 CRD applies only to sales contracts, Articles 5 and 11 DCD-EP could guarantee a level of harmonization for all other cases. But even for sales contracts, the need for a designated rule concerning the digital component of the good persists – e.g., if the embedded service is to be unlocked after the delivery of the good.
-
Article 9(1)(c) DCD-EP (relevant point in time for evaluation of conformity) is tailor-made for sale contracts, in which the goods are handed over at one single occasion. It does not fit for embedded content or services provided over a period of time. Article 9(1)(b) DCD-EP in its current form is capable of also covering EDCS-contracts. An additional rule as stated under Article 9(1)(c) DCD-EP is superfluous and in its current wording too narrow.
-
Since both the newly redrafted Article 8(3) OSD-COM(2017) [38] as applicable to physical goods, and Article 10(1)(a) DCD-EP for digital content and services set a two-year time limit for the reversal of the burden of proof for the lack of conformity, there is no need to set a different limit of one year for EDCS in Article 10(1)(b) DCD-EP. But even if the time-limit for physical goods should remain less than two years, it is not necessary to also lower the time-limit for EDCS and treat them differently than stand-alone digital content or services.
-
Article 13b(2) DCD-EP (duty to return the good) is overly complex. Beyond that, it interferes with other EU and domestic regulations governing sales contracts and touches upon national core contract law by regulating the effects of linked contracts despite the express intention of the DCD to avoid such impacts.
41
Another critical point is the interrelation between the DCD and the OSD in cases of sales contracts. In many instances, the separation is fairly easy to make, since most of the rules designed for digital goods logically do not apply to physical goods (a security update for the wristband of a smart watch would make no sense.) At the same time, serious issues begin to surface in the broader context of conformity with the contract and remedies for non-conformity as there are different regulations intended for conformity criteria, relevant time periods, or burden of proof. The EP's co-rapporteurs declared their intent to work together with the rapporteur responsible for the OSD in an attempt to align conformity criteria and thus minimize the impacts of the split approach. [39] However, already the on-going discussion about subjective and objective conformity criteria for digital goods [40] and the vastly different proposals on this matter by the COM, Council and EP show that a full alignment in that regard between DCD and OSD is unlikely. Besides, such an alignment would actually undermine to some extent the idea behind the DCD. [41] Although we embrace any approaches of aligning both directives, the following question will remain relevant: What set of rules should apply to situations, where both directives are applicable but provide different rules?
42
One possible solution would be applying the DCD to the digital component and the OSD to the physical component of a good. However, distinguishing between the digital and physical components can be rather tricky in real-life situations, making it difficult for the consumer to determine where the conformity deficiency lies. To solve this matter, the consumer could have the right to base the non-conformity claim on the DCD without the need to prove that the problem indeed relates to the digital part. To balance the picture, it was proposed by ELI that the supplier should have the opportunity to show that the problem lies within the physical part, and hence, the consumer would have no rights under the DCD. [42]
43
We welcome this approach but would recommend going one step further for achieving a higher level of clarity, certainty and consumer protection. In case of such a rebuttable assumption as proposed, the success of the consumer's claim under the DCD would depend on the trader not being able to prove that the deficiency falls within the physical component of the good. The problem here is that the consumer has limited possibilities to tell where the deficiency lies – and thus is not able to properly assess the risk of a lawsuit. In contrast, the 6-month reversal of the burden of proof under the CSGD [43] is more consumer-friendly: to answer the question whether the lack of conformity existed at the time of delivery, the consumer has some first-hand knowledge about facts such as when the fault initially occurred or whether he/she might have been responsible for the problem (e.g., by dropping the good or by not handling it properly in any other way). By comparison, when it comes to the question of where the defect lies, such or other facts will be mostly unavailable to the consumer. So, if the trader denies the consumer his rights under the DCD by simply alleging a physical fault, the consumer would be unlikely to challenge that claim, rendering this solution impracticable.
44
Therefore, an alternative approach to this dilemma appears more appropriate: The consumer should be mostly free to claim a defect in the physical part of the good or a fault in the digital component, a choice the trader should not be able to challenge by proving that the consumer's choice was incorrect. By performing that choice, the consumer should only be restricted by an “obviousness principle”. Namely, relying on DCD remedies in a given case will be denied only if it is apparent without further investigation and expertise that the problem lies in the physical part of the good (and vice versa, if the consumer relies on OSD remedies). [44]
45
Following this consumer-friendly approach is a conscious policy decision that should guide the legislative process. In some cases, this indeed might lead to an extended liability of the trader; yet strong consumer protection and legal certainty are gained, and it should be easier for the trader to compensate for possible financial drawbacks resulting from the legal exposure, for example, by raising the price.
46
Multi-party scenarios that are typical to the supply of EDCS call for more discussion and analysis. The current DCD proposals seem to focus on bilateral contracts while overlooking more complex settings that involve multiple players in direct contact with the consumer. [45] Very often, the digital part of smart goods is supplied and maintained not by the vendor but by a third party (e.g., the product manufacturer). In such situations, the consumer's interests could be affected amongst others by: (1) the direct affiliate (i.e., the vendor); (2) the manufacturer of the physical good; (3) the (technical) supplier of the digital content / service; or (4) the data processor.
47
Multi-party scenarios are obviously not unique to EDCS, but there are several aspects of smart goods, especially the rights and duties connected to consumers' data, that call for enhanced attention.
48
For example, it has to be clarified (possibly within the Recitals), that the consumers' claims against the trader are not diminished by whether the trader does or does not also fulfil the functions of the manufacturer, digital content supplier, or data processor. Clarifications like these are crucial to close loopholes emerging from multiple parties being involved. For example, for “analogue” sale contracts, it is legally unambiguous that the contracting party is liable for the product sold. Even so, it can be observed that in many cases the consumer is redirected to the producer, often giving the impression that the consumer has no rights against the contracting party. It is foreseeable that the contracting parties liable under the DCD will use the same mechanisms to avoid requests to make available or delete user-generated content – a scenario that has to be avoided. The fact that a third party is responsible for data processing, for instance, should not automatically render Article 13a(4) DCD-EP (portability of user-generated content) inapplicable. Instead, the contracting party should have the obligation to support the consumer to the full extent possible, for instance by providing information about the data processor or the consumer's rights according to the GDPR.
49
We strongly recommend to further investigate this aspect and other possibilities to strengthen the consumers' position against third parties through full harmonisation in this field and to examine multi-party scenarios in general. If, however, the trilogue chooses not to harmonise such questions, the final draft should clarify that the DCD does not prejudice the ability of domestic law to regulate these questions.
-
It is crucial to establish a harmonised level of consumer protection for embedded digital content and services (EDCS) covering the digital element of smart goods. EDCS must therefore be covered by the DCD.
-
The existing differentiations between stand-alone and embedded digital content/services at the level of the DCD's scope should be removed. EDCS should be understood as a subset of “supply of digital content or services” and be covered as such.
-
The EDCS-specific rules in Articles 10(1)(b), 9(1)(c), 13b(2), and 3(3) DCD-EP should be deleted. Only where absolutely necessary, EDCS-specific rules should be implemented.
-
For sales contracts, the OSD should generally apply to the physical component of the good and the DCD should generally apply to the digital component. Unless the non-conformity/defect obviously relates to either the digital or to the physical component, consumers should have the free choice on which set of norms to base their claim against the trader.
-
The consumer protection implications arising from multi-party scenarios must further be investigated and expressly addressed in the final text of the DCD.
|
European Commission (09.12.2015) |
Council of the European Union (01.06.2017) |
European Parliament (27.11.2017) |
|
Article 13(2)(c) |
Art 13aI |
Art 13aII |
|
When the consumer terminates the contract, the supplier shall provide the possibility to retrieve all content provided by the consumer and any other data produced or generated through the consumer's use of the digital content to the extent that data has been retained by the supplier.
|
(2) In respect of personal data of the consumer, the supplier shall comply with the obligations applicable under Regulation (EU) 2016/679 (…). (3)
[…] |
(2) In respect of personal data of the consumer, the trader shall comply with the obligations applicable under Regulation (EU) 2016/679.
|
I Footnotes in the DCD-Council text omitted. Emphasis in original.
II Emphasis in original.
50
The data portability rules of the DCD serve different purposes. The first and most obvious function is to safeguard the consumer's right of termination in order to avoid lock-in effects, see Recital 39 DCD-COM. A second purpose is to foster competition, see Recital 46 DCD-COM. The parallel provision in Article 20 GDPR underlines that portability provisions do also aim at the empowerment of the data subject. However, Article 13 DCD-COM is not restricted to personal data but covers also user generated content that is not personal data (in the following: UGC). The general tendency of the provision is to be welcomed. Without portability requirements, at least after termination of a contract, lock-in effects will prevent consumers from switching from one service to another. As a consequence, the consumers' freedom to make a choice and competition between services would be affected.
51
The main difference between the COM's, Council's and EP's proposals concerns the applicable portability regime for personal data. In its proposals, the Council and EP suggest that for personal data, the portability provision of Article 20 GDPR should apply instead of the DCD. The clear advantage of a streamlined portability regime for personal data is its coherence. With one portability regime, codified in the directly applicable GDPR, it would be easier for both consumers and service providers in the EU to know their rights and duties and to adapt their conduct to the legal rules. Since Article 20 GDPR only covers personal data, it is vital that Article 13 DCD maintains additional rules on UGC. Even though most content created by consumers in the current business models meets the criteria of personal data, the provisions should be drafted in a forward-looking wording and cover as many different services as possible.
52
Abandoning the specific portability rules in the Directive should only be considered if the protection given by the GDPR arrives at the same level as Article 13 DCD-COM. Apparently, the most important advantage for consumers under Article 13 DCD is the broader field of application vis-a-vis UGC. By contrast, for personal data Article 20 GDPR provides a higher level of protection.
-
As Article 13 DCD, Article 20 GDPR:
-
covers both personal data given with the consent of the data subject and data necessary for the performance of a contract;
-
has a territorial scope according to Article 3 GDPR, which is comparable to the consumer contract rules of Article 6 Rome I Convention 593/2008;
-
obliges the controller to provide the data in a structured, commonly used and machine-readable format and free of charge, see Article 12(5) GDPR.
-
-
Different from Article 13 DCD and more favourable for the data subject, Article 20 GDPR secures for the data subject the right:
-
to receive the data at any moment, not only after termination of the contract;
-
to ask for transmission of the data directly from one controller to another, where technically feasible;
-
to retrieve personal data in case of embedded data processing devices assumed they are not covered by the DCD;
-
to retrieve personal data from any controller and not just from the contracting party of the consumer who might not even control the personal data if he acts as a mere reseller.
-
-
There are also aspects in which Article 13 DCD might provide a higher level of protection than Article 20 GDPR. However, closer examination shows that these differences concern few cases of a limited practical importance:
-
Article 20 GDPR restricts the portability right to data for which the data subject has given its consent (Article 6(1)(a) GDPR) and to data necessary for the performance of the contract (Article 6(1)(b) GDPR). Article 20 GDPR does not cover data that has been processed unlawfully by the controller. Article 13 DCD may appear as more comprehensive. It covers all data “produced or generated through the consumer's use of the digital content”. This may also cover any processing of data beyond the terms of the contract between consumer and trader. But given the fact that the trader determines the use of the data by its terms and conditions, cases of unlawful use in the framework of a contract are hard to imagine as long as the terms and conditions are valid. By contrast, cases of void contract terms should be solved by a sound interpretation of “consent” in the sense of Article 6(1)(a) GDPR.
-
53
All aspects considered, the Council's and EP's suggestion to replace the portability provision in Article 13 DCD by a reference to the GDPR is well-founded. However, the link to the GDPR should be clarified by an explicit reference to the portability regime enshrined in the GDPR. Also, the portability right for content that is not personal data should be maintained.
54
With regard to UGC, the Council's and EP's proposals suggest a number of exceptions to the portability provision in Article 13a. These exceptions may seriously weaken the consumer's right to retrieve UGC provided to the supplier. For the application of the exceptions, it may not suffice that the suppliers assert “no utility outside the context of the digital content or digital service”, that “only relates to the consumer's activity when using the digital content or digital service” or “has been aggregated with other data by the trader”. Rather, it should suffice that the consumer claims that he sees utility outside the context of the service or that he wants to use the content outside of the service. With regard to the proportionality requirement, the provisions should explicitly oblige the supplier to configure its service in a way that allows UGC to be extracted separately for each consumer. Service providers should apply state-of-the-art technology to protect the consumers' interest in its UGC. If suppliers do not set up their services in such a way as to facilitate the retrieval of consumers' UGC to the maximum effect possible according to state-of-the-art technology, they should not be heard with the argument of disproportionality. The EU legislator should keep in mind that portability rules serve a competition-enhancing purpose. Consumers seeking to retrieve their personal data and UGC to change over to other traders are the key for a functioning digital single market.
55
Moreover, the provisions of portability of UGC should reflect that the trader may not always be the party who stores and processes the content generated by the consumer, e.g. in case of digital content supplied by a mere reseller which enables the consumer to access a service provided by a third party. In such a case, the consumer should have an additional direct right against this third party to retrieve its content. [46]
56
The right to retrieve personal data and other UGC must also be ensured in case of termination of long-term contracts according to Article 16 DCD. The COM's proposal suggests in Article 16(4)(b) to provide a rule which is in line with the termination rule in Article 13(2)(c). The Council proposes to implement a reference to Article 13a and to the GDPR into Article 16(3), which would streamline both sets of rules. Such a reference is missing in DCD-EP with regard to UGC. According to DCD-EP, in case of termination of a long-term contract, the consumer would have the right to retrieve personal data based on Article 20 GDPR. However, the drafters have obviously overlooked the necessity to provide a parallel rule for other UGC. The final text of the DCD should either stipulate explicit portability rules for UGC or contain a reference to Article 13a.
-
The portability of personal data should be governed exclusively by Article 20 GDPR. Article 13 DCD should refer explicitly to the GDPR.
-
The portability of UGC should not be undermined by too broadly defined exceptions, as proposed by the Council and EP. The criteria “no utility outside the context of the digital content or digital service” and “only relates to the consumer's activity when using the digital content or digital service” should be deleted. The right to retrieve UGC should only be excluded if it cannot be made available without disproportionate and unreasonable effort. It should be clarified that suppliers have a duty to apply state-of-the-art technology to guarantee that consumer's UGC can be extracted separately. If suppliers do not apply such technology, they should not be heard with the argument that portability is disproportionate.
-
The DCD must ensure that consumers have a right to retrieve UGC against the trader and any third party that stores and/or processes the content.
-
The DCD must ensure that portability of personal data and other UGC is ensured for long-term contracts under Article 16. The provision must either contain explicit rules or a reference to the GDPR and to Article 13 (or 13a) DCD.
|
European Commission (09.12.2015) |
Council of the European Union (01.06.2017) |
European Parliament (27.11.2017) |
|
Article 6(2) |
Article 6aI |
Article 6aII |
|
To the extent that the contract does not stipulate, where relevant, in a clear and comprehensive manner, the requirements for the digital content under paragraph 1, the digital content shall be fit for the purposes for which digital content of the same description would normally be used including its functionality, interoperability and other performance features such as accessibility, continuity and security, taking into account:
|
Objective requirements for conformity of the digital content or digital service
|
Objective requirements for conformity with the contract
|
I Footnotes in the DCD-Council text omitted. Emphasis in original.
II Emphasis in original.
57
The DCD aspires to harmonise a set of key rules, inter alia, in the areas of conformity of digital content with the contract, certain aspects concerning modification of the content, and termination (Recital 8 DCD-COM). As a result, Member States will not be permitted to provide more or less protection to consumers in the regulated area (Article 4 DCD-COM).
58
Once it has been decided to include data as counter-performance (DACP) transactions within the scope of the DCD, it appears advisable, as a matter of principle, not to discriminate between DACP-consumers and price-paying consumers, unless (1) discrimination is called upon due to the nature of counter-performance as data, or (2) discrimination is supported by an important public policy argument. It cannot be assumed that DACP-consumers per se are less worthy of (harmonised) protection both as a matter of equal treatment and as this premise does not appear to promote a better functioning Digital Single Market.
59
In the context of conformity, the COM's proposal prioritises subjective criteria (Article 6(1) DCD-COM) and would only consider objective criteria to the extent that important aspects of the transaction are not stipulated in the contract in a clear and comprehensive manner (Article 6(2) DCD-COM). Among other things, one of the elements that need to be taken into account while performing an objective conformity scrutiny is the question whether “the digital content is supplied in exchange for a price or other counter-performance than money.”
60
It is not readily clear why this consideration is relevant, and if so, how the DACP-aspect of a contract should influence the application of conformity standards. Applying the non-discrimination principle described above suggests that discrimination between consumer groups on this basis is neither mandated by the nature of the counter-performance nor is it supported by an important public policy goal.
61
The EP proposed to apply objective conformity criteria alongside subjective criteria and not only where the contract is silent or unclear (Article 6a DCD-EP). The Council follows a similar approach in suggesting that objective criteria are applicable “[i]n addition to complying with any conformity requirements stipulated in the contract.”
62
Objective conformity checks are important, and they might be especially important for DACP-consumers. The assumption that DACP-contracts usually involve small-value transactions, at least as typically perceived by consumers, [47] as they are less likely to insist on sufficiently clear or comprehensive provisions in the contract itself in such cases; they might not even bother to read it. It is therefore recommended to apply conformity provisions essentially in an equal manner regardless of the question whether the consumer is required to pay a price or to provide data. [48]
|
European Commission (09.12.2015) |
Council of the European Union (01.06.2017)I |
European Parliament (27.11.2017)II |
|
Article 15 |
Article 15 |
Article 15 |
|
Modification of the digital content
|
Modifications of the digital content or digital service
|
Modification of the digital content or digital service
|
I Footnotes omitted. Emphasis in original.
II Emphasis in original.
63
Article 15(1)(c) DCD-COM ff. stipulates the remedy of termination in case of a negative impact resulting from the supplier modifying the digital content/service. According to the COM's proposal, the consumer may terminate the contract without any charges within no less than 30 days from receipt of notice. In addition, Article 15(2)(b) DCD-COM stipulates the duty of the supplier to refrain from using data that has been provided as counter-performance after such termination. By comparison, the EP would maintain a similar rule of termination if the modification negatively impacts the access to or the use of the digital content or digital service by the consumer (Article 15(1)(a) DCD-EP). Regarding the consequences of termination, Article 15(2) DCD-EP refers to the general termination provisions stipulated in Articles 13, 13a and 13b DCD-EP.
64
In turn, Article 13a DCD-EP makes a distinction between personal data (subsection 2) and “user-generated content to the extent that it does not constitute personal data” (subsection 3). Regarding personal data, subsection 2 mandates a direct application of the GDPR, but regarding non-personal user-generated content, subsection 3 formulates an obligation to refrain from using that content after termination, while adding to it a fairly detailed scheme of exceptions. [49]
65
Interestingly, the result is a de facto discrimination in favour of consumers who extend personal data in return for content/services, since their ability to withdraw their consent under the GDPR – and thereby, effectively bring the contract to an end if their consent is a condition to the continuation of the relationship with the trader – is unqualified. In this case, however, the priority of the GDPR (specifically, Article 17(1)(b) GDPR) [50] over commercial regulation concerning contract termination mandates a differentiated treatment.
66
Such discrimination surely has practical implications. To name one example, under the EP proposal, termination in the case of modification with negative impacts is only effective 30 days from receipt of notice or from the time when the digital content or digital service is altered by the trader, whichever is later. By comparison, under Article 17(1) GDPR, once consent is withdrawn, with or without reason, the data subject has the right “to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay” (emphasis added). Viewed from this vantage point, the GDPR in fact creates an alternative termination regime that is comparatively insensitive to the commercial considerations underlying Article 13a(3) DCD-EP.
67
This interface point provides an example for a situation, in which the DCD cannot provide equal treatment to both consumer groups. This is a structural limitation of the DCD that cannot be undone by its drafter. Rather, an alternative route to prevent unreasonable results to the detriment of traders can be paved by national courts as they apply privacy regulations alongside consumer protection regulations. While doing so, national courts should be permitted to apply contract law remedies available to traders in case the withdrawal of consent is considered a (material) breach of contract under local doctrines, to the extent that such remedies do not collide with data protection law. For instance, if the domestic contract law in such case permits the immediate termination of the contract by the trader without notice, the DCD should not influence the effectiveness of such remedies. [51]
-
A harmonised level of consumer protection under the DCD in the context of conformity should principally apply in an equal manner to DACP-consumers and paying consumers alike. The non-discrimination principle should guide the formulation of the DCD with the focus on avoiding unjustified differentiation between the two classes of consumers.
-
Objective conformity requirements play an important role within the harmonised consumer protection scheme. The type of counter-performance (data or price) should not result in lower requirements in the case of DACP-contracts, and by extension, a lower level of protection to DACP-consumers. Accordingly, subsection (a) under Article 6(2) DCD-COM should be either clarified or removed. In addition, removing the structural hierarchy between subjective and objective conformity criteria in line with the approaches suggested by the EP and the Council would contribute to preventing an indirect discriminative effect.
-
The application of data protection law to situations that are commercial in nature (such as the right to termination in general, or specifically, termination in the case of modification to the detriment of the consumer) marks the limits of the non-discrimination principle in favour of consumers that extend their personal data in exchange for commercial offers. Yet, the DCD should not intentionally inhibit the ability of domestic contract laws to provide remedies to traders in the appropriate case and to the extent that such remedies are in line with EU data protection law.
List of Abbreviations
|
COM |
European Commission |
|
CRD |
Consumer Rights Directive |
|
DACP |
Data as counter-performance |
|
DCD |
Digital Content Directive |
|
EDCS |
Embedded Digital Content and Services |
|
EDPS |
European Data Protection Supervisor |
|
ELI |
European Law Institute |
|
EP |
European Parliament |
|
EU |
European Union |
|
GDPR |
General Data Protection Regulation |
|
LIBE |
European Parliament Committee on Civil Liberties, Justice and Home Affairs |
|
OSD |
Online Sales Directive |
|
TFEU |
Treaty on the Functioning of the European Union |
|
UGC |
User-generated content |
* By Prof. Dr. iur. Axel Metzger, LL.M. (Harvard), Founding Director, Weizenbaum Institute for the Networked Society, Berlin, Professor of Law, Humboldt-Universität zu Berlin;
Dr. iur. Zohar Efroni, LL.M. (Cardozo), Research Project Lead, Weizenbaum Institute for the Networked Society and Humboldt-Universität zu Berlin;
Lena Mischau, Research Associate, Weizenbaum Institute for the Networked Society and Humboldt-Universität zu Berlin;
Jakob Metzger, Research Associate, Weizenbaum Institute for the Networked Society and Humboldt-Universität zu Berlin.
Research Group 4 (“Data as a means of payment”) at the Weizenbaum Institute for the Networked Society – The German Internet Institute
[1] This position paper represents exclusively the opinion of its authors, who are members of the Research Group “Data as a means of payment” at the Weizenbaum Institute.
[2] COM, ‘Proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the supply of digital content’, COM(2015) 634 final, 2015/0287 (COD), 09.12.2015 (hereinafter referred to as “DCD-COM”).
[3] Committees responsible: Committee on the Internal Market and Consumer Protection (IMCO) and Committee on Legal Affairs (JURI).
[4] Article 3(1)(2) DCD-Council.
[5] Article 3(1) DCD-EP. However, the EP does mention “data as counter-performance” in its Amendment 19 (regarding Recital 13).
[6] Cf. Peter Bräutigam, ‘Das Nutzungsverhältnis bei sozialen Netzwerken, Zivilrechtlicher Austausch von IT-Leistung gegen personenbezogene Daten’ (2012) MultiMedia und Recht 635, 637.
[7] Both the Council and EP agree with the COM that those specific business models apply in different forms in a considerable part of the market. See Recital 13 DCD-COM/-Council/-EP – Amendment 19, 20.
[8] See Recital 13 DCD-COM, Recital 13 DCD-EP – Amendment 19.
[9] See EDPS, ‘Opinion 4/2017 on the Proposal for a Directive on certain aspects concerning contracts for the supply of digital content’ (EDPS, 14 March 2017) https://edps.europa.eu/sites accessed 23 March 2018, p. 7.
[10] See Recital 13 DCD-COM/-EP – Amendment 19, 20.
[11] See, e.g., the fundamental right to the protection of personal data as enshrined in Article 8 Charter of fundamental rights of the European Union (“EU Charta”), Article 16 Treaty on the Functioning of the European Union (“TFEU”); different view, EDPS (n [9]) 7: “However, personal data cannot be compared to a price, or money. Personal information is related to a fundamental right and cannot be considered as a commodity. [...] There might well be a market for personal data, just like there is, tragically, a market for live human organs, but that does not mean that we can or should give that market the blessing of legislation”.
[12] Cf. Peter Bräutigam (n [6]) 639; Carmen Langhanke/Martin Schmidt-Kessel, ‘Consumer Data as Consideration’ (2015) Journal of European Consumer and Market Law 218, 219; Artur-Axel Wandtke, ‘Ökonomischer Wert von persönlichen Daten, Diskussion des „Warencharakters“ von Daten aus persönlichkeits- und urheberrechtlicher Sicht’ (2017) MultiMedia und Recht 6, 9.
[13] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
[14] Cf. Carmen Langhanke/Martin Schmidt-Kessel (n [12]) 219 f. (offering a similar observation: “consumer protection takes place at two layers, the layer of data protection and the layer of contract law”).
[15] Cf. Martin Schmidt-Kessel et. al., ‘Die Richtlinienvorschläge der Kommission zu Digitalen Inhalten und Online-Handel – Teil 2’ (2016) Zeitschrift für das Privatrecht der Europäischen Union, Fokus, 54, 59; different view, e.g.: Niko Härting, ‘Digital Goods und Datenschutz – Daten sparen oder monetarisieren? Die Reichweite des vom DinhRL-E erfassten Geschäftsmodells’ (2016) Computer und Recht 735, 738, 740.
[16] See, e.g., Andreas Sattler, ‘Personenbezogene Daten als Leistungsgegenstand’ (2017) JuristenZeitung 1036, 1038, 1041 (offering a critical perspective on this point).
[17] See Axel Metzger, ‘Data as Counter-Performance, What Rights and Duties do Parties Have?’ (2017) Journal of Intellectual Property, Information Technology and Electronic Commerce Law 2, 3.
[18] However, the variation of content/services “against data” (as proposed in Recital 13 DCD-EP – Amendment 19) appears to be an acceptable alternative.
[19] See Article 13(2)(b), Article 15(2)(b), Article 16(4)(a) DCD-COM.
[20] Cf. Article 16(3) DCD-Council, Article 15(2) DCD-EP, Article 13a(2) DCD-Council/EP.
[21] For example, in case of termination of the contract, a reference to the right to erasure (or, the “right to be forgotten”) should be made in Article 13 DCD. This right is currently stipulated in Article 17 GDPR. Such reference would go beyond the suggestion of Article 13a(2) DCD-Council/-EP which provides for a general reference to the GDPR only. At the same time, there is no necessity to repeat or rephrase provisions from the GDPR within the DCD.
[22] Recital 14, Article 3(1) DCD-COM.
[23] See Article 3(1) Footnote 15 DCD-Council: “However, Member States should remain free to extend the application of the rules of this Directive to such situations or to otherwise regulate such situations which are excluded from the scope of this Directive […]”.
[24] See Recital 14, Article 3(1) DCD-EP.
[25] See Explanatory Statement within DCD-EP p. 90.
[26] See Opinion of LIBE within DCD-EP p. 94.
[27] Cf. European Law Institute (ELI), ‘Statement on the European Commission's proposed directive on the supply of digital content to consumers’ (ELI, 2016) https://www.europeanlawinstitute.eu/ accessed 23 March 2018, p. 15 f.; Axel Metzger (n [17]) 3.
[28] In fact, especially cookies in combination with applications such as Google Analytics are used to collect personal data and to create economic value on a large scale; see Gerald Spindler, ‘Verträge über digitale Inhalte – Anwendungsbereich und Ansätze, Vorschlag der EU-Kommission zu einer Richtlinie über Verträge zur Bereitstellung digitaler Inhalte’ (2016) MultiMedia und Recht 147, 149, with further references.
[29] E.g. ELI (n [27]) 10 ff.; Christiane Wendehorst, ‘Sale of goods and supply of digital content – two worlds apart? Why the law on sale of goods needs to respond better to the challenges of the digital age’ (European Parliament, PE 556.928, 2016) http://www.europarl.europa.eu/ accessed 23 March 2018 p. 4 ff.; Explanatory Statement within DCD-EP p. 90.
[31] Those implementation difficulties already lead to the proposal that the member states should be obliged to introduce the DCD not integrated within contractual law, but as a sui generis regime, see Vanessa Mak, ‘The new proposal for harmonised rules on certain aspects concerning contracts for the supply of digital content’ (European Parliament, PE 536.494, 2016) http://www.epgencms.europarl. accessed 23 March 2018, p. 13.
[32] The preparation of the EP-Report has produced a wide variety of proposals: the content / service should be considered embedded, if its functions are subordinate to the main functionalities; or if its absence would render the good inoperable / prevent it from performing its main functions; or if it could not be easily de-installed by the consumer.
[33] See Martin Schmidt-Kessel, ‘Stellungnahme zu den Richtlinienvorschlägen der Kommissionzum Online-Handel und zu Digitalen Inhalten’ (Bundestag, 2016), https://www.bundestag.de/blob , accessed 23 March 2018, p. 2 ff. (also skeptical about the split approach and the possibility to find a suitable definition).
[35] If the definition of “supply” is to be deleted as proposed by the EP, the clarification could be amended within the recitals.
[37] The requirement “in fulfilment of a contractual obligation” would exclude free extras that are not contractually owed, such as pre-installed MP3-Songs delivered with a smartphone.
[38] COM, Amended proposal for a directive of the European Parliament and of the Council on certain aspects concerning contracts for the online and other distance sales of goods, COM(2017) 637 final – 2015/0288 (COD), 31.10.2017.
[39] Explanatory Statement within DCD-EP p. 90.
[40] Cf. Aurelia Colombi Ciacchi/Esther van Schagen, ‘Conformity under the Draft Digital Content Directive: Regulatory Challenges and Gaps’ in Reiner Schulze/Dirk Staudenmayer/Sebastian Lohsse (eds), Contracts for the Supply of Digital Content: Regulatory Challenges and Gaps, Münster Colloquia on EU Law and the Digital Economy II (Nomos, Baden-Baden, 2017) 99, 102 ff.
[41] If one would assume that the same conformity criteria could be adopted to digital goods and physical goods, most rules concerning conformity for sales contracts in the DCD could be deleted and replaced by a referral to the OSD, making a large part of the regulation superfluous.
[43] Article 5(3) Directive 1999/44/EC of the European Parliament and of the Council of 25 May 1999 on certain aspects of the sale of consumer goods and associated guarantees [1999] OJ L 171/12.
[44] For example, if there is a visible crack in the display of a smartphone, the consumer should not be able to make a claim under the DCD, but if the device keeps restarting with no explicable reason, the consumer should be free to choose between both instruments without risking having chosen the “wrong” set of remedies when it comes to litigation against the trader.
[45] Cf., focusing on the license holder: Beale, ‘Conclusion and Performance of Contracts: An Overview’ in Reiner Schulze/Dirk Staudenmayer/Sebastian Lohsse (n [40]) 33, 37; especially on data portability for smart goods: Janal, ‘Data Portability – A Tale of Two Concepts’ (2017) Journal of Intellectual Property, Information Technology and Electronic Commerce Law 59, 65 f.
[46] Whether such a right should be implemented as a direct action against the third party or as an obligation of the supplier to provide the consumer with enforceable rights against the third party (or to pay damages in case of breach of the obligation) is subject to further discussion.
[47] Cf. Yoan Hermstrüwer, ‘Contracting Around Privacy: The (Behavioral) Law and Economics of Consent and Big Data’ (2017) Journal of Intellectual Property, Information Technology and Electronic Commerce Law 9 (“This currency [personal data] seems to be inherently inclusive and egalitarian, since there is no need to be wealthy in order to pay with data.”).
[49] Article 13a(3) DCD-EP.
[50] Article 17(1)(b) GDPR: ”The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay [...]”.
[51] See e.g., § 314 Abs. 1 BGB: “Each party may terminate a contract for the performance of a continuing obligation for a compelling reason without a notice period. […]” (translation as available under https://www.gesetze-im-internet.de/ accessed 23 March 2018).
Fulltext ¶
-
Volltext als PDF
(
Size
470.1 kB
)
License ¶
Any party may pass on this Work by electronic means and make it available for download under the terms and conditions of the Digital Peer Publishing License. The text of the license may be accessed and retrieved at http://www.dipp.nrw.de/lizenzen/dppl/dppl/DPPL_v2_en_06-2004.html.
Recommended citation ¶
Axel Metzger, Zohar Efroni, Lena Mischau, Jakob Metzger, Data-Related Aspects of the Digital Content Directive, 9 (2018) JIPITEC 90 para 1.
Please provide the exact URL and date of your last visit when citing this article.
