European Court of Justice rules on applicable data protection law and terms of use

Today the European Court of Justice (ECJ) decided in the case C-191/15 (Verein für Konsumenteninformation vs Amazon EU Sàrl). The ruling sheds light on some interesting questions with regard to consumer protection law and also assesses the European data protection rules on applicable law.

With regard to consumer protection, the case concerned potentially unfair terms in the terms of use of Amazon EU, a company established in Luxembourg. The ECJ clarified that the law applicable to the examination of the unfairness of terms in consumer contracts which are the subject of an action for an injunction (in this case by Verein für Konsumenteninformation) must be determined independently from the law applicable to the action of injunction itself. National courts might therefore face a situation where they would have to assess the unfairness of certain clauses in terms of use on the basis of the law of another Member State. This result is though not entirely surprising but is now affirmed by the ECJ in a case considering e-commerce.
Continue reading

WhatsApp ordered by a German court to not use English language terms and conditions towards users in Germany

A German court has recently ordered WhatsApp to use German language terms and conditions towards users in Germany (see also here, for example). Or, to be more precise, called upon by a German consumer protection agency the Kammergericht, the appellate court for the district of Berlin, has, amongst other things, decided that using English language terms and conditions for user agreements to be concluded between WhatsApp and users in Germany is in violation of a certain provision of the German Civil Code that demands there to be transparency when using pre-worded terms and conditions towards consumers. So, if you allow the pun, what’s up with that? Continue reading

Why B2B is not necessarily always B2B when it comes to consumer protection

Online-shops that officially trade as B2B-shops must comply with European consumer protection regulations or make actually sure that only business customers can place orders in the shop. In order to ensure that consumers do not use the shop, it is not sufficient to provide the respective disclaimer on the website. That was recently ruled by the Regional Court in Dortmund.

Continue reading

Facebook and the abuse of market power or the German Federal Cartel Office as data protection authority

The German Federal Cartel Office (Bundeskartellamt) has started preliminary proceedings against Facebook in early March, trying to find out if Facebook was misusing its market power to enforce abusive terms and conditions because of alleged data protection law violations. What sounds just like what antitrust authorities do, may in fact have a huge impact on Facebook and how it is behaving against its users.

Continue reading

Is double opt-in dead?

Last week, quite a few lawyers were more than surprised when they heard about a recent Higher Regional Court of Munich decision dealing with the question of how to get prior consent from recipients of advertising e-mails (decision of September 27, 2012, docket no. 29 U 1682/12). Before, the matter had seemed to be fairly settled but now new questions arise. Continue reading

7th National IT-Summit in Essen

Last week, several German political leaders, members of the federal administration, academics, IT-businessmen and other members of the German society met in Essen for the 7th National IT-Summit. The summit is an invite-only conference being held once a year by the German Federal Ministry of Economics and Technology. It forms the end and new beginning of an ongoing discussion between the members of the six working groups and several sub-working groups to develop a nation-wide (political) IT-strategy for Germany. Continue reading

On the Intricacies of German Unfair Competition Law

It‘s easy to be a unfair competition law violator in Germany. Just operate an eBay shop or deal on Amazon’s market place and use their default settings when informing your customers on how long it will take to get the goods delivered to their homes. In all seriousness, that is what the Bremen Court of Appeals has effectively decided in a judgment in early October. Continue reading

E-Commerce Law Reports with our article on Oracle v. UsedSoft

As a blogger you are always happy to receive feedback from your readers. So I was really pleased when shortly after posting my recent comments about the CJEU’s UsedSoft decision, the E-Commerce Law Reports approached me to ask whether I could write a more detailed article about the case for their August 2012 issue. Recently published, this issue also contains a number of other fascinating contributions by colleagues from around the world on a variety of important topics such as the online collection of consumer data, search engines’ liability for misleading search results, the cloning of games, advertising on Twitter, etc. Check it out: http://www.e-comlaw.com/e-commerce-law-reports/

Injunctive relief under competition law

Data protection is big in Europe, especially in Germany. It is not possible to process personal data without a data protection law regulation the data processing. And while data protection laws are primarily supposed to protect the individual’s right to determine how his or her data is being processed, data protection has also become a commercial factor. On the one hand, companies are restricted in their ways of advertisement towards their customers. According to section 28 subsection 3 of the Federal Data Protection Act for example, advertisement is dependent on the individual customer’s consent. On the other hand, data protection compliance demands investments in the implementation of data protection standards within the company, for example to lay down the technical and organizational measures demanded by section 9 of the Federal Data Protection Act. Continue reading

On Liability and Liability Clauses in German Law

When you negotiate agreements between German companies and companies with a – broadly speaking – common law background, especially the U.S., one issue that keeps appearing is the parties’ liability for damages. Groundhog day, if you will.

“Liability” is certainly a difficult legal term to being with, especially as you have to first decide what you are actually talking about when using the word. Continue reading

CNIL’s Sends Second Questionnaire to Google on Google’s New Privacy Policy

Google’s new privacy policy is not that new, as it “went into force” on March 1. It is still big news in data protection terms, though, at least as far as European data protection authorities are concerned. CNIL, commissioned by the Art. 29 Working Party, has now sent a second rather comprehensive questionnaire to Google. Obviously they were not completely sold on Google’s answers to the first set of questions CNIL had sent in March. Continue reading

German E-Commerce Law: “Button Solution” To Come into Force in August 2012

In March 2012 the German Federal Legislator adopted several comsumer protection statutes that will have considerable impact on B2C e- and m-commerce business activities in Germany, implementing, in particular, Art. 8 (2) of Directive 2011/83/EU. The new law applies to any contractural transaction that is entered into via electronic means of communication and leads to payment obligations for the consumer, i.e. any purchase of a book in an online shop, any subscription of content services made as an in app purchase, as well as any other such contract unless it is free of charge. Continue reading

Analytics Cookies to Be Exempt from Consent Requirement in France

As reported by DataGuidance, the UK Information Commissioner the enforcement of the “cookie law” will be “pragmatic and realistic” in the UK. “Pragmatic” and realistic”: Sounds good doesn’t it? Doesn’t sound very German, though, does it? As explained here, the cookie situation in Germany is still unresolved, largely due to the (my take on the matter) inability to come up with a draft for transforming the Directive’s into German law that provides for a workable solution the problem. It seems that at least the current government feels uncomfortable to pass a law the wording of which would effectively rule out a good portion of how websites work today.

Even more interestingly, in the same DataGuidance post they report that the French Data Protection Authority (CNIL) will exempt analytics cookies from the new requirement of prior consent. Continue reading

General Terms and Conditions and What That Means for Localizing Contracts to German Law

When you’re asked to localize contracts coming from a U.S. legal background so that they function under German law two very different legal worlds collide. Things just work differently over here. And things word differently over there. We draft our contracts differently, we use different language (which is why simply having a translator go over your documents just won’t cut it, much less asking uncle Google), our concept of selling and licensing software is nowhere near the “this software is licensed not sold” was of thinking, and so on and so forth. Nothing wrong with that, but it provides for some hard going sometimes.

One of the more peculiar concepts of German contract law is that of or our “Law on General Terms and Conditions” (Google Translator tells me that in English that should be “Legal terms and conditions of” which isn’t even close, so there…). In a nutshell, the idea is this: If, as a company, you work with standard contracts, i.e. a set of contractual documents that you have in your drawer all drafted to best fit your particular interests and ready to pull out for every new customer you want to do business with, the terms and conditions of those contractual documents are subject to the so-called “content control” (we Germans like control, as is well known). Continue reading