consumer privacy in the eu

8/4/2019 Consumer Privacy in the EU

1/18

1

CONSUMER PRIVACY IN THE EU: WHO HAS JURISDICTION?Hillary Musselman

December 2009

Introduction

I. EU Privacy Law

II. EU Consumer Contract Law

i. The Brussels Conventionii. Rome I

iii. E-Commerce Directive

III. Analysisi. Consumer Contract Law

ii. The Public Interest Questioniii. The Role of the Markets

IV.Inspire Art

V. Lessons from the US

VI. Conclusion

Introduction

In the last two decades the number of commercial transactions conducted electronically

has increased dramatically. Consumers provide extensive personal information to retailers in

order to make online purchases, and each transaction increases the risk that sensitive data will be

end up in the hands of someone other than the party with whom a consumer is doing business.1

When personal information is combined with information retailers can collect related to product

1Lynn Chuang Kramer, Private Eyes Are Watching You: Consumer Online Privacy Protection -

Lessons from Home and Abroad, 37 TEX. INT'L L.J. 387, 389 (2002)


2/18

2

preferences and information they can collect using cookies, retailers are able to create revealing

profiles of individual consumers. These profiles are extremely valuable to marketers who use

them to develop targeted advertising, but they may also be valuable to individuals, or

governments, with more nefarious purposes.

To protect consumers and promote the growth of e-commerce, many countries have

enacted legislation placing specific restrictions on what information companies may collect and

how they may use this data. The starting point for such legislation in Europe is the EU E-

Privacy Directive. Member States must comply with its terms, but they are free to implement it

into their laws as they see fit and may include requirements beyond those in the Directive. As a

result, privacy laws vary from one Member State to another and companies attempting to craft

policies applicable to each Member State face serious challenges.

The E-commerce Directive of 2003 allows e-retailers to establish a base in one Member

State and specify in their Privacy Policy/Terms of Service (TOS) that, in the event of a dispute,

they are subject solely to the rules of that country.2

However, this may not be effective in

protecting against claims for violations occurring beyond the scope of the TOS agreement.

Questions remain as to whether the Data Protection Authority (DPA) of a Member State that

requires higher levels of consumer protection could receive and address complaints from its

citizens related to a company based in a Member State that requires lower levels of protection.

The following analysis attempts to resolve this question by first considering how

European law has addressed the issue of jurisdiction in consumer contracts. A websites privacy

policy is, after all, a contract between consumer-users and website-businesses. If a choice of law

provision is enforceable under European law consumers will only be able to bring suit in the

2 Council Directive 2003/31, 2000 O.J. (L 178) 1 (EC)


3/18

3

forum specified in the contract. If, however, the term is found invalid, consumers may have

options as to where they will sue.

If a Member State has jurisdiction to hear a contract claim that Member States DPA

might also assert jurisdiction over related claims against website-businesses, even if the company

is based in a Member State where privacy laws have not been violated, on the premise that it

would be incongruous for a Member State to have jurisdiction to hear a contract claim but not to

address related complaints. It follows that if the choice of law provisions in a TOS contract are

valid then a country, other than the selected forum, may not hear issues arising under the contract

and it should also not have jurisdiction to hear related claims. However, based on the Brussels

Convention and Rome I, choice of law provisions in a TOS agreement are probably not valid as

part of a consumer contract. Therefore, the question remains whether or not the DPA of a

Member State, other than that in which a company is based, may hear claims for violations of

that Member States privacy laws. The following attempts to answer to this question based on 1)

a brief review of EU privacy law; 2) an assessment of EU Consumer Contract law and EU law

regarding electronic transactions viewed in light of the overall purposes of the E-commerce

Directive and the E-privacy Directive; and 3) ECJ case law that has addressed issues of choice

of law and the effect of EU Directives on local laws.

If a company is subject to unique privacy laws in each Member State where it has users,

crafting privacy policies that protect consumers while also shielding the company from liability

will become extremely difficult and there may be a chilling effect on information transfer and

commerce. As this is the exact result that much EU legislation is meant to prevent, individual

Member States DPAs should not have the authority to enforce claims of privacy violations by

companies based in other Member States.


4/18

4

I. EU Privacy Law

The European Parliament passed the EU Data Protective Directive3 (DP Directive) in

2002. This Directive creates specific obligations for any data controller,4

defined by Directive

95/46/EC as a

natural or legal person, public authority, agency or any other body which alone orjointly with others determines the purposes and means of the processing of

personal data; where the purposes and means of processing are determined bynational or Community laws or regulations, the controller or the specific criteria

for his nomination may be designated by national or Community law.5

The term personal data is broadly construed so as to include all information about a person.6

By the terms of the Directive, personally identifying information (PII) may only be collected for

legitimate purposes and may not be collected without consent unless it is to perform on a

contract, meet legal obligations, or protect an individuals vital interests.7

Additionally, PII

may not be transferred to countries that do not provide comparable levels of protection and it

may not be transferred without adequate security. Both civil and criminal penalties may be

imposed for illegally using or handling information.8

The DP Directive grew out of the desire of EU leaders to ensure that differing levels of

data protection between countries would not create an obstacle to commerce and harm the

functioning of the European marketplace.9

It establishes the minimum protections that Member

States must provide and requires each to have an independent data protection supervisory

3Council Directive 2002/58, 2002 O.J. (L 201), 31 (EC)

4 EU Approach to Internet Privacy (1p.6)5 Council Directive 95/46, 1995 O.J. (L 281), 31 (EC)6Mark F. Kightlinger, Twilight of the Idols? EU Internet Privacy and the Post Enlightenmetn

Paradigm, 14 Colum. J. Eur. L. 1, 10 (2008)7id. at 13

8Rustad,E-Commerce: Challenges to Privacy, Integrity, and Security in a Borderless World:

Circles of E-Consumer Trust: Old E-America V. New E-Europe, 16 MICH. ST. J. INT'L L. 183, 190

(2007)9 Kramer,supra note 1, at 398


5/18

5

authority (DPSA) capable of conducting investigations into claims of violations.10

The Directive

also requires DPSAs to identify and assess privacy risks 11 and issue sanctions for violations.12

Each Member State may, however, reserve for itself sole control over what information it will

deem capable. . . of infringing freedoms or privacy13

and each is free to interpret the Directive

in its implementing legislation as it sees fit, as long as it provides the minimum level of required

protections.14

As a result, privacy laws in Europe vary from one nation to another. Germany, for

example, is highly opposed to the government maintaining stores of personal data, an outgrowth

of their experience during WWII. It has implemented some of the most extensive laws in Europe

regulating what information the government and private companies may collect and what they

may do with it.15

In contrast, Luxembourg has implemented the Directive with few additional

requirements.16

Probably not coincidentally, both Amazon.com and eBay.com maintain their

European headquarters there and specify in their privacy policies/TOS that they will be subject

solely to the laws and jurisdiction of Luxembourg.

II. EU Consumer Contract Law

i. The Brussels Convention

10Kightlinger, supra note 6, at 13

11id. at 2212

INSTITUTE FORINFORMATIONAL LAW, REGULATING SPAM DIRECTIVE 2002/58 AND BEYOND 51(2004)13

Kightlinger, supra note 6, at 914 INSTITUTE FORINFORMATIONAL LAW,supra note 12, at 2315

Kightlinger, supra note 6, at 1316

Law on Protection of Persons with regard to the Processing of Personal Data, August 2, 2002,

available at http://www.cnpd.lu/fr/legislation/legis_nationale/index.html


6/18

6

The Brussels Convention establishes the rules of international private law in the

European Union. A drafting committee began working in 1959 to draft [a] convention on

jurisdiction and the recognition and enforcement of judgments in civil and commercial matters,

and the enforcement of authentic instruments,17

with the goal of streamlining negotiations and

facilitating transactions between members in accordance with the Treaty of Rome, which

established the European Community.18

The committees proposed legislation was approved in

1966 and signed in 1968 by the original EC (now EU) Member States.19

The Convention specifies when Member States have jurisdiction to hear matters

involving companies based in other Member States. In recent years there has been a shift in

European courts to resolve questions of jurisdiction over companies according to the country of

incorporation doctrine, which indicates that a company will be subject to the jurisdiction of the

Member State in which it is domiciled.20

Amendment 60 of Brussels I (44/2001) provides that

domicile is determined by the country where they have their statutory seat, central

administration or principal place of business.21

Where contracts between equally sophisticated

parties specify the forum in which disputes will be settled, courts readily uphold these

provisions, where reasonable, as Brussels clearly indicates a preference for freedom to contract.

In the case of consumer contracts, however, where the parties are not on equal footing

due to information and power asymmetries, special protections are applied.22

Brussels Article 5

17id.

18id.19 Robert C. Reuland, The Recognition of Judgments in the European Community: The Twenty-

Fifth Anniversary of the Brussels Convention, 14 Mich. J. Int'l L. 559, 563 (1993)20

Benjamin Angelette, The Revolution that Never Came and the Revolution Coming- De

Lasteyrie Du Salliant, Marks and Spencer, Sevic Systems, and the Changing Corporate Law inEurpoe, 92 VA. L. REV. 1189, 1193 (2006)21

Council Directive 44/2001, (2001) O.J. (L 12), 1 (EC).22

Brussels Convention on Jurisdiction and the Enforcement of Judgments in Civil and

Commercial Matters, art. 23, 1998 O.J. (C 27) 1 [hereinafter Brussels Convention]


7/18

7

states that a company may be sued in the place where it provides performance of a contract,23

and Article 15 states that a company may be sued in any place where it directs its services,24

provided the directed activity precedes the contract.25

Therefore, a company that advertises in a

Member State, other than that in which it is incorporated, may be subject to the jurisdiction of

the other Member State if a consumer responds to the advertisement and enters into a contract

with the company, whether for goods or services. Article 17 specifically states that despite the

terms of a contract, a consumer cannot be stripped of his right to sue at home.26

ii. Rome I

The Rome Convention further defines the consumer protection laws established by the

Brussels Convention. It was enacted to create standard rules regarding choice of law in contracts

between parties in different EU Member States. Its provisions are largely consistent with those of

Brussels and serve to clarify existing laws to further promote commerce and exchange between

EU Member States.27

Like Brussels, Rome I largely supports freedom of contract between

parties, but specifically states that consumers must be provided with additional protections.

Article 53 of the Treaty of Rome provides that Member States shall not introduce any

new restrictions on the right of establishment in their territories of nationals of other Member

States, save as otherwise provided in this Treaty.28

Article 58 extends this freedom of

establishment to corporations.

Like Brussels, Rome I provides that choice of law provisions do not deprive a consumer

of the protections of his home state if the contract comes after the company directed activities to

23Brussels Convention art. 5



26 Brussels Convention art. 1727

Convention on the Law Applicable to Contractual Obligations, 1998 O.J. (C 27) 34[hereinafter Rome I]28 Rome I art. 53


8/18

8

that Member State.29

Additionally, Article 3 states that where consumer contracts are concerned,

consumer protection laws of a receiving Member State may be applied even if they are stricter

than the laws of the Member State of origin if it is in the public interest.30

Further, Article 8

allows a country to determine whether or not a contract is enforceable according to its own laws

when the validity of the contract is at issue. Therefore, when a party claims that a contract as a

whole is unfair as against the public interest a court may determine its enforceability according

to its own laws irrespective of choice of law provisions provided in the contract. This dovetails

on the 1993 Directive on Unfair Terms in a Consumer Contract, which provides that portions of

a consumer contract may be eliminated where they were not negotiated or are unfair.

31

These provisions are particularly important in determining how a court will consider the

validity of the TOS contract. Such contracts are often referred to as click wrap contracts.

Consumers are presented with a standard agreement that they may accept or reject. They have no

ability to negotiate the terms. This power asymmetry is precisely why consumers are afforded

additional protections by consumer contract law and why European courts are less likely to

enforce one-sided choice-of-law or forum clauses in consumer transactions.32 These sections

may provide a means by which a consumer can allege that a click wrap contract is unfair as a

whole, and therefore invalid, and provide an additional avenue by which a foreign court may

assert jurisdiction over a company.

iii. E-Commerce Directive

By the end of the 1990s the need for uniform guidelines to facilitate online transactions

29Rome I art. 5

30 Rome I art. 331

David Naylor and Cyril Ritter,French Judgment Condemning AOL Illustrates Consumer

Protection Issues Facing US Businesses Operating in Europe, 1 N.Y.U. J. L. & Bus. 881, 886(2005)32 Rustad,supra note 8, at 186


9/18

9

and commerce was widely recognized. In 1999 the Organization for Economic Cooperation and

Development (OECD) established the Guidelines for Consumer Protection in the Context of

Electronic Commerce, which called for consumers to receive the same protections in online

transactions as they are afforded in in-person transactions. The guidelines also stated that

companies should not exploit the characteristics of e-commerce and use unfair contracting

practices in order to avoid consumer protections.33

The following year, the European Parliament passed Directive 2000/31, the E-Commerce

Directive. Member States were required to pass implementing legislation by 2002 in order to

promote, and ensure stability in international electronic commerce.

34

The Directive is primarily concerned with the efficient functioning of internal markets and

with online information services such as newspapers, internet sales, and professional and

entertainment services.35

It establishes the rules regarding what information covered parties must

provide and establishes limits on liability for intermediary service providers.36

The Directive

explicitly provides that a company will only be subject to regulation in the country where

information originates.37 This was intended to create certainty in transactions and allow

companies to predict where they would be subject to jurisdiction to allow them to plan their

corporate activities accordingly.

Despite this provision, 2000/31 makes it clear that it is not intended to deprive consumers

of the protections related to contracts afforded to them under Brussels and Rome. According to

Article 3(4), even if the laws in the receiving Member State are stricter than those in the Member

33Naylor,supra note 31, at 893

34Norbert Reich and Axel Halfmeier,Electronic Commerce: Consumer Protection in the Global

Village: Recent Developments in German and European Union Law, 106 Dick. L. Rev. 111, 131(2001)35 Reich,supra note 34 at 13336

id.37

Rustad,supra note 8, at 211


10/18

10

State of origin, national consumer protection rules may be applied insofar as they are justified by

the public interest.38 Therefore, where a country has a substantial interest in enforcing its laws

against a foreign company it may do so to protect consumers.

III. Analysis

i. Consumer Contract Law

The question that arises under Brussels and Rome I is what constitutes a directed activity,

as both distinguish between passive consumers, who receive higher a higher level of protection,

and active consumers, who receive a lower level of protection. Advertising that specifically

targets citizens of a country is certainly directed activity, but, in the case of an electronic

business, are domain names and server locations relevant? A .co.uk address clearly

contemplates that a site will be accessed from the United Kingdom. Therefore, it seems

reasonable to conclude that British courts should have jurisdiction to hear consumer claims

against a company based on alleged breaches of the TOS regardless of choice of law provisions

contained in the agreement. Server location is less likely to indicate that a company is targeting

customers from a specific country. There may be a variety of reasons for using servers in a

particular country, many of which have more to do with pricing than with customer service. Still,

it seems that if a company has servers in a country they should not be surprised if that country

attempts to assert jurisdiction over activities taking place on those servers.

Although the court of a country may hear claims arising under the TOS contract when a

merchant has specifically targeted the citizens of that country, whether through advertising,

domain name, or server location, the same court may still not be able to hear related privacy

claims not arising under the contract. These claims would be subject to the provisions of the E-38 Reich,supra note 34, at 133


11/18

11

Commerce Directive, which applies the country of origin principle unless it is in the public

interest to do otherwise.39

ii. The Public Interest Question

Certainly privacy protection is in the public interest. However, when a company is not

accused of violating the minimum protection standards established by the E-Privacy Directive or

the minimum standards of the EU country in which it is incorporated, does the public really have

much to gain by having more stringent protections enforced? EU citizens are still afforded

essential protections, so can a company really be said to be acting against the public interest by

not providing customers with the highest levels of protections required by a Member State?

If the answer to these questions is yes, website-companies will need to either specifically

tailor their practices to the policies of each individual Member State in which they operate or

they will have to craft one policy that meets the requirements of the most restrictive country.

Alternatively, to avoid having to comply with more stringent standards, a company may opt to

not offer services in a particular country. This is exactly the effect that the E-Privacy Directive

was enacted to prevent.

iii. The Role of the Markets

Market theory indicates that party choice is the best way to allocate authority unless there

are conflicts with the public interest or negative externalities.40

In the case of TOS and privacy

policy agreements between online businesses and consumers, informational asymmetries and

privacy concerns indicate that government regulation may be needed to ensure fairness and

protection for consumers, but this regulation exists in the form of the E-Privacy Directive and in

the portions of the Brussels Convention, Rome I, and the E-Commerce Directive that provide

39Reich,supra note 34, at 133

40Horatia Muir Watt, Choice of Law in Integrated and Interconnected Economies: A Matter of

Political Economy, presented at the Ius Commune Conference, 5 (November 28-29, 2002)


12/18

12

increased protections in the case of consumer contracts. Violations of the privacy laws of an

individual Member State, which exist beyond what is required by the EU, simply do not

constitute negative externalities so severe as to allow regulation to interfere with freedom of

contract and the functioning of the electronic marketplace.

iv. Conclusion

Allowing claims for violations of Member State privacy laws to be heard by Member

States other than those in which companies are incorporated would lead to uncertainty in

corporate planning, which is what the E-Commerce Directive was enacted to eliminate. It seems

likely that, because all EU companies must comply with the E-Privacy Directive, there is simply

not a substantial public interest in allowing a Member State to enforce its stricter standards on a

company based in another Member State, and, in fact, there is a public interest in not allowing

such claims to be heard.

Based on the overarching purposes of the E-Commerce Directive, the recognized

importance of a well-functioning electronic marketplace, and the existence of the E-Privacy

Directive, which ensures all EU citizens of specified privacy protections, Member State privacy

claims should not be within the jurisdiction of a Member State other than the Member State in

which a company is incorporated. This is consistent with the purposes for which the EU was

created and may find support in recent ECJ case law.

IV.Inspire Art

Inspire Arthas been called one of the most important ECJ decisions in recent years.41

Although the case centers on a companys freedom of establishment, it addresses the ability of a

41Inspire Art another landmark decision regarding the cross border transfer of the companys

seat, http://www.lawforum-online.com/detail/dns.asp?dnID=45 (last updated 17 March 2004)


13/18

13

country to impose laws on foreign companies beyond those contained in directives. The Court

ultimately decided that a Member State should not be able to enforce its own rules on companies

established in countries with less rigid, but still EU Directive compliant, laws.

Inspire Art, Ltd. was established as a British company, despite the fact that the company

operated exclusively in the Netherlands. It was incorporated in the UK to take advantage of more

favorable laws on corporate formation. To conduct business in the Netherlands, the company

registered there as a formally foreign company,42

and, as a result, the Netherlands attempted to

enforce against it the capitalization requirements of their Law on Formally Foreign Companies

(WFBV).

43

Inspire Art argued that by imposing these additional requirements, the Netherlands was

interfering with its freedom of establishment as granted by 43 EC, which provides for the

freedom of establishment for individuals, and 48 EC, which extends the same freedom to a

company incorporated according to the laws of a Member State.44

The Dutch government argued

that it was not denying the companys freedom to incorporate in another Member State and still

be recognized in the Netherlands and that it was only enforcing other administrative

requirements.45

The ECJ was not persuaded by this argument. The Court held that the additional

requirements imposed on the foreign company were unenforceable as impediments to the

freedom of establishment. It noted, in particular, that this held true even when a company was

42Case C-167/01, Kamer van Koophandel en Fabrieken voor Amsterdam v Inspire Art Ltd., 2003

ECR I-1015543

Id. at 144

Case C-167/01,supra note 42, at545id. at 17


14/18

14

incorporated in a particular country for the express purpose of avoiding the laws of another

state.46

The ECJ found that it is contrary to Article 2 of the Eleventh Directive for national

legislation such as the WFBV to impose on the branch of a company formed in accordance with

the laws of another Member State disclosure obligations not provided for by that directive.47

Despite the fact that disclosure obligations are often viewed in light of the public interest

and of the government interest in protecting citizens from unscrupulous corporate practices, the

ECJ essentially found that the Eleventh Directive preempted the WFBV. The Directive

established the minimum standards that all countries must abide by in order create uniformity in

laws and promote a functioning European marketplace. When a country attempted to enforce

obligations in excess of the Directive on a company incorporated in another jurisdiction, the ECJ

would not allow it, despite the potential public interest in enforcement. Based on this, it is

reasonable to conclude that the court would be equally unwilling to enforce especially stringent

privacy laws of a country against a company not established there.

V. Lessons from the US

The United States, as a nation founded on the principles of federalism, has been dealing

with conflict of laws, choice of laws, and preemption issues for many years. InBibb v. Navajo

Freight Lines, the Supreme Court found that the mud-flap requirements Illinois imposed on truck

companies impermissibly violated the Commerce Clause of the Constitution.48 If a truck

company was required to comply with the more stringent requirements it would either have to

bear the expense of making any truck that may enter Illinois compliant with its laws or it would

46id.

47Case C-167/01,supra note 42, at 13

48 Bibb v. Navajo Freight Lines, 359 U.S. 520 (1959)


15/18

15

have to avoid the state entirely. The court found that this would have an impermissible chilling

effect on commerce, and refused to uphold the law.49 Ensuring that one state is not able to

enforce its laws on citizens of other states, including corporations, and ensuring that firms do not

seek to avoid certain states with more stringent laws to the detriment of the national marketplace

are primary concerns in preemption cases.50

In addition, US courts are increasingly willing to uphold choice of law provisions

contained in contracts.51

They were initially hesitant to uphold such provisions,52

as The

Restatement First of Conflict of Laws applied the vested rights theory, which indicates that if

multiple jurisdictions can hear a claim the jurisdiction in which rights vested will be allowed to

hear the claim, that is, where the last act or event necessary to create a cause of action

occurred.53

However, the courts have recognized the desirability of enforcing contractual

choice of law to deal with the problem of regulation by multiple states.54

The Restatement

Second of Conflict of Laws, approved in 1969, specifies that a partys choice of law should

prevail where there is a reasonable basis for the choice, it does not interfere with a

fundamental policy of a state claimed to have jurisdiction, and that state does not have a

materially greater interest in the issue than the chosen state.55

As commerce has expanded and changed to include transactions via electronic channels,

courts have extended their willingness to accept choice of law provisions in contracts entered

49id.50

Larry E. Ribstein, From Efficiency to Politics in Contractual Choice of Law, 37 Ga. L. Rev. 363,393 (2003)51id. at 36652

id. at 37053

id.54

id. at 39355id. at 373


16/18

16

into online or over the phone, even where the contract is between a business and a consumer.56

In

cases involving Gateway 2000, Inc. courts found that a lack of bargaining between Gateway and

consumers purchasing computers over the internet and the phone did not lead to invalid

consumer contracts. They ruled that choice of law provisions would be maintained where they

are not unreasonable.57 Because consumers have options when deciding which vendors to do

business with and because it is not typically in the interest of a company to impose requirements

on customers beyond what would typically be expected, the courts found a stronger interest in

creating certainty in commerce as long as the terms of a contract are reasonable.58

Further, because a lack of established dispute resolution mechanisms reduces consumer

confidence, the US legal system has attempted to create uniform laws related to e-commerce in

order to create certainty and promote electronic transactions.59

The Uniform Computer

Information Transactions Act (UCITA) cites the increased costs of trying to adhere to the laws of

multiple jurisdictions as a reason for applying the laws of a licensors state to conflicts that arise

between parties, absent contractual choice of law provisions.60

UCITA was drafted between 1995

and 1999 in order to establish standard principles governing contracts entered into in the course

of electronic transactions.61

The Act has been the subject of much criticism, and by 2004 only

two states had adopted it,62

nonetheless, it indicates recognition of the need to establish standard

56id. at 408

57Borowiec v. Gateway 2000, Inc., 209 Ill. 2d 376 (Ill. 2004); Hill v. Gateway 200, Inc.,105

F.3d 1147 (7th

Cir. 1997)58Ribstein, supra note 50, at 40359

id. at 48360

Ribstein,supra note 50, at 39361

Pratik A. Shah,Berkeley Technology Law Journal Annual Review of Law and Technology: I,

Intellectual Property: A. Copyright: 5. Preemption a) Contract enforceability: The Uniform

Commercial Information Transactions Act, 15 Berkeley Tech. L.J. 85, 98 (2000)62

Warren E. Agin and Scott N. Kumis, A Framework for Understanding Electronic InformationTransactions, 15 Alb. L.J. Sci. & Tech. 277, 303 (2005)


17/18

17

laws governing e-commerce in order to facilitate the continued growth of the electronic

marketplace.

Were the EU to take a similar approach to preemption and choice of law questions, they

would likely conclude that the court of a Member State, other than that chosen in a contract,

would not have jurisdiction to hear a claim. Additionally, because of the overriding interest in

promoting commerce by ensuring predictability and efficient corporate planning, courts would

likely find that a Member State could not enforce its own more stringent laws on a foreign

company acting in compliance with the laws of its home state and with EC Directives.

VI. Conclusion

Most EC Directives and regulations have been enacted with the goal of harmonizing laws

between Member States to support an efficient European marketplace. Over the last two decades

the internet has played an increasingly important role in commerce, and the EU is now the

second largest e-commerce market in the world.63

As a result, the EC has a strong interest in

preventing and eliminating barriers to the flow of information or goods that would have a

chilling effect on the electronic marketplace.

Both the E-commerce Directive and the E-privacy Directive were enacted in recognition

of this interest. Each clearly indicates that its purpose is to harmonize laws between European

countries regarding transactions and transfers of information. However, because Member States

remain free to implement the Directives into their laws as they see fit, there are still differences

between the laws of each country. This raises a question as to when a country may enforce its

own stricter laws against a company headquartered in another Member State that specifically

63Lucille M. Ponte,Boosting Consumer Confidence in E-Business: Recommendations for

Establishing Fair and Effective Dispute Resolution Programs for B2C Online Transactions, 12

Alb. L.J. Sci. & Tech. 441, 457 (2002)


18/18

18

provides in contracts with consumers that it will be subject solely to the jurisdiction of its home

state.

EU law related to consumer contracts and consumer protections makes it clear that a state

may hear citizens claims arising under contracts entered into with foreign companies despite

choice of law provisions. Although it seems logical that if a state can hear claims under a

contract it should also be able to hear related claims not under the contract, to allow this would

force companies to comply with the laws of any state in which their services may be used and

would have a chilling effect on commerce. This is precisely the result the E-commerce Directive

and the E-Privacy Directive sought to prevent. Therefore, a state should not have the authority to

enforce laws in excess of those contemplated in a Directive on a company legally formed in

another Member State, where there is not a public policy interest greater than the EUs interest in

a functioning marketplace. Whether consumer privacy will be deemed a greater interest remains

to be seen.

consumer privacy in the eu

Documents