The Perfect Match? A Closer Look at the Relationship between EU Consumer Law and Data Protection Law

Basic Information

• Paper ID: 2510.13466
• Title: The Perfect Match? A Closer Look at the Relationship between EU Consumer Law and Data Protection Law
• Authors: Natali Helberger (University of Amsterdam), Frederik Zuiderveen Borgesius (University of Amsterdam), Agustin Reyna (BEUC, the European Consumer Organisation)
• Classification: cs.CY (Computers and Society)
• Published Journal: Common Market Law Review, Volume 54 (2017), Issue 5
• Paper Type: Legal Theory Research

Abstract

In modern markets, many companies provide so-called "free" services and generate revenue by collecting consumer data through these services. This paper argues that consumer law and data protection law can effectively complement each other. Data protection law can also provide guidance for the interpretation of consumer law. Through consumer rights, consumers should be able to challenge excessive collection of their personal data. Consumer organizations have already utilized consumer law to address data protection violations. The interaction between data protection law and consumer protection law provides exciting opportunities for a more integrated vision of "data consumer law."

Research Background and Motivation

Problem Context

1. New Challenges in the Digital Economy: In the digital economy, many online digital services are no longer exchanged for money but for personal data. "Paying with data" has become a popular yet misleading expression.
2. Separation of Legal Frameworks: Historically, consumer law and data protection law have belonged to two distinct domains:
   • Consumer law primarily concerns the relationship between consumers and traders of products and services
   • Data protection law aims to protect fairness and fundamental rights when processing personal data
3. Need for Legal Framework Integration: With the proliferation of data-driven consumer products and services, and the widespread adoption of the Internet of Things, the relevance of data collection and processing as part of service provision to consumers will further increase.

Research Motivation

1. Limitations of Existing Approaches: Relying solely on data protection law may not provide optimal protection for digital consumers, particularly given its emphasis on informed consent as the legal basis for data processing in consumer transactions.
2. Policy Development Needs: In 2014, the European Data Protection Supervisor (EDPS) began discussing the interaction between data protection, competition law, and consumer protection in the digital economy; in 2015, the proposed Digital Content Supply Contracts Directive formally placed data exchange services on the EU policy agenda.
3. Theoretical Gap: The interaction between consumer law and data protection law has not been sufficiently understood, necessitating exploration of how the two domains can complement each other.

Core Contributions

1. Theoretical Framework Construction: Proposes a comprehensive vision of "data consumer law," exploring the possibilities of consumer law and data protection law complementing each other.
2. Legal Application Analysis: Provides detailed analysis of how consumer law supplements data protection law in the following areas:
   • Flexibility in information disclosure requirements
   • Legal protection of "free" services
   • Identification of unfair contract terms
   • Regulation of unfair commercial practices
   • Protection of vulnerable consumers
3. Practical Case Studies: Through actual cases from Germany, Norway, and other countries, demonstrates how consumer organizations have successfully applied consumer law to address data protection violations.
4. Policy Recommendations: Provides recommendations for improving the draft Digital Content Directive and developing the legal framework for the data economy.

Methodological Details

Research Methods

This paper employs comparative legal research methods, combining theoretical analysis and case studies:

1. Legal Text Analysis: In-depth analysis of relevant legal provisions including GDPR, Consumer Rights Directive, Unfair Commercial Practices Directive, and others
2. Case Study Method: Analysis of actual enforcement cases from Germany, Norway, and other jurisdictions
3. Comparative Analysis Method: Comparison of the effectiveness of consumer law and data protection law in different contexts

Analytical Framework

1. The Role of Data in Consumer Transactions

• Economic Asset: The concept of data as currency
• Service Component: Data processing as a necessary condition for service provision
• Service Term Determinant: Determining personalized pricing and service conditions through data analysis
• Decision-Influencing Mechanism: Using consumer data to identify and exploit personal biases and vulnerabilities

2. Legal Complementarity Analysis

Analysis of the complementarity of the two legal systems through four core areas:

• Consumer information rights
• Legal status of "free" services
• Unfair contract term control
• Commercial practice regulation

Core Findings

1. Enhancement of Consumer Information Rights

Contributions of Data Protection Law:

• GDPR establishes detailed transparency obligations
• Requires the use of concise, intelligible language
• Recommends the use of visual representations and standardized icons

Supplements from Consumer Law:

• The Unfair Commercial Practices Directive provides additional flexibility
• Requires disclosure of material information that may affect consumer transaction decisions
• Provides specific remedies for violations of information obligations

2. Legal Protection of "Free" Services

Current Issues:

• Traditionally, services not involving monetary payment often fall outside the scope of consumer law protection
• Results in consumers obtaining services through data or attention receiving lower levels of protection

Legal Developments:

• The Unfair Commercial Practices Directive prohibits describing products requiring personal data provision as "free"
• The draft Digital Content Directive explicitly includes data as "consideration for performance" within the scope of protection

3. Identification of Unfair Contract Terms

Scope of Application:

• The Unfair Contract Terms Directive applies to all contracts between consumers and suppliers
• Can assess the fairness of terms requiring consumers to consent to excessive data processing

Practical Cases:

• German consumer organizations successfully sued Facebook and Apple over unfair contract terms
• Berlin courts determined that data protection law provisions must be considered consumer protection provisions

4. New Forms of Consumer Vulnerability

Extension of Traditional Concepts:

• Traditionally based on personal characteristics such as age, disability, and income
• In digital environments, requires identification of new vulnerable consumer groups

New Forms of Vulnerability:

• Active online users (leaving extensive data trails)
• "Quantified self" consumers
• Groups particularly susceptible to manipulation in digital markets

Practical Case Analysis

1. German Facebook Case

• Case Background: German consumer organization federation sued Facebook over its "Find Friends" feature
• Legal Basis: Violation of German data protection law and unfair commercial practices law
• Judgment Result: Berlin Court of Appeals confirmed that data protection violations simultaneously constitute consumer law violations
• Significance: Established precedent that consumer organizations can bring actions for data protection violations

2. Norwegian Tinder Case

• Case Background: Norwegian Consumer Council complained that Tinder's terms violated unfair contract terms law
• Points of Contention:
  • Making terms effective through implied agreement
  • Allowing access to consumer information from other applications
• Legal Significance: Demonstrates the role of consumer law in reviewing personal data collection and processing terms

3. Connected Toys Case

• Action Background: Coordinated action by consumer organizations in the United States and European Union
• Objective: Requesting consumer agencies and data protection authorities to review data protection and consumer law violations in connected toys
• Significance: Demonstrates the potential application of consumer law in privacy protection for Internet of Things products

Challenges and Limitations

1. Consistency Issues

• Conceptual Differences: The two legal domains may apply concepts such as harm, fairness, damages, or data inconsistently
• Quality Standards: Under the draft Digital Content Directive, consumers exchanging data for services appear to have no right to expect the same functionality and quality standards as paid services

2. Conflicts and Contradictions

• Consent Requirements: GDPR requires consent to be "freely given," but the draft Digital Content Directive explicitly recognizes providing personal data as a possible consideration for performance
• Exercise of Rights: Consumer rights to withdraw consent at any time under GDPR may conflict with contractual obligations under contract law

3. Commodification Risks

• Fundamental Rights Protection: Recognizing that data can serve as consideration for performance under consumer law should not be interpreted as justification for treating personal data as a commodity
• Human Rights Considerations: Viewing personal data solely as a tradable commodity would conflict with human rights

Policy Recommendations

1. Improvement of Legal Framework

• Unified Standards: Establish consistency standards for data-related concepts between consumer law and data protection law
• Remedial Measures: Design appropriate remedies for cases where "free" services fail to meet requirements
• Indirect Financing Models: Consider service models financed indirectly through behavioral advertising

2. Regulatory Coordination

• Institutional Cooperation: Strengthen coordination between consumer protection authorities and data protection authorities
• Enforcement Uniformity: Establish unified enforcement standards and procedures

3. Future Research Directions

• Value Assessment: Research how to assess the value of personal data in contractual exchange relationships
• Remedial Mechanisms: Develop new remedial mechanisms suitable for data exchange services
• Comparative Research: Compare different approaches between the United States (FTC's development of fair information practice principles based on consumer law) and Europe

Conclusions and Impact

Main Conclusions

1. Complementarity: Consumer law and data protection law can effectively complement each other, providing more comprehensive protection for people in modern markets
2. Practicality: The successful application of consumer law by consumer organizations to address data protection violations demonstrates the value of this complementarity
3. Development Potential: The comprehensive vision of "data consumer law" provides new pathways for ensuring fairness and fundamental rights protection in digital consumer markets

Academic Impact

• Theoretical Contribution: First systematic exploration of the intersection between consumer law and data protection law
• Methodological Innovation: Provides a new paradigm for interdisciplinary legal research
• Policy Guidance: Provides important legal theoretical support for EU digital single market strategy

Practical Value

• Enforcement Tools: Provides consumer organizations and regulatory authorities with new enforcement tools and strategies
• Rights Protection: Enhances the effectiveness of consumer rights protection in digital environments
• Market Regulation: Provides a legal framework for fair competition in digital markets

This paper has significant influence in EU legal scholarship, providing innovative legal perspectives and practical solutions for understanding and addressing consumer protection challenges in the digital economy.