The Council of the European Union (‘the Council’) announced, on 28 November 2019, that it had reached an agreement on the Proposal for a Directive on Representative Actions for the Protection of the Collective Interests of Consumers, and Repealing Directive 2009/22/EC (‘the Draft Directive’). In particular, the Council outlined that the Draft Directive aims to put in place a system on representative actions for the protection of collective interests of consumers against infringements of EU law in all Member States. Moreover, the Draft Directive would apply to representative actions brought against traders for infringements of provisions of EU law, including the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the Directive on Privacy and Electronic Communications (2002/58/EC) (as amended).
Márton Domokos and Péter Szilas, Senior Counsel and Senior Associate respectively at CMS Cameron McKenna Nabarro Olswang LLP Budapest, told OneTrust DataGuidance, “It may be early to predict the implications of the Draft Directive, however, it is likely to result in the expanded exposure of companies. The Draft Directive is significant as it facilitates consumers’ and businesses’ ability to operate in the internal market and it further strengthens the rights of consumers, not only from a data protection perspective. One of the most important novelties for companies is the cross-border representative action, which may be initiated if the infringement of consumer rights is affecting collective interests and has a cross-border impact. Once the Draft Directive [is implemented], companies must also consider the specific procedural rules of each Member State.”
Further to the above, the Draft Directive does not seek to replace the existing national procedural mechanisms, but rather it leaves it to the discretion of the Member States whether to design the representative action as a part of an existing or future collective injunction, or redress mechanism, or as a separate mechanism. It would allow qualified entities, such as consumer organisations, to ask companies to stop or prohibit an infringement and seek redress, such as compensation under EU and national laws. Article 14 of the Draft Directive states that Member States must ensure that the penalties for a company’s failure or refusal to comply with an injunction measure, failure to disclose evidence, or failure to inform the customers concerned about the final court decision, take the form of fines.
The Draft Directive will make it easier for representative bodies to launch collective redress actions
Domokos and Szilas continued, “Companies may no longer avoid responsibility for infringements of consumer rights by invoking the country-specific nature of Member States’ domestic rules on class action procedures. In the future, in parallel with local consumer protection and data protection proceedings, qualified entities designated by the Member States may also take up the case of consumers and data subjects before courts in another Member State. Therefore, there is a risk that two parallel proceedings will be conducted against a company on the very same basis of infringing consumer protection rules. As a result, companies with cross-border operations must take into account local data protection and consumer protection laws as well. During the GDPR rush, there were a lot of companies that focused only on compliance with the GDPR itself, because it was more effective to do so in all countries. However, now it is time to focus on the compliance with specific local laws, such as employment, consumer protection, or cybersecurity.”
In addition, Member States will have 30 months from the entry into force of the Draft Directive to transpose it into national law, as well as an additional 12 months to start applying these provisions. The Draft Directive would apply to representative actions brought after the date of application. The Council outlined that it will start negotiations with the European Parliament with a view to exploring the possibility of an agreement for the swift adoption of the Draft Directive at second reading.
Wim Nauwelaerts, Partner at Alston & Bird LLP, told OneTrust DataGuidance, “The Draft Directive will make it easier for representative bodies to launch collective redress actions in any EU Member State and team up with other representative bodies for that purpose. The Draft Directive includes a wide spectrum of injunctive and redress measures. This approach ties in nicely with the right to effective judicial remedy granted by Article 79 of the GDPR. [Moreover,] it is interesting that Article 10 of the Draft Directive allows representative bodies to use final court or administrative decisions as evidence of an infringement for the purposes of collective redress. This means that representative bodies mandated by data subjects may be able to use the decision of a supervisory authority in support of, for example, compensation claims against the relevant controller or processor.”
PETRA MOLNAR Privacy Analyst