Project m-commerce module: „Legal Aspects of m-commerce“
1
MODULELegalAspectsofM-Commerce
This project has been funded with support from the European Commission.
This publication reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein.
BEIMRO
HR VERO
NIK
A
Project m-commerce module: „Legal Aspects of m-commerce“
2
Table of contents 1. Summary ________________________________________________________________________ 4 2. Introduction ____________________________________________________________________ 5 3. Objectives of the module _______________________________________________________ 6
3.1. General Targets _____________________________________________________________ 6 3.2. Targets ______________________________________________________________________ 6 3.3. Specific Targets _____________________________________________________________ 7
4. Theory ___________________________________________________________________________ 8 4.1. Basic Austrian Contract Law in a mobile Environment ___________________ 8
4.1.1. Service Providers of electronic mobile Commerce ___________________ 8 4.1.2. What is an Information Service Provider? ____________________________ 8 4.1.3. The Conclusion of a valid Contract via mobile Devices _______________ 9
4.1.3.1. The Offer ____________________________________________________________ 9 4.1.3.2. The Acceptance ____________________________________________________ 10 4.1.3.3. Electronic Contractual Declarations ______________________________ 10 4.1.3.4. Receipt _____________________________________________________________ 11
4.1.4. Special Information Obligations for mobile Service Providers _____ 13 4.1.4.2. Information Obligation regarding contractual Declarations ______ 14
4.1.4.3. Other general Information Obligations __________________________ 14 4.1.4.4. Obligations regarding Prices _____________________________________ 15 4.1.4.5. Obligations regarding commercial Communication _____________ 15
4.1.5. Electronic Signatures _________________________________________________ 15 4.1.6 Inclusion of general Terms and Conditions of Business _____________ 16
4.1.6.1. Incorporating GTC in the Contract in a mobile Environment ___ 17 4.1.7 Chapter Review Questions _____________________________________________ 18
4.2. The Austrian Consumer Protection Framework _________________________ 19 4.2.1. An Overview over Consumer Protection Legislation ________________ 19 4.2.2. How is a “Consumer” defined? _______________________________________ 20
4.2.2.1. “Consumer” according to the Directive on Consumer Rights ___ 20 4.2.2.3. “Consumer” according to the Austrian Consumer Protection Law_______________________________________________________________________________ 21
4.2.3. Right of Withdrawal ___________________________________________________ 21 4.2.3.1. Withdrawal from Contracts _______________________________________ 22
4.2.4. Information Obligations for M-Commerce Providers ________________ 28 4.2.5 Special Requirements for electronic Contracts (Button Solution) __ 31 4.2.6 Chapter Review Questions _____________________________________________ 32
4.3. Austrian Data Protection __________________________________________________ 33
Project m-commerce module: „Legal Aspects of m-commerce“
3
4.3.1 Different categories of personal data _________________________________ 34 4.3.2 Legitimate Uses of Data for M-commerce Providers _________________ 35 4.3.4 Duty of the Controller to notify _______________________________________ 37 4.3.5 Chapter Review Questions _____________________________________________ 38
4.4. Jurisdiction and Applicable Law within the EU __________________________ 39 4.4.1 Applicable Law according to the Regulation No 593/2008 __________ 39 4.4.2 Jurisdiction within the EU _____________________________________________ 42 4.4.2.1 Jurisdiction over Consumer Contracts ______________________________ 43 4.4.3 Chapter Review Questions _____________________________________________ 44
5. Case studies ____________________________________________________________________ 45 5.1. Case Study 1 _______________________________________________________________ 45 5.2. Case Study 2 _______________________________________________________________ 45 5.3. Case Study 3 _______________________________________________________________ 46 5.4. Case Study 4 _______________________________________________________________ 46
6. Source directory _______________________________________________________________ 48 7. Internet links __________________________________________________________________ 53
Project m-commerce module: „Legal Aspects of m-commerce“
4
1. Summary
The Module Legal Aspects of M-Commerce gives a short overview over
selected legislation which applies to companies that provide their goods
and services via mobile means.
The first chapter covers basic Austrian contract law, from the forming of
contracts in an electronic environment to the inclusion of general terms
and conditions of business in contracts via mobile devices.
The second part of the module covers consumer protection legislation,
which plays a very important part in m-commerce. This chapter explains
the special rules for distance selling, the extensive information obligations
for m-commerce providers and the rights of the consumer.
The third chapter gives a short overview over the Austrian Data Protection
Act and how m-commerce providers can begin to process personal data
in a lawful way.
The fourth part explains the way jurisdiction and applicable law are
handled in cross border cases within the EU. This short overview also
focuses on the special protections afforded to consumers by EU
regulations.
Project m-commerce module: „Legal Aspects of m-commerce“
5
2. Introduction
Mobile businesses face a multitude of new regulations and rules every
few years, whether they relate to consumer protection, data protection
or distance selling. Full compliance with the law can be a challenge
especially for small businesses, since it can be difficult to maintain an
overview. This problem becomes notably apparent in the area of
consumer protection: every new legislation adds new information and
contractual obligations for traders and expands the rights of consumers
further. For example the last directive on consumer rights added
substantial information obligations for traders relating to distance
contracts. This module aims to give small businesses an idea of the legal
hurdles they might face and a starting point to review their mode of
operation regarding legal compliance. It does not in any way replace
professional legal advice, since it often presents a simplified overview of
the issues covered.
Project m-commerce module: „Legal Aspects of m-commerce“
6
3. Objectives of the module
3.1. General Targets
The general target of this module is to sensitize the learners to possible
legal challenges in the future and to make sure that their mobile
businesses are compliant with the law. This includes the way contracts
are concluded and information is processed and presented online.
Learners should be made aware by this module that the rules governing
m-commerce are often complicated and obtuse. The learner should not
hesitate to seek out professional legal advice from a lawyer. This module
should help the learner identify areas where a legal dispute might be
difficult, e.g. with the involvement of consumers. It should further enable
the learner to ask more knowledgeable questions of their lawyer or legal
counsel and to better comprehend the answers.
3.2. Targets
In a more concrete manner the module aims to inform the learner about
four different areas of the law: contract law, consumer protection law,
data protection law and civil procedure law. However a comprehensive
overview would go beyond the scope of this module. The learner should
gain a basic understanding of the four areas and how they relate to a
mobile environment. Furthermore the learner should learn to recognize
areas which need a more in-depth approach such as information
obligations and compare their current mode of operation to the
obligations set forth by the law.
Project m-commerce module: „Legal Aspects of m-commerce“
7
3.3. Specific Targets
The learner should be able to recognize the basic steps of contract
formation in an electronic environment. They should be aware of the
general obligations m-commerce providers must fulfil under the E-
Commerce Act and have an idea of how to include general terms and
conditions of business in a contract.
The learner should be aware that consumers are under special protection
by the law. Consumers should (in clear cut cases) be correctly identified.
The learner should know that these rights are tied to a variety of
information obligations and that a failure to comply with these obligations
could lead to negative consequences for the business.
In regard to data protection learners should know what constitutes
personal data under the law and gain a basic understanding of its lawful
use.
The learner should gain awareness that in cross-border transactions a
different law might be applicable and that legal cases might be brought
against them in foreign courts. They should gain an understanding about
intervening consumer protection clauses in order to give consumers an
advantage in legal proceedings.
4. Theory
4.1. Basic Austrian Contract Law in a mobile Environment
Attention: The contents of this chapter only apply to the legal
situation in Austria, because they are not based on fully harmonized
EU legislation.
This chapter aims to inform the user about the conclusion of valid contracts in a
mobile environment under Austrian law. Valid contracts are the foundation of a
mobile commercial undertaking. It is therefore vital to understand the special
provisions governing the process in a mobile environment.
In Austria these rules are found in the “Allgemeines bürgerliches Gesetzbuch
(ABGB)”1. Futhermore an overview of the special rules set forth in the Austrian E-
Commerce Act2, which was derived from E-Commerce directive3, concerning
mobile electronic commerce and its providers will be given.
4.1.1. Service Providers of electronic mobile Commerce
The E-Commerce Act in Austria is the national transposition of the E-commerce
directive, it contains important rules for providers of information society services.
Providers of mobile e-commerce services have special duties regarding the
provision of information and special responsibilities when providing their services.
4.1.2. What is an Information Service Provider?
According to § 1 (5) of the Austrian E-Commerce Act an information society
service is a service which is provided
- for valuable consideration, which means that there is an economical element
to the service
1 Allgemeines bürgerliches Gesetzbuch für die gesammten deutschen Erbländer der Oesterreichischen Monarchie (ABGB) JGS 946/1811 idF BGBl I 87/2015. 2 Bundesgesetz, mit dem bestimmte rechtliche Aspekte des elektronischen Geschäfts- und Rechtsverkehrs geregelt werden (E-Commerce-Gesetz - ECG) BGBl I 152/2001 idF BGBl I 34/2015. 3 Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ('Directive on electronic commerce') OJ L 178/2000, 1.
Project m-commerce module: „Legal Aspects of m-commerce“
9
- via electronic means
- by distance selling
- at the individual retrieval of the recipient.
All these criteria have to be present to constitute an information society service
according to the law. It’s important to note that the valuable consideration criteria
(in ordinary language: for an economic advantage) is broadly applied:
Applications or mobile websites are also considered information society services,
if they are free but are ad-financed or aim to advertise the company and its
product. The term distance selling means that the electronic service is provided
when neither the provider nor the user are physically present.4
Generally considered to be information society services are host providers,
providers of commercial websites and domain registries. Providers of commercial
mobile services are therefore information society service providers and have to
observe the rules of the E-Commerce Act.5
4.1.3. The Conclusion of a valid Contract via mobile Devices
This section covers special rules of contracting in a mobile environment. It does
not illuminate other important circumstances for contract conclusion like the legal
capacity of the contract parties regarding age, ability to reason or the lawfulness
of the legal transaction.
4.1.3.1. The Offer
In order to close a contract a few fundamental elements need to be present: A
binding offer from one party (the offeror) is needed, which is a one sided
contractual declaration to enter in a contract with another party (the offeree).6
Whether or not an offer is meant to be binding depends on the circumstances; it
has to be more than just a noncommittical invitation for contract negotiations.
Indicators for a noncommittical invitation, besides explicit clauses stating this, are
declarations made towards a large group of individuals, e.g. in the case of an e-
4 Janisch Sonja, 2012, p 71 f. 5 Ibid. 6 Janisch Sonja, 2012, p 73 f.
Project m-commerce module: „Legal Aspects of m-commerce“
10
commerce website – usually the m-commerce provider wants to select the
persons with whom they enter a contract in order to check their inventory and
the credit of the prospective buyer. In this case the offer comes from the customer
when ordering the goods – the merchant still has to accept the offer.7
The offer also has to be understandable, its content must be clear to the offeree.
It also needs to contain all the information necessary to conclude the contract. In
case of a sales contract the good and the price needs to be clearly defined. 8
4.1.3.2. The Acceptance
The acceptance is the counterpart to the offer: it also is a one-sided contractual
declaration, which has to be received by the offeror. The offer has to be accepted
with all the terms and conditions attached to it, otherwise the contract cannot be
perfected since no consent has been reached. The acceptance has to be sent and
received in a timely manner otherwise the offer will not be binding anymore. Offer
and acceptance are viewed as concurrent contractual declarations.9
After the acceptance a binding contract has been concluded, which means that all
parties have to fulfil their obligations (i.e. goods have to be sent and prices have
to be paid).10
4.1.3.3. Electronic Contractual Declarations
In principle the form of communication (phone, e-mail, web form, app) is not
important. The declaration can be expressed explicitly (e.g. saying it out loud) or
implicitly (e.g. by sending the goods to the prospective buyer after receiving an
offer by the buyer). One party cannot be forced by the other to use a certain form
of communication for their exchanges, for example a certain e-mail address.
There has to be some indication that the contract partner wants to use that e-
mail address, either implicitly or explicitly.11
The message travels on the risk of the sender – this includes changes to the
message, delays as well as its loss.12 The recipient bears the risk for the technical
7 Janisch Sonja, 2012, p 85 f. 8 Janisch Sonja, 2012, p 73 f. 9 Janisch Sonja, 2012, p 88. 10 See § 861 ABGB. 11 Janisch Sonja, 2012, p 74 f. 12 Janisch Sonja, 2012, p 82.
Project m-commerce module: „Legal Aspects of m-commerce“
11
equipment needed to receive the message and for what happens to it after it’s
been received.13
A special case is the usage of an automated response system for inquiries – the
generated answers do not count as declarations of will because they were not
made by a person, however the system is attributed to its operator, since
computers do not act autonomously. This is important in the context of technical
malfunctions and faulty responses. These systems are in wide use in mail order
businesses.14
The explanatory value of a message is interpreted from an objective point of view,
the goal is to find the intention of the sending party.15
It must be noted that electronic contractual declarations sent via mail or other
electronic means of communication do not carry much weight as evidence in
Austrian courts, because they can be easily forged.16 To ensure that the
declaration of will is treated as an official document it has to be signed with a
qualified electronic signature (see pt. 4.1.5 Electronic signature).
4.1.3.4. Receipt
As mentioned above contractual declarations have to be received by the other
party in order to conclude a contract. According to § 12 E-commerce Act the
declaration is considered to have been received when the intended recipient is
able to receive them under normal circumstances. This provision cannot be
rescinded to the detriment of consumers.
The recipient has to have the possibility to notice the declaration. For an e-mail
sent during a weekend or a holiday to a m-commerce provider this means the
next business day, a private person is usually granted more time to check their
e-mail.17
Austrian case law considers problems with the receiving equipment like a mail
server in the risk sphere of the recipient,18 the same is true for e-mails that have
been wrongly put in the spam folder.
13 RIS-Justiz RS0122204. 14 Janisch Sonja, 2012, p 75. 15 See §§ 914, 915 ABGB. 16 Janisch Sonja, 2012, p 83. 17 Janisch Sonja, 2012, p 79. 18 OGH 30.3.2011, 9 Ob A 51/10f.
Project m-commerce module: „Legal Aspects of m-commerce“
12
It is important to note that the Austrian High Court OGH does not recognize
transmission logs as evidence or prima facie evidence for the receipt of an e-
mail.19 Therefore the only way to ensure the receipt of an e-mail is via a secure
way of communication – in writing or with a qualified electronic signature.
Illustration: Contract conclusion flowchart (source: own illustration)
19 OGH 29.11.2007, 2 Ob 108/07g.
Project m-commerce module: „Legal Aspects of m-commerce“
13
4.1.4. Special Information Obligations for mobile Service Providers
4.1.4.1. Correction Option Obligation
The E-Commerce Act specifies special requirements for service providers, which
cannot be rescinded to the detriment of consumers.
§ 10 (1) E-Commerce Act stipulates that service providers must give their users
the opportunity via technical means to correct input errors before the user issues
a contractual declaration.
These means must be:
• effective
• accessible
• appropriate
Usually users are given the opportunity to review and correct their data input
before finalizing the transaction. Furthermore the service provider has to
immediately confirm the receipt of the electronic declaration.
Usually users are given the opportunity to review and correct their data input
before finalizing the transaction. Furthermore the service provider has to
immediately confirm the receipt of the electronic declaration.20 This confirmation
is not a contractual declaration (acceptance) but an information for the customer
that his declaration has been received. If a contractual declaration is combined
with the confirmation it should contain explicit language in order to avoid
confusion.21
M-commerce providers must
• provide users with the option to correct their input
• immediately confirm the receipt of an electronic contractual
declaration
20§ 10 (2) E-Commerce Act. 21Wiebe in Kletečka/Schauer, ABGB-ON1.02 § 861 ABGB, 14 (as of 01.06.2015, rdb.at).
Project m-commerce module: „Legal Aspects of m-commerce“
14
4.1.4.2. Information Obligation regarding contractual Declarations
The service provider must give the (prospective) contract partner a number of
information before a contractual declaration is made (see § 9 E-Commerce Act).
The following information must be presented clearly, comprehensively and
unambiguously and cannot be rescinded to the detriment of consumers:
• the technical steps involved in the contracting process
• whether the service provider stores the contract text after the contract
conclusion, if so, where to access this text.
• the technical steps to correct input errors.
• in which language the contract can be concluded.
• if the service provider adheres to a voluntary conduct, the name of the code
and where to access it.
4.1.4.3. Other general Information Obligations
The E-Commerce Act stipulates that service providers must satisfy a number of
information requirements ranging from general to special obligations.
According to § 5 (1) E-Commerce Act all service providers have to render the
following information accessible in an easy, direct and permanent fashion to their
users:
• name/corporate name
• the geographic address (place of establishment)
• contact information (including e-mail address)
• the commercial register number and the registration court (if applicable)
• if the service provider is subject to trade or professional rules the
supervisory authority competent for the service provider, the
chamber/professional association/similar institution, the professional title
and the member state where the title has been granted, a reference to the
applicable trade and professional rules and the means to access them(if
applicable)
Project m-commerce module: „Legal Aspects of m-commerce“
15
4.1.4.4. Obligations regarding Prices
According to §5 (2) E-Commerce Act prices must include the following information
in an easily readable and classifiable way:
• whether taxes (such as VAT) and other charges are included or not
• whether shipping costs are included
4.1.4.5. Obligations regarding commercial Communication
According to § 6 E-Commerce Act commercial communication (as in
advertisements, product presentations etc.) has to fulfil a few requirements.
The commercial communication has to
• be clearly identifiable as a commercial communication
• reveal the business which ordered the commercial communication
• clearly identify promotional sales offers and contain easy access to the GTC
for their use
• clearly identify price competition and games and contain easy access to the
GTC for participation
Commercial enterprises should be aware that other laws (such as the Media Act)
also require businesses to provide information.
4.1.5. Electronic Signatures
In the Austrian legal system most contracts don’t need a special form in order to
be valid, but some types of contract do have formality requirements such as a
personally signed document.22
In an electronic environment this poses a challenge, since scans of signed
documents do not meet this requirement.23 In order to solve this problem the EU
introduced the directive 1999/93/EC24 on a Community framework for electronic
signatures. This directive lays down the ground rules for electronic signatures in
the EU. It has been transposed as the Federal Electronic Signature Law (Signature
22 See §§ 833ff ABGB. 23 Janisch Sonja, 2012, p 90 with further references. 24 Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures OJ L 2000/13, 12 repealed by OJ L 2014/257, 73.
Project m-commerce module: „Legal Aspects of m-commerce“
16
Law)25. An electronic signature is defined in § 2 of the Signature Law as electronic
data attached to or logically associated with other electronic data which serve as
a method of authentication. There are three types of electronic signatures:
normal, advanced and qualified electronic signature.
The qualified electronic signature has the highest security level, it is based on a
qualified certificate and created by a secure–signature-creation device.
It is the only electronic signature type that satisfies the formal requirement of the
written form,26 which usually requires a hand written signature – however there
are some exceptions pertaining mostly to family law and legal transactions
involving real estate.27
Electronic signatures can be acquired at www.buergerkarte.at.
This legislation will soon be replaced by the new Regulation 910/2014 on
electronic identification and trust services for electronic transactions in the
internal market28. A slew of new instruments such as certificates and electronic
seals will be introduced by the new regulation, however no electronic equivalent
of a certified delivery with a return receipt will be included.
4.1.6 Inclusion of general Terms and Conditions of Business Most online and offline businesses use general terms and conditions of business
(GTC), which consist of prewritten contract clauses that ease contract negotiations
and grant businesses a favourable position. To counteract this considerable
advantage for businesses the GTC are subjected to a comprehensive review by
the law and the courts.
This review comprises the following questions:
• Have the GTC become incorporated in the contract?
• Are the terms used valid (see § 864a ABGB, § 6 KSchG) or are they
unexpected?
25 Bundesgesetz über elektronische Signaturen (Signaturgesetz - SigG) BGBl I 190/1999 idF BGBl I 75/2010. 26 See § 4 (1) Signature Law. 27 See § 4 (2) Signature Law. 28 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC by OJ L 2014/257, 73.
Project m-commerce module: „Legal Aspects of m-commerce“
17
• Do the contents of the individual terms reveal a crass imbalance regarding
the legal position at the expense of the party subjected to the GTC (see §
879 Abs 3 ABGB)?
This script will focus on the aspect of incorporation, since the correct incorporation
of GTC poses challenges in a mobile environment.
4.1.6.1. Incorporating GTC in the Contract in a mobile Environment
GTC are not different from other contract clauses – both parties have to agree so
that they can become a part of the contract. Therefore an m-commerce provider
has to clearly communicate to their prospective clients that they will only contract
using their own terms and conditions. Prospective contract partners (users) have
to have the opportunity to read and notice the full GTC before declaring their will.
This has to be made obvious in such a way that not even casual or unobservant
users overlook their agreement to the GTC while contracting.29 M-commerce
providers must place a clear and readable notice to their GTC before the
order button with a prominently displayed link to them. The GTC must not
be “hidden” within the app or the website, otherwise the GTC will not be
enforceable. It is furthermore advised to link to the GTC in a very accessible
way – for instance an extra menu button within the main menu or a link
that is placed on the bottom of every web page.30
To ensure that the user has acknowledged and agrees to the GTC it is best
to let them check off these terms in an extra tick-box, without which the
order cannot be completed.
§ 11 E-Commerce Act requires that the service provider provides the user
with the contractual provisions and his GTC in a storeable and reproducible
way. This can be implemented via providing a downloadable pdf-document
(also placed before the order button), a print button or any other way that
enables the user to store and reproduce the GTC. It is also wise to version
the GTC with a version number and date, to avoid later difficulties.
29 Janisch Sonja, 2012, p 93. 30 Fallenböck Markus, 2004, subsection 3.1.
Project m-commerce module: „Legal Aspects of m-commerce“
18
Consequences because of non-compliance with § 11 E-Commerce Act range
from disadvantages in legal disputes (relating to damages, because this is
considered a violation of a protective law), to administrative fines ranging
up to 3000 euros.31
4.1.7 Chapter Review Questions
• Is a contract valid without consent?
• Is a m-commerce provider an information service provider?
• What is required in order to include general terms and conditions of business
in an online contract?
31 ibid., subsection 2.
Project m-commerce module: „Legal Aspects of m-commerce“
19
4.2. The Austrian Consumer Protection Framework
Attention: The contents of this chapter apply to the legal situation
in EU countries, because they are based on fully harmonized EU
legislation. However some issues might be still be handled
differently under national law due to the interplay of national and
Union Law.
Consumer protection is an extremely important issue in EU legislation. To date
multiple directives have been passed to protect consumers in the European single
market. Especially within the context of mobile and electronic commerce
consumer protection is important in order to encourage consumers to use services
outside of their own country. Before specific consumer protection legislation it was
very difficult for consumers to enforce their rights against foreign businesses.
Consumer protection is meant to foster trust and make it easier for businesses to
compete in other EU countries.
Businesses who provide their service at a distance through mobile communication
need to be very aware whether or not their customer base includes consumers,
since consumers are granted a wide range of rights. Conversely the m-commerce
provider is required to provide a lot of information to their consumers.
Disregarding these rights and obligations can affect a business very negatively.
4.2.1. An Overview over Consumer Protection Legislation Currently there are a great number of directives governing the interactions
between consumers and businesses: product safety, product liability, misleading
and comparative advertising, consumer credit, guarantees, contract terms and
many more. The goal is to empower consumers through knowledge and legal
remedies.32
This chapter will focus on the part of the EU legislation which is most relevant to
m-commerce providers, and its Austrian transposition. This is the most recent
directive on consumer rights33, which aims to fully harmonize consumer protection
32http://www.sozialministerium.at/site/Soziales/EU_Internationales/Verbraucherschutz_auf_Ebene_der_EU/. 33 Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and
Project m-commerce module: „Legal Aspects of m-commerce“
20
within the EU – full harmonization meaning that there is little to no room for
countries to implement the legislation differently.34 There is however a very
significant exception: the definition of the term “consumer” can be broadened by
member states, e.g. to include young businesses or legal persons.35 The directive
itself covers most contracts between consumers and traders, however there are
a lot of exceptions relating to the type of contract.36
The directive on consumer rights was implemented in Austria as the so called
“Fern- und Auswärtsgeschäfte-Gesetz”37 (FAGG), which covers distance and off-
premises contracts.
4.2.2. How is a “Consumer” defined? Consumers are granted special rights and protections. Therefore it is vital to know
how a consumer is defined under the applicable law. The definition can however
vary from member state to member state and even between different legal acts.
This next section will explain the terms under the directive on consumer rights
and under the Austrian Consumer Protection Law38.
4.2.2.1. “Consumer” according to the Directive on Consumer Rights
A consumer is defined in Art 2 (1) of the directive on consumer rights to mean
any natural person who in the context of pertinent contracts acts for purposes
which are outside his trade, business, craft or profession. Conversely Art 2 (2) of
the directive categorizes every natural person or legal person as a trader, who is
acting in relation to covered contracts for purposes relating to his trade, business,
craft or profession.
This means that in order to identify a consumer one must look at the purpose of
the transaction: is it made for reasons of business or for private reasons?
repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council OJ L 2011/304, 64. 34 See Art 4 of the Directive 2011/83/EU on consumer rights. 35 See recital 13 of the directive 2011/83/EU on consumer rights. 36 See Art 3 directive 2011/83/EU; relevant in this context: gambling, financial services, healthcare, package travel, regularly supplied foodstuffs, beverages or household goods, passenger transport services, automatic vending machines. 37 Bundesgesetz über Fernabsatz- und außerhalb von Geschäftsräumen geschlossene Verträge (Fern- und Auswärtsgeschäfte-Gesetz – FAGG) BGBl I 33/2014 idF I 83/2015. 38 Bundesgesetz vom 8. März 1979, mit dem Bestimmungen zum Schutz der Verbraucher getroffen werden (Konsumentenschutzgesetz - KSchG) idF BGBl. 140/1979 idF BGBl I 105/2015.
Project m-commerce module: „Legal Aspects of m-commerce“
21
4.2.2.3. “Consumer” according to the Austrian Consumer Protection Law
The definition of the Austrian Consumer Protection Law is a little different from
the directive. In § 1 (1) sub-para. 2 the definition of a consumer is a person who
does not make a transaction in the course of carrying on his business, ergo a
person who is not an entrepreneur. In contrast an entrepreneur is defined by § 1
(1) sub-para.1 of the Austrian Consumer Protection Law as a person who does
make the transaction in the course of carrying on his business.
A business is defined by § 1 (2) as a permanent organization, which exists for the
purposes of independent commercial activity, even though it may be a non-profit
enterprise. The Austrian High Court has clarified that neither a minimum size nor
a minimum organization are required for an entity to qualify as a business. The
only requirement is that the transaction in question is part of the independent
economic activity of the organization.39 The FAGG also refers to the definition
given in the Austrian Consumer Protection Law, therefore it is also applicable to
contracts relating to m-commerce activities.
The question of whether a business partner qualifies as a consumer is important
and can be difficult to answer. However when the nature of the transaction is
uncertain, the law states that the transaction is considered to be a entrepreneurial
one.40 This assumption can only be refuted, if the transaction was objectively
made for private reasons and this was discernable for the contract partner.41
Except in very obvious cases of a consumer transaction the burden of proof rests
on the side of the customer.
4.2.3. Right of Withdrawal M-commerce contracts are distance contracts. This is an important distinction
since the directive on consumer rights links the type of contract to special
obligations for the trader.
Distance contracts are defined in Art 2 (7) of the directive on consumer rights as
contracts:
39 RIS-Justiz RS0065309 40 § 344 of the Bundesgesetz über besondere zivilrechtliche Vorschriften für Unternehmen (Unternehmensgesetzbuch - UGB) dRGBl S 219/1897 idF BGBl I 22/2015; RIS-Justiz RS0062274. 41 RIS-Justiz RS0062319 (T4).
Project m-commerce module: „Legal Aspects of m-commerce“
22
• that are concluded exlusively through one or more means of distance
communication
• within an organised distance sales or service provision scheme
• where neither the consumer nor the trader is physical present.
This definition is repeated in § 3 (2) FAGG.
M-commerce falls under this definition, since mobile application and services are
specifically designed to be carried out at a distance through mobile communication
technologies without the presence of the provider or the customer. Therefore this
section elaborates on the rights of the consumer in relation to distance contracts
under the FAGG.
4.2.3.1. Withdrawal from Contracts
The right of withdrawal is enshrined in Art 9 of the directive on consumer rights
and in § 11 FAGG respectively. The consumer is granted the right to withdraw
from the contract within 14 days without giving any reason. The consumer can
exercise his right without having to fulfil any formal requirements, however there
are withdrawal forms, which the consumer can use.42
The m-commerce provider can provide this or other forms to give consumers the
opportunity to withdraw electronically from their contracts. If that’s the case the
m-commerce provider has to confirm the receipt of the form immediately in a
durable medium.
4.2.3.2 14 Day Period
According to § 12 (2) FAGG the 14 day period starts:
1. in case of service contracts with the day of the contract conclusion
2. in case of sales contracts the day the goods are delivered to the consumer
(or somebody the consumer named)
a) in case of multiple goods ordered in one order, which are separately
delivered, the day the last good is delivered to the consumer (or
somebody the consumer named)
42 See § 13 FAGG; Available at http://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=20008847.
Project m-commerce module: „Legal Aspects of m-commerce“
23
b) in case of a good consisting of multiple pieces the day the last piece
is delivered to the consumer (or somebody the consumer named)
c) in case of a regular delivery of goods for a defined period of time the
day the first good is delivered to the consumer (or somebody the
consumer named)
3. in case of digital goods which are not supplied on a physical medium (CD,
USB stick, …) the day of the contract conclusion
These time periods however apply only if the m-commerce provider has
adequately informed the consumer of their rights. (See information obligation in
this chapter).
4.2.3.3 Obligations of the M-Commerce Provider43
The m-commerce provider has to reimburse all payments received from the
consumer, no later than 14 days after they have received the withdrawal
declaration from the consumer. The payments have to be given back in the same
way they were received, for instance if the consumer payed via credit card the
payment cannot reimbursed via bank transfer. The reimbursement includes
shipping costs, except when the consumer insisted on a more expensive delivery
mode than the one usually offered by the trader.
In case of sale contracts the trader has the opportunity to withhold the
reimbursement until they either receive the good or the consumer supplies
evidence of having sent back the good.
4.2.3.4 Consumer Obligations in relation to Sales Contracts
The consumer has to return the good in a timely manner, but no later than 14
days after they informed the trader to withdraw from the contract. It is sufficient
to send the good within this period. The consumer has to pay for shipment, unless
the m-commerce provider offers to cover the fee or did not inform the consumer
correctly about this fact.
The consumer is liable for the diminished value of the goods resulting from the
handling of the goods, if they were used more than is necessary to determine the
43 See § 14 FAGG.
Project m-commerce module: „Legal Aspects of m-commerce“
24
nature, characteristics and functioning of the goods. However this is only possible
if the m-commerce provider neglected his obligation to inform the customer about
the right of withdrawal. The above mentioned obligations apply to sales
contracts.44
4.2.3.5 Withdrawal from Service Contracts during the Withdrawal Period
In a digital environment consumers can withdraw from contracts even when the
service provider has already started to perform the service – the question then
arises if and how much the consumer has to pay for the part of the service they
received. The prerequisite for this scenario is the performance of the service
during the withdrawal period (14 days from the day of the contract conclusion,
if the consumer was correctly informed about the right of withdrawal). The m-
commerce provider has the choice to wait out the withdrawal period and start
performing their service after. This is the easiest way to avoid problems in this
area, but it may cause providers to miss out on business opportunities.
The directive on consumer rights and the FAGG deal with this issue with a number
of interlocking and complicated rules.45 The consequence of non-compliance for
the trader is the loss of payment for the already performed services – it is
therefore essential for m-commerce providers to comply with all of the obligations
set out by the FAGG, if they want to receive compensation for their service. This
next section aims to explain concisely and clearly the obligations of all involved
parties.
§ 10 FAGG states that traders have to demand an express request by the
consumer to start the service during the withdrawal period on a durable
medium. Saving the express request on a durable medium avoids later difficulties
of proving the express wish of the consumer.
The trader also has to inform the consumer correctly about his right of
withdrawal46 including the withdrawal form, conditions, time period and
procedure. This must include information about the fact that the consumer has to
pay a proportionate amount for the part of the service that has been performed
44See § 15 FAGG. 45See Art 14 of directive 2011/83/EU; § 16 FAGG. 46According to § 4 (1) sub-para. 8 FAGG.
Project m-commerce module: „Legal Aspects of m-commerce“
25
before the declaration of withdrawal has been made. In case of withdrawal from
the contract while the performance of service has already begun the m-commerce
provider is normally entitled to a proportionate amount of money from the
consumer.47 However if the trader did not comply with their information
obligations the consumer does not have to compensate the trader for the services
they performed.48
Flowchart: Performance of service during withdrawal period (Source: adapted from Geiger
Barbara, 2014, p. 598)
4.2.3.6 Loss of Right of Withdrawal in Case of Service Completion during
Withdrawal Perios
47See § 16 (1) FAGG. 48See § 16 (2) FAGG.
Project m-commerce module: „Legal Aspects of m-commerce“
26
The above remarks do not apply if the service has been completed within the
withdrawal period. In this case the right of withdrawal can be omitted pursuant
to § 18 (1) sub-para. 1 if the m-commerce provider takes the following steps:
• the m-commerce provider demands an express declaration of consent
from the consumer to begin during the withdrawal period
• the m-commerce provider informs the consumer that they will lose their
right of withdrawal once the contract has been fully performed
• the m-commerce provider has an acknowledgement that the consumer is
informed and consents to their loss of the right of withdrawal
Flowchart: Loss of the right of withdrawal in case of contract fulfilment (adapted from Geiger
Barbara, 2014, p. 598)
Project m-commerce module: „Legal Aspects of m-commerce“
27
4.2.3.7 Digital Content and the Right of Withdrawal
Another area that requires special attention from m-commerce providers is the
sale of digital content via download.49 § 16 (3) FAGG states that in case of digital
content which are not supplied on a tangible medium (such as a CD, DVD, etc.)
consumers who withdraw from the contract do not have to pay the trader at all.
This could mean that traders who deliver their digital goods within the withdrawal
period could lose out on compensation. Therefore m-commerce providers must
ensure that in this case the exception to the right of withdrawal for digital content
can be applied.
The following steps must be taken in accordance with § 18 (1) sub-para. 11 FAGG
to apply the exception:
• the consumer consents explicitly to the delivery of the digital content during
the withdrawal period
and
• the consumer acknowledges their loss of right of withdrawal
and
• the m-commerce provider provides the consumer with a written
confirmation on a durable medium
o of the contract including all the information the provider is obligated
to provide (see 4.2.3.2.2 Information Obligations according to the
FAGG)
o of the explicit consent of the consumer about the early start of the
delivery
o of the acknowledgement of the consumer about their loss of the right
of withdrawal
and
• the m-commerce provider delivers the digital content during the withdrawal
period.
49 See Art 14 (4) lit b Directive on Consumer Rights.
Project m-commerce module: „Legal Aspects of m-commerce“
28
4.2.3.8 Other Exceptions to the Right of Withdrawal
There are a number of other exceptions to the right of withdrawal.50 One exception
pertains to goods that were customized according to the specifications of the
consumer or that are tailored for the personal needs of the consumer. Another
exception is for sealed audio or sealed video recordings or sealed computer
software, if they were unsealed after delivery.
4.2.4. Information Obligations for M-Commerce Providers51 As mentioned above the omission of obligatory information by the m-commerce
provider has grave consequences in conjunction with the right of withdrawal.
There are a number of other information obligations that have to be observed,52
otherwise m-commerce providers are at risk for administrative fines53 and
disadvantages in legal disputes with consumers. It is therefore extremely
important that m-commerce provides comply with these obligations. All the
information provided becomes part of the contract – it can only be changed
afterwards if the consumer agrees explicitly to any changes.54
4.2.4.1. About the M-Commerce Provider55
• Name and the geographical address (physical establishment)
• telephone number, fax number and e-mail address to enable effective
communication with the consumer
4.2.4.2. About the Product/Service
• main characteristics of the goods or services (may be adapted to fit the
space constraints of a mobile application or website)
• functionality of digital content (including applicable technical protection
measures)
• interoperability of digital content with hardware and software (that the
trader is aware of or can reasonably be expected to have been aware)
50See § 18 FAGG. 51 See Art 6 Directive on Consumer Rights. 52See § 4 FAGG. 53See § 19 (1) FAGG. 54§ 4 (4) FAGG. 55 For the structure of the information obligations see Handig Christian 2014, p 412.
Project m-commerce module: „Legal Aspects of m-commerce“
29
• total price of the goods or services inclusive of taxes and postal charges
(if a total price cannot be given, the manner of price calculation including
all additional delivery charges and any other costs)
• In case of indeterminate contract duration or subscription: the total price
shall include the total costs per billing period (fixed rate: the total
monthly price or if not determinable in advance the manner of price
calculation)
• The cost of using the means of distance communication for the
conclusion of the contract (if higher than basic rate i.e. telephone hotline
rates etc.)
4.2.4.3. About the conditions of business
• a reminder of the existence of a legal guarantee of conformity for goods
(see § 922 ff ABGB)
• the existence and the conditions of after sale customer assistance,
after-sales services and commercial guarantees (if applicable)
• the arrangements for payment, delivery, performance, the time by
which the trader delivers the goods or performs the services, if applicable
the trader’s complaint handling policy
• the duration of the contract
• the conditions for terminating the contract, if the contract is of
indeterminate duration or is to be extended automatically
• the minimum duration of the consumer’s obligations under the
contract (if applicable)
• the existence and the conditions of deposits or other financial
guarantees to be paid or provided by the consumer at the request of the
m-commerce provider (if applicable)
4.2.4.4. About the right of withdrawal/consumer complaints
• the possibility of having recourse and methods to access an out-of-court
complaint and redress mechanism, to which the trader is subject (if
applicable)
Project m-commerce module: „Legal Aspects of m-commerce“
30
• existence and the conditions of after-sales services or customer service
(if applicable)
• the existence of the right of withdrawal as well as any circumstances or
conditions that might curtail that right
• the conditions, time limit and procedures for exercising the right of
withdrawal (including the withdrawal form). This information can be given
via the model instructions on withdrawal provided in the Annex of the FAGG.
• the fact that consumers have to bear the cost of returning the goods
in case of withdrawal (if the goods cannot normally be returned by post, the
cost of returning the goods). This information can be given via the model
instructions on withdrawal provided in the Annex of the FAGG.
• the fact that consumers will have to pay a proportionate amount for
the services they received during the withdrawal period (if applicable).This
information can be given via the model instructions on withdrawal provided
in the Annex of the FAGG.
4.2.4.5. Manner of information giving
The information has to be given to the consumer before they make a
contractual statement in a clear and concise manner, so that consumers are
able to understand all aspects of the transaction.56 Furthermore the information
has to be supplied in a manner suitable to a mobile application or website
– if it is supplied on a durable medium it has to be legible.57 Since lawmakers
know that space is constrained on a mobile device the FAGG insists that at
minimum the following information has to be immediately provided to
consumers, all other points mentioned above may be supplied in a different
manner:58
• name of the m-commerce provider
• main characteristics of the goods or services (may be adapted to fit the
space constraints of a mobile application or website)
56See § 4 (1) FAGG. 57See § 7 (1) FAGG. 58See § 7 (2) FAGG.
Project m-commerce module: „Legal Aspects of m-commerce“
31
• total price of the goods or services inclusive of taxes and postal charges
(if a total price cannot be given, the manner of price calculation including
all additional delivery charges and any other costs)
• In case of indeterminate contract duration or subscription: the total price
shall include the total costs per billing period (fixed rate: the total
monthly price or if not determinable in advance the manner of price
calculation)
• the duration of the contract
• the conditions for terminating the contract, if the contract is of
indeterminate duration or is to be extended automatically
• the minimum duration of the consumer’s obligations under the
contract (if applicable)
• the existence of the right of withdrawal as well as any circumstances or
conditions that might curtail that right
• the conditions, time limit and procedures for exercising the right of
withdrawal (including the withdrawal form). This information can be given
via the model instructions on withdrawal provided in the Annex of the FAGG.
4.2.5 Special Requirements for electronic Contracts (Button Solution) After the Contract has been concluded m-commerce providers are under the
obligation to provide the consumer with a confirmation of the contract on a
durable medium, which includes all the information the provider was obligated to
provide. This information can be omitted if it was provided beforehand.
§ 8 (2) FAGG stipulates that traders use the so called “button solution” to make
consumers aware that they are about to conclude a contract that places the
consumer under an obligation to pay (“Zahlungspflichtig bestellen”).59 If the m-
commerce provider does not comply the consumer is not bound to his order or
contractual declaration. This measure was introduced in order to prevent
unsavoury businesses to trick their customers into paying for things they didn't
want to buy.
59 See Art 8 Directive on Consumer Rights
Project m-commerce module: „Legal Aspects of m-commerce“
32
According to § 8 (1) FAGG m-commerce providers shall make the consumer aware
in a clear and prominent manner and directly before the consumer places his order
of the following information. This does not apply to electronic contracts which
have been concluded via e-mail, telephone or any other individual means of
distance communication (Skype). 60
• main characteristics of the goods or services (may be adapted to fit the
space constraints of a mobile application or website)
• total price of the goods or services inclusive of taxes and postal charges
(if a total price cannot be given, the manner of price calculation including
all additional delivery charges and any other costs)
• In case of indeterminate contract duration or subscription: the total price
shall include the total costs per billing period (fixed rate: the total
monthly price or if not determinable in advance the manner of price
calculation)
• the duration of the contract
• the conditions for terminating the contract, if the contract is of
indeterminate duration or is to be extended automatically
• the minimum duration of the consumer’s obligations under the
contract (if applicable)
M-commerce sites clearly have to state any delivery restrictions and which means
of payments are accepted.61
4.2.6 Chapter Review Questions • How is a consumer defined according to Austrian Consumer Protection Law?
• What are the consequences of not informing a consumer about his/her right
of withdrawal?
60§ 8 (1) FAGG cites § 4 (1) sub-para. 1, 4, 5, 14 und 15 FAGG. 61§ 8 (3) FAGG.
Project m-commerce module: „Legal Aspects of m-commerce“
33
4.3. Austrian Data Protection
Attention: The contents of this chapter only apply to the legal
situation in Austria, because they are not based on fully harmonized
EU legislation.
This next section is aimed at giving a short overview over the most important
aspects of data protection for m-commerce providers. In order to be fully
compliant to the strict Austrian Data Protection scheme businesses should be
aware that this goal requires a more in-depth review of the topic, which is out of
the scope of this script. The Austrian Data Protection legislation is an
implementation of the directive on Data Protection and the directive on E-Privacy.
However since this area of the law isn't fully harmonized the Austrian
implementation is especially protective of personal data.
According to § 1 of the Federal Act concerning the Protection of Personal Data
(Data Protection Act)62 everybody has a right to secrecy for the personal data
concerning them. This protection is extended to both natural and legal persons.
The Austrian Data Protection Act applies to the use of personal data in Austria.
Austrian law is also applicable if the data are used in other member states of the
European Union for purposes of an Austrian main or branch establishment.63
Under the data protection act three key players are identified:
• The data subject is a natural or legal person or group of natural person,
whose data are processed64. A data subject cannot be the same as a data
controller.
• The controller is an entity which decides to use personal data. The entity
can be a natural or legal person, group of persons or organ of a territorial
62Bundesgesetz über den Schutz personenbezogener Daten (Datenschutzgesetz 2000 – DSG 2000) BGBl I 165/1999 idf
BGBl I 83/2013. 63§ 3 Data Protection Act. 64§ 4 (1) sub-para. 3 Data Protection Act.
Project m-commerce module: „Legal Aspects of m-commerce“
34
corporate body or the offices of these organs. It does not matter if they
decide to use the data themselves or to use processor.65
• The processor is an entity that uses data provided by the controller in
order to create a commissioned work. The processor can be a natural or
legal person, group of persons or organ of a federal, state and local authority
or the offices of these organs.66
M-commerce providers who use data of their customers and employees in order
to run their businesses are controllers under the Data Protection Act. This means
that they bear the responsibility that personal data are handled in a lawful way,
otherwise they are liable for administrative fines, injunctions and lawsuits.67
4.3.1 Different categories of personal data
Personal data are defined in § 4 no 1 Data Protection Act as information relating
to a person, who is either identified or identifiable. This means that for example
hair-colour only becomes a piece of personal data once it’s been tied to a specific
person. Data of persons who are identifiable means photographs, voice or film
recordings, which make it easy to identify an individual.
Data are “only indirectly personal” if the data controller or data processor or
another recipient of the data cannot establish the identity of the person through
legal means. This means that the connection between a person and their data has
been removed, but could be re-established through illegal means.
Another important category is sensitive data, which is deserves special protection
under the Data Protection Act. Sensitive data relate to natural persons concerning
their racial or ethnic origin, political opinion, trade-union membership, religious
or philosophical beliefs, and data concerning health or sex life.68 This information
65§ 4 (1) sub-para. 4 Data Protection Act. 66§ 4 (1) sub-para. 5 Data Protection Act. 67See §§ 6 (2), 30 (6), 32 Data Protection Act. 68§ 4 (1) sub-para. 2 Data Protection Act.
Project m-commerce module: „Legal Aspects of m-commerce“
35
has the power to open people up to discrimination, therefore the use is severely
restricted by the law.69
4.3.2 Legitimate Uses of Data for M-commerce Providers
Fundamentally the use of personal data is prohibited in Austria, unless the data
is used according to the principles and exceptions set forth in the Austrian Data
Protection Act.
The Data Protection Act only permits the use of data according to a number of
principles: Data must be used in a fair and lawful way and only for explicit and
legitimate purposes. It may not be further processed in a way that is incompatible
with those purposes. The results should be factually correct. Furthermore no
excessive data collection is allowed. The personal data must not be stored longer
than necessary, allowing for longer storage times because of laws concerning
archives.70
Controllers are permitted the use of personal data if they possess the legitimate
authority to do so and the data subjects' interests in secrecy deserving protection
is not infringed.71 This next section explains the two most important use cases
for m-commerce providers in this area: the consent of the data subject and over-
riding legitimate interests pursued by the controller.72
4.3.2.1 Consent of the Data Subject
The consent of the data subject has to be obtained if there are no over-riding
legitimate interests of the m-commerce provider that would justify the use of the
data. This next section covers the obtainment of a valid consent relating to non-
sensitive data.
This is the case if the m-commerce provider wants to process more data than is
absolutely necessary to fill an order since the principle of data minimization is
stated in § 6 (1) sub-para. 3 Data Protection act. Such data could include past
69§ 9 Data Protection Act. 70§ 6 (1) Data Protection Act. 71§ 7 (1) Data Protection Act. 72§§ 8 (1) sub-para. 1, 4 Data Protection Act.
Project m-commerce module: „Legal Aspects of m-commerce“
36
shopping choices, colour preferences, or any data the m-commerce provider
wants to sell to data collection agencies.
In order to obtain a valid consent the data subject needs to know the following
information:73
• which type of data is processed (e.g. name, address, shopping preferences,
telephone number, …); this has to be a complete list of all data collected
• for which purpose the data are being collected
• with full knowledge of the facts and surrounding circumstances
• which third parties will get access to the data (e.g. data collection agencies,
subsidiaries, …)
This requires m-commerce providers to look at the way personal data is used,
process this information and make it available to their customers. This information
has to be clear and concise, so that customers can understand how their data is
used. This can constitute a major obstacle especially for providers with a
complicated business structure. Therefore the declaration of consent of the
customer has to be drawn up with special care by legal professionals. It is also
advisable that businesses save the consent of the data subject in order to avoid
later difficulties.
4.3.2.2 Over-riding legitimate Interests pursued by the M-Commerce
Provider
Another way to lawfully process personal data of customers is if the legitimate
interests of the m-commerce provider over-ride the interests in secrecy deserving
protection of the customer. § 8 (3) sub-para. 4 of the Data Protection Act states
that this is the case if the data use is necessary for the fulfilment of a contract
between the controller and the data subject. This means that no consent of the
customer is necessary in order to process their data to fulfil contractual
obligations, but only if no more data are processed than is necessary for the
73RIS-Justiz RS0115216.
Project m-commerce module: „Legal Aspects of m-commerce“
37
transaction. Any data processed beyond the purpose of contract fulfilment needs
the consent of the customer or another justification provided by the law.
4.3.4 Duty of the Controller to notify In Austria the principle of the publicity of data application reigns, therefore all
controllers have to register themselves and their data applications. This serves
the purpose of informing data subjects about data use in Austria, since the register
is public.74
M-commerce providers have the duty to notify the Austrian Data Protection
Authority before starting any data application that processes personal data.75 This
notification has to be filed electronically at the “Datenverarbeitungsregister”.76
Some data applications are not subject to the notification duty, these include data
applications which solely contain published or indirectly personal data or which
correspond to a standard application. This is an ordinance of the Austrian Federal
Chancellor77 in which some data applications such as accountancy and logistics
are declared standard. It is important to note that a m-commerce provider cannot
use more than the types of data forseen in the standard application for the
exception to apply.78
The notification has to contain the following information:79
• the name (or other designation) and address of the controller and of his
representative
• the data registry number (if prior notification exists)
• the proof of the legitimate authority that the controller’s activities are
permitted, if so required (e.g. contractual obligations, consent of the data
subjects)
• the purpose of the data application to be registered and the legal basis (if
the legal basis was not already included in the proof of the permission) 74§ 16 (1) Data Protection Act. 75 § 17 Data Protection Act. 76 https://www.dsb.gv.at/site/6250/default.aspx. 77 Verordnung des Bundeskanzlers über Standard- und Musteranwendungen nach dem Datenschutzgesetz 2000 (Standard- und Muster-Verordnung 2004 - StMV 2004) BGBl. II Nr. 312/2004 idF 278/2015. 78 § 17 (1a) Data Protection Act. 79 § 18 Data Protection Act.
Project m-commerce module: „Legal Aspects of m-commerce“
38
• a statement, whether the data application matches one or more of the cases
for prior checking (e.g. processing sensitive data, joint information systems,
credit checking)
• the categories of data subjects and the categories of data about them that
are processed
• the categories of data subjects affected by intended transmissions, the
categories of data to be transmitted and the matching categories of
recipients – including possible recipient states abroad – as well as the legal
basis for the transmission
• insofar as a permit by the Data Protection Authority is required the file
number of the permit of the Data Protection Authority (if applicable)
• a general description of data security measures taken pursuant to § 14,
which enable a preliminary assessment of the appropriateness of the
security measures.
Categories of data subjects stand for classifications of persons such as employees,
customers or suppliers. Categories of data about these subjects mean
classifications of the information processed, such as names, addresses or orders.
Data security measures refer to any measures preventing accidental or intentional
destruction or loss, ensuring their proper use and the inaccessibility to
unauthorized persons. The height of the security level depends on the kind of data
processed (e.g. credit card data), the extent and purpose of the use, the economic
justifiability and the technical standards. M-commerce providers should ensure
that they have a secure way to handle their business data.
4.3.5 Chapter Review Questions
• What is personal data according to the law?
• Who is most responsible for the personal data being processed?
• What information has to be given in order to obtain a valid consent for the
use of cookies?
Project m-commerce module: „Legal Aspects of m-commerce“
39
4.4. Jurisdiction and Applicable Law within the EU
Attention: The contents of this chapter apply to the legal situation
in EU countries, because they are based on fully harmonized EU
legislation. However some issues might be still be handled
differently under national law due to the interplay of national and
Union Law.
M-commerce providers need to be aware that cross-border transactions within
the EU could result in legal disputes in the other country or where foreign law is
applicable. This next section aims to shed some light on this very important issue,
since disputes in foreign jurisdictions or within a foreign legal system can be
unpredictable and expensive. The two most relevant EU legislations for m-
commerce providers are the Regulation on the law applicable to contractual
obligations (Regulation No 593/2008)80 and the Regulation on jurisdiction and the
recognition and enforcement of judgments in civil and commercial matters
(Regulation No 1215/2012)81. This next section will cite the EU legislation, since
EU regulations are directly applicable and need not be transposed into national
law.
4.4.1 Applicable Law according to the Regulation No 593/2008 The Regulation No 593/2008 is applicable to contractual obligations in civil and
commercial matters, if a conflict of laws of different member states is involved.82
However there are some areas excluded like obligations arising out of dealings
prior to the conclusion of a contract, insurance contracts or family situations. 83
The Regulation No 593/2008 does not apply to contracts which were concluded
before the 17th of December 2009.84
80 Regulation (EC) No 593/2008 of the European Parliament and of the Council of 17 June 2008 on the law applicable to contractual obligations (Rome I) OJ L 177/2008, 6. 81 Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters OJ L 351/2012, 1. 82 Art. 1 para. 1 Regulation No 593/2008. 83 Art 1 para 2 Regulation No 593/2008. 84 Art 28 Regulation No 593/2008.
Project m-commerce module: „Legal Aspects of m-commerce“
40
As a general rule contract partners can choose which law is applicable to the
contract. This choice can also be made for only part of the contract. However if
another law is chosen than the one which has the most connections to the
contract, all binding provisions of this law are still applicable.85
M-commerce providers should take this freedom of choice into account when
contracting with business partners from other EU member states. They should
also check already existing contracts if such a choice was already included.
4.4.1.1 Applicable Law in the Absence of Choice
In case no choice was made regarding the applicable law the general rule is that
the law of the country of residence of the principal actor carrying out the contract
is applicable.86 The principle actor is considered to be the party which fulfils the
contract obligation characteristic for the contract type. For instance in the context
of sales contracts the seller has the characteristcal obligation since he delivers the
goods. Payment is not a characteristic feature of a type of contract.
Most relevant for m-commerce providers are the provisions relating to sale and
service contracts. According to Art. 4 no 1 lit. a Regulation No 593/2008 sale
contracts are governed by the law of the country, where the seller has his habitual
residence. In regard to service contracts Art. 4 no 1 lit. b of the Regulation No
593/2008 stipulates that the contract for the provision of services shall be
governed by the law of the country, where the service provider has his habitual
residence.
Exceptions to this rule apply to contracts of carriage87, insurance contracts,88
individual employment contracts89 and consumer contracts. The latter exception
shall be examined in more detail.
85 Art 3 Regulation No 593/2008. 86 The law applicable to contractual obligations – The Regulation No 593/2008, http://eur-lex.europa.eu/legal-content/en/TXT/?uri=URISERV:jl0006. 87 Art. 5 Regulation No 593/2008. 88 Art. 7 Regulation No 593/2008. 89 Art. 8 Regulation No 593/2008.
Project m-commerce module: „Legal Aspects of m-commerce“
41
4.4.1.2 Applicable Law in Case of Consumer Contracts
The EU consumer protection framework extends to the Regulation No 593/2008,
which stipulates special rules in Article 6 for B2C contracts.
Article 6 para. 1 of the Regulation No 593/2008 states that the applicable law is
the law of the country where the consumer has their habitual residence if the
m-commerce provider pursues his commercial or professional activities in the
consumer’s country or the m-commerce provider directs their commercial or
professional activities to the country of the consumer. This provision only applies
if the activities of the m-commerce provider and the contract in question fall within
the same scope.
M-commerce providers are still able to negotiate the applicable law with the
consumers, however the favourability principle set forth in Article 6 para. 2
Regulation No 593/2008 protects the consumers from disadvantageous choices.
This script has shown a number of provisions which cannot be rescinded to the
detriment of consumers – according to the favourability principle the protection
of such clauses is still afforded to consumers if the chosen law would deprive them
of it. From which law do these non-rescindable provisions come? Article 6 para. 2
Regulation No 593/2008 stipulates that this is the national law specified in para.
1 of the same Article. This means that binding foreign protection clauses might
be applicable, if the consumer protection level of the chosen law is lower than the
one applicable according to Article 6 para. 1 Regulation No 593/2008. M-
commerce providers should therefore be aware of the choice of law when
contracting with consumers in other member states.
As explained above the activity of the m-commerce provider is the deciding factor
when applying Article 6 Regulation No 593/2008. In the case of directing the
commercial activity to another member state (regarding online advertisements
and websites) the ECJ has held that traders must have manifested their intention
to establish business relations with consumers in other countries. This can be
evidenced by the international character of the commercial activities, the use of
international telephone numbers, top level domains (such as .com or .eu), the
Project m-commerce module: „Legal Aspects of m-commerce“
42
mentioning of country names and foreign currency. Whether or not a m-
commerce provider has directed their activities to a different member state
depends therefore on the circumstances of the app or website in question.90
Flowchart: Applicable Law according to the Regulation No 593/2008 (Source: Own Illustration).
4.4.2 Jurisdiction within the EU The Regulation No 1215/2012 applies in civil and commercial matters, except in
matters relating to family law or matters of succession.91 It is important to note
that this section only covers the jurisdiction governed by the aforementioned
Regulation, national Austrian jurisdiction law is not covered. This section focuses
exclusively on consumer contracts, since the rules provided by the Regulation No
1215/2012 might mean that a m-commerce provider faces disputes in a foreign
court.
These rules interact with EU legislation in a complicated way, especially if the
parties seek to agree to a different jurisdiction than is foreseen by the law. M-
commerce providers should seek professional legal advice beforehand in order to
make sure such an agreement is valid.
90 Rühl Giesela, 2013, 128 f. 91 Art 1 Regulation No 1215/2012.
Project m-commerce module: „Legal Aspects of m-commerce“
43
4.4.2.1 Jurisdiction over Consumer Contracts Jurisdiction over consumer contract is determined by Art 17 Regulation No
1215/2012, if this article is applicable consumers have a considerable advantage,
because they can choose the jurisdiction. Art 18 (2) Regulation No 1215/2012
states that legal proceedings can only be brought against a consumer in the courts
of the member state in which the consumer is domiciled. Conversely, a consumer
can bring proceedings against the m-commerce provider either in the courts of
the member state of the m-commerce provider or in the courts of the member
state where the consumer is domiciled.
This jurisdiction rule is applicable if92
• the contract is for the sale of goods on instalment credit terms
or
• the contract is for a loan repayable by instalments, or for any other
form of credit, made to finance the sale of goods
or
• the contract has been concluded with a person who pursues commercial
or professional activities in the member state of the consumer’s
domicile or, by any means, directs such activities to that member
state or to several States including that member state, and the contract
falls within the scope of such activities
The last provision is similar to the one governing the applicable law for consumer
contracts.93 Again the question is, whether or not a m-commerce provider directs
or pursues their professional activities in the other member state.
Regarding online advertisements and websites the ECJ94 has held that traders
must have manifested their intention to establish business relations with
consumers in other countries. This can be evidenced by the international character
of the commercial activities, the use of international telephone numbers, top level
domains (such as .com or .eu), the mentioning of country names and foreign
92 Art 17 (1) Regulation No 1215/2012 93 Art 6 (2) Regulation No 593/2008. 94 ECJ 7.12.2010, C-585/08 and C-144/09 (Pammer und Hotel Alpenhof), 83 f.
Project m-commerce module: „Legal Aspects of m-commerce“
44
currency. Whether or not a m-commerce provider has directed their activities to
a different member state depends therefore on the circumstances of the app or
website in question and must be established for each case separately.95
Flowchart: Jurisdiction over consumer contracts (Source: own illustration)
Art 19 of Regulation No 1215/2012 allows to choose another jurisdiction by an
agreement with the consumer, however this is only possible if the agreement has
been made after the dispute has arisen and additional conditions are met. It is
highly recommended that a m-commerce provider seeks out professional legal
advice, if they wish to conclude an agreement with a consumer about the
jurisdiction.
4.4.3 Chapter Review Questions
• What is meant by the term „jurisdiction“?
• What is meant by the term „applicable law“?
• Why are the jurisdiction and the applicable law important in international
law disputes?
95 Rühl Giesela, 2013, 128 f.
Project m-commerce module: „Legal Aspects of m-commerce“
45
5. Case studies
This next chapter contains case studies for the above topics. Learners are
encouraged to use the flowcharts and materials provided to come to their own
conclusions.
5.1. Case Study 1
Cindy Customer wants to buy new shoes. She opens the Application “ShoesnMore”
by the company Shoes Today & Tomorrow Inc. on her smartphone and sees a
beautiful pair of red boots. Cindy writes an e-mail to the company saying that she
would buy these boots in size 8, if they were also available in black.
After they receive the e-mail by Cindy Customer, Shoes Today & Tomorrow Inc.
immediately sends her a red pair of the boots Cindy Customer specified in size 8
together with an invoice.
Question: Does Cindy Customer have to pay for the boots?
Answer: The answer to the question lies in whether or not a valid contract has
been formed. Cindy Customer has made an offer, which was specific and meant
sincerely. Shoes Today & Tomorrow Inc. has also received this offer and tried to
accept via the sending of the boots. However, no valid contract was concluded
since consent is missing: Cindy Customer wanted black boots, Shoes Today &
Tomorrow Inc. sent her a red pair. Cindy Customer does not have to pay for the
boots.
5.2. Case Study 2
Subsequently Shoes Today & Tomorrow Inc. wants to relaunch their application
to include colour choices for a better user experience and to avoid incidents like
the above. The software developer includes a hard to find link leading to the GTC,
but no notice of the GTC before the order button.
Project m-commerce module: „Legal Aspects of m-commerce“
46
Question: Have the GTC of Shoes Today & Tomorrow Inc. become part of a
contract?
Answer:
Like any other contract clause whether or not GTC become part of the agreement
depends on whether both parties consented to their use. In the case above the
user of the app has no knowledge that Shoes Today & Tomorrow Inc. wants to
conclude the contract only if their GTC are included. Therefore customers cannot
consent to their inclusion. The GTC are not part of the contract.
5.3. Case Study 3
Benjamin Busybee is a self-employed entrepreneur, who specialises in
information-technology consulting. He wants to redecorate his apartment and
orders new curtains via his smartphone on “Curtains4everybody”, while he is
waiting for an important meeting with a client.
Question: Is Benjamin Busybee a consumer?
Answer: According to the Austrian Consumer Protection Act, Benjamin is a
consumer if the transaction is not made in the course of carrying on his business.
This is the case, since the transaction is made for private reasons, namely the
redecoration of his apartment. His status as entrepreneur in the IT-sector is
irrelevant to the transaction, since he does not make it in order to further his
business.
5.4. Case Study 4
David Doolittle (a consumer) wants to get fit. He subscribes to the app “fit4you”,
which offers training programs and dieting plans. The app informs him correctly
of all his rights and obligations and David pays 5,99 Euro for the month, which
gives him immediate access to the services of fit4you. A colleague of David tells
Project m-commerce module: „Legal Aspects of m-commerce“
47
him a week later that the app “fit2go” offers better services and is even cheaper.
David therefore exercises his right of withdrawal.
Question: Does David Doolittle have to pay a proportionate amount for the week
he used the app “fit4you”?
Answer: When it comes to services performed for a consumer during the
withdrawal period all conditions must be met by the m-commerce provider in
order to be entitled to the proportionate payment. In this case the m-commerce
provider behind “fit4you” did not demand an express request of David Doolittle to
immediately start with the service. Even with the correct information given, the
provider loses his claim to the partial payment.
Project m-commerce module: „Legal Aspects of m-commerce“
48
6. Source directory
Literature:
Fallenböck Markus: Die AGB am Handy-Display, Wie können Allgemeine
Geschäftsbedingungen im M-Commerce wirksam einbezogen werden?, MR 2004,
440.
Geiger Barbara: FAGG: Dienstleistungen in der Rücktrittsfrist, ecolex 2014, 597.
Janisch Sonja: Vertragsrechtliche Aspekte des E-Commerce in
Jahnel/Mader/Staudegger (Hrsg.) IT-Recht3. Verlag Österreich. Wien 2012.
Handig Christian: Aus einem Fass ohne Boden - Mehr Informationspflicht für
Webshops, ecolex 2014,411.
Rühl Giesela, Die rechtsaktübergreifende Auslegung im europäischen
Internationalen Privatrecht: Art 6 der Rom I-VO und die Rechtsprechung des
EuGH zu Art 15 Brüssel I-VO, GPR 2013, 122.
Andreas Wiebe in Kletečka/Schauer (Hrsg.), ABGB-ON1.02 § 861 ABGB (Stand
01.06.2015).
Project m-commerce module: „Legal Aspects of m-commerce“
49
EU Law:
Directive 95/46/EC of the European Parliament and of the Council of 24 October
1995 on the protection of individuals with regard to the processing of personal
data and on the free movement of such data OJ L 281/1995, 31 version OJ L
284/2003,1.
Directive 1999/93/EC of the European Parliament and of the Council of 13
December 1999 on a Community framework for electronic signatures OJ L
2000/13, 12 repealed by OJ L 2014/257, 73.
Directive 2000/31/EC of the European Parliament and of the Council of 8 June
2000 on certain legal aspects of information society services, in particular
electronic commerce, in the Internal Market ('Directive on electronic commerce')
OJ L 178/2000, 1.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July
2002 concerning the processing of personal data and the protection of privacy in
the electronic communications sector (Directive on privacy and electronic
communications) OJ L 201/2002, 37 version OJ L 337/2009, 11.
Directive 2011/83/EU of the European Parliament and of the Council of 25 October
2011 on consumer rights, amending Council Directive 93/13/EEC and Directive
1999/44/EC of the European Parliament and of the Council and repealing Council
Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of
the Council OJ L 304/2011, 260.
Regulation (EC) No 593/2008 of the European Parliament and of the Council of 17
June 2008 on the law applicable to contractual obligations (Rome I) OJ L
177/2008, 6.
Project m-commerce module: „Legal Aspects of m-commerce“
50
Regulation (EU) No 1215/2012 of the European Parliament and of the Council of
12 December 2012 on jurisdiction and the recognition and enforcement of
judgments in civil and commercial matters OJ L 351/2012, 1
Regulation (EU) No 910/2014 of the European Parliament and of the Council of
23 July 2014 on electronic identification and trust services for electronic
transactions in the internal market and repealing Directive 1999/93/EC by OJ L
2014/257, 73.
Project m-commerce module: „Legal Aspects of m-commerce“
51
Austrian Law:
Allgemeines bürgerliches Gesetzbuch für die gesammten deutschen Erbländer der
Oesterreichischen Monarchie (ABGB) JGS 946/1811 idF BGBl I 87/2015.
Bundesgesetz, mit dem bestimmte rechtliche Aspekte des elektronischen
Geschäfts- und Rechtsverkehrs geregelt werden (E-Commerce-Gesetz - ECG)
BGBl I 152/2001 idF BGBl I 34/2015.
Bundesgesetz über elektronische Signaturen (Signaturgesetz - SigG) BGBl I
190/1999 idF BGBl I 75/2010.
Bundesgesetz über Fernabsatz- und außerhalb von Geschäftsräumen
geschlossene Verträge (Fern- und Auswärtsgeschäfte-Gesetz – FAGG) BGBl I
33/2014 idF I 83/2015.
Bundesgesetz über den Schutz personenbezogener Daten (Datenschutzgesetz
2000 – DSG 2000) BGBl I 165/1999 idf BGBl I 83/2013.
Bundesgesetz vom 8. März 1979, mit dem Bestimmungen zum Schutz der
Verbraucher getroffen werden (Konsumentenschutzgesetz - KSchG) idF BGBl.
140/1979 idF BGBl I 105/2015.
Verordnung des Bundeskanzlers über Standard- und Musteranwendungen nach
dem Datenschutzgesetz 2000 (Standard- und Muster-Verordnung 2004 - StMV
2004) BGBl. II Nr. 312/2004 idF 278/2015.
Project m-commerce module: „Legal Aspects of m-commerce“
52
Case Law:
ECJ 7.12.2010, C-585/08 and C-144/09 (Pammer und Hotel Alpenhof).
OGH 29.11.2007, 2 Ob 108/07g=Schmidbauer, Zak 2008/151 S 83 -
Schmidbauer, Zak 2008,83 = Zak 2008/161 S 94 - Zak 2008,94 = jusIT 2008/26
S 64 (Staudegger) - jusIT 2008,64 (Staudegger) = Jus-Extra OGH-Z 4467 = JBl
2008,324 = EvBl 2008/70 S 365 - EvBl 2008,365 = MR 2008,176 (Hornsteiner)
= ecolex 2008/71 S 227 - ecolex 2008,227 = ecolex 2008,625 (Häusler,
Rechtsprechungsübersicht) = RdW 2008/297 S 339 - RdW 2008,339 = RZ
2008,234 EÜ292, 293 - RZ 2008 EÜ292 - RZ 2008 EÜ293 = HS 38.289 = HS
38.631 = SZ 2007/190.
OGH 30.3.2011, 9 Ob A 51/10f = ARD 6142/2/2011 = Zak 2011/320 S 173 - Zak
2011,173 = JBl 2011,468 = EvBl 2011/113 S 780 - EvBl 2011,780 = ecolex
2011/249 S 647 - ecolex 2011,647 = RdW 2011/516 S 487 (Tuma) - RdW
2011,487 (Tuma) = ZAS-Judikatur 2011/145 = DRdA 2011,566 = infas
2011,201/A62 - infas 2011 A62 = DRdA 2012,424/37 (Gruber/Rabl) - DRdA
2012/37 (Gruber/Rabl) = Arb 12.972
RIS-Justiz RS0115216.
RIS-Justiz RS0122204.
RIS-Justiz RS0039939.
RIS-Justiz RS0065309.
Project m-commerce module: „Legal Aspects of m-commerce“
53
7. Internet links
In this chapter are all the relevant internet links for the module.
https://www.dsb.gv.at/site/6250/default.aspx (last checked on 20th of
September 2015).
http://eur-lex.europa.eu/legal-content/en/TXT/?uri=URISERV:jl0006 (last
checked on 20th of September 2015).
http://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Geset
zesnummer=20008847 (last checked on 20th of September 2015).
http://www.sozialministerium.at/site/Soziales/EU_Internationales/Verbrauchersc
hutz_auf_Ebene_der_EU/ (last checked on 20th of September 2015).