A ‘conditional payment’ is still a payment: the Court of justice rules again on online order buttons (Case C-400/22, Conny)

 

 

Alessandra Fratini and Giorgia Lo Tauro, FratiniVergano European Lawyers

Photo credit: Namakkalshowroom, via Wikimedia Commons

 

 

Introduction

On 30 May 2024, the Court of Justice of the European Union issued its judgment in Conny (Case C-400/22), which concerned the labelling requirements for online order buttons under Article 8 of the Consumer Rights Directive (Directive 2011/83). The Court ruled that the order button, or any similar function on an online platform, must clearly indicate that by clicking on it the consumer commits to a payment obligation, even if the obligation is subject to further conditions.

The paragraphs below, after a short overview of the case-law touching upon Article 8, review the peculiarities of the Conny case and the findings of the Advocate General and the Court, and conclude on  the importance of consumer rights’ awareness in online transactions.

 

Article 8(2) and the earlier case-law

The Consumer Rights Directive aims at approximating Member States’ provisions related to contracts concluded between consumers and traders, to contribute to the proper functioning of the internal market through the achievement of a high level of consumer protection (Article 1). To this purpose, its Article 8 sets ‘formal requirements for distance contracts’, also when concluded by electronic means, that traders shall comply with.

Under Article 8(2), first subparagraph, if the contract places the consumer under an obligation to pay, the trader shall make the consumer aware ‘in a clear and prominent manner’, and directly before placing the order, of the related information (i.e., the main characteristics of the goods or services, the total price, the duration of the contract and, where applicable, the minimum duration of the consumer’s obligations), making sure that the consumer, when placing the order, is explicitly aware that such an order implies an obligation to pay. The second subparagraph clarifies that ‘[i]f placing an order entails activating a button or a similar function, the button or similar function shall be labelled in an easily legible manner only with the words ‘order with obligation to pay’ or a corresponding unambiguous formulation indicating that placing the order entails an obligation to pay the trader. If the trader has not complied with this subparagraph, the consumer shall not be bound by the contract or order’ (for ease of reading, the following references to Article 8(2) shall be read as to the second subparagraph).

Despite its intended clarity, this provision raised interpretative doubts which were submitted to the Court before Conny. In Fuhrmann-2 (Case C-560/20), the Court addressed for the first time the interpretation of the formal requirement related to the ‘order button’ laid down in Article 8(2). The case concerned the booking of hotel rooms in Germany via an online accommodation booking platform: the hotel charged a cancellation fee to a consumer who, after having clicked on the ‘I’ll reserve’ button, entered personal details of the guests and then clicked on a button labelled with the words ‘complete booking’, had not showed up on the planned day. For the purpose of determining whether a formulation displayed on the order button such as ‘complete booking’ could be considered as ‘corresponding’ to the words ‘order with obligation to pay’ according to the Consumer Rights Directive, the referring court asked the Court whether only the words appearing on that button or the overall circumstances of the booking process should be taken into account.

The Court relied on the systematic interpretation of the provision and insisted on the objectives of the Consumer Rights Directive. It first explained that the formulation ‘order with an obligation to pay’ laid down in Article 8(2) serves as an example, so that Member States are permitted to allow traders to use any other corresponding formulation of their choice, provided that it is unambiguous and entirely clear as to the creation of an obligation to pay (paras. 26-27). It went on to clarify that it is the button or similar function that must be labelled with such a formulation, so that only the words appearing on that button or similar function must be taken into account for determining whether the trader has fulfilled its obligation to ensure that the consumer explicitly acknowledges that the order implies an obligation to pay, emphasising the consumer’s attention in that respect, as required by recital 39 of the Directive (paras. 28-29). Taking the objective of the Directive into account, which is to guarantee a high level of consumer protection as regards information, the Court found that ‘it would effectively undermine that objective if, when activating a button or similar function, the consumer were required to infer from the circumstances of that process that he or she was giving a binding undertaking to pay, although the words appearing on that button or similar function are not such as to enable the consumer to identify such consequences with absolute certainty’ (para. 30).

In Sofatutor (Case C-565/22), which concerned the interpretation of the right of withdrawal (Article 9), the Court reiterated the importance of information and formal requirements for distance contracts. By clarifying that the consumer’s right to withdraw from an initially free subscription made via distance contract is guaranteed only once, the Court specified that this is only the case if the consumer, when concluding that contract, has been informed in a clear, comprehensible and explicit manner by the trader that, after that initial free period, payment will be required for the performance of services (paras. 50-51). It repeated the traders’ obligation to ensure that the consumer explicitly acknowledges that the order implies an obligation to pay (via a button or a similar function). In the absence, the consumer is not to be bound by the contract or order (para. 45).

 

The peculiar ‘condition’ of the Conny case

In Conny, the Court was called again to rule on the ‘button or a similar function’ indicating the obligation to pay the trader. Interestingly, different from the cases above, in Conny it was not the consumer but a third party, who was interested in questioning the validity of a contract concluded by the former with a trader, that had invoked consumer protection rules.

Conny is a debt recovery company governed by German law. It offers a service whereby tenants may enter into an agency contract via its website and assign their rights to reclaim any overpayments of rent (i.e., in case the maximum rent ceiling under national law is exceeded) in favour of Conny, who shall attempt to reclaim such overpayments from landlords on the tenant’s behalf. To enter into the agency contract on Conny’s website, tenants must tick a box to approve the general terms and conditions, where reference is made to the pecuniary nature of the contract (tenants must pay the company a third of the annual rent saved, where the company’s attempts to assert their rights are successful) and then click on a button to place the order. So did the tenant in this case, who also signed a form provided by Conny (‘Confirmation, power of attorney and assignment, authorisation’), which did not contain any information on obligation to pay on the tenant’s part (para. 14 of the judgment).

Conny asserted the tenant’s rights against the landlords. In the ensuing dispute, the latter claimed that Conny could not act on behalf of the tenant because the agency contract was ‘null and void’ (para. 18 of the judgment), since it did not comply with the formal requirements laid down in the national law transposing the Consumer Rights Directive (Section 312j (3) and (4) BGB, which requires the fulfilment of the trader’s obligation in order for the contract to be validly in place). In particular, the order button was not labelled with an explicit mention of the obligation to pay associated with the order.

In those circumstances, where the contract concluded at a distance entailed only a possible obligation to pay on the part of the consumer, i.e. that obligation was subject to the fulfilment of certain future conditions, the referring court had doubt as to the applicability of the formal requirements under Article 8(2) concerning the order button, and referred that question to the Court of justice. The referring court also underlined that the transposing legislation was not interpreted uniformly in national case-law (para. 22 of the judgment).

 

The Opinion of the Advocate General: ‘protective nullity’ and consumer protection at all costs

The Advocate General took into account the peculiarity of the case, including the fact that consumer protection was invoked by a third party against the validity of a contract concluded by a consumer seeking protection. In his Opinion, he noted that, in the event that the contract was considered invalid due to order button lacking any explicit mention of the obligation to pay, it was also necessary to ascertain whether the applicable national provision, according to Article 8(2) of the Directive, allowed the referring court to maintain the effects of the contract where the consumer objects to the disapplication of the disputed clause (para. 22 of the Opinion). In fact, under Section 312j(4) BGB, contracts shall be formed ‘only if’ traders fulfil the required obligation. Against this background, the Advocate General identified two legal issues to be examined in order to answer the preliminary question: (a) whether the ‘conditional payment’ case falls within Article 8(2) of the Directive; and (b) if so, the effects of the infringement of the requirement laid down therein on the signed contract, especially as regards the consumer’s will and the standing of a third party to rely on the possible invalidity (para. 24).

In addressing the first issue, the Advocate General found that both the textual and systematic interpretation and the objectives of the Directive lead to the same solution: the formal requirements of Article 8(2) also apply where the payment is subject to the fulfilment of a specific condition outside the consumer’s sphere of influence (para. 38). And this is because the contractual relationship, which is the legal condition of the obligation to pay, arises at the moment at which the consumer manifests the will, i.e. the click on the button to sign the order (para. 44). This view would also be supported by an interpretation based on the effectiveness of the provision: compliance with formal requirements even in the case of ‘conditional payment’ is the only way of ensuring sufficient information and safety in commercial relations between consumers and traders, otherwise the scope of the protection established by the Directive would be undermined (para. 45), while no extension of the text of the button in cases of conditional payments is needed to accomplish the requirement (para. 48).

As regards the second issue, i.e. the effects of the infringement of the requirement on the validity of the main contract, the Advocate General recalled that according to settled case-law of the Court ‘unfair terms must not be applied, unless the consumer objects’, otherwise this would have distortive effects vis-à-vis the purpose of the Directive (para. 52), and that the scope of Article 8 is not unconditional, but is limited by the will of the consumer (para. 53). Therefore, in the Advocate General’s opinion, since the invalidity of the term is specifically designed for consumer protection, and ‘the invalidity provided for in the consumer protection directives may be attributed to the category of ‘protective nullity’, irrespective of the exact classification under national law,’ the referring court shall take its decision in accordance with the wishes of the consumer, i.e. even maintaining the effects of the term and the contract’ (para. 55). On this point, the Advocate General addressed the question of the differences in wording between the national provision and the Directive and concluded that it is for the national court to ascertain, by considering the whole body of domestic law, whether an interpretation of national law in conformity with the wording and spirit of Directive is possible. Guided by the consumer’s wish to remain bound by the order placed on the trader’s website, the Advocate General also suggested that the referring court interpret national law in line with the possibility of maintaining the effects of the contract at issue (paras. 57-61).

The twofold analysis proposed by the Advocate General paved the way for a consumer protection-oriented interpretation of Article 8(2), while at the same time paying due attention to the effective protection of the consumer in the case pending before the national judge.

 

Judgment of the Court: a consumer protection-oriented interpretation and the relevance of the consumer’s will

In its judgment, the Court followed the Advocate General’s Opinion and confirmed the consumer protection-oriented approach when it comes to online contracts.

The Court recalled the case-law on the formulation on the order button or similar function, that shall clearly indicate the obligation to pay, and added that the formal requirement under Article 8(2) ‘does not make any distinction between payment obligations subject to conditions and those which are unconditional. On the contrary, it is apparent from that wording that the obligation to provide information laid down in that provision applies since an order placed ‘implies’ an obligation to pay. Consequently, it may be inferred therefrom that the obligation on the trader to inform the consumer arises when he or she agrees to be bound by an irrevocable obligation to pay in the event of satisfaction of a condition over which he or she has no control, even if that condition has not yet been satisfied.’ (paras. 46-47). A different interpretation would lead to the trader being required to fulfil the information obligation not while the consumer can still abandon the order, but only subsequently, when payment becomes due, therefore allowing the trader to disregard such an obligation at the very time when it may prove useful to the consumer (paras. 52-53). Therefore, the Court concluded that the obligation on traders under Article 8(2) also applies in cases of conditional payments.

In addition, on the second issue identified by the Advocate General, the Court clarified that the requirement under Article 8(2) merely provides that the consumer is not bound by the contract concerned, and this does not affect the national rules on the validity, formation or effect of a contract, according to Article 3(5) of the same Directive. Therefore, without prejudice to the interpretation given by the Court to the provisions of Article 8(2) of the Directive, the consumer in the main proceedings may decide to maintain the effects of the contract or order which was not binding, because of the failure of the trader (paras. 54-55), in so far as it, in essence, best serves the rationale of the Directive, namely consumer protection.

 

Concluding remarks

In a nutshell, the judgment restates the Directive’s aim of ensuring a high level of consumer protection in online transactions, by requiring the unambiguous acknowledgment of payment obligations by consumers for them to be bound, irrespective of the conditions which the payment is subject to.

It validates the importance of awareness of, and compliance with, EU consumer protection rules for both consumers and traders when concluding distance contracts. At the same time, it highlights the prominence of the consumer’s will, which national courts shall take into account in cases where the contract or order, because of the trader’s failure to comply, is not binding on the consumer.

 

A Dilemma of Two Communities: How the Portuguese-speaking Countries Mobility Agreement Might be Conflicting with EU Law

 

 

Ana Rita Gil*, Aylin Yildiz Noorda** & Lucas Ricardo***

 

* Professor, Law Faculty of the University of Lisbon, Portugal. Researcher at the Lisbon Public Law. Email: anaritagil@fd.ulisboa.pt.

** Postdoctoral Researcher at the Lisbon Public Law Research Centre, University of Lisbon, Portugal / Non-resident Research Fellow at the World Trade Institute (WTI) and the Oeschger Centre for Climate Change Research (OCCR), University of Bern, Switzerland. Email: aylin.yildiz@wti.org. This research has been funded by the Swiss National Science Foundation (SNSF) under grant no P500PS_210910.

*** Investment Policy Consultant at UNCTAD. Email: narciso_lucas@hotmail.com

 

Photo credit: Donatas Dabravolskas, via Wikimedia Commons

 

The recent decision of the European Commission to launch infringement procedures against Portugal concerning the provisions of the Community of Portuguese-speaking Countries (CPLP) Mobility Agreement has placed this new framework in the spotlight. Concluded by Portugal, Angola, Brazil, Cape Verde, Guinea-Bissau, Mozambique, São Tomé and Príncipe, Timor-Leste and Equatorial Guinea in 2021, the CPLP Mobility Agreement facilitates the movement of the citizens of the CPLP member states within the boundaries of ‘the same language space’. As the CPLP Executive Secretary Zacarias da Costa put it, the agreement goes ‘way beyond a set of piecemeal measures’, establishing a legal framework with a flexible and variable system suited to each state’s specificities. Notably, the Mobility Agreement aims to streamline the process for acquiring temporary residence visas and permits, with around 150,000 applications reportedly undergoing processing by the Portuguese Foreigners and Border Service (SEF). In this post, we examine the adoption, content, and implementation of the Mobility Agreement, commencing with a brief introduction to the CPLP.

 

Founding the CPLP

 

The inception of the CPLP traces back to early 1980s when the Portuguese Minister of Foreign Affairs at the time, during an official visit to Cabo Verde, endorsed decentralised tricontinental dialogues as a means to formalise the connections between Portugal and its former colonies. This initiative gained momentum in the 1990s, primarily due to the dedicated effort of the Brazilian ambassador to Portugal at the time, and resulted in the creation of the organisation in 1996. Although the CPLP was ostensibly established with benign objectives, centred on fostering cooperation across various areas rooted in a professed shared language and culture, it appeared to be the ‘political face’ of the Lusophone world. In this regard, it bears a resemblance to its French- and English-speaking counterparts, albeit neither the Organisation internationale de la Francophonie nor the Commonwealth of Nations have adopted a mobility agreement of the kind seen within the CPLP.

 

Initially comprising seven member states, the CPLP expanded with the admission of the newly independent state of Timor-Leste in 2002 and Equatorial Guinea in 2014. Brazil stands as the largest member state in terms of territory, population and economy, boasting the highest number of Portuguese speakers. However, projections indicate that by the close of the 21st century, the majority of Portuguese speakers will likely reside in Africa, attributed to demographic growth in Angola and Mozambique. While the list of potential future CPLP members may seem to have been exhausted, the CPLP has proactively introduced the category of an ‘observer’, enabling international organisations and interested countries to participate in CPLP summits and Council of Foreign Affairs Ministers meetings, albeit without voting rights.

 

Adopting the Mobility Agreement

 

The CPLP’s founding texts had already established the objective of ‘contributing to the strengthening of human ties, solidarity and fraternity among Peoples who have the Portuguese Language as one of the foundations of their specific identity and, in this sense, promoting measures that facilitate the movement of citizens of Member Countries within the CPLP space’. Acting on this, the CPLP member states agreed to explore possible avenues for policy development in mobility issues in the Praia Declaration in 1998. Two years later, a working group was established to facilitate intra-CPLP mobility and to ensure the equality of social and political rights among CPLP member state citizens. Several agreements followed soon after, including on common maximum requirements for short-term visa applications in 2002 and student visas in 2007. During this period, the goal to institute a Lusophone or CPLP citizenship status garnered much attention but has not reached a consensus. In the meantime, the path was laid for a mobility agreement, which was eventually signed in Luanda, Angola, on 17 July 2021, following seven sessions of text-based deliberations.

 

Facilitating Three Types of Movement

 

The Mobility Agreement does not create a free movement regime. Instead, the CPLP member states have established minimum standards to facilitate three types of movement: short stay, temporary stay, and residency. Although short stays do not necessitate prior administrative authorisation, temporary stays (with a duration not exceeding 12 months) are conditional upon such authorisation. Conversely, the streamlining of residency contemplates a novel documentation category called the ‘CPLP residence permit’, which may be granted subsequent to the authorisation of a ‘CPLP residence visa’.

 

Sitting at the heart of this framework are the applicable terms and conditions. Essentially, each state is free to choose mobility modalities and categories. This allows the states to undertake obligations gradually and with varying degrees of integration across one or more mobility modalities and/or categories of people, tailoring them to internal circumstances. Each state retains the authority to define, based on its internal legislation, the necessary documentation required to apply for the CPLP residence visa. Furthermore, none of the states are obligated to undertake commitments that are incompatible with their international commitments or regional integration agreements.

 

Implementation by Portugal

 

Portugal approved the CPLP Mobility Agreement by Resolution of the Assembly of the Republic No. 313/2021 of 9 December, implementing it by enacting Acts No. 4/2022 of 30 September, and No. 18/2022 of 25 August.

 

Accordingly, CPLP member state citizens may apply for a temporary-stay visa, work-seeker visa or a CPLP residence visa. Such requests shall be granted outright, unless the applicant is identified in the Schengen Information System as the subject of an alert for return or an alert for refusal of entry and stay. In other words, the applicants no longer need to apply for a visa in person, and are exempted from the prior decision of SEF (which has recently been replaced by AIMA).

 

Furthermore, as of March 2023, certain CPLP member state nationals have been able to apply for a temporary residence permit online. This is not an automatically granted visa, but rather a temporary residence permit granted to CPLP member state nationals who already had migration processes pending at SEF/AIMA or had visas issued by Portuguese consulates. Similarly, those with a CPLP residence visa are entitled to apply for a CPLP residence permit.

 

The decision to grant a CPLP temporary residence permit to citizens who were already staying in the territory, and who were waiting for a residence permit, was also taken with the aim to respond to the high number of pending applications made under the permanent regularisation scheme existing in Portugal. Indeed, Articles 88 and 89 of the Immigration Law establish a ‘right to regularisation’ to citizens who are illegally staying in the territory and who have a labour contract or a promissory agreement to formalize a labour contract. These legal norms attracted a high number of migrants, mainly from Brazil, that entered Portugal with the purpose of seeking job opportunities, and stayed illegally there, waiting for their regularisation. The number of pending procedures amounted to more than 120,000 and the waiting time was exceeding two years. The dissatisfaction among the immigrants’ community was growing, and the Ombudsman reported an extreme rise of complaints against SEF. With the CPLP scheme, the Government was expecting to solve this backlog, that was seriously jeopardizing the good functioning of the services and raising social discontent.

 

European Commission’s Infringement Procedure against Portugal

 

In September 2023, the Commission started an infringement procedure against Portugal. The Commission considers that the Mobility Agreement provides for a residence permit which is not compliant with the uniform format for residence permits for third-country nationals under Council Regulation 1030/2002. Furthermore, the Commission contends that both the residence permits as well as the long-stay visas issued for job-seeking purposes to nationals of the CPLP States do not allow their holders to travel within the Schengen area, in contradiction with EU law.

 

The CPLP ‘residence permit’ consists of a document which simply states that its holder has authorisation to reside in Portugal under the CPLP mobility agreement. The fact that it does not follow the EU’s residence permit format has also contributed to raise several uncertainties in the daily lives of its holders. In fact, it was common for private or even public entities not recognising the document and denying access to some rights, such as opening bank accounts or renting houses. Also, it was very frequent that holders of CPLP residence permits were denied embarkment in international flights or even returning to Portugal by foreigner airports’ officials, who were not familiarised with the document.

 

Portugal has two months to respond to the letter and address the shortcomings identified by the Commission. Portuguese Secretary of State for European Affairs, Tiago Antunes, has already denied incompatibility between the Mobility Agreement and the Schengen regime, and announced that the implementation of the agreement would continue. In the absence of ‘a satisfactory response’ by Portugal, the Commission may decide to issue a reasoned opinion, which is a formal request to comply with EU law. In case the country in question does not comply with the reasoned opinion, the Commission may decide to refer the matter to the Court of Justice of the EU.

 

Conclusion: Is CPLP Mobility Agreement one of a kind or part of a larger trend?

 

The CPLP Mobility Agreement may be seen as a distinctive framework, emanating from a political and cultural cooperation organisation rather than an integrated trade bloc. Integrated trade blocs, such as the EU, African Union (AU), Southern Common Market (MERCOSUR), and the Economic Community of West African States (ECOWAS), have established their own systems of free movement, albeit at various stages of implementation. While trade agreements designed between developed and developing nations have been observed to facilitate human mobility to a certain extent, the extent of such facilitation is typically more limited. The CPLP Mobility Agreement echoes the conventional observation that states operating at differing levels of development tend to facilitate human mobility to a more restricted degree.

 

Nonetheless, the CPLP Mobility Agreement has been observed as being unique for putting an end to an unjustifiable limit to the right to work for certain non-EU citizens in an EU country. In this sense, it can be viewed as part of a larger trend in favour of international cooperation on migration issues. This issue topped the UN agenda particularly post-2015, leading to the adoption of the legally non-binding Global Compact for Safe, Orderly and Regular Migration (GCM) in 2018. All CPLP member states have voted in favour of adopting the GCM during the historic UN General Assembly vote, with the exception of São Tomé and Príncipe and Timor-Leste which did not vote. Furthermore, three CPLP member states (Portugal, Cabo Verde and Guinea-Bissau) have submitted voluntary national reports on the implementation of the GCM. In their reports, Portugal and Guinea-Bissau make references to the CPLP Mobility Agreement as instances of successful implementation of the objective on enhancing the availability and flexibility of pathways for regular migration. Also, both states mention in their reports that they have accepted to become a ‘GCM Champion country’ and to contribute to achieving the objectives of the GCM.

 

 

Mass hacking and fundamental rights: a missed opportunity for the CJEU?

Hugo Partouche, Attorney-at-law (avocat) at the Paris Bar, and Chloé Berthélémy, Senior Policy Advisor, EDRi

 

Photo credit: hacker-silhoutte, via Wikimedia commons

 

*A first version of this article was published in French by Actualité Juridique (AJ) Pénal, Dalloz Revues here.

 

On 30 April 2024, the Court of Justice of the European Union (CJEU) published its decision in the ‘EncroChat’ case.

 

The case emerged from recent European police cooperation operations against organised crime, involving the mass interception of encrypted communications by means of spyware (‘hacking’). They enabled the collection, for EncroChat alone, of millions of messages associated with 32,000 users in 122 countries, including nearly 4,600 in Germany, and leading to more than 6,500 arrests and 3,800 legal proceedings in the Union.^[1]

 

The Berlin Regional Court (the ‘Berlin court’) referred questions to the CJEU, asking whether a German European Investigation Order (‘EIO’) concerning the transmission of data collected by French investigators using hacking techniques was compatible with fundamental rights.

 

The Court's response is based primarily on the principle of mutual trust, which guarantees the effectiveness of European judicial cooperation.^[2] Unfortunately, it carefully avoids linking this decision to its case law on the rights to privacy and data protection in criminal matters developed since the entry into force of the EU Charter of Fundamental Rights (the ‘Charter’).

 

Thus, the Court considers that EU law is of very little assistance to the fundamental rights issues at stake, since the transmission of data between two Member States in the context of an EIO is subject only to the rules applicable to a similar procedure within the issuing State (here, Germany). Similarly, the proportionality of an EIO is analysed solely in light of the law of the issuing State, particularly with regard to the evidence that should be considered sufficient to order such a measure. This question is considered to be distinct from the debate on the integrity of the data before the court hearing the case, which alone is capable of assessing whether the defence is able to comment effectively on the evidence – which is an ability that EU law prescribes.^[3]

 

    1. The EncroChat investigation

 

‘EncroChat’ was a closed network of encrypted communications using modified telephones, used for organised crime, whose servers were in France. In April 2020, the French authorities set up a joint investigation team with the Netherlands, under the aegis of Eurojust, with the support of Europol, and obtained a judicial authorisation to install Trojan horse software on the servers and then directly on the terminals (the phones). The investigators informally announced via Europol's messaging system (SIENA) that they were going to intercept data located beyond their own territory. The German criminal police (BKA) expressed an interest in the data.

 

On the basis of this information, the Berlin court took the view that the investigation should be seen as a single European project with the aim of dismantling the EncroChat service and enabling criminal proceedings to be brought against all European users in their respective countries. It supports this analysis using a variety of indicators: the cooperation between France and the Netherlands starting in 2018, the support of Eurojust and Europol, the development of a complex interception technique, the prior knowledge of the German authorities that the interception would extend over its territory and, above all, the opening in 2020 of an ‘empty shell’ procedure by the Frankfurt public prosecutor's office, intended to receive information on German users, who would then be prosecuted in separate procedures on the basis of information accessed from Europol’s servers.

 

Furthermore, the technical characteristics of the hacking^[4] are not known because the method used is classified as a French national defence secret.^[5] A large part of the file is also being kept confidential by the German public prosecutor's office, which refused to inform the Berlin court of what information had actually been shared between national authorities before the interception measure was launched.^[6] Lastly, numerous errors have been identified in the data (message senders, time stamps, etc.).^[7]

 

2. The limited added value of the judgment on the data protection jurisprudence

 

According to the Berlin court, the course of the investigation suggests that the transmission of the data motivated the collection and not vice versa. With concerns, the referring court suggested that the EIO Directive could not, in such circumstances, separate collection and transmission and that only an independent court could review the proportionality of the latter. However, in the Court's view, the distinction between transmission and collection is clear and the EIO Directive is to be interpreted literally in that it subjects the admissibility of an EIO for the purposes of transmission solely to the law of the issuing State (§92), so that a German public prosecutor may be regarded as competent (§77).

 

The Court did not take the opportunity offered to draw on its own case law relating to Directive 2002/58, known as the ‘ePrivacy’ Directive, interpreted in the light of the Charter (in the context of mass data retention). (See, for example, the judgments in Prokuratuur and La Quadrature du Net and others). Indeed, the retention of and access to telecommunications data are both data processing operations involving serious interference with the fundamental rights to respect for private life and to the protection of personal data. This means that they are subject to EU law criteria, independently of national rules, in particular with regards to the control of proportionality and to the competent authority.

 

The Berlin court noted that the infringement of rights was even more serious in the EncroChat case because of the collection of the content of communications, which is considered sensitive, the long collection period, the massive and indiscriminate nature of the targeting without any specific and individualised suspicion and the immediate collection by law enforcement authorities without any action on the part of the service provider.

 

However, the CJEU refuses to follow this reasoning and to transpose its own criteria in the data protection field to a transfer of data between law enforcement authorities. For the Court, the logic of European judicial cooperation takes precedence over the protection of privacy when the competent authority is dealing with another judicial authority and not with a telecommunications operator.^[8] As a result, there is a risk of a significant disparity between the levels of protection and guarantees afforded to different data processing operations during a cross-border telecommunications interception operation.

 

The laundering of EncroChat data from its original controversial method of collection is of importance in the current debate at EU level on the (illegal) use by several Member States of spyware such as Pegasus and Predator, and their compliance with EU law. The technical characteristics and practical impact on privacy of the Trojan Horse software used to target EncroChat bear many similarities to these contentious spywares. The European Data Protection Supervisor is even of the view that they threaten the very essence of the right to privacy and would therefore be contrary to EU law. As modern state hacking techniques became ever more intrusive, the adequacy of current European instruments for police and judicial cooperation to preserve fundamental rights can be reasonably put into question.

 

It is also regrettable that the conditions under which EncroChat data is stored by the national authorities and by Europol are not mentioned. Such storage constitutes an autonomous infringement of fundamental rights. This question is all the more relevant as the 2022 reform of Europol's mandate allows the agency to derogate exceptionally from its own data protection rules to process large datasets (e.g. data collected in bulk) and authorises the long-term storage of investigative data. This enables Europol and investigating authorities to regularly draw on databases without, however, having to demonstrate the existence of concrete evidence of individualised suspicions, or to comply with the requirements of necessity and proportionality.

 

3. Minimum review of proportionality and right to a fair trial

 

To assess the proportionality of the EIO measure, the Berlin court asks the CJEU to assess the related infringements of procedural rights.^[9]

 

With regard to the right to privacy, the Berlin court held that in order for an EIO ordering the transmission of data to satisfy the conditions of necessity and proportionality set out in the EIO Directive, it is not sufficient to have evidence of multiple offences committed by unidentified persons.

 

The Court replied that: ‘By using the terms “under the same conditions” and “in the context of a similar national procedure”, Article 6(1)(b) of Directive 2014/41 [the EIO Directive] makes the determination of the precise conditions required for the issuing of a European investigation order depend solely on the law of the issuing State’. It concludes that, if the law of the issuing State makes the transmission of data subject to the existence of concrete indications that the person being prosecuted has committed serious offences or to the admissibility of the evidence, the adoption of an EIO is subject to those same conditions. It can be inferred from the request for preliminary ruling that the Berlin court holds that very position, whereas other German courts don’t.

 

With regard to the right to a fair trial, the Berlin court asked the Court of Justice whether the principle of proportionality precluded the issuing of an EIO where the integrity of the data obtained could not be verified because of the confidentiality of the technical bases, and the defence might not, for that reason, be able to comment effectively on that data in subsequent criminal proceedings. The Court replied that it follows from Article 4 of the EIO Directive that the necessity and proportionality of the measure are to be assessed in the light of the law of the issuing State. The Court explains that if the transmission of evidence were to appear either disproportionate or not in conformity with the framework of the ‘similar’ national proceedings, the consequences would be those of national law (§103).

 

However, and it may be one of the most important contributions of this judgment to the many ongoing EncroChat proceedings across Europe, the Court reasserts that if a party ‘is unable effectively to comment on evidence which is capable of having a preponderant influence on the assessment of the facts, that court must find that there has been a breach of the right to a fair hearing and exclude that evidence in order to avoid such a breach.’ (§105).

 

Unfortunately, the CJEU refuses to outline an enhanced control, whether substantive or procedural (§89), in the area of technically complex cross-border investigative measures. It limits the control on this point to the question of judicial review of compliance with fundamental rights provided for in Article 14 of the EIO (§§101 et seq.).

 

However, the Berlin court’s questions seemed particularly relevant on two fronts. First, it follows from the Court's case-law that the practical ease of an interference is not sufficient to make it proportionate.^[10] Secondly, the limitation of a Charter right, while presumed proportionate, ‘may prove to be disproportionate if the criteria governing it are imprecisely drafted and if they do not lay down genuinely objective and controllable conditions’.^[11] These concepts are not used in the judgment.

 

The Court's reasoning, however unsatisfactory in its minimalism, is not surprising: it seizes every opportunity to defend the principle of mutual trust rather than to seek in the Charter the elements for a full review of the implementation of judicial cooperation tools. And for good reason: that is the inherent logic of these tools.

 

However, the complexity of the EncroChat investigation had given the opportunity to the Court to develop its case law. The Court started applying in the Aranyosi and Caldararu case what some commentators have described as the principle of acquired mutual trust rather than blind mutual trust,^[12] particularly with regard to the risk of forum shopping.

 

4. Wilful blindness to the risk of forum shopping?

 

In the Court's view, the singular structure of the investigative measures does not present any particularity of relevance to the EIO Directive.

 

Although it acknowledges that the data was collected on behalf of Germany and on its territory, the Court does not explain why it completely rules out the risk that Germany might have opportunistically subcontracted the collection to France where data interception is less regulated. In the Court's view, the EIO Directive does not take into account the location of the data collection (§98). This allows the Court to not assess the risk of forum shopping, that implies taking advantage of the difference in rules between collection and transmission in the State where the data are collected (here, Germany).

 

In those circumstances, it is particularly surprising that the judgment states, without giving any reasons, that ‘in the present case, it does not appear that the purpose or effect of the collection and transmission, by means of a European Investigation Order, of the evidence thus collected was such circumvention, which it is for the referring court to ascertain’ (§97). The Court is ruling on a point that it considers to be outside its purview.

 

However, the Berlin Court was rather clear about the genuine risk of circumvention, particularly since it would have been more logical for an EIO to have been issued prior to collection and, in such a case, the authorisation of an independent court would have been required under German law (on the basis of the CJEU judgment of 16 December 2021, Spetsializirana prokuratura (Traffic and location data)). The referring court therefore finds itself on the receiving end of a paradoxical answer to its question.

 

The Court's ambivalence stems from its overreliance on the principle of mutual recognition in this context. This principle, which is itself based on mutual trust, justifies that the referring court is not authorised to review the validity of the procedure by which an EIO was issues to the executing State for the purpose of transmission (§§99-100). This was the Advocate General's position, according to whom the ‘interception took place independently of the EIOs at issue’ (paras 15-16 of the opinion).

 

As said, however, it was specifically questioned in cases where mutual trust, instead of merely facilitating cooperation between two States, serves as a screen for opaque police strategies. No control over such strategies and their impact on fundamental rights would therefore come directly from EU law, despite the fact that EU law has been able to act as a bulwark against the protection of privacy in relation to new technologies.

 

Could it be that the Court has missed its appointment with complex and new technical issues destined to change the economics of European judicial cooperation?

---

[1]https://www.europarl.europa.eu/RegData/etudes/ATAG/2022/739268/EPRS_ATA(2022)739268_EN.pdf  The spyware made it possible to intercept their traffic and location data, as well as the content of communications, including those stored on the devices prior to the operation. Given the massive scale of the data extraction, many lawyers have publicly questioned the lawfulness of the data interception measures, as well as the reliability and admissibility of the resulting evidence: https://www.computerweekly.com/news/252526497/Dutch-lawyers-raise-human-rights-concerns-over-hacked-cryptophone-data

       https://www.fairtrials.org/articles/news/encrochat-hack-fair-trials-denounces-lack-of-transparency-and-oversight/

[2]The Court has vigorously defended this principle because of its role in European integration, allowing only exceptional circumstances to derogate from it. See also: https://www.eurojust.europa.eu/20-years-of-eurojust/recent-jurisprudence-cjeu-judicial-independence-and-european-arrest-warrant

[3]Note D. Berlin, La Semaine Juridique Edition Générale n° 19, 13 May 2024, act. 606.

       Note V. Barbault, Lexis « EncroChat : précisions de la CJUE sur la transmission et l'utilisation de preuves dans les affaires pénales transfrontalières »

[4]But also the storage, allocation and filtering of data by the French authorities or by Europol.

[5]French law provides minimal control over hacking measures, as demonstrated by Decision no. 2022-987 QPC of April 8, 2022 (M. Saïd Z. ), dealing in particular with the provisions of article 706-102-1 of the French Code of Criminal Procedure, and a ruling by the French Supreme Court (Cour de cassation) on the nullity of interception and capture operations carried out on the basis of this same text, as well as on the failure to include the master procedure in the proceedings (Crim. October 11, 2022, no. 21-85.148).

[6]The Berlin Court explains that this opacity explains a divergent decision by the Federal Court of Justice on March 2, 2022.

[7]For a technical analysis of the practical impossibility of effectively commenting on the data and possible errors: V. R. Stoykova, Encrochat: The hacker with a warrant and fair trials?, Forensic Science International: Digital Investigation 46 (2023) 301602

[8]H. Christodoulou, Issuance of a European investigation order for the transmission of telecommunications data possessed by the executing State: sufficiency of the prosecutor's control, CJEU Apr. 30, 2024, aff. C-670/22, Dalloz Actualité, 31 May 2024

[9]It is regrettable that the Berlin Regional Court did not use Article 52(1) of the Charter, which is intended to verify that the infringement of a fundamental right does not affect the essence of that right, which in principle takes precedence over the examination of the necessity and proportionality of the interference.

[10] P. Gilliaux, Droit général des droits fondamentaux de l’Union européenne, Bruylant, 2024, §770

[11]Ibid. §784.  In this respect, by submitting such a complex investigative technique to the Court for the first time, the Encrochat case could have provided an opportunity to reinforce the standard of equality of arms by abandoning the idea that it is sufficient for the defendant to be able to "comment" on information from investigations carried out by foreign authorities.

[12] V. Mitsilegas, Trust (2020) German Law Review 69. This consideration is not, however, absent from the decision, which recalls that the presumption of respect for fundamental rights in the executing State is rebuttable (§99).

“Good IED !” - The CJEU Grand Chamber “Ilva” judgment : a Kirchberg view of conciliating environmental law and human rights

 

 

Jacques Bellezit, University of Strasbourg (France)

 

Photo credit: mafe de baggis, via Wikimedia Commons

 

If one wants to trace back the history of European construction, it would necessarily have to mention the European Coal and Steel Community (ECSC). Inspired by the Schumann Declaration of May 9th 1950, it was the first attempt to put in a common market, strategic materials (coal and steel). This was done in order not only to enhance European post-war reconstruction but also to impede re-weaponization policies on both side of the Rhine, in the first years of the Cold War.

If the ECSC now belongs to history, and the use of coal is (theoretically) aimed to follow the same path under environmental treaties (such as the Paris Agreement), steel production can always be an issue in EU aw, especially under Directive 2010/75/EU of the European Parliament and of the Council of 24 November 2010 on industrial emissions (integrated pollution prevention and control  (“The IED”). 

This was the case with the Italian Ilva SpA factory, which has led to the 25/06/2024 CJEU Grand Chamber judgment in case C‑626/22, C.Z. and Others v Ilva SpA in Amministrazione Straordinaria. 

 

I) Facts and background of the case

 

The Ilva SpA steel producing plant (ISSPP) is located in the city of Tarantino (Italy) and is one of the major steel factories of the region : AG Kokott recalls in her Opinion (point 49) that the ISSP “ is the largest industrial steelworks complex in Europe, covering an area of roughly 1 500 ha and employing around 11 000 workers” in 2019. She also reminds the reader that “the Italian State still holds almost 40% of the shares” in Ilva  and “exerts particular influence” on it (point 64 of the Opinion).

Neighbours and residents of Tarantino and nearby cities seized the Milano district court for violation of their right to health, their right to peace and tranquillity in the conduct of their lives and their right to a clean climate, due to the activities of the ISSPP. 

If the ISSPP was unknown to the Kirchberg’s judges in the CJEU before the present case, the European Court of Human Rights, on its side, was very familiar with this facility. Indeed, the Strasbourg Court has condemned Italy for violations of articles 8 (right to private life) and 13 of the European Convention of Human Rights (right to effective remedies) due to Italian management of the ISSPP:

- on the part of 161 neighbours of the facility (ECHR 01/24/2019 Cordella and others v Italy)
- on the part of 39 of its current or former employees (ECHR 5/5/2022 Ardimento and others v Italy)

- on the part of 3 former employees (ECHR 5/5/2022 Briganti and others v Italy) 

All of these applicants have suffered from occupational or environment-caused conditions (such as cancers) due to exposure to toxic rejects of SO² (Sulphur dioxide) and  PM10 particulate matter emitted by the ISSPP. These rejects were consistently assessed during twenty years, by several scientific reports, from both national and international specialists between 1997 and 2017 (§13 to 31 of the Cordella judgment).

 

IED provisions and the case of the Ilva factory

Under Italian law, the IED provisions were transposed through the Legislative Decree No 152 on Environmental rules of 3 April 2006.

In 2012, the Taranto District Court ordered a provisional seizure “of the equipment of the ‘hot zone’ of the Ilva plant and all Ilva’s materials” stopping the production (Point 27 of the Ilva judgment). To counter this Order, the Italian authorities adopted several regulations, from 2012 to 2016, creating a tailor-made, sui generis legal regime aiming to maintain the ISSPP’s activities (points 27 to 35 of the Ilva judgment): 

- the ISSP was classified as “‘plant or facility of strategic national importance’”, so the “Minister for the Environment and the Protection of the Land and Sea may, when the Integrated Environmental Permit is reconsidered, authorise the continuation of the activity in question for 36 months” under the previous permit;

- the facilities were under the control of “provisional administrators designated by the government”;

- several deadlines for environmental rehabilitation plans of the facilities were rescheduled;

- in 2016 and in the frame of the ISSPP’s cession of shares to ArcelorMittal, the Environmental Impact assessment (EIA) regime was replaced by an ad hoc “Decree of the President of the Council of Ministers, which was to be regarded as constituting an Integrated Environmental Permit”.

II) Procedure and preliminary ruling of the CJEU

 

In the current CJEU case, residents and neighbours of the ISSPP seized the Milano District Court of a class-action request for “an injunction in respect of the operation of the installation or at least parts thereof to protect their rights to health, to peace and tranquillity in the conduct of their lives and to the climate. In their view, those rights have been very seriously affected for decades by the operation of the steelworks” (point 46 of the “Ilva” judgment). 

The CJEU, after having dealt with an admissibility issue that we will exclude from the present analysis, was sent a request for a preliminary ruling request with 2 questions: 

- Does Directive 2010/75, read in the light of Article 191 TFEU, must be interpreted as meaning that the Member States are required to impose a prior assessment of the effects of the activity of the installation concerned on the environment and on human health as an integral part of the procedures for granting or reconsidering a permit to operate such an installation under the directive ? 

- Must Directive 2010/75 be interpreted as meaning that, for the purposes of granting or reconsidering a permit to operate an installation under that directive, the competent authority must take into account, in addition to the polluting substances that are foreseeable having regard to the nature and type of industrial activity concerned, all those polluting substances which are the subject of emissions scientifically recognized as harmful which result from the activity of the installation concerned, including those generated by that activity which were not assessed during the initial authorisation procedure for that installation?

  

The CJEU preliminary rulings

The CJEU Grand Chamber rules that  the IED Directive « read in the light of Article 191 TFEU and Articles 35 and 37 of the Charter of Fundamental Rights of the European Union »   must be interpreted as meaning that:

- Member States are required to provide that the prior assessment of the effects of the activity of the installation concerned on the environment and on human health must be an integral part of the procedures for granting or reconsidering a permit to operate such an installation under that directive;

-  for the purposes of granting or reconsidering a permit to operate an installation under that directive, the competent authority must take into account, in addition to the polluting substances that are foreseeable having regard to the nature and type of industrial activity concerned, all those polluting substances which are the subject of emissions scientifically recognised as harmful which are liable to be emitted from the installation concerned, including those generated by that activity which were not assessed during the initial authorisation procedure for that installation;

- it precludes national legislation under which the period granted to the operator of an installation to comply with the measures for the protection of the environment and human health provided for in the permit to operate that installation has been repeatedly extended, whereas serious and significant risks to the integrity of the environment and human health have been identified. Where the activity of the installation concerned presents such risks, [...] in any event, that the operation of that installation be suspended.

 

III) Analysis

If the Ilva Grand Chamber judgment condemns specific regimes such as the one tailor-made for the case’s steelworks activities, it nevertheless extends in a pretorian way, the field of the IED.

The Luxembourg Court does not only states that environmental impact assessments are an “integral part of the procedures” of granting or re-considering permits for IED’s facilities, but also extends the frames of the these assessments by including “polluting substances which are the subject of emissions scientifically recognized as harmful which are liable to be emitted from the installation concerned” and not only foreseeable ones. 

This extension is motivated by the protection of health and environmental, in accordance with Articles 35 and 37 of the Charter of Fundamental Rights of the European Union; but it might put a burden on national EIA authorities.

If the hazards of polluting substances can be determined especially in regard to relevant ban-conventions or EU Law (ex the 2001 Stockholm Convention on Persistent Organic Pollutants, enforced in EU law by Regulation (EU) 2019/1021 of the European Parliament and of the Council of 20 June 2019 on persistent organic pollutants (recast)), the presence of such polluting substances on a designated industrial site as well the impact of this presence on human health, might be a scientific and legal challenge.

So as EIA authorities are now required to examine substances “which are liable to be emitted”, it would expand the weight and the complexity of EIA documents. 

Meanwhile, treaties such as the Aarhus Convention on access to information, public participation in decision‐making and access to justice in environmental matters require “environmental information [to be] available to the public [...] transparent and […] effectively accessible” (Article 5§2 of the Aarhus Convention). Conciliating the right to environmental information with the complexity of the matter is a conundrum, as even lawyers and judges are “unable to, on their own,  to assess and weigh complex scientific evidence” in environmental matters (cf. Point 4 of the Joint dissenting opinion of Judges AL-KHASAWNEH and SIMMA  under the 2010 ICJ “Pulp Mills on the River Uruguay” judgment).

The Italian authorities, by organizing an ad hoc legal regime for the Ilva factories, have also contributed to create this legal, political and scientific muddle, even if it was in order to keep jobs in an economically stricken area.

How would it be possible for the common man, the one the Clapham omnibus, to deal with such information in a “transparent” and “effectively accessible” manner? Especially if this man suffers from pollution-induced conditions.

The “Ilva” case is, according to a French ecologist newspaper, “an ecological monster [or] […] an ecological bomb”, dealt twice by the Strasbourg Court and now by the CJEU Grand Chamber. 

Would it be sufficient to avoid further pollution? Probably not.

Would it be enough to relieve the victims of such pollution? Certainly not. 

However, with the “Ilva” judgment, the CJEU gives an example of the way IED’s provisions have to be conciliated with the EU Charter of Fundamental Rights.

Such conciliation between Human Rights law and Environmental law was previously established by the ECHR’s Grand Chamber “Klima v Switzerland” judgment (in the field of climate change) and the CJEU cannot not ignore such conciliation anymore due to the authority it grants to its Strasbourg counterpart.

 

The Ilva judgment, a step closer in Strasbourg-Luxembourg dialogue?

 

Indeed, since 1970 and the CJEU “Nold” judgment, the Court recognizes that “international treaties for the protection of human rights on which the Member States have collaborated or of which they are signatories, can supply guidelines”, and chiefly the European Convention of Human Rights.

If the “principle of equivalence” in protection of human rights between the ECHR and EU legal systems was recognized by Strasbourg judges (in cases “Bosphorus Airways v Ireland” and “Avotins v Latvia”), the CJEU was more reluctant to follow its Strasbourg counterpart, wanting to preserve its authority over EU Law interpretation (cf. the CJEU Full Court Opinion 2/13 of 2014). 

However, in the present case, the Luxembourg Court takes into consideration the previous cases by the Strasbourg Court rendered on the “Ilva” issue. 

Might this consideration be a paving stone to the road leading to a EU membership of the European Convention of Human rights? Maybe. 

But one has to never forget that is road is not a “yellow brick road” any more, as some of its cobbles are now tainted by the “Ilva” steelworks’ polluting substances, and dampened by the tears of the victims.