Changing tides in consumer contract law

The EU’s Digital Content Directive

Up until now, German law has not provided for a binding warranty law for digital contents and services. This will change as from 2022.

EU statistics show that European consumers have been reluctant to download e-books, games or apps from foreign EU countries. Uncertainties about their own rights in the event of problems have been too great. To change this, the EU adopted the so-called Digital Content Directive (Directive (EU) 2019/770 on certain aspects concerning contracts for the supply of digital content and digital services) in May 2019. As a consequence, companies will need to adapt their distribution of digital content and services to consumers. By 1 July 2021, Germany and the other EU member states must implement the provisions of the directive into national law. The Federal Ministry for Justice and Consumer Protection has just published its draft bill for implementing the directive into German law. As of 1 January 2022, companies must comply with the uniform requirements for the distribution of digital content and services to consumers within the EU.


What is the Digital Content Directive and what are the obligations?

The Digital Content Directive will harmonize consumer contract law across EU countries. It creates binding requirements for the contractual condition of digital content and services. In addition, companies must grant consumers comprehensive remedy rights (supplementary performance, termination of contract, etc.) in the event of a lack of conformity or failure to provide the content or services.


Which contracts are affected?

The scope of the directive is wide-ranging. The following areas are covered:

  • Digital content, e.g. video and audio files, e-books, apps, games, software,
  • Digital services that allow the consumer to create, store, process or access data or to share, interact with or access data uploaded or created by other users of the service, e.g. streaming services, messenger services, cloud services, social networks and other platforms.

The directive applies not only to paid but also to free content and services if a company receives personal data from the consumer for the provision of such content and services.

The directive does not apply to smart devices whose “smart” functions are based on digital content and services. Smart TVs, smartphones and smart cars that are sold and marketed based on such functions are subject to the “Sale of Goods” Directive (EU) 2019/771 which sets out requirements for consumer contracts that are similar to the Digital Content Directive. In practice, this distinction therefore has little impact on affected companies.


Which free services and content are affected?

The directive applies to content, services or platforms for which consumers must create a user account with their personal data (e.g. name and e-mail address) or if the company collects personal data in any other way in connection with the contract conclusion. (Attention: The requirements of the GDPR must always be observed when processing personal data).

The directive provides for a few exceptions in this regard, such as

  • if only personal data is processed that is required for supplying the digital content or service or required for complying with legal requirements and the company does not process those data for any other purpose. (This exception may only apply in limited cases because companies often collect additional personal data and use collected data for further analysis, marketing or other commercial purposes.), or
  • if only metadata (e.g. device data, browser history) is collected, or
  • if the consumer, without having concluded a contract with the company, is exposed to advertisements in order to gain access to the digital content or service. This would include consent to cookies, which is requested when calling up websites.

If a user account has to be created, these two exceptions will probably be less relevant. By registering as a user, both the conclusion of a contract and the collection of data outside of metadata will occur.


What are the main requirements of the Digital Content Directive?

Digital content and services must meet both subjective and objective quality criteria:

  1. Their description, quantity, quality, functionality, compatibility, interoperability and other features must correspond to what was agreed in the contract and be suitable for the purpose agreed in the contract.
  2. They must correspond to comparable content or services on the market in terms of usability, functional, performance and quality characteristics and to the reasonable expectations of the consumer (e.g. based on advertising).
  3. Consumers must be informed of updates, including security updates that are necessary to keep the digital content or service in conformity with the aforementioned characteristics. These updates must be supplied to consumers. This also applies to a one-time provision of digital content or services.

A company is liable if its digital content and services do not meet these requirements. The consumer then has the following rights:

  • A right to supplementary performance or rectification, provided that this does not involve disproportionate effort for the company,
  • A right to a proportionate reduction of price (only for contracts against payment),
  • A right to terminate the contract. The company must first have been given the opportunity for rectification, except in the case of serious breaches of contract. For the free provision of digital content and services, companies should pay particular attention to the GDPR. Data subject rights, such as the right to erasure, the right to a restriction of processing and the right to data portability, are likely to play a role in this respect. Non-personal data that has been provided by the consumer may only be used by the company after contract termination in exceptional cases. This data must be made available to the consumer upon request free of charge and in a commonly used and machine-readable format (similar to the right to data portability that the GDPR recognizes for personal data).

The directive does not contain any provisions on claims for damages. Member States may make their own provisions in this regard.