Prohibition of online advertising in a list of e-mails or messages – a misstep by the CJEU?
26/11/2021

When submitted a request for a preliminary ruling, the Court of Justice of the European Union (CJEU) is expect to answer questions – not raise too many new ones. Unfortunately, a judgment on online advertising of 25 November 2021 appears to miss the mark in this respect.

The StWL v. eprimo case concerns the question of spam (unsolicited commercial communications) and how far the rules extend.

On a free ad-supported e-mail service, users were shown adverts to support the service financially (a paying version was also available, without ads). While ads sometimes appear in banners or pop-up windows, the ads that were the subject of this particular case appeared in the list of e-mails, between e-mails received. Imagine an inbox with a structure such as this: (i) e-mail 1, (ii) e-mail 2, (iii) ad, (iv) e-mail 3, etc. The content of the ad looked like an e-mail, other than the fact that there was no date.

The CJEU was asked to see whether this is spam, i.e. an unsolicited commercial communication prohibited under the ePrivacy Directive (2002/58/EC).

Legal context: the anti-spam rules

Article 13(1) of the ePrivacy Directive contains a prohibition of spam: "The use of […] electronic mail for the purposes of direct marketing may be allowed only in respect of subscribers or users who have given their prior consent". "Electronic mail" itself is defined as "any text, voice, sound or image message sent over a public communications network which can be stored in the network or in the recipient's terminal equipment until it is collected by the recipient" (Art. 2(h) ePrivacy Directive).

Recital 40 of that Directive gives further context, saying that "Safeguards should be provided for subscribers against intrusion of their privacy by unsolicited communications for direct marketing purposes in particular by means of […] e-mails […]. These forms of unsolicited commercial communications may on the one hand be relatively easy and cheap to send and on the other may impose a burden and/or cost on the recipient".

In other words, there must be a commercial communication, it must be made using certain kinds of means (in particular electronic mail, which can include e-mail but e.g. also direct messaging, SMS etc.) and it must be unsolicited in order to be prohibited.

Is such an ad "electronic mail"?

In the present case, the Court considered that the ad was sent by way of electronic mail – one of those means of commercial communication – despite the fact that no e-mail was actually sent to the user. Why?

The Court gave the following reasons (paragraphs 38-45):

  • From the perspective of the user, the ad is displayed in a space normally reserved to private e-mails, and the user can only "liberate" that space to get an "overview" of his/her exclusively private e-mails after verifying the content of the ad and actively deleting it;
  • Contrary to ad banners and contextual windows, which appear in the margin of the list of the private messages or separately from them, the appearance of ad messages here "prevents access" to those e-mails "in a manner analogous to that used for unsolicited e-mails (also known as "spam")";
  • There is a risk of confusion between private e-mails and these ads;
  • Because they appear in the inbox of the user, "one must consider that this inbox is the means by which the ad messages in question are communicated to that user, which implies the use of his/her e-mail for direct marketing purposes".

This reasoning is unusual and, in our view, questionable. From a technical perspective, we see no justification for treating this form of ad differently from any other kind of banner, as it follows the exact same technical process from request to display. The CJEU, however, seems to suggest that because this ad looks like an e-mail and appears among other e-mails, it falls within the scope of the anti-spam rules. Although the ePrivacy Directive's anti-spam rules are squarely based on the idea of means of communication, the CJEU suggests that the technical means do not matter, only the impression that the end-result creates.

Yet if this is spam, the CJEU's reasoning raises more questions. If a banner is above a user's list of e-mails, it inevitably forces the user to scroll down or get rid of the banner before the user can gain access to his or her e-mails. Would the CJEU consider such banners to be also spam? And if an ad gets injected between messages in a messaging service or on a private section of a web board, does that not also appear in a manner analogous to private messages and in a manner that impedes access to the next message (while also being in the "inbox" itself)?

Put differently, these paragraphs appear to be driven by the intended conclusion rather than the applicable legal principles, the impression being that the CJEU felt the need to conclude that it was spam.

Even after it has reached that conclusion, the CJEU's reasoning raises further questions.

In paragraphs 50 and 51, the CJEU states that for the application of the anti-spam rules, it does not matter whether the ad is addressed to a predetermined and individually identified recipients (= sent to user A and user B) or whether it is a "massive and random" dispatch to multiple recipients (= sent to X people through an ad network). "What matters is that there is a communication for a commercial purpose that reaches directly and individually one or several users of electronic mail services by being inserted in the inbox of the e-mail account of these users", says the CJEU. This implies that any form of advertising, whether it is a contextual banner or personalised advertising, is spam if it appears in the inbox.

We cannot help but wonder whether this creates an unfortunate excuse for authorities to consider that any digital advertising solution should require consent under the anti-spam rules, as soon as the end-result is likely to appear in relation to electronic mail. If the CJEU considers that what matters is not how the ad reaches the user but where it appears, then any e-mail or messaging service provider could potentially be required to obtain consent on behalf of third parties to the adverts they will display, before those adverts can be shown. While the CJEU does seem to tie its peculiar reasoning to the fact that the ads appear "in the inbox", who knows how far authorities will try to stretch the idea?

3 ads in 35 days – "persistent and unwanted solicitations"?

One other consequence of the classification of such ads as "electronic mail" is that it becomes very easy for competitors to obtain a cease-and-desist order against any advertiser whose ads are shown through such a mechanism.

The Unfair Commercial Practices Directive (2005/29/EC) prohibits aggressive commercial practices such as "[m]aking persistent and unwanted solicitations by telephone, fax, e-mail or other remote media". Ads are inevitably "solicitations", and e-mail is part of the list of means of making such solicitations. Because the CJEU considered that these were "electronic mail" and the CJEU links the "unwanted" criterion to the requirement of consent under the anti-spam rules, the only question was whether the ads were "persistent".

In the present case, the users in question had "received" such ads three times over the course of 35 days, and the CJEU considered that this was sufficient to meet the requirement for "persistent" solicitations. In a telemarketing context or real e-mail advertising context, the CJEU's approach makes perfect sense. In the world of online advertising, though, this appears to be highly restrictive. Using the instant messaging example highlighted earlier, it is not uncommon for users of social media, web boards or messaging services to see the same ad regularly. Would two ads during a same week (let alone on the same day) then be "persistent"?

Conclusion (based on the above)

At a personal level, we find the CJEU's judgment very unfortunate, as it appears to have glossed over the actual purpose of the legislation and looked only at the impression given to the user, not the underlying means used for presenting an ad. This leaves a sour taste of subjectivity where we would have expected an objective approach.

It raises important questions for the commercial viability of ad-supported communication services. When does an ad "prevent access" to messages? When does an ad seem to be "in the inbox", and how big is the risk of a court going beyond the idea of an inbox? Will advertisers pay to show ads on such services, knowing that a court might grant a cease-and-desist order after just three displays of a same ad?

A conclusion-driven judgment is never good for legal certainty, and we fear that the CJEU's approach here could set a dangerous precedent for the world of online advertising. At least, that is what this looks like – perhaps the next online advertising case will show what the relevant means of legal reasoning should be.

The judgment is currently only available in French and in German. Any quotes from the judgment here are our own rough translation from the French version. Other linguistic versions will be available from the case file on the CJEU's website.

Peter Craddock | Brussels | +32 476 57 15 82

Voir aussi : NautaDutilh ( Mr. Peter Craddock )

[+ http://www.nautadutilh.com]


Click here to see the ad(s)
Tous les articles Droit Européen

Derniers articles Droit Européen

Priorities of the Belgian Competition Authority for 2022
20/05/2022

On 12 May 2022, the Belgian Competition Authority (the “Authority”) issued its annual communication setting ou...

Priorities of the Belgian Competition Authority for 2022 Read more

REPowerEU and the Energy Market Design – What are the plans of the EU Commission?
20/05/2022

On 18 May 2022, the EU Commission presented a plan to reduce dependence on Russian fossil fuels and fast forward the green...

REPowerEU and the Energy Market Design – What are the plans of the EU Commission? Read more

EU Commission Adopts New Rules for Distribution Agreements: What’s to Come for Distribution Rel...
18/05/2022

On May 10, 2022, the European Commission adopted the new Vertical Block Exemption Regulation (VBER) and accompanying Verti...

EU Commission Adopts New Rules for Distribution Agreements: What’s to Come for Distribution Relationships in the Digital Age? Read more

The EU nears new rules to curb unfair competition from foreign subsidies
16/05/2022

The EU is on course to secure new powers that will enable the Commission to review market-distorting subsidies from outsid...

The EU nears new rules to curb unfair competition from foreign subsidies Read more

Derniers articles de Mr. Peter Craddock

Data protection notices after the Whatsapp case: what's the message?
16/12/2021

A few months ago, the Irish Data Protection Commission imposed an administrative fine of EUR 225 million on WhatsApp Irela...

Read more

Why all companies should care about the UN's cybersecurity & software update regulations – less...
26/10/2021

Not in the automotive sector? It doesn't matter: two Regulations adopted by UNECE (a United Nations body) on cybersecu...

Read more

Belgian DPA: fines prohibited in the absence of a prior order to comply?
18/06/2021

On 26 May 2021, the Belgian Market Court handed down a decision that may lead to much commentary: it set aside a fine issu...

Read more

Insufficient cybersecurity measures under GDPR: 100k EUR fine in Belgium & key fines elsewhere
29/04/2021

On 26 April 2021, the Litigation Chamber of the Belgian Data Protection Authority (BDPA) handed down its first fine specif...

Read more

LexGO Network