In its judgment of 25 January 2017 in a case (C- 375/15) opposing BAWAG, an Austrian bank and VKI, an Austrian consumer organisation, the Court of Justice of the European Union ("CJEU") answered the question whether payment service providers may notify their users of any contractual changes via the electronic mailbox of client-dedicated e-banking web space.
The CJEU ruled that the communication of contractual changes via a message to such integrated mailbox without any supplementary communication, for example, via a message sent to the personal private e-mail of the client or per sms informing him/her that a message has been sent to the e-banking mailbox, is insufficient within the context of the Payment Services Directive 2007/64/EC.
Other EU consumer acquis directives (e.g. the Consumer Rights Directive 2011/83/EU) have the same or similar requirements for the provision of some categories of information so that this judgment will also have an impact on mailbox solutions embedded in client-dedicated web spaces for other services than e-banking.
The Payment Services Directive 2007/64/EC requires that:
- some information, such as contractual changes, must be "provided", which requires an active and effective notification.
According to the CJEU this is not warranted by sending a message to an e-mail box integrated in a dedicated e-banking web space, but instead by sending a message to a means of communication that the client usually uses with persons other than that payment service provider.
- some information, such as contractual changes, must be provided on a "durable medium", which means that it must allow the client to store information addressed to him/her personally in such a way that he/she may access and reproduce it unchanged for an adequate period ("storage requirement"), without any unilateral modification of its content by that service provider or by another professional being possible ("integrity requirement").
The CJUE interprets the integrity requirement in a way that any possibility that the payment service provider or another professional to whom the management of that site has been entrusted could change the content unilaterally, must be excluded.
Whether this requirement was fulfilled in the case at hand was left to the referring Austrian court. The Advocate-General to the CJEU was more specific and stated that a mailbox hosted and administered by the payment service provider is unlikely to comply with the integrity requirement, since it is technically under the control of the payment service provider.
The Advocate-General, however, also pointed out that such mailbox could also be seen as a kind of gateway for the provision of information and documents whereby the payment service provider could assure their integrity by communicating them via an electronic format which prevents alterations, guaranteeing a reasonable degree of authenticity of the information, if later potentially relied upon by the customer.
So when considering the integrated mailbox as a gateway rather than an information storage means, the integrity requirement could be complied with even when the mailbox is under the technical control of the payment service provider. However, in this case the "storage requirement" must also be respected and thus even when the storage does not take place in the integrated mailbox. The storage requirement can in this scenario be met when the storage possibilities are brought to the attention of the customer via a user-friendly interface set up in a way that it will lead the consumer almost certainly to either secure the information on paper or to store it on another durable medium (hard disk, CD-Rom,…).
Not only payment service providers should take note of this judgment, but also online providers of goods and services to consumers, insurance intermediaries and others. Indeed, many other EU consumer acquis directives have the same or similar requirement to "provide" some categories of information on a "durable medium" so that this judgment will also have an impact on mailbox solutions embedded in client-dedicated web spaces for other services than e-banking. The directives concerned are, amongst others:
- the Consumer Rights Directive 2011/83/EU which in the context of off-premises contracts and distance contracts imposes the formal requirement of provision of the required information and contract to consumers on a durable medium;
- the Distance Marketing Directive of Consumer Financial Services 2002/65/EC which imposes the prior provision, meaning before the consumer is bound by any distance contract or offer, of the required information to the consumer on a durable medium;
- the Insurance Distribution Directive 2016/97/EU which imposes insurance intermediaries to, prior to the conclusion of any initial insurance contract, provide the customer with certain information on a durable medium;
- the Consumer Credit Directive 2008/48/EC which imposes the prior provision, meaning before the consumer is bound by any credit agreement or offer, of the required pre-contractual information on paper or on another durable medium; and
- the Markets in Financial Instruments Directive 2014/65/EU ("MiFID II") which, amongst others imposes the provision on a durable medium within the framework of reporting and prior advisory obligations towards clients.