Personal data as the currency of the 21st century

Various business models have been developed to obtain information in the form of personal data. One example of this is the offer of supposedly “free” digital goods and services. In return for participating in a competition or downloading an e-book or an app, the data subjects share personal data and consent to their use for advertising purposes, for example in the form of a newsletter. The constellation “data in return” is in future also expressly provided for in the German Civil Code as a new type of contract. On January 1st, 2022, various changes in the law for the implementation of the European Digital Content Directive (EU) No. 2019/770 (hereinafter “DIDRL”) come into force, which are important for providers of digital products in the broadest sense.

The background to the reforms is the DIDRL, the aim of which is to strengthen the digital single market and consumer rights in the European Union. The scope of application of the directive are contracts between entrepreneurs and consumers on digital content or digital services. The aforementioned terms are interpreted broadly and include, for example, the offering of software solutions, hosting services, e-books, apps or e-bikes.

The European Goods Sale Directive WKRL – (EU) No. 2019/711 is also of importance in this regulatory context.

A major change to the implementation of the DIDRL is the addition of Section 312 Paragraph 1 a BGB and Section 327 Paragraph 3 BGB. Accordingly, consumer protection law should be applicable if “the consumer provides the entrepreneur with personal data or undertakes to do so”. This does not apply if the processing of personal data is necessary in order to provide its service or to fulfill another legal obligation.

With the changes in the law, a new digital contract law will be introduced. This can be found above all in § 327 BGB or in §§ 327a-u BGB as well as in §§ 455c BGB and 475a BGB. Contract and consumer law on the one hand and data protection law on the other should be assessed independently of one another and yet form a unit.

The decision to introduce a new type of contract in Section 312 (1) a of the German Civil Code (BGB) has now made it explicitly clear that the provision of personal data is a suitable and permissible consideration. In the past it has been discussed whether the data protection law coupling prohibition according to Art. 7 Para. 4 GDPR contradicts this. It is currently also represented (see judgment of the Frankfurt Higher Regional Court of June 27, 2019 – 6 U 6/19) that a link between a service and processing of personal data that is not absolutely necessary is permissible under certain conditions. However, the consent given must be clear, voluntary and verifiable. In this sense, the amendment to the law that has been adopted corresponds to current practice in this area and brings more protection for consumers and more clarity for providers of digital products and services.

 

If you have any questions about paying with data or other data protection issues, simply contact us here!