DP News – Week 12. CJEU expects claims related to the Digital Markets Act, Romanian court refers ePrivacyDirective issues to the CJEU.

Marc van der Woude, the president of the General Court of the Court of Justice of the European Union, expects legal challenges to the Digital Markets Act by the end of 2023. “Probably the end of this year, beginning of next year we might see the first cases and I don’t think it will stop”, he says.

The Digital Markets Act (DMA), which became effective in November, will categorize online platforms as gatekeepers if they meet specific requirements, including having more than 45 million users. Gatekeepers are companies that have control over data and platform access. The DMA imposes a set of obligations on these gatekeepers, such as ensuring that their messaging services are interoperable, and prohibiting certain actions, such as favoring their own products and services on their platforms. Among big techs previously voicing concerns about DMA are Apple and Google, and now they can bring complaints against the status of ‘gatekeeper’ as such and associated requirements.

***

In Romania, the Bucharest Court of Appeal referred to the CJEU several questions related to the understanding of several concepts under the ePrivacy Directive – namely, “in the context of the sale of a product or a service” and “direct marketing of its own similar products or services” (Article 13(2) of the Directive).

In the considered scenario, a user created a free account with a website and subscribed for daily newsletters to be freely accessed with that account, and he also set up paid access to additionally receive some materials available for payment. When setting up his account, the user provided the website with his email address.

Among the questions referred, the most intriguing are probably the following ones:
1) within the meaning of Article 13(2) of the ePrivacyDirective, was the user’s email address obtained by the website “in the context of the sale of a product or a service”, and whether the delivery of newsletters constitutes “direct marketing of its own similar products or services”;
2) If yes, what would be the appropriate legal basis (as per the GDPR Article 6) for the website to choose in such a case.

In our view, applying the rule of law to the circumstances as specified above, the answer to Q1 should be “yes”, while ‘legitimate interest’ may work as the legal basis in this scenario (not to forget about the requirement to conduct a ‘legitimate interest assessment’ before the data processing starts).