New rules on contracts for the supply of digital content and digital services3 June 2019
The new directive concerning contracts for the supply of digital content and digital services (”Directive”) will come into force on 11 June 2019. Member States are required to transpose the provisions of this Directive in their national law by 1 July 2021.
The Directive intends to harmonize the contract rules for the supply of digital content or digital services, the rules governing the quality of such products and services and the key contractual rights of the consumers.
The provisions of this Directive shall apply both to (i) contracts where the consumer pays or undertakes to pay a price in order to receive digital content or digital services, and to (ii) contracts where the consumer provides or undertakes to provide personal data to the trader as consideration for the digital content or digital services, for purposes other than that of supplying the digital content or digital service or for allowing the trader to comply with legal requirements to which it is subject (without considering at this time whether such a practice complies with the provisions on data protection).
The trader’s obligation to provide shall be considered fulfilled when the digital service or the digital content is made available or accessible to the consumer or can be accessed through a physical or virtual facility chosen by the consumer for that purpose. The digital content and the digital services must meet the subjective and the objective requirements for conformity with respect to their characteristics, the intended use, the existence of all accessories and instructions, but also of the necessary updates for good functionality of the digital content or of the digital service.
A relevant criterion for the assessment of the objective requirements for compliance regards the purpose for which digital content or a digital service of the same type would normally be used. Conformity is also verified in relation to what the consumer reasonably expected to receive. The standard of reasonableness shall be determined „having regard to the nature and purpose of the digital content or digital service, the circumstances of the case and to the usages and practices of the parties involved”.
For example, if a data encryption software does not provide the security of personal data and discloses it to unauthorized recipients, violating the provisions of the GDPR, it means that the digital content fails to fulfil its purpose of secure transfer of personal data from consumers to intended recipients and therefore lacks conformity. If instead of the data encryption software, the consumer downloads a movie, claiming afterwards that the actors, soundtrack or even the action within the movie are not as expected, the consumer does not have remedies in such a situation with a purely subjective character. This is not a lack of conformity that can be based on the reasonableness principle.
If the consumer, at the conclusion of the contract for the supply of digital content or digital service, has been explicitly informed by the trader that a certain feature of digital content or digital service deviates from the objective requirements for conformity, and has expressly and separately accepted this deviation, this shall not be considered as a lack of conformity.
The trader is not liable for any lack of conformity resulting solely from the lack of the relevant update if the consumer has been informed with respect to the consequences of the failure of the consumer to install the updates or if the update was not possible due to another reason than that of shortcomings in the installation instructions provided by the trader.
If the digital content or the digital service does not meet the requirements for conformity, the consumer has the following remedies:
- the right to have the digital content or digital service brought into conformity;
- the right to receive a proportionate reduction of the price; or
- the right to terminate the contract.
Where, in return for the provision of digital content or digital services, the consumer has provided or has undertaken to provide personal data, the consumer may terminate the contract if the lack of conformity is also minor, due to the fact that, in this case, the consumer cannot obtain a proportionate reduction in the price.
If a contract provides for a single act of supply or a series of individual acts of supply, the trader is responsible, in principle, for any act of failure to supply that exists at the time when this obligation should have been fulfilled. For the trader to be held liable, the lack of conformity must become apparent within a period that shall not be less than 2 years from the time of supply. In case the lack of conformity becomes apparent within a period of 1 year from the time when the digital content or digital service was supplied, the trader shall have to prove the conformity of the digital content or of the digital service. If the contract provides for a continuous supply over a period, the trader shall be liable for any failure to supply that becomes apparent within that period.
The question of the validity of contracts where the consumer provides or undertakes to provide personal data to the trader in order to receive digital content or digital service is however left to the national law.
You can read and download this legal alert in PDF format right here.
 Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services, published in the Official Journal of the European Union, L 136 dated 22 May 2019.
 The Directive defines the term trader as “any natural or legal person, irrespective of whether privately or publicly owned, that is acting, including through any other person acting in that natural or legal person’s name or on that person’s behalf, for purposes relating to that person’s trade, business, craft, or profession, in relation to contracts covered by this Directive”.
 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC („General Data Protection Regulation” or „GDPR”).