Legal Issues Related To Business To Consumers (B2C) E-Commerce

What services may be considered as e-commerce B2C services?

E-commerce service, is any service normally provided by a trader to the consumer (B2C) under an organized distance sales or service-provision scheme, without the physical presence of the trader and the consumer and with the exclusive use of one or more means of distance communication by electronic means up to the time of the concluding of the transaction. Indicatively, e-mails, fax, internet and radio are included in the definition of distance communication by electronic means.

Certain professions and services, such as within the tax sector, or cartel agreements, notarial services and betting sites, are excluded from the current regulatory framework with regards to the electronic commerce in Greece.

In view of the above, we note that a non-public service platform, such as taxi services provided by Uber platform, shall not be considered as a B2C platform for the purposes of this analysis, since such services are promoting specific providers, prescribing the requirements of the later and establishing certain conditions for setting their payment (Case C- 434/15, Asociación Profesional Élite Taxi V. Uber Systems Spain SL).

How are B2C services regulated?

E-commerce services have been legally classified as “information society services” and they are part of the specific legal and regulatory framework of electronic commerce; Ecommerce Directive 2000/31/EC came into force in order to regulate the activity of e-commerce services providers and was transposed to Greek law by means of Presidential Decree 131/2003 and Ministerial Decision Z1-891/13.06.2013.

The general framework for the consumer protection, Law 4512/2018 and the Ministerial Decision 5338/2018 – which codified Law 2251/1994, presidential decree 150/2001 (for the electronic signatures), presidential decree 39/2001 (for the establishment of an information procedure for technical standards and regulations related to information society services), code of conduct for e-commerce by means of Ministerial Decision 31619/15.03.2017 and the provisions of General Data Protection Regulation (GDPR) – applies thereof.

However, it is critical to mention that the European Commission published a proposal for a directive with regards to the better enforcement and modernization of EU consumer protection on 11 April 2018, as part of its “new deal for consumers” package of measures, which

Who may be considered as consumers under the e-commerce framework?

The Greek Regulator provides a narrow definition for consumer and only includes individuals that act for purposes outside of their trade, business or profession. Small scale businesses however, may still enjoy protection equivalent to that of the individuals, with respect to General Terms & Conditions of the general framework for the consumer protection.

Are there public registration requirements that Internet Service Providers need to comply with to provide services in Greece?

Although, any restriction on the free circulation of services within European market, including previous authorization, is strictly forbidden, Internet Service Providers must be registered with Greek business portal according to Law 4242/2014, article 14, par. 4.

What is the minimum level of information made available to consumers prior to the concluding of a contract via a B2C platform?

A B2C platform must provide factual information to the consumer before the conclusion of the transaction, safeguarding the quality of service provided. Specifically and according to Presidential Decree 131/2003, the following elements must be made available:

• the name of the service provider;
• the address at which the service provider is established;
• the details of the service provider, including their electronic mail address, which allows them to be contacted and communicated in a swift, direct and effective manner. However, parallel-simultaneous communication is not required according to the consistent case-law of ECJ (see directly below) and contact forms would thus also be an adequate alternative to e-mail, provided that the response is given in a reasonably quick fashion and that the customer can choose not to be contacted via e-mail only (Case C‑298/07, Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband eV V. deutsche internet versicherung AG);
• the trade register in which the service provider is entered and their registration number, in case the service provider is registered in a trade or similar public register, or equivalent means of identification in that register;
• the particulars of the relevant supervisory authority, in case the activity is subject to an authorization scheme;
• where regulated professions are concerned:
  - any professional body or similar institution with which the service provider is registered,
  - the professional title and the Member State where it has been granted,
  - a reference to the applicable professional rules in the Member State of establishment and the means to access them;
• the identification number, in case the service provider undertakes an activity that is subject to VAT;
• prices must be clearly and precisely stated, in case information society services refer to prices, and, in particular, clarify whether they include tax and shipping costs;
• the different technical steps needed to conclude the contract;
• whether or not the concluded contract will be filed by the service provider and whether it will be accessible;
• the technical means for identifying and correcting input errors prior to the placing of the order;
• the languages offered for the conclusion of the contract.

In addition to the above, the general provisions for the consumer protection have to apply cumulatively. Therefore, the supplier must: (a) provide information in an appropriate way taking into account the communication means used and (b) deliver confirmation of the executed contract to the consumer.

In case a contract is concluded following a telephone communication, the consumer is bound by the terms of the contract only after signing the offer made by the supplier, or by providing his written approval thereof.

These provisions are mandatory by operation of law meaning that consumers cannot waive their respective rights.

What are the basic conditions for a legally binding online contract?

According to legal theory, in case of on-line transactions, the will to transact shall be assumed as soon as one of the parties, either the trader or the consumer, types on his computer all the necessary elements for a legally-valid offer or acceptance respectively. However, legal doctrine consistently held that a transaction is concluded from the time the person accepts the offer, usually by pressing the “OK” key.

In addition, on the basis of the Presidential Decree 131/2003, the online contract is invalid in case one or more of the following elements are not included in the contract:

• The technical steps for the contract conclusion
• Information about the possibility of archiving of the contract or not
• Mechanism by which the consumer may correct any errors before the placing of an order
• The language(s) in which the contract will be drafted
• Any relevant applicable code of conduct
• Information of the right of withdrawal within 14 days following the contract’s conclusion.

Copies of the general contractual terms must be available to the consumer in a form that can be easily saved and reproduced in order to ensure counterparty’s constant access. This means that the seller’s website, to which the link sent to the consumer connects, allows consumers to store information that is personally addressed to them in such a way that they can access it and reproduce it unchanged during an adequate period, without the seller being able to amend the content unilaterally (Case C-49/11, Content Services Ltd V. Bundesarbeitskammer).

Finally, the validity of the contract depends on whether the service provider acknowledges receipt of the order, without undue delay, via email or other electronic message. The order is considered to have been received, when the consumer is able to access the receipt confirmation.

The full range of the above conditions offer to the consumer the opportunity to understand all the stages of the service completion and provide them with free choice.

How online contracts can be legally concluded?

Greek e-commerce framework recognizes electronic documents as an essential element for the conduct of electronic transactions. Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (the “eIDAS Regulation”) came into force on 1 July 2016. The eIDAS Regulation repealed and replaced the e-Signatures Directive (1999/93/EC), which had been implemented in national legislation with the presidential decree 150/2001, and it is directly applicable in the 28 member countries of the European Union.

A qualified electronic signature is automatically equivalent to a handwritten signature and has the equivalent legal effects when it is issued by a qualified trust service provider and meets the requirements of Annex I of the eIDAS Regulation.

Hellenic Telecommunications & Post Commission – (EETT), is the authority responsible for the control and supervision of certification service providers for electronic signatures that are established in Greece, as well as for ensuring compliance with secure signature creation devices. The EETT is also responsible for the designation and supervision of private or public sector bodies for the accreditation of certification providers, as well as for ensuring compliance with secure signature creation devices.

Is it permitted to block users’ access to websites, in order to repress illegal exploitation of copyrighted works?

Even though the high-profile case “Greek Collective Management Organizations vs. Greek Internet Service Providers” (Court Decision no 13478/2014 of the Athens Single Member Court of First Instance) and the previous “Scarlet” Case Law [Case C-70/10 Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM)] concluded for the prohibition of any measures which would require an intermediary provider, such as a hosting service provider, to actively monitor all the data of each of its customers in order to prevent any future infringement of intellectual-property rights, article 52 of the Law 4481/2017 provided that, if the Committee for the Notification of Copyright and Related Rights Infringement on the Internet finds that a copyright or a related right has been infringed, it shall request from the addresses of the notification to remove the infringing content from the website on which it had been illegally posted or to block the access to it.

In this content, restriction of the free movement of information society services may be allowed, considering that the ex-post installation of a web privacy filter by an Internet Service Provider may be required ad hoc.

Is the sending of unsolicited marketing emails (“spam”), forbidden by law?

The recent General Data Protection Regulation (namely GDPR) strictly forbids the pre-ticked consumer’s consent allowing for contact for any future offers, mandating that consent must be given using “clear, affirmative action”. Furthermore the new Regulation provides that the consent option:

• shall be separate from other terms and conditions;
• allows individuals to consent to some, all or no options;
• states which third parties will be relying on consent;
• be documented, so that the organization has a record of who consented to what;
• give individuals the option to withdraw their consent at any time; and
• not take advantage of an imbalance in the relationship between the individual and the organization (such as an employee and employer or a tenant and a housing association).

What are the ways of payment in B2C platforms? What are the consequences in case of an unauthorised payment transaction?

The most usual payments in B2C platforms are the following:

• Interbank transfer of funds and cash on delivery
• Payment by credit card
• Payment by electronic money and
• Cryptocurrencies

The legal approach of such payments is based on the relevant provisions that govern the respective relationships between consumer, internet service provider and credit institution/ third party payment service provider.

The Legislator has ensured consumer protection regarding the high risk that online payments may follow. Therefore, in case of unauthorized payment transaction via illegal interception of the credit card details, the card issuer is not entitled to claim reimbursement of the funds paid to the consumer, unless otherwise provided in the respective agreement between the parties. However, consumer’s liability shall be limited to the maximum amount of € 50. Of course, the card issuer has the right to pass on the risk of the unauthorized payment to the internet service provider pursuant to a respective agreement conducted between them.

The same limitation applies in case of to electronic payments as well according to the recent Law 4537/2018 that implemented Directive 2015/2366 on Payment Services II (PSD II).

Where cryptocurrencies are concerned, even though they could be used as a payment instrument, they are not regulated under any specific national framework. In this respect, consumer protection seems to be limited.

Does the Greek legislator provide specific protection tools to consumers?

In line with EU legislation, consumers have the right to withdraw from the contract within 14 days following its conclusion, without reasoning and without incurring any penalty.

The right to withdraw is not provided in case of distance marketing of consumer financial services, where the price depends on fluctuations in the financial market outside the trader’s control, such as futures, swaps, equity swaps and options.

What is the degree of liability of Internet Service Providers?

Articles 12-15 of the Presidential Decree 131/2003 limit intermediaries’ liability, provided that they do not influence the context of the content transmitted and/or stored to their systems and that the content is not originated by them, but by a third party, using their systems.

In case of “access providers”, cross checks or active confirmations of the information made available is not provided by law, to the extent that the information is transmitted as originally received.

“Content providers” however, are liable under the general rules of law and in particular under the law concerning torts of the Civil Code and other statutes for the copyright protection, data protection, unfair advertising, unfair competition etc.

Are there any alternative dispute resolution tools for consumers’ disputes?

European e-commerce framework has established the operation of an innovative platform (ODR Platform) for consumers and suppliers as an alternative dispute resolution for consumer disputes without the need to resort to time-consuming and judicial costs.

What is the applicable law in case of cross border e-commerce activities?

National e-commerce framework is commonly considered to consolidate, in the application of private law in electronic commerce, the so-called country-of-origin principle, under which the commercial activities of a company in cyberspace may not be submitted to the application of a legislation other than the legislation of its country of origin, to the extent that the former is more onerous for said company than the latter.

Advertisement of securities, consumer contract obligations and the freedom of contractual choice of law are exempted from the application of the internal market clause.

What are the jurisdiction rules regarding the protection of consumers under e-commerce framework?

In the case of a dispute arisen from an e-commerce service, the question is whether the suing consumer could choose to sue at the court of his habitual residence instead of the defendant’s residence, under art. 16 para. 1 of the Brussels I regulation, and whether the Internet Service Provider could sue the consumer only at his habitual residence under art. 16 para. 2 of the Brussels I regulation.

The answer to the above questions rests on whether the business showed their readiness or their willingness to provide e-commerce offers (and/or other promoting activities) to consumers from other countries; in this case art. 16 para. 1 of the Brussels I regulation shall apply.

ECJ (Joined Cases C‑585/08 and C‑144/09 Peter Pammer V. Reederei Karl Schlüter GmbH & Co KG and Hotel Alpenhof GesmbH V. Oliver Heller) has concluded that the following indicative criteria are suitable in order to conclude whether the business activity was directed to the country of the consumer:

• International character of the activity
• The description of itineraries from one or more other Member States to the place where the service is provided
• Different language, particularly for booking and confirmation, or different currency than the one used in the country of the business
• Telephone numbers with country code
• The use of another top level domain than the one of the business’ country for the domain name
• Mentioning of an international clientele.