The “tried and tested” public enforcement measures known from data protection legislation under the EU’s GDPR are now being enlisted in civil and unfair competition law: since 28 May 2022 infringements of consumer protection regulations have been subject to fines of up to 4% of annual revenues.

New regulations on fines: Private enforcement vs public enforcement

With the EU Modernisation Directive (Directive 2019/2161/EU), the EU created a public enforcement model for numerous consumer protection regulations. It thus follows the predominant European approach in which regulations are effective only if enforced by national authorities. Up to now, Germany has largely preferred to uphold consumer rules through private enforcement. There, the focus is on granting injunctive relief to consumer protection associations and competitors as a way of putting an end to anti-consumer practices.

The German legislature implemented the European requirements in the administrative fine regulations of Art. 246e EGBGB and Secs. 5c, 19 of the German Act against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb – UWG] to be adopted from 28 May 2022. Acts for which entrepreneurs generally “only” faced a warning or an action for injunctive relief will now also be subject to fines once these regulations come into force.

The level of fines is staggered: companies having generated revenues of more than 1.25 million euros in the previous financial year  run of risk of a fine as high as 4% of annual revenues. The level of annual revenues may be determined by way of estimate. If no basis for an estimate exists, the fine will be 2 million euros maximum. In other cases, a infringement may be punishable by a maximum fine of 50,000 euros.

Which practices are now subject to fines?

Art. 246e EGBGB defines a total of 15 prohibited practices which are based on the EU Unfair Contract Terms Directive (Directive 93/13/EEA) and the EU Consumer Rights Directive (Directive 2011/83/EU). Of considerable practical relevance is the use of general terms and conditions infringing a prohibition of contract terms whose invalidity is not subject to appraisal (e.g. invalid limitation of liability). Other prohibited practices include non-compliance with certain duties to inform (e.g. failure to confirm a distance selling contract on a permanent data carrier), later deliveries (e.g. non-compliance with agreed delivery periods) or the failure to confirm receipt of a revocation (e.g. failure to confirm a revocation received via the website on a permanent data carrier).

In terms of their starting point, the practices prohibited in Sec. 5c UWG are set out in the UCPD Directive (Directive 2005/29/EC). Fines will now also cover a infringement of the UPCD “blacklist” items (anti-consumer commercial practices which are always impermissible; e.g. unauthorised use of a quality seal). Likewise, aggressive practices (e.g. persistent solicitation) and misleading commercial practices (e.g. advertising with price reduction if price was charged only for an unduly short period of time) are also deemed infringements of unfair competition legislation and are subject to fines.

European specificities: Widespread infringement and coordinated enforcement mechanism

Not every infringement results in a fine. All infringements must do harm to the collective interests of consumers residing in at least two other Member States, referred to as “widespread infringement” pursuant to Article 3(3) Consumer Protection Cooperation (CPC Regulation; Regulation 2017/2394/EU). For that reason, a single infringement of a prohibition does not yet suffice. By contrast, an infringement is to be deemed widespread in the case of a structural infringement (e.g. an online store providing goods and services in at least two other Member States and using general contract terms which are invalid according to Sec. 309 of the German Civil Code [Bürgerliches Gesetzbuch – BGB]).

Moreover, infringements may be prosecuted only in a coordinated enforcement measure between the competent authorities of the Member States concerned (Article 21 CPC Regulation). I.e. the competent authority for Germany – the Federal Office of Justice – must coordinate with the other authorities to impose a fine. It is not possible for a Member State to act in isolation.

Need for action

For companies with B2C business, the risk of fines is higher. Particularly in the case of cross-border activities, standardised processes should be reviewed for compliance with consumer protection rules. It remains to be seen whether the new provisions on fines will lead to an upheaval with companies similar to the one seen when the GDPR entered into force. That is something that will depend to a decisive extent on the cooperation between the various Member State authorities.