E-commerce: How do I inform my customers correctly?

One of the main obligations of providers of ecommerce solutions (e.g. web shops, platforms, etc.) is to provide customers with comprehensive and complete information. The information obligations (regulated by European and national law) are complex and implementing them can be challenging.

In a recent case decided by the Austrian Supreme Court, the obligation to inform the buyer about the existence of a legal warranty for the goods and, if applicable, about the existence and conditions of commercial guarantees, was at issue.

The Association for Consumer Information (Verein für Konsumenteninformation) (the "Association") sued a company operating in Austria, taking the position that the conditions of product guarantees in the web shop must be printed in full for each product. The view taken by the Association would have meant that every web shop operator in Austria would be compelled to redesign its web shop in such a way that any manufacturer's guarantees for a product are stated in full in the presentation of every product. The Association also did not want to allow pop-ups or links. This would have meant that in some cases page-long guarantee texts would need to be provided in full text for each product.

In our view, this would have been massively counterproductive. Web shops would become harder to use without any benefit for the consumer. Of course, it is important and sensible to make the text of the guarantee conditions available to consumers. Why the Association did not want to allow this by means of a clearly visible link to a PDF remains a mystery.

Fortunately, the Austrian Supreme Court corroborated our opinion. The legal information obligations do not fundamentally prohibit the provision of information on guarantees in general terms and conditions or pop-up windows. However, the website must be designed in such a way that, in connection with the product presentation, it is ensured that the consumer is informed with sufficient clarity and in good time about the place where the information can be found and the type of information.

Conclusion: The provision of information is important and the overall design of the web shop must satisfy legal requirements. Make sure to have your e-commerce presence checked by your lawyer, including in terms of the overall design.

Schoenherr's "technology & digitalisation" group ( is made up of specialised lawyers from all over CEE, striving to improve the way technology-related challenges can be tackled. With our newsletter we want to a give a brief outline of the current and important topics in this area. If you are interested follow us on LinkedIn.

Wolfgang Tichy and Serap Aydin

Schoenherr's "technology & digitalisation" group ( is made up of specialised lawyers from all over CEE, striving to improve the way technology-related challenges can be tackled. With our newsletter we want to a give a brief outline of the current and important topics in this area. If you are interested follow us on LinkedIn.

To the Point:

  • Austria: Details on start-up rescue scheme published

    Austria is helping start-ups. In a first step, start-ups can double fresh equity up to EUR 800,000 by obtaining a contribution from the Austrian promotional bank AWS. The main requirements are:

    • Minimum contribution: EUR 10,000; maximum contribution: EUR 800,000;
    • The start-up qualifies as a micro or small enterprise (Kleinstunternehmen oder Kleinunternehmen) and is not older than five years (date of registration) - this is required under EU state aid laws; very young startups (established prior to 15 March 2020) are excluded;
    • Only fresh equity counts; fresh equity is essentially equity that was provided to the start-up after 15 March 2020; equity that was provided before that date (but after 15 September 2019) only counts if at least 75% of the total funds are provided after 15 March 2020. The funds must have been actually provided (paid and received), not only committed;
    • Equity-like funds (e.g. convertible loans) also count under certain circumstances;
    • Funds provided by certain related parties (majority shareholders, managing directors and their relatives) and public bodies do not count;
    • The start-up must be innovative (as defined by the AWS guidelines);
    • Important: The contribution is repayable if the start-up generates an annual profit (Jahresüberschuss); in such a case, up to 50% of the profit must be used for repayment. The obligation to repay lapses after ten years. Upon the sale of the company (majority sale or 100% sale), the contribution is fully repayable;
    • No interest accrues on the contribution.

    For more details, please visit (German only).

    Thomas Kulnigg

  • Platforms in increased antitrust spotlight

    Over the past years several regulators in Europe have questioned the effectiveness of existing competition rules in digital markets. In recent weeks and months, they have been zooming in on online platforms. Following a study commissioned by the Dutch Ministry of Economic Affairs and Climate on the possible regulation of digital platforms with gatekeeper positions, which culminated in the "Dutch Position", the European Commission has published the terms of reference for a study on platforms acting as gatekeepers. Shortly afterwards, the French competition authority launched a public consultation on the role of large digital platforms in payment services. All these studies centre around the following questions: Does the current toolbox suffice to ensure effective competition on platforms (as opposed to competition between platforms) or is ex-ante regulation needed to this end? If so, how should such regulation be devised? If not, does the existing toolbox require refinement? In this vein, the Austrian Telecoms Regulatory, with the support of the Austrian competition authority, recently published a paper (in German only) on how to monitor digital platforms, including an assessment toolbox. Stay tuned because the spotlight will not go away any time soon.

    Christoph Haid

  • Fit for Future - EU Commission launches platform

    In 2015, the EU Commission set up the REFIT Platform (Regulatory Fitness and Performance Programme). The Fit for Future Platform succeeds REFIT. A high-level group of experts will help the EU Commission to simplify EU laws and reduce bureaucratic hurdles, also by considering digitalisation, trends and developments.

    Bureaucracy is currently one of the main complaints of large, mid-sized and smaller companies across CEE. The current COVID-19 crisis has led to new short-time work and government aid programmes. All these programmes have one thing in common: huge amounts of paperwork.

    The Platform will bring together Member States' representatives, the Committee of the Regions, the European Economic and Social Committee, and stakeholder groups. In a later stage the wider public and stakeholders will be able to provide input. It remains to be seen whether the Fit for Future Platform will successfully recommend noticeable improvements for EU citizens and companies and how digitalisation will be used to achieve these improvements.

    Sara Khalil

  • The European Parliament: Legal regime for AI in the works

    Both the European Commission and the European Parliament are undertaking more consistent activities to provide a new legal regime for Artificial Intelligence. The White Paper on AI adopted by the European Commission, together with the "Liability for Artificial Intelligence and Other Emerging Digital Technologies" report, serve as an excellent base for further research and implementation of new AI-related provisions. Back in 2017, the European Parliament issued its Recommendations on Civil Law Rules on Robotics (available here: which was quite generic and referred more to general principles such as Asimov's laws. However, on 4 May 2020, the European Parliament issued the Draft Report with recommendations to the Commission on a civil liability regime for artificial intelligence which focuses on more practical solutions for the AI legal regime. The Draft Report suggests dividing AI into separate categories depending on the risk they pose. High-risk systems would be subject to "strict" liability according to which the deployer of a high-risk AI system should be strictly liable for any harm or damage that was caused by a physical or virtual activity, device or process driven by that system. The low-risk systems would still be subject to fault-based liability. The Draft Report contains an exhaustive list of systems which should be considered high-risk, including vehicles with automation levels 4 and 5, autonomous traffic management systems, autonomous robots and autonomous public places cleaning devices.

    Daria Rutecka

  • Czech Smart Quarantine project being monitored closely

    The Czech Office for Personal Data Protection (the "Office") has repeatedly commented on the Smart Quarantine project launched by the Czech Ministry of Health, based on Government Resolution No. 250 dated 18 March 2020. The Smart Quarantine is a bundle of anti-COVID-19 measures which involves the processing of location data of people infected by the novel coronavirus. Mobile operators and banks are obliged to report the location data of infected people to authorised subjects (the Ministry of Health or a Regional Hygiene Station), provided that an infected person consented to such transfer of their data ("traffic and location data" and "data about the time and place of use of an electronic payment instrument"). The Office repeatedly raised privacy concerns and invited the Ministry of Health to submit documentation for the Smart Quarantine project.

    Eva Bajáková

  • Slovenia: Tech M&A alert! Foreign investments screening soon to be in force

    The draft of the third Anti-COVID-19 legislative package ("PKP3") published by the Government of Slovenia contains, among other measures, a regime for the screening of foreign investments, a novelty in the Slovenian regulatory landscape.

    Among other industry sectors, the screening regime targets investments in dual use technologies (referencing Regulation 428/2009 on EU export controls), such as artificial intelligence, robotics, semiconductors, cybersecurity, aerospace, defence, energy storage, quantum and nuclear technologies as well as nanotechnologies and biotechnologies. Significantly, the draft catches not only capital inflows from third countries but also from other EU Member States.

    The draft is set to become law on 1 June 2020 and may undergo significant revisions. Schoenherr's Slovenian team is monitoring the developments closely and will prepare a longer overview of the regime as soon as it emerges in its final form.

    Jurij Lampic and Eva `kufca

  • P2B Regulation and possible implications on e-commerce in Bulgaria

    Delivering on its promise to address the increasing discrepancies between smaller business users and online platforms, by reinforcing the rights of the former, the EU adopted the so-called "P2B Regulation". Its main purpose is to restrict certain unfair contracts and trading practices of platforms and thus to create a fair, transparent and predictable online environment. As the P2B Regulation will come into direct effect in all Member States on 12 July 2020, both platforms and business users must be properly acquainted with their rights and obligations under the new Regulation. This article presents a brief overview of the newly introduced obligations of online platforms and possible implications for e-commerce in Bulgaria.

    Kristina Chakarova

  • Czech Republic: Crowdfunding can help businesses overcome COVID-19

    During the COVID-19 pandemic, the focus of crowdfunding collections in the Czech Republic has adapted to market demand. Investors helped fund the production of face masks or ventilators and supported self-employed people affected by the government measures. Several interesting projects to support start-ups, businesses in tourism, hairdressers, owners of cafés or restaurants, but also theatres, concert halls, galleries and individual artists were established.

    Visit our blog to learn more!

    Rudolf Bicek

  • Study on digital change in legal advice

    A recently published study on the digital change in legal advice deals, among other things, with the expectations lawyers have of their future working methods facing digital change. The study with 168 interviewed lawyers in Austria reveals that (i) job requirements will continue to change in the coming years, (ii) digital knowledge management will become increasingly important, (iii) the need for legal advice on IT-specific topics will increase, and (iv) not all areas of legal advice can be replaced by digital solutions. Almost all the participants considered digital concepts in legal advice to be important, but there is still room for improvement in the development of digital skills among lawyers.

    Maximilian Nutz

  • Cookies - Say: "I do"

    The recent update on the European Data Protection Board's (EDPB) guidelines on consent (05/2020; the "Guidelines") had a specific aim: to provide more clarity on (i) consent icw - so-called "cookie walls" and (ii) consent by scrolling through a website. Since cookies are generally regulated by the ePrivacy Directive (2002/58/EC), the scope of powers of the EDPB might be questioned. However, the EDPB argues that it does not impose "additional obligations" on the data controllers, but rather gives guidance for assessing the preconditions of lawful processing. Thus, the GDPR conditions for obtaining consent are applicable in situations falling within the scope of the ePrivacy Directive.

    The elements of valid consent are clear: consent must be freely given, specific, informed and by ways of unambiguous indication of the consenting person.

Cookie walls

Cookie walls are barriers which prevent users from accessing a website or mobile apps unless the user "swallows" the cookie. The EDPB stressed in the Guidelines that this "take it or leave it" situation is not in compliance with the consent requirements of the GDPR. Consent cannot be considered freely given if obtained in this way. In the new (clarifying) Recital 38 of the Guidelines, the EDPB goes one step further. The argument which is frequently put forward by controllers is that users are free to consent because they may also choose equivalent services by other providers. Since this means that the freedom of choice depends on the behaviour of other market players, consent cannot be considered freely given. Hence, according to the EDPB, obtaining consent by relying on an alternative option offered by third parties does not comply with the GDPR.

Scrolling through websites

Another argument used in practice is that consent is given by the individuals as they scroll or swipe through the website. According to the EDPB, such activity on the user's website "will not under any circumstances satisfy the requirement of a clear and affirmative action" (Recital 86 of the Guidelines). Such activity cannot be distinguished from the user's other interactions. Furthermore, it would be made more difficult for the user to withdraw consent than to grant it. Thus, consents obtained by having users scrolling through the website fails to comply with the GDPR requirements, since there is no clear and unambiguous affirmative action of the user.


A consent stress test should focus on all the above-mentioned elements of valid consent, otherwise it is not worth the paper it is printed on or the screen it is displayed on.

Veronika Wolfbauer

Originally published 29 May, 2020

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.