By a decision held on 25 January 2017 (C-375/15), the Court of Justice of the European Union (CJEU) clarified the question of information (in electronic format) that payment service providers (such as banks) convey to their customers to e-banking secured mailboxes as part of an online banking website.
Without being a ground breaking decision, this recent judgment of the CJEU provides an interesting insight and clarification regarding the possibility and conditions regarding the use of e-banking secured mailboxes as durable medium for the provision of information.
The decision of the CJEU followed a dispute related to online services offered by BAWAG PSK bank (BAWAG), which took place in Austria. The terms and conditions governing the relationship between BAWAG and its customers contain a provision allowing BAWAG, where a customer has agreed to e-banking, to transmit notices and statements (in particular account information, account statements, credit card statements but also notices of changes) to an e-banking secured mailbox accessible via the customer’s personal space.
The CJEU was asked to examine whether changes to the terms and conditions (framework contract) may be notified via the e-banking secured mailbox of an online banking website in light of the Directive 2007/64/EC of 13 November 2007 on payment services (PSD).
The PSD provides that any amendment of a framework contract1, must be provided to the customer on a durable medium (articles 41(1) and 44(1)).
The CJEU has clarified the two requirements deriving from articles 41(1) and 44(1) which provide namely:
the use of a durable medium which must contain the information concerned; and
the fact that the information must be “provided” to the payment service user.
Use of a durable medium
Durable medium is defined in the PSD as “any instrument which enables the payment service user to store information addressed personally to him in a way accessible for future reference for a period of time adequate to the purposes of the information and allows the unchanged reproduction of the information stored.”
Recital 24 of the PSD further provides that an Internet site may constitute a durable medium “as long as such sites are accessible for future reference for a period of time adequate for the purposes of information and allow the unchanged reproduction of the information stored.”
In light of the above and in the same vein as in previous judgments2, the CJEU concluded that for the information to be considered as being in a durable medium, the website:
must allow the user to store information addressed to him personally in such a way that he may access it and reproduce it without alteration for an adequate period of time (requirement of storability), and
any possibility that the service provider or another professional could change the content of the relevant information unilaterally must be excluded (requirement of integrity).
Based on that second criterion, one may argue that documents accessible in the e-banking secured mailbox that are (inter alia) in pdf format, which are available for a sufficient period of time (that should be indicated to the customer) and that may be downloaded, saved and printed should meet the above-mentioned criteria.
Information “provided” to the user
Providing the information to the user means, according to the CJEU, that “the transmission of that information is accompanied by active behaviour on the part of the provider” in order to draw the attention of the customer to the existence and availability of the information3.
In other words, the service provider is entitled to send information to the e-banking secured mailbox at the disposal of the user as long as it has taken additional active steps to draw the user’s attention to the existence and availability of that information in the e-banking secured mailbox.
A mail, SMS or e-mail on the customer’s traditional address could for example be envisaged to fulfil this obligation.
The obligation made to the service provider to “provide information” is to be distinguished from the situation where the PSD simply requires having the information “made available” to the customer (e.g. regarding executed payment transactions). In the latter case, the customer shall take the active steps to obtain the information (such as actively consulting its e-banking mailbox). The service provider is not required in that situation to take additional steps.
It is important to note that the concept of “durable medium” and the obligation to “provide” certain information is not limited to PSD but is present in several other EU legislations – especially legislations to the benefit of consumers (MiFID, Consumer Credit Directive, etc.) so that the impact of this decision goes beyond the provision of payment services.