A current case before the European Court of Justice (ECJ) focuses on the data protection assessment of email newsletters. Among other things, it concerns the distinction between direct advertising and commercial communication as well as the applicability of the General Data Protection Regulation (GDPR) in relation to the ePrivacy Directive. The central question is: Under what conditions is a newsletter permissible without consent?
Fine for newsletter
The Romanian platform avocatnet.ro is an online medium that publishes daily updates on legal developments in Romania. To gain full access to the content, users can set up a free user account. This account gives them access to a daily e-mail newsletter with legal updates, the so-called "Personal Updates". In addition to the free offer, there is the option to purchase additional paid content as part of a premium subscription.
In 2019, the operator of the platform, Inteligo Media, was fined by the Romanian data protection authority. The accusation was that newsletters were sent without sufficient consent from the users concerned. Inteligo Media rejected the accusations and took legal action against the sanction before the national courts. After the national instances had dealt with the legality of the data processing, the Bucharest Court of Appeal was confronted with complex questions of EU law. It suspended the proceedings and referred several questions on the interpretation of the ePrivacy Directive and the GDPR to the European Court of Justice.
Direct advertising or editorial information?
The legal assessment focuses on the question of whether the newsletter in question qualifies as "direct marketing" within the meaning of Art. 13 (2) of Directive 2002/58/EC. This classification is of considerable importance, as it determines whether the prior express consent of the users concerned is required or whether the exception in Art. 13 (2) applies. In his opinion, the Advocate General of the European Court of Justice comes to the conclusion that the newsletter in the present constellation clearly has the character of direct advertising.
Its reasoning: The newsletter contains regularly sent content that summarizes current legal developments and provides hyperlinks to the full articles on the platform's website. The obvious aim is not only to inform users, but also to actively bind them to the platform. The Advocate General states that the targeted structure of the newsletter is intended to encourage users to make full use of their free monthly quota of articles. This in turn increases the likelihood that users will opt for a paid subscription.
According to the Advocate General, the individualized approach is particularly decisive: the newsletter is sent directly to the personal email address of the respective user and contains content that is relevant to them. In conjunction with the economic objective of the platform to gain paying subscribers, the newsletter thus fulfills all the characteristics of direct advertising in the sense of data protection law. In the Advocate General's view, the combination of editorial appearance and advertising intent makes the classification as direct advertising mandatory.
Digital transactions: What counts as a "sale"?
Another key point concerns the legal definition of the term "sale" in the digital environment. In the traditional understanding, this is associated with the payment of a sum of money. In his interpretation, however, the Advocate General deliberately departs from this narrow definition and takes up the reality of digital business models. It has long been common practice on the internet for users to pay for content or services not with money, but by providing personal data. This includes email addresses in particular, but also usage data or demographic information.
This form of "paying" with data is increasingly being recognized as an economically relevant consideration. In return, the user receives access to certain services - such as additional articles, the subscription to a newsletter or an extended range of functions of a service. This exchange has a clear economic purpose and generates measurable added value for the company offering the service, whether through targeted marketing, user loyalty or monetization by third parties.
The Advocate General argues that such an exchange of data for benefits ultimately fulfills the same functional purpose as a classic sale. He emphasizes that, in the context of data-based business models, a broad interpretation of the concept of sale is necessary in order to do justice to the actual economic context. A restrictive interpretation that only focuses on monetary transactions would not do justice to the digital market and its mechanisms and could lead to significant gaps in data protection. Therefore, a purely data-related transaction must also be qualified as a "sale" within the meaning of the ePrivacy Directive, provided that the purpose of the data collection is associated with an economic advantage for the provider.
Relationship between GDPR and ePrivacy Directive: Who regulates what?
Of central importance for the legal assessment of electronic direct marketing is the interaction between the General Data Protection Regulation (GDPR) and the ePrivacy Directive. Art. 95 GDPR clarifies that the GDPR does not create any additional obligations if provisions with the same objective have already been made by specific provisions of the ePrivacy Directive. This priority rule serves the purpose of legal certainty and ensures that data protection requirements are not unnecessarily applied twice.
In the present case, the Advocate General emphasizes that Art. 13 of the ePrivacy Directive constitutes an exhaustive special regulation for the use of electronic means of communication for advertising purposes. In particular, the provision regulates in detail when prior consent is required for direct marketing by email and under which circumstances such consent can be waived. The GDPR takes a back seat in this respect, as although Art. 6 contains general legal bases for data processing, it does not have the same specification for direct marketing as Art. 13 of the ePrivacy Directive.
In the Advocate General's view, an additional assessment against the standard of Art. 6 GDPR is therefore not necessary in constellations that fall entirely under Art. 13 ePrivacy Directive. This view is in line with the legal principle lex specialis derogat legi generaliThe more specific standard supersedes the more general one if both concern the same subject matter. As a result, this interpretation ensures a clear division of competences between the two sets of rules and avoids potential contradictions in the assessment of electronic advertising under data protection law?
Reading tip: Data protection risks for customer database data in sales and service
Direct advertising vs. commercial communication
In some Member States, the term "commercial communication" is used instead of "direct marketing" when implementing the ePrivacy Directive. This term is defined in Directive 2000/31/EC on electronic commerce and covers all communications which directly or indirectly promote the sale of goods and services or which shape the image of a company. In contrast, the term "direct marketing" is more specific and refers to individually addressed measures for commercial purposes that are aimed directly at individual users.
The Advocate General emphasizes that direct advertising is always also commercial communication, but not vice versa. An illustrative example of this is a general image film or a sponsorship message from a company that is intended to promote the company's public image but is not specifically aimed at individual addressees. Such measures do not meet the criteria of direct advertising, as there is no individualized approach.
The use of different terminology in national transpositions can lead to problems. In particular, there is a risk that national regulations may deviate from the system of EU law if they do not differentiate sufficiently between the two terms. This in turn can lead to inconsistent interpretation and application of data protection regulations within the EU, which poses considerable challenges for companies and ultimately impairs legal certainty in the European internal market.
Newsletters as direct advertising: practical relevance for companies
The decision of the European Court of Justice on the admissibility of newsletters under data protection law and the interpretation of Art. 13 para. 2 of the ePrivacy Directive will have a significant impact on business practice. Companies that engage in email marketing or offer personalized digital services are responsible for reviewing their data processing procedures in light of this legal development. In particular, this concerns the question of whether the explicit consent of the data subject is required or whether data processing can be based on a legal exception.
For platform operators and media companies, this specifically means that the handling of user data - even in the context of seemingly non-binding offers such as free newsletters - must be designed in compliance with data protection regulations. In particular, care must be taken to ensure that data subjects are informed clearly, comprehensibly and transparently about the purpose of the data when their email address is collected. It is equally important that users are provided with simple and accessible options for rejecting or unsubscribing from advertising measures (opt-out) at any time.
Companies should also check particularly carefully whether their newsletters, information services or other email communications are to be classified as direct advertising. The decisive factor here is not only the external appearance of the message, but also the purpose pursued with it. In particular, if hyperlinks or accompanying references are intended to promote the use of fee-based offers.
Regulatory authorities have a duty
For the supervisory authorities, the present case results in a clear obligation not only to apply the legal bases precisely when imposing data protection sanctions, but also to ensure that the reasons given are detailed and comprehensible. The criteria of Art. 83 (2) GDPR - such as the type, severity and duration of the infringement - must be clearly included in the decision. This is the only way to ensure differentiated, proportionate and court-proof fines that do justice to both the protection of data subjects and the legal certainty of companies.
Overall, the proceedings show that the legally compliant handling of electronic advertising and digital customer contact remains a demanding challenge that requires not only technical but also legal expertise. Companies and authorities alike are required to implement data protection regulations not only formally, but also in terms of their practical effect.
ECJ ruling on newsletters still pending
The Advocate General's opinion strengthens legal guidance in the area of email marketing. It clarifies the conditions under which direct advertising by email is permissible and how the terms "sale" and "consent" are to be understood in the digital context. The procedure is particularly important for companies in the online sector, as it clarifies the boundaries between permitted advertising and the obligation to obtain consent.
However, it should be noted that the opinion is a legal assessment that is not binding on the Court of Justice. The final decision of the European Court of Justice is still pending. It will clarify the extent to which the Court follows the Advocate General's reasoning - and thus define the legal framework for electronic direct marketing in Europe in a binding manner.
Source: Opinion of the Advocate General of the European Court of Justice on Case C-654/23
Do you still have questions about email marketing, GDPR and ePrivacy? Then get in touch with our experts! We always find a solution.
☎️ +49 (228) 926165-100
📧 info@2b-advice.com
English 
German 
Italian 
French