Sponsored By

Apps and Digital Games: Complying with the new consumer protection laws in Europe

The Consumer Rights Directive (2011/83/EU – “CRD”) has introduced quite a few new provisions specifically addressing the distribution of digital content like apps, digital games and any kind of digital content. Here is an overview on how to comply:

Konstantin Ewald, Blogger

October 6, 2014

19 Min Read

The Consumer Rights Directive (2011/83/EU – “CRD”) has introduced quite a few new provisions specifically addressing the distribution of digital content like apps, digital games and any kind of digital content. In theory, the idea of implementing special regulations for digital businesses is not a bad one. But in practice there are some serious pitfalls to consider. 

The new consumer rights are largely harmonised within the EU and member states have little discretion for implementation – which means that the new regulations that came into force in June 2014 are almost identical in all countries of the European Union. However, Germany has a special status to some extent: The CRD was widely inspired by German law. As a result, Germany already has experience with many of the CRD’s regulations and German case law could be a blueprint for future European court decisions.

Therefore, it is worth taking a deeper look into the legal situation in Germany.

New consumer rights for apps, digital games and other digital content

The CRD has introduced several new obligations which affect publishers of apps, digital games and all kinds of digital content. The most important are several new duties to provide information about products and their features as well as the revised right of withdrawal, which now explicitly includes digital goods.

Digital goods and the right of withdrawal

As a basic principle, consumers are entitled to withdraw their contractual statement within 14 days after they entered the contract – without any obligation to give any reason. If the consumer cancels the contract he loses the right to use the purchased item and the seller has to refund the full price. In other words: Every sale is in principle temporary until the 14 days cancellation notice period has passed.

The period of 14 days is now harmonised and applies equally in all member states of the EU. However, it can even be extended if certain formal requirements, such as duties to provide certain information in a certain way, are not met precisely.

The right of withdrawal now also explicitly applies to digital goods such as apps, games, in-game items or any other virtual purchases. Obviously, it is not always possible to actually “return” a digital item. And even if it is – in most cases it would be impractical to allow users to return their items for a full 14 days. Fortunately, the CRD implemented a way to effectively exclude the right of withdrawal.

According to Article 16 (m) CRD, the right of withdrawal terminates immediately after the contractual performance has begun, if the user has expressed their consent. So it is possible to exclude a right of withdrawal for digital goods. But this solution has one catch: It requires the users’ consent.

It has not yet been decided by the courts whether such consent needs to be explicit or whether it would be sufficient to obtain the consent within general terms and conditions. However, the CRD requires that users “express” their consent which implies at least some kind of action. Therefore, the exclusion of a right of withdrawal probably requires a dedicated checkbox or some equivalent means. Not surprisingly, also consumer watchdog organisations and certification bodies have taken this conservative position.

So whenever possible, publishers should require from their users to declare their explicit consent to immediately begin with their contractual performance. Additionally, users need to be informed that this operates as a waiver of their right of withdrawal.

Mandatory information

The CRD also requires publishers to provide a variety of information about the offered product, the purchase process and company information. The most important new obligations are to provide information about the exact functionality and interoperability of digital goods as well as information about technical protection measures.

Publishers should provide this information on the game description page. We recommend providing at least the following information:

  • System requirements and technical restrictions (e.g. “Requires Android 4+ and internet connection”)

  • Details on the core features (e.g. “3D action shooter – includes 7+ levels, 10+ different characters, 8+ weapons, chat feature”)

  • Details on known limitations that customers should be aware of (e.g. “Does not work on Sony Xperia phones”)

  • Detailed information about in-app sales for freemium apps or games (e.g. “Additional weapons may require payment; character level beyond 10 requires paid add-on”)

  • Information about TPM (e.g. “Requires registration”; “Cannot be installed on multiple devices”)

Furthermore, the following information should be provided:

  • Clear and unambiguous prices including VAT

  • Information that VAT is included in the displayed price

  • For subscriptions: Potential costs that may incur in the future

Additionally, there is more mandatory information that does not specifically address digital items but is nevertheless important to consider:

  • Name and geographic address of the publisher’s company

  • Contact information (e-mail and phone)

  • VAT number

  • Register and registration number

This information should be made available on the publisher’s website, the distribution platform and within the app or game as well, e.g. in the credits section. The information must be continuously available and easy to find. German courts have held that a user must never be further than two clicks away from this information anywhere on a website. If publishers fail to fulfil these duties, the legal requirements cannot only be enforced by consumer watchdogs and competitors with written warning letters or court proceedings. Depending on the violated law, it can also lead to extended customer rights, for example a right to withdraw from a contract up to a year after the initial purchase.

The above list is not exhaustive. There are many more regulations that only apply in certain cases, for example if financial transactions or certain goods are involved. Furthermore, there are several national regulations such as data privacy or youth protection that publishers should keep in mind.

As of 2015 there are also new tax regulations regarding VAT in the European Union apps and games publishers should have on the radar.

Responsibility when distributing digital goods through third-party app stores and digital platforms?

But who is actually responsible for ensuring compliance with consumer rights when publishers distribute their products through third-party platforms such as app stores or online distribution platforms for games? This question is trickier than it seems. In fact, it is one of the key issues for digital distribution.

In general, the person responsible for complying with consumer rights is the vendor of the product. Who is the vendor of an app or a game on a game distribution platform like Steam?

The situation is fairly easy if the operator of the distribution platform unambiguously acts as the vendor – i.e. if the operator is distributing apps or games in its own name and on its own account. Then the platform operator is also responsible for compliance with consumer rights. Publishers should keep in mind, though, that they often stay responsible for any compliance issues in the context of their in-app or in-game sales as the relevant contracts are made with the publisher and not with the platform.

The situation gets even more complicated, if the platform, as usual, states to solely act as an agent or commissionaire for the publishers. In this case the publishers are the vendors of their products, although the customer might have a different impression when purchasing digital goods.

For example, if you want to buy an app at Apple’s AppStore, you first have to create an account – with Apple. Then you have to provide your payment information – to Apple. Now you can browse the AppStore – provided by Apple. If you choose to buy an app, you have to accept the terms and conditions – of Apple. After that, the payment is processed – by Apple. And finally the app is being installed on your device – by Apple.

However, Apple’s terms and conditions, similar to other app store and platform terms and conditions, clearly say that Apple itself does not sell any third-party apps but solely acts as an agent or commissionaire. Moreover, product pages in Apple’s app store clearly disclose the publisher as “seller” of his app – despite the different first impression of the customer.

All in all, one has to come to the conclusion that apps are indeed sold by their publishers in this constellation. Accordingly, solely the publishers as the vendors of the apps and games are responsible for the compliance with the new consumer laws.

This leads to a serious problem: Neither app stores nor gaming platforms usually allow publishers to actually implement many of the legal requirements. For example, publishers have only limited control on how their game or app is presented to the customer and practically no control over the design of the purchase process on digital distribution platforms such as checkboxes to avoid a right of withdrawal for apps or digitally distributed games resulting from distant selling laws.

How to ensure compliance on third-party digital distribution platforms?

This situation seems like a déjà vu. eBay sellers had similar problems back when eBay had not yet implemented all required features to fully comply with consumer rights. The common recommendation then was: Do not just lean back and wait. Instead, demonstrate best efforts to be as compliant as possible with consumer rights. This motto still holds true today.

An idea on how to practically implement this comes from the working group of German data protection watchdogs who recently published a guideline for app developers on how to ensure data protection compliance. The guideline addresses, inter alia, the problems with digital distribution platforms and suggests integrating the required information into the product page in the respective app store and, additionally, within the app itself. If there is not enough space for all information, publishers can use links to websites providing the required information.

This data protection guideline is also a reasonably passable route for ensuring compliance, at least with information duties resulting from consumer protection regulations.

Furthermore, publishers can and should consider the new consumer rights when designing their in-game and in-app sales processes. In particular, the user should be provided with all required information before the actual purchase is made. Additionally, publishers should obtain the users’ explicit consent that the items or services are provided instantly after the purchase with the consequence that they lose their right of withdrawal.

The fact that publishers do not have any influence on how exactly the right of withdrawal is implemented in app stores or game platforms may even work as a defence in court if consumer protection organisations were to start considering them as responsible for the compliance with this specific aspect of consumer protection regulations. After all, it seems unreasonable to blame publishers for something they do not have any influence on.


Publishers should definitely have the new consumer rights on their agenda. Failure to comply with them can lead to serious consequences, but most of them are more or less easy to implement.

However, things can get complicated on digital distribution platforms. Unless the platforms expressively act as vendor for the apps and games, we have the quite unsatisfying situation where full compliance requires a close cooperation between publishers and platforms without having clear responsibilities. Fortunately, there are at least ways for publishers to limit the risk.

co-author: Tim Maiorino, Osborne Clarke

Read more about:

Daily news, dev blogs, and stories from Game Developer straight to your inbox

You May Also Like