The EU Representative Actions Directive (“RAD”) was meant to have been transposed by all EU member states by December 25, 2022. However, the EU Commission announced on January 27, 2023, that only three out of the 27 EU member states have properly transposed the RAD into their national legislation as required, and that it will now start issuing formal notices to the remaining countries to transpose the RAD as soon as possible.

As reported in our previous blog post, the RAD aims to harmonize member state frameworks on collective actions (i.e., whereby multiple claimants may lodge a claim or claims as a group) across the EU. It sets minimum requirements with respect to collective actions on a wide range of topics, including data protection matters (see also our blog post on the implications of RAD for data protection infringements and our separate blog post on the Court of Justice of the EU’s interpretation of Article 80(2) GDPR on data protection-related collective actions). This blogpost provides an overview of the RAD and its implementation status by EU member states.

Background

The RAD came into force on December 24, 2020 with the objective of introducing a common framework and approach to collective actions across the EU. Since the RAD takes the form of a directive, all EU member states had a period of 2 years ― until December 25, 2022 ― to transpose it into their national legislation.

The main takeaways of the RAD are as follows:

  1. The role of qualified entities. Collective action proceedings may be brought before national courts by qualified entities designated by their member state, who may seek injunctive relief and/or redress measures, including compensatory relief, reimbursement for damage, price reductions and/or product repairs, on behalf of consumers. However, punitive damages may not be claimed. These entities must be independent, non-profit organizations whose statutory purpose reflects a legitimate interest in protecting consumer interests.
  2. Cross-border collective actions. The RAD provides for cross-border collective actions, where a qualified entity brings an action in a member state other than that in which it has been appointed a qualified entity. An action can be brought by several qualified entities from different member states in order to protect the collective interests of consumers in different member states.
  3. National courts dismissal of certain claims. EU member state courts or administrative authorities may dismiss “manifestly unfounded cases” at the earliest stages of proceedings in accordance with national procedural rules.
  4. EU member states decide how consumers are represented in collective redress actions. The RAD allows EU member states to choose whether collective actions operate on an opt-in basis ― i.e., consumers must explicitly agree to be represented by the qualified entity ― or opt-out basis ― i.e., consumers must explicitly declare their desire not to be represented by the qualified entity ―, or a combination of both. Consumers who are not habitually resident in the member state of the court or administrative authority adjudicating the dispute have to express their affirmative wish (i.e., opt-in) to be represented in that action.
  5. Information about collective actions. Qualified entities must provide information, in particular on their website, about the collective actions they have brought before a court or administrative authority, as well as their status and outcome.

Implementation Status

With the transposition of the RAD, all member states will have to provide for a collective action framework that allows consumers, as a group, to seek redress such as compensation and injunctive relief. This will materially alter the existing EU landscape with respect to such actions.

Several member states already had in place collective action regimes, such as France, the Netherlands, Denmark, Belgium, among others.  However, only three countries have fully implemented the RAD into their national legislation to date: Hungary, Lithuania, and the Netherlands. Most of the other member states, despite being close to transposing the RAD, must engage in further legislative or procedural reforms.

Below, is an overview of the different ways member states have or are planning to implement the RAD:

  • The Netherlands strengthened its rules related to cross-border collective actions with the designation of qualified entities from foreign jurisdictions that will be allowed to bring cases before Dutch courts. It provides for an opt-out option for domestic collective actions raised on behalf of Dutch injured parties, and has changed its current legislation to provide for opt-in option for cross-border collective actions raised on behalf of foreign injured parties.
  • The Irish draft implementing law will expand the concept of qualified entities to consumer claims from sole traders and SMEs, provide a detailed explanation as to the designation of qualified entities, and offer an opt-in mechanism for both domestic and cross-border collective actions for redress measures. However, in the case of injunctive relief on behalf of consumers, qualified entities can seek such a relief on an opt-out basis.
  • The German draft bill introduces the concept of collective action for redress (the current rules only allow for bringing declaratory actions before the courts) and provides narrow limits to third party funding. It provides for an opt-in option, with the particularity that any action will require a minimum of 50 affected consumers (and the qualified entity will need to be able to demonstrate that such requirement is being met).
  • In Luxembourg, the draft bill provides that an opt-in option can be applicable where the collective action relates to compensation for bodily injury, non-pecuniary damages or if the consumer affected by the damage resides in another member states (i.e., cross-border collective action). The draft bill goes beyond the RAD by accepting individual consumers to pursue collective actions (and not only qualified entities).
  • The Spanish draft bill establishes a combination of opt-in and opt-out options. For redress measures, the opt-out mechanism is offered, but an opt-in system must be followed in the case of consumers that have their permanent place of residence outside Spain, i.e., cross-border collective action.
  • Spain, Germany and Ireland’s draft implementing laws (as most EU countries) will also establish a national register of collective actions that will be available to the public to see the current status of each collective action occurring on their respective territory.

Overall, most member states are in the first or second stages of transposing the RAD as they are either preparing a first draft of the bill (like France) or debating it in the Parliament (like Ireland, Denmark and Germany).

On January 27, 2023, the European Commission announced that it will start infringement procedures and send formal notices to all 24 EU member states that did not transpose the Directive on time, which are Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Cyprus, Denmark, Estonia, Finland, France, Germany, Greece, Italy, Ireland, Latvia, Luxembourg, Malta, Poland, Portugal, Romania, Slovenia, Slovakia, Spain, and Sweden. These member states will have to submit to the European Commission a detailed description of the current status of their RAD transposition. They have until June 25, 2023, to fully transpose the Directive.

***

Covington’s Data Privacy and Cybersecurity Team will continue to monitor the transposition of the EU Representative Actions Directives in EU member states. Our team is happy to assist with any inquiries relating to data protection collective actions in the EU, and other tech regulatory matters.

Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as Privacy International and the European security agency, ENISA.

Photo of Kristof Van Quathem Kristof Van Quathem

Kristof Van Quathem advises clients on data protection, data security and cybercrime matters in various sectors, and in particular in the pharmaceutical and information technology sector. Kristof has been specializing in this area for over fifteen years and covers the entire spectrum of…

Kristof Van Quathem advises clients on data protection, data security and cybercrime matters in various sectors, and in particular in the pharmaceutical and information technology sector. Kristof has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies concerning the lawmaking, to compliance advice on the adopted laws regulations and guidelines, and the representation of clients in non-contentious and contentious matters before data protection authorities.

Photo of Anna Oberschelp de Meneses Anna Oberschelp de Meneses

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.  Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.  Anna advises companies on European data protection law and helps clients coordinate…

Anna Sophia Oberschelp de Meneses is an associate in the Data Privacy and Cybersecurity Practice Group.  Anna is a qualified Portuguese lawyer, but is both a native Portuguese and German speaker.  Anna advises companies on European data protection law and helps clients coordinate international data protection law projects.  She has obtained a certificate for “corporate data protection officer” by the German Association for Data Protection and Data Security (“Gesellschaft für Datenschutz und Datensicherheit e.V.”). She is also Certified Information Privacy Professional Europe (CIPPE/EU) by the International Association of Privacy Professionals (IAPP).  Anna also advises companies in the field of EU consumer law and has been closely tracking the developments in this area.  Her extensive language skills allow her to monitor developments and help clients tackle EU Data Privacy, Cybersecurity and Consumer Law issues in various EU and ROW jurisdictions.

Diane Valat

Diane Valat is a trainee who attended IE University.