Authors: Judith Rauhofer and Burkhard Schafer
(25) ‘information society service’ means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council;
I. General overview
Art. 4 no. 25 defines “information society service” by reference to Art. 1 no. 1 lit. b of the Single Market Transparency Directive[1], which describes it as “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”.
In the context of the GDPR, the definition is relevant when determining (1) whether the conditions in Art. 8 apply with regard to the processing of personal data on the basis of consent (Art. 6 no. 1 lit. a) where information society services are offered directly to a child, and (2) whether the data subject has a right to obtain the erasure concerning him or her under Art. 17 no. 1 lit. f where personal data have been collected in relation to the offer of information society services directly to a child.
II. Legislative history
The definition of “information society services” goes back to Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information Society services[2] as amended by Directive 98/48/EC of the European Parliament and of the Council of 20 July 1998 amending Directive 98/34/EC laying down a procedure for the provision of information in the field of technical standards and regulations.[3] The latter Directive was adopted with the intention of ensuring “as much transparency as possible […] as regards the future national rules and regulations applying to Information Society services”.[4] Directive 98/34/EC was subsequently amended several times[5], which prompted the Com, the EP and the Council to codify those amendments as well as interpretations as they existed in CJEU case law at the time in a new legal instrument “in the interests of clarity and rationality”.[6]
The reference to Art. 1 no. 1 lit. b of the Single Market Transparency Directive was a late addition to the GDPR, likely designed to ensure a harmonised approach. It was not included in the Comm-P, the Parl-R or the Council Position of 8 April 2016[7] but only appeared in the final legislative act.
III. Elements of the definition of “Information society service”
-
Service normally provided for remuneration
Any reference to services in EU law can be traced back to Art. 57 TFEU, which defines “service” as “normally provided for remuneration” and which are not covered by one of the other three freedoms. This includes, in particular, activities of an industrial or commercial character as well as activities of craftsmen and the professions. It is therefore the economic character of the freedom to provide services that brings it within the ambit of EU law.[8]
[…]
[1] Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services, OJ L 241, 17.9.2015, p. 1–15.
[2] OJ L 204, 21.7.1998, p. 37.
[3] OJ L 217, 5.8.1998, p. 18.
[4] Ibid, Recital 1.
[5] See See Annex III, Part A, Single Market Transparency Directive.
[6] Recital 1, Single Market Transparency Directive.
[7] Position of the Council at first reading with a view to the adoption of a Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Brussels, 8 April 2016.
[8] Hans-Dieter Jundt, Hedwig Jundt v Finanzamt Offenburg, CJEU, 18 December 2007, Case C-281/06, para. 32.