Unfair competition due to non-compliance with a legal provision: focus on compliance with the RGPD
Judicial Court of Paris, April 15, 2022, n°19/12628
I. Acts constituting unfair competition
By definition, unfair competition is a set of means and procedures:
- who do not respect the law or customs;
- that constitute intentional or unintentional misconduct;
- that cause harm to a competitor.
It is therefore on the basis of the tort liability provided for in Article 1240 of the Civil Code that unfair competition can be found.
Acts of unfair competition can take the following forms:
- Economic free riding.
These bases are now well known and circumscribed by the jurisprudence.
Also, it has been accepted for a long time that the violation of a legal and/or regulatory provision by a company is constitutive of acts of unfair competition by failure to comply with the law with regard to other economic actors, as soon as this violation provides it with an abnormally favorable position, and creates a distortion of competition.
II. An act of unfair competition constituted by a violation of the law: the case of the GDPR
- Numerous hypotheses of unfair competition by violation of the law
The French courts have already been able to judge cases of unfair competition by violation of the law in cases of :
- misleading advertising;
- practice of unauthorized sales;
- exercise of the trade in irregular conditions with regard to the regulations in force;
- creation and operation of an activity in violation of applicable regulations;
- non-compliance with the provisions relating to commercial planning.
A study of the recent jurisprudence rendered in this matter allows us to further increase the number of hypotheses that characterize an act of unfair competition by violation of the law.
As a reminder, the Court of Cassation has had the opportunity to state in an opinion that “non-compliance with a regulation in the exercise of a commercial activity, which necessarily leads to an undue competitive advantage for its author, constitutes an act of unfair competition.”
In this case, the assets of a company in bankruptcy proceedings were taken over in violation of article L. 641-3 of the Commercial Code (Cass. Com., March 17, 2021, n°19.10-414).
- Application to a breach of the GDPR (General Data Protection Regulation)
On the basis of this principle, the Paris Court of Justice recently considered that the failure to comply with the requirements of the RGPD should be analyzed as an act of unfair competition.
In this case, a company that owned two patents filed a European Union word mark. A second company proceeded to market on its website products under the brand of the first company, these products reproducing the characteristics of its two patents.
The first company then sued the second before the Paris court for patent and trademark infringement, as well as for unfair competition on the basis of article 1240 of the Civil Code.
With regard to the defendant company’s website, the plaintiff company considers that the latter :
– violated the provisions of Article L.616-1 of the Consumer Code, which requires a statement on the website about the possibility of recourse to a consumer mediator,
– and more generally, disregarded certain rules of the GDPR relating to data security.
On this last point, the Paris court recalls that the RGPD legislation requires any data controller or processor to ensure the confidentiality and security of personal data collected and processed.
It appears from the facts of the case that the defendant company was in fact collecting personal data from the users of the site (name, email and telephone number) without providing any information on the conditions of this processing.
In this case, the website in question did have a “legal notice” tab which indicated that the information recorded was reserved for the use of the service concerned and could not be communicated to third-party companies.
However, the Paris Court of Justice notes that no confidentiality charter is made available to users of the site. This state of affairs thus characterizes a breach by the company of its RGPD obligations.
The Paris Court of First Instance begins its reasoning by stating that “acts that deviate from the general rules of loyalty and professional probity governing economic activities and business life are thus constitutive of unfair competition“.
The Paris court then went on to recall the aforementioned case law of the Court of Cassation, which had already ruled that “non-compliance with a regulation in the exercise of a commercial activity constitutes an act of unfair competition, when it necessarily results in an undue competitive advantage for its author“.
Taking into account all of the aforementioned elements, the Paris Court of First Instance therefore considered that the defendant company was guilty of breaches of its RGPD obligations and therefore of acts constituting unfair competition that should give rise to compensation for the injured competitor.
To the best of our knowledge, this was the first decision on the subject, rendered in these terms by a court of law. This ruling demonstrates, if proof were needed, the growing importance of data protection rules, including in the field of competition law.