63

Today the new Terms of Service of Stack Exchange have been released, sparking a lot of unrest about its arbitration clause; see the comments and answers on the linked meta above, and also this question.

Does the GDPR prevent Stack Exchange from using the arbitration clause against EU citizens?

In the sense that when there's a massive data leak and a large class-action suit will be filed, can EU citizens do that collectively, as opposed to going through arbitration for each separate user?

The below is no longer applicable, since on the 10th of May electronic opt-out was made available.

Related to this it states that the opt-out currently is a physical letter send to Stack Exchange (how they'd tie that letter to my SO account is a bit vague for me, as I can type any odd user page on my letter, not only my own), but this comment suggests that under GDPR there should be a digital opt-out for digital services. Does that mean that the entire clause is invalid (or however that goes in law), when there is no digital opt-out currently available?

Adriaan
  • 715
  • 5
  • 10

2 Answers2

49

Not going to hold up. Dutch Supreme Court confirmed 2012-09-21 in LJN BW6135 that arbitration is still covered by the the right to an independent judge, as established in Golder v UK, ECHR 1975-02-21, nr. 4451/70. Stack Exchange can't decide the rules themselves.

(The Dutch case confirms that sector-wide arbitration is in fact legal, with regard to a standard arbitration clause commonly used in the Dutch building sector. The arbiter was found to be independent in that case precisely because they weren't picked by the builder involved.)

The GDPR is only indirectly relevant, but the fact that it's mentioned does mean that there is an indisputable intent to provide services to EU consumers. (See section 23 of the GDPR, or its national equivalents). As such, you can't hide behind a US business address. If you intend to do business in the EU, it's under EU laws - all of them. You can't say that only the GDPR applies, and not other rules.

I'm having a bit of a problem finding a source, but I'm fairly confident that consumers have the right to sue at their own, local court, overruling the default of suing in the court where the counterparty is located.

Finally, I have the right under national law (Dutch: BW 6:236 start and sub-n) to strike the arbitration clause up to 30 days after the conflict arises, and demand a court decision. That's not 30 days after I accept the "Public Network Terms", that's 30 days after the arbitration is invoked. Dutch law explicitly allows arbitration abroad, and arbiters may apply foreign law, but as written the arbitration clause has no legal basis in the Netherlands, and any arbitration resolution would therefore not be considered valid.

You may wonder if it matters to Stack Exchange that the arbitration decision would not hold in the EU. Well, consider a clause like Indemnification, which demands the user indemnifies Stack Exchange. That's a pretty empty demand if it's not enforceable.

David Richerby
  • 337
  • 2
  • 9
MSalters
  • 6,749
  • 16
  • 23
5

The French 'Cour de cassation', highest level of jurisdiction for civil cases has judged this week in a similar case that a clause forcing a customer to go through arbitration was not enforcable.

So even without GDPR, there is a strong case to say that this clause invalid in Europe (at least in the EU)

Maxime
  • 1,040
  • 5
  • 10