3 min read

Some time ago, we reached out to PayPal’s EU Legal Department in Luxembourg, suggesting a more compliant way to notify their customers about changes in their Legal Agreements.

Background

Every time PayPal updates its policies, customers receive an email notification. These emails typically include instructions and hyperlinks that redirect users to PayPal’s website to review the changes.

However, the Court of Justice of the European Union (ECJ) ruled otherwise in its July 5th, 2012 judgment (Case C-49/11, Content Services Ltd v. Bundesarbeitskammer).

The ECJ clarified that providing policy updates only via a website or hyperlink does not comply with Article 5(1) of Directive 97/7/EC on consumer protection in distance contracts.

The ECJ decision highlighted two key reasons why this practice fails to meet EU requirements:

  1. “Receive” and “give” require direct delivery.
    Under Article 5(1), consumers must receive the required information without taking any action. Hyperlinks force users to click, meaning the information is neither “given” by the seller nor “received” by the consumer.

  2. Websites are not “durable media.”
    A compliant durable medium must allow consumers to:

    • Store the information personally.
    • Access it unchanged for an adequate period.
    • Reproduce it reliably.

    Since website content can be altered unilaterally, hyperlinks do not ensure compliance.

What this means for PayPal and similar companies

PayPal’s email notifications with links fail to provide the required information in a durable medium. To comply with EU law, the policy update itself should be delivered directly to the customer in a format they can store and reproduce — for example, as a PDF attachment in the email.

Still, even attaching the policy would not be enough without proof of delivery. Businesses must be able to prove that the notification was actually delivered and remained unchanged.

How registered email ensures compliance

This is where eEvidence registered email comes in.

By using our service, companies can:

  • Deliver policies directly to customers in a durable medium.
  • Generate electronic evidence receipts that certify:
    • The exact content of the notification.
    • The identity of the recipients.
    • The delivery date and time.
  • Ensure immutability: recipients receive proof that the policy update has not been altered.
  • Comply with EU Regulation 910/2014 (eIDAS) on electronic identification and trust services.

And, most importantly, it all happens without requiring the customer to take any action.

Frequently Asked Questions (FAQ)

Because hyperlinks require consumer action and websites are not considered “durable media.” Information must be delivered directly to the consumer without further steps.

What is a durable medium under EU law?

A medium that allows consumers to store information personally, guarantees its immutability, and provides access for an adequate period. Examples: paper, USB drives, or registered email with evidence receipts.

How does registered email solve compliance issues?

It certifies the delivery, content, and immutability of policy updates. With eEvidence, businesses can prove notifications were delivered correctly and in compliance with EU law.

Is attaching a PDF enough for compliance?

Not by itself. While a PDF provides durability, companies must also prove its delivery and integrity. Registered email adds that legal proof.

Conclusion

The PayPal case illustrates a critical lesson: hyperlinks and websites are not enough to comply with EU consumer protection laws. Companies must ensure their customers receive policy updates in a durable medium, with full legal certainty.

With registered email by eEvidence, businesses can meet compliance obligations, prove delivery beyond dispute, and protect themselves from legal challenges.

Ready to get started?

Contact us to share your business project or register now to start trying our services today

Contact us Register now