Legalease Home page
Whats new


Phonepayplus held liable for unlawful sanctions
Subject: Premium rate services
Source: British and Irish Legal Information Institute (BAILII)

R (on the application of Ordanduu GmbH and another) v Phonepayplus Ltd
[2015] EWHC 50 (Admin) High Court Queen's Bench Division Administrative Court
16 January 2015

The claimant companies were registered and regulated in Germany and provided prize quiz competitions over the internet to countries in and outside the EU. UK consumers in the UK could take part in the Claimants' competitions by subscribing via their mobile phones using "Payforit", a system operated by the UK Mobile Network Operators Services. Payforit is a Controlled Premium Rate Service regulated under the Communications Act 2003 (CA 2003) ss.120-124.

Ofcom had delegated day-to-day regulation of premium rate services to Phonepayplus Ltd although final responsibility rests with Ofcom. Phonepayplus carries out its functions in accordance with the PhonepayPlus Code of Practice ("the Code"), a set of rules approved by Ofcom under CA 2003 s.121. It applies, in particular, to "Level 2 providers", who are the persons responsible for the operation, content and promotion of the relevant premium rate service, and to "Level 1 providers", who provide the platform to enable premium rate services to be accessed by a consumer. The claimant companies were registered with Phonepayplus as Level 2 providers.

The claimants' online quiz games were marketed by an affiliate marketer using "ransomware" software which blocked the internet browsers of users in an attempt to force the user of the computer to subscribe to online services. The website in question invited users to pay to subscribe to the claimants' quiz games to unlock their browsers; even when this was done, the browser remained blocked.

As a result of consumer complaints, Phonepayplus took regulatory action against the claimants including a total suspension of their business in the UK from 24 June to 15 July 2013 (and a partial suspension thereafter until mid-August 2013), freezing about £350,000 of the claimants' revenue in the hands of third parties, and imposing penalties and administrative charges for breaches of the Code.

The claimants took proceedings in the High Court on the grounds that the actions of Phonepayplus were unlawful, principally for three reasons:

(i) The process was unfair because the claimants received no notice of the intention of Phonepayplus to direct that their businesses be suspended and their revenues frozen, and had no opportunity to make representations, despite the it taking nine days to implement the procedure;

(ii) The measures were disproportionate, in particular because they were not suitable for attaining, or rationally connected to, the objective of protecting consumers and in any event went beyond the least restrictive means necessary to achieve that objective; and

iii) For that reason and others, they did not comply with Article 3 of Directive 2000/31/EC (the Directive), as implemented by the Electronic Commerce (EC Directive) Regulations 2002 (the 2002 Regulations), and amounted to an unlawful restriction on the Claimants' freedom to provide services under Article 56 of the Treaty on the Functioning of the European Union (TFEU).

The court upheld the claim for the following reasons:

(i) No good reason had been advanced by the defendant as to why the report could not have been provided to the claimants for their response or, at the very least, the essence of the allegations put to them to have given them an opportunity to make representations before the executive had sought authorisation from the panel to use the emergency procedure. When seeking authorisation to use the emergency procedure, fairness had required that the executive disclose to the panel all material facts, which it had not done.

(ii) There was no precise evidence of actual harm to any consumer. The Tribunal had implicitly found that there had been potential consumer harm. However, there had been no risk of potential harm from the services unaffected by the malware affiliate and, in relation to the two services affected, the burden had been on the defendant to analyse and show that there had been a risk of potential harm, which it had not done.

(iii) The defendant's actions had been unlawful. They had not complied with art 3 of the Directive, in particular, because the measures had been disproportionate in that they had gone beyond the least restrictive means necessary to achieve the objective of protecting customers.

(iv) It was clear from the case law that three conditions had to be satisfied for a member state to be required to make reparations for loss and damage caused to individuals as a result of breaches of Community law for which the state could be held responsible: (i) the rule of law infringed had to have been intended to confer rights on individuals; (ii) the breach had to have been sufficiently serious; and (iii) there had to have been a direct causal link between the breach of the obligation resting on the state and the loss or damage sustained by the injured parties.

With respect to the second condition, the breach in the present case was sufficiently serious. The defendant's executive had been aware of the Directive, but had not informed the panel or the Tribunal of its existence and relevance, as a result of which the claimants had been treated as if they had been a UK business subject to the Code alone. Disproportionate restrictions had been imposed and the views expressed by the European Commission had not assisted the defendant, as they had been based on what it had been told by the defendant, which had contained material inaccuracies and omissions.

The claim was transferred to the Queen's Bench Division for issues of causation and quantification of damages to be determined.

[Original text of the case report supplied by BAILII gratefully acknowledged. Crown copyright: contains public sector information licensed under the Open Government Licence v2
Legaleze is solely responsible for the above text which is a summary only and the full report should be read.]


Back to What's new list >