Consumer law | UK Regulatory Outlook February 2023

The European Commission publishes results of its investigation into dark patterns 

The European Commission and the Consumer Protection Cooperation Network have published the results of a screening of 399 retail online shops. The check focused on three types of dark patterns: fake countdown timers; web interfaces designed to direct consumers to purchases, subscriptions or other choices; and hidden information. 

Please see our Insight for more detail and our dark patterns microsite which covers more updates on the topic.

Digital Services Act: guidance on the requirement to publish user numbers and a consultation on the draft implementing regulation

17 February 2023 marked the deadline for the online platforms to fulfil the obligation under the EU Digital Services Act (DSA) to publish on their website information on the average monthly active users of their service in the EU. 

Previously, the European Commission has published guidance to clarify the novel provisions in the DSA on the platforms' obligation to publish information about the number of users, following a number of inquiries from providers. 

The DSA includes an obligation for online platforms to publish information on their websites on the average monthly active users of their service in the EU. This should have been done by 17 February 2023 (and at least once every six months thereafter). Based on this information, the Commission will assess whether to designate the platforms as very large online platforms or search engines. In case of such a designation, the online platform will have four months to comply with the obligations under the DSA). The Commission notes that guidance may be subject to changes based on future practical experience. In addition we are still waiting to see if there will be a Commission delegated act which will provide further guidance on how to define and calculate active users.

Further, on 16 February 2023, the Commission launched a consultation on the draft implementing regulation in relation to the DSA. The DSA gives powers to the Commission to adopt implementing acts relating to arrangements outlined in Article 83 of the DSA. These include such practical arrangements as: 

• The proceedings pursuant to Articles 69 (carrying out inspections at the premises of the provider) and 72 (monitoring of the implementation and compliance with the DSA).
• Hearings provided for in Article 79 (namely, the requirement for the Commission to give the provider the right to be heard in case of adopting a decision for non-compliance).
• The negotiated disclosure of information concerning proceedings provided for in Article 79.

The feedback to the consultation on the draft implementing regulation is open until 16 March 2023. 

New UK practice code for apps to protect consumer security and privacy

The Department for Digital, Culture, Media and Sport (DCMS) has developed a code of practice for app store operators and developers to protect consumer security and privacy. The voluntary code of practice outlines requirements, for example:

• to provide consumers with security and privacy information in a user-friendly way;
• to make sure their apps operate even if consumers do not allow optional functionality and permissions (for example, a user disables access to geolocation, microphone, etc.);
• to have a clear app vetting process in place so only secure and compliant apps are available for consumers, as well as a vulnerability disclosure process to report any software flaws;
• to make sure developers keep their apps up-to-date and for operators to liaise with them when the app is not published due to security or privacy reasons.

There will be a nine-month period for operators and developers to adhere to these code. The DCMS intended to commence meetings with app store operators (they are the main initial focus) from early 2023, and also to request written reports from them in spring 2023 on how the operators meet the provisions of the new code.

US addresses subscription dark patterns in consumer finance sector

The US Consumer Financial Protection Bureau (CFPB) has issued a circular warning companies about the importance of compliant use of "negative option" subscriptions for consumers. Negative option services include subscriptions that automatically renew unless a user directly cancels them, and trial marketing programmes where the reduced fee is charged for the initial period and a higher fee applies automatically afterwards. 

The CFPB highlights that companies risk violating federal consumer financial protection law if they do not provide sufficient information to consumers about their subscription before the consumer provides consent to it, or do not provide users with an easy option to cancel.

The CFPB outlined the type of cases where companies using dark patterns might be in breach of the consumer protection law:

• Failure to disclose in a clear manner the terms of the "negative option".
• Failure to receive the informed consent from the consumer.
• Misleading consumers who choose to cancel the subscription (for example, making consumers take multiple steps to cancel).

This warning follows similar developments in Germany where the financial regulator BaFin has also addressed dark patterns. The regulator emphasised that important statements, aspects or even warnings may not be obscured, weakened or misleadingly presented, expressly advising against “choice architecture” such as greying out relevant buttons.

Latest on green claims: new CMA investigation and updates to CAP guidance 

Please see Advertising and marketing. 

EDPB final report on cookie consent dark patterns

Please see Data protection.