Welcome to Osborne Clarke's Consumer Update. This Update takes a bite-sized and practical look at recent legal and regulatory developments in consumer law.
The three key takeaways from this edition are:
1. Enforcement: There is an increasing focus on sanctions for breaches of consumer law. In particular:
- The Competition and Markets Authority (CMA) has proposed that it should be given greater powers to enforce consumer law;
- At the same time, the CMA has opened a consumer law investigation into the supply of online gaming memberships by several online gaming regarding their auto-renewing subscriptions. Auto-renewals remain under the spotlight as part of the CMA's work on tackling the "loyalty penalty";
- The EU's New Deal for Consumers program has reached the final hurdle at EU level. It is now almost certain that serious breaches of consumer law will be punishable by fines of 4% of turnover in the impacted Member States. This kind of headline-grabbing fine encouraged compliance with GDPR and we expect to see the same for consumer law; and
- We are seeing an increase in enforcement of consumer law across Europe - as illustrated by the Italian competition regulator, which has been flexing its muscles and has issued some significant fines over the last few months, of between EUR500,000 – EUR5,000,000.
2. Brexit: Given the current political climate, we also provide an update on the potential impact of Brexit on consumer legislation.
3. Digital Single Market – progress (at last): We will be providing deeper dives into various strands in future editions, but for now you should at least have it on your radar that there has been some intensive activity recently to finalise various outstanding files before the upcoming EU elections. The following files were adopted by the Council on 15 April 2019, and are awaiting publication in the Official Journal, after which the deadline for implementation will begin to run:
- Digital Content Directive;
- Sale of Goods Directive;
- Amendments to the Satellite and Cable Directive.
If you would like more information or have any questions about any of our articles, please contact a member of the our consumer law team. Alternatively, if you have suggestions for the newsletter in general please contact the editors.
In this edition:
What: Despite Brexit being delayed until 31 October 2019, the potential for a 'no deal' exit still looms. Secondary legislation continues to be published that will amend the corpus of EU law that is being retained when the UK leaves the EU, so that it continues to 'work' post-Brexit. Two such statutory instruments that will make changes to consumer law in the UK are the following:
- The Geo-blocking Regulation (Revocation) (EU Exit) Regulations 2019. These Regulations revoke the EU Geo-Blocking Regulation, allowing a UK business to geo-block EU customers when operating in the UK. However, the EU Geo-Blocking Regulation will still apply to UK businesses when supplying goods and services into the EU, meaning in that scenario UK businesses would not be able to geo-block / discriminate between customers from different Member States.
- The Consumer Protection (Amendment etc.) (EU Exit) Regulations 2018. These Regulations revoke the application of the Online Dispute Resolution regulations in the UK, meaning that: (i) the ODR platform will no longer be available to UK traders and UK consumers; and (ii) the requirement for UK traders to include a link to the ODR Platform in their contractual terms and websites is removed.
The continued uncertainty around possibility and timing of a withdrawal agreement, and any transition period, also makes it difficult to predict with certainty which pieces of upcoming EU legislation will apply to the UK. For example, the Digital Single Market directives discussed below, which will have two year implementation periods, but could still take effect before the 'long stop' date for a transition period under the draft withdrawal agreement.
When: These Regulations are to take effect on 'exit date', which is currently defined as 31 October 2019, but should a withdrawal agreement be reached, will be shifted back to the end of the transition period.
Impact: UK businesses that sell goods and/or services online will need to remove the link to the ODR platform from their websites/services. Businesses should also continue to be aware of new EU laws that may affect them.
New Deal for Consumers (aka the "Omnibus Directive")
What: The European Parliament has now passed the long-awaited flagship "New Deal for Consumers Directive". The Directive updates four existing consumer law directives to bring them in line with the EU's commitment to extend consumer rights to digital content and to impose more significant sanctions for breaches of consumer law generally. Member States will be able to fine businesses up to 4 % of the trader's annual turnover in the Member State(s) concerned, or, if turnover information is not available, up to at least 2 million EUR. The Directives that will be updated are:
- The Unfair Commercial Practices Directive (2005/29/EC), which is implemented in the UK by the Consumer Protection from Unfair Trading Regulations 2008.
- The Consumer Rights Directive (2011/83/EU), which is for the most part implemented in the UK by the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013.
- The Unfair Contract Terms Directive (93/13/EEC), which is implemented in the UK by the Consumer Rights Act 2015.
- The Price Indications Directive 1998/6/EU, which is implemented in the UK by the Price Marking Order 2004.
When: The Directive still needs to be formally approved and published in the Official Journal. Once this has happened, Member States will have a two-year period to transpose the requirements into national law and companies will have a six month period before the new requirements come into force.
Impact: The increased sanctions will likely result in more significant broad interest in compliance with consumer law. In addition, companies which offer digital content or sell products with different specifications across the EU will need to substantively review their compliance with the new requirements.
Digital Content Directive and Sale of Goods Directive
What: These two draft Directives were the first set of legislative proposals to fulfil the European Commission's Digital Single Market Strategy. They were adopted by the Commission back in December 2015, and have been making their way through the legislative process ever since. They aim to harmonise key contractual rights, such as the remedies available to consumers and the ways to use those remedies. Both Directives are 'maximum harmonisation' measures – meaning that Member States may not introduce rules that are stricter than those under the Directives.
When: On 15 April 2019, the Council formally adopted at first reading the two directives. Both Directives will now be published in the Official Journal and enter into force 20 days after publication. Member States will have 24 months to transpose them into national law, and a six month transition period thereafter. Therefore it is likely that they would come into effect in early 2022.
Impact: Companies which offer digital content or sell products online or offline in the EU will need to substantively review their compliance with the new requirements.
Increased activity from the Italian consumer regulator regarding digital breaches
What: A pan-European sports streaming company is the latest company to receive a fine from the Italian Competition Market Authority for digital advertising and consumer law breaches. The fine of EUR 500,000 was imposed for breaching marketing law and also for misleading consumers in respect of free trials and automatically renewing subscriptions. The Italian regulator has also issued fines to Apple, Sony and Optima, with penalties of: EUR 5 million, EUR 5 million, EUR 2 million and EUR 1 million, respectively, for withholding information and/or failing to provide sufficient warnings to consumers. For example: Apple was discovered to have encouraged the "planned obsolescence" of its devices through failing to warn consumers of decreased device performance when downloading software updates.
When: These fines have all been issued in the last six months.
Impact: While currently confined to Italy, the underlying law is EU law and equivalent restrictions apply in all EU Member States. As a consequence, the UK Competition and Markets Authority (CMA) may take note become more active with regard to similar matters and businesses should ensure their use of IT and digital media is wholly compliant with marketing and consumer law.
UK government announces consultation on new proposed IoT security laws
What: Digital Minister Margot James has announced that the UK government is going to consult on making certain aspects of the current 'Secure by Design' code of practice mandatory obligations.
Specifically, the government is proposing to make the following requirements mandatory:
- Internet of Things (IoT) device passwords will be required to be unique and not resettable to any universal factory setting.
- Manufacturers of IoT products will be required to provide a public point of contact as part of a vulnerability disclosure policy.
- Manufacturers will be obliged to explicitly state the minimum length of time for which the device will receive security updates through an end of life policy.
When: The consultation opened on 1 May 2019 and will run for five weeks. There is no set timeline for the government's response but we would expect to hear further details on the proposals in 2019, with the legal obligations coming into force sometime after that.
Impact: The proposals build on the DCMS's code of practice issued last year (which we discussed in this Insight) and are a clear reminder that consumer rights are tangibly strengthening in relation to cybersecurity on their connected IoT devices, and on apps. Even though it was presented as "voluntary", the code was considered to move the bar for what consumers were entitled to expect and so altered the legal liability framework around IoT products. This proposed new legislation would make that shift absolutely clear – manufacturers would have to meet minimum security standards on all IoT devices sold in the UK. The use of voluntary labelling will also encourage compliance, as consumers seek out those devices that give them some added assurance.
Which? Consumer champion calls for tougher products regulator
What: The Consumer Champion organisation "Which?" has issued a call for a more effective regulation of defective products and foods.
In its report, "Creating a successful enforcement system for UK consumers", Which? argues that the UK's current regulatory enforcement system for faulty products is far too reliant on overstretched local authority Trading Standards teams, and is on the verge of collapse. In particular, Which? highlights the handling of the Whirlpool tumble dryer product recall as an example of the ineffective enforcement currently in place.
To address the perceived failings, Which? has set out a number of recommendations in its report, including the following:
- The Competition and Markets Authority, which already has consumer protection powers, should be expanded to create a new "Consumer and Competition Authority";
- An independent product safety body should be created to give advice on critical issues on a national scale, going beyond the Office for Product Safety and Standards;
- Regulators should be given greater enforcement powers, including the power to issue fines for breaches of consumer regulation. The intention is to bring powers in line with those of competition authorities, which can currently fine up to 10% of a company's turnover for the most serious breaches;
- Giving the Food Standards Agency's National Food Crime Unit investigatory powers; and
- Setting up an ombudsman and mediation system, to give consumers the opportunity for redress for violations of consumer law.
When: At the moment, these are just recommendations and there is no timeline for when they would be implemented, or indeed any guarantee that they will.
Impact: Whilst there are no immediate action for businesses to take, we expect that the conclusions and recommendations in this report will feed into the ongoing debate on how consumer laws should be modernised and how consumers can best be protected.
Increased consumer protection in the UK? CMA proposes reforms to the BEIS.
What: In February, the CMA outlined a major package of proposals in a letter from the CMA's chairman to the Secretary of State. The CMA has said the proposals were designed to "bolster competition and put consumers even more directly at the heart of the CMA's work".
The proposals include a new statutory duty (on both the CMA and courts applying competition and consumer laws) to treat the interests of consumers, and their protection from detriment, as paramount. In addition to the new statutory duty, the proposals include a number of reforms designed to strengthen the CMA's hand when dealing with potential consumer detriment, including broadened information gathering powers and making the regime for market studies and market investigations more effective, potentially introducing interim measures so that the CMA can act more quickly to tackle harm.
When: These proposals come as part of a government consultation into the competition regime in the UK. Whether and how they are implemented remains to be seen (although it is likely that the CMA's views will be persuasive). In any event, the CMA has recommended that a consultation is undertaken prior to taking these proposals forward, which will allow industry to have its say on the wide ranging proposed reforms.
Impact: The CMA's proposals have the potential to result in a significant shake up of the current enforcement regime by moving towards greater integration of the competition and consumer rules and making the CMA a more formidable force in acting more quickly and effectively to address perceived consumer harm. This is seen as particularly important in regulating digital markets, where existing competition powers move far more slowly than the rapidly evolving business models they aim to address.
Update on Consumer Reimbursement Model for Push Payment Fraud.
What: In February 2019, the Authorised Push Payments Scams Steering Group (created by the Payments Systems Regulator) published its finalised Industry Voluntary Code. Under the Code, payment service providers (PSPs) such as current account providers, must meet certain fraud prevention standards, failing which they may be responsible for meeting the cost of victims of push payment scams. In cases where both the consumer and PSPs involved in a transaction have met their expected level of care (the so-called ‘no blame’ scenario), the consumer must be reimbursed, as must customers who are 'vulnerable' to these kinds of scam. In certain circumstances, PSPs will be able to refuse to reimburse customers – for example if they can establish that the customer has been 'grossly negligent'.
When: The new code is in force from 28 May 2019.
Impact: The Code still leaves it open to PSPs to refuse to reimburse fraud victims in certain circumstances, but several banks have found that doing so has resulted in considerable negative media coverage in the past. It is, therefore, unsurprising that, in April 2019, TSB pledged to refund all customers falling victims to this kind of fraud, irrespective of circumstance. There is a concern, however, that this blanket reimbursement approach may encourage fraudsters to target customers who have accounts with TSB.
Broadband and home phone customers may now benefit from automatic compensation.
What: Service providers who signed up to the Ofcom automatic compensation scheme will be required to automatically compensate customers for delayed repairs following loss of services, missed appointments and delays to the start of a new service. The automatic compensation scheme only applies to landline and broadband services (not mobile or TV services provided under the same or a connected contract). The level of compensation payable is between £5 and £25 and may accumulate on a daily basis until the service is provided or repaired. Crucially, the customer will not be required to 'claim' the compensation as the service providers will be required to automatically credit the customer's account.
When: The new voluntary code came into effect on 1 April 2019.
Impact: The new code will impact only the service providers who signed up to the scheme for now and will only effect residential customers (consumers).