Out-Law News 4 min. read
13 Apr 2018, 9:44 am
On Wednesday, the Commission outlined plans (41-page / 520KB PDF) to update a raft of existing EU laws to provide for GDPR-style fines related to consumer law.
The measures would allow national consumer law regulators across the EU to impose fines of up to 4% of a company's total annual turnover in all the EU countries in which the breach had an impact. Those sanctions would only be able to be served under the existing "coordination mechanism" that exists to enable a single regulator to lead on enforcement action in cross-border cases of infringement.
Individual EU countries would be able to set higher maximum penalties that 4% of annual turnover if they wished to, according to the proposals.
The financial penalties proposals were set out alongside a raft of other proposed consumer law reforms, including plans to establish new collective redress rights for consumers in what would be a watered-down version of the US 'class action' system. Previous attempts at introducing the EU's own version of class action laws have failed.
Under the draft new EU directive on representative actions (51-page / 524KB PDF), 'qualified entities' would be able to pursue court injunctions against businesses to prevent them initiating or continuing with practices that breach consumer laws.
Criteria for determining which bodies could be classed as 'qualified entities' is set out under the rules, and provides that the entities would need to be non-profit organisations that are properly constituted and which have "a legitimate interest in ensuring that provisions of [EU consumer law] are complied with". The Commission said that consumer organisations and independent public bodies are among those that could be eligible to raise the representative actions.
Qualified entities would also be able to apply to courts for a redress order which could require businesses to provide "compensation, repair, replacement, price reduction, contract termination or reimbursement of the price paid, as appropriate" where they are found to have breached consumer laws. No punitive damages could be awarded.
The European Commission also set out further measures it plans to take to deliver what it has labelled a "new deal for consumers" (17-page / 450KB PDF).
The Commission confirmed that it would extend the scope of existing EU consumer laws on business-to-consumer service contracts to ensure that the rights that consumers have under those laws would apply in circumstances where personal data, rather than money, is exchanged by the consumer in return for access to digital services. Currently, rights enjoyed by consumers under the Consumer Rights Directive do not apply where they access 'free' digital services, such as cloud storage, social media and webmail services, but enable the providers of those services to access their data instead.
The move would bring the Consumer Rights Directive into line with the planned new Digital Content Directive, which is still in the process of being finalised by EU law makers but which looks to apply consumer rights to transactions where personal data is exchanged in place of money in return for the supply of digital content, such as music, video and games.
"Given their similarities and the interchangeability of paid digital services and digital services provided in exchange for personal data, they should be subject to the same rules under [the Consumer Rights] Directive," the Commission said.
"Consumers should therefore have the same right to pre-contractual information and to cancel the contract within a 14- day 'cooling off' period, regardless of whether they pay for the service with money or by providing personal data," it said.
The Commission said, though, that the proposed new rights would not apply where personal data provided by consumers "is exclusively processed by the trader for supplying the digital content or digital service, and the trader does not process this data for any other purpose", other than when doing so to comply with their legal requirements.
The legal requirements exception could capture "cases where the registration of the consumer is required by applicable laws for security and identification purposes, or cases where the developer of open-source software only collects data from users to ensure the compatibility and interoperability of open-source software", it said.
Further new rules applicable to online marketplaces were also proposed by the Commission.
It said: "The proposed new rules will require online marketplaces to clearly inform consumers about the identity of the party with whom they are concluding a contract (is it a professional trader or an individual?). The Commission also proposes to clarify that all online platforms must clearly distinguish search results based on payments received from other traders from 'natural' search results, and online marketplaces should inform about the main parameters determining ranking of the offers. This will increase transparency in online marketplaces."
The Commission also said that it is also "currently exploring" consumer law issues in relation to artificial intelligence, the internet of things (IoT) and mobile e-commerce, as well as in the context of "sustainable consumption".
It said it will look into how to make the use of AI more transparent, and assess whether existing rules on product safety are fit for dealing with the issues that the IoT will throw up, including in respect of cybersecurity.
"The Commission will further explore links between cybersecurity and product safety, identifying tools that can improve product security and safety by design," it said. "The Commission has also set up an expert group that will assess whether and to what extent existing liability schemes are adapted to the emerging market realities following the development of new technologies in the wide sense, including artificial intelligence, advanced robotics, the Internet of things and cybersecurity issues."
A new "behavioural study" will also look at "the impact on consumers of marketing and disclosure practices used online". The study is to have a particular focus on retail financial services and the way they are marketed and sold through mobile devices.