Welcome to the latest edition of Osborne Clarke’s Consumer Update. This Update takes a bite-sized and practical look at recent legal and regulatory developments in consumer law.
The trends for this quarter are:
- Increasing sanctions for breaches of consumer law. For example, the EU is considering permitting so-called “group actions” for breaches of product liability as well as consumer law. There are also some timely reminders that regulators are actively enforcing using the existing sanctions – the recent action brought by Torfaen County Borough Council, which resulted in a £60,000 fine for breach of the Consumer Protection from Unfair Trading Regulations, being one such example.
- Making payments fair and protecting vulnerable consumers. The new strong customer authentication regime is now into the implementation phase, which will mean that merchants will likely need to make amends to their consumer journey. At the same time, the Financial Conduct Authority is continuing to investigate the impact of insurance pricing on vulnerable consumers, which may ultimately result in price caps or a ban on auto-renewals. We also discuss a forthcoming EU directive designed to make products and services more accessible to the disabled. This will have significant implications for selling products and services in the EU and therefore businesses should be thinking about how to comply early.
- Clarification and strengthening of rules on data protection relation to marketing activities. Significant recent developments relating to marketing activities and cookies consents include new UK regulations and a high-profile CJEU ruling, as well as a new draft of the ePrivacy Regulation.
If you would like more information or have any questions about any of the issues covered in this Update, please contact a member of our consumer law team.
We will be considering all these issues and more at our forthcoming consumer plus conference on 12 November. If you would like further details or would like to register please click here >
In this edition:
Update on EU plans for class action style litigation for breaches of consumer law
What: As part of a wider refresh of consumer law, in April 2018 the European Commission announced plans to allow consumer bodies to bring group actions on behalf of affected consumers, effectively creating a system of class action-style litigation.
The exact scope of this new form of collective redress is still being negotiated but the latest proposals suggest that breaches of GDPR will be excluded. However, there appears to be serious attempts to get product liability included. This would mean that group actions could be brought against companies for issues such as dangerous or non-compliant goods.
When: Negotiations are ongoing but the new directive is expected to be passed later this year, which means it would likely come into effect in 2022.
Impact: Creating a form of collective redress is only one part of the EU’s plan to ensure that consumer law compliance is taken more seriously. Combined with GDPR style fines, this will mean that companies will need to pay more attention to compliance in those areas affected, which at a minimum will likely mean consumer rights and e-commerce compliance.
Advertiser fined for misleading promotion on website
What: Torfaen County Borough Council prosecuted Signet Trading Limited, which owns H Samuel, for breach of the Consumer Protection from Unfair Trading Regulations in relation to a promotion which was run on the H Samuel website.
Torfaen successfully argued that the promotion breached the law because the pricing information did not declare that there had been a lower intervening price and that the promotional price ran for longer than the item was originally available at full price. Each of those practices are contrary to Trading Standards guidance on how to run promotions in compliance with Consumer Protection from Unfair Trading Regulations.
The court fined Signet Trading Limited £60,000, despite the fact that the company only made £6,500 from the promotion and credit being given for a guilty plea. The defendant was also ordered to pay costs of £13,382.
Impact: Complaints regarding online promotions such as the one run by Signet Trading Limited are often dealt with by the Advertising Standards Authority in the UK. Since the ASA does not have the power to fine advertisers, this means that fines and formal prosecutions for breaches of advertising law are less common in the UK. This decision is a timely reminder that these sanctions remain possible.
New EU-wide requirements designed to ensure that products and services are accessible to the disabled
What: The EU has passed a Directive on accessibility requirements for products and services. As a consequence, companies will need to be prepared to comply with a raft of new legislation designed to make products and services accessible to the disabled.
At a minimum, this will mean conducting a review of existing and new products and services to ensure compliance with the new legislation. The overriding requirements for both products and services will be that the product or service and all accompanying labelling/instructions and customer services are accessible by more than one sense; and that due consideration is given to the size, ease of understanding and prominence of information.
There are specific requirements for certain types of products and services. For example, there is an legal obligation for providers of audio visual media services to provide subtitles in appropriate quality. All electronic information provided will also need to be accessible via screen reader, a device used by blind people to access the internet and other electronic information.
When: The Directive is due to come into force from June 2022 and Member States are obliged to bring in national legislation requiring manufacturers and service providers to comply by June 2025.
Impact: Companies will need to take these new requirements into account when developing new products and services, and will also need to re-label and otherwise change existing products and services that are not currently compliant. As this process will likely take some time, businesses should start considering now what changes they may need to comply with the new requirement.
Marketing data protection update
What: There have been three significant recent developments on data protection in relation to marketing activities:
- Under new UK regulations, “consent” requirements in the Privacy and Electronic Communications (EC Directive) Regulations 2003 must now meet GDPR requirements.
- The Planet49 Court of Justice of the European Union judgment on cookie consent rules established that: pre-ticked boxes are not valid consent; consent is required regardless of whether cookies process personal data; and information must be provided about the duration of cookies and potential access by third parties.
- The latest draft of the ePrivacy Regulation (which is still subject to change) retains the ‘soft opt-in’ rule for a purchase (although it is unclearwhether this rules out free services and negotiations for a purchase) and removes the consent requirement for audience measurement cookies.
When: The new UK regulations have been in force since 29 March 2019. Judgment in the Planet49 case was issued on 1 October 2019 but, in the UK, the position largely reflects the existing guidance given by the Information Commissioner’s Office. The new ePrivacy Regulation has not been finalised yet so is unlikely to be in force until the end of 2021 at the very earliest.
Impact: Businesses should ensure that their cookie consent collection mechanism complies with the GDPR.
The Planet49 judgment will have an impact on almost all website operators, who should ensure that their cookies policy and cookies consent are compliant.
Businesses should also keep an eye on the ePrivacy Regulation as further drafts are expected in the near future.
FCA considering major reforms to deliver fairer prices for car and home insurance
What: On 4 October, the Financial Conduct Authority published the interim report of its market study into the pricing of home and motor insurance. The FCA has found that competition is not working well for consumers in these markets. The FCA estimates that around six million policyholders pay high prices and are not getting a good deal on their insurance. In particular, vulnerable consumers tend to be most exposed to exploitative pricing practices by insurers.
When: The FCA intends to publish a final report in the first quarter of 2020. The final report will include the remedies that the FCA plans to impose to address the problems identified. At this stage, the FCA is considering a range of remedies including:
- an outright ban on auto-renewal of insurance policies;
- preventing insurers from charging higher prices to consumers who do not switch;
- requiring the automatic switching of consumers paying high prices to lower priced products that provide equivalent cover; and/or,
- requiring insurers to publish information about their price differentials between their customers.
Impact: If the FCA proceeds with remedies that involve price caps or a ban on auto-renewals of policies, this will have a major impact on the business model of many leading insurers. The reforms have the potential to reduce the annual renewal prices paid by consumers who typically do not switch, but it is expected that this would lead insurers to offer less attractive prices to those consumers who currently do actively shop around.
The risk is that the measures would reduce incentives to switch providers and to shop around, which runs counter to the general message from regulators that it is important to encourage such consumer behaviour so far as possible. The FCA will also face wider questions about whether, over the longer term, direct price regulation does actually lead to better outcomes for consumers. This is an argument that remains ongoing in the energy sector, where default tariff caps were introduced in January 2019.
Strong Customer Authentication
What: One of the core objectives of the EU’s revised Payment Services Directive (PSD2) is to reduce fraud and enhance security in online payments and account access. PSD2 therefore mandates the application of ‘strong customer authentication’ – authentication based on two or more mutually-independent factors, categorised as knowledge, possession or inherence – in certain scenarios, including when a customer initiates an e-commerce payment.
When: The requirements were due to come into force across the EU on 14 September 2019. However, the UK’s Financial Conduct Authority (FCA) recently agreed to an 18-month phased implementation of SCA with respect to e-commerce transactions, with certain compliance points and key milestone dates during that period. The FCA plans to engage with merchants to ensure they are moving to SCA-compliant solutions as soon as possible.
Impact: PSD2 does not apply to merchants. Nevertheless, the requirements of SCA will directly impact merchants because it will change the payment process, affecting customer journeys (potentially adding friction). This is particularly so following recent clarifications from the EU that static card details are not sufficient to authenticate customers. We therefore expect to see much greater use of technological, including biometric, solutions.