UK regulator exports best practice on consumer protection in the app/online industry globally
National enforcement authorities from across the EU have met stakeholders to improve consumer protection in the growing digital application (‘app’) industry. Meanwhile, several principles of behaviour were introduced in the UK from 1 April 2014 to ensure that online and app-based game consumers do not incur unexpected costs and are able to understand how their personal information is used. Similar moves are anticipated in Australia and the US.
The European Commission estimates that Europe’s ‘app economy’ will be worth €63bn in the next five years. A major source of revenue for the industry is ‘in-app’ purchases – that is, purchases made within an app to access additional content. However, consumer groups and regulators have expressed concern that it is not always clear if, when or how much extra cost could be incurred as a result of an in-app purchase, and that payment may sometimes be taken by default. They are particularly concerned that children may make in-app purchases without their parents’ or guardians’ knowledge; many apps are free to download but offer or require in-app purchases during play.
Following complaints from consumer groups in several member states, the European Commission held meetings in February with industry members to present a common understanding developed by national enforcement authorities across the EU of how to apply the relevant consumer rules in the area. At this stage there have been no official measures taken, but the European Commission appears to be monitoring the situation with a view to taking further action if necessary.
Meanwhile, UK producers of online and app-based games have since 1 April been required to adopt eight principles by the UK’s new consumer regulator, the Competition and Markets Authority (the ‘CMA’) (see item below). The principles do not introduce new obligations but rather clarify how the CMA’s predecessor, the OFT, interpreted the application of existing consumer protection law to the industry. The principles give examples of behaviours which are more (or less) likely to be compliant, and suggest that:
- consumers must be told up-front of the total costs associated with playing a game and any other information material to their decision to download it, including whether the game contains marketing or promotional material and how the consumer’s personal information will be used;
- games should not include any practice that is aggressive or intended to exploit a child’s inherent inexperience and vulnerability, and should not directly exhort children to make in-game purchases or to persuade others to make the purchases for them; and
- in-game payments are prevented unless the payment accountholder has given his or her express, informed consent.
The UK principles were developed to be consistent with the laws of most key jurisdictions in an effort to raise standards globally. The CMA has consulted regulators in other jurisdictions and, at a client event hosted at our London offices on 29 April 2014, they told the audience that they expected similar principles to be adopted in markets as diverse as Australia and
the USA, as well as across the EU member states.
Tenth annual RAPEX report shows notifications continue to rise
The European Commission’s recently released annual report on the rapid alert system for consumer products (RAPEX) marks the tenth year the system has been in place. The report shows that the number of dangerous goods notified to the EU authorities continues to grow. Notifications of dangerous products rose from 2,278 to 2,364 in 2013 – an increase of 3.8 per cent.
RAPEX facilitates the exchange of information between member states and the Commission on measures taken to prevent or restrict the marketing or use of products posing a serious risk to the health and safety of consumers. The system covers dangerous non-food products intended for consumers and for professionals which pose a serious risk to the health and safety of consumers, as well as to the environment, health and safety at the workplace and public security.
This year’s annual report marks the 10-year anniversary of RAPEX. It provides an overview for 2013 and also provides some more general observations. For example, it highlights that there have been in excess of 16,600 notifications in the past 10 years and that the system has now reached a level of stability and maturity which is capable of catering for thousands of notifications a year – it dealt with just 200 in its first year.
The main findings for 2013 indicate that a total of 2,364 notifications on dangerous products were submitted. Of these, 1,981 notifications concerned products which posed a serious risk to consumers. The remaining notifications related to products of moderate/low risk or were transmitted for information. The product categories most often notified were clothing and toys (which together accounted for 50 per cent of the total). The most frequently notified
risk categories were injuries (23 per cent), chemical (20 per cent) and choking (14 per cent). These findings are consistent with previous years.
Dangerous products of European origin accounted for 284 notifications (15 per cent).
The majority of dangerous products notified through RAPEX continue to come from outside the EU. China was indicated as a country of origin for 1,459 notifications (64 per cent),
an increase of 6 per cent from 2012. The EU is working bilaterally with China on the exchange of information between the authorities and communication activities in the hope of addressing this issue.
New hazardous chemicals Regulation comes into force
New rules concerning the import and export of very hazardous chemicals are now in force through the revised Prior Informed Consent (PIC) Regulation 649/2012. The European Chemicals Agency (ECHA) has also taken over administrative and technical responsibility for imports and exports of hazardous chemicals from the European Commission.
As well as regulating the import and export of very hazardous chemicals between the EU and third countries, the PIC Regulation also implements the global Rotterdam Convention which regulates the international trade in dangerous chemicals within the EU. As the name suggests, the PIC Regulation ensures that the export of the chemicals subject to it cannot take place until the receiving country has been informed, so as to protect human health
and the environment by giving relevant safety information to receiving countries on how to store, transport, use and dispose of these chemicals safely.
The new PIC Regulation does not substantially change the previous law but it does introduce a number of minor changes that exporters need to know about:
- first annual exports: exporters must now notify the Designated National Authority (DNA – this is the HSE in the UK) at least 35 days (formerly 30 days) before the first expected date of export of a chemical to each new destination country;
- subsequent exports: exporters must notify the DNA at least 35 days (formerly 15 days) before the proposed export date for the first export of a chemical in each calendar year (1 January to 31 December); and
- exports of chemicals for research and analysis in quantities up to 10kg from each exporter, to each importing country, per calendar year are exempt.
There are also limited exceptions, which allow for exports to go ahead without prior consent from the receiving country. The new PIC Regulation also requires ECHA to take responsibility for its technical and administrative aspects, while policy responsibility remains with the EuropeanCommission.
ECHA has already started processing export notifications and explicit consents under the new PIC Regulation. It will continue to use the existing European database of export and import of dangerous chemicals to do this for now – in the autumn, ECHA plans to launch a new IT application called ePIC. Updated PIC guidance and IT manuals on the use of ePIC will accompany the launch.
New clinical trials Regulation adopted
The rules for conducting clinical trials in the EU are to change significantly following the recent adoption by the European Council of the Clinical Trials Regulation. The new Regulation is expected to save the pharma industry around €1bn in regulatory costs annually.
Currently, clinical trials in the EU have to be performed in accordance with the Clinical Trials Directive 2001/20/EC, which establishes general rules of good clinical practice in the conduct of clinical trials. However, member states have had considerable flexibility when implementing the Directive into their national law.
The European Commission considers that, while the Directive has ensured a high level of patient safety, its divergent transposition and application has led to an unfavourable
regulatory framework for clinical research It cites the fact that the number of clinical trials in the EU fell by 25 per cent between 2007 and 2011. Thus, it believes that a new regulatory framework is necessary to facilitate the conduct of clinical trials in the EU. It proposed
a new Clinical Trials Regulation, which was adopted on [--] and which is expected to come into force across the EU in 2016.
The Regulation, which will replace the Clinical Trials Directive, is intended to introduce:
- a faster authorisation procedure;
- simplified reporting procedures, so that researchers do not have to submit largely identical information on the clinical trial to different organisations and bodies;
- the ability for the Commission to conduct controls in member states; and
- more transparency on the results of the clinical trial. In particular, sponsors will be required to publish detailed summaries of clinical trial data within a year of the clinical trial being conducted.
The Regulation also introduces a new review process for the approval of clinical trials consisting of the following stages.
- Submission of application – applications to conduct a clinical trial are made to each member state in which the sponsor wishes to conduct a trial. The applicant must also propose a reporting member state to direct the review.
- Initial validation – the reporting member state must review the application to ensure
it is complete and decide whether to validate it, decline to validate it or to request further information from the applicant.
- Review – the reporting member state produces part 1 of the assessment report, which addresses the risk and benefits of the proposed clinical trial. The assessment report is then sent to the other member states and the sponsor for their review. All of the member states must assess whether the proposed clinical trial complies with its domestic law and regulation. The results of this assessment will constitute part 2 of the assessment report.
- Final decision – if the application is approved then the clinical trial can be performed in any of the member states in which applications were made, subject to any conditions upon which the application was approved.
Landmark ruling on territorial application of the CPA
A landmark ruling by the High Court has helped to clarify the territorial application of the Consumer Protection Act 1987 (the “CPA”) and considered the application of the Rome II Regulation and Private International Law (Miscellaneous Provisions) Act 1995 (“PILA”) in product liability cases. The decision confirms that UK manufacturers are not liable under the CPA for injuries sustained outside the UK, although a query still exists as to whether it extends to injuries sustained within the EEA.
The case, Allen and others v DePuy International Ltd  EWHC 753, concerned injuries allegedly caused by defective hip implants manufactured by the defendants in England. The claimants had all received their implants outside of the EEA. Each argued that English law should apply to their claim – on the basis the prostheses were all designed and manufactured in England and manufactured there – and that the CPA applied by virtue of section 12 of PILA.
The Court was asked to rule, as a preliminary issue, as to whether the choice of law should be governed by the Rome II Regulation, which would apply if the “events giving rise to the damage” (EGRD) occurred after 11 January 2009, or by PILA. The judge decided that the date of the EGRD should be the date of manufacture or distribution (failing that, the date the product was implanted could be considered). The products in Allen and others were all first
supplied to the consumer before 11 January 2009, and so the claim fell within PILA. The usual rule in cases falling under PILA is that the law of the place where the injury is sustained should apply. The judge found that (and in the absence of compelling reasons otherwise) as none of the injuries was sustained in England there was no case to answer before the English Courts.
Further, the judge held that the CPA is not intended to offer redress for injuries sustained anywhere in the world. Though the implants were manufactured in England, the claimants were all non-EEA consumers who had suffered injury outside the EEA from products supplied to them outside the EEA. They were therefore outside the territorial scope of the CPA. As a result, even if the applicable law had been English, the claimants would not be able to rely upon the CPA in a suit in a foreign court. The question still remains as to whether the CPA
is limited only to damage within the UK or also applies where injuries are sustained within the EEA – a matter that the judge was not required to rule upon. Similarly, the judgment does not provide any clarification on the meaning of ‘putting into circulation’ for the purposes of the CPA.
Case law provides guidance on what makes a product ‘defective’
A recent case in the Liverpool County Court provides guidance on the test for a ‘defective’ product under the Consumer Protection Act 1987 (the ‘CPA’). The ruling included an assessment of whether an ingredient is sufficiently safe and the role of safety and risk reduction procedures in determining whether a product is defective.
The case, Buckley v Henkel Ltd County Court (Liverpool) 25 November 2013, was brought by a claimant who had purchased hair dye manufactured by the defendant. Instructions included with the dye highlighted the risk of an allergic reaction and suggested consumers perform
a ‘patch test’ to determine their own sensitivity. The claimant did not react to a patch test but suffered a severe reaction after using the product on her hair. She alleged the product was defective within the meaning of the CPA on the basis that (1) it contained a chemical (PTD) that was known to be a potentially potent allergen and (2) the patch test was defective because it did not enable her to reliably determine whether she was allergic to the product, or any of its ingredients.
The judge rejected the claim on both grounds. It was decided that the inclusion of PTD did not make the product defective. A consumer is not entitled generally to expect that certain products will be completely safe, particularly where the risks are highlighted. The instructions included with the dye made it clear that there was a risk of an allergic reaction and provided several warnings and suggested precautions. Further, PTD was and continued to be permitted under the relevant EU directives.
With respect to the patch test, factors relevant to the judge’s decision that it was not defective included that the instructions indicated the test reduced the risk, but did not eliminate it,
and stated that a negative test did not mean no allergic reaction would occur. The judge would not conclude that a product was made defective because a procedure designed
to improve its safety was not completely effective when it did not purport to be.
CMA officially launched
With effect from the 1 April, the Competition and Markets Authority (CMA) became a fully functioning consumer and competition law enforcement body. Over the past months guidance has been published to provide clarity on how the organisation will go about its work.
As reported in our previous newsletter, the CMA published various consultations and draft guidance setting out their proposed consumer-related enforcement powers and functions, as well as a high-level strategy paper.
Since then, the CMA has published two tranches of official guidance documents. These
set out the procedures the CMA will follow when investigating and enforcing competition law, including the use of new interview powers; and also confirm that the CMA will target consumer enforcement action at markets where wide-ranging changes can be secured.
The guidance document, ‘Consumer Protection: Guidance on the CMA’s approach to use of its consumer powers’, remains similar to the draft. Notably, it details:
- the consumer functions transferred from the OFT;
- its policy objectives, which indicate that the CMA’s focus will be on market-wide multi-party cases (but in limited circumstances single-party investigations);
- its working partnerships with eg Trading Standards Services (TSS) and Citizens Advice;
- its approach to compliance and the enforcement of consumer protection law;
- its intended use of civil consumer enforcement powers pursuant to Part 8 of the Enterprise Act 2002; and
- the use of its criminal consumer enforcement powers under Part 8 of the Enterprise Act and the Consumer Protection from Unfair Trading Regulations 2008.
A CMA spokesperson recently confirmed its commitment to the ‘active use of consumer powers where they will have maximum impact and serve the best interests of consumers’. This message was also conveyed in a recent Freshfields Bruckhaus Deringer LLP seminar ‘Trust in me – winning trust to win business’. In this seminar the regulator’s perspective was provided by two senior members of the CMA.
Alongside the CMA, the TSS share many of the same consumer enforcement powers.
Last April it took on enforcement of national consumer law issues, which previously had been the preserve of the OFT, in addition to its regional and local consumer law caseload.
EU. The European Parliament has voted on the proposal to replace the General Product Safety Directive (2001/95/EC) with a new Consumer Product Safety Regulation. Its vote
on 15 April 2014 included approval that ‘made-in’ labelling should be made mandatory for non-food products, and tougher penalties for firms selling non-compliant or potentially dangerous products. It is seeking penalties that are ‘proportionate and dissuasive’ and also that take account of the seriousness, duration and intentional or recurring character of the infringement, as well as the size of the company. It was also proposed that the Commission should draw up a publicly-available EU-wide blacklist of firms which are ‘repeatedly found to intentionally infringe’.
EU. The biocide triclosan will be banned from clothing and several other products. Following agreement with member states, the European Commission proposal not to approve its use under the 2012 Biocides Regulation will go ahead. Concerns have been expressed about the chemical’s health and environmental impacts and its effects on antibacterial resistance.
EU. Proposals to regulate nanomaterials have been further delayed. It was expected that the European Commission would unveil proposals at the end of 2013 for amending REACH’s annexes to take better account of nanomaterials. It is now expected that the proposals
will be published this summer. The options being considered in its impact assessment are:
a business-as-usual approach; recommendations on best practice for member states wanting to establish national registers; an EU observatory drawing publicly-available information from other sources; and two types of registry.
France. Proposals to ban BPA across Europe continue to progress. The French health agency Anses has highlighted concerns about the substance’s effect on pregnant women.
Subsequently, France submitted a proposal to ECHA to restrict BPA under annex 17 of REACH.
UK. A consultation has been launched by the Ministry of Justice on proposals for transposing the requirements of the new European Directive on alternative dispute resolution (ADR)
and online dispute resolution (ODR) Regulation. It runs until 3 June. Views are being sought on, among other matters: how to ensure that ADR is available for any dispute regarding contractual obligations that a consumer has with a business; the procedural rules set out
in the Directive; information requirements; and limitation periods. The ADR Directive must be implemented by July 2015. The ODR Regulation will automatically come into force
in January 2016.
UK. Consumers and small businesses taking out new landline, broadband or mobile contracts are now allowed to exit them without penalty if their provider increases the monthly subscription price agreed at the point of sale. This follows an Ofcom review into the fairness of contract price terms.
UK. Extra funding has been pledged for the National Trading Standards Board (NTSB) to investigate misleading websites. NTSB is expected to use the funding to identify, investigate and take enforcement action against any misleading websites that pass themselves off
as official government services.
Philippines. The Philippines’ Department of Environment and Natural Resources has issued an order that prohibits the use of lead in cosmetics and other products.