In this article we take stock of recent developments in consumer protection and privacy law and of some proposed changes in the pipeline. These include two important consultations, aimed at online retailers, which close in mid October. Retailers need to ensure they are compliant with current rules and best practice, but also keep the potential changes on their radar, and take the opportunity to influence both UK and EU policy makers.
Overview of the UK consumer protection regime
To put the latest developments into context, a recap on the existing legal regime may be helpful.
UK retailers have to navigate a maze of consumer protection legislation – most of it derived from EU Directives. This includes the Unfair Terms in Consumer Contracts Regulations 1999 which regulate all consumer contracts regardless of sector, require the use of plain English drafting and invalidate a broad range of terms which are unfair to consumers. All retailers and advertisers are also subject to the Consumer Protection From Unfair Trading Regulations 2008 which prohibit (and impose criminal liability for) a range of misleading acts and omissions. In addition to these general rules, online retailers are also subject to the information and cancellation rules of the Consumer Protection (Distance Selling) Regulations 2000, and further information requirements under the Electronic Commerce (EC Directive) Regulations 2002. All these requirements are policed and enforced by local trading standards and by the Office of Fair Trading, which has also published extensive guidance for business on how to apply the rules in practice. Breaches are often resolved by means of negotiation rather than formal enforcement action, although this may provide little comfort for the many retailers who have been forced to amend their terms and conditions, and had their alleged shortcomings made public by means of the inevitable OFT press release!
Last but not least, since customer data and the ability to target advertising by means of email (and increasingly online behavioural advertising) are among a retailer's key assets, compliance with the Data Protection Act 1998 and related rules are also a critical aspect of consumer compliance. The data protection regime is enforced by the Information Commissioner's Office (ICO).
OFT consultation on e-consumer protection
Given the OFT's proactivity in enforcing consumer law, retailers may welcome the chance to make their views know as part of the regulator's current consultation on "e-consumer protection". Published in July, the consultation exercise aims to help develop "a longer term national strategy for consumer protection on the internet". It poses questions on high level themes such as the priorities for e-consumer protection and a series of more detailed questions on how to better empower consumers and promote business compliance and on the funding and allocation of enforcement work. It also seeks views on areas of consumer protection which need clarification. The consultation document is available here and the deadline for responses is 13 October.
EU developments: the new Consumer Rights Directive
As retailers will be aware, the European Commission is planning to rationalise the eight existing EU consumer protection directives, and although we are still some way away from new legislation, the result could well be a strengthening of retailers' obligations in future. A draft Directive was published in October 2008 and is designed to streamline and simplify the rules on unfair contract terms (from which the 1999 Regulations derive), distance selling, sales and guarantees and doorstep selling. Proposed changes of substance include a blacklist of automatically unfair terms (in addition to the "grey list" of terms presumed to be unfair) and an extension of the minimum cooling off period for distance selling contracts from seven to 14 days. The UK Government has already consulted with businesses to inform its negotiating stance on the new legislation (with a further BIS consultation on issues relevant to consumer services contracts currently under way). The Directive is due to receive its first reading before the European Parliament towards the end of this year – further developments will be reported.
EU consultation on the E Commerce Directive
A decade after adopting its cornerstone legislation designed to boost cross-border online trade – the Electronic Commerce Directive - the European Commission has revealed that only 2% of Europe's total retail trade happens online. It is seeking views from online businesses, would-be entrepreneurs and consumers on the practical and legal obstacles that continue to cramp online commerce. The views it receives will help inform the Commission's approach to future reform of the legislation. The consultation runs until 15 October and is available at this link.
Customer data online: new best practice guidanceFinally, with privacy and security high on consumers' agenda, retailers should be aware of recent best practice guidance by the Information Commissioner entitled "Personal data online code of practice". Published in July this year, it applies the principles of the Data Protection Act 1998 and related rules to common ecommerce and marketing scenarios. If they have not already done so, retailers should review their data collection notices, privacy policies and the use of website cookies to ensure these comply with the ICO's interpretation of the law. To view the code, click here.