We take a look back at the key developments that have arisen within the consumer, data protection and technology law sphere over the past 12 months and look forward to some legislative developments we are likely to see introduced in 2020.
Continued Push towards Digital Single Market Reforms
Despite much of its focus and time being dedicated to Brexit related issues throughout 2019, the EU has continued its efforts towards Digital Single Market reforms, with a particular focus on consumer protection and e-commerce reforms.
New Deal for Consumers (New Deal)
At the heart of the EU’s strategy for consumer law reforms is its New Deal proposal which will not only strengthen consumer rights, but will also:
Empower qualified entities (such as consumer organisations) to launch representative actions on behalf of consumers
Introduce stronger sanctioning powers for EU consumer authorities
Many of the key focuses which have driven data protection reform over the past number of years are also evident in the EU’s consumer law reforms with a greater emphasis of transparency, strengthening individuals’ rights and empowering regulators. The Directive is due to be formally adopted shortly and then Member States will have a two year period in which to adopt the new rules into national law.
The Consumer Protection Cooperation Regulation (CPC Regulation)
The CPC Regulation is due to come into force as of 17 January 2020 and provides more stringent policing of cross-border infringements by national competent authorities, as well as harsher penalties and requirements for remediation.
It requires each Member State to designate a competent authority and single liaison office responsible for the application of the Regulation. The Single Liaison Office in Ireland is the Competition and Consumer Protection Commission (CCPC).
The Fairness and Transparency Regulation (“Fairness and Transparency Regulation”)
The Fairness and Transparency Regulation will come into force on 12 July 2020 without the need for further implementation by EU Member States. It will have the intent of ensuring a fair, predictable and trusted online business environment for the benefit of all consumers in the EU.
The Fairness and Transparency Regulation aims to address the issues of unfair contractual clauses and trading practices identified in platform-to-business relationships. These issues include:
The superior bargaining power online platforms have against businesses that need these online platforms to sell their products and/or services (Fairness)
Transparency around the parameters/preferential treatment used to determine rankings of search results
The terms and conditions, as well as the descriptions of search engine parameters, will now need to be easily accessed and understood. Any amendments to the terms and conditions will now require the online platform to give the business user 15 days’ prior notice before applying these amendments.
The “Gift” Voucher before Christmas
Ireland’s long anticipated reforms around the operation of gift vouchers have taken effect under the Consumer Protection (Gift Vouchers) Act 2019. This legislation introduces long anticipated reforms to how gift vouchers can operate and gives consumers stronger rights when purchasing and using gift vouchers.
The substantive changes introduced include:
Validity of gift vouchers for at least 5 years and if there is an expiry date, this must be shown on the gift voucher for the consumer to see.
The total value of the gift voucher does not need to be redeemed in a single transaction.
Where the total value of the gift voucher is not redeemed, but the remaining balance is so minimal so that it cannot be redeemed, the trader is obliged to reimburse the remaining balance to the consumer in cash, by electronic funds transfer or by issuing a new voucher.
More than one gift voucher can be used in a single transaction.
Consumers may also give, sell or transfer the gift voucher to another person who will be entitled to all of the benefits listed above.
Where a trader issues gift vouchers with terms contrary to the new law, the provisions of the new law will override the traders terms. In addition, traders may be liable to fines and penalties if found in breach of the new law. We discuss this in further detail here.
GDPR remains a hot topic
2019 saw the first anniversary of the GDPR coming into force. While the Irish regulator, the DPC, has numerous statutory investigations ongoing at various stages of completion, it is yet to hand down any fines. Despite this, we saw the DPC’s EU peers beginning to issue sizeable fines over the past 12 months. In the absence of fines or formal decisions in Ireland, the DPC’s first annual report under GDPR offered some interesting insights. In particular, the DPC set out its process for carrying out statutory cross-border investigations, something of particular interest to multinational technology companies with headquarters in Ireland. The DPC also highlighted some interesting statistics and insights from complaints and breach reports. The DPC continued to issue guidance throughout the past year, including recently regarding data breaches.
Digital Single Market reform remains one of the key focuses of EU legislative reform and we are now beginning to see the fruits of the EU’s labour. On the GDPR side, businesses began to experience the business end of the GDPR’s sanction and enforcement regime.
As we have seen from the GDPR reforms, it is likely that most businesses with a consumer or e-commerce focus will be impacted by the Digital Single Market reforms in one way or another. As with the introduction of the GDPR, many existing business processes and methods may need to be adapted which means early engagement is crucial.
From a GDPR perspective, 2020 could be a year of sanction and enforcement, particularly in the way of fines. After lengthy statutory investigations, the DPC has announced that it expects to hand down a number of decisions in the coming weeks, and more over the course of the new year.
Brexit remains an issue of uncertainty in the context of data protection and data transfers. The reality of the ‘deal or no-deal’ outcome is that organisations still need to pay close attention to their data transfers to the UK and understand the impact of a no-deal or ‘hard’ Brexit.
The ePrivacy Regulation, which represents the EU’s overhaul of direct marketing, telecoms and cookies rules, saw little progress during 2019. EU lawmakers have continuously struggled to get consensus on the draft text. It remains unclear whether these differences can be addressed in order to agree and finalise a compromise text.
The content of this article is provided for information purposes only and does not constitute legal or other advice.