Michael Cox: Is the New Deal for Consumers the next GDPR?
Corporate lawyer Michael Cox examines the latest EU update of consumer protection rules.
The New Deal for Consumers (NDC) is a refresh of European consumer protection rules, to bring existing laws up-to-date for the digital age.
Do you recall the panic the General Data Protection Regulation (GDPR) caused? The GDPR was a European Union Regulation introduced to bring the law relating to personal data up-to-date for the digital age. Panic was created by businesses having to rethink the way personal data was handled or stored. Moreover, the GDPR was backed up with fines - the most serious infringements potentially costing businesses up to £18million or 4% of global annual turnover (whichever was higher), so it had to be treated seriously.
The NDC refreshes consumer protection rules for the digital age and backs this up with fines of up to 4% of annual turnover in the Member State or Members States where the breach occurred. You can see why it can be compared with the GDPR.
Will Brexit affect this?
Member States have until 28 November 2021 to adopt domestic legislation to implement the NDC. The laws require to be incorporated into national law by May 2022. At the time of writing, as part of the Brexit process, the transitional arrangements look like they will come to an end on 31 December 2020. Assuming the transitional stage is not extended beyond 28 November 2021, then there will be no obligation for the UK to legislate in relation to the NDC.
Will this still affect businesses in the UK?
We do not yet understand the terms of any EU/UK trade deal. If there is a trade deal then compliance with EU standards in relation to consumer law could be insisted on by the EU. If the UK is required to comply with the NDC, then that will have an implication on all UK consumer-facing business selling digitally.
If compliance does not form part of the EU/UK trade deal, then any UK-based company that wishes to continue to trade in the EU will need to comply.
What will change?
The NDC will include the following updates:
- Increased online transparency obligations, including making customers aware when they are offered a personalised price for goods.
- When providing an offer price, that price will have to be referenced against the lowest price applied within a period of at least 30 days preceding the current reduction.
- Traders who allow users to search for products or services must explain on what basis the search results are ranked. They must also clearly disclose any paid advertising or (direct or indirect) payment to receive a higher ranking.
- Traders must inform users on their website or application about how they ensure that reviews posted by consumers are authentic reviews from actual consumers.
- Traders are prohibited from reselling tickets if they acquired the tickets by automated means.
- Online marketplaces must indicate whether the person offering a product or service on the marketplace is a trader or not (on the basis of the declaration of that person). If the product or service is offered by a consumer, the online marketplace must stipulate that EU consumer laws do not apply to the agreement between the consumer and the provider. This information should be easily accessible and not merely included in the terms and conditions.
- Improved consumer remedies and protections, which means that consumer groups can bring group actions and consumers can bring individual remedies in case of harm through unfair commercial practices (for example, termination of contract or compensation for damages).
- The Directive on Consumer Rights will apply to digital content and digital services that are provided free of charge but in exchange for personal data.
Comparatively the GDPR, which had direct effect in the UK, demanded significant changes in many businesses. The EU/UK trade deal will determine the direct impact of the NDC. If compliance is required, then it may mean that every business that sells direct to consumers will have to consider the implications and potentially update its terms of business and website. With fines at similar levels to those that apply under the GDPR, the implications cannot be ignored.
Michael Cox is a senior associate at BTO