The e-commerce industry is among the most dynamic sectors in today’s economy, as the number of consumers purchasing goods and services over the Internet continues to skyrocket. While e-commerce offers customers many benefits – such as easy access, unlimited choice, competitive prices and convenient payment options – there are also risks, including payment fraud, misleading advertising and the misuse of personal data to name just a few. To mitigate these risks, a field of legislation has emerged to protect the rights of e-consumers.
Consumer protection
In today’s global business environment, businesses should take into account the cross-border nature of e-commerce and consider the various regulations of the markets that they target. While this appears to be a daunting task, the key consumer rights and protection guarantees have already been harmonized through European Union Directives, and they are quite similar in countries outside the EU.
The Electronic Commerce Directive[1] directly regulates the e-commerce sector. In addition, consumer protection and consumers’ rights are regulated by the EU’s Consumer Rights Directive[2], the Unfair Commercial Practices Directive[3] and the Unfair Contract Terms Directive[4]. Most of the rules set out in these directives apply equally to offline and online transactions. Telecommunications companies must further comply with the rules of the Universal Service Directive[5] which includes certain user rights. Additionally, the European Commission is working on new rules which would further strengthen the protection of digital consumers.
- Clear, transparent and easily accessible information
In terms of e-commerce, when a consumer is not able to see or test the goods, their right to information is vital. For this reason e-traders should disclose clear information to enable customers to make informed decisions regarding their transactions.
Businesses operating online must provide pre-contractual information to their customers. Pursuant to the Electronic Commerce Directive, online businesses must provide general information about the business, including the name of the company, its geographical location, as well as its contact details, including an email address for quick communication.
Additionally, businesses must provide details of the trade register, in which they are registered, along with their registration number. Where the operation of a company is subject to authorization, the details of the authority must be provided. With regards to regulated professions, the professional body, title, and Member State as well as the relevant professional rules should be available for review.
By virtue of the Consumer Rights Directive, businesses operating in the digital sphere are subject to further requirements. For instance, the principal features of the goods or services must be shown and prices should be transparent – including shipping fees, taxes and any other costs. If delivery fees cannot be calculated before concluding the contract, this should be mentioned to the customer. When relevant, the accepted payment methods must be specified along with the estimated deadline for delivery.
The Unfair Commercial Practices Directive (UCP Directive) sets out several additional requirements to ensure consumers receive complete and true information before purchasing. The most important requirement is to provide consumers with all the relevant information they need to make an informed purchase decision. This obligation also includes technical solutions on digital devices that make it possible for consumers to decide whether to use a digital service or not.
The most important requirement is to provide consumers with all the relevant information they need to make an informed purchase decision. This obligation also includes technical solutions on digital devices that make it possible for consumers to decide whether to use a digital service or not.
Case study: Fines imposed on Apple in Hungary
Apple introduced an innovation called WiFi assistant on its iPhones to detect the strength of WiFi signals used by iPhone users. If the WiFi assistant detects that the WiFi signal is not strong enough, it automatically switches the iPhone to the user’s mobile network to get a seamless connection to the internet.
Users can switch off the WiFi assistant, however Apple did not provide specific information on this feature (apart from in the general terms and conditions), and users were not notified when the WiFi assistant switched their phone to the mobile network. The Hungarian Competition Authority, which enforces the Hungarian legislation implementing the UCP Directive, found that Apple had omitted to provide important information to consumers when it: (i) did not provide sufficient information for consumers with regards to the WiFi assistant (most consumers were not even aware of its existence), and (ii) did not apply a solution which would have made it possible for consumers to decide whether they wanted to use the mobile network instead of the WiFi network (for example, a text notification with an option to accept or deny the switch).
Although the cost of switching to the mobile networks would not result in gains for Apple, the authority argued that this practice also benefitted Apple, as consumers attributed the seamless connection as a product feature of the iPhones. Therefore, the authority imposed fines of more than €300,000 on Apple.
Another important provision in the UCP Directive is that companies should outline the commercial intent behind their practices. For instance, advertising on social media platforms such as Instagram or Facebook must be indicated as such. Authorities are increasingly focused on social media “influencers” when enforcing the rules against unfair commercial practices. If their blogs or posts contain advertising, influencers must indicate this on the post.
Businesses must have a protocol for handling complaints which prospective customers can review before purchasing. Where relevant, the duration of the contract should be indicated as well as the conditions for termination. Furthermore, companies selling digital content should specify the relevant technical protection controls as well as the software/hardware which are compatible with their content.
Additionally, the directive prohibits the use of “pre-ticked boxes”, which automatically add a product or service to the customer’s shopping cart (for instance, the automatic addition of an insurance contract to the purchase of an airplane ticket).[6]
- Clear and transparent terms
Businesses must comply with rules regarding the confirmation of the contract.[7] In accordance with the Directive on Unfair Terms in Consumer Contracts, contract terms should be communicated in plain and easily understood language. An “unfair” term is generally considered as one which creates an undue advantage for the seller over the buyer. Such terms are not binding for consumers. In the event that contract terms are found to be ambiguous, their interpretation will be in favor of the customer.
A company can’t be held liable for a term that was negotiated with the buyer. However, if it claims that a seemingly standard term was negotiated, the burden of proof lies with the company.
- Cancelling an online purchase
Businesses must be aware of the customer’s right to cancel their online purchase, as set out in the Consumer Rights Directive. Customers have the right to terminate a contract with the seller within 14 days of the delivery of the ordered good(s). Within this timeframe, the customer must notify the seller, which in turn must acknowledge the withdrawal request. This right entitles the consumer to a full refund (including shipping fees) within 14 days following his/her with-drawal request. Nevertheless, the customer bears the costs of returning the good(s) unless the seller has agreed to cover this expense or has omitted to specify otherwise.
Reimbursement must be made using the same payment means used for the initial purchase, unless the customer has agreed otherwise. However, in such cases, the buyer must not be subjected to additional fees. Additionally, companies are only expected to reimburse the costs associated with standard delivery and they may withhold payment until they receive the returned goods or proof of the return by the customer.
- Delivery, cancellation and reimbursement
Under the EU Consumer Rights Directive,[8] companies must deliver ordered goods to their customers no later than 30 days following the purchase. This deadline can be extended if the consumer agrees. In the event that the seller is again unsuccessful at meeting this new deadline, the customer is fully entitled to cancel the contract and be reimbursed.
In case of goods for which the delivery date is essential (for instance, Christmas gifts), companies must grant the consumer the right to cancel the order and obtain reimbursement if the 30 day deadline is not met. The seller must reimburse the customer without undue delay. Furthermore, businesses are liable for any damaged or lost goods during the shipping period unless the customer has contracted their own carrier.
Secure payments
The digital economy provides consumers with a wide variety of online and offline payment options offered by different payment service providers, not limited solely to banks. In this regard, e-traders must ensure a minimum level of security and reliability of the payment systems used.
Not all transactions are protected equally (e.g. low value payments), so as to avoid disruption and because there are alternative authenticating mechanisms in place that are equally safe and secure. However, online traders planning to use a payment system provider should ensure that the payment system provider guarantees a sufficient level of security.
The aim of the first Payment Services Directive (PSD1), adopted in 2007, was to ensure safer and more innovative payment services across the EU. Because of subsequent technological advancements and a vast increase in online payment options, PSD2 was implemented at the start of 2018. The Directive guarantees a high level of security by ensuring that all payment service providers – including banks, payment institutions or third party providers (TPPs) – must prove that they have the appropriate security measures in place.
Payment service providers must assess the operational and security risks at stake, and any mitigation measures, on an annual basis. New strict security requirements for the initiation and processing of electronic payments reduce the risk of fraud and protect the confidentiality of users’ financial data.
Strong customer authentication (SCA) provides an additional layer of security for consumers. SCA validates the user’s identity when initiating a payment, by using two or more elements categorized as knowledge (e.g. PIN or password), possession (e.g. card), and inherence (e.g. fingerprints or voice recognition). As these elements are independent, the breach of one does not compromise the others.
Managing and resolving disputes
Effective protection of consumer’s rights also implies the implementation of fair, effective, and transparent dispute resolution systems. Generally, consumers have the right to choose the trial court in case of a dispute. This means the consumer may file a claim at the court located in his/her jurisdiction of residence, or to the court of the state in which the e-trader is domiciled. This could lead to court proceedings being initiated by consumers across multiple states, which in turn could result in significant expenses for the e-trader.
Considering the global nature of e-commerce and different jurisdictions of the parties, it is important for businesses to develop alternative out-of-court dispute resolution mechanisms, which enable consumers and traders to resolve their disputes faster, easier and less expensively. Subject to applicable laws, the use of such mechanisms should not prevent consumers from applying to the competent authorities in administrative and judicial order.
Advertising
Nowadays blogs and social networks can be as effective in promotion, as TV and radio were in the past. The rise of social networking websites and blogs offers new ways to attract consumers to the brand. Consequently the online advertising sector is faced with legal challenges on a regular basis.
Misleading and false advertisements are probably the main legal issue that needs to be solved in the era of quick decision-making and purchasing. Photo retouching, misleading health claims, advertising of low-quality products and covert advertising are among the most common complaints.
Last but not least, the incredible number of profiles on the internet adds further complexity in getting to the bottom of misleading and false advertising. To combat this issue, many websites are developing terms of use or other instruments that are binding on website members. For example, Instagram now obliges bloggers to mark promotional posts with special tags and imposes fines for failure to do so.
As the regulation of the advertising sector is rapidly developing, participants must be agile in order to comply with Internet best practices and keep up to date with the changing legal environment.
Online contests
Some posts on social media platforms, which invite digital consumers to “like and win”, could be defined as contests or lotteries, which are regulated both by legislation and the platform’s terms of use. To ensure their promotion is not classified as an illegal lottery, marketers must comply with such regulations, including the obligation of mandatory disclosure of information about sponsors.
Advertising to children
Limited legal capacity makes children more vulnerable to advertising. For this reason governments of almost all countries specify additional requirements for information which is sensitive for children. For example, the GDPR requires the receipt of parental consent before collecting the personal data of children under the age of 16 (however, local legislation can differ from this rule and decrease the age limit to 13). Moreover, all online advertisements should be categorized and marked with a special rating. Special attention should be given to products that must not be marketed to minors – in these cases advertisers must apply a special tag in order to verify the age if the website user. In the case of advertising that targets children, such advertising must not include a direct incitement to children to buy the advertised products or indeed to persuade their parents or other adults to buy the advertised products for them. Such advertising is regarded as being unfair under the rules of the UCP Directive.
Direct marketing
Direct marketing – approaching potential clients via e-mail, messenger, door-to-door etc. – is the most vulnerable type of advertising. The obligation to comply with the GDPR places a significant burden on the advertiser. For example, organizations need to disclose what data is being collected, as well as where it is being transferred and stored; and users need to be offered a way of opting out.
The obligation to use direct marketing only with the user’s “opt-in” permission makes this type of marketing unfavorable from the legal point of view. In addition, the user should be informed about the way his or her data is transmitted, including cookies, which are in some cases the main source for marketing campaigns. The principle of informed consent requires websites to disclose the purposes of data collection and to inform the users, which means that they have the right to refuse privacy and cookie policies. The scope of these requirements will probably remove some of the more targeted advertising that occurs.
Metatags and search engines
When customers are searching the market for a product, they will usually use search engines such as Google, Yahoo, Bing, etc., which sort the results of each search on the basis of metatags that are embedded in a website’s HTML code. Metatags are used to describe the website, however they sometimes contain other content, for example trademarks of famous competitors, to attract traffic. In such cases, the trademarks in the metatags can qualify as infringement and may lead to legal action.
UGC
User-generated content, or UGC, may hide content-related infringements and right violations. When does a brand have the right to publish and use a blogger’s photo of the brand’s product? Is the user liable for a negative review and if so, when? Should social media platforms moderate user-generated content? These questions have different answers depending on the rules of the website platform and the legislation of the country.
Steps protecting consumers continue to evolve
Increasing consumer protection for online transactions remains a priority for the European Commission. It has proposed a Directive relating to contracts for the supply of digital content.[9] A major innovation under the Digital Content Directive will be the granting of rights to consumers relating to contracts in which they’ve exchanged personal data for digital content. This is in contrast with the current regime, which only protects consumers that have paid a price to access such content. However, in the absence of a commercial use of the personal data by businesses, the Directive won’t apply.
Two forms of remedy can be granted under the forthcoming directive:
- “Remedies for failure to supply”: If purchased digital content is not provided successfully on the first try, a second attempt will be permitted, but a second failure warrants a right for the consumer to terminate the contract.
- “Remedies for lack of conformity”: If content is supplied but does not meet the required legal standards or those agreed to with the consumer, the consumer will have the right to terminate the arrangement, to request a reduction in price or to request a repair of the defective digital product.
Consumers will also have the right to terminate long-term contracts in the event that companies make significant modifications to the content that they are providing.[10] Finally, the digital content supplier can be held liable for a minimum of two years following the conclusion of their contract with the consumer.
Keeping up with consumer protection legislation is very much in the interest of online businesses. Compliance will not only help you avoid fines or penalties, but more importantly it will enable you to protect client relationships and your brand. When an online review can make or break your business, building trust and treating customers with respect are keys to success.
- DIRECTIVE 2000/31/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce)
- DIRECTIVE 2011/83/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council
- DIRECTIVE 2005/29/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’)
- COUNCIL DIRECTIVE 93/ 13/EEC of 5 April 1993 on unfair terms in consumer contracts
- DIRECTIVE 2002/22/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 7 March 2002 on universal service and users’ rights relating to electronic communications networks and services (Universal Service Directive) as amended by Directive 2009/136/EC
- DG JUSTICE GUIDANCE DOCUMENT concerning Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council
- https://europa.eu/youreurope/business/sell-abroad/on-line/index_en.htm#dop-consent-yes
- https://europa.eu/youreurope/business/sell-abroad/on-line/index_en.htm#dop-consent-yes
- Document 8672/15
- Council of the European Union, Brussels, 1 June 2017 (OR. en), 9901/17