On 29 November 2022, Ireland’s Consumer Rights Act 2022 (CRA) came into force. The act enhances and modernises consumer protection laws, extending them to digital goods and services and strengthening consumer rights and remedies.
Consumer protection
The European Parliament and Council agreed to update EU’s rules on product safety
On 28 November 2022, the European Parliament and Council agreed on the General Product Safety (GPSR) regulation to ensure that products sold offline and online are safe, and that they comply with European Standards. The GPSR updates the general product safety directive from 2001, modernises the rules for economic operators, and updates them for online businesses and marketplaces. The key points of the new regulation are:
• Obligations of economic operators and safety assessment – a product can be sold only if there is an economic operator in the EU;
• Removal of dangerous goods online – new obligations for online marketplaces, including the designation of a single point of contact for national surveillance authorities and consumers; and
• Recall, replacement, and refunds – improving the product recall procedure, as return rates remain low.
The Parliament and Council need to endorse the agreement before its adoption. The GPSR would apply 18 months after it enters into force.
Irish DPA fined Meta for data scraping on Facebook
Concluding an inquiry into Meta, the Irish Data Protection Commission issued a fine of EUR 265 million against the company for data scraping on Facebook, in violation of GDPR obligation for data protection by design and default. The inquiry commenced in April 2021, and looked into data processing on Facebook Search, Facebook Messenger Contact Importer, and Instagram Content Importer tools. The Commission’s decision requires Meta to bring the practices into compliance within an indicated timeframe.
European Commission opens public consultation on whether consumer protection legislation is fit for purpose
On 28 November 2022, the European Commission launched a public consultation in the framework of its New Consumer Agenda initiative aimed to analyse whether additional action is needed to ensure an equal level of fairness online and offline. Within this initiative, three EU directives will be evaluated to determine if they ensure a high level of consumer protection in the digital space: the Unfair Commercial Practices Directive, the Consumer Rights Directive, and the Unfair Contract Terms Directive.
The public consultation is intended to collect views from all interested stakeholders on key problems related to consumer protection in the digital space, as well as possible solutions, and the scope for regulatory simplification and burden reduction. The consultation follows a call for an evidence period that ended on 14 June 2022. Public input will be accepted until 20 February 2023.
The final version of the evaluation is expected in the second quarter of 2024.
Meta’s VR headset users will not require a Facebook or Instagram account
Meta reached an amicable solution with Bundeskartellamt, the German national competition regulatory agency, allowing users to access its VR headsets through a separate Meta account. In 2020, Bundeskartellamt initiated a proceeding against Meta, which was found to be a company of paramount importance across markets, concerning its condition to require German users of Oculus VR headsets to access those only via a Facebook or Instagram account. However, the proceedings are still ongoing about whether and how data is processed when different Meta services are combined. Until the proceedings are concluded, data from VR headsets will be kept separately from data collected from other Mets services.
The UK Financial Conduct Authority published a report concerning features used in trading apps
On 21 November 2022 the UK Financial Conduct Authority (FCA) published conclusions from a survey of 3,000 app users and customers of four trading apps. The research also included consumers from a trading app of a more traditional investment platform.
The FCA concluded that consumers using apps with features that include sending notifications with the latest market news, app points, badges, and celebratory messages for making trades were exposed to high-risk investments not consistent with their investor profile. The FCA found that gamification had been used in these apps to mislead consumers. According to FCA, all apps must review their features to comply with regulations coming into force next year.
FTC launched the National Do Not Call Registry Data Book for Fiscal Year 2022
On 21 November 2022, the US Federal Trade Commission (FTC) released the National Do Not Call Registry Data Book for Fiscal Year 2022. The report showed robocall complaints and the types of calls consumers complained about to the FTC, among other data.
Imposter calls, both live and robocalls, again topped the list reported by consumers. Warranties and protection plans stand second among the complaints. The top five states of complaints were: Delaware, Ohio, Arizona, Maryland, and Virginia. In 2022, 2.5 million people signed up with the Do Not Call Registry.
Italy’s antitrust and competition authority fined TIM for unfair commercial practices
On 21 November 2022 Italy’s antitrust and competition authority (AGCM) released Bulletin 42/22, mentioning a fine of EUR 1 million against Telecom Italia (TIM) for unfair commercial practices concerning Premium, Executive, and Magnifica fibre offers. Iliad Italia and several consumers had filed complaints.
AGCM concluded TIM failed to present essential information to consumers about the different fibre plans.
US Senate introduces ‘Informing Consumers about Smart Devices Act’
On 18 November 2022 Senators Cantwell and Cruz proposed the ‘Informing Consumers about Smart Devices Act’. According to the bill, the Federal Trade Commission (FTC) would create disclosure guidelines for products with audio or visual recording components.
The new regulation would encourage consumer awareness of household devices, such as refrigerators, washers, and dryers that are capable of recording and transmitting data without the consumer’s knowledge.
US agencies publish guide about securing software supply chain for customers
In the USA, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) issued the third of a three-part series on securing the software supply chain – Securing Software Supply Chain Series – Recommended Practices Guide for Customers. This publication follows the previously published guides for developers and suppliers. The guide includes recommended practices for software customers to guarantee their purchased software’s integrity and security.