The World Economic Forum and the Council on the Connected World published the State of the Connected World 2023 report exploring governance gaps related to the internet of things (IoT). The report outlines the findings of a survey conducted with 271 experts worldwide to understand the state of IoT affairs. The COVID-19 pandemic has increased IoT demand in health, manufacturing, and consumer IoT. However, there is a lack of confidence when it comes to matters such as privacy and security.
Two main governance gaps are identified: (1) a lack of governmental regulation and implementation of industry standards and (2) IoT users are more susceptible to cyber threats and cyberattacks.
One recommendation is for businesses and governments to develop and implement practices to improve privacy and security and create a more inclusive and accessible IoT ecosystem. The need to improve equal access to technology and its benefits is also underscored.
The German Federal Cartel Office, Bundeskartellamt, issued a statement of objections against Google’s data processing terms, declaring that it plans to oblige the company to change the choices offered to consumers regarding data processing.
The Bundeskartellamt’s preliminary conclusions of its administrative proceeding against Google state that users of Google services ‘are not given sufficient choice as to whether and to what extent they agree to [a] far-reaching processing of data. The choices offered so far, if any, are, in particular, not sufficiently transparent and too general.’ The office argues that users should be able to limit the processing of data to the specific service used and to differentiate between the purposes for which the data are processed. In addition, the choices offered must not be devised in a way that makes it easier for users to consent to the processing of data across services than not to consent to this.
Following the issuance of the statement of objections, Google has the opportunity to comment on the office’s preliminary assessment and present either reasons to justify its practices or suggestions to dispel the concerns. A final decision on the administrative proceeding is awaited in 2023.
On 10 January 2023, the Federal Trade Commission (FTC) published an order against the online alcohol marketplace Drizly and its CEO for security failures that resulted in a breach of personal information of around 2.5m consumers.
The critical requirements of FTC’s order are, among other things:
• destruction of any personal data collected that is not necessary for Drizly to provide products or services to consumers;
• refraining from collecting and storing personal information if it is not needed;
• publicising on its website the information Drizly collects and why such data is necessary;
• implementing an information security program and establishing security safeguards.
The US Federal Trade Commission and the creator of Fortnite, Epic Games, have reached a settlement which would see the company pay a total of US$ 520 million in penalties over allegations that it had violated the Children’s Online Privacy Protection Act and used dark patterns to trick players into making unintentional purchases.
For allegations related to collecting personal information from Fortnite players under the age of 13 without getting consent from their parents or caregivers, Epic has agreed to pay a US$ 275 million penalty. Furthermore, the FTC determined that Epic’s default settings for its live text and voice communication features, as well as its system of pairing children with adults/strangers to play Fortnite with, exposed youngsters to harassment and abuse. Epic is also required to adopt strong privacy default settings for children and teens, ensuring that voice and text communications are turned off by default.
In a second case, the business conceded to pay US$ 245 million to refund users for its dark patterns and billing practices.
On 7 December 2022, the Federal Court of Australia penalised Uber with AUD$21m after the platform admitted it had breached the Australian Consumer Law regarding misleading conduct, cancellation messages, and the price of Uber taxi rides.
Cancellation messages between December 2017 and September 2021 stated that users might be charged a cancellation fee even if users decided to cancel during Uber’s ‘free cancellation period’. Uber also admitted that between July 2018 and August 2020, the prices of Uber taxi rides displayed on the app and website were false and overstated.
The Federal Court Order prohibited Uber from making similar representations to consumers for the following three years, required publishing a corrective notice on its website, as well as contributing to the payment of the Australian Competition and Consumer Commission costs.
Indiana’s Attorney General filed a lawsuit against TikTok for violation of state consumer protection laws. The lawsuit alleges that the social media company failed to disclose that ByteDance, the Chinese company that owns TikTok, has access to sensitive consumer information. Moreover, another complaint claims that the company exposes children to sexual and substance-related content, while misleading the users with its age rating of 12 plus on App Store and Google Play. Indiana seeks penalties of up to US$5000 per violation and asks the Indiana Superior Court to order the company to stop false and misleading representations to its users.
On 6 December 2022, the Australian Competition and Consumer Commission (ACCC) started Federal Court proceedings against internet services provider Telstra for making false or misleading representations to consumers about upload speed to the residential broadband plan called ‘Belong.’
ACCC found that, between October and November 2020, Telstra transferred approximately 9000 customers from Belong plan with a maximum download speed of 100Mbps and maximum upload speed of 40Mbps to a service with a maximum upload speed of 20Mbps.
In November 2022, Telstra, Optus, and TPG were ordered to pay AUD$33.5 million for making false or misleading representations to consumers about specific internet plans under Australia’s national broadband network (NBN).
On 2 December 2022, the European Council and Parliament reached a provisional agreement on a new consumer credit directive (repealing the current 2008 directive). The review of the regulation supports responsible and transparent practices by all users of consumer credit and is meant to also apply to the digital space. Given that a growing number of consumers apply for credit online, the new directive aims to ‘keep up with the trend of digitalisation’ and will apply to certain risky loans not currently covered by the rules: loans below €200, loans offered through crowd-lending platforms, and buy-now-pay-later products.
The agreement is subject to approval by the European Council and the European Parliament.
On 1 December 2022, the Norwegian Consumer Council (NCC) released a report titled ‘Enough deception! Norwegian consumer’s experiences with deceptive design‘. The analyses in the report show the use of deceptive design to mislead consumers. The NCC will share the report with the Norwegian Consumer Authority.
Some examples of deceptive design from the report:
• False hierarchy – when specific information is highlighted by placement, size, or colour;
• Preselection – when the best alternative for the business is preselected;
• Countdown timer – false information that the offer is about to end;
• Confirmshaming – worded choice to make the consumer feel scared or stupid; and
• Intermediate currency –use of virtual currency to hide the actual cost.
On 30 November 2022, the UK Competition and Market Authority (CMA) announced an investigation of Emma Sleep GmbH regarding online sales practices based on ‘urgency’ claims, potentially breaching UK consumer law.
The CMA will investigate if Emma Sleep used countdown timers and claims about time limits, implying a deadline for a discounted price and thereby harming consumers. The announcement of the investigation endorses the consumer protection programme based on Online Choice Architecture (OCA). The investigation is at an initial stage, and CMA will engage with Emma Sleep to gather additional evidence.
