The US Federal Trade Commission and the creator of Fortnite, Epic Games, have reached a settlement which would see the company pay a total of US$ 520 million in penalties over allegations that it had violated the Children’s Online Privacy Protection Act and used dark patterns to trick players into making unintentional purchases.
For allegations related to collecting personal information from Fortnite players under the age of 13 without getting consent from their parents or caregivers, Epic has agreed to pay a US$ 275 million penalty. Furthermore, the FTC determined that Epic’s default settings for its live text and voice communication features, as well as its system of pairing children with adults/strangers to play Fortnite with, exposed youngsters to harassment and abuse. Epic is also required to adopt strong privacy default settings for children and teens, ensuring that voice and text communications are turned off by default.
In a second case, the business conceded to pay US$ 245 million to refund users for its dark patterns and billing practices.
On 7 December 2022, the Federal Court of Australia penalised Uber with AUD$21m after the platform admitted it had breached the Australian Consumer Law regarding misleading conduct, cancellation messages, and the price of Uber taxi rides.
Cancellation messages between December 2017 and September 2021 stated that users might be charged a cancellation fee even if users decided to cancel during Uber’s ‘free cancellation period’. Uber also admitted that between July 2018 and August 2020, the prices of Uber taxi rides displayed on the app and website were false and overstated.
The Federal Court Order prohibited Uber from making similar representations to consumers for the following three years, required publishing a corrective notice on its website, as well as contributing to the payment of the Australian Competition and Consumer Commission costs.
Indiana’s Attorney General filed a lawsuit against TikTok for violation of state consumer protection laws. The lawsuit alleges that the social media company failed to disclose that ByteDance, the Chinese company that owns TikTok, has access to sensitive consumer information. Moreover, another complaint claims that the company exposes children to sexual and substance-related content, while misleading the users with its age rating of 12 plus on App Store and Google Play. Indiana seeks penalties of up to US$5000 per violation and asks the Indiana Superior Court to order the company to stop false and misleading representations to its users.
On 6 December 2022, the Australian Competition and Consumer Commission (ACCC) started Federal Court proceedings against internet services provider Telstra for making false or misleading representations to consumers about upload speed to the residential broadband plan called ‘Belong.’
ACCC found that, between October and November 2020, Telstra transferred approximately 9000 customers from Belong plan with a maximum download speed of 100Mbps and maximum upload speed of 40Mbps to a service with a maximum upload speed of 20Mbps.
In November 2022, Telstra, Optus, and TPG were ordered to pay AUD$33.5 million for making false or misleading representations to consumers about specific internet plans under Australia’s national broadband network (NBN).
On 2 December 2022, the European Council and Parliament reached a provisional agreement on a new consumer credit directive (repealing the current 2008 directive). The review of the regulation supports responsible and transparent practices by all users of consumer credit and is meant to also apply to the digital space. Given that a growing number of consumers apply for credit online, the new directive aims to ‘keep up with the trend of digitalisation’ and will apply to certain risky loans not currently covered by the rules: loans below €200, loans offered through crowd-lending platforms, and buy-now-pay-later products.
The agreement is subject to approval by the European Council and the European Parliament.
On 1 December 2022, the Norwegian Consumer Council (NCC) released a report titled ‘Enough deception! Norwegian consumer’s experiences with deceptive design‘. The analyses in the report show the use of deceptive design to mislead consumers. The NCC will share the report with the Norwegian Consumer Authority.
Some examples of deceptive design from the report:
• False hierarchy – when specific information is highlighted by placement, size, or colour;
• Preselection – when the best alternative for the business is preselected;
• Countdown timer – false information that the offer is about to end;
• Confirmshaming – worded choice to make the consumer feel scared or stupid; and
• Intermediate currency –use of virtual currency to hide the actual cost.
On 30 November 2022, the UK Competition and Market Authority (CMA) announced an investigation of Emma Sleep GmbH regarding online sales practices based on ‘urgency’ claims, potentially breaching UK consumer law.
The CMA will investigate if Emma Sleep used countdown timers and claims about time limits, implying a deadline for a discounted price and thereby harming consumers. The announcement of the investigation endorses the consumer protection programme based on Online Choice Architecture (OCA). The investigation is at an initial stage, and CMA will engage with Emma Sleep to gather additional evidence.
On 29 November 2022, the Ireland Consumer Rights Act 2022 (CRA) came into force. The CRA exchanged into law, among others, the Revised Sale of Goods Directive, the Contracts of the Supply of Digital Content and Digital Services Directive, and the Omnibus Directive.
The CRA enhances and modernises consumer protection laws extending them to digital goods and services and strengthening consumer rights and remedies. The fundamental changes introduced by the new legislation are:
• More substantial redress rights in case something goes wrong with the product or service purchased;
• New consumer rights for digital goods and services, including the requirement for businesses to provide information on how any digital updates would be provided and over what time;
• Stronger rights and remedies for service contracts such as repair, replacement, price reduction, cancellation of the contract, and total refund;
• Consumer Contract rights: business must provide essential information before the consumer signs up for a contract;
• Unfair Contract terms: prohibition of certain terms to be included in the terms and conditions of consumer contracts;
• Prohibition of fake reviews; and
• New Competition and Consumer Protection Commission enforcement powers.
On 29 November 2022, Ireland’s Consumer Rights Act 2022 (CRA) came into force. The act enhances and modernises consumer protection laws, extending them to digital goods and services and strengthening consumer rights and remedies.
On 28 November 2022, the European Parliament and Council agreed on the General Product Safety (GPSR) regulation to ensure that products sold offline and online are safe, and that they comply with European Standards. The GPSR updates the general product safety directive from 2001, modernises the rules for economic operators, and updates them for online businesses and marketplaces. The key points of the new regulation are:
• Obligations of economic operators and safety assessment – a product can be sold only if there is an economic operator in the EU;
• Removal of dangerous goods online – new obligations for online marketplaces, including the designation of a single point of contact for national surveillance authorities and consumers; and
• Recall, replacement, and refunds – improving the product recall procedure, as return rates remain low.
The Parliament and Council need to endorse the agreement before its adoption. The GPSR would apply 18 months after it enters into force.
