Tuesday 26 February 2019

The traps of online shopping: the most recent sweep investigation reveals irregularities in how information is presented to consumers

Last week the EU Commission published a press release on the results of a recently conducted EU-wide sweep of e-commerce websites that revealed shocking results: more than half of the websites breached aspects of EU consumer law.

The sweep extended to 560 websites in 26 countries (including 24 Member States, Norway and Iceland), and included a range of websites, from selling clothing, to audio and video equipment and digital content.

More than 60% of websites showed irregularities. It is in particular striking that:
  • Information was misleading in particular in regard to the final price of products. On more than 31% of the websites that offered discounts, consumer authorities suspected that the special offers were not authentic or they thought the way in which the discounted price was calculated unclear. On around 37% of websites the final price at payment was higher than the initial price offered, mainly due to the lack of information on extra unavoidable fees on delivery, payment methods, booking fees etc.
  • 59% of the traders failed the obligation to provide an easily accessible link to the  Online Dispute Resolution Platform, and
  • Almost 30% of websites information on the right of withdrawal was no transparent.
The press release does not contain any information on interesting question on what actions are to be followed to address the above irregularities.

Friday 22 February 2019

Another hit on budget airlines: Italian authority fines Ryanair and Wizzair over cabin bag policies

Yesterday the Italian Competition and Market Authority fined Ryanair and Wizzair over their cabin bag policies. Last year Ryanair changed its cabin baggage policy allowing handbag sized carry on bags (bags that cannot fit under the seat) on board only if consumers paid for priority boarding. Wizzair shortly followed the same policy. Following these changes, the Italian Competition Authority opened a non-compliance investigation that concluded yesterday with their decision that this practice amounted to an unfair commercial practice. The Authority reasoned that hand-luggage is an essential service and that should not be subject to additional fees.

Now they are both faced with a fine, Ryanair with 3 million EUR and Wizzair with 1 million EUR and are given 60 days to change their hand luggage policy. Given the territorial scope of the decision, and given the problems of enforcement of EU consumer law (that we discussed here and here), the question is, will EU consumers/passengers of Ryanair and Wizzair benefit from their changed policies? Let's hope they (we) will!  

Monday 18 February 2019

Airbnbing it? Likely not a consumer: CJEU in Milivojević (C-630/17)

Last Thursday the Court of Justice issued a judgment in the Croatian case Milivojević (C-630/17). Ms Milivojević concluded a credit agreement through an intermediary to obtain funds for the extension and renovation of her house, to create apartments to be let for tourists. Part of the loan might have, however, been used for private purposes. The credit was secured by the mortgage on the house and was supposed to be paid back from profits that Ms Milivojević would acquire by letting the apartments. The credit agreement was concluded with the Raiffeisenbank, which turned out to be considered a 'non-authorised lender' in Croatia, as it was established in another Member State and was not authorised to operate in Croatia by the Croatian National Bank. Contracts concluded with non-authorised lenders may be declared null and void in Croatia with retroactive effect, which is what Ms Milivojević applied for. 
 
The referring court had questions about the validity of its jurisdiction under the agreement, which stated that either the courts of the domicile of the debtor or of the registered seat of the bank were  competent in case of disputes. In the procedure the parties were disputing the place of conclusion of the agreement, which could determine jurisdiction - Raiffeisenbank claimed it was Austria, Ms Milivojević - Croatia. Moreover, the referring court wondered whether Ms Milivojević could be considered a consumer, which would grant her exclusive jurisdiction rights. Furthermore, the questions of the compliance of the Croatian law allowing to invalidate credit agreements concluded with non-authorised lenders established in other Member States than Croatia with retroactive effect was raised.

Consumer status
 
Having read the facts, most of us would immediately deny the status of a consumer to Ms Milivojević in this particular transaction. She is openly admitting to having taken out the loan for the purpose related to conducting a business activity - letting out parts of her house to tourists. In light of the Gruber case, demanding that the use for business purposes was merely negligible, this situation does not seem to qualify as a consumer transaction, even if in the process of renovation of her house from the acquired loan money Ms Milivojević would have also improved parts of the house, in which she herself had lived
 
The Court relies more on the recent Schrems judgment, but still concludes that

"Ms Milivojević can be considered to have concluded the agreement at issue as a consumer only if the link between that contract and the professional activity in the form of tourist accommodation services is so marginal and negligible that it appears clearly that that contract was concluded essentially for private purposes." (para. 93)

Retroactively invalidating (consumer) credit agreements
 
The CJEU states that EU law (specifically Article 56 TFEU on the freedom of the provision of services) precludes Croatian law allowing to invalidate credit contracts with non-authorised lenders, who are established in another Member State, from the date of conclusion of that agreement, even if it was concluded before the entry into force of that Croatian law. Whilst it may be necessary for national law to ensure that credit agreements concluded by weaker parties are legal and afford them sufficient protection, this objective may be achieved by less restrictive measures (see in particular further para 73-74 of the judgment).

Determining competent courts

Further, Croatian law is incompatible with EU law by providing for different jurisdiction rules than these set out in Regulation No 1215/2012 (Brussels I recast). See further on these issues: paras 80-84. Finally, there was a question whether exclusive jurisdiction of Article 24(1) Regulation 1215/2012 would apply in this case, as it applies to actions relating to rights in rem in immovable property. The CJEU decided that an action for a declaration of invalidity of a credit agreement and of the notarised deed relating to the creation of a mortgage taken out as a guarantee for the debt arising out of that agreement does not fall within that concept (see para 105). However, an action for the removal from the land register of the mortgage on a building - would be covered.

Thursday 14 February 2019

French tribunal invalidates many terms in Google+ T&Cs

On Tuesday, the Tribunal de Grande Instance of Paris decided on a claim presented by the French consumer association Que choisir against Google and challenging the company's practices and contract terms involved in the (recently discontinued) Google+ service. 

The association challenged Google's Terms of Service and Privacy policy in their entirety, but also a large number of individual clauses contained therein. 

The Court analysed these terms in light of consumer legislation, and in particular unfair terms provisions in the Code de la consommation, and data protection rules. They also, possibly quite crucially, relied on a number of provisions in the same Code which dictate the information which consumers must receive prior to contract conclusion. 

Different types of terms were, in this context, considered as invalid:

1) Terms which described the purpose of data collection in a way that did not allow the consumer to really understand what their information was going to be used for
In particular, the Court condemned certain terms for presenting data collection as (exclusively) aimed at providing better services, rather than making the consumer aware of the commercial value and utilisation of the information collected (see clause 4 privacy policy, p. 88 of the decision).

2) Terms concerning geo-localisation
In this case, the main challenge is that the geo-localisation information is in no direct connection to the service and takes place through connecting to information stored by different services. Consumers should, the decision implies, have the chance to accept or reject this separately. See Clause 9 Privacy Policy, p. 93.

3) Terms allowing the provider to change the data concerning certain users, and to keep a log of old data that a user has sought to rectify
This is against data protection principles, which put individuals in control of their personal data after it has been collected. See clause 14 and 17 Privacy policy, p 98-100. 

4) Terms requiring users to accept that their information may be stored outside of the EU/EEA, without safeguards 
Such terms are not so much unfair as they are plainly in contrast with mandatory rules restricting the transmission of data outside of the EEA, except when provided for by "safe harbour" agreements. See Clause 19 Privacy Policy, p. 102.

5) Terms allowing the provider to change their conditions, or to terminate the provision, without indication on which grounds such measures could be taken

6) One of the terms in the Terms of Use was declared invalid for its attempt at waiving all sort of liabilities without any clear delimitation of the waiver's reach

7) Another term, concerning cookies, alerted consumers that "not all services" could reasonably work without them, but did not give any indication as to what the specific impact of refusing cookie collection could be 

The Court considered both the Terms of Use and the Privacy Policy as parts of one global contractual agreement. Contrary to the association's submissions, it considered that in itself, the presentation of the two documents was sufficient to provide users information concerning the nature and scope of what consumers agree to: in particular, the use of hyperlinks and "fragmentation" of relevant information is suitable to avoid an excessive concentration of information in a single text in limited space, the lexicon is sufficiently informal and it includes a glossary, and the personal nature of the information processed is sufficiently highlighted. 

In particular to the extent that, such as for geo-localisation, the Court seems to indicate separate approval - i.e., approval that is not obligatory in order to get access to the service - Que choisir has commented that the decision marks an end to "les conditions générales interminables à accepter en bloc". In some cases, where the terms contested were plainly against data protection legislation, the decision should also mean that the terms should no more be employed. 

On the other hand, in so far as transparency was the reason for invalidating many of the controversial clauses, it will remain to be seen what the practical consequences of the decision - which, is, furthermore, still subject to appeal - will be. Interesting times!

(A PDF copy of the decision, in French, is available on Que Choisir's website as linked above)

German regulator restricts Facebook data sharing

On 07.02.2019, Bundeskartellamt, the German competition regulator, issued a decision against Facebook restricting its processing of user data. 

The Bundeskartellamt points out that Facebook is in a dominant position with a market share of 95%. The closure of Google+, one of the competitors of Facebook, has intensified its dominance. Other companies, such as Twitter or Linkedin are considered to only operate in part of Facebook's market.

The decision states that the way Facebook collects, merges and uses data between its subsidiaries ammounts to abuse of dominant position, under competition law. One of the most troubling practices employed by Facebook is that it collects third-party data on users in an almost unlimited way and attaches all of these data to the users' facebook accounts. Data is being collected not only by other Facebook owned services, but by any website that has an embedded facebook button. It is worth noting that the data of the users was collected even if they would not interact with the facebook buttons (even if they  didnt 'like' a page).

What is even more concerning is that data is collected even if there is no kind of facebook sign on the page, when the website is using facebook analytics. This widespread collection of data allows facebook to form very detailed profiles of its users. 

With its decision, the Bundeskartellamt forbids this practice. Facebook, Instagram and Whatsapp will still be able to collect data on their users. However, Facebook will be prevented from assigning this data to a single facebook account, unless they have the voluntary consent of the users. However, the consent of the users is already required for third-party websites. The decision requires Facebook to make changes to its terms of service and data processing. The processing of data from third parties without the consent of users needs to be substantially limited. Facebook will have to come up with proposals on how to achieve that.

This decision comes after the publication of the first reports on the Code of practice against disinformation, signed by Facebook and other large online companies such as Google, Twitter and Mozilla. Facebook has to strengthen its commitments to empower consumers and boost cooperation with fact-checkers. However, if Facebook is serious about making their platform a fertile ground for those who seek to spread disinformation, it should first and foremost protect its users and their data from those who want to abuse them.

The decision is not yet final, as Facebook will have one month to appeal in German courts. It remains to be seen whether Facebook will challenge the decision. This decision serves to point out the increasing intersections between consumer law, data protection law and competition law. The Bundeskartellamt points out that their investigation required close cooperation with data protection authorities.

This is the dawn of a new age where the traditional compartmentalisations of law may not serve us as well  as in the past. Consumer law will also have to adapt in order to address challenges arising from novel business models, and especially in relation to data protection.

Thursday 7 February 2019

More transparency on hotel booking websites?

The UK's Competition & Markets Authority (CMA) announced yesterday that it has finalised its investigation into commercial practices of hotel booking websites (Hotel booking sites to make major changes after CMA probe). Under investigation were such well-known online companies as: Expedia, Booking.com, Agoda, Hotels.com, ebookers and trivago. Concerns that were raised and had been investigated pertained to a possibility of pressure selling, misleading discount claims, hidden charges and a suspicion that commission that these websites receive may impact the order, in which hotels are being shown on their websites. Overall, various online commercial practices might have misled consumers to believe that a certain hotel accommodation was either more popular or cheaper than the reality warranted. It was, therefore, questioned whether these companies might have been infringing the Consumer Protection from Unfair Trading Regulations 2008, which implemented the Unfair Commercial Practices Directive in the UK.

Since all of the above-mentioned companies co-operated with the CMA and agreed to voluntary undertakings, this means that the CMA did not proceed with its findings of any breaches of consumer law. Instead, the voluntary undertaking taken by these companies signifies their commitment to ensure in the future that certain principles will be observed, without admitting any fault in past dealings. All the promised changes should be made before 1 September 2019 and the CMA will expect these actions to be taken also by other websites in the same sector, who were not under investigation at the moment. The agreed on principles are as follows:
  • search results: clarifying whether the order of results is influenced by the amount of commission a hotel pays to the website;
  • pressure selling: currently, when using hotel booking websites, we often see information that other consumers are looking at the same hotel as we are and that there is only 1 room left, as well as showing us hotel accommodation that has already been sold out. This tactic may pressure consumers to rush with making a transactional choice, creating a scarcity condition. It can additionally be misleading, if other consumers are looking at the same hotel indeed but at renting rooms in it on other dates. This practice should now cease;
  • discount claims: ensuring that all discount claims are based on non-misleading criteria and are actually available. This prevents hotel booking websites from offering 'discounts' based on comparing the offered price for a given room to the price of a more luxurious room in the same accommodation, or to a price for the same room but in high season;
  • hidden charges: showing all compulsory charges up front, incl. taxes and fees.
The question remains whether we can expect these hotel booking websites to change their online practices more generally, not just for the UK consumers. This is something to pay attention to and re-check after September 2019.