In many jurisdictions, antitrust authorities enforce not only antitrust and competition laws, but also consumer protection rules, which may apply to similar conduct. Not so in the European Union (EU). The European Commission’s (Commission’s) Directorate-General for Competition (DG COMP) enforces EU antitrust rules alongside Member State authorities, coordinating their activities through the European Competition Network (the ECN). Although a similar EU network of consumer protection authorities has operated since 2006, enforcement remains mainly local.
But the EU consumer protection landscape is evolving rapidly. Since January 2020, EU consumer protection enforcement under the Consumer Protection Cooperation Regulation 2017/2394 (the CPC Regulation) has been more coordinated, with the Commission playing a larger role in the reinforced Consumer Protection Cooperation Network (the CPC Network). The EU’s substantive consumer protection rules have also been – and continue to be – updated and strengthened.
In November 2020, the Commission published its New Consumer Agenda, setting out priorities and action points for the coming five years. In addition to the Commission’s role coordinating and supporting Member States’ consumer protection enforcement, the New Consumer Agenda highlights its role in deploying innovative e-tools to tackle illegal online commercial practices and identify unsafe products and to provide funding and support for local initiatives. The Commission also represents the EU in cooperation arrangements with non-EU authorities, for example in Africa and China.
The EU consumer protection framework
The EU consumer protection framework is composed, on the one hand, of horizontal rules applicable across different sectors and, on the other, vertical rules applicable to specific sectors. The horizontal rules include directives on consumer rights (the CRD), setting out rules on contracts between consumers and businesses and establishing basic rights such as a ban on pre-ticked boxes, rules on excessive payment fees, information requirements and withdrawal rights; unfair contract terms (the UCTD), listing contract terms that may be regarded as unfair and therefore not binding for consumers; unfair commercial practices harming consumers’ economic interests (the UCPD), harmonizing Member State laws on unfair commercial practices; general product safety (the GPSD), setting out responsibilities of businesses and national authorities on product safety; indications of selling prices (the PID), requiring clear indications of final selling and unit prices; and guarantee rights in the sale of goods (the Sale of Goods Directive) and digital content and services (the Digital Content and Services Directive).
The most significant vertical, or sectoral, rules include the Package Travel Directive, the Passengers Rights Regulation, the directive on distance marketing of consumer financial services, and the directive on consumer credit agreements. Others include directives on consumer rights in connection with other types of transport, such as rail, sea, and bus transport, as well as rules on geo-blocking, the abolition of retail roaming surcharges, and cross-border portability of online content.
In recent years, the EU has modernized its consumer protection framework, and this work is still ongoing. The Digital Content and Services Directive was adopted in 2019, in the context of the 2015 Digital Single Market initiative, to harmonize Member State laws on contracts for digital content (e.g., music and video files, e-books, apps, games and other software) and digital services (e.g., social networks, cloud applications and cloud storage services) and improve consumers’ access to digital content and digital services. It must be fully applied from January 2022. Under the 2018 New Deal for Consumers, the EU adopted two important directives, as well as the CPC Regulation. The so-called “Modernisation Directive” (Directive 2019/2061) updated four key horizontal consumer protection directives – the CRD, UTP, UPCD and PID — to increase transparency and strengthen enforcement and must be fully applied by May 2022. In November 2020, the EU adopted a directive on representative actions (Directive 2020/1828) to facilitate class actions both for injunctions and compensations, replacing the so-called “injunctions directive.”
The work of updating and strengthening the EU consumer protection framework continues under the 2020 New Consumer Agenda. In July 2021, the Commission proposed a new regulation on general product safety (the GPSR) to address product safety in light of the adoption of emerging technologies, including use of artificial intelligence (AI) and connected devices, to establish clear obligations for online marketplaces and to create a single set of market surveillance rules and improve the effectiveness of product recalls. The New Consumer Agenda also involves updates to vertical consumer protection measures, including proposed directives on consumer credits and distance marketing of consumer financial services, as well as a review of the Package Travel Directive. The Commission will also soon propose a measure on consumers in the “green transition” to ensure that consumers obtain reliable and useful product information, prevent overstated environmental information and sale of products with covertly shortened lifespans, and set minimum requirements for sustainability logos and labels. The Commission is also consulting on revisions to the 1985 product liability directive, notably to account for defects related to the use of AI in products and services, and will likely propose a new regulation in 2022.
Meanwhile, the EU is forging ahead with an ambitious parallel regulatory agenda, notably in the digital sector. Measures currently working their way through the legislative process include the Data Governance Act, Digital Markets Act, Digital Services Act and AI Regulation. Another important measure, the Data Act, will be published soon. During the EU co-legislators review, proposals have been made to add substantive consumer protection provisions not included in the Commission proposals and potentially duplicative of recent or proposed consumer protection measures.
The newly empowered CPC Network
In parallel with the updating of substantive consumer protection rules, the CPC Regulation significantly overhauled the EU framework for coordinated action by EU consumer protection authorities, expanding the Commission’s role. Within the Commission, this role is exercised by the Directorate-General for Justice and Consumers (DG JUST), more specifically the “consumer enforcement and redress” unit in the Consumers directorate.
Scope. The CPC Regulation applies to “intra-Union infringements,” “widespread infringements” and “widespread infringements with an EU dimension.” An “intra-Union infringement” is defined as an infringement that has harmed or is likely to harm the collective interests of consumers residing in a Member State other than the Member State in which the infringement originated or took place, the responsible trader is established or evidence or assets of the trader are to be found (together, the home Member State).
“Widespread infringement” is defined as an infringement that has harmed or is likely to harm consumers residing in at least two Member States, other than the home Member State, or infringements that have harmed or are likely to harm the collective interests of consumers and that have common features, including the same unlawful practice, the same interest being infringed and being committed concurrently by the same trader in at least three Member States. “Widespread infringement with a Union dimension” is defined as a widespread infringement that has harmed or is likely to harm the collective interests of consumers in at least two-thirds of the Member States, accounting for at least two-thirds of the EU’s population.
Powers. The CPC Regulation ensures that all Member State authorities have a harmonized set of minimum investigative and enforcement powers, much as the so-called ECN+ Directive did for Member State antitrust authorities. Authorities’ investigative powers include:
- access to any relevant documents, data or information,;
- requiring any public authority or natural person or legal person to provide any relevant information, data or documents, for the purposes of establishing an infringement, including tracing financial and data flows, ascertaining the identity of persons involved and ascertaining bank account information and ownership of websites;
- to carry out on-site inspections of any premises, land or means of transport that a relevant trader uses in his trade, business, craft or profession, or to request other public authorities to do so; to request the trader’s representatives or staff to give explanations of facts, information, data or documents relating to the subject matter of the inspection and to record the answers; and
- to purchase goods or services as test purchases, where necessary, under a cover identity, to detect infringements and obtain evidence.
Many of these powers will be familiar from the enforcement of EU antitrust law, including notably the powers to conduct on-site inspections, or “dawn raids.”
Authorities’ enforcement powers under the CPC Regulation include:
- the power to adopt interim measures to avoid the risk of serious harm to consumers;
- to seek to obtain or to accept commitments from traders;
- to receive additional remedial commitments and to seek commitments to offer adequate remedies to affected consumers;
- to inform consumers about how to seek compensation under national law;
- to order and bring about the cessation or prohibition of infringements;
- to remove content or to restrict access to an online interface or to order the display of warnings to consumers accessing an online interface; to order a hosting service provider to remove, disable or restrict access to an online interface; or to order domain registries or registrars to delete a fully qualified domain name and to allow the competent authority concerned to register it; and
- to impose fines or periodic penalty payments for infringements and for the failure to comply with decisions or other measures adopted pursuant to the regulation.
Authorities’ powers may be exercised by them directly, by recourse to other authorities, by instructing so-called “designated bodies” or by application to competent courts. A recent action by the French authority, the DGCCRF, against the online marketplace Wish illustrates how these tools can be used in practice. Following an investigation culminating in an order against Wish in July 2021, on November 24, 2021 the DGCCRF announced separate orders requiring major search engines and app stores to delist Wish.
The regulation sets out a detailed mutual assistance procedure for authorities in one Member State to request assistance from others. The exercise of these powers must be proportionate and comply with EU and national law, including applicable procedural safeguards and fundamental rights. Information collected may only be used to ensure compliance with EU consumer protection laws and must be treated as confidential and used with due regard to commercial interests, including trade secrets and intellectual property.
Coordinated actions. The CPC Regulation governs coordinated investigations and enforcement to address suspected “widespread infringements” and “widespread infringements with a Union dimension.” The authorities concerned must coordinate their investigation and enforcement measures, exchange necessary evidence and information and provide each other and the Commission with any necessary assistance. Authorities in a coordinated action act by consensus.
The authorities involved enter into a written agreement governing the coordinated action and designating a “coordinator.” The coordinator will be the Commission where actions relate to widespread infringements with a Union dimension, and in any case if the national authorities can’t agree on another coordinator. The coordinator is responsible for informing all competent authorities and the Commission about the progress of the investigation or enforcement action, any anticipated next steps and measures to be adopted.
The coordinator also coordinates measures taken by the competent authorities, the preparation and sharing of documents, the assessment, processing and implementation of commitments and enforcement measures and requests for mutual assistance, as well as maintaining contact with the trader and other parties concerned.
When conducting investigations, the competent authorities must act simultaneously in an effective, efficient and coordinated manner using the mutual assistance mechanism as needed to gather information or to ensure that the trader concerned does not circumvent enforcement measures. Where appropriate, the competent authorities will agree a common position on the outcome of the investigation and assessment, to be communicated by the coordinator to the relevant trader. The trader concerned must be given the opportunity to be heard on the common position, and the competent authorities may publish the common position or parts thereof on their websites and seek the views of consumer organisations, trader associations and other parties. The authorities may also seek comments on any proposed commitments.
The competent authorities must assess any proposed commitments and communicate the outcome to the trader, and, where applicable, to consumers that claim to have suffered harm. Where commitments are deemed sufficient, the authorities will accept the commitments, set a time limit for implementation and monitor their implementation.
Absent sufficient commitments, the competent authorities may take enforcement actions under their national laws to bring about the cessation or prohibition of the infringement. The authorities may also assess additional remedial commitments for the benefit of affected consumers. Enforcement measures are appropriate where immediate action is necessary to stop an infringement; the infringement is unlikely to cease as a result of the commitments; or the responsible trader has failed to implement its commitments. The competent authorities seek to take enforcement measures simultaneously. Coordinated actions are closed when the competent authorities conclude that the infringement has ceased or been prohibited in all Member States concerned or that no such infringement was committed.
Union-wide activities. The CPC Regulation lays out the rules governing a number of so-called “Union-wide activities,” including alerts, external alerts and sweeps. Alerts relating to suspected infringements should include a description of the infringement; details of the product or service concerned; the Member States concerned; the identity of the trader or traders responsible; and a description of any legal proceedings, enforcement measures or other measures taken. An “external alert” may be given by designated bodies, European Consumer Centres, consumer organisations and associations, and, where appropriate, trader associations that have the necessary expertise and on whom national authorities have conferred this power. For example, the EU consumer protection body, BEUC, has issued four external alerts, against airlines (in the context of the Covid crisis for breaches of passenger rights); Nintendo (for early obsolescence); TikTok (for failing to protect minors online); and WhatsApp (for persistent notifications to accept terms and conditions).
Competent authorities may conduct “sweeps” to check compliance with, or to detect infringements of, EU consumer protection laws, normally coordinated by the Commission. Sweeps may be based on authorities’ power to conduct on-site inspections under the CPC Regulation or any other powers conferred by national law. The competent authorities may invite designated bodies, Commission officials, and others to participate in sweeps. A Commission study covering the results of sector-specific sweeps from the creation of the CPC Network through 2019 resulted in dramatic improvements in compliance within a year of the sweep. More recently, the CPC Network has conducted sweeps on pandemic-related scams (2020), misleading sustainability claims (2020) and consumer credit (2021).
The CPC Regulation also envisages cooperation in related areas, such as training of officials; collection, classification and exchange of data on consumer complaints; and the development of sector-specific networks, information and communication tools and standards, methodologies and guidelines. The regulation envisages exchanges of officials to improve cooperation and the conclusion of agreements with non-EU countries concerning cooperation and mutual assistance.
Every two years — the next time in January 2022 — Member States will exchange information on their enforcement priorities, including information concerning market trends, an overview of actions in the last two years, and tentative priority areas for the next two years. Also every two years, the Commission will publish an overview of this information and exchange best practices and benchmarking with the Member States.
Coordinated actions in practice
The CPC Network is making extensive use of its coordinated action powers. The Commission highlights eight areas of focus: Dieselgate, air travel, accommodation booking, other travel services, market places and digital services, social media and search engines, frequent consumer traps and scams, and so-called “dual quality” practices. The different procedures and outcomes illustrate both the potential and challenges of coordinated actions.
In Dieselgate, Volkswagen committed to make repairs free of charge but did not give post-repair guarantees requested by the Commission and consumer protection authorities and refused to compensate EU consumers other than those residing in Germany at the time of their purchase.
More recent coordinated actions have been more successful. In the air travel case, 16 major airlines committed to providing better information and timely reimbursement of passengers in case of flight cancellations, and most committed to offering reimbursement for vouchers pushed onto passengers in the early phase of the pandemic. Similarly, in the accommodation booking case, travel booking platforms committed to changes in the way they present offers, discounts and prices to help consumers make informed comparisons. In relation to other travel services, five major car rental companies committed (under the old CPC Regulation) to more pricing transparency and clearer terms and conditions.
A high proportion of coordinated actions involve online activities, notably online marketplaces and digital services. In 2021, the dating website Parship committed to improve the information displayed on its website regarding consumers’ right of withdrawal and automatic renewals, while AliExpress committed to changes to ensure that its practices and those of its traders respect EU consumer law. The Commission has also pursued a number of actions relating to social media and search engines. The Commission obtained commitments from Facebook and Twitter in 2019, but cases involving Google (on nine identified issues) and TikTok (triggered by an external alert from BEUC) are still ongoing.
The Commission’s category of “frequent traps and scams” also covers a variety of actions at different stages of completion. The CPC Network has observed widespread issues with hidden recurring subscription payments and recently requested major credit card companies to ensure that all necessary information is presented when consumers make a payment involving recurring subscription fees. The CPC Network also noted very high levels of misinformation and disinformation related to COVID-19, with rogue traders advertising and selling fake or substandard products, basic goods such as protective masks or hand sanitisers at very high prices and unauthorised and potentially dangerous food supplements.
The CPC Network’s work on the “dual quality” of food covers a broad campaign relating to products, such as soft drinks, coffee or fish fingers, marketed in different Member States with the same brand or packaging but with different ingredients or compositions. The Commission published an initial study in 2019 and another in 2021.
EU antitrust enforcement regularly generates global headlines with record fines, while EU consumer protection enforcement is relatively low profile. The relatively low level of public awareness may reflect several factors. Substantive EU consumer protection rules are divided among a large number of directives and regulations, many consumer protection issues are local, and the law is enforced by local Member State authorities.
But EU consumer protection law has changed – and is still changing – dramatically as cross-border challenges increase. Thanks to recent legislation, EU consumer protection enforcement now closely resembles EU antitrust enforcement. The Commission, DG JUST rather than DG COMP, sits at the centre of an active EU-wide network, the CPC Network rather than the ECN. EU authorities wield a harmonized set of investigative and enforcement tools under the CPC Regulation, as EU antitrust authorities do under the ECN+ Directive. Although the new enforcement framework has been in force for less than two years, it has already been deployed in addressing many EU-wide issues involving the digital economy and COVID-19 generating tens of thousands of local complaints.
In parallel, the process of updating the EU’s substantive consumer protection rules continues under the 2020 New Consumer Agenda. Already adopted amendments will enter into force in 2022. Further updates, especially to product safety, liability rules and the green transition, are on their way.
The relatively low levels of awareness regarding the evolution of EU consumer protection rules may create risks of duplicative or conflicting developments in the increasingly complex EU digital agenda. For example, the European Parliament has proposed making online marketplaces responsible for monitoring and taking down illegal or harmful content or products under the Digital Services Act, but these changes overlap with measures on online marketplaces proposed in the GPSR and are arguably unnecessary in view of EU consumer protection authorities’ new powers under the CPC Regulation (as exemplified by the DGCCRF’s actions last month). Increased awareness and appreciation of the EU’s consumer protection framework will hopefully reduce the temptations for EU legislators to confuse a complex but coherent – and increasingly aggressive — legal framework.
The authors note that Norton Rose Fulbright is involved in the negotiation of the proposed Digital Markets and Services Acts referenced in this article.