Policy actions sorted A-Z.
Policy actions sorted A-Z.
Recognised organisations are able to raise fast-tracked complaints to digital regulators, so consumer organisations can act quickly on behalf of consumers in important cases.
United Kingdom: Organisations, including Which?, have power under 2002 Enterprise Act to take action on behalf of consumers, including the ability to make a “super complaint” to the Office of Fair Trading.
Recognised organisations can represent groups of consumers and take action against companies that sell defective goods or services. This enables legal action by people who may not be able to do so on their own, and increases the weight of an action.
European Union: General Data Protection Regulation introduces this in Article 80.
United Kingdom: The Consumer Rights Act 2015 allows for “collective proceedings” on an “opt-out” basis.
Canada: The Consumers’ Association of Canada has led class action lawsuits.
It is difficult for consumers to know when a class action lawsuit has been launched against a manufacturer if it isn’t widely publicised.
The opt-in and opt-out nature of these actions means some customers may miss participation or may participate when they don’t wish to.
Consumers are given information and the legal right to repair products they’ve bought, to reduce reliance on official service providers and to increase the longevity of consumer goods.
United States: The Copyright Office created an exemption (PDF) in laws against DRM circumvention for the purposes of repairing vehicles.
United States: The Fair Repair Act was put to the New York state legislature and would require manufacturers to supply information that could help people repair their devices. This law failed to get a vote.
iFixIt is a website that features repair tutorials for popular electronic devices.
The Restart Project organises real-world meetups where people are invited to bring in broken electronics and have them fixed by a specialist.
Documentation that outlines how products should be repaired could expose manufacturers’ trade secrets.
Self-repair may be outside the capability of non-expert consumers.
People have the right to directly access, in a standardised format, data held on them by data controllers so they can understand what is held about them, by whom, correct errors and reuse the data elsewhere.
In Australia, various energy providers allow you to download energy consumption data from their online portal.
United Kingdom: midata, is a programme that promotes data portability around personal banking information
Accessing this data alone isn’t enough to understand it. A service may be needed to interpret the data and make it readable by people.
Format is crucial: data locked in print or pdf publications can be hard to reinterpret.
Issues around child data and people who have power of attorney over someone are difficult to resolve.
People have the right to port their data between service providers so that they have genuine choice of providers. This is distinct from “enable people to access data held about them in an agreed format” as the particular data about a consumer isn’t readily accessible to them, but a transfer between services can be made.
European Union: Article 20 of the General Data Protection Regulation gives people the right to obtain and reuse their data across different services.
United Kingdom: QR codes on utility bills contain energy usage data for quick comparison between providers.
United Kingdom: Current account switch guarantee automates the process of changing banks by automatically transferring balances and direct debit instructions.
Switching mobile phone number: Communication regulators in many countries mandate that mobile phone numbers can be transferred between different networks.
Large, interlinked services operating effectively as monopolies could block transfer of data to services with a narrower focus.
Companies could use anti-patterns that make it difficult for people to transfer data between services.
People can access a history of who has viewed data held about them, so they can understand what is happening to their data and spot fraud and misuse.
United States: Under the Health Insurance Portability and Accountability Act, “patients can request an account of the manner their private health information has been used”.
Credit report services show when lenders have accessed an individual’s credit report.
Create legislation that is compatible across national borders, to ensure consumer rights are consistent where consumers purchase goods and services in a country other than the place they live.
Worldwide: ISO 12812 creates standards for mobile-based payments to allow cross-border operation.
European Union: The EU is pushing for a Digital Single Market, applying the concept of free movement of goods and people to digital services and online business. The European Commission is proposing closer co-operation in the enforcement of consumer rights.
People are able to permanently opt-out of communications.
United Kingdom: Telephone Preference Service, a central register for opting out of marketing calls. A similar service exists in the US.
United States: The CAN-SPAM Act of 2003. Requires promotional emails to contain unsubscribe links as well as the mailing address of the sender.
European Union: The Directive on Privacy and Electronic Communications requires consent from the data subject before unsolicited communications are sent.
Australia: The Spam Act 2003 requires data subjects to opt-in to unsolicited communications. These unsolicited communications need to include a clear statement of the identity of the sender and clear opt-out instructions.
People are able to opt-out permanently of tracking, both digitally and physically, to prevent their activity being monitored by invasive service providers, such as advertisers.
United States: There have been failed attempts at different levels of government to pass laws that regulate the online tracking of individuals.
South Korea: Websites that have more than 10,000 daily active users are not allowed to collect resident registration numbers.
Do Not Track is a feature of the standard used to serve websites in browsers. It allows users to consent to data being shared between websites for the purposes of serving adverts. Most major browsers implement this part of the standard, but there is no legal requirement to do so. The US Federal Trade Commission recommended its usage in December 2010.
Visitors to Hyde Park in London were tracked using mobile phone data. The park authority says the tracking would “inform policing of crowds at large events, tailor amenities to park usage and protect the ecology of the park”.
Commuters in London were tracked by TfL using MAC addresses from devices with Wi-Fi switched on.
Short-range transmitters like Apple iBeacon can be used to push notifications to consumers in physical stores.
Services automatically compensate consumers if the performance of a service is below the expected level. This gives consumers value for money and eases the process of getting compensation.
Consumer rights organisations can act where they believe people are being de facto forced to accept a change in the terms and conditions of a digital service.
Italy: The Italian Competition Authority have launched investigations into the mobile messaging app WhatsApp, over alleged violations of the Consumer Code. These relate to users being “de facto forced” into accepting new terms and conditions that allows data sharing between WhatsApp and Facebook, its owner. It also relates to unfair terms and conditions provisions like the ability to “unilaterally change contractual provisions” and other clauses favourable to WhatsApp.
Norway: The Norwegian Consumer Council streamed the reading of the terms and conditions from the 30 most common apps in Norway.
Create a means for a consumer to easily resolve a consumer dispute without having to resort to court action. This ensures the consumer is treated fairly in online transactions and avoids the resource intensive process of going to court.
European Union: An online dispute resolution service has been created that allows citizens of European member states to create complaints against organisations.
India: Online Consumer Mediation Centre provides digital infrastructure for resolving consumer disputes through physical and online mediation.
Mexico: Profeco, a consumer organisation, provides an online dispute resolution service called Concilianet.
Elsewhere: Online commerce services like eBay and PayPal provide dispute resolution services to resolve issues around non-payment, non-receipt of product and false advertising.
Administration and arbitration overheads could produce a backlog of complaints.
Services could be built to meet the needs of the digital platform rather than the needs of consumers.
Provide a service where scams can be reported to reduce the effort required for consumers to get redress.
Nations including the United Kingdom, Australia, United States and India operate websites where consumers can report scams. These are operated either by the national police, a regulator or a government department.
International Consumer Protection and Enforcement Network operate a website for reporting international scams.
Some consumers may not be aware that these services exist.
Phishing websites could pose as official scam reporting services.
Data controllers handle and protect personal data that is generated through consumer transactions to protect the privacy of consumers.
Most countries have a general right to privacy written into their national law or constitutions.
Different industries have their own data privacy laws.
Confidentiality of medical data is enforced in the United States by the Health Insurance Portability and Accountability Act. In Turkey, patient privacy is guaranteed in Articles 78 and 100 of Legal Code 5510. In Canada, medical confidentiality is protected at federal and provincial level. In Australia, it is protected under the Personally Controlled Electronic Health Records Act 2012 and the Privacy Act 1988.
Financial institutions also have implied privacy unless required to disclose transactional information to law enforcement.
UNGCP 2016 and OECD Privacy Guidelines 2013 mention recognition of right to privacy as a major element of consumer protection.
LEGO’s website, which connects children through games, has no third party cookies or connections to social media accounts, and advises users to use pseudonyms.
The same data is treated differently across industries and national borders, weakening how people perceive the right.
Challenges in identifying, defining and quantifying risks, as well as enforcing the right.
Individual services comply, but, in the aggregate, companies breach intent of privacy.