Consumer Protection

Earlier this year, the UK’s privacy and competition regulators (the ICO and CMA) issued a joint paper setting out their concerns and expectations in the field of dark patterns – techniques designed to mislead or deceive users of online services – which the regulators refer to as “harmful online choice architectures”. As we’ve previously noted, dark patterns are an area of increasing focus of regulators, and the joint paper reflects the growing interplay between privacy and competition laws – a trend we expect to see continue in 2024.Continue Reading UK Regulators Target Dark Patterns

On October 30, 2023, days ahead of government leaders convening in the UK for an international AI Safety Summit, the White House issued an Executive Order (“EO”) outlining an expansive strategy to support the development and deployment of safe and secure AI technologies (for further details on the EO, see our blog here). As readers will be aware, the European Commission released its proposed Regulation Laying Down Harmonized Rules on Artificial Intelligence (the EU “AI Act”) in 2021 (see our blog here). EU lawmakers are currently negotiating changes to the Commission text, with hopes of finalizing the text by the end of this year, although many of its obligations would only begin to apply to regulated entities in 2026 or later.

The EO and the AI Act stand as two important developments shaping the future of global AI governance and regulation. This blog post discusses key similarities and differences between the two.Continue Reading From Washington to Brussels: A Comparative Look at the Biden Administration’s Executive Order and the EU’s AI Act

On October 17, 2023, the European Commission adopted a proposal to review the Alternative Dispute Resolution (“ADR”) framework.  The review consists of: (i) a proposal to amend the ADR Directive; (ii) a proposal to repeal the Online Dispute Resolution (“ODR”) Regulation; and (iii) a recommendation addressed to online marketplace and EU trade associations. 

Amended ADR

On 4 May 2023, the UK Competition and Markets Authority (“CMA”) announced it is launching a review into AI foundation models and their potential implications for the UK competition and consumer protection regime. The CMA’s review is part of the UK’s wider approach to AI regulation which will require existing regulators to take responsibility for promoting and overseeing responsible AI within their sectors (for further information on the UK Government’s strategy, including its recent AI White Paper, see our blog post here). The UK Information Commissioner’s Office (“ICO”) has also recently published guidance for businesses on best practices for data protection-compliant AI (see our post here for more details).Continue Reading UK’s Competition and Markets Authority Launches Review into AI Foundation Models

On December 9, 2022, the European Commissioner for Justice and Consumer Protection, Didier Reynders, announced that the European Commission will focus its next 2023 mandate on regulating dark patterns, alongside transparency in the online advertising market and cookie fatigue. As part of this mandate, the EU’s Consumer Protection Cooperation (“CPC”) Network, conducted a sweep of 399 retail websites and apps for dark patterns, and found that nearly 40% of online shopping websites rely on manipulative practices to exploit consumers’ vulnerabilities or trick them.

In order to enforce these issues, the EU does not have a single legislation that regulates dark patterns, but there are multiple regulations that discuss dark patterns and that may be used as a tool to protect consumers from dark patterns. This includes the General Data Protection Regulation (“GDPR”), the Digital Services Act (“DSA”), the Digital Markets Act (“DMA”), and the Unfair Commercial Practices Directive (“UCPD”), as well as proposed regulations such as the AI Act and Data Act.

As a result, there are several regulations and guidelines that organizations must consider when assessing whether their practices may be deemed as a dark pattern. In this blog post, we will provide a snapshot of the current EU legislation that regulates dark patterns as well as upcoming legislative updates that will regulate dark patterns alongside the current legal framework.Continue Reading The EU Stance on Dark Patterns

On December 1, 2022, a committee of the Brazilian Senate presented a report (currently available only in Portuguese) with research on the regulation of artificial intelligence (“AI”) and a draft AI law (see pages 15-58) (“Draft AI Law”) that will serve as the starting point for deliberations by the Senate on new AI legislation.  When preparing the 900+ page report and Draft AI Law, the Senate committee drew inspiration from earlier proposals for regulating AI in Brazil and its research into how OECD countries are regulating (or planning to regulate) in this area, as well as inputs received during a public hearing and in the form of written comments from stakeholders.  This blog posts highlights 13 key aspects of the Draft AI Law.Continue Reading Brazil’s Senate Committee Publishes AI Report and Draft AI Law

On January 13, the FTC announced a settlement with WealthPress, an online service provider that recommends trades in financial markets.  The settlement resolved allegations that WealthPress violated both the Restore Online Shoppers’ Confidence Act (ROSCA) and Section 5 by making false and misleading claims about how much consumers could earn with the company’s trading recommendation services.  The action is noteworthy for two reasons.  First, building upon the FTC’s prior MoviePass settlement, the FTC’s ROSCA allegations focus not on the terms of the subscription service offered, but rather on the failure to clearly disclose material information about the company’s services.  Second, this is the FTC’s first settlement imposing civil penalties for alleged earnings claims violations predicated upon a Notice of Penalty Offenses issued in October 2021.  The settlement provides for $1.3 million in consumer redress, $500,000 in civil penalties, and injunctive relief.Continue Reading FTC Relies on ROSCA and Notices of Penalty Offenses to Police Deceptive Conduct in Settlement with WealthPress

On November 28, 2022, the European Commission launched a public consultation on whether the following three EU consumer laws remain adequate for ensuring a high level of consumer protection in the digital environment:

  • the Consumer Rights Directive (Directive 2011/83/EU, as amended), which sets out the minimum information traders must provide to EU consumers and which offers consumers certain rights, such as the right to withdraw from a contract;
  • the Unfair Contract Terms Directive (Directive 93/13/EEC, as amended), which prohibits terms in “standardized” (i.e., non-negotiable) business-to-consumer agreements that cause a significant imbalance between the parties rights and obligations to the detriment of consumers; and
  • the Unfair Commercial Practices Directive (Directive 2005/29/EC, as amended), which prohibits commercial practices considered unfair, for example, because they are misleading or aggressive.

The public consultation consists of filling out a short questionnaire, which needs to be submitted by February 20, 2023.  It is aimed at stakeholders that operate in the digital environment, such as online platforms.Continue Reading New Data Laws Prompt European Commission to Open Consultation on EU Consumer Laws

On November 28, 2022, the Federal Trade Commission (“FTC”) and seven state attorneys general announced that they reached settlements with Google LLC and iHeartMedia, Inc., to resolve claims that the companies aired deceptive advertisements promoting Google’s Pixel 4 phone by arranging for iHeartMedia radio personalities who never actually used the phone to personally endorse it.  The companies agreed to pay a combined $9.4 million to the states to settle these allegations.Continue Reading Google and iHeartMedia Reach Settlements with FTC and States for Deceptive Endorsements

On June 14, 2022, representatives of the EU’s Consumer Protection Cooperation (CPC) Network, together with several national data protection authorities in the EU and the secretariat of the European Data Protection Board (“EDPB”), endorsed five key principles for fair advertising to children (see press release here).  These recommendations are based on relevant requirements