A service of the

Download article as PDF

This article is part of The European Digital Single Market

Digital services are increasingly important in the economy and in society in general, as they continue to shift from being a specific sector of activities to becoming the basis for the provision of most services. They offer multiple new opportunities from which consumers benefit daily, but they also raise novel questions for consumer protection. This short policy piece, which is based on a policy report for the Centre on Regulation in Europe (CERRE), proposes a policy agenda to improve EU consumer protection rules for digital services.1

The paper begins with a description of the principles on which smart consumer protection should be based. The following section offers proposals to improve the horizontal consumer protection rules which apply to all services, both digital and non-digital. This is followed by proposals to strengthen the enforcement of those rules. The final section suggests that if the horizontal rules were improved and better enforced, most of the digital-specific consumer protection rules could be removed.

Principles for smart consumer protection

The best guardians of consumers’ interest are the consumers themselves. That is why the main role of consumer policy is to empower consumers to make the right choices for themselves, in particular by ensuring that they have the right information and the possibility to switch when needed. However, the most basic dimension of this empowerment is to ensure that consumers understand the services they are using and the conditions of their provisions. This may be complex – notably for older citizens – for digital services which are new and which evolve very quickly. That is why consumer education with regard to digital technologies in order to increase digital literacy is key to a smart consumer protection policy and is a prerequisite for the effectiveness of any consumer protection rule.

Good rule-making in general

Good consumer protection rules should abide by the general principles of good rule-making, as put forward in Baldwin, Cave and Lodge.2

Proportionality: Proportionality is a general principle of EU law requiring that public intervention does not exceed what is necessary to achieve its objectives.3 Proportionality implies that horizontal rules should be as non-distortive as possible to achieve the protection of consumers, and that the need for specific legislation is assessed against the background of existing horizontal legislation. Therefore, specific consumer protection rules for digital services should only be adopted when there is a clearly identified market failure that cannot be remedied by these horizontal rules. Proportionality should also be respected by the consumer protection authorities when they implement the rules. Before intervening, authorities should identify the consumer harm and demonstrate how their interventions help to remedy such harm.

Self- and co-regulation: A specific application of the principle of proportionality is the reliance on self- or co-regulation when this mode of regulation can effectively protect consumers and strike the right balance between predictability, flexibility and efficiency. To do so, the conception and the implementation of self- and co-regulation should follow the best practices principles adopted by the European Commission: rules should be prepared by participants representing as many interests as possible, in an open manner, in good faith and with clear objectives, and the implementation of the rules should be monitored and regularly assessed.4 Currently, self- and co-regulation is used extensively to address some problems raised by rapidly developing digital services.5

Legal certainty and predictability: Rules should give sufficient certainty and predictability to suppliers as well as to consumers. This implies that the rules need to make up a coherent set, in particular with regard to the balance between horizontal and sector-specific rules, and must be simple to understand and sufficiently stable over time, especially when the investment cycle is long.

Sustainability in the face of rapid and unpredictable technology and market evolution: The evolution of digital technology and the digital market is often rapid and unpredictable. In this context, consumer protection rules need to be flexible enough to adapt to these changes and to continuously meet their objectives. This is best achieved with rules which, on the one hand, have a horizontal scope of application and are not dependent on the type of services and, on the other hand, are principle-based and not overly specific or detailed.

Non-discrimination, level playing field and technological neutrality: A basic non-discrimination principle, also referred to as a regulatory “level playing field”, implies that all substitutable services are subject to the same rules.6

Two more recent principles

Next to the well-established principles for good governance, smart consumer protection rules also need to be based on two additional principles which have been more recently established by the academic research.

Taking consumer biases into account: Many current consumer protection rules assume that consumers are rational and always act in their best interest given the information at their disposal. However, behavioural studies (well summarised in Thaler and Sunstein as well as by Kahneman) have shown that consumers suffer from many biases and that their rationality is bounded.7 In particular, they suffer from inertia (laziness in switching), short-sightedness (hyperbolic discounting) and innumeracy (difficulty in understanding numbers). To be more effective, consumer protection rules need to take these biases into account.8

Personalisation: Consumers of digital services are heterogeneous in capabilities and preferences. This diversity is well understood by big data firms whose business is to identify the characteristics of each customer in order to target the users and tailor their services accordingly.9 Consumer diversity can also be better taken into account in the rule-making and enforcement processes,10 provided some safeguards are in place, such that the personalisation should be based on objective and transparent criteria and that privacy is respected.

Better horizontal consumer protection rules

The cornerstone of EU consumer protection rules is the disclosure of as much information as possible to allow consumers to make the best choices for themselves. This transparency obligation is complemented by fairness obligations. Both types of obligations can be made smarter when applying the principles explained above.

Information disclosure

Current disclosure rules are not adapted to rationality-bounded consumers,11 as they do not sufficiently take into account what type of information should be given, at what time and in which format. Moreover, they are not adapted to algorithmic consumers, i.e. consumers using digital personal assistants – such as Apple’s Siri or Amazon’s Alexa – to help them make their choices or even to conclude their purchases for them.12 Thus, disclosure rules should be improved to promote smarter information disclosures to humans and to bots.

Disclosure to humans: The disclosure of information to humans should comply with the EAST framework proposed by the UK Behavioural Insight Team, i.e. they should be easy, attractive, social and timely.13 In particular, the information given should first of all focus on what really matters to consumers; such information could possibly be personalised depending on individual capabilities and preferences. Second, the information should be presented in a user-friendly manner, for instance relying on different layers of information and using intelligible language. Third, it should be given when the decision needs to be made – and not too much beforehand.14

Disclosure to bots: Digital personal assistants can process much more information than humans, and hence there is less risk of information overload. However, the information needs to be given in machine-readable formats and always before the decision is taken by the consumer (or directly by the digital personal assistant).

Fairness obligation

Next to information disclosure, the EU consumer protection rules prohibit unfair practices, i.e. practices which are not in good faith15 or which contravene professional diligence.16 The advantage of these principle-based rules is that they can easily adapt to the rapid and often unpredictable evolution in the provision of digital services. The drawback, however, is that they can raise legal uncertainty as to whether a specific practice is prohibited.

To increase legal certainty, which is beneficial to both providers and consumers of digital services, national consumer protection authorities and the European Commission should establish a structured dialogue with all of the stakeholders. This dialogue should be used to determine which practices should be considered unfair. These practices should then be listed in guidance instruments that should be updated and revised as the technology and the market evolve.17

Better enforcement of the rules

It is not enough to have smarter rules; they need to be well enforced to be effective. As recently shown by the European Commission,18 the main problem with consumer protection in Europe is not the design of the rules but their enforcement. Therefore, the two current avenues for enforcement – public and private – need to be strengthened, and a third avenue based on technology needs to be explored.

Public enforcement

To strengthen public enforcement, national consumer protection agencies need to be well staffed, independent of any political pressure or capture by corporate interests or consumer associations, and granted the power to impose sanctions with sufficient deterrent effects. National authorities should also seize the opportunities offered by digital technology, in particular big data and artificial intelligence, to improve their operations.

Moreover, consumer protection agencies should cooperate more intensively at the national level with other agencies responsible for regulating specific aspects of the digital value chain (such as authorities in charge of data protection, competition policy, electronic communication or media services) to achieve better and more consistent decisions across the value chain. National consumer protection agencies in the member states should also cooperate more closely among themselves and with the Commission to establish more consistent interpretations of rules, develop best practices and better fight against pan-EU infringements of EU consumer rules.19

Private enforcement

Centralised and public enforcement is inevitably limited, as public financing and public information are limited, even when the authorities use the full potential of big data and artificial intelligence. Therefore, it should be complemented by an active decentralised and private enforcement. The current EU consumer protection rules already stimulate private enforcement by giving several means of action to consumers when their rights have been infringed. First, they can take an action before an administrative authority or a court and act individually or, in some cases, collectively, in order to get injunctions and damages. Second, they can request mediation, in particular via the European Consumer Centres for cross-border cases or via out-of-court dispute resolution. Third, they can lodge a complaint with the national consumer protection agencies.

However, any of those actions requires that consumers must be aware of their rights and of the possible violation they have suffered, which is often not the case.20 Therefore, the Commission must establish a consumer law database and run awareness-raising campaigns. Some available remedies, such as injunctions, could be expanded to cover more parts of consumer legislation. Also, the conditions to receive damages in case of consumer rights infringements could be further harmonised and facilitated, as was done in 2014 for competition law infringements.21

Technology enforcement

An alternative means of enforcement, promoted by Lessig,22 consists in moving the rules from the legislative code to computer code. This will now be imposed beginning in 2018 by the General Data Protection Regulation, with a new privacy by design obligation.23 A similar obligation of “consumer protection by design” could be envisaged. For instance, an obligation to personalise information disclosure could be written in the code of the algorithm. Obviously, this is a new avenue for regulation that should be further explored in negotiations among authorities, digital firms and consumer associations.

Horizontalisation of the digital-specific consumer protection rules

As the economy becomes more digitalised, digital services no longer constitute (vertical) sectors of the economy but rather its very (horizontal) foundation. Hence, most digital-specific consumer protection rules should either be transferred into the horizontal rules or removed. Only where there is a public interest specific to digital services which cannot be covered by horizontal rules should a sector rule be maintained.

Furthermore, the rules that are maintained should meet the principle of non-discrimination and be the same for all services considered as substitutable by the consumers. In that regard, the increasing substitution between, on the one hand, traditional telecommunications and media services and, on the other hand, new communications and media over-the-top services,24 should lead to an increasing convergence between the rules applied to those two categories of digital providers.

This paper is based on a policy report written with Anne-Lise Sibony of the University of Louvain, Belgium.

  • 1This paper focuses mainly on four main EU consumer protection laws: Council Directive 93/13 of 5 April 1993 on unfair terms in consumer contracts, OJ L 95/29; Directive 2005/29 of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market, OJ L 149/22; Directive 2011/83 of the European Parliament and of the Council of 25 October 2011 on consumer rights, OJ L 304/64; and Regulation 2006/2004 of the European Parliament and of the Council of 27 October 2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (the Regulation on consumer protection cooperation). Digital services are understood broadly and cover the main current legal categories, i.e. the information society services, the provision of digital content, the electronic communications services and the audio-visual media services.
  • 2 R. Baldwin, M. Cave, M. Lodge: Understanding Regulation: Theory, Strategy and Practice, 2nd ed., Oxford 2012, Oxford University Press.
  • 3 European Commission: Better Regulation Guidelines, Commission Staff Working Document, SWD(2015) 111 final, Strasbourg 2015.
  • 4 European Commission: Principles for Better Self- and Co-Regulation, February 2013, available at https://ec.europa.eu/digital-single-market/sites/digital-agenda/files/CoP%20-%20Principles%20for%20better%20self-%20and%20co-regulation.pdf.
  • 5 See the Memorandum of Understanding on the sale of counterfeit goods via the Internet, which was revised in June 2016; the Code of Conduct on countering illegal hate speech online, adopted in May 2016; and the Key principles for comparison tools, agreed in 2016, which fed into the Commission Guidance of June 2016 on the implementation/application of the Unfair Commercial Practices Directive.
  • 6 A stronger technological neutrality principle implies that legislation and regulation are sustainable in the face of technological evolution, that competition should not be distorted by regulation and that regulators should not try to “pick technology winners” when intervening in the markets.
  • 7 R. Thaler, C. Sunstein: Nudge: Improving Decisions about Health, Wealth, and Happiness, New Haven 2008, Yale University Press; and D. Kahneman: Thinking Fast and Slow, New York 2011, Farrar, Straus and Giroux.
  • 8 G. Helleringer, A.-L. Sibony: European Consumer Protection Through the Behavioural Lens, in: Columbia Journal of European Law, Vol. 23, No. 3, 2017, pp. 607-646.
  • 9 V. Mayer-Schönberger, K. Cukier: Big Data: A Revolution that will transform how we live, work and think, New York 2013, Eamon Dolan/Mariner Books.
  • 10 This was also suggested by A. Porat, L.J. Strahilevitz: Personalizing Default Rules and Disclosure with Big Data, in: Michigan Law Review, Vol. 112, No. 8, 2014, pp. 1417-1478.
  • 11 O. Bar-Gill, O. Ben-Shahar: Regulatory Techniques in Consumer Protection: A Critique of European Consumer Contract Law, in: Common Market Law Review, Vol. 50, pp. 109-126; and Norwegian Consumer Protection Agency: APPFAIL: Threats to Consumers in Mobile Apps, March 2016.
  • 12 M.S. Gal: Algorithmic Challenges to Autonomous Choice, 20 May 2017, available at https://ssrn.com/abstract=2971456.
  • 13 The Behavioural Insights Team: EAST: Four Simple Ways to Apply Behavioural Insights, April 2014.
  • 14 A good practice was Article 14 of the regulation on roaming charges, which stipulated that the costs of roaming charges needed to be disclosed when the customer was crossing a border and not only in Terms and Conditions that few customer read; see European Union: Regulation 531/2012 of the European Parliament and of the Council of 13 June 2012 on roaming on public mobile communications networks within the Union, Article 14, OJ L 172/28, 30 June 2012.
  • 15 According to Article 3(1) of the Unfair Contract Terms Directive, a contract term which has not been individually negotiated is unfair if, contrary to the requirement of good faith, it causes a significant imbalance in the parties’ rights and obligations arising under the contract, to the detriment of the consumer. See European Council: Council Directive 93/ 13/EEC of 5 April 1993 on unfair terms in consumer contracts, OJ L 95/29, 21 April 1993.
  • 16 According to Article 5(2) of the Unfair Commercial Practice Directive, a commercial practice is unfair when it (i) is contrary to the requirements of professional diligence, and (ii) materially distorts or is likely to materially distort the economic behaviour with regard to the product of the average consumer whom it reaches or to whom it is addressed, or of the average member of the group when a commercial practice is directed to a particular group of consumers. In particular a commercial practice is unfair when it is misleading (hence the transparency in a broad sense is not achieved) or aggressive. See European Union: Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’), OJ L 149/22, 11 June 2005.
  • 17 This is what the European Commission has done with the revision in June 2016 of the Guidance on the implementation/application of the Unfair Commercial Practice Directive and what the Commission intends to do with the adoption of Guidance on the implementation of the Unfair Contract Terms Directive.
  • 18 European Commission: Commission Fitness Check Report on EU consumer and marketing rules, SWD(2017) 209, Brussels 2017.
  • 19 Since 2007 national consumer protection agencies run an annual “EU sweep”, which is an EU-wide screening of websites to check their compliance with EU consumer protection rules: on airlines (2007), mobile content (2008), electronic goods (2009), online tickets for cultural and sports events (2010), consumer credit (2011), digital content (2012), travel services (2013), guarantees on electronic goods (2014), Consumer Rights Directive (2015), and online holidays booking (2016).
  • 20 European Commission: Commission Fitness, op. cit.
  • 21 Directive 2014/104 of the European Parliament and of the Council of 26 November 2014 on certain rules governing actions for damages under national law for infringements of the competition law provisions of the Member States and of the European Union, OJ L 349/1, 5 December 2014.
  • 22 L. Lessig: Code and Other Laws of the Cyberspace – Version 2.0, New York 2006, Basic Books.
  • 23 Article 25 of Regulation 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), OJ L 119/1, 4 May 2016.
  • 24 Ecorys and TNO: Study on future trends and business models in communication services, Study for the European Commission, 2016.


DOI: 10.1007/s10272-017-0679-2