We take a top line look at changes that will affect business in 2018 and suggest its time to review your terms and conditions!

Data protection & Direct Marketing
25th May 2018 is a big day for data and we all know it’s coming. From GDPR Day, more detail will be required in privacy notices and a higher standard of consent will be required when collecting individual data in the EU. You still have time to dust off your privacy policies and make them compliant, but do it soon because you need to have practices in place to demonstrate that you DO comply, not just that you can.

Also, under GDPR data subjects can refuse permission for their data to be used for profiling, making it harder for businesses to use personal data for online tracking and behavioural advertising. If you undertake any processing for this purpose, now is the time to change your policies and ensure you have clear and comprehensive opt-in mechanism. Added to the GDPR, the E-Privacy Directive (2002/58/EC), (which is in force but still requiring some secondary legislation) is likely to bring new rules on consent to processing data and unsolicited marketing, making direct marketing much more onerous.

Data Protection and Businesses
Under the new GDPR, data processors – not just data controllers – will be obliged to comply with the Regulations and may be liable to hefty fines and penalties if they fail to do so. This presents a major change from the previous regime where data processors were only subject to contractual obligations that data controllers imposed on them and if you are not sure whether you are a data processor or that you have appropriate consent, you need to review this – now!

Unlike previous legislation, the GDPR is prescriptive in setting out specific contractual terms that data controllers and processors must include in their data processing contracts. Existing contracts need to be reviewed and amended with consent of both sides if they are not compliant and it’s time to update your data processing clauses and policies to ensure that you will be ready by May.

Does Brexit Mean GDPR Won’t Apply?
Unfortunately not! The Data Protection Bill 2017-19 (before Parliament but not yet law) will repeal the Data Protection Act 1998 and is intended to demonstrate that UK is an adequate jurisdiction for EU data after Brexit.

Ban on Fees for Using Debit & Credit Cards Online
The ban on charging fees for using certain payment methods came into force at the beginning of this year. Based on the Directive on Payment Services in the Internal Market ((EU) 2015/2366), it provides that traders cannot be able to impose any surcharge on a consumer for using a credit or debit card to make a payment, or for making an online transfer or payment by direct debit, where both the trader and consumer are using “payment service providers” located in EEA member states. This may mean you need to revise your Ts & Cs and online payments set up if you have traditionally added a surcharge for credit cards or other similar card related ‘booking fees’ .

Businesses also benefit from the changes as “excessive surcharges” for use of payment methods in business-to-business transactions are also banned where one of the businesses’ payment service providers is located in an EEA member state.
The effect of the clamp down on secondary ticketing is also reflected in new criminal offences for avoiding security measures remains unclear, but these pieces of legislation are clearly designed to redress the balance of consumer power online.

Distribution Online Can be Prohibited
In December the ECJ ruled that manufacturers of luxury products can ban their distributors from using third-party internet platforms, such as Amazon or Zalando, to sell their products, recognising that some brands want to maintain their luxury image and not fall into the ‘marketplace’ arena. If you sell, resell or manufacture luxury items, you may wish to review your terms with suppliers or re-sellers in light of this and enforce the right to specify where goods can be sold.

Removing Barriers to Online Purchasing or ‘Geo-blocking’
In November 2017, the European Commission, Council and European Parliament agreed on removing rights to block access to websites across borders which otherwise lead to differential pricing based on nationality or location of the consumer and refusal to ship to certain EU countries. Online content is excluded from these regulations, but given that the Regulations are expected before the end of 2018, UK citizens may still be able to benefit from the provisions post Brexit if the Regulations are converted into UK law on exit.

Product Safety Recalls in the UK and Product Liability Directive REFIT Fitness Check
Both the UK government and the European Commission are currently reviewing how product recall is undertaken. In the EU the consultation has now closed, but the focus was mainly on whether the Product Liability Directive is still fit for purpose in the digital age where everything is connected and goods can be bought online and printed at home. Findings from both consultations are due later this year.

EU “New Deal for Consumers”
As part of the New Deal for Consumers discussions, the European Commission is considering including requirements for businesses to:
• providing more transparency about the seller when buying via online.
• extending consumer rights to contracts for online services where consumers provide data instead of paying with money.
• providing individual redress/remedies for consumers harmed by unfair commercial practices, for example, misleading green claims.
• more effective financial penalties to tackle breaches of consumer laws.

Depending on when the regulations are agreed, the UK Government may not need to bring them into UK law post exit, but it may decide to do so as part of its drive to ensure cross border trading arrangements can be maintained and we avoid the “regulatory race to the bottom”

For advice on any of these issues, contact me at

Leave a Reply