Christmas is a testing time for businesses and consumers, though just how much is commonly understood about consumer rights?
Last year, it is estimated that £1.23bn was spent online on Black Friday, with an estimated £6.5bn being spent in ‘Black Friday week’, which spanned from Monday 21st November to Sunday 28th November 2016.
With these figures increasing year on year, it is vital that businesses are up to date on consumers’ rights and obligations in respect of Data Protection in relation to any goods or services supplied.
The Consumer Rights Act came into force on 1 October 2015, and provides a ‘one-stop-shop’ for consumers in respect of consumer rights. The Act applies to all businesses selling or providing services directly to consumers and sets out clear provisions as to what rights consumers have and what obligations businesses supplying goods and services have.
The Act clearly sets out rights relating to digital content. It also allows a consumer to claim compensation if defective digital content causes damage to a consumer’s existing device or digital content.
Consumers have a number of rights under the Act, relating to goods, services and contract terms. The rights are extensive, but some of the key points to be conscious of are;
- Goods should be of satisfactory quality, fit for purpose and as described. If they are not, consumers have the right to reject the faulty goods and receive a refund within 30 days of purchase. After 30 days, the consumer is obliged to provide the trader an opportunity to repair or replace the damaged goods and if any repair is unsuccessful, the consumer is entitled to a refund or price reduction.
- Services supplied should be carried out with care and skill, for a reasonable price and within a reasonable time. If this is not satisfied, the trader should ‘re-do’ the services (where possible) at no further cost to the consumer. If this is not possible, the consumer may be entitled to a price reduction of up to 100% of the cost charged.
- Consumer Contract Terms should be prominent and transparent and terms can be assessed for fairness. The Act makes provisions for terms which may be regarded as unfair and ultimately unenforceable.
Businesses should ensure that sales terms and conditions and practices adequately comply with these laws both in store and online, to avoid any issues further down the line.
As of January 2018, it's worth noting that the new consumer laws create an outright ban on imposing surcharges for the use of different payment methods eg credit cards. If a business is likely to incur charges that they cannot pass on, they might consider excluding that payment method as a preferred payment method or even consider increasing the price to build this in. Businesses should take specific advice on this area.
The legislation that governs the legal landscape of Data Protection in the UK is undergoing the most extensive reform since 1998. In response to the forthcoming General Data Protection Regulation (GDPR) in the EU, the UK Government has drafted a new Data Protection Bill which will govern this area, and will still apply following the UK’s exit from the EU.
The obligations in respect of Data Protection when handling consumers’ data will be greatly increased, and businesses must ensure that they are fully aware of these so that they do not fall in breach of the legislation.
The rules surrounding consent have been significantly tightened, and businesses must ensure that they obtain clear, informed consent to handle consumers’ data. There should be no ambiguity as to what is being agreed to by the individual.
Individuals will gain greater access to the data stored about them. Any data should not be held except where strictly necessary, and should be stored securely.
Under the new legislation, opt out ‘tick boxes’ will become a thing of the past, as consent must be much more specific in order to comply. It is advisable that businesses bring in these practices now in anticipation of the legislation to avoid having to go back and re-obtain suitable consents once the new legislation comes into force. The new legislation has also significantly increased the Information Commissioner’s authority in terms of imposing sanctions for any breaches, and the level for fines has been increased to a new maximum of £17m or 4% of the global turnover of an organisation.
GDPR will apply from 25 May 2018, and the new UK Data Protection Bill will likely come into force around this time.
Businesses should review the supply terms and conditions on their websites and privacy policies to ensure that they contain adequate consent mechanisms for their business, and that they fully comply with all applicable legislation. Data processing practices should also be reviewed, and any areas of weakness should be identified and rectified before the changes come in to avoid sanctions.
If you have any questions, or would like to discuss the legislation and how this affects your business, please contact us, and we would be happy to discuss your options.
If you are interested in any of the topics raised in this article, or for further information, please contact Fiona. Alternatively, you can call to speak to a member of the team on 0115 9888 777.