Defining Consumer Protection in the Digital Age

Robin Simpson, Consumers International's (CI) Senior Policy Adviser, recently represented CI at the OECD Ministerial Meeting on The digital economy innovation, growth and social prosperity which took place in Cancun, Mexico. He spoke at the Civil Society Forum convened by the OECD Civil Society information Society Advisory Council (CSISAC) and in the main agenda panel discussion on Consumer Trust and Market Growth, chaired by the French Secretary of State for the Digital Economy Mme Axelle Lemaire. Here are his impressions.

This event was big in both senses, hundreds of delegates and a substantial agenda of great importance to consumers. Such events are infrequent, the previous one was was in Seoul in 2008 a long gap given the speed with which developments take place in this technology driven area. The OECD has a very active work programme in which we are implicated through our membership of the Committee on Consumer Policy on which I have represented CI for 10 years. It is fair to say we have a critical stance on policies adopted (see below) but equally fair to note that they encourage our input. 

I start at the end. Like many such conferences it concluded with a grand declaration almost entirely pre-cooked. National delegations undertook to: 

1. Support the free flow of information,
2.   Stimulate digital innovation and creativity,
3.  Increase broadband connectivity and …., protect consumers,
4.  Embrace the opportunities arising from emerging technologies and applications such as the Internet of Things,
5. Promote digital security risk management and the protection of privacy at the highest level of leadership
6. Stimulate and help reduce impediments to e-commerce within and across borders
7.  Take advantage of the opportunities arising from online platforms
8. Spur the employment opportunities created by the digital economy
9. Strive for all people to have the skills needed to participate in the digital economy and society

How can we possibly not like such a list of virtuous objectives? In the panel discussion chaired by Mme Lemaire, I described how the success of third party platforms has been underpinned by their acceptance of limited liability for consumers in the event of breaches of security and other ancillary supports such as dispute resolution. And I argued for the development of universal international standards for data protection and privacy. All of this is compatible with the above

But, as so often, what is most interesting about conference declarations is not so much what they include as what they do not include. Or the force with which major principles are stated…or not. CSISAC pointed out that privacy is insufficiently addressed by the declaration. Point 1 talks of ‘respecting applicable frameworks’ for privacy, point 5 seeks to  ‘promote…the protection of privacy at the highest level of leadership’. But privacy is a human right as recognised by the UN declaration on Human Rights of 1948 and the International Covenant on Civil and Political Rights 1966 and needs to be stated as such. CSISAC also made the link between such rights and the Internet of Things (IoT).

But the declaration, in mentioning the IoT, sets down no markers in that regard, including only the usual qualifier ‘appropriateness’ when considering the need for regulatory frameworks. ‘Appropriate regulation’ is frequently a euphemism for reduction of regulation, a danger in a sector which is in our view dangerously exposed  to corporate abuse as is demonstrated by our recent publication: The Internet of Things and the challenges for consumer protection. We make the point there that Intellectual property law is in danger of eclipsing consumer protection law in the digital area particularly in the IoT because software is governed by copyright law, which envisages use of products being licensed rather than the products being purchased. Licensees have far fewer protections as consumers compared with outright purchasers.

In the closing paragraphs of the statement, the national delegations ‘further declare’ that they will: ‘help preserve the fundamental openness of the Internet while concomitantly meeting certain public policy objectives, such as the protection of privacy, security, children online and intellectual property, as well as the reinforcement of trust in the Internet;’. Intellectual property is, we argue, over-protected in as much as consumers may find their computers rendered non-functional by technical protection measures in the event of their having transgressed, usually unwittingly, copyright elements within contracts of licence. Such technical measures are triggered by algorithms, not by agents of service providers and as such, escape judicial controls regarding the extent to which they are justifiable or proportionate. And in that respect, the statement as indeed the panel discussion on the Internet of Things, remained silent. 

Despite the technological razamatazz which characterised much of the conference, the discussion has not kept pace with the excessive technical measures taken against consumers that have been out there in the market place for over a decade now.