@getty images

On November 12, Crowell & Moring chaired a plenary session during the 2018 ICPHSO International Symposium in Brussels, which was presented as part of the European Commission’s International Product Safety Week. The panel focused on how, as a result of their Big Data strategies, Business-to-Business (“B2B”) companies are affected by consumer-focused legislation such as the General Data Protection Regulation (“GDPR”). Additionally, the EU’s Digital Single Market initiatives and their expected consequences were discussed.

As a brief reminder, the GDPR is a European-wide legislation applicable since the end of May that regulates the use of personal data, which is basically any type of information that can identify an individual. Replacing a name by a number, only referring to the identification number of a vehicle or device or using a nonsensical patient ID number is not sufficient to be out of scope; only truly anonymized data, e.g. aggregate data, is.

Manufacturers of industrial equipment are a good example of companies whose Big Data strategy forced them to focus on GDPR compliance. Indeed, in order to enhance the safety of the users of their equipment, a huge amount of data is collected. As such data relates to these users, such data is considered “personal data” and thus in scope of the GDPR. Therefore, the GDPR challenges and risks are very similar or the same for both B2B and Business-to-Consumer (“B2C”) businesses.

The same applies to the Internet of Things (“IoT”) in general, and connected devices more specifically, as we have moved from people speaking to each other, over people speaking to devices, to devices speaking to each other. Because connected devices operate both in B2B and B2C environments, compliance challenges are very similar or the same in this situation as well.

While compliance with very strict legislation such as the GDPR is not impossible, it cannot be denied that organizations with innovative Big Data-based business models often encounter substantial challenges. In the medical environment, for example, both artificial intelligence and 3D-printing can undoubtedly enhance the accuracy of a diagnosis or the precision of a treatment and, thus, add significant value to the entire healthcare sector. However, as such accuracy and precision increases with the amount of personal data that is processed, the use of huge amounts of data needs to be aligned with GDPR principles such as data minimization and purpose limitation, to only name a few.

Key to this dilemma is trust, combined with true ethical behavior and a clear focus on the rights of individuals. The importance of the latter cannot be underestimated, as the right to the protection of personal data is a fundamental right in the European Union, which means that this right should be respected in a similar way as other fundamental rights, freedoms and principles such as the right to life, prohibition of torture, the right to liberty and security, etc.

The buzz created around innovative technologies such as artificial intelligence and blockchain have put the need for an ethical approach high on the agenda. While, depending on their effective role in the actual processing of personal data, developers of these technologies might entirely be out of scope of the GDPR, the parties who use their technology are not. The latter will therefore have to embrace their responsibility and accountability obligations and make sure that the individuals’ rights and freedoms are optimally respected by means of appropriate technical and organizational measures, in line with the GDPR’s Data Protection by Design requirements. Clear information and even education about the efficiency and effectiveness of these measures is crucial to ensure that the true value of innovation is not thrown away with the bathwater.

Another topic that was discussed is the EU’s strategy for the future. While the “old school” single market approach ensures a level playing field and a free flow of goods, capital, services and labor within the European Union, the goal of the Digital Single Market is to ensure access to online activities for individuals and businesses under conditions of fair competition, consumer and data protection, removing geo-blocking and copyright issues.

In that context, an important initiative is the proposed Cybersecurity Act, which wants to ensure safe access to online activities for individuals and businesses. The EU-wide certification scheme that comes with it is a highly debated topic, as its approach seems to differ from the GDPR’s accountability requirement, where organizations themselves need to assess the risks and, based on such analysis, take appropriate technical and organizational measures accordingly.

A last topic that was part of the discussion was the EU’s proposed New Deal, that is aimed at strengthening consumer rights online, giving consumers the tools to enforce their rights and get compensation, e.g. via class action-like representation, and introducing effective penalties for violations of EU consumer law.

The panel concluded that the challenges posed by new EU consumer legislation cannot be underestimated, and that not only consumer products will be affected by the new regulatory framework. Compliance is certainly not impossible, and a focus on ethical behavior, a clear allocation of responsibilities and a constructive collaboration between the different stakeholders seem the key to success.

ICPHSO’s next event will be its 2019 Annual Meeting & Training Symposium which will be held February 25-28, 2019 in Washington, DC.

In its judgment of July 10, 20141,  the EU Court of Justice reaffirmed the consequences of the complete harmonization of the laws of the EU Member States resulting from EU Directive 2005/29/EC concerning unfair business-to-consumer commercial practices in the internal market2 (the Unfair Commercial Practices Directive or UCPD).

The UCPD indeed fully harmonizes the rules relating to unfair business-to-consumer commercial practices in the EU. Accordingly, Member States may not maintain or adopt stricter rules than those laid down in the directive, even where such measures are designed to ensure a higher level of consumer protection.

In the case at hand, the national legislation of Belgium imposed the following restrictions upon retailers announcing price reductions: (i) any announcement of a price reduction must refer to the lowest price applied throughout the month prior to the announcement of the price reduction; (ii) the price may not be announced as a reduced price for more than  a month; and (iii) announcements of price reductions may not last for less than  a day.3

This national legislation had the effect of prohibiting the announcement of price reductions whenever the strict conditions contained in that legislation were not met, even where such practices would not,  when examined individually, be considered misleading or unfair within the  meaning of Directive 2005/29.4

However, the UCPD establishes, in its Annex  I, an exhaustive list of 31 commercial practices which are regarded as unfair ‘in all circumstances.’ Consequently,  only these commercial practices can be deemed to be unfair without proceeding  to an assessment of their actual impact on consumers.

Continue Reading EU Court Affirms Harmonization Laws Governing Price Reductions Offered to Consumers

The Transatlantic Trade and Investment Partnership (TTIP) negotiations formally commenced on July 8, 2013. A little over a year later, the negotiators have held six rounds of negotiations. The most recent round of negotiations was held during the week of July 14-18 in Brussels, and the seventh round is now expected for D.C. in late September.

During July’s discussions, the two sides covered the full range of “market access” issues, including trade in goods, trade in services, investment, and government procurement. Negotiations included greater regulatory cooperation, widely considered to be the greatest value of the TTIP talks, with modest progress made in regards to several product sectors, including textiles and apparel (where they focused on labeling and safety issues), chemicals (where they discuss broad opportunities for cooperation), and automobiles (where talks advanced in areas like equivalence of technical regulations). Food safety also continued to be an important issue during negotiations, particularly with the leak of the EU’s proposed chapter on Sanitary and Phytosantiary Measures (SPS) prior to the start of the latest round.

Continue Reading Sixth Round of TTIP Negotiations Concludes in Brussels

The European Commission has been active this summer in its efforts to advance consumer safety in the European Union. Here are highlights of recent notable events:

In-app Purchases. The EU has moved to address consumer protection related to in-app purchases, particularly those made by children, which follows the announcement of similar enforcement actions in the U.S. This is the first time that the Commission and member states have joined forces to coordinate enforcement, as provided for in the Consumer Protection Cooperation Regulation (No. 2006/2004). The authorities have requested that steps be taken to prevent inadvertent in-app purchases, such as adequately informing consumers about how purchases are made and paid for, and have asked for concrete solutions from industry actors, including Google and Apple.

BPA in Toys. On June 25, 2014, the Commission announced a strict limit for Bisphenol A (BPA) in toys intended for children under 3 years old or toys intended to be placed in the mouth (0.1 mg/l migration limit). This action makes mandatory the BPA limit in the existing toy standard, EN 71.

Continue Reading EU Consumer Product Safety Law Update

On March 27, 2014, the EU Court of Justice (CJEU) ruled in the UPC Telekabel Wien-case that national courts may impose website blocking orders to internet access providers (IAPs) requiring them to prevent their subscribers from accessing a website containing copyright infringing material, without specifying the concrete blocking measures to be taken. The Court also emphasized that the measures taken by the IAPs must strike a fair balance between all fundamental rights involved. The IAPs may find themselves in the unenviable position of having to determine the adequacy and proportionality of the blocking measures to be taken. This risks leading to additional litigation regarding the measures taken to implement website blocking orders.

Click to read the full client alert on Crowell.com.

Politicians and public interest groups in the European Union are showing renewed interest in expanded country of origin labeling requirements in the wake of February’s horse meat scandal, where lasagna and other products sold in the EU purportedly made from beef were found instead to contain horse meat. Specifically, attention is focused on Regulation (EU) No. 1169/2011, published in November 2011, which imposes a number of notable labeling requirements, including mandatory nutritional information, allergen ingredient emphasis, and nanomaterial identification. The regulation also includes newly expanded requirements for labeling foods with their country of origin. For more information, click here.

Content provided by Laura J. Walther, counsel in Crowell & Moring’s Washington, D.C. office.

The European Union is set to present a proposal for renewed EU legislation on data privacy at the end of January 2012. Vivian Reding, the EU commissioner on fundamental rights, has left no doubt about its content.

In a public speech, on November 7, 2011, the Commissioner has warned US corporations that if they want to do business in the EU, they will have to strictly adhere to the EU’s privacy rules. According to the Commissioner, consumers should always be in control of their data, giving them the right to deny consent to use of their data or to delete such data at any time. This applies to all data regarding EU customers — even data in the cloud or on social networks — regardless of the country in which the corporation aiming its products and services to EU customers is located.

This statement comes at a time when US officials are also reviewing US data protection legislation, and focusing on its interoperability with foreign legislation.

If US retail corporations want to keep access to EU markets, they will be wise to monitor these developments, both in the US and the EU, which will ultimately affect the way in which they do business.

Emmanuel Gybels is the partner in charge of the Brussels office for Crowell & Moring. He regularly advises US corporations on the regulatory environment of doing business in the EU.

Advertising the environmental benefits and attributes of consumer products has become an increasing trend in recent years as companies learn that consumers value “green” goods and services. To address compliance issues encountered in making these types of marketing claims, regulators are formulating guidance for businesses. While the U.S. is in the process of revising its environmental marketing Green Guides, the U.K. has published its new Green Claims Guidance. Both the U.S. and U.K. have addressed similar issues in their respective guidance documents.

The U.K.’s Department for Environment Food and Rural Affairs (“Defra”) published the revised Green Claims Guidance on February 2, 2011, updating previous guidance published in 2003. The Green Claims Guidance is directed at anyone who produces, sells, markets, or advertizes products or services in the U.K.

Continue Reading Revised U.K. Green Claims Guidance

The new EU REACH Regulation establishes an integrated system for the registration, evaluation, authorization and restriction of chemical substances. It also provides “right to know” provisions allowing consumers to ask suppliers if their products contain Substances of Very High Concern (“SVHCs”) listed on an official Candidate List. Suppliers are obliged to reply within 45 days and free of charge to such requests with the name of the SVHC and information allowing safe use of the article.

Continue Reading EU Retailers Fail to Reply to “Right to Know” Requests from Consumers Under REACH