European Commission proposes new e-commerce rules

On 25 May 2016, the European Commission tabled a package of measures to allow consumers and companies to buy and sell products and services online more easily and confidently across the EU.

The Commission has presented a three-pronged plan to boost e-commerce by tackling geoblocking, making cross-border parcel delivery more affordable and efficient and promoting customer trust through better protection and enforcement.

For geoblocking, the Commission is proposing legislation to ensure that consumers seeking to buy products and services in another EU country, be it online or in person, are not discriminated against in terms of access to prices, sales or payment conditions, unless this is objectively justified for reasons such as VAT.

For cross-border parcel delivery, the Commission is proposing a Regulation which will increase price transparency and regulatory oversight of cross-border parcel delivery services so that consumers and retailers can benefit from affordable deliveries and convenient return options even to and from peripheral regions.

The Commission is also proposing a revision of the Consumer Protection Cooperation Regulation will give more powers to national authorities to better enforce consumer rights.

Supporter pays for false allegations on football website

The High Court has awarded £30,000 to the chairman of Blackpool Football Club after a supporter of the club posted false allegations on a supporters’ website. An order was also made prohibiting the supporter from repeating the same or similar libels.

In 2015, the supporter posted material alleging that the chairman had entered into a foul-mouthed rant at him in public, had brandished a shotgun in such a manner as to make the supporter believe that he was about to be shot, and had put him in fear of his safety or even his life.

On the day of the court hearing the supporter accepted that the chairman had not, in fact, done what the supported had claimed and unreservedly apologised for an email sent to the chairman’s wife. The court thought it was clear that the email had been intended for the claimant’s wife to receive and read and this was taken into account along with the admission in deciding the amount of the damages.

New EU-US data transfer arrangement

The European Commission and the US have reached political agreement on a new framework for transatlantic data flows: the EU-US Privacy Shield.

The Commission says that the new arrangement will place stronger obligations on US companies handling EU citizens’ personal data and includes robust enforcement measures, including increased cooperation with European Data Protection Authorities (DPAs). It will also contain limitations, safeguards and oversight mechanisms on US government agencies’ access to EU citizens’ personal data and the US has ruled out indiscriminate mass surveillance.

The European Commission says that the new arrangement reflects the requirements set out by the European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbour framework invalid because US government surveillance threatens EU citizens’ privacy and they have no judicial redress.

Custodial penalties for data protection offences?

The Information Commissioner expressed his views twice in January that the court should have a broader range of penalties at its disposal when sentencing offences under the Data Protection Act 1998, including custodial and suspended sentences and community service. The current maximum penalty is an unlimited fine.

The Criminal Justice and Immigration Act 2008 makes unlawfully obtaining personal data punishable by up to two years in prison, but the relevant section is yet to be enacted.

Fines imposed for unlawful trading in customer personal data

A former car rental company employee has been convicted of unlawfully obtaining, disclosing and selling personal data. The buyer of the records has also been convicted.

While working from home as an administrative assistant, the employee had photographed on-screen customer records received from an insurance company. These included policy holder and claim information, typically concerning individuals involved in road traffic accidents. The employee sold copies of 28,000 records to a man she claimed to have met after he approached her husband in a pub. She was fined £1,000, ordered to pay a £100 victim surcharge and £864.40 in prosecution costs.

In a separate case, the buyer was fined £1,000, ordered to pay prosecution costs of £864.40 and a victim surcharge.