New regulation, new powers for regulators including ACM, AFM, ILT, and NVWA
A new EU regulation (Regulation 2017/2394/EC) entered into force on 17 January 2018 (WE WILL refer to it as “the New Regulation”). It regulates cooperation between national authorities responsible for the enforcement of consumer protection legislation. The New Regulation is not in fact entirely new, but replaces a previous regulation on the same subject (Regulation 2006/2004/EC, “the Old Regulation”). The Old Regulation led to the Dutch Consumer Protection (Enforcement) Act [Wet handhaving consumentenbescherming]. The New Regulation now also amends that Act. Two new powers for regulatory bodies such as the ACM, AFM, ILT, and NVWA are notable: use of the “mystery shopper” and enforcement powers regarding the digital environment.
Monitoring under a cover identity and capacity: the “mystery shopper”?
The Act provides the power to carry out monitoring using a “cover identity”; in other words a “mystery shopper” (Article 9 (3)(d) of the New Regulation).
In the draft Explanatory Memorandum accompanying the Act, it is stated that for effective monitoring it may be necessary for a regulator to participate in commerce without disclosing itself as such in order to determine whether a trader complies in practice with the consumer protection rules. The digitisation of society and of commerce means, after all, that many purchases take place online. For purchases via webpages, the regulator will often have to provide contact details. When it acts under a undercover identity, as if it were a consumer, then a regulator performs actions with regard to a trader without making itself known as a regulator. This may include not only legal acts – such as concluding a contract of sale or purchasing a service, or seeking compensation from the trader for loss/harm due to breach of contract – but also other factual acts. In order to prevent traders from organising their working methods in such a way that a regulator can be recognised as such and subsequently misled, it is necessary that regulators cannot be recognised by the trader. The act provides for an exception to the identification requirement of Section 5:12(2) of the General Administrative Law Act [Algemene wet bestuursrecht, Awb] when exercising the power to act under a cover identity.
Intervention in the digital environment
Monitoring digital commerce with consumers therefore brings new challenges for regulators. According to the preamble, the New Regulation requires that, in the digital environment in particular, the competent authorities should be able to stop infringements covered by the Regulation quickly and effectively, and in particular where the trader selling goods or services conceals his identity or relocates within the EU or to a third country in order to avoid enforcement. The New Regulation provides that in cases when there is a risk of serious harm to the collective interests of consumers, competent authorities must have enforcement powers including the power to remove content from an online interface or to order the explicit display of a warning to consumers when they access such an interface (Article 9(4)(g)(i) New Regulation). Competent authorities must also have the power to order a hosting service provider to explicitly display a warning to consumers when they access an online interface, or to order the removal or modification of digital content if there are no other effective means to stop an illegal practice (see Article 9(4)(g)(ii) and (iii) New Regulation).
Powers are not entirely new, but are now clearer
Following on from the current implementation of the Old Regulation, it is proposed to introduce the following new powers for the relevant authorities under administrative law: the power to carry out monitoring under a cover identity is a special regulatory power, while the power with regard to online interfaces and domain names is in the nature of a remedial sanction. In our view, however, neither of these powers is entirely new. As far as enforcement powers are concerned, we consider that regulators often already have de facto powers that can lead to the same objective, such as the power to impose an order or to issue instructions. And although the use of a “mystery shopper” has been permitted in case law (see for example CBb 08-07-2015, ECLI:NL:CBB:2015:191 concerning mystery shoppers deployed by the Netherlands Authority for the Financial Markets (“AFM”)), we were in fact critical of this (see the article by Saskia Nuyten). The Awb, namely, did not offer any legal basis for the use of mystery shoppers and such use even conflicted with Section 5:12 Awb (identification requirement for regulators). The AFM initially requested a change in the law so as to enable the use of mystery shoppers. In 2011, however, it decided that no change in the law was necessary and announced that mystery shoppers would be used systematically in regulatory investigations. The fact that the legislature now indicates in the explanatory memorandum with this consultation proposal that a legal basis is required after all for the use of a mystery shopper is therefore remarkable. In our opinion, the explanation that the legislator gives for this – namely that the ruling by the Dutch Trade and Industry Appeals Tribunal [College van Beroep voor het bedrijfsleven, “CBb”] concerns only anonymous monitoring and not the use of a cover identity and/or capacity – is invalid: even in the situation that the CBb ruled on at the time, the regulator had, after all, to enter into a civil-law contract (for a bus trip) under a cover identity. All in all, however, we remain critical of whether such covert use of regulatory powers (even if they have a legal basis) meets the requirements set by the European Court of Human Rights.