“Mystery shopping” by the Dutch Food and Consumer Product Safety Authority (NVWA)Does it actually have any legal basis?
On 19 December 2019, the EU’s Regulation 2017/625 (New Control Regulation) on official controls will enter into force. Article 36 of the New Control Regulation creates a new competence specifically for foods offered on the Internet: “In the case of animals and goods offered for sale by means of distance communication, samples ordered from operators by the competent authorities without identifying themselves may be used for the purposes of an official control.” In other words, Article 36 of the New Control Regulation provides that “mystery shopping” – the trendy name for various forms of covert monitoring – is permitted on the Internet.
Like my colleague Saskia Nuijten1 – and despite the court judgement2 to the effect that mystery shopping does not violate the law – I remain critical of the concept of the mystery shopper without that competence being embedded in the General Administrative Law Act (Algemene wet bestuursrecht, “Awb”) or the Commodities Act (Warenwet). If no exception is made for the mystery shopper, the exercise of this power is, after all, a contravention of Section 5:12 AWB (identification of regulatory authority on request). I also wonder whether a punitive sanction based on information acquired without any legal basis could in fact pass the “fair trial” test3 applied by the European Court of Human Rights.
But be that as it may, the Dutch legislature has already indicated – in the context of incorporation of Article 9(3)(D) of Regulation 2017/2394/EC (on consumer protection) – that using a cover identity when making distance purchases requires a legal basis.4
In the draft Explanatory Memorandum accompanying the amended version of the Consumer Protection Enforcement Act (Wet handhaving consumentenbescherming) to implement this Regulation,5 it is stated that “for effective monitoring it may be necessary for a regulator to participate in commerce without disclosing itself as such, in order to determine whether a trader complies in practice with the consumer protection rules. The digitisation of society and of commerce means, after all, that many purchases take place online. For purchases via webpages, the regulator will often have to provide contact details. When it acts under a cover identity, as if it were a consumer, then a regulator performs actions with regard to a trader without making itself known as a regulator.
This may include not only legal acts – such as concluding a contract of sale or purchasing a service, or seeking compensation from the trader for loss/harm due to breach of contract – but also other factual acts. In order to prevent traders from organising their working methods in such a way that a regulator can be recognised as such and subsequently misled, it is necessary, according to the Dutch legislature, that regulators cannot be recognised by the trader.” The bill provides for an exception to the identification requirement of Section 5:12(2) Awb when exercising the power to act under a cover identity. This exception will be implemented in the new Sections 2.2a (regarding the Dutch Authority for Consumers & Markets (ACM)) and 3.3a (regarding the Authority for the Financial Markets (AFM)) and applies only to the cases provided for in that legislation.6
In our opinion, the explanation that the legislator gives for this – namely that the ruling by the Dutch Trade and Industry Appeals Tribunal (College van Beroep voor het bedrijfsleven, “CBb”) concerns only anonymous monitoring and not the use of a cover identity and/or capacity – is invalid: even in the situation that the CBb was ruling on, the regulator had, after all, to enter into a civil-law contract (for a bus trip) under a cover identity. Moreover, in our opinion there is already a cover identity if a regulator does not identify itself as such. Section 5:12 Awb does not merely concern a Citizen Service Number (BSN) or a copy of a passport but the capacity of regulator by means of an identity document issued by the regulatory authority. The Awb, namely, did not at the time offer any legal basis for deploying mystery shoppers, which was even contrary to Section 5:12 Awb (identification obligation for regulators). The AFM then initially requested a change in the law so as to enable the use of mystery shoppers. In 2011, however, it decided that no change in the law was necessary and announced that mystery shoppers would be used systematically in regulatory investigations. The CBb then approved that. The fact that the legislature now indicates in the Explanatory Memorandum with this parliamentary bill that a legal basis is required after all for using mystery shoppers is therefore remarkable.
But since Article 36 of the New Control Regulation also refers to the use of a cover identity, it seems to me that the Commodities Act also needs to be amended as regards this point, if only so that the legislature is consistent.
1 S.M.C. Nuijten, 'De 'Mystery-shopper' in het bestuursrecht', in: Tijdschrift voor Sanctierecht & Compliance, No. 2/3 June 2013, p. 75 – 80.
2 See for example CBb 8 July 2015 (ECLI:NL:CBB:2015:191).
3 Article 6 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR).
4 Parliamentary Documents (Kamerstukken) II 2018/19, 35251, No. 3 and my blog about this.
5 Parliamentary Documents II 2018/19, 35251, Nor. 3, p. 17 et seq.
6 As a result, it provides only a very limited basis for the NVWA. See a new fifth subsection of Section 3:12 which also grants this authority to the NVWA, but only when it concerns monitoring compliance with Section 5 of the Tobacco and Related Products Act (Tabaks- en rookwarenwet).