The latest in consumer protection enforcement: online interface orders

The Consumer Protection (Enforcement) (Amendment etc.) Regulations 2020 came into force on 2 June and enshrine into domestic law some of the changes introduced by the so-called Revised CPC Regulation.[1] In short, the Regulations grant additional powers to the CMA to enforce consumer protection law in the digital sphere. We explore below.

The Revised CPC Regulation

The Revised CPC Regulation lays down a more robust framework for national authorities to enforce consumer protection law and cooperate with their counterparts in the EU, with a particular focus on the digital environment. Competent authorities in one Member State can require another Member State’s authority to take enforcement action against a local business to stop it committing infringements which are harming consumers in the requesting authority’s Member State. In addition, both the Commission and Member States can require relevant (other) Member States to take coordinated investigation and enforcement action where there is a “reasonable suspicion” that there is a:

  • “widespread infringement”, i.e. an infringement that affects consumers in at least two Member States (other than the Member State where the infringing act took place, or the trader is established). Each Member State’s competent authority can launch a coordinated action in respect of this type of infringement; or
  • “widespread infringement with a Union dimension”, i.e. an infringement that affects at least two thirds of Member States, accounting, together, for at least two thirds of the EU population. The Commission will always be the coordinator of action against this type of infringement.

The many e-commerce businesses which provide products and services in more than two Member States – and, in some cases, across most of the EU – are the primary targets of these measures.

The UK Regulations – key changes

In line with the Revised CPC Regulation, the Regulations introduce new provisions into the Enterprise Act 2002 (EA 2002). These give the CMA the power to apply to the court for “online interface orders” (OIOs), if the CMA takes the view that there has been or is likely to be a practice on an online interface amounting to a “community infringement”. An OIO allows the CMA to require:

  1. that online content be removed or modified
  2. that access to the online interface be disabled or restricted
  3. that a warning be shown to consumers accessing the content in question
  4. that a domain name be deleted.

The CMA already had powers to engage in dialogue with platforms and urge them to remove infringing content – it recently did so in relation to fake online reviews on Facebook and eBay, for example.[2] The new powers under the Regulations will no doubt be welcomed by the regulator as an enforcement tool which gives a formal means to demand removal of content even where the relevant traders are not willing to cooperate.

The scope of OIOs is in theory broad. ‘Online interface’ is defined as "any software, including a website, part of a website or an application, that is operated by or on behalf of a trader, and which serves to give consumers access to the trader’s goods and services". This means that an order can be sought against any interface: from big e-commerce businesses to small sole trader websites. In addition, an OIO can be sought against the person that has engaged in the infringing conduct or against “another person”, i.e. a third party - in practice, this may cover intermediaries such as platforms like Amazon, Facebook and Ebay, app stores or domain-name registrars.

Role of the UK Courts

However, the potentially broad scope of the CMA’s new powers is limited in the sense that the CMA must apply to a High Court or County Court judge to obtain OIOs and the court will only grant an OIO on a final basis if it considers it necessary to avoid the risk of serious harm to the collective interests of consumers and there is no other “wholly effective” means of stopping or preventing the infringement. Similarly, it will only grant an interim OIO where it is satisfied that, if the application had been an application for a final OIO, it would be likely to be granted.

In practice this may mean that in most cases the CMA is likely to have to demonstrate that it has used its powers to engage in a dialogue without success before turning to the courts.

Brexit implications

The precise impact of the Revised CPC Regulation and the UK Regulations post-transition period remains to be seen. After 31 December 2020, the UK will lose its reciprocal right to require EU Member States to pursue consumer law breaches and it remains to be seen whether the Revised CPC Regulation will form part of the body of ‘retained EU law’ for domestic purposes. 

In the meantime, however, both sets of provisions remain fully in force and can serve as a powerful tool for cooperation between the CMA and other national authorities, especially when tacking enforcement action against widespread online rogue trading during the COVID-19 pandemic.

What will the impact of the Regulations be?

Given that the new rules do not introduce any direct remedies for consumers, their impact will ultimately depend on the CMA’s appetite to exercise these new powers – and, in turn, the attitude of the courts to granting the new OIOs.

In principle, consumers could see greater protection in respect of digital transactions, which – not least given the size and importance of digital commerce – is to be welcomed. Whilst it is possible that OIOs may be brought to bear upon smaller platforms that lack the necessary compliance policies to police online sellers, big players of the likes of Amazon are not immune from the measures and may be subject to increased scrutiny as a result.


[1] Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No. 2006/2004 is the full title.