Law 

Legal News in e-Commerce, Blockchain and FinTech

The latest news in the area of e-commerce includes the adoption of an EU regulation for multilateral platforms, a bill that may enable the utilisation of banking identities in online legal acts, new obligations concerning Strong Customer Authentication and progress achieved in the implementation of new consumer directives. As a matter of interest, we are also presenting a study focusing on appropriate forms of communicating legal information.

Proposed EU regulation for multilateral platforms

Regulation (EU) 2019/1150 of the European Parliament and the Council on promoting fairness and transparency for business users of online intermediation services was published on 20 June 2019. The new rules aim to safeguard a fair, transparent and predictable business environment for small businesses and traders using online platforms. The regulation applies to providers and intermediaries of online services used, for example, by hotels, traders selling online, app developers and all other companies that rely on search engines. While the rules define new duties for online services providers, traders using these services are placed in the position of a “pseudo-weaker” party, obtaining a wide range of rights and advantages.

The new rules primarily aim to increase the transparency of online intermediation services by formulating specific elements of business terms and conditions, such as defining a duty to publish rules and mechanisms under which providers order and publish offers of individual traders, generate and save user data or whether selected traders may be advantaged within an offer (premium accounts with highlighted offers, service providers preferring own offers etc).

The regulation also places a greater emphasis on resolving disputes more effectively as well as on the transparent decision-making of online service providers. Among other things, the regulation aims to ensure that online service providers will be required to render an appropriate explanation of any service suspension or termination and, simultaneously, establish an internal system for handling complaints and disclose in their business terms and conditions qualified and independent mediators with whom it will be possible to resolve potential conflicts arising from the provider’s services.

Although the regulation does not specify any particular sanctions, the EU member states will be obliged to seek a due and effective enforcement of the regulation. It is thus necessary to wait how the Czech legislators will tackle this challenge and which sanctions and coercive measures towards providers will be available for traders. The regulation will come into force on 12 July 2020.

Proposal for establishing a banking identity

On 12 July 2019, a group of Deputies presented an amendment to the Bank Act and the AML Act (Act on Selected Anti-Money Laundering Measures), introducing the so-called banking identity in Czech law. The goals of the banking identity is to provide simple but reliable forms of identification to the widest circle of addressees that may be used to access e-Government services as well as private sector platforms.

Banks will be able to access data from basic registers and selected agency information systems in order to fulfil their statutory duties, especially in the area of measures against money laundering and terrorism financing.

The amendment has currently received a concurring opinion from the government and will be referred to the first reading in the Chamber of Deputies.

New Strong Customer Authentication duties

Given that the effectiveness of the PDS2 directive will soon be terminated, Strong Customer Authentication (SCA) has been introduced, principally defining a duty for payment services providers (PSP) to perform two-factor authentication. This consists of verifying two of three mutually independent elements of users – knowledge (eg a password), possession (eg user’s mobile phone) and the user’s biometric data (usually a fingerprint). This duty must always apply when the account owner accesses their bank account, pays by payment card and makes a payment via online banking. Theoretically, the changes will not affect modern payment methods including, for example, Google Pay or Apple Pay services, which had already performed two-factor authentication before the statutory measure took effect.

The measure had to be launched by payment service providers by 14 September 2019.

Transposition of new directives affecting consumer contracts

An inter-ministry consultation is currently taking place with respect to a bill aimed at transposing two new EU directives regulating the sale of goods and provision of digital content and digital services in Czech law, as we informed you in the monitoring published in March and May. The above-specified directives will primarily affect contractual relations.

The directive regulating the sales of goods concentrates on contracts based on which the ownership right to a tangible movable asset is transferred in return for payment. The directive has newly introduced an extended period over which it is presumed that the goods were already faulty when taken over by the customer. This period, which is currently six months, will newly be extended to one year. The directive also newly defines the customer’s right to withdraw from a contract without any undue delay if the nature of the product defect is so significant that it substantiates the immediate termination of a contractual relationship.

The bill has further introduced a definition of digital content in line with the respective EU directive. Digital content refers to data produced and supplied in digital form. This definition will comprise, for example, video files, audio files, music files, computer software, applications, digital games, e-books and other electronic publications. Furthermore, the bill also contains detailed legal regulation concerning the specifics of purchasing digital content, such as a new responsibility of the seller to supply updates of digital content in the necessary scope ensuring that the digital content has the same qualities as it had upon takeover and for a period that may reasonably expected by the purchaser. We will keep you informed on the particular wording of this bill.

Interesting study concerning appropriate forms of communicating mandatory legal information – BIT best practice guide

Behavioural Insights Team (BIT), a UK-based beneficiary association dealing with a possible application of behavioural psychology in various humanistic, including economic and legal, disciplines, which is jointly owned by the UK Cabinet Office, has recently issued a public study examining the methods of an effective disclosure of information to customers with a focus on business terms and privacy policies. What differentiates this study from other research of consumer rights is that it exclusively examines the form rather than the content of legal documents.

The study has a two-dimensional character. First of all, it explores the question of how the form of communication may help increase the level of understanding business terms on part of consumers and, subsequently, how consumers’ pro-active approach to business terms may be achieved (i.e. increase the level of probability that consumers will read the business terms).

BIT recommendation

In the above-specified context, BIT tested 18 different methods concluding that six of them may be considered effective for the above purposes.

Based on BIT’s findings, the comprehensibility of business terms may be increased primarily by implementing the FAQ section with an explanation of key terms, as well as by making business terms more visual (i.e. including icons, graphics and comics) and displaying them in a scroll-down window rather than via a hypertext link redirecting users outside the website being displayed. To increase the consumers’ willingness to read business terms, BIT recommends informing consumers in advance about the estimated time necessary for reading the business terms and specifying that it is the last possibility for consumers to read the content of the business terms prior to entering into the contract as such.

The results of the study may be beneficial primarily with regard to increasingly more-demanding statutory requirements for transparent and comprehensible disclosures of mandatory legal information in various industries.

The article is part of dReport – October 2019, Legal news.

Strong Customer Authentication Biometric data GDPR dReport newsletter
Law 

What Does the RTS on SCA Bring with Regard to Statutory Audits?

Regulatory technical standards for strong customer authentication (the “RTS to SCA”), which entered into force on 14 September 2019, brought about a number of new obligations to payment service providers, including banks and payment institutions. Although the media mention, in particular, new obligations related to the requirements for strong customer authentication, in particular when initiating electronic payments (whether it is card payments in the store, the purchase of goods in an e-shop, entering an order in online banking or other acts), which must newly be a two-factor one (i.e. consisting of a combination of two or more elements from the category of ‘knowledge’, ‘possession’ and ‘inherence’), the above regulation also brings about new obligations of a purely internal nature. Specifically, the obligation to carry out internal audits, namely the audit of security measures (“audit of security measures”) as well as an audit of the way in which the so-called transaction risk analysis (“TRA audit”) is carried out. What are these two types of audits about and what is their substance? 

25. 11. 2019
Technology  Law 

Personal Data Processing News

This time we focus on the most important findings from the published information regarding inspections and decisions of the Office for Personal Data Protection in the first half of 2019. We are also reporting on further development concerning codes of conduct and certifications, on the procedure in the event of a security breach and procedure for informing customers about personal data processing, on an important decision related to cookies, and on an effort to unify the procedure for issuing penalties in Germany, and possibly the whole EU. 

22. 11. 2019
Law 

Filing a Motion with the Office for the Protection of Competition Will Be Free of Charge Again

On 13 November 2019, the Constitutional Court announced a major ruling in the area of public procurement, which will have a significant impact on the review of procurement procedures by the public. It is now possible again to file motions with the Office for the Protection of Competition regarding errors in public tenders without the necessity to pay the administrative charge of CZK 10,000. 

21. 11. 2019