Roschier Insights Seminar: Legal issues relating to ecommerce
At a recent hybrid event, experienced professionals discussed issues relating to ecommerce. Guest speaker Jonas Forth, from All Things Commerce Ltd, talked about changes and challenges for the Moomin webstore due to COVID-19 and recent changes in legislation.
Markku Tuominen discussed issues concerning IPR infringement in ecommerce, Mikael Segercrantz introduced the latest changes to the Finnish Consumer Protection Act, and Johanna Lilja presented the new instructions on website cookies. Kaisu Korpua opened the event and moderated the seminar.
Changes and challenges for the Moomin webstore
All Things Commerce Helsinki Ltd is a part of Moomin Characters Ab Ltd and processes data to develop the brand and business. Multiple products are available in Moomin webstores worldwide and Moomin wishes to reach their fans all over the world. The Moomin webstore platform experienced changes approximately two years ago when webstores from different countries started to be connected and this provided opportunities for data processing.
Moomin pays careful attention to collecting data and the General Data Protection Regulation. Due to a substantial number of regulations and continuous developments in the law in this area, the webstore service providers have to constantly pay attention to the developments and comply with legal requirements. This may require quite significant action by the organizations.
Interference in sales of counterfeit goods in ecommerce
The protection of intellectual property rights is a vital aspect in enforcement actions against infringements. There are multiple pages on websites that may have protection. For example, there are the domain name and trademarks and these should be registered. Additionally, the website may include copyrights.
To obtain a sufficient scope of protection for a trademark, the list of goods and services must contain key items from the point of view of business. Additionally, global operations might require worldwide protection. However, the main focus of the protection should be directed towards the key countries in which business is conducted.
Infringements can be detected on ecommerce platforms, social media or in separate online stores. There are multiple tools for monitoring infringements online with an option to proceed with actions inside a platform. Other potential ways of interfering in infringements include sending cease and desist letters, notice and takedown notifications to service providers as well as court and administrative proceedings.
Providing guidelines to detect the differences between authentic and counterfeit goods, maintaining a database containing information on all authorized partners, and providing training for employees and partners to detect counterfeit goods makes the enforcement process more efficient.
Latest changes to the Finnish Consumer Protection Act
The new Finnish Consumer Protection Act entered into force on 1 January 2022 and provided updates in respect of the current provisions and new provisions regarding goods with digital elements as well as digital content and digital services. The amendments originate from the European Union and aim to harmonize consumer protection within the EU.
One of the relevant changes concerns the duration of the liability of sellers in respect of the defectiveness of products. Due to the changes, liability has changed from 6 months to 12 months. The change may have an effect on warranties and there may be a need to extend the duration of warranties to provide additional benefits to consumers.
Another relevant change concerns conditions that must be met to change terms in respect of digital content and digital services. The trader has the right to make changes to the terms in certain cases indicated in the new Act without the other party’s specific consent. However, if the change has a negative impact on the consumer’s ability to access or use the digital content or services, a clear and understandable notice with necessary details must be provided to the consumer.
There are also other essential changes and clarifications in the new Act. Some changes have been made concerning remedies available to the consumer if a product is defective. There are also new provisions relating to conformity criteria, clarifications to warranties and new requirements regarding a trader’s obligation to provide updates to goods with digital elements.
The EU Omnibus Directive is currently at the implementation stage and the estimated date on which local provisions will enter into force is 28 May 2022. When implemented, the Directive will lead to changes to the current Finnish law. New obligations for online activities are planned for traders. Additionally, it is expected that there will be provisions for new available sanctions against traders in order to secure rights for consumers.
New instructions on website cookies
Cookies are divided into necessary cookies and non-necessary cookies. “Necessary cookies” are required to carry out a service on a website, and the use of necessary cookies does not require the end-user’s consent. TRAFICOM’s guidance does not list which cookies must be categorized as necessary since whether cookies are necessary must always be assessed on a case-by-case basis. In a web shop context, authentication cookies relating to a single sign-in, personalization cookies concerning the choice of language and the layout, and cookies concerning data security might be seen as necessary cookies. Additionally, cookies that enable the website to remember a user’s shopping cart might be considered necessary in some cases.
All cookies that are not necessary for carrying out a service on a website are to be regarded as “non-necessary cookies”. In order to use non-necessary cookies, the service provider must obtain the user’s consent. Some examples of cookies which would most likely be regarded as non-necessary cookies in a web shop context would be cookies relating to personal advertising, analytics cookies, third-party cookies and cookies concerning a chat function.
In addition to administrative sanctions under ePrivacy rules, such as an order to discontinue the wrongful act enforced with a conditional fine, wrongful cookie practices might lead to GDPR sanctions, and some EU countries’ data protection authorities have imposed fines regarding improper cookie practices. Non-profit organizations play a role in cookie practices as well, since, for example, a non-profit organization called NOYB has filed complaints concerning the cookie banners.
Since the Finnish Electronic Communications Services Act is based on the EU Directive on privacy and electronic communications (ePrivacy Directive), the cookies practices vary within the EU. The regulation on Privacy and Electronic Communications (ePrivacy Regulation) was supposed to enter into force simultaneously with the GDPR but the regulation proposal is still at draft stage. Upon entry into force, the ePrivacy regulation would harmonize the cookie practices within EU countries.