Head of Retail & Consumer | Head of Risk Advisory
This website will offer limited functionality in this browser. We only support the recent versions of major browsers like Chrome, Firefox, Safari, and Edge.
The ICO published their advice on how data protection law can help retailers tackle shoplifting. The blogpost pinpoints what information can be shared and with whom - in the context of what is necessary and proportionate data processing for crime prevention.
See the ICO's post.
As retailers embrace generative artificial intelligence (AI) tools to meet the consumer needs of today, data privacy risks need to be considered. Amongst other things, retailers should consider creating privacy governance frameworks applicable to these technologies and embrace employee training to ensure they comply with their data protection obligations.
In September, the ICO issued fines totalling £590,000 to five business that made 1.9 million cold calls to members of the public registered with the Telephone Preference Service (TPS) in the UK (and have opted out of such marketing calls). Calls can only be made to TPS members that have opted into marketing from the specific organisation.
Read about the fines.
Data scraping is used to quickly pull large amounts of information from the web. The statement highlights that scraping from websites with publicly accessible data creates privacy risks and potential harms, including identity fraud. Retailers with any publicly accessible data on their websites will need to be aware of these risks and protect personal information from unlawful data scraping.
Read the ICO guidance.
On 31 October, the FCA published a press release setting out the contract changes to buy-now pay-later (BNPL) products it had secured from both PayPal and QVC.
The FCA’s view was the following terms were potentially unfair or unclear for customers:
Read about the changes.
The FCA has taken over the regulation of ads for ‘qualifying cryptoassets’ – these are cryptoassets that are transferable and fungible, including cryptocurrencies and utility tokens. The rules will apply to all firms marketing qualifying cryptoassets to UK consumers, regardless of which country they are based in, or the technology used.
Read the new rules.
The FCA have been tightening their approach towards Appointed Representatives (AR). An AR is an entity that piggybacks off the FCA authorisation of an FCA regulated firm. The principal firm (i.e., the regulated firm) is responsible and liable to the FCA for the AR's regulated activities.
Many retailers use this regime to allow them to carry on FCA regulated activities such as consumer credit broking or assisting in the administration of a contract of insurance (see the full list of activities). While the AR regime has benefits, including encouraging effective competition and providing market access, there is evidence of potential harm to consumers, particularly because of poor principal oversight of AR activities.
The FCA has published some useful data showing an overview of how the regime has grown and the key gaps in due diligence and oversight that many principles have overlooked.
Read the data.
As detailed in our article, the ban on single-use plastic items in England came into force on 1 October 2023.
The ban applies to single-use plastic cutlery, balloon sticks, plastic plates, trays, and bowls. However, it does not include single-use plastic plates, trays and bowls which are being supplier to another business, or where the items are used as packaging (pre-filled or filled at the point of sale).
The Home Office has published guidance to assist ‘persons’ with duties under fire safety legislation in England to comply with the legislation. Its purpose is to explain the duties in simple, nonlegal language. It also aims to assist in deciding the identity of the responsible persons at any premises.
Read the guidance.
In response to a recommendation from the Advisory Council for the Misuse of Drugs the government has agreed to amend legislation to exempt certain CBD products from the Misuse of Drugs Act. This could see CBD products regulated under Food Law by the FSA, rather than under the Misuse of Drugs Act and the Home Office and potentially authorised in 2024.
The FSA has now published its updated guidance on food allergen labelling. It covers updates on the application of precautionary allergen labelling and best practice guidance on No Gluten Containing Ingredient statements.
Read the guidance.
If your building has at least two residential units and meets the 18-metre or 7-storey height threshold, it will be classed as an occupied higher-risk building.
Any occupied higher-risk buildings need to be registered with the new Building Safety Regulatory to avoid committing a criminal offence.
For more information see our article.
Several influencers have been caught out by the ASA for not ensuring that their marketing communications are recognisable to consumers as such, prompting the regulator to set out some useful guidance on "Why it pays to #ad". Are the influencers you collaborate with complying with the rules?
Read the ASA guidance.
The last quarter has seen the CMA launch investigations into the housing market, 'quickie' legal services for will-writing, divorce proceedings and probate services and the veterinary sector. All of these aim at protecting consumers from illegitimate services and inflated pricing at a time where the cost-of-living crisis continues to bite.
In October, the ASA ruled on a couple of environmental claims made by marketing agencies for an oil company and a car manufacturer. The takeaway from these rulings are that if you are making environmental claims, they should be clear, not seek to mislead consumers and certainly not exaggerate the overall carbon footprint of the company making the claims.
You can read more about this in our monthly Marketing Matters newsletter.
The CMA has launched an investigation into Worcester Bosch over concerns it may be misleading shoppers in its marketing of boilers as ‘hydrogen-blend ready’. If consumers are likely to think that the boilers are more environmentally friendly than they actually are, Worcester Bosch could end up in the CMA's bad books.
Read about the investigation.
The ASA have provided some essential guidance for the upcoming sales season which will be particularly useful for marketing teams gearing up for this busy time. Don't mislead, don't exaggerate and don't conceal material information that customers need to know are some of the main points the ASA is trying to hit home.
Read the ASA's guidance.
For our guidance on urgency and pricing claims, read our article.
Ashley Avery is a Partner in our Commercial team. Ashley is an expert in advising clients on complex data privacy issues and confidentiality issues, brand protection and exploitation and software development and licensing matters.
Facial recognition technology to prevent retail crime
This has been a really big issue for retailers. The key steps that retailers can take to try to avoid being subject to regulatory action by the ICO include:
It may be helpful to note that the ICO has recently cleared the live facial recognition system provided by Facewatch as being legally compliant.
CCTV to prevent retail crime
Over the last few months, the Policing Minister and others have suggested that retailers should make greater use of CCTV in the prevention of crime. Key data privacy considerations that retailers have had to consider when using CCTVs for this reason include:
Going forwards, collecting, and using personal information must be balanced against the privacy rights of the individual (as with facial recognition technology), and retailers should take precautionary measures to ensure CCTV use is effective in relation to meeting their legitimate interests, and that there is no less intrusive alternative.
Using customer databases to market products
The ICO has recently published updated guidance for businesses using 'refer-a-friend' marketing schemes. This is a method of direct marketing where businesses request existing customers (referrers) to pass along marketing messages to their family and friends (referees) in exchange for a reward. This can better protect customer data, whilst allowing businesses to get access to a new customer database at relatively low cost.
Data Protection and Digital Information Bill replaced with a new Data Protection and Digital Information (No. 2) Bill
Retailers will need to review their privacy and data policies in light of these new laws once they are enacted. A greater amount of personal data processing exemptions may also present opportunities to reduce costly compliance fees, and legal advice is recommended if changes are implemented.
Retail & AI
Key data privacy risks that retailers should consider include:
Ensuring AI model's decision-making processes do not discriminate against individuals so as to be caught by the Equality Act 2010.
Updating effective risk management approaches and improving employee training.
Head of Retail & Consumer | Head of Risk Advisory
Head of Data, Privacy & Information Security | Commercial | Private Equity
Commercial | Data, Privacy & Information Security | Intellectual Property
Clean Energy | Energy & Infrastructure | Retail & Consumer
Clean Energy | Commercial | Data, Privacy & Information Security
Data, Privacy & Information Security