Digital Fairness Act: Tackling Problematic Online Practices
Following the European Commission’s ‘Digital Fairness Fitness Check’ (“Fitness Check”), the European Commission intends to propose a Digital Fairness Act (“DFA”) to protect consumers online. The DFA will address problematic online practices for consumers including dark patterns, influencer marketing, addictive designs and personalised practices targeting vulnerabilities. A public consultation is expected in the coming weeks with a legislative proposal in mid-2026.
In May 2022, the European Commission launched its ‘Digital Fairness Fitness Check’ (“Fitness Check”) to assess if EU consumer laws are fit for purpose in ensuring a high level of protection in the digital environment in the face of technological development and evolving digital behaviour. On 3 October 2024, the European Commission published the Fitness Check’s findings.
The Fitness Check assessed three core EU consumer law directives (the “Directives”) over an evaluation period of 2017 to 2023:
- Consumer Rights Directive1
- Unfair Commercial Practices Directive2 (“UCP Directive”)
- Unfair Contract Terms Directive3
The Fitness Check found that the Directives, with their combination of principle-based rules and prescriptive obligations and prohibitions, are sufficiently technology-neutral for a digital environment and that their core objectives remain relevant today. It also concluded that the Directives have provided the necessary minimum of regulatory certainty and consumer trust to support the development of a diverse market of consumer-facing digital products and services in the EU. Overall, however, the Directives have been partially effective in achieving a high level of consumer protection online.
The Fitness Check identified a number of shortcomings. Some of the key findings include4:
- Effectiveness - The Fitness Check found that the Directives have been only partially effective in a digital environment as their functioning has been undermined by: (i) a lack of compliance by traders leading to consumer detriment; (ii) ineffective enforcement; (iii) legal uncertainty regarding the application of the Directives to new technologies and data-driven practices; and (iv) regulatory fragmentation (compounded by the increased complexity of the rapidly changing regulatory landscape with the arrival of new legislation such as the Digital Services Act, Digital Markets Act, the Data Act and the AI Act).
- Consumer complaints and detriment - In relation to the objective of achieving a high level of consumer protection, the Fitness Check found that the Directives have only partially achieved this, as is evident from the persistence of a large volume of consumer complaints and the consequent consumer detriment. The Fitness Check found that non-compliance with consumer law cost EU consumers at least €7.9 billion annually, while the burden on businesses to comply is currently much lower, not exceeding €737 million per year.
- Consumer rights – The Directives have been at least partially effective with respect to traders’ obligations to provide consumers with certain pre-contract information, the ‘cooling-off’ right and transparency in advertising.
- Problematic practices - Consumer law was perceived as having been less effective in addressing problematic practices that mainly concerned emerging technologies and practices for which there are no specific provisions in the Directives. The Fitness Check observed that the correlation between the problematic practices and the fact that the Directives do not have specific rules addressing them illustrates the limits of using a legislative principled-based approach.
It noted that consumers often behave differently online than they do offline. In particular, the Fitness Check highlights that consumers often feel that they lack complete control over their online experience due to practices such as:- Unfair use of AI systems for commercial purposes.
- Dark patterns in online interfaces, designed to influence and pressurise consumers.
- Addictive or deceptive interface design.
- Content personalisation based on behavioural tracking that exploits consumer vulnerabilities.
- Difficulties in dealing with subscription contracts.
- Unfair contract terms or terms and conditions that are difficult to find or understand.
- Lack of transparency around advertising and selling through social media, including influencer marketing.
- "Dropshipping", which involves the sale of products without the seller having them in stock.
- Traders only communicating through AI chatbots.
- The use of "scalper bots" that automatically purchase products in high demand with a view to selling them on at a higher price.
- Dynamic pricing in relation to event ticket sales.
- Consumer Standards – The Fitness Check found that the effectiveness of the Directives is impacted by limitations on the various legal concepts of a consumer:
‘Average consumer’ standard: The ‘average consumer’ concept is used in EU consumer law to assess whether a commercial practice is unfair. The Fitness Check found that there is a growing mismatch between the concept of the ‘average consumer’ and the realities of consumer behaviour in a digital environment which is undermining the effectiveness of EU consumer law. The Fitness Check found that consumers have a limited comprehension of the digital commercial practices at play (e.g. algorithmic processes) leading to a less attentive average digital consumer than the traditional concept of the ‘average consumer’.
‘Vulnerable consumer’ standard: The Fitness Check noted that a recurring criticism of EU consumer law is that the definition of a ‘vulnerable consumer’ remains too narrow and rigid as it reflects only a narrow cohort of traditionally vulnerable consumer groups. It fails to address a broader power imbalance and digital asymmetry which can make all consumers vulnerable in the digital environment due to limited or non-existent bargaining power which is aggravated by, amongst other things, insufficient digital literacy, cognitive biases and information overload.
As part of the Fitness Check, stakeholders were consulted on the European Commission’s Guidance on the UCP Directive5 which states that ‘vulnerability’ is not limited to traditional vulnerabilities but also includes context dependent vulnerabilities which are particularly acute in a digital environment and which is increasingly characterised by data collection on socio-demographic characteristics but also personal or psychological characteristics. The Fitness Check noted that several stakeholders doubted whether this interpretation in non-binding guidance is sufficient for ensuring legal certainty and called for codification of these aspects in the law. Several stakeholders and Member States were also of the view that the concept of vulnerability was not sufficiently focused on children and minors (who are active in the digital environment) despite the reference to age as a category. The Fitness Check also noted that the lack of caselaw has stymied the development of the concept of a ‘vulnerable consumer’ and recommended legislative change to bring certainty.
What’s next?
In a Mission Letter dated 17 September 2024, the President of the European Commission called on then Commissioner-designate for Democracy, Justice , Rule of Law and Consumer Protection, Michael McGrath, to develop a Digital Fairness Act (“DFA”) to tackle unethical techniques and commercial practices related to dark patterns, marketing by social media influencers, the addictive design of digital products and online profiling, especially when consumer vulnerabilities are exploited for commercial purposes. In April, the Commissioner outlined his plan for the DFA stating that a public consultation will commence in the coming weeks with a legislative proposal in mid-2026. He has been keen to stress that the DFA will not be an additional layer of legislation, but rather will plug existing gaps to ensure that consumers are protected online.
For more information, please contact one of the key contacts below or your usual contacts in McCann FitzGerald LLP.
- Directive 2011/83/EU.
- Directive 2005/29/EC.
- Directive 93/13/EEC.
- The Fitness Check evaluated the Directives by reference to five criteria: (i) effectiveness; (ii) coherence; (iii) efficiency; (iv) EU added value; and (v) relevance. This briefing considers some of the key findings relevant to the effectiveness criterion.
- Commission Notice: Guidance on the Interpretation and Application of Directive 2005/29/EC (2021/C 526/01)
This document has been prepared by McCann FitzGerald LLP for general guidance only and should not be regarded as a substitute for professional advice. Such advice should always be taken before acting on any of the matters discussed.
Select how you would like to share using the options below