Cooperation between national authorities on consumer protection laws
Regulation (EU) 2017/2394 — cooperation between national authorities for the enforcement of consumer protection laws aims to protect consumers against cross-border infringements to EU consumer law by modernising the cooperation of the relevant national authorities in EU, European Economic Area (EEA) and European Free Trade Association (EFTA) countries among themselves and with the European Commission.
The new rules help increase consumers’ and businesses’ trust in e-commerce within the EU. It repeals and replaces Regulation (EC) No 2006/2004 as of 17 January 2020.
The regulation covers 26 EU laws that protect consumers’ interests listed in its annex (new ones may be added in the future to extend the scope of the Regulation to new legislative areas) and it applies in case of any infringement of those laws.
These infringements can be:
intra-EU infringements: where consumers live in an EU country other than that in which
the infringement took place
the trader responsible is based or
where the relevant evidence or assets are to be found;
widespread infringements: an act or an omission contrary to EU consumer protection law that harms or is likely to harm the collective interests of consumers in at least 2 EU countries other than the country in which
it originated or took place
the trader responsible for it is based
where the evidence or assets of the trader involved are to be found; or
any acts or omissions contrary to EU consumer protection laws that harm or are likely to harm the collective interests of consumers and that have common features, including
the same unlawful practice
the same interest being infringed and
that are occurring concurrently
committed by the same trader, in at least 3 EU countries;
widespread infringements with an EU dimension: the consumers affected reside in at least two thirds of the EU countries, representing at least two thirds of the EU population.
The infringement can be an act or an omission, and may have ceased before enforcement starts or is completed.
Each EU country must designate and provide resources for:
a single liaison office responsible for coordinating investigation and enforcement activities and for ensuring effective cooperation;
one or more competent authorities responsible for the application of the regulation.
EU countries may also involve designated bodies, where necessary, to gather information regarding an infringement or to take enforcement measures, under certain conditions of the regulation.
The regulation lists the minimum investigative and enforcement powers of the competent authorities, including the power to obtain commitments from a trader to cease an infringement or to provide remedies to the affected consumers .
Moreover, authorities will also be able to:
request information from domain registrars and banks to detect the identity of the responsible trader;
carry out test purchases (‘mystery shopping’) to check geographical discrimination or after-sales conditions (e.g. withdrawal rights); and
order the removal of online content if necessary.
For intra-EU infringements, the regulation lays out the procedure for requests for information and for enforcement measures from one EU country to another.
Authorities must respond to requests for information within 30 days unless otherwise agreed, and must apply appropriate enforcement measures without delay and normally within 6 months. The regulation also covers the conditions under which such a request may be turned down.
Where there is a reasonable suspicion of a widespread infringement, the authorities concerned must alert without delay the Commission, other competent authorities and liaison offices, and launch coordinated action where agreed, with a designated coordinator.
The Commission must report any suspected infringements of which it has become aware to the national authorities. If there is a suspicion of a wide-scale EU-wide infringement, national authorities must conduct appropriate investigations and start a coordinated action if such investigations confirm that an infringement might be taking place. Coordinated actions to address widespread infringements with an EU dimension must always be coordinated by the Commission.
EU countries may refuse to participate in a coordinated action, for example if there are already judicial proceedings or if an investigation has shown that the actual or potential effects of the alleged infringement are negligible in that country.
The regulation also introduces a new EU-wide market alert system, so that emerging threats are detected more rapidly. This new alert system combines the system already existing under the consumer protection cooperation regulation (Regulation (EC) No 2006/2004) with a wider exchange of relevant and necessary information.
In addition, certain external bodies (such as consumer and trade associations, the European Consumer Centres and designated bodies given this power by the EU countries or by the Commission) will also be able to send alerts (‘external alerts’). This increases the role of stakeholders in the enforcement of consumer protection law.
The authorities may also decide to conduct sweeps* to detect infringements, but these must normally be coordinated by the Commission.
Authorities may directly request relevant data from third parties in accordance with Directive 2000/31/EC (on e-commerce) and respecting data protection legislation (Regulation (EC) No 45/2001 on European Data Protection Supervisor, Regulation (EU) 2016/679 — general data protection regulation (GDPR) and Directive (EU) 2016/680 — Protecting personal data when being used by police and criminal justice authorities).
Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 (OJ L 345, 27.12.2017, pp. 1-26)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, pp. 1-88)
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, pp. 89-131)
Successive amendments to Regulation (EU) 2016/680 have been incorporated in the original text. This consolidated version is of documentary value only.
Regulation (EC) No 2006/2004 of the European Parliament and of the Council of 27 October 2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (the Regulation on consumer protection cooperation) (OJ L 364, 9.12.2004, pp. 1-11)
Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, pp. 1-22)
Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services,