The Regulation is clearly designed to target marketplace platforms, whilst carving out ‘payment services’, on the basis that these are inherently auxiliary to a transaction for the supply of goods or services to consumers. It applies to all “online intermediation services” – which is widely drafted. It is well-established that app stores, comparison/review sites, hotel booking platforms, social media platforms, marketplaces, and a whole host of other platforms that perform similar functions are within scope. Excluded from scope are online advertising tools and online advertising exchanges where no contractual relationship as between business users and consumers is anticipated. This means that the Regulation will not apply, for example, to
What is less clear is whether the Regulation is intended to apply to platforms through which financial services are sold to consumers, for example platforms through which consumers can set up deposit accounts from a range of choices, make investment choices or apply for loans or mortgages. If your business is caught, or at least may be caught, by the Regulation, it is important to carry out a full legal assessment and impact assessment to understand what compliance means in practice. You will need to do this quickly as the Regulation comes into full force on 12 July 2020 and any compliance measures will need to be operational before this date.
Are financial services platforms caught?
The Regulation applies to “online intermediation services” and search engines that target consumers in the EU. As things stand, this includes consumers in the UK. The Regulation will continue to apply in UK after the end of the end of the Brexit transition period (as part of the EU acquis, the body of EU law which will become part of English law), subject to any amendment by the UK government. As mentioned above, the definition of online intermediation services is widely drafted. However, it is widely believed that this will not include financial services platforms. This is because ‘online intermediation services’ are defined by reference to services which are ‘information society services’ under the EU Information Society Services Directive (2015/1535). However, on closer analysis, there is cause for some concern – the Regulation states that services that fall within “the definition of information society services in Article 1.1(b) of the Information Society Services Directive” are within scope. Article 1.1(b) defines an information society service as any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services. Importantly, however, the carve outs which takes financial services outside the ambit of the Information Society Services Directive is in a different part of the directive (Article 1.4). It would appear, therefore, that although financial services are not within the ambit of the Information Society Services Directive, they may well be within the ambit of the Platform for Business Regulation (because this exclusion has not been replicated in the Regulation).
What are the implications of the Regulation?
The Regulation applies some of the principles of consumer law to the interactions of intermediaries with business users. In particular, unilateral terms and conditions and other specifications that apply to business users must be delivered in “plain and intelligible” language, and changes to the terms and conditions must be communicated on a durable medium (such as email) and subject to a set notice period. The Regulation also sets out rules around suspending and terminating business users. Except in certain circumstances, businesses cannot terminate the provision of services to a business user without giving them a specific period of notice and an opportunity to appeal. Service providers also face wide-ranging transparency obligations. These include transparency about any ranking of products or search results, and differentiated treatment that service providers may give to particular users. Where online intermediaries decide to restrict or suspend a particular business’s access to their platform, they must also clearly set out the grounds for that decision. The Regulation also requires online intermediation service providers to provide in their terms and conditions information about the data they hold in relation to business users. These obligations apply equally to personal and non-personal data, meaning that a provider’s obligations will in certain respects go beyond those imposed by the GDPR. Where disputes arise between the service providers and the businesses which use the services, the service providers will be obliged to provide an effective redress process, which must include a clear complaints handling system and engage with mediation. If financial services platforms are subject to the Regulation, they will need to consider carefully how these obligations interact with those imposed under financial services legislation, for example the rules around suspension (such as under anti-money laundering laws and regulations) and complaints handling.
Now that the Regulation has been published in the Official Journal, businesses need to determine whether they are (or may be) caught by the Regulation. Where a business is caught, it will need to undertake a comprehensive review of its processes and procedures to ensure it can comply and implement any necessary changes. All of this needs to be achieved before 12 July 2020. Financial services platforms may need to seek advice in order to take a view on whether the Regulation applies to them. Even though the FCA is not currently focusing on compliance, insofar as financial services platforms operate on the basis of negotiated (rather than unilateral) agreements with their business users, they may be expected to contractually commit to comply on a go-forwards basis. Similarly, where there are general ‘compliance with applicable laws’ obligations, platforms may find themselves at risk of breach unless steps are taken to comply with the Regulation. Furthermore, under the Regulation, organisations representing business users have the right to take actions before national courts to stop non-compliance with the Regulation.