Get ready for a whole lot more site blocking in the EU, thanks to a new consumer protection law

Posted on Nov 14, 2017 by David Meyer

European Union lawmakers have approved a new consumer protection regulation that, among other things, allows for the wholesale blocking of websites without the need for judicial authorization.

The reasoning seems innocuous enough on the surface. More than a third of online shops and booking websites were found to be breaching EU consumer laws, when a survey was made a few years ago. So new rules are needed to make enforcement of those laws more effective.

Under the new Consumer Protection Cooperation (CPC) regulation—which, like all regulations, introduces uniformity to its enforcement across the EU—member states must be able to get help from domain registrars to identify rogue traders, conduct “mystery shopping” investigations, and order the “explicit display of a warning to consumers.”

Here’s the important bit, though, in Article 9(4), which covers minimum enforcement powers:

“…where no other effective means are available to bring about the cessation or the prohibition of the infringement covered by this Regulation and in order to avoid the risk of serious harm to the collective interests of consumers:

(i) the power to remove content or to restrict access to an online interface or to order the explicit display of a warning to consumers when they access an online interface;
(ii) the power to order a hosting service provider to remove, disable or restrict access to an online interface; or
(iii) where appropriate, the power to order domain registries or registrars to delete a fully qualified domain name and to allow the competent authority concerned to register it;

including by requesting a third party or other public authority to implement such measures”

Remember, in EU law, regulations (unlike directives) must be applied evenly across the bloc. So this new consumer protection law means that each member state will need to have the infrastructure in place to block websites, even if that country previously lacked such mechanisms—as is currently the case in several states.

As Julia Reda, the Pirate Party’s lone voice in the European Parliament, noted in a blog post on Tuesday, the implications could go far beyond consumer protection.

She wrote:

“This forces internet access providers to create a website blocking infrastructure, which risks being abused later on for any number of other purposes, including censorship. To give a recent example, independence-related websites were blocked in Catalunya just weeks ago. These actions could only be taken so quickly because website blocking infrastructure had previously been put in place for other purposes, such as barring access to sites involving copyright infringement.”

So who’s to blame for the CPC demanding such site-blocking mechanisms?

In the original proposal, the European Commission talked about authorities having the power to “close down a website, domain or similar digital site, service or account or a part of it, including by requesting a third party or other public authority to implement such measures.” But then the member states themselves, which operate through the Council of the European Union, pushed for the version that has now been adopted.

“When the Parliament was finding its position on the issue in March 2017, I successfully proposed that the last resort measure must be removing content that infringes on consumer protection laws, not blocking access to websites, and that fundamental rights must be safeguarded by requiring prior judicial authorisation,” Reda wrote. “Tragically, the Parliament’s negotiator, MEP Olga Sehnalová from the Czech Social Democrats (S&D group), agreed to a compromise that adopted the Council’s proposal on website blocking.”

Sehnalová, meanwhile, issued a bland statement on Tuesday saying the new regulation would “strengthen and improve cooperation between all consumer protection actors, so that they can more easily monitor compliance and address cross-border infringements.”

The deal passed by 591 votes to 80, and all it needs now is the formal approval of the Council. Two years later, it will be in force. So, while Europeans will be unlikely to flock to their VPNs at that point to access sites that are out to rip them off, they might find themselves facing site blocks that have been made using the same mechanisms as those for consumer protection.