Data Protection & Consumer

Rights, 2021
Look at this
 Data Protection
• The main data protection principles were set out in the
Data Protection Act 2003…
• This has been updated under GDPR , enforceable from
25th May 2018.

• GDPR put the control back in the hands of the user

• Action Fraud
 When do these rights apply?
• Data held on a computer
• Data held on paper or other manual form as
part of a filing system
• Data made up of photographs or video
recordings of your image or recordings of your
voice
 General Definitions
• Data means information in a form which can be processed. It
includes both automated data and manual data.
– They also include photographs or video recordings of your image or
recordings of your voice.

• Automated data means, broadly speaking, any information

on computer
• Manual data means information that is kept as part of a
relevant filing system
• Personal data means data relating to a living individual who
is or can be identified either from the data
Processing means performing any operation or
set of operations on data, including:
– obtaining, recording or keeping data,
– collecting, organising, storing, altering or adapting
the data,
– retrieving, or using the data,
– disclosing the information or data by transmitting,
disseminating or otherwise making it available,
– aligning, combining, blocking, erasing or destroying
the data.
• Data Subject is an individual who is the
subject of personal data..
• Data Controllers are those who, either alone
or with others, control the contents and use of
personal data.
• Data Processor is a person who processes
personal data on behalf of a data controller,
but does not include an employee of a data
controller
• Sensitive personal data
– person’s racial origin
– political opinions or religious or other beliefs
– physical or mental health
– sexual life
– criminal convictions or the alleged commission of
an offence
– trade union membership.
– Biometric data
Six Data Principles of GDPR
 What are you Rights?
• Find out if data is being held on / about you…”Surprise rule”
• Find out who is processing your information
• Obtain details about how your data is processed by an
organisation or business
• Right to the assurance the Third Party Processors comply with
GDPR
• Obtain copies of personal data that the organisation is holding
– 1 month turn-around but can be extended to 90 days
• Have incorrect or incomplete data corrected
• Have data erased by an organisation, where, for example, the
organisation has no legitimate reason for retaining the data ….
Old application form
• Obtain your data from an organisation and to
have that data transmitted to another
organisation (Data Portability)
– Bank a/c or website
• “Opt – out” should be the default. Explicit
consent
• Not to be subject to automated decision
making
 GDPR ..Business Penalties & Breaches

• €20m or 4% of world sales…private sector

• €1m public sector

• You have 72 hours to report a Data Breach to a

DPC…. Helen Dixon the Data Protection
Commissioner
 Data Protection Commissioner
• The Data Protection Commissioner aims to make sure that
your rights are being upheld and that data controllers
respect data protection rules.
How do I make a complaint to the Commissioner?
• Write a letter/email. You should include;
– name the organisation or person you are complaining about;
– describe the steps you have taken to have your concerns dealt
with;
– give details of any response which you have received; and
– provide copies of any letters or emails exchanged between you
and the organisation or person.
• If you are not happy with the commissioner's
decision, you can appeal the decision in the
Circuit Court or higher.
• And “Yes” you can be financially compensated
• Helen Dixon
 Examples
• 2016 Uber concealed a hack that affected 57 million customers and
drivers, the company has confirmed
– email addresses and mobile phone numbers were hacked
• Uber paid hackers $100,000 (£75,000)

• NUIG breached GDPR having lost a USB stick storing 900 student
details

• State Examination Commission exposes 64 student medical

information
• Zoom and Facebook
• Tusla suffers 23 'high risk' data breaches
Source: Dataprotection.ie
Consumer Rights
 eCommerce Regulations
Traditional consumer protection regulations:
• The Sale of Goods Act gives certain rights to purchasers about the
quality of the goods they receive, and their rights if the goods fail to live
up to these standards.
• The Consumer Credit Act protects consumers’ rights when they enter
into an agreement for someone to provide them with loans or credit
facilities, including circumstances where they buy goods or services
using a credit card.
• The Unfair Terms in Consumer Contract Regulations protect consumers’
rights where they enter into agreements with retailers who try to
impose unfair terms in the agreement.

– These laws protect you online also…

Consumer Buying Rights when Buying Online

1.0 Right to a “cooling-off” period of 14 calendar

days where you can withdraw from the contract,
return your purchases to the seller.
• No reason needed but bear in mind you may have
to pay for the cost of returning the goods.
• Exceptions
– hotel bookings, car rental, travel tickets and other
leisure services (if the contract applies to a specific date
or period of performance) are specifically excluded from
this provision.
• Other exceptions include:
– Goods that are made to your specifications or that
are clearly personalised
– Audio or video recordings or computer software
that has been unsealed by the consumer e.g. DVDs,
software installation CDs with the seal removed
– Goods that are liable to deteriorate or expire
rapidly, e.g. perishable goods
– Gaming and lottery services
– Goods or services the price of which is dependent
on fluctuations in the financial market and that
cannot be controlled by the supplier.
2. The right to clear information
• Before the contract is concluded the trader must give you the following specific information in a clear manner:

–Total cost of the product, including all taxes and delivery charges.
–The name and address of the supplier
–The main characteristics of the good/service
–How the goods are to be delivered or how the service will be performed
–That a right to cancel exists … clearly stated
–The minimum duration of the contract
–How long it will be open to you to enter into the contract on these terms… offer
is a available for the next 10 days
–The cost of the communication between the parties if it is above a basic rate
–How the contract may be cancelled … email/written
–Any guarantees and after sales services that are available

• Most of this information will be included in your Terms & Conditions

document
3. The right to a refund for delayed or non-delivery
• Your purchase should be delivered within 30 days
unless you agree otherwise with the seller.
• The 30 day period can be extended ….. Mutual
agreement
• The consumer may cancel the contract after the 30-day
period has expired if delivery during such period was
essential e.g. if a wedding dress was ordered but did
not arrive in time for the wedding.
• Where the contract is cancelled, the trader is obliged to
refund the consumer any and all sums that have been
paid under the contract. This refund must be provided
within 14 days.
4. Right to redress for faulty goods
• If an item you bought online turns out to be
 faulty or not as advertised, you have the same legal rights as if you
had bought it in person in a store
.
• Under EU rules, any faults that become apparent within six months
of the goods being delivered are presumed to have existed at the
time of delivery. The trader may first offer the consumer a repair or
replacement, but if this is not possible or turns out to be
unsatisfactory, the consumer may then seek to rescind the contract
and ask for a full refund. Refunds must be processed within 30 days.
• The trader remains liable to the consumer for any faults that
become apparent within two years of purchase – however, if a fault
develops after the initial six-month period has already elapsed, the
consumer may be asked to prove that the fault was not caused by
misuse.
 When is a Consumer not protected by
consumer Law when buying online..
• Internet auctions …eBay
• Purchase from a private individual …donedeal
• Financial services…online banking/insurance
• Contracts from the sale of land
• Plane, train, concert tickets, hotel bookings
• Goods made to your specific specifications or is perishable
• For the supply of audio or video recordings or computer software where the
seal is removed
• For the supply of newspapers, periodicals and magazines
• For gaming and lottery services
• For the supply of goods or services the price of which is dependent on
fluctuations in the financial market which cannot be controlled by the
supplier,
 Trade with the UK Post Brexit
• As it stands EU & UK laws are basically the same wrt to
consumer right
• Going forward if they diverge trouble may arise
• Non court Dispute resolutions platforms may not be an
option any more;
– European Consumer Centres Network - ECC Net
– Online Dispute Resolution (ODR)
– European Small Claims Procedure

• Also going forward, bring a UK company to court and

enforcing that judgement will be a problem!
 Trade with the UK Post Brexit, Cont’d
• Taxes
– €167 … goes to €236 (including VAT, admin charges
etc..)
– If product originates in UK no problem… agreement
– If Germany  UK  Ireland … tax issues!
– < €22 No VAT
– €22 – €150 VAT local rate
– > €150 VAT + Excise Duties + Admin Cost (€10 - €14)
• Solution
– Shop local
– Shop in EU … Amazon Germany … may lose Prime
Free shipping
– Check where the company is based… may not
have a .CO.UK tag
 Terms & Conditions
• “A contract is a voluntary arrangement between two or more
parties that is enforceable by law as a binding legal agreement”
• Keep in mind you are entering into a “contract” hence all due
care must be taken

• TCs should be available to the customer at all appropriate times

• TCs should comply with:
– Consumer Information Regulations …. See last slides
– eCommerce Regulations …. See last slides
– The Sale of Goods and of Services Act, 1980 …. See last slides
• Note: A link to your TC’s should be accessible
at all the appropriate locations

– Examples:
• Burren SmokeHouse
• Homeland
 T & C’s Main Points to Cover
• Products Or Services Provided.
• Prices And Payment.
• Shipping And Delivery.
• Guarantees And Warranties.
• Returns, Refunds And Complaints Policies/Resolution
• Limitation Of Liability.
• Intellectual Property Rights.
• Vouchers/Competitions / Promotions
• Opening hours/Contact
• Data Protection
 Privacy Policy
• A website is legally obliged to have a privacy policy under GDPR.
– Registering with your site, newsletter, customer
– Running cookies on your site
• This policy must be easily accessible on the site and must be
concise and understandable by the user.
• It should cover:
– how the web site collects data,
– where it is stored and for how long it is stored.
– Whether and how it is shared.
– It should give instructions on how users can view their data and how they
can remove their data from your system.
• It Builds Trust!
• A link to your privacy policy should be
accessible at all the appropriate locations
• A designated person should be assigned this
job … Data Controller…
– Louise Kinane
Data Protection Officer, ITSligo
• BurrenSmoke House
Good Link
 Smoke House Privacy Policy
• What Personal Information do we collect?
• How do we use your personal information?
• What are your choices as to how we use your
personal information?
• How can you control, access and correct your
personal information?
• How might we share your personal information?
• Cookies & similar technologies
• How do we protect your personal information?
 Cookies …ePrivacy Directive
• If you use cookies you must inform the consumer and
get their consent … Window PopUp
• You don’t need a separate cookie policy (Privacy Policy
will do fine)
– Define a Cookie & what they do
– What your cookies using
• Essential … keep you logged in, recognise registered users
• Performance … track how the site is performing, page views, site
errors.. OneSpan Cookie
• Functional … Remember you when you return to the site and your
preferences
• Advertising … collect info about you for adverting
• Third Party Cookies …Google Analytics, Google Ads, Social Media
• You need to inform the users how to manage
the cookies;
– Disable or adjust them

– Are there WP Plugins to help

– With this??
 Intellectual property
• creations of the mind for which exclusive
rights are recognized in law
• copyright, trademarks…Patents
 CopyRight
• If you did not write or create the article,
graphic, or data that you find on the Web,
then you need permission from the content
owner before you can copy it….Stealing
• Copyright is the right of the owner to permit
someone else to reproduce copyrighted
works.
• Copyright works include:
– literary works such as articles, stories, journals, or
computer programs
– pictures and graphics
– blueprints of architecture
– music and song lyrics
– plays and screenplays
– audiovisual recordings such as movies
– sound recordings
• Reproduction can include:
– printing a Web page
– copying computer code
– downloading an image to your hard drive
– printing an image
• If you are trying to protect your own work, it is
always a good idea to have a copyright notice
on your page…but not needed!
• Copyright © 2010 Enterprise Ireland. All rights
reserved
• If you're not sure take it as copyrighted!
But How Will they Know?
• Spiders programs
• Ethical question …. Will you tell them
Defense to Copyright Infringement
Fair Use
• If you are doing a parody, commentary, or educational
information you may be able to claim fair use.
• fair use is nearly always a short excerpt from an article and
it is usually attributed to the source
• (along the lines of if they read your article they won't need to read the
original), blog Vs Irish times, photocopy books (5% or one chapter of a book)
• if your use of the excerpt harms the commercial value of the
work then your claim of fair use may be nullified
• Peter Pan … Famous Copyright story
TradeMarks
 Trademark
• A trademark is a distinctive sign or indicator
used by an individual, business organization,
or other legal entity to identify for consumers
that the products or services belongs to these
bodies.
• A trademark is typically a name, word, phrase,
logo, symbol, design, image, or a combination
of these elements.
• A trademark may be designated by the
following symbols:
• ™ (an unregistered trade mark, a mark used to
promote or brand goods)
• ℠ (an unregistered service mark, a mark used
to promote or brand services)
• ® (registered trademark)
• Famous TradeMarks
Domain names and trademark
• When trademark becomes part of a domain
name then you can be in trouble;
• Many companies register domain names that
contain their trade marks.
• eBay owns www.ebay.com.
• CocaCola owns www.cocacola.com and
www.coke.com.
• Be carful!!
 Cybersquatting
• Cybersquatting (also known as domain
squatting), is registering, trafficking in, or
using a domain name with bad faith intent to
profit from the goodwill of a trademark
belonging to someone else.
• The cybersquatter then offers to sell the
domain to the person or company who owns a
trademark contained within the name at an
inflated price
Consumer Information Regulations
• The trader’s name and address as well as the address to which to address complaints
• The main characteristics of the goods or service
• The price of the goods - including all taxes
• Delivery costs, where applicable
• Arrangements for payment
• The trader’s complaints handling policy
• Whether a right to cancel exists and the conditions, time limit and procedures for doing
so
• Whether you will bear the costs of returning the goods
• The estimated cost of returning the goods if you have to bear the cost and they cannot
be returned by normal post
• Conditions of after-sale customer assistance and services, and commercial guarantees
• The duration of the contract, if applicable, and the conditions for terminating it if it is
extended automatically or is of unlimited duration
• The minimum duration of your obligations under the contract, if applicable
• The cost of communication between you and the trader, if it is above a basic rate
 eCommerce Regulations
• steps your customers must follow to conclude an
agreement with you to buy something
• confirmation of whether a copy of the contract
will be filed and whether the customer can
access it
• a description of how the customer can identify
and correct errors before continuing an order
• details of any industry codes of practice which
you subscribe to
 Sale of Goods Act 1893
• Goods as described and be of a satisfactory
quality
• Examples
• A new Range Rover which is drivable but has a variety of
minor problems with its engine and bodywork is not of
satisfactory quality - especially in view of its luxury price
tag.
• A second hand car which has a defective clutch and breaks
down shortly afterwards would be of satisfactory quality if
the seller had pointed out the defect and the price took
account of it.
• Remedies available to a consumer
– Rejecting the contract and seeking a refund.
– Seeking damages
– Requesting the goods be repaired or replaced
• Note … You cannot be held responsible for:
– fair wear and tear
– misuse or accidental damage by the consumer
– where the customer has tried their own repair or had someone else
attempt a repair, and this has damaged the goods
– incorrect public statements about the characteristics of goods (such
as in advertising or on labelling) which you were not aware of for
good reason or had been corrected in public before the conclusion of
the sale or the decision to buy was not influenced by the statement
• Time limits for bringing claims
– The time limit to bring a claim to court is six years.