Moved by Lord Fox
14: After Clause 25, insert the following new Clause—“Amendments to consumer protection legislation (1) In section 9(3) of the Consumer Rights Act 2015 (goods to be of satisfactory quality), after paragraph (e) insert—“(f) compliance with security requirements.”(2) In Schedule 2 to the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (S.I. 2013/3134), after paragraph (x) insert—“(y) where applicable, confirmation of compliance with all security requirements as set out in regulations made under section 1 of the Product Security and Telecommunications Infrastructure Act 2022.”(3) In section 2(2) of the Consumer Protection Act 1987 (liability for defective products), after paragraph (c) insert—“(d) in relation to a relevant connectable product within the meaning of Part 1 of the Product Security and Telecommunications Infrastructure Act 2022, any person who is a distributor of the product within the meaning of that Act.””Member’s explanatory statementThis amendment would clarify the relationship between proposed provisions in this Bill and those already in law under the Consumer Rights Act 2015 and other consumer legislation. This would include defining a security issue as a fault for the purposes of consumer law and ensuring the liability for a defective connectable product is properly defined.
My Lords, this group contains two amendments that have been tabled by my noble friend Lord Clement-Jones, and I rise to move Amendment 14 and to speak to Amendment 14A on his behalf and my own. These are probing amendments to understand consumer law with this and other legislation.
It seems that the Government’s intention is that consumers will be entitled to redress under the Consumer Rights Act 2015 for breaches of the product security requirements in Part 1 of this Bill and the requirements of related future secondary legislation where breaches amount to a product not being of satisfactory quality as described or fit for purpose. However, for clarity, this will require the specific inclusion in this Bill of amendments to the CRA and other related consumer legislation. So I ask the Minister to clarify how redress will work in practice. As Which? has strongly urged in relation to the current consultation on reform of consumer law generally, collective redress should also be available for groups of consumers that have suffered breaches of the CRA relating to product security.
To help your Lordships, let us look at a typical scenario where the consumer reads a report about a security issue with a product that they own and considers it insecure and hence faulty. They try to take the product back to the retailer as redress, as per CRA 2015 rights, but under the CRA, after the first six months of ownership, the burden falls on them to prove that the fault was not of their making. It is unclear what burden of proof would be required at this stage for the consumer to get redress for security faults as described in this Bill.
The CRA places the primary obligation on retailers—as “traders” concluding contracts with consumers—not manufacturers, to remedy products found to be in breach. Due to the unique nature of security faults, it is currently unclear whether a retailer would have the ability to verify reports of faults to facilitate effective redress. Experience has shown that it has been hard when reporting security issues to retailers, and that can often result in pushback. There is a risk that the consumer will find it very hard to enact their CRA rights in practice to get redress on insecure products. In that regard, proper legal guidance for what classifies a security fault is absolutely vital for redress to work effectively.
At present, it is unclear how security updates—and hence a commitment to fix security faults that occur with smart products—interact with the CRA 2015. For example, a manufacturer could claim that it will provide four years of updates on a product at the point of sale but then renege on that; perhaps because it has gone out of business or some such reason. The product then develops a security fault that the manufacturer will not fix. It is unclear what the consumer rights would be in this scenario.
Moreover, it is unclear if the Bill effectively waters down consumer rights under the CRA. If the manufacturer claims that it will give four years of support in which it will fix security faults, how does this impact on a claim that a consumer may have under the CRA to have faults addressed—which they may be able to bring for up to six years from when they purchased the goods? If the Government are not willing to mandate minimum support periods for at least six years, this could become a commonplace problem to consumers seeking redress. The Bill must make it clear how it interacts with the CRA 2015 and associated consumer legislation in a way that gives maximum protection to consumers and does not water it down.
Finally, under the CRA 2015, after the first six months of ownership, the burden falls on the consumer to prove that a fault was not of their making. Consideration should be given to extending this period and making it easier for consumers to obtain redress for insecure products. The 2019 EU sale of goods directive has extended the burden of proof in EU member states to one year—extendable to two years by member states—from delivery of the goods. For goods with digital elements supplied on a continuous basis, the burden of proof for conformity is on the seller in relation to any non-conformity that becomes apparent during a minimum of two years, or the period of supply where longer than two years, effectively providing a minimum of two years of security support. The directive also has specific provisions requiring sellers to keep consumers informed about and supplied with updates, including security updates. Similar protections should be introduced for UK consumers.
So there is a whole heap of issues here, and these two amendments try to get some clarity. Amendment 14 seeks to clarify the relationship between the provisions proposed in the Bill and those already in law under the Consumer Rights Act 2015 and other consumer legislation. This would include defining a security issue as a fault for the purposes of consumer law and ensuring that the liability for a defective connectable product is properly defined. Amendment 14A would ensure that the provisions of the Bill will not conflict with any existing legal rights regarding the enforcement of consumer law, ensuring that redress for defective connectable products can be sought by individual consumers, as opposed to solely leaving the redress procedure to the designated enforcement body to ensure compliance.
We await detailed exposition on all this, either now or in a letter from the Minister. I beg to move.
My Lords, I am grateful to the noble Lords, Lord Clement-Jones and Lord Fox, for tabling these amendments, which seek to clarify how the new measures in the Bill will interact with existing consumer legislation. In a practical sense, they are about how comfort can be given to the consumer and redress made available where necessary.
We in your Lordships’ House know that consumers have had to fight hard over many years to secure important statutory protections, including rights of redress when products do not live up to the standards that people rightly expect of them. I say to the Minister that the new measures in the Bill are certainly welcome and will improve certain aspects of the consumer experience, but it is also right to probe how this new regulatory regime interacts with consumer rights and protections enshrined elsewhere.
I feel that Amendment 14 seeks to update the state of play to refer to compliance with security requirements, but that needs to be an area where consumer protection is enshrined in legislation. To me, it goes with the sweep of the Bill, which is to bring us into today’s world and able to cope with the new and constantly evolving situation. Amendment 14A is also interesting, in that it seeks to maintain the right of individual consumers to seek redress in relation to defective connectable products rather than leaving these matters to a particular enforcement body or to collective legal action.
We would appreciate it if the Minister could clarify some of these matters in the Bill itself. If that does not prove possible, this is another area where we would very much like rather more information to be made available by the department so that we can seek to protect the rights and interests of consumers.
I am grateful to the noble Lord and the noble Baroness for probing through Amendments 14 and 14A as tabled by the noble Lords, Lord Clement-Jones and Lord Fox. The amendments seek respectively to amend consumer protection legislation and clarify the relationship between this Bill and consumer protection legislation.
The Consumer Rights Act 2015 requires goods and services to be of a satisfactory quality, and the Consumer Protection Act 1987 imposes liability for defective products. Breaches of this Bill that meet the criteria of these Acts already entitle consumers to the protections they provide. This Bill focuses on the supply chain and what it needs to do to protect and enhance the security of products and their users. The security requirements will relate to processes and services, not just to the hardware of a product as the product safety framework does. It is not appropriate to retrofit the security requirements of this Bill’s regime into the existing framework of consumer protection legislation, which was generally designed to ensure that consumers have rights when products are unsafe—although, as I said, I appreciate the probing nature of these amendments.
Some security requirements will require ongoing action from manufacturers after they make a product available. It would be inappropriate to require traders to confirm one-off compliance with such requirements before contracts become binding. I acknowledge that existing consumer rights legislation will not always enable consumers to seek redress for breaches of the security requirements. I reassure noble Lords that this is not a gap. The evolving technological landscape means that the threats to consumers change, and we need flexibility to protect and compensate customers where that is necessary. The Bill, together with existing consumer rights legislation, already offers this.
Ultimately, this Bill mandates clear duties on the entire supply chain to ensure that products are more secure and that consumers are better protected. There are also robust enforcement powers to ensure that these duties are upheld. The point of the Bill is for the onus not to be on consumers to ensure that the security requirements are complied with. The enforcer will do this and, where appropriate, can recall products and provide compensation to customers, but the noble Lord and the noble Baroness both kindly suggested that I add this to the issues on which I will write ahead of Report. I am very happy to do so and to provide further detail in response to the probing—
The Minister said earlier that the whole point of the Consumer Rights Act was about unsafe goods. I think that he means “unsafe” as referring to physical harm. Actually, a major security breach could render serious physical harm to someone because having all their money removed from their bank account could affect their mental state and result in the breakdown of their marriage, suicide, failure of business, all sorts of things. Therefore, it may have just as damaging physical effects on someone, though not immediately apparent. Although they are different they are equally unsafe, so this has more merit than he is suggesting.
At the risk of a philosophical debate on the nature of security versus safety, I accept some of the points that the noble Earl makes. There are distinct differences between our approach to product security and existing product safety as set out in consumer legislation, but I will address myself to that philosophical point in the letter, if I may. For now, I ask the noble Lord to withdraw Amendment 14.
I hope that the Minister will take some time to read my speech in Hansard and address the issues that I have raised, because there are some specific points that have not been touched.
A lot of this has come from Which? whom I thank for its help. Which? is an extraordinarily experienced organisation, with some of the country’s most experienced consumer lawyers dealing with the sharp end of customer consumer problems. The fact that it has gone to the trouble of raising these issues should raise a red flag. It is not doing it out of mischief or political intrigue, but because it cares about the future of consumers. For that reason, the department needs to take this seriously.
If the Minister requires a meeting with Which? I am sure that I, the noble Lord, Lord Bassam, or the noble Baroness, Lady Merron, will be very happy to broker one. We could then go through some of these consumer issues. This is an organisation dedicated to protecting the needs of consumers. It has gone to the trouble of flagging up this and several other issues. For that reason, for the future of this Bill, it would be very sensible to take Which? seriously.
That said, I beg leave to withdraw Amendment 14.
Amendment 14 withdrawn.
Amendment 14A not moved.
Clause 26 agreed.
Clause 27: Delegation of enforcement functions
Amendment 15 not moved.
Clause 27 agreed.
Clauses 28 to 49 agreed.