Improving In-App Purchasing Protection for EU Consumers?

Robert Miklós Babirad 

1          Introduction

In a press release from July 18, 2014,[1] the European Commission claimed that its joint enforcement measures, which have been carried out in conjunction with consumer protection authorities from the EU’s Member States, have resulted in the provision of better online gaming protection for EU consumers and specifically within the area of in-app gaming purchases.[2]  An in-app purchase may constitute, but is not limited to a bonus level in a game, “maps, experience points, subscriptions” or “recurring services,” which may be purchased by a consumer within an app, such as an online game.[3] This relatively new business model of in-app purchases within online games is an expanding market both within the EU and abroad.[4]  However, complaints have included concerns with misleading advertising such as online games, which are advertised as “free,” but may actually require additional purchases for their normal functioning; default settings, which do not require a customer’s explicit authorisation prior to account deductions being made for in-app items; and inadvertent in-app purchases being made by children.[5]

Joint enforcement action has taken place under the Consumer Protection Cooperation Mechanism, which is available to authorities under the EU Consumer Protection Cooperation (CPC) Regulation.[6]  This regulation provides a network of unified enforcement capability across Europe between the consumer protection authorities in each of the EU’s Member States and appears to be a helpful tool.[7]  However, it is debatable as to whether the availability and application of this legal instrument has actually been beneficial in protecting EU app consumers given the overall lack of meaningful solutions, which have resulted from its application with regard to Apple.

This article will begin by addressing the predominant concerns, which have arisen regarding in-app purchases, but specifically with regard to Apple.  The Common Position, which was initially put forth in 2013 by the European Commission acting in conjunction with Member State Authorities within the Consumer Protection Cooperation Network, will then be offered.[8]  Apple’s responses to the Common Position and the ongoing joint enforcement action will then be considered.  This article will conclude by suggesting that the European Commission’s claim of providing better online gaming protection and enhanced consumer protection, with regard to in-app purchases, may not be an accurate assessment of the present situation.


2          The Common Position as of July 2014 and Apple’s Response

Joint action using the Consumer Protection Cooperation Mechanism seeks to obtain solutions to the issues initially raised in the 2013 Common Position regarding in-app purchases, but it is the national authorities of the EU’s Member States who will have the burden of actual enforcement.[9]  The authority of the European Commission is also restricted to a monitoring capacity with regard to the responses, which it receives from industry participants to the issues raised.[10]  The potential helpfulness of any joint measures in the obtaining of effective solutions is subsequently limited from the onset.


A         Misleading Advertising

It is first necessary to consider each of the key concerns raised by the Common Position as well as the responses, which the European Commission has received from Apple with the expectation of obtaining “concrete solutions.”[11]  The Common Position provides that in-app purchases must be of an optional nature and not essential to playing an online game, if these items are to be advertised on software platforms as “free.”[12]  The test is whether an in-app purchase is necessary for an online game to be played in a manner that a consumer would “reasonably expect.”  Unfortunately, this is an ambiguous standard, which has the ability to be construed by a software company in its favour, rather than that of the consumer and requires greater clarification.

Article 6(1)(e) of the Consumer Rights Directive provides that a merchant must provide in a “clear and comprehensible manner” the total cost of the goods it is offering prior to a consumer being bound contractually.[13]  Apple now provides consumers with information concerning the costs associated with certain on-line gaming purchases, and developers of apps for Apple must provide for the clear identification of in-app purchasing options in the information that is offered with the app.[14]  These appear to be helpful changes.  However, Apple has also placed the phrase “In-App Purchases” near the button enabling downloading of apps, which are advertised as “FREE.”[15] The display of the word “FREE” is retained and continues to retain a position of dominance in size and appearance when positioned in comparison to the phrase “In-App Purchases,” thereby continuing to create a situation of potentially misleading advertising for consumers.[16]  It may therefore be suggested that these measures do little to actually provide for enhanced EU consumer protection, nor do they effectively comply with the Common Position objective of preventing misleading advertising in the app sector.


B         Children and In-App Purchases

A need has been expressed for clearer instructions to developers of online gaming apps, which instructs them that “direct exhortations to children” are prohibited within online games that are to be disseminated throughout the European Union.[17]  Greater transparency regarding Apple’s responses to grievances from authorities within the CPC or from the company’s consumers is also called for in the Common Position.[18]  These are positive objectives, which would lead to greater consumer protection and particularly with regard to children who use online gaming software.

However, at present, Apple’s response has been merely to provide its developers with the information that it is their responsibility to comply with regional legal requirements where their app will be made available.[19]  Additional action has not otherwise been taken in the proposing and implementing of potentially more effective safeguards in prohibiting app advertising directed at children.[20]  Apple’s proposals have also included the establishing of a team, which will be charged with the specific responsibility of answering notifications from governmental authorities, as well as provisioning for a dedicated e-mail address for potential infringement notifications.[21]  These constitute helpful proposals, but again, Apple has failed to provide an exact time frame for enacting these measures and enforcement authorities have not taken effective measures to insist upon these changes, thereby negating their potential helpfulness.[22]

Article 14(1)(b) of the e-Commerce Directive provides that an app, which contains “direct exhortations to children” or involves any other prohibited conduct, must be removed from a company’s online software platforms.[23]  This provision specifically states that a service provider with knowledge of illegal activity, after having stored this information, which it has received from a consumer, must act “expeditiously” in disabling or removing access to the illegal information in order to avoid potential liability.[24]  The question arises as to why effective action was not taken earlier by both Member State and EU consumer protection authorities in applying this provision, if consumer protection and the prevention of advertising directed at children had been a priority.  Additionally, the issue of whether information society service providers have acted “expeditiously” in disabling access to illegal information will continue to serve as a debatable point if there is a continued lack of overall transparency, conformity and enforcement with regard to the Common Position’s objectives. [25]


C         Payment Authorisations

Article 54(2) of the Payment Services Directive constitutes one of the legal provisions offered in support of the requirement of consumer consent to purchases provided for under the Common Position.[26]  Under Article 54(2), a payment transaction is not valid if the consent of the payer has not been provided in the “form agreed between the payer and his service provider.”[27]  This provision is interesting, because the form of payment may vary and occur in any number of mutually agreed upon methods between the merchant and consumer.  However, the essential element of consumer consent to executing a payment in a particular form must be evident, as compared with automatic default payment settings, which may potentially negate the required consent element.

The Common Position provides that Apple’s default setting of a fifteen minute consumer payment window should be modified and not act as an automatic default setting.[28]  EU consumers must also be provided with the choice of authorising each separate purchase in addition to having the option of the fifteen minute payment window.[29]  The crucial element is that consent to a payment setting must be provided “explicitly” and this may be aided through information that is being “regularly” provided to EU consumers regarding the options available to them for in-app purchases.[30] These appear to be positive proposals, which could provide EU consumers with greater control over the authorisation of their payments for in-app purchases.  However, despite the helpfulness of these proposals, the Common Position fails to adequately clarify its expectations regarding the meaning of “regularly” providing consumers with information concerning available payment options.[31]

Consumer consent to a purchase may also be satisfied under the Common Position through the establishing of a specific amount, which has been allocated specifically to in-app purchases, without necessitating a separate authorisation for each transaction by the consumer.[32]  This is a helpful, but vague objective, because the consumer must still be first afforded a method for defining the scope of the transactions to which he or she is authorising account deductions up to a certain payment amount, if there is to be “explicit” consent to a payment authorisation.  It is also provided that consumers must be provided with information that it “easily accessible and comprehensible” regarding how payment settings may be modified.[33]  Unfortunately, this constitutes yet another ambiguous standard, which holds the possibility of being construed more favorably in terms of the software company than the EU consumer.[34]

Apple’s response to the Common Position has been that payment approval settings will not be standardised, but instead dependent upon the operating system or device, which is being employed by the consumer.[35]  The company has also merely proposed to address concerns regarding the authorising of consumer payments at a future date, which will not benefit the EU consumer at the present time.[36]  Additionally, no “concrete and immediate solutions” have been otherwise provided or a commitment offered by Apple containing a specific time for implementing modifications relating to its default settings for apps and in-app purchases.[37]  Apple’s lack of commitment to implementing the proposals of the Common Position will hinder the advancement of greater EU consumer protection.


D         Email Availability of the Merchant

Article 5(1)(c) of the e-Commerce Directive is one of the legal provisions, which is offered in support of the Common Position’s mandate that the email address of a service provider be made available to consumers.[38]  This provision provides that a service provider must offer their details, including an e-mail address, thereby enabling contact between a consumer and the service provider “rapidly” and in a “direct and effective manner.”[39]  This information must also be provided in a format that is “easily, directly and permanently accessible” to consumers and authorities.[40]  Unfortunately, all of these terms are open to a degree of interpretation, but the more important issue is why conformity with these requirements, which would have enhanced consumer protection, were not insisted upon earlier by EU and Member State Consumer Protection Authorities, if consumer protection had actually been a priority.

Apple has proposed providing for an email address that would be available to consumers of its app and in-app products.[41]  Direct contact between EU consumers and developers has also been proposed through the provision of a support URL, which would be available on store pages containing Apple’s available EU content.[42]  However, at present, these proposals fail to be of assistance to EU consumers, because details regarding a time frame for their implementation have not been offered by Apple nor otherwise effectively insisted upon by Consumer Protection Authorities.[43]


3          Is Joint Action Enhancing EU Consumer Protection in the App Sector?

It has been suggested by the Commission that “tangible results” and “real progress” have resulted from these joint measures, which have achieved meaningful commitments to consumer safety in the area of app and in-app purchases from industry participants, such as Apple.[44] However, Apple’s tentative and non-committal proposals toward implementing changes providing for the enhanced safety of EU app consumers, as well as the European Commission’s vague standards and limited measures, which now appear to be suddenly more concerned with consumer safety post-injury than previously, offer doubt as to whether consumer protection is actually being enhanced through this joint enforcement action.

It is interesting to note the statement of Vice President Neelie Kroes whose responsibilities include the EU’s Digital Agenda, in remarking that the Commission is “very supportive of innovation in the app sector” and that purchases made in-app constitute “a legitimate business model,” but it is now “essential for app-makers to understand and respect EU law” in the development of these emerging business models.[45]  This statement appears to indirectly reflect an ongoing trend in placing economic interests as a priority above that of consumer safety and compliance with EU law.


4          Conclusion

In conclusion, a common position of goals and the establishing of joint action is only minimally helpful if, in its application, there fails to be effective and meaningful interpretation, application and enforcement that actually works on a noticeable, practicable and measurable level for the benefit and protection of EU app consumers.The commitments now being sought after in the Common Position should have been secured before permitting the operation of this relatively new business model on the European single market and prior to enabling a situation which has subsequently operated to the detriment of European consumers and has been particularly harmful to minors.


[1] See Commission Press Release of 18 July 2014, In-app purchases: Joint action by the European Commission and Member States is leading to better protection for consumers in online games, IP/14/847. <> Accessed 22nd of September 2014.

[2] Ibid p. 1.

[3] Make In-App Purchases, Apple Inc. <> Accessed 22nd of September 2014.

[4] See Commission Press Release of 18 July 2014 (n 1) p. 1.

[5] Ibid.

[6] European Parliament and Council Regulation 2006/2004 on Cooperation between National Authorities Responsible for the Enforcement of Consumer Protection Laws (the Regulation on Consumer Protection Cooperation) OJ 2004 L 364/1; Commission Press Release of 18 July 2014, In-app purchases: Joint action by the European Commission and Member States is leading to better protection for consumers in online games, IP/14/847, p. 2 <> Accessed 22nd of September 2014; <> Accessed 22nd of September 2014.

[7] Commission Press Release of 18 July 2014 (n 1) p. 2.

[8] Ibid p. 1.

[9] Ibid pps. 1-2.

[10] Ibid p. 2.

[11] Ibid p. 1.

[12] Common Positions of the National Consumer Enforcement Authorities on Consumer Protection in Games Apps from July 2014, p. 1. <> Accessed 22nd of September 2014.

[13] Article 6(1)(e) European Parliament and Council Directive 2011/83/EU on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council OJ 2011 L 304/64; Common Positions of the National Consumer Enforcement Authorities on Consumer Protection in Games Apps from July 2014, p. 1. <> Accessed 22nd of September 2014; <> Accessed 22nd of September 2014.

[14] Common Positions (n 12) p. 1.

[15] Ibid.

[16] Ibid.

[17] Ibid p. 2.

[18] Ibid.

[19] Ibid.

[20] Ibid.

[21] Ibid.

[22] Ibid.

[23] Ibid p. 2.

[24] Article 14(1)(b) European Parliament and Council Directive 2000/31/EC on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (`Directive on electronic commerce’) OJ 2000 L 178. <> Accessed 22nd of September 2014.

[25] See Directive on Electronic Commerce, art 14(1)(b).

[26] Common Positions (n 12) p. 3.

[27] Article 54(2) European Parliament and Council Directive 2007/64/EC on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC OJ 2007 L 319/1. <> Accessed 22nd of September 2014.

[28] Common Positions (n 12) p. 3.

[29] Ibid.

[30] Ibid.

[31] Ibid.

[32] Ibid.

[33] Ibid.

[34] Ibid.

[35] Ibid p. 2.

[36] Ibid.

[37] Ibid pps. 2-3.

[38] Ibid p. 3.

[39] Directive on Electronic Commerce, art 5(1)(c).

[40] Ibid, art 5(1).

[41] Common Positions (n 12) p. 3.

[42] Ibid.

[43] Ibid.

[44] See Commission Press Release of 18 July 2014 (n 1) pps. 1-2.

[45] Ibid p. 1.