Ch9. Consumer Protection Law and Data Privacy Law — Legal Shields for Modern Life

Consumer Protection Law

A consumer is a person who purchases goods or services from a business. Because of the information and bargaining power imbalance between consumers and businesses, the law provides them special protection.

Eight Fundamental Consumer Rights:
1. Right to safety
2. Right to be informed
3. Right to choose
4. Right to be heard
5. Right to redress
6. Right to consumer education
7. Right to organize and act collectively
8. Right to a safe and clean environment for consumption

E-Commerce Consumer Protection

Right to Cancel (Cooling-Off Right)

The right for a consumer to cancel a contract without reason in distance selling (internet, home shopping, etc.).

Cancellation Period:
7 days from receiving the goods
(if the contract document is received later, 7 days from that date)

Circumstances Where Cancellation Is Not Available:
1. Goods damaged due to the consumer's responsibility
2. Value significantly diminished through use (e.g., opened and used cosmetics)
3. Resale impractical due to time passing (e.g., perishable food)
4. Packaging of copyable goods opened (software, music CDs)
5. Service or digital content already fully provided

Seller’s Obligations

Seller's Obligations Upon Cancellation:
Refund within 3 business days (for credit card payments: cancellation of the transaction)
Shipping costs are in principle borne by the consumer
(unless the return is due to the seller's fault, in which case the seller bears the cost)

Door-to-Door Sales and Installment Sales

Door-to-Door Sales

Applies when a seller comes to your home or workplace to sell.

Cancellation Right: within 14 days of signing the contract
Multi-level Marketing (MLM): subject to separate regulations

Installment Sales

Installment Contract Cancellation: within 7 days of receiving the contract document
Installment Defense Right: may also be asserted against the credit card company
Prepaid Installment Sales (e.g., funeral pre-need services): enhanced consumer protection

Regulation of Standard Terms (Fine Print)

Standard terms are contractual contents prepared in advance by a business for use in multiple transactions.

Grounds for Invalidity of Unfair Standard Terms:
- Terms unduly disadvantageous to the customer
- Terms that unduly restrict the customer's interests
- Terms that unfairly exempt the business from liability

Duty to Provide and Explain:
- Standard terms must be provided to the customer
- Important terms must be explained
- Failure to comply: the term does not become part of the contract

Data Privacy Law

What Is Personal Data?

Information about a living individual that makes it possible to identify a specific person by name, ID number, or similar identifiers.

Categories of Personal Data:
General Data: name, address, phone number, email
Sensitive Data (special protection):
- Political views, beliefs, trade union/party membership
- Health and sex life information
- Genetic test data
- Criminal records
Special Category Identifiers: national ID number, passport number, driver's license number

Principles of Personal Data Processing

Six Processing Principles:
1. Purpose limitation and data minimization: collect only the minimum necessary for the purpose
2. Prohibition on use beyond original purpose
3. Security management
4. Accuracy maintenance
5. Transparent processing
6. Accountability

Rights of the Data Subject

Six Rights of the Data Subject (you):
1. Right to confirm processing and access your data
2. Right to rectification and erasure (right to be forgotten)
3. Right to restrict processing
4. Right to withdraw consent
5. Right to claim compensation
6. Right to object to automated decision-making (e.g., AI profiling)

Consent Is Required: as a general rule
When Processing Without Consent Is Permitted:
1. Statutory provision
2. Necessary for performance of a contract
3. Public body performing its legal duties
4. Urgent threat to the life of the data subject or a third party
5. Legitimate interest of the controller (where no conflict of interest exists)

CCTV and Biometric Data

CCTV Installation Requirements:
- Mandatory notice signage
- Prohibition on use beyond stated purpose
- Limit on retention period of footage

Biometric Data (fingerprints, facial recognition, iris scans):
- Protected on par with sensitive data
- Separate consent required

Remedies for Data Privacy Violations

Administrative Remedies:
- File a complaint or mediation request with the data protection authority
- Report to the national cybersecurity and internet agency

Civil Remedies:
- Claim for damages
- Statutory damages: up to approximately $300 (claimable without proving actual loss)

Criminal Penalties:
- Illegal provision or disclosure of personal data: up to 5 years imprisonment or a substantial fine

Practical Case Studies

Case 1: You bought clothes from an online shop, but the color is different from the photos. You have tried them on. Can you return them?

If there is no visible change from trying them on, you may exercise the right to cancel (within 7 days). However, if the value has significantly diminished from wearing, cancellation may not be available. If the color differs from the product photo — the seller’s fault — the seller also bears the return shipping cost.

Case 2: An app wants to collect your entire contacts list. Can you refuse?

If access to your entire contacts list is not essential for the service, this violates the data minimization principle. You may refuse consent, and denying you service because you refused consent is unlawful.

Key Takeaways

E-commerce cancellation right: 7 days / Door-to-door sales: 14 days Six data processing principles: purpose minimization, purpose limitation, security management, accuracy, transparency, accountability Data subject rights: access, rectification, erasure, restriction, withdrawal of consent, object to automated decisions

OIYO Editorial