Digital Regulation Platform

Consumer affairs


Introduction to digital consumer rights

Why care about consumers?

Digital transformation of the economy has many facets, including digitization of products themselves, of production processes, of the means of advertising and distributing products, of transacting to acquire them, and of course of communications.

Consumers have important interests in each facet, but perhaps especially in communications and the content and other facilities accessed via communications networks and tools. This chapter covers regulatory issues related to consumer interests in connectivity, and outlines consumer issues related to digital content, transactions, advertising, and distribution.

Empowering and protecting consumers has become a more important part of regulators’ jobs for several reasons, including:

All this shows the new benefits available to consumers, and consumers’ shared power in shaping markets, in the digital era. At the same time, the new range of services brings new challenges and new risks, with corresponding needs for consumer empowerment and consumer protection. The statement from the Body of European Regulators for Electronic Communications (BEREC) in Box 4.1 strongly indicates that empowering end-users is likely to become a priority for regulators around the world in the coming decade.

The ITU also stresses consumer affairs in its concept of 5th generation (collaborative) regulation:[5]

Box 4.1. BEREC strategic statement on consumer empowerment

BEREC’s draft strategy for 2021 to 2025 has three high-level strategic priorities: promoting full connectivity, supporting sustainable and open digital markets, and empowering end users. On the last of these, BEREC states:

Engaging consumers in the fast-evolving digital ecosystem is becoming more complex. While digital innovation and competition among digital service providers has improved consumer empowerment, there is still an important role for regulators to play in ensuring a certain level of consumer transparency and digital skills.

The promotion of full connectivity will enable the demand for high-quality services on the part of consumers, provided by the very high capacity networks whose development is a key priority in creating positive interactions.

BEREC will continue its work in promoting choice and empowerment for end-users by prioritising work to build trust in ICT and digital services, and to enable and result in better informed choices by consumers.

BEREC’s approach to empowering end-users is based on two pillars: monitoring of the sector and the appropriate level of transparency. As part of monitoring the functioning of the EECC, BEREC will also monitor new end-user provisions such as the information provision requirements, including the contract summary template, and will provide input to the EC regarding the review of end-user rights. In terms of transparency, BEREC will also continue its work towards greater involvement of stakeholders, including consumer representatives, and publish its work in compliance with the BEREC regulation.

As part of its work on transparency, BEREC will build its knowledge base on AI and explore ways to safeguard consumers against potential risks.

Source: BEREC 2020.

This chapter covers the following topics:

Consumer rights and responsibilities in the digital world

In ICT regulatory contexts, the term consumer usually means a person who buys services for their own or household use. Often it extends to people who buy services for both business and personal use, or for study purposes.[6]

This means that most people in the world are consumers of ICT services.[7] This fact is helpful for regulators who have difficulties in finding consumer representatives to consult on policy issues, or who wonder what actions would best serve consumers. Although these questions are best explored using consumer consultation and research, a good start can be made by considering the consumer needs of one’s own family, friends, and acquaintances – especially where these include people living in rural areas, on low incomes, or in otherwise disadvantaged circumstances.

Basic consumer rights across all sectors were identified in the 1960s as: access, choice, information/education, safety, redress, sustainability, and representation.[8] The 2014 ITU Global Regulatory Symposium incorporated these into their Best Practice Guidelines on consumer protection in a digital world, which are summarized in Box 4.2. These are evolving, for example, into the fuller set shown in Table 4.1, based on consumer research in 23 mainly developing countries, which shows how ideas of consumer and citizen rights are becoming more varied and converging to what are now called digital rights, which accrue to people without role distinction.[9]

Box 4.2. Areas covered in the GSR-14 Best Practice Guidelines for Consumer Protection in a Digital World

  1. Charting a strategic direction giving consumer affairs a higher and better defined profile within a forward-looking overall policy framework covering both national and international contexts.
  2. Enhancing market competitiveness at all levels, treating both ICT providers and OTT service providers equally in regard to consumer protection.
  3. Partnering with industry, taking advantage of providers’ desire to protect consumers from potential harm.
  4. Providing a sound framework for contractual services ensuring transparency, and balance between rights and obligations.
  5. Multiple channels for redress so that consumers can defend their rights rapidly and at no or minimal cost.
  6. Quality of service and consumer experience, introducing measures to assure easy and reliable access to ICTs and web content for all, including consumers with disabilities.
  7. Protecting consumer privacy and data, requiring consumer opt-in for online data collection, paying special attention to protecting children and young people, and setting up computer emergency response teams (CERTs).
  8. Empowering consumers through education, awareness-raising, and participation in policy dialogues, using new media as well as traditional channels like schools.
  9. The consumer right to information, ensuring clear, up-to-date, comparable information in a form that supports consumers’ decisions.
  10. Redefining the role of regulators, possibly including consumer advocacy, bringing evidence, technical expertise, and strong enforcement to bear on matters that concern consumers.

Source: ITU 2014.

Of course, the existence of rights in law varies from country to country, as does their implementation. Rights entail corresponding responsibilities. Consumer responsibilities include:

Table 4.1. Mapping digital rights for consumers and citizens

1. Access and inclusion
• Affordable access and devices

• Quality, reliable connection

• Relevant content

• Right to cap-free Internet

• Infrastructure for remote areas

• Freedom from online harassment

• Equality and inclusion

• Freedom of association

• Open networks

2. Disclosure and transparency
• Meaningful information, easy to access and understand

• Fair contracts

• Informed choices

• Transparent business models and terms of use

• Free press, freedom of information

• Right to communication

• Freedom of expression, end to censorship

• Filtering/content controls

3. Security and safety
• Data protection/security from fraud/loss

• Redress for breaches

• Right to safe and private digital products and services, including for vulnerable consumers

• Transparency on data breaches

• People are who they say they are (digital ID)

• Secure public services particularly for sensitive data such as health

• Safe space for all online: women, minority groups, children, free from hate speech

• Cybersecurity

4. Data protection and privacy online
• Privacy – end to corporate surveillance

• Freedom from invasive marketing

• End to price/quality/service discrimination

• Special provisions for sensitive data and vulnerable consumers

• Right to be forgotten

• Freedom from state surveillance

• End to data-led bias in decisions about jobs, education, justice, public service, etc.

5. Competition and choice
• Choice of provider and ability to switch easily

• Merger control, recognition of data holder’s advantage

• Fair choice regardless of location

• Fair, inclusive markets

• Rights to access justice with a fair hearing
6. Fair use and clear ownership
• Rights to repair

• Right to reply/due process for automated sanctions

• Reasonable lifespan and support

• Fair copyright regimes

• Digital rights management

• Fair use

• Access to knowledge

7. Redress and complaint handling
• Right to easy, simple, and cost-effective access to redress • Rights to access justice and be compensated for harms
8. Digital education and awareness
• Right to consumer education

• Systems and products that are easy to use

• Access to content

• Reliable and verifiable sources

• Rights to education to manage risks and maximize opportunities online

• Rights to digital literacy provision

• Local language provision

9. Regulatory framework
• Rights to be heard in digital policy making

• Processes for companies to respond to consumers

• Transparent processes

• Diversity of voices in Internet governance

• E-voting

• Civic and political participation, online protests

• Freedom of information

10. Responsible business practice
• End to price/quality/service discrimination

• Accountable information/content

• End to lower standards for lower income countries

• Companies meet human rights obligations

• Ethical data supply chains

• Duty of care

• Employee conditions: fair treatment, free from surveillance

Source: Adapted from Consumers International 2017a.

General and special consumer protection law

General consumer protection law has a long history[10] and, over time, its underlying principles have been elaborated in laws that balance the rights of consumers against those of producers. Adjustments are needed as underlying power structures change; typically, the growing relative strength of producers has led (after some delay) to more legal protections for consumers.

Because of its monopoly past and its nature as an essential service and an experience good (which can only be known by trying it out), various special consumer protection regulations[11] for electronic communications have been put in place in different jurisdictions. For example, providers may be required to make both network services and customer services accessible to people with disabilities, and maximum contract lengths may be laid down.[12]

Similarly, special protections are often required for e-commerce transactions. These are justified because consumers usually cannot inspect their potential purchase before making it, and can be subjected to pressured sales techniques, such as “one time” offers and sign-up bonuses. General consumer protection authorities are more likely than ICT regulators to be responsible for enforcing these, but ICT regulators should be aware of their existence. The broader regulation of digital platforms like Google, Amazon, and Facebook is a topic of current debate because of their transnational nature, often coupled with market dominance.

Table 4.2 shows the worldwide variation in existence of a suite of laws deemed essential for developing the digital economy in ways that are safe for consumers, and who is responsible for telecommunication/ICT consumer protection issues. Key points to note include:

Figure 4.1 shows the percentage of regulators reporting involvement in certain activities relevant to consumer affairs in ITU surveys carried out in 2007 and 2019. There is an increase in all activities between the two years. Overall, it seems that most ICT regulators are already active in consumer affairs, and those that are not have plenty of examples to follow.

The ITU’s 2018 report on regulatory collaboration (ITU 2018a)[14] contains a more detailed exposition of these and related trends.

Table 4.2. Responsibility for ICT consumer issues and relevant legislation worldwide

Africa + Arab States Asia & Pacific + CIS The Americas Europe
Total countries in region 65 49 35 46
Data from ITU Consumer Measures Survey 2019
Jurisdiction over consumer protection issues related to the telecommunication/ICT sector (%) Telecom/ICT regulator 62 29 34 26
Consumer protection authority 5 6 20 9
Both authorities 17 24 31 48
Separate consumer protection authority exists (%) 31 41 57 72
Regulator responsible for consumer complaints (%) 91 76 83 85
Specific telecommunication consumer protection legislation/regulation exists (%) 65 55 46 83
Data from UNCTAD Summary of Adoption of E-Commerce Legislation Worldwide
General consumer protection law exists (%) 42 31 80 74
Data protection/privacy law exists (%) 51 45 77 91
E-transaction law exists (%) 71 69 94 91
Cybercrime law exists (%) 69 67 86 91

Source: Based on data from ITU and UNCTAD.

Note: UNCTAD data were taken on May 21, 2020 from (data subject to continuous update). “Law exists” means positive response received. ITU data are from responses to the ITU World Telecommunication/ICT Regulatory survey 2019.

Figure 4.1 ICT regulators reporting activities relevant to consumer affairs, 2007 and 2019

Source: ITU.

Average consumers and vulnerable consumers

Consumer protection law is often framed in terms of imaginary average consumers, who are supposed to be “reasonably circumspect” and able to look after themselves. Increasingly, however, regulatory concern has been refocused towards vulnerable consumers, who are more likely than average to experience detriment in a specific context. Who is regarded as vulnerable will vary. For example, people with impaired hearing are more likely than average to have difficulty with a voice conversation, and people with low incomes are more likely than average to be unable to maintain service when prices rise. Anybody can become vulnerable for a while, for example, through job loss or bereavement.

How regulators should balance the attention paid to the interests of vulnerable consumers compared with average (or privileged) consumers is often a political matter. Equality legislation often requires reasonable adjustment to the needs of people with disabilities, and governments may provide social policy guidance. Economic analysis requires assumptions about aggregate utility or welfare, which may not match intuition.[15] Whatever economic approach is adopted, regulators must clearly recognize that consumers vary greatly in their general and digital behaviour, desires, and resources, and assess the effects of policy decisions on different segments, including the most vulnerable.[16]

The shift to online data

The past decade has seen major change in consumers’ take-up and use of digital services.[17] A market that was dominated by voice telephony is now dominated by data. Voice is still a very popular communications medium, but now is often carried over Internet Protocol (IP) and paid for as part of an Internet or data package. Protecting consumers’ interests in data is only one of a suite of policies needed to foster safe and beneficial data-driven economies.[18]

Electronic communications have always raised privacy issues, related both to their content and to their circumstances (that is, metadata, which would typically include the calling and called numbers and the time, date, duration and location of a call).

Now, Internet use (often via apps) has vastly multiplied both the amount and the type of data that providers can collect from users. Often, this includes their location, interests, browsing history, and transactions – and who is in their social network. Going further, smart objects, like voice assistants in homes, and CCTV cameras and connected vehicles in streets, may capture and transmit information about people who are unaware that such data is being collected. Put together, this so-called big data reaches ever more powerful data processing units, which through artificial intelligence (AI) techniques can now detect patterns in the data and reach probabilistic conclusions about groups and individuals.

These major developments can both benefit and harm consumers.[19] A topical example in 2020 is the use of data in response to the global COVID-19 pandemic – it can help in tracing potential infection, while at the same time raising concerns about unwarranted surveillance. In many countries, data protection legislation is being introduced or strengthened, and specialized data protection regulators are being set up or expanded.[20] In parallel, debates are in progress around the world on the ethical use of data.

Consumer support framework

Roles in protection and empowerment of digital consumers

The ITU (2018a) has shown clearly how different countries have different institutional arrangements for handling consumer affairs, both generally and in specific sectors, digital being just one (cross-cutting) sector. Whatever the institutional set-up, certain roles should be fulfilled. Table 4.3 identifies essential roles and suggests typical organizations that may be charged with fulfilling them. Community groups and social networks add great value in sharing concerns and information, but also bring risks of misinformation and disinformation – with the COVID-19 pandemic again providing examples.

Table 4.3. Roles in digital consumer affairs

Role in relation to digital consumers Typical organizations involved in fulfilling the role
Consumer and sectoral policies Ministries (with wide public input), competition authority
Understanding consumer needs Consumer organizations, regulators, service providers
Consumer protection legislation Government, parliament, courts
Consumer protection regulations and codes of practice Regulators, service provider associations, standards bodies
Provision of consumer information Service providers, comparison and review websites, online forums, consumer organizations, regulators
Consumer education Schools and colleges, broadcasters, press, regulators
Monitoring market functioning Service providers, regulators, competition authority
Complaints handling Service providers, regulators, ADR bodies, courts
Enforcement Regulators, local authorities, police, courts

In Table 4.3, the term “regulators” refers to all regulators who are involved in protecting the interests of consumers when they interact with providers digitally. This will include consumer protection authorities, data protection regulators, and financial services regulators, and often also others – for example, energy regulators, if consumers deal with energy providers online. A typical ICT regulator will have all the “regulator” roles above in relation to connectivity and some online content issues, and will need to work closely with the other types of organization mentioned in the table, including other regulators.

Consumer–provider relationships

Companies often say that they understand their customers and potential customers better than regulators ever can, so there is no need for regulators to carry out consumer research or consult consumers. The first part is true: companies have both incentives and resources to understand what satisfies their customers. However, the second part does not follow from the first. Companies are likely to understand only their own customers (or, possibly, their direct competitors’ customers), and to focus resources on the most profitable market segments. To fulfil their duties, regulators need an overview of the needs of all consumers and would-be consumers, including those “at the bottom of the pyramid” who do not much interest some service providers.

Regulators should not come between companies and their customers, unless direct relations have reached an impasse (or, exceptionally, serious misconduct is alleged). Satisfied consumers are companies’ best marketing channel: welcoming complaints, acting on them at the individual level, and using them as a source of market intelligence, can improve customer service and boost competitive advantage. Regulators should help this constructive relationship to flourish through dialogues with both consumers and service providers. Digital media, such as online surveys, can contribute to dialogues with consumers, but it is important to be aware which consumers are taking part and which are excluded.

Roles of ICT regulators

Specific roles of ICT regulators are shown below. As discussed above, these have become more important and now often extend into aspects of content and data as well as connectivity. What is more, digital media can now help in carrying them out well, for example, through crowdsourcing of consumer views of service levels.

Relevant international bodies

International bodies can help national regulators to handle consumer affairs in various ways, including:[21]

Many other international bodies, in particular regional associations, also play useful roles.

Specific consumer issues

Price and quality of service

Service pricing generally remains the single most crucial aspect for consumers, when both choosing and using services. Low-priced packages attract many consumers, even when low price entails lower quality. New market entrants typically price a few percentage points below incumbents in order to attract their early customers, and competition is nearly always on price as well as on service features.

Regulators’ roles in controlling and monitoring pricing are explored elsewhere in this handbook.[22] Regulators should further help consumers by ensuring that providers’ pricing information is easily accessible, understandable, and accurate. Comparison websites can help consumers choose the best provider and package for themselves, usually only comparing prices; some regulators provide this information, while others encourage consumer or commercial organizations to do so.[23] Another handbook chapter discusses how regulators can help consumers to assess the quality of service they should expect.[24]

The topic of zero-rated content, provided free of charge to consumers by certain service providers, for example Facebook in its Free Basics offering, has proved controversial.[25] On the one hand, many users, especially in lower-income groups with limited data allowances, have welcomed the offering, and, in some countries, it appears to have supported higher take-up of the Internet as well as higher usage of Facebook. On the other hand, some regulators regard such offerings as discriminatory and counter to the principle of net neutrality; India is the prime example of a developing country that has outlawed zero-rated content on these grounds. An OECD study (OECD 2019a) concluded: “The effects of zero rating can be very diverse and depend heavily on the circumstances of individual countries…case by case analysis is almost indispensable”. An earlier study by the Alliance for Affordable Internet (A4AI 2016) came to a similar conclusion, but also provided guidelines to regulators for how to use zero rating to extend access while preserving competition.

Contracts and prepayment

Originally, relationships between service providers and their customers required explicit written agreements, known as contracts. These are still widespread, and often preferred by connectivity providers (CPs) as they provide a predictable revenue stream. Typically, they allow customers to pay usage charges at the end of each month for the service they have already received, an arrangement known as credit or postpayment.

Once entered into, postpayment contracts may last indefinitely (until terminated by either party, usually after a given notice period), or they may have a set duration, typically of a year or more. Regulators may limit contract durations, because contracts that are too long can weaken competition and tie consumers in to deals that no longer suit them.

Since mobile prepayment arrived in the 1990s, it has become extremely popular around the world, because by ensuring that consumers never owe money it sidesteps the formality of traditional contracts and gives consumers much more flexibility over their spending.[26] Although it is especially appreciated by lower-income consumers, consumer protection in prepayment relationships is much less well developed than its postpayment contractual equivalent. Some regulators have taken steps in this area; for example, TRAI[27] in India requires operators to adopt a standard colour code for prepaid vouchers to make their tariffs easier for consumers to understand, and also to provide consumers with both current and retrospective records of how usage reduces their credit balance.

Particularly in e-commerce, contractual terms and conditions (often presented online) are a frequent source of annoyance and complaint. They are often unreasonably long and complex, consumers rarely read them and often feel they have no choice but to accept them.[28] The U.K. government has published materials (Behavioural Insights Team 2019) providing practical guidance for improving this situation, and an international standard is in preparation building on this foundation.

Billing and payment procedures

Digital payments can often be made via CPs for digital content and services received. In-app purchases may be paid for using specialized virtual currencies, but ultimately a consumer’s account may need external funding with “real money”, first converted into electronic credit, for example via a mobile payment account like M-Pesa in Kenya and elsewhere. Established payment mechanisms include calls and messages which are charged at a premium rate, some of which is passed on to a content provider. These and alternatives[29] which enable payment via a CP have led to many dissatisfied consumers, often because the content provider can “hide” behind the CP and even disappear. Different consumer protection systems exist,[30] often involving coregulation, but overall there is a trend away from these indirect payment mechanisms and towards mobile payment apps, like the Malaysian mPay Walet, which are typically regulated as financial entities.

Consumers’ options for paying amounts due to their service providers can also make a big difference to the attractiveness of the service. Ideally both cash and electronic payment should be accepted, without significant payment charges. Time limits for settling postpaid bills must be reasonable, taking account of possible delivery delays (particularly for paper bills).

In case of undisputed non-payment of amounts due, or lasting non-use of a service, service providers may embark on procedures to restrict and ultimately disconnect service. ICT regulators should make sure that these procedures are fair and clear to consumers who experience them, giving the consumers reasonable opportunities to recover full service.

Of course, the amounts that customers are charged must correspond accurately to their chosen package and services accessed through it, with any additional usage charges demonstrably matching actual usage. A high proportion of consumer complaints is usually related to incorrect billing.

Customer service, complaints, and redress

Consumers need to be able to contact their service providers and receive timely responses from them. Ideally, service providers will enable their customers to choose among a range of contact channels, for example, shops, telephone, email, text, or online messaging. Such options are especially important when the consumer has a problem which means they cannot use their own service, for example, to report a fault or restore a disconnected service. The quality of customer service is an important dimension of overall quality of service, and as with other aspects of quality of service, regulators may intervene in markets to varying extents.

However, complaints handling often requires regulatory intervention, because the market incentives on service providers to deal appropriately with unhappy customers are too weak. Typically, regulators require service providers to acknowledge and respond to complaints within specified periods; and provide or organize back-up adjudication for complaints which are not resolved to customers’ satisfaction by service providers. Redress can take various forms, including apologies, righting errors, and paying compensation.[31]

As mentioned above, billing and payments often cause the most complaints to regulators, with quality of network service and customer service following behind. However, particularly in some English-speaking jurisdictions, unwanted commercial calls and messages have become a major problem over the past decade – and these are now spreading to more countries. These often are, or look like, telemarketing attempts, but a proportion have outright fraudulent intent (for example, “wangiri” calls which ring off before they can be answered, encouraging a costly return call from which the fraudster benefits).

Early control measures often take the form of “do not call” lists,[32] where consumers who do not want to receive unsolicited commercial calls or messages can register their telephone number and genuine telemarketers are not allowed to call them. Automated calls (also known as “robocalls” are also illegal in many jurisdictions. However, it is all too easy for wrongdoers to flout these rules, and available enforcement effort has to be focused where it is most effective. Increasingly, technical measures are being introduced in networks, apps, and terminal equipment to stop unwanted calls reaching their targets.[33]

Helping consumers navigate the digital economy

A single digital consumer transaction (for example, a payment to access a music track) can involve a long chain of service providers (in this example, the original performer, recording studios, agencies, content aggregators, online merchants, online money account managers, and Internet service providers). If the consumer seeks prepurchase advice, or if something goes wrong, for example a duplicate payment takes place, who should a consumer approach and how are they to be found? A “one-stop shop” which can point consumers to the right place will help.

The ITU has highlighted[34] the importance of regulators of different sectors and at different levels working together, and this is particularly the case when helping consumers to help themselves. Even for experts the picture is complex, and most people cannot find their way around unaided.

At least, all bodies that offer to help consumers, whether commercial, governmental, or NGOs, should have access to a shared up-to-date database on which of them is responsible for what topic. Usually this can most conveniently be shared online, and a version of it can be made directly accessible to consumers.[35] It should also form a valuable source for organizations and telephone helplines that provide advice and support to consumers, helping to ensure consistency of approach.

Web search will help skilled Internet users to find what they need, but many people still prefer (or can only use) voice services. Ideally, a well-publicized telephone helpline with an easily remembered number that is free to call would be provided for consumer support. Enquiries may be routed via interactive voice response and use chatbots. Ideally, it should also be possible for callers to speak to well-informed, sympathetic live operators who speak their language, but this is likely to raise costs. To limit demand for live operators, special numbers may be provided for people who most need their help, such as those with certain disabilities.

Good businesses will benefit from well-informed, confident consumers and may make voluntary contributions, in cash or kind, to the provision of consumer support. Regulators could also require such contributions – for example, the Indian regulator, TRAI, requires service providers to pay into a Consumer Protection and Education Fund any amounts that are due to customers but which cannot be paid to them.[36] Consumer protection and education could be another application of universal access and service funding.[37]

Provision for consumers with disabilities

The ageing of the world’s population inevitably brings with it a higher proportion of people having some impairment – physical (such as loss of a limb), sensory (such as being blind or deaf) or cognitive (such as dyslexia). The United Nations Convention on the Rights of Persons with Disabilities demands equal treatment for people with disabilities,[38] and specific laws and regulations often interpret what that should mean in practice.

The first concrete recognition by ICT regulators of the special needs of people with disabilities has often been through universal access policies.[39] Increasingly, regulators are also implementing ICT accessibility policies, which may deal, for example, with specialist equipment and the usability of online resources. An ITU survey in 2019 showed that only 29 per cent of 195 regulators responding worldwide had no ICT accessibility framework, with separate attention being paid to mobile, TV/video programming, web and public ICT accessibility, as well as other aspects. However, the percentage with no accessibility framework rose to 48 per cent in Africa.

The South African regulator, ICASA, has a Consumer Advisory Panel[40] which includes representatives of people with disabilities. It also has a comprehensive Code for People with Disabilities,[41] listing many requirements on operators to cater for special needs.

Australia has long had an active disability movement and a responsive regime. A special “accessible telecoms” website[42] demonstrates both a wide range of equipment and services and clear, accessible presentation. The regulator has approved a series of industry Codes of Practice on Accessibility.[43] Compliance with information requirements (to enable people to choose the equipment best suited to specific needs) is compulsory.

Going beyond equitable access, digital technologies can offset disabilities and enhance lives, with broad social and economic benefits. As an example, recent research into ensuring that people with hearing loss can benefit from smart home technology has highlighted the importance of developing mainstream technologies with flexible user interfaces.[44] For example, audible user signals should be capable of being expressed visually.

Smart consumer devices

Telecommunication regulation has focused on networks rather than equipment. Regulatory duties related to devices have usually been limited to ensuring their compliance with standards designed to safeguard users and networks and combat counterfeiting. The important consideration of electromagnetic field (EMF) radiation safety is discussed in Chapter 6 on “Spectrum management”. Consumers deserve reliable, independent advice on the safe use of wireless devices, particularly with the advent of 5G.

The arrival of smart devices raises the question of extending regulators’ remit to other aspects of devices that are significant for competition and consumers. The French regulator, ARCEP, has studied how devices limit Internet openness (for example, because of the need for apps to be compatible with proprietary operating systems), and recommended actions to control this harm (ARCEP 2018).[45]

But multifunctional smart mobile phones are already pervasive. They act not only as telephones but also as cameras, clocks, calculators, TVs, radios, and wayfinding devices – and provide Internet access, often via apps. Smart phones are now being joined by smart watches, smart speakers and other connected devices used at home or on the move, which are being widely taken up by consumers in developed countries and spreading across the world.

These capabilities open new ways for consumers to stay in touch with family, friends, and associates; to learn, earn, spend, save, and play. But they also open new risks, for example, of wasting time and money, and of being misled, deceived, or let down. In extreme cases, they can even lead to addiction, typically through gaming or gambling, or simply excessive social media use.

These sophisticated functions span the different aspects shown in Chapter 7, Figure 7.7, and apps can take consumers into areas as diverse as healthcare and agriculture.[46] ICT regulators cannot, and are not expected to, protect and support consumers everywhere that a smartphone may lead them. They must exercise the essential functions that they are given in their own country, in relation to their applicable jurisdiction, and collaborate with other bodies to achieve broader coverage.

Regulators also need to remember that smart device access and use is still far from universal. Even in developed countries with effectively universal and affordable fixed and mobile broadband, a proportion of consumers do not take up the Internet, whether through choice or through encountering barriers such as disability or lack of confidence. In less developed countries, availability and affordability are often lower and barriers higher, leading to larger offline populations. Proxy use (for example with a younger person helping an older one) is a common way for people to gain some benefits from the digital world while remaining offline. Intermediary services accessible via ordinary phones are another, for example, enabling farmers to access current crop prices by voice interaction. Such services may be seen as digital even if access to them is not.

Trust requires trustworthiness

Just as in the physical economy, a flourishing digital economy depends on consumers’ trust – that is, their belief that others will act in honest and ethical ways. Trust in turn depends on assessment of others’ trustworthiness. In the physical world people rely on personal knowledge or recommendations of which individuals or organizations are trustworthy.

In the digital economy, personal knowledge and recommendations also play a part, but they are nowhere near enough, because the others are so many, can be anywhere in the world, and may not be what they appear. Consumer review websites like Trustpilot and Tripadvisor can be valuable but also risky (OECD 2019b): because it is so easy to fake reviews, industry codes of conduct can make them more reliable, but are not the whole answer. Building consumer trust in the digital economy is a major challenge, not least because of continual setbacks when bad experiences undermine trust. Bad experiences may include interference with connectivity (such as the nuisances of spam and phishing, and security failures like malware and hacking), as well as difficulties with online activity and transactions (such as duplicate payments, disappointing content, or non-existent products). Security and especially privacy have proved to be significant new concerns for consumers – even though their behaviour may suggest otherwise.[47]

ICT regulators can help to promote consumer trust by requiring or incentivizing good business practice that demonstrates trustworthiness. They can also help to educate consumers to be on their guard against bad practice, such as sale of their data leading to unwanted targeted advertising. Where practical, they may take enforcement action against wrongdoers, collaborating across borders with their counterparts elsewhere. Major disputes may reach the courts, if there is one with appropriate jurisdiction.

Online safety for children

Children (defined as people aged under 18) are often more skilled than their parents or teachers at operating smartphones and other connected gadgets, and all over the world have adopted new technologies with enthusiasm as “digital natives”. They readily learn, communicate, and play using these technologies. However, they still lack life experience, and may fall prey to harms. Risks are commonly divided into the “4C” categories below:

Some of these can be addressed in legislation, for example, on data protection and obscenity, but these and other rules are only useful to the extent they are enforced. Ensuring rapid removal of even clearly illegal material from the Internet has proved to be a major challenge, best addressed by collaboration between Internet service providers in a child protection context. The European hotline network, INHOPE, has 46 national members operating collaboratively to take down illegal materials.[48]

Naturally, the adults around them are anxious to protect children from harm, and this may lead to strict controls or even banning of “screen time”. However, extensive research in many different countries shows the importance of helping children to benefit from the many advantages of online activity,[49] and of a measured and age-appropriate approach to controlling their Internet use. The aim is for them to reach young adulthood as fully competent Internet users who understand both the benefits they can get from it (for example in job search or further education) and how to avoid being misled, deceived, or exploited. As part of the work carried out in 2019 by the Broadband Commission for Sustainable Development’s Working group on child online safety,[50] a universal declaration[51] was adopted that outlines the steps that public and private entities must take in order to safeguard children online that complements the ITU’s work on child online protection.[52]

Online safety for adults

Adults can also be vulnerable to harms similar to those that affect children online, especially if they lack experience or belong to a disadvantaged group. Challenges that women have faced in an online environment are already extending to abuse via connected objects.[53]

In addition, as consumers, adults may suffer financial loss through e-commerce or other online transactions, using virtual and electronic money (which deserve, but as yet often do not have, the same legal protection as “real” money). And, as citizens, their voting and other political behaviour may be influenced by online messaging, particularly via social media.

As in the case of children, there are no easy answers. Now that the Internet has become such an integral part of life, barring access to it is rarely justifiable. A balanced, effective approach would include a mix of the following types of government action:

Developments of these kinds, especially the last, are new, and doubtless more of them will emerge in coming years.[56]

Digital identity and automated decision-making

Any person may have several valid identities, linked with different aspects of their lives (ITU 2018b). For example, a woman called Meron Kabede may be “mum” to her children, “Meron” to her friends, and “Ms Kabede” to her boss – and with these names go different identities, as perceived by the person and those around her. The same holds in the digital sphere, where it is easy to have as many identities as desired, and harder for a stranger to associate disparate identities with the same person.

The first digital identity acquired by many people, especially in developing countries, is a mobile phone number. In the past, with prepayment a phone number did not identify an individual, but increasingly, anti-crime measures have been leading to registration requirements for prepayment accounts under know-your-customer (KYC) regulations commonly used in the banking sector, so that the phone number links to at least a name, and probably also a date of birth and often an address, which together uniquely identify the registrant. Mobile phone numbers are also used for personal identification by many applications.

Other forms of digital identity include email addresses, social media account IDs, and, increasingly, official documents like driving licences, health care cards, and passports.[57] Official documents naturally include other personal data – such as, for a driving licence, certification of passing a driving test, and records of any driving offences – and being digital makes it easy to link together different pieces of data about a person. Ultimately, these may all be available to government officials through a central digital identity system like the Indian Aadhaar.[58] To date Aadhaar remains a voluntary system, but as it is used for important official purposes (like claiming benefits) the ability to opt out is likely to become theoretical.

Such all-embracing digital identity systems can offer considerable efficiency benefits, but also raise concerns about over-reaching state power leading, for example, to restrictions on the travel or health care of people whose views are unwelcome to the government. Digital identity systems are being developed which are controlled by the individual, and which reveal only such facts about them as are necessary for the purpose in hand. For example, to buy alcoholic drink a person may have to show their age, to borrow they may have to demonstrate creditworthiness, and to get work, they may need to show residence status.[59]

Automated decision-making is also causing much public interest and concern at present. Systems that inspect applications (for example, for jobs, college places, or loans) use AI techniques to infer the likely performance of applicants, based on comparing their digital identities with those of previous successful applicants.[60] Algorithms trained on historical data are likely to reproduce previous patterns of success, continuing embedded discrimination, unless specific efforts are made to avoid this. In the consumer sphere, personalized recommendations may be appreciated while loss of agency is regretted.[61]

Key findings

Introduction to digital consumer rights

Consumer support framework

Specific consumer issues


  1. See Chapter 3 on “Access for all”.
  2. This stress on fairness is reflected at least across Europe. See, for example, Ofcom (2020) and BEREC (2020), which stresses consumer empowerment as part of its work programme.
  3. See for example Evans (2003), Dutta-Powell and others (2019), Lunn (2014), Lunn and Lyons (2018), and available here.
  4. See Chapter 2 on “Competition and economics”.
  5. available here.
  6. A more detailed discussion of this and related terms (including (end) user, (business or residential) customer, potential consumer and citizen) is given in Digital Regulation Platform thematic section on “Consumer protection in general”.
  7. In the Digital Regulation Handbook and Platform, the term information and communications technology (ICTs) generally refers to telecommunications and related equipment and networks, while “digital” refers to Internet and online-related concepts.
  8. See UNCTAD (2016) for the latest set of basic consumer rights.
  9. Digital Regulation Platform thematic section on “Consumer rights in the digital context” provides a more detailed discussion. The Consumers International report from which Table 4.1 is adapted contains more information on the situation in 2017 and how it may change.
  10. The UN Consumer Protection Guidelines, based on principles articulated by U.S. President Kennedy in the early 1960s, were first adopted by the General Assembly in resolution 39/248 of April 16, 1985, later expanded by the Economic and Social Council in resolution E/1999/INF/2/Add.2 of July 26, 1999, and revised by the General Assembly in resolution 70/186 of December 22, 2015.
  11. Throughout this chapter, the term “regulations” includes relevant licence conditions.
  12. These are explored in Digital Regulation Platform thematic section on “Consumer rights in the digital context”.
  13. Law firm DLA Piper provides a useful facility for comparing data protection laws worldwide,  available here.
  14. See especially chapters 4 and 5, and within chapter 4, the section on “Developments in the field of consumer protection (pp. 53-55) and within chapter 5, section 5.3 on “Power coupling: the ICT regulator and the consumer protection authority” (pp. 133-134).
  15. The welfare weights approach, based on the principle that a USD1 price rise matters more to a person with USD10 than to a person with USD100, is explained in Cowell and Gardiner (1999).
  16. See for example Ofcom (2019) and UKRN (2020). The latter is a good example of regulatory collaboration and data use as well as attention to consumer vulnerability.
  17. See, for example, Chapter 3, Figure 3.1 “Individuals using the Internet and growth rates”.
  18. See Chapter 5 on “Data protection and trust”.
  19. See World Bank (2019a).
  20. See ITU (2018a), chapters 4 and 5, which deal with the remit and powers of ICT regulators and their relationships with other regulators.
  21. Digital Regulation Platform thematic section on “International organizations relevant to consumer affairs” provides more detail and links.
  22. See Chapter 2 on “Competition and economics”.
  23. See, for example: available here provided by the Commission for Communications Regulation in Ireland; available here from Anacom in Portugal; or available here from BIPT in Belgium. As markets attract more service providers and more varied packages are offered, the comparison task becomes more challenging, and some regulators have left it to external providers – see for example the Czech regulator at available here. The formerly exemplary LetsCompare facility at may be in course of revision.
  24. See Chapter 8 on “Technical regulation”, which covers quality of service.
  25. As has the larger topic of net neutrality, which encompasses zero rating and is discussed in Chapter 2.
  26. See Digital Regulation Platform thematic section on “Mobile prepayment”.
  27. See TRAI (2018), chapter 1.
  28. See, for example, Which? (2018).
  29. For example, the U.K. mobile payment mechanism Payforit, explained here: available here.
  30. An established example is the U.K. premium rate service regulator, PhonePaid Services Authority. A 2011 overview of regulatory arrangements in 20 countries is available here.
  31. A Digital Regulation Platform thematic section on “Redress” examines this in more detail, and also collective complaints and collective redress.
  32. Also known as “Robinson lists”, after Daniel Defoe’s fictional character Robinson Crusoe who lived alone on an island for many years.
  33. The topic was addressed in ITU (2017b), reporting on activities from 2014 to 2017, and will be addressed more thoroughly in its successor volume. See Milne (2016) for a presentation on the international situation in 2016.
  34. For example, in ITU (2018a).
  35. An example from the United Kingdom available here.
  36. See TRAI press release available here about an amendment in January 2020.
  37. See Chapter 3 on “Access for all”.
  39. See Chapter 3 on “Access for all”.
  40. available here.
  41. available here.
  42. Supported by both the regulator, ACMA, and the consumer organization ACCAN: available here.
  43. Hosted and managed by the industry Communications Alliance: available here.
  44. available here.
  45. A comic strip introduction to the issues is available here.
  46. See ITU (2017a) for a discussion of the economic potential of apps and the challenge of regulating them.
  47. See findings of Which? research on consumer attitudes and behaviour in 2019 and 2018 available here. The findings of behavioural economics are also relevant here.
  49. See for example available here. Many other valuable resources are available via ITU’s special Child Online Protection website at available here.
  53. See summary of Ugandan women’s experiences available here, and U.K. research project “Gender and IoT” available here.
  54. The Freedom Online Coalition, available here, is a partnership of 31 governments, working to advance Internet freedom.
  55. See, for example, Hodges and Steinholtz (2018) for U.K. developments and proposals, and available here for information on an international movement for ethical business.
  56. See Chapter 2 on “Competition and economics”, which includes discussion of the regulation of digital platforms.
  57. For more information on the transformational potential of digital identification systems, see the World Bank’s ID4D initiative, available here.
  58. available here.
  59. The Identities Project, available here, based on the experience of people in India, is associated with World Bank (2019b). See also Consumers International (2017). The refugee story available here is easy to read and informative.
  60. Discussed more fully in Chapter 7 on “Regulatory response to evolving technologies”.
  61. See Consumers International (2019).


A4AI (Alliance for Affordable Internet). 2016. Policy Guidelines for Affordable Mobile Data Services. Research Brief No. 3.

ARCEP (L’Autorité de régulation des communications électroniques, des postes et de la distribution de la presse). 2018. Devices, the Weak Link in Achieving an Open Internet. Paris: ARCEP.

Behavioural Insights Team. 2019. Contractual Terms and Privacy Policies: How to Improve Consumer Understanding. London: Department for Business, Energy and Industrial Strategy.

BEREC (Body of European Regulators for Electronic Communications). 2020. BEREC Strategy 2021-2025. BoR (20) 43.

Consumers International. 2017a. Connecting Voices: A Role for Consumer Rights in Developing Digital Society. London: Consumers International.

Consumers International. 2017b. Digital ID in Peer to Peer Markets. London: Consumers International.

Consumers International. 2019. Artificial Intelligence: consumer experiences in new technology. London: Consumers International.

Cowell, Frank, and Karen Gardiner. 1999. Welfare Weights. London: London School of Economics.

Dutta-Powell, Ravi, Zoe Powell, and Nathan Chappell. 2019. Behavioural Biases in Telecommunications: A Review for the Commerce Commission. Wellington, New Zealand: Behavioural Insights Team.

Evans, Phil. 2003. The Consumer Guide to Competition: A Practical Handbook. London: Consumers International.

Hodges, Christopher and Ruth Steinholtz. 2018. Ethical Business Practice and Regulation. London: Bloomsbury.

Hogg, Tim. 2020. “Framing Fairness”. InterMEDIA 48 (1): 29-31.

ITU. 2014. Best Practice Guidelines on Consumer Protection in a Digital World. Geneva: ITU.

ITU. 2016. Digital Financial Services: Regulating for Financial Inclusion: An ICT Perspective. Geneva: ITU.

ITU. 2017a. The App Economy in Africa: Economic Benefits and Regulatory Directions. Geneva: ITU.

ITU. 2017b. Final Report on ITU-D SG1 Question 6/1: Consumer Information, Protection and Rights: Laws, Regulation, Economic Bases, Consumer Networks. Geneva: ITU.

ITU. 2018a. Global ICT Regulatory Outlook: Regulatory Collaboration: “Power Coupling”. Geneva: ITU.

ITU. 2018b. Digital Identity in the ICT Ecosystem: An Overview. Geneva: ITU.

ITU. 2018c. Powering the Digital Economy: Regulatory Approaches to Securing Consumer Privacy, Trust and Security. Geneva: ITU.

Lunn, Peter. 2014. Regulatory Policy and Behavioural Economics. Paris: OECD.

Lunn, Peter, and Sean Lyons. 2018. “Consumer Switching Intentions for Telecoms Services: Evidence from Ireland”. Heliyon 4(5).

Milne, Claire. 2016. “Nuisance Calls and Texts: What Can Be Done?”. Presentation for MIIT/ITU meeting in Chongqing, China.

OECD.2019a. The Effects of Zero Rating. Paris: OECD.

OECD. 2019b. Understanding Online Consumer Ratings and Reviews. Paris: OECD.

Ofcom. 2019. Access and Inclusion in 2018: Consumers’ Experiences in Communications Markets. London: Ofcom.

Ofcom. 2020. Making Communications Markets Work Well for Customers: A Framework for Assessing Fairness in Broadband, Mobile, Home Phone and Pay TV. Policy Statement, January 23. London: Ofcom.

Russell, Graham, and Christopher Hodges. 2020. Regulatory Delivery. London: Bloomsbury

TRAI. 2018. Consumer Handbook on Telecommunications. New Delhi.

UKRN (U.K. Regulators Network). 2020. Driving Fair Outcomes for Vulnerable Consumers across UK Markets. Event Report. London: UKRN.

UNCTAD (United Nations Conference on Trade and Development). 2016. United Nations Guidelines for Consumer Protection. Geneva: UNCTAD.

Which? 2018. Control, Alt or Delete: Consumer Research on Attitudes to Data Collection and Use. London: Consumers’ Association.

World Bank. 2019a. Information and Communications for Development 2018: Data-Driven Development. Washington, DC: World Bank.

World Bank. 2019b. Principles on Identification for Sustainable Development: Toward the Digital Age. Washington, DC: World Bank.