Search form

Right now: software vendor liability in the European Union

The European Commission is preparing for consumer friendly activities in the field of digital contracts. As unexciting as it seems, it's where issues like software vendor liability arises, and yes, in its preparatory consultation the European Commission lifts issues of burden of proof.

Not withstanding the rest of the consultation which raises important themes for consumer rights in online environments, question 4.13 of the consultation and everything following it in section 4 should be dedicated careful consideration by those who advocate software vendor liability:

When users complain about defective products, should:

  • Users have to provide evidence that the digital content products are defective
  • Traders have to provide evidence that the digital content products are not defective if they consider the complaint to be unfounded

Please explain your choice(s).

This question is not new in the European Union. In fact, it was raised also in the preparatory process for the consumer rights directive which was finally passed in 2009. In the consultations preceding the adoption of the directive only industry actors appear to have responded. In a report of consultation responses released in 2007 industry actors had told the Commission the following:

 It very much depends on the way the consumer installs the software on his computer, and whether he/she was aware or not at the beginning of the compatibility of the service with his/her own material.
ƒ
 There are many different parts that interact with each other but are not necessarily always compatible according to the quality of the product, the “age” of the computer or the other software/hardware installed. Contributors indicated that if there is a malfunctioning of the digital product supplied, it would be extremely difficult to determine which one of the elements caused the damage.

In the face of these ridiculous comments, the Commission seemed satisfied to conclude that vendor liability was inappropriate. What these statements say, briefly, is consumers are too uninformed to be aware of the damage they cause and that it is additionally too difficult to prove what's gone wrong. Therefore, the burden of proof for complaints about important stuff like security of and expected functionality of the products and services the consumer has acquired should fall on the consumer. But the consumer can never be expected to have better resources and opportunities to investigate security features and functionalities of software than a vendor. Partially because, as the industry says, the consumer is less informed, but also because industry also has no particular obligations to provide means to consumers to perform suchs investigations.

It is time that we don't let industry players get away with saying that they can't take responsibility because their consumers are stupid, and in either case it's too difficult to know if anything's gone wrong. Many things go wrong every day, and with increasing focus on security topics in the media it is becoming more and more obvious that someone in a position to make appropriate amends needs to be similarly responsible for such amends being made.

There are of course many aspects to this issue:

- It's highly impractical to put the burden of proof on the party to the transaction which has the fewest means of producing any evidence.The model in fact guarantees that no one will actually be held accountable for anything in particular ever. Additionally, it is almost certain to guarantee that problems are solved much less quickly, since a vendor who does not disclose or fix problems doesn't suffer any consequences and can still cash in on sales revenue regardless of what crap they put out there.

- There is the situation where there is no clear vendor, where consumers have simply downloaded something from the internet - or downloaded open source software - so that the issue of where the liability should lie becomes more difficult to resolve. One could imagine that if the consumer has access to perform its own scrutiny of digital products, for instance by having access to the source code in an easy way, liability no longer falls on the vendor. Increasing obligations on the vendor with respect to consumers the less transparent the vendor is about the products and services they are putting to market does not seem a bad idea to me, and I believe for instance @dymaxion and @whvholst have dedicated more thought to this.

- Shifting liabilities is not enough. Today, consumers suffer from a dreadful lack of transparency, where they are not entitled to find out if a flaw or defect has been found in a digital product or service which might come to affect them negatively. It would be nice if a legislative solution to these problems included an obligation to be more transparent and informative with respect to consumers, so that consumers have better opportunities to judge which vendors are good and which vendors are bad.  This would seem especially important for security problems, where many of the problems that afflict consumers following a security problem are indirect (that is, it can not be expected that the consumer will necessarily connect the problems they see and experience with problems of the digital product they acquired).

With these words I would highly encourage anyone who reads this to transmit a response to the European Commission on this important topic prior to September 4 2015. Even though it's clearly a long way from here to a new consumer rights directive, this is the first stepping-stone in a long process to set things right also in the digital world. It should not be that particularly consumers and individuals have much less rights, and many more burdens of responsibilities, than they would have in an equivalent situation off-line.

Other issues of concern in the consultation may be for instance what the measure of quality in a digital product could be (4.12), whether vendors should be allowed to change such quality or functionality without notifying the consumer (4.26) and whether in fact consumers need any protection at all (all of section 1).

2 comments

Thanks really good reading. I think for each digital product I buy, one or two din´t work as expected or had something there did, that the experience with it was less great. Of course we shall have some good rights when buying online og is using online services but companies also shall sit on a good place.

I like the open source software and support the idea but must of the software I use isn´t and thin for most persons it will stay that way, for sure if on a windows computer system. If linux it is a hole other talk since many things can run as a script - here Windows is more messy to dance with or even invite to the prom night. And there is a lot crap online and it´s easy to hide og rebrand youself. it take two seconds to start again. Just buy let´s say a new domain + hosting and change a little in the backcode and the front gui. Then I think it´s too easy compared to the physical world. - If you here need to hide you probably would need to change building and that isn´t cheap at all so they for sure need to sell something of higer quality and with alot alpha and beta tesing. BR Sofie, Denmark.

If you use mostly closed-source software, that should not affect you negatively - on the contrary, the vendor should then be held to even higher standards to treaty you well than if you were using open source, since the vendor has effectively removed from you the opportunity to do your own quality checks.

I haven't thought about the re-branding issue, to be honest. I also don't think it's raised in the consultation, and no way to address (or assess the need to address) the problem springs immediately to mind.

Add new comment