Reasonably practicable compliance with POPI is not enough

When considering how much you should do to comply with legislation like the Protection of Personal Information Act, you have three choices:

  1. Do as little as possible and see what you can get away with;
  2. Calculate the degree of “reasonably practicable” compliance required and stick with that;
  3. Adopt a more holistic approach to compliance.

Of the three options, the first is clearly a recipe for disaster. The only questions are when disaster will strike and how devastating will it be?

The second option is a popular one. To begin with, it is a practical solution because it takes into account what the law requires of you in order to meet the law’s standard so you limit your potentially significant investment in a compliance program without a corresponding quantitative benefit. Makes sense, right? In a way, yes, but what it doesn’t take into account is that your primary compliance risk is increasingly not regulators (at least not in South Africa where regulators often lack the capacity to respond very quickly), but rather the people who are directly affected by your decisions.

In other words, complying with laws like the Consumer Protection Act and Protection of Personal Information Act is not a quantitative exercise where you empirically (or as close to empirically as a legal compliance assessment can be) calculate your desired degree of compliance and work to that standard. Instead compliance is qualitative.

John Giles published a terrific post on the Michalsons blog titled “Only do what is reasonably practicable to comply with POPI” in which he explains POPI’s baseline compliance standard which is based on reasonableness and how this translates into what is likely an effective quantitative approach to compliance. It is worth saving the article because it is a handy reference for when you need to understand what the law means by “reasonably practicable”.

I don’t believe that this is enough, though. If anything, the question of what is reasonably practicable should only be part of your assessment of what you should do. The next, and arguably more important, question should be “What should we do to ensure not only compliance with the law but also to earn our customers’ trust?”. No, I’m not suggesting you drink the “rainbows and unicorns” energy drink and incur real money complying with some nebulous standard because your customers will like you more. Well, not entirely. What I am suggesting is that there is another dimension to compliance with legislation that affects people in very personal ways.

When you look at recent privacy controversies involving services like Facebook, Google and SnapChat, one theme that emerges from each of these controversies is not that these companies handled users’ personal information in ways they necessarily concealed from users. Their privacy policies describe what they do with users’ personal information in varying degrees. What really upsets users is that they weren’t expecting these companies to do the things they did because users tend to develop a set of expectations of what to expect from their providers which is typically not informed by privacy policies (because few people read them). These expectations are informed by what these companies tell them in marketing campaigns, what other users and the media tell them, what their friends share with them and their experiences with the services themselves.

When a provider steps outside its users’ collective expectations, mobs form and there is chaos in the metaphorical streets. The fact that these companies stuck to their published privacy policies and terms and conditions is largely irrelevant because users are not wholly rational and analytical. They don’t go back to the legal documents, read them quietly and go back to their daily lives when they realise that they mis-read or misunderstood the legal terms and conditions. No, they are outraged because the companies violated the trust users placed in these companies based on users’ expectations.

You may not have the same number of customers as Facebook, Google or SnapChat and your business may be different but if you are considering Protection of Personal Information Act or Consumer Protection Act compliance, you are dealing with the same people: consumers who have expectations and perceptions which you influence but certainly don’t control. If you violate the trust they place in you, the response will be swift and the consequences from a reputational perspective could be severe.

Fountain Square in Downtown Cincinnati Is a Public Square That Works for the City and Its People in a Myriad of Ways: Tyler Davidson Fountain 05/1973

When you develop your compliance program, assess what is reasonably practicable and set that as your commercial baseline. Then, consider how transparent you can be with your customers about what you intend doing with their personal information?

I remember reading a discussion about partners cheating on each other and at one point in the article the writer said that cheating isn’t just about the act but also the thoughts that precede it. If you have thoughts about another person which you don’t want to share with your partner, that is probably a good indication you are contemplating something you shouldn’t be doing. Apply that to your compliance program and ask yourself if you are comfortable disclosing what you intend doing with your customers’ personal information to them? If you are, be transparent about it in your privacy statement/policy and in your communications with your customers.

If you don’t feel comfortable being transparent about how you intend using your customers’ personal information and, instead, intend hiding behind technical legal compliance with the law to justify your data use, you may be setting yourself up for a bitter divorce and a costly battle with your customers. By the time the regulators arrive to assess your compliance, the damage will already have been done and the reasonably practicable thing to do will be to pick up the pieces of your reputation (and possibly your business) and start earning your customers’ trust again.

Digital marketing law interview on @BallzRadio

Paul was interviewed about aspects of digital marketing law on Ballz Radio today. The interview was part of the business segment and Paul chatted to the team about some consumer protection issues, transparency, terms and conditions and privacy concerns.

Fortunately, Ballz Radio publishes the audio and video of the interviews. You can listen to the audio using the SoundCloud player below:

Tension in the direct marketing industry over opt-in requirements

Tug of War

The Consumer Protection Act sparked quite a bit of interest in direct marketing and consumers’ rights to opt-out of receiving direct marketing communications. It has also highlighted a tension between direct marketers and consumer orientated initiatives to protect and enhance consumer rights. Some of these initiatives have been undertaken by two industry bodies, the Internet Service Providers’ Association and the Wireless Applications Service Provider Association which are self-regulatory bodies focused on ISPs and mobile service providers, respectively. The ISPA and WASPA Codes of Conduct contain provisions which are somewhat more stringent than the Consumer Protection Act, although more in line with the draft Protection of Personal Information Bill when it comes to regulating direct marketing.

I took a closer look at the relevant provisions in the Code as well as related provisions in the Consumer Protection Act and the current Protection of Personal Information Bill which is expected to be enacted in late 2011 in order to how these regulatory frameworks deal with direct marketing and what effect they seem to have on the industry. This post is an overview of these regulatory frameworks.

The ISPA Code

The ISPA Code binds Internet Service Providers directly, and direct marketers that use ISPs to host their services, indirectly. Section E of the ISPA Code states the following:

E. Unsolicited communications

  1. ISPA members must not send or promote the sending of unsolicited bulk email and must take reasonable measures to ensure that their networks are not used by others for this purpose. ISPA members must also comply with the provisions of section 45(1) of the ECT Act, and must not send or promote the sending of unsolicited commercial communications that do not comply with the provisions of section 45(1) of the ECT Act.
  2. ISPA members must provide a facility for dealing with complaints regarding unsolicited bulk email and unsolicited commercial communications that do not comply with the provisions of section 45(1) of the ECT Act originating from their networks and must react expeditiously to complaints received.

ISPA’s members generally adopt a fairly firm approach to unsolicited bulk email for a variety of reasons, and for good reason in many instances. We are all familiar with the deluge of spam that clogs our mailboxes on an ongoing basis. Unfortunately well meaning direct marketers are often caught in the cross-fire largely because they are reliant on ISPs to operate their businesses.

The WASPA Code

WASPA is a self-regulating industry association that watches over mobile service providers. Its members include most mobile service providers and marketers in South Africa as well as a number of foreign mobile content providers. If you market to customers by SMS, the odds are you are using a WASPA member to distribute your messages.

The current version of the WASPA Code is 11.0.  The section in the Code dealing with spam is section 5 which is titled “Commercial communications”.  Section 5.1 deals with “Sending of commercial messages” and specifies certain minimum requirements such as the requirement that WASPs terminate commercial messaging services when a recipient responds to a commercial message with the “STOP” instruction or similar words such as “END”, “CANCEL”, “UNSUBSCRIBE” or “QUIT”.

The definition of “commercial message” is also relevant and it is the following:

A “commercial message” is a message sent by SMS or MMS or similar protocol that is designed to promote the sale or demand of goods or services whether or not it invites or solicits a response from a recipient.

Sections 5.2 and 5.3 deal with spam identification and prevention and are directly relevant.  These provisions state the following:

5.2. Identification of spam

5.2.1. Any commercial message is considered unsolicited (and hence spam) unless:

(a) the recipient has requested the message;

(b) the message recipient has a prior commercial relationship with the message originator and has been given a reasonable opportunity to object to direct marketing communications

(i) at the time when the information was collected; and

(ii) on the occasion of each communication with the recipient; or

(c) the organisation supplying the originator with the recipient’s contact information has the recipient’s explicit consent to do so.

5.2.2. Any commercial message is considered unsolicited after a valid opt-out request.

5.2.3. WASPA, in conjunction with the network operators, will provide a mechanism for consumers to determine which message originator or wireless application service provider sent any unsolicited commercial message.

5.3. Prevention of spam

5.3.1. Members will not send or promote the sending of spam and will take reasonable measures to ensure that their facilities are not used by others for this purpose.

5.3.2. Members will provide a mechanism for dealing expeditiously with complaints about spam originating from their networks.

When it comes to classifying a commercial message as not “spam”, the Code sets out a two part test.  A commercial message is regarded as spam if it is unsolicited except where –

  1. The recipient has either requested the message or has a prior commercial relationship with the message originator and “has been given a reasonable opportunity” to opt-out of further marketing communications from the originator (this is implicit opt-in with an opt-out requirement); or
  2. The recipient has given his or her “explicit consent” to receive the commercial message concerned.

The focus of this test is on unsolicited commercial messages and the default position is that such messages are spam and prohibited unless the originator can prove one of two scenarios (mentioned above), both of which are consent-based.  The first scenario is a combination of explicit opt-in and the second scenario involves a more implicit opt-in.  This is a departure from the current legislative position, although not necessarily of the anticipated legislative framework detailed in draft legislation.

The Consumer Protection Act

The Consumer Protection Act deals with “unwanted direct marketing” in section 11 of the Act.  Consumers’ right to pre-emptively block, refuse to accept or to require a person to discontinue direct marketing communications or approaches is specifically included in consumers’ broader right to privacy which is entrenched in the Bill of Rights.  While the Consumer Protection Act does not explicitly state that it operates on the basis of an opt-out paradigm, section 11(2) supports this conclusion:

To facilitate the realisation of each consumer’s right to privacy, and to enable consumers to efficiently protect themselves against the activities contemplated in subsection (1), a person who has been approached for the purpose of direct marketing may demand during or within a reasonable time after that communication that the person responsible for initiating the communication desist from initiating any further communication.

The direct marketing framework contemplated by the Consumer Protection Act is similar to the framework established for electronic direct marketing in the Electronic Communications and Transactions Act.  Both frameworks enable marketers to send unsolicited commercial messages (to use the basic term in the Code) directly to consumer provided they facilitate and honour requests from consumers to opt-out of receiving further commercial messages from those marketers.  The press release mentioned a Do Not Call Registry which section 11(3) of the Consumer Protection Act provides for.  This registry doesn’t exist yet, at least not in the form contemplated by the Consumer Protection Act, but such registries do exist in varying degrees.

The Direct Marketing Association of South Africa (“DMASA”) operates a National Opt Out Register which its members are bound to comply with.  This Register presently represents the closest registry of its kind to the registry contemplated in the Consumer Protection Act.  Unfortunately this Register is limited in its scope.  It binds DMASA members and its distribution is limited to those members.  It is also subject to exploitation (such an exploit was publicised in ITWeb on 30 May 2011) for illegitimate purposes in its current form although its distribution method is due to shift from email to an authenticated file transfer protocol.

Protection of Personal Information Bill

The Protection of Personal Information Bill deals with “unsolicited electronic communications” in section 66 of the current draft Bill.  This section begins with the premise than unsolicited electronic communications (including SMS and email) for direct marketing purposes are prohibited unless certain conditions are met (the Bill speaks of “processing” which has broader implications than simply sending marketing SMSes or emails but I will confine my discussion to direct marketing messages).  These conditions are, essentially, that the person whose personal information is being used (the “data subject”) has consented to receiving these commercial messages or where the data subject is a customer of the party sending the commercial messages.

This latter condition is a complex one.  In order for a business to market its products and services to a consumer under the Protection of Personal Information Bill, it must have obtained the consumer’s contact details in the context of a sale of a product or service for the purpose of directly marketing the business’s “own similar products or services” and the consumer must have been afforded opportunities to opt-out of receiving those marketing messages both at the time the contact details were collected and “on the occasion of each communication with the data subject for the purpose of marketing if the data subject has not initially refused such use”.

Going further, the Protection of Personal Information Bill requires that “any communication for the purpose of direct marketing” must contain the following information:

  1. details of the identity of the sender or the person on whose behalf the communication has been sent; and
  2. an address or other contact details to which the recipient may send a request that such communications cease.

This section of the Protection of Personal Information Bill appears to shift the current opt-out paradigm to something closer to an opt-in paradigm in that a consumer’s consent is required before a business may market products and services to the consumer or the consumer must be the business’s customer and the consumer’s personal information was collected for that purpose.  The first scenario entails an express opt-in and the second an implicit opt-in with the comfort of a subsequent opt-out option.  These provisions are similar to the provisions of the Code dealt with above and represent a departure from the current paradigm the Consumer Protection Act operates under.  While the Protection of Personal Information Bill is not a final Bill yet and there is still scope for these provisions to change before its finalization and adoption by Parliament, it is worth bearing its current provisions in mind.

Where does this leave direct marketers

Direct marketers are largely dependent on either ISPs or WASPs to conduct their businesses and this presents a number of challenges. The current business model relies on an opt-out paradigm to exist and the ISPA and WASPA Codes are precursors to the Protection of Personal Information Act which shift the paradigm to an opt-in paradigm which most direct marketers probably can’t easily transition to. If the ultimate Protection of Personal Information Act will have the current opt-in provisions for direct marketers then the industry will have to change the fundamental basis on which it operates starting with its database development strategy.

Some marketers have already begun exploring more innovative models based on social media. One of my recent clients, Virtuosa, sent out an email in April informing its newsletter subscribers that it was discontinuing its newsletter and invited its subscribers to follow it on Twitter, Facebook and LinkedIn:

Newsletters are old-fashioned. Research and feedback from you has shown that overall the preferred means to receive updates and engage with us is via our social profiles. We will no longer be sending regular newsletters but rather communicate with you on Social Media. Please connect and engage with us via our social media profiles.

One of the advantages of social media as a broad marketing platform is that services like Twitter, Facebook and LinkedIn are built to be opt-in and have easy opt-out mechanisms built into the platforms. In a way, this model is an ideal direct marketing model because of its higher engagement levels and opt-in basis but shifting to this model basically means discarding existing email and SMS databases in favour of a relatively young channel. Even if marketers ignore social media, they need to seriously start thinking about how they will transition to an opt-in paradigm if the current Protection of Personal Information Bill is passed in more or less the same form it is currently in. As it is, they operate in an environment that is, at least partly, fundamentally opposed to their existing business model.

Image credit: Tug of War by joshwept, licensed CC BY 2.0

Consumer Protection Act Regulations are available

The Consumer Protection Act’s Regulations have been published. These Regulations give much of the Consumer Protection Act much needed substance. These regulations deal with a number of topics including:

  • Record-keeping requirements;
  • Promotional competitions;
  • Rules pertaining to auctions;
  • Contractual terms deemed not to be fair a reasonable.

You can read the Regulations below or download a copy here or here:

Competition rules and the Consumer Protection Act

Update: This post was prepared on the basis of the draft Regulations. The final Regulations were issued on 1 April 2011 and differ from the draft Regulations in some important respects including the requirement to report on various issues which are highlighted in this post. I’ll work on an update to this post in light of the final Regulations as soon as possible.

Competition terms and conditions must be carefully prepared under the Consumer Protection Act. They govern consumer’s relationship with competition promoters and form a contractual basis for that relationship. They can also be fairly tricky to develop given the myriad factors promoters must take into account. Section 36 of the Consumer Protection Act and the proposed Consumer Protection Act Regulations address how competitions should be conducted and, indirectly, what the relevant terms and conditions should contain. The Consumer Protection Act mentions two sets of documents used in connection with “promotional competitions” which it defines as follows:

any competition, game, scheme, arrangement, system, plan or device for distributing prizes by lot or chance if—
(i) it is conducted in the ordinary course of business for the purpose of promoting a producer, distributor, supplier, or association of any such persons, or the sale of any goods or services; and
(ii) any prize offered exceeds the threshold prescribed in terms of subsection (11), irrespective of whether a participant is required to demonstrate any skill or ability before being awarded a prize.

Curling Trip To Nelson British Columbia

In the first place the Consumer Protection Act prescribes what needs to be set out in an “offer to participate in a promotional competition”:

(5) An offer to participate in a promotional competition must clearly state—

(a) the benefit or competition to which the offer relates;
(b) the steps required by a person to accept the offer or to participate in the competition;
(c) the basis on which the results of the competition will be determined;
(d) the closing date for the competition;
(e) the medium through or by which the results of the competition will be made known; and
(f) any person from whom, any place where, and any date and time on or at which—

(i) a person may obtain a copy of the competition rules; and
(ii) a successful participant may receive any prize.

Section 36 alludes to three further sets of provisions which are meant to be set out in the Consumer Protection Act Regulations (currently draft Regulations being edited following a comment period):

  • A monetary threshold for the purpose of excluding so-called “low value” prizes from the “promotional competition” definition;
  • Minimum standards for promotional competition record keeping; and
  • Audit and reporting requirements in respect of promotional competitions.

The draft Regulations, published in October 2010, set the monetary threshold at R1. They also require the promoter (“a person who directly or indirectly promotes, sponsors, organises or conducts a promotional competition, or for whose benefit such a competition is promoted, sponsored, organised or conducted”) to ensure that a –

“chartered accountant, registered auditor, admitted attorney or commissioner of oaths conducts the competition and must be reported on through the promoter’s internal audit reporting procedures”.

Promoters must retain the following information for “at least five years”:

(a) full details of the promoter, including identity or registration numbers, as the case may be, addresses and contact numbers;
(b) the rules of the promotional competition;
(c) a copy of the offer to participate in a promotional competition contemplated in section 36(5);
(d) the names and identity numbers of the persons responsible for conducting the promotional competition;
(e) a full list of all the prizes offered in the promotional competition;
(f) a representative selection of materials marketing the promotional competition;
(g) a list of all instances when the promotional competition was marketed, including details on the dates, the medium used and places where the marketing took place;
(h) the names and identity numbers of the persons responsible for conducting the selection of prize winners in the promotional competition;
(i) in the case of a prize exceeding R 1.00 (One Rand) in value, determined by reference to what a consumer would in the ordinary course of business pay to purchase the prize, an acknowledgment of receipt of the prize signed by the prize winner, and his or her identity number, and the date of receipt of the prize;
(j) declarations by the persons contemplated in paragraph (d) made under oath or affirmation that the prize winners were to their best knowledge not employees, agents or consultants of the promoter or marketing service providers in respect of the promotional competition, or the spouses, life partners, business partners or immediate family members;
(k) a copy of the report contemplated in subregulation (6).

The promoter is further required to prepare a submit a full report referred to in (k) in the document retention list on –

… the conduct and outcome of a promotional competition, detailing as a minimum-
(a) the basis on which the prize winners were determined;
(b) the summary describing the proceedings to determine the winners, including the names of the persons participating in determining the prize winners, the date and place where that determination took place and whether those proceedings were open to the general public;
(c) whether an independent person oversaw the determination of the prize winners, and his or her name and identity number;
(d) the means by which the prize winners were announced and the frequency thereof;
(e) a list of the names and identity numbers of the prize winners;
(f) a list of the dates when the prizes were handed over or paid to the prize winners;
(g) in the event that a prize winner could not be contacted, the steps taken by the promoter to contact the winner or otherwise inform the winner of his or her winning a prize; and
(h) in the event that a prize winner did not receive or accept his or her prize, the reason for his or her not so receiving or accepting the prize, and the steps taken by the promoter to hand over or pay the prize to that prize winner, and must record the name, identity number and contact details of the person compiling the report and the date thereof.

Many of these provisions and section 36 itself inform what should be contained in competition rules. These provisions should deal with a variety of issues including relevant dates, competition mechanics, prize details, communication channels and how and on what basis competition participants’ personal information may be collected and used in the competition and for marketing purposes which may follow the competition’s conclusion.

Its important to bear in mind that competition terms and conditions are contractual provisions and the document is an agreement between the promoter and the participant. These terms and conditions must be carefully prepared to ensure they are complete and comply with applicable law and legal requirements including the Consumer Protection Act’s plain language requirement. Another important consideration is that consumers acquire a right, protected by the Consumer Protection Act, to participate in a promotional competition when they –

  • Comply with any conditions which must be satisfied to earn the right; or
  • “[acquire] possession or control of the medium, if any, through which a person may participate in that promotional competition”

This right, like other consumer rights, is protected by the Consumer Protection Act which imposes certain restrictions on promoter’s actions in relation to the competition itself and elsewhere in the Consumer Protection Act where consumers acquire rights. The fact that consumers acquire and may exercise rights, alone, is likely to have a profound impact on how the Consumer Protection Act is applied. These rights are explicit and are protected. Their explicit introduction has the potential to change our consumer oriented paradigms, which was probably the idea.

Over-selling, bait marketing and coupon sales

Retailers must find coupon sales an exciting opportunity to boost their business but they should take care not to engage in practices the Consumer Protection Act prohibits in the process. Two such prohibited practices are over-selling/over-booking and bait marketing and they could land retailers in hot water.

The temptation to over-promise is, perhaps, almost implicit in how coupon sites tend to operate. As I understand the business model (and I stand to be corrected Update: I was corrected and advised that at least some coupon sites do make money off each coupon sold, not just the ones sold and not redeemed), coupon sites make their money from people who buy coupons and don’t redeem them. Retailers presumably make their money on numbers of customers and increased awareness from coupon related visits.

Boys fishing in a bayou, Schriever, La. Cajun children in a bayou near the school. Terrebonne, a Farm Security Administration project (LOC)

Over-selling and over-booking

One of the practices this section was probably designed to address was airlines’ tendency to over-book flights and leave paid passengers without seats during periods where the airlines underestimated demand. As the name suggests these two activities involve retailers promising more than they can deliver. Section 47 of the Consumer Protection Act deals with these two activities and states the following:

  • A supplier must not accept payment or other consideration for any goods or services if the supplier—
    • has no reasonable basis to assert an intention to supply those goods or provide
      those services; or
    • intends to supply goods or services that are materially different from the goods
      or services in respect of which the payment or consideration was accepted.

If a retailer does engage in over-selling and is unable to meet demand, the retailer will be required to refund the consumer the price paid, interest on that amount paid from the date the amount was paid until the refund is made as well as consideration for “costs directly incidental to the supplier’s breach of the contract”.

The section does provide some relief for retailers. If they find that they are unable to meet demand and procure an equivalent or better alternative for the consumer and the consumer unreasonably rejects the offer, the retailer could be let off the hook.

The risk here in the coupon sales context is that with the number of coupons that tend to be made available through coupon sites, retailers should take care to ensure that they can meet the demand if those coupons are actually purchased and presented for payment. If they don’t, they could be guilty of over-selling or over-booking and be liable not just for a refund but additional amounts I mentioned above. The retailer could also find itself being sanctioned for being in breach of the Consumer Protection Act itself.

Bait marketing

Bat marketing is a devious form of marketing and occasionally encountered through electronics and other sales. Brian Mdluli, the CEO of the Direct Marketing Association, recently recounted a story about his attempt to take advantage of a flat screen TV sale. The TV in question was offered at a bargain price and Mdluli arrived before the store opened to queue for the sale item. When the store opened he was informed the TVs he sought were sold out and he was invited to browse the store for another, higher priced, TV. He said he went back to his car and return to the store with his business card and a copy of the Consumer Protection Act and soon left with an acceptable TV at an acceptable price. It is a humorous story but not an uncommon one. Section 30(1) of the Consumer Protection Act states the following:

A supplier must not advertise any particular goods or services as being available at a specified price in a manner that may result in consumers being misled or deceived in any respect relating to the actual availability of those goods or services from that supplier, at that advertised price.

As with over-selling and over-booking, the retailer must make sure that it can deliver on its promises. If a retailer offers a certain number of items at a certain price then it must be able to deliver those items at that price when the conditions for the purchase are met. In other words, section 30(2) states the following:

If a supplier advertises particular goods or services as being available at a
specified price, and the advertisement expressly states a limitation in respect of the
availability of those goods or services from that supplier at that price, the supplier must
make those goods or services available at that price, to the extent of the expressed limits.

If it can’t deliver on its promises, it may offer to supply an equivalent or better at the advertised price and if the consumer unreasonably refuses the offer, the retailer could be off the hook.

Deliver on your promises

These two similar provisions essentially require retailers to deliver what they promise. If they participate in coupon sites they should do so bearing these prohibited practices in mind. The cost of non-compliance with the Consumer Protection Act can be steep and the reputational impact on a business could be devastating, especially given the social nature of many of these coupon sites. On the other hand, the rewards for becoming known as a retailer that delivers on its promises can be tremendous, both in terms of sales and reputation.

Zappon, coupons and the Consumer Protection Act

Zappon, a South African coupon site and competitor to the likes of Groupon and Wicount, launched this week to some excitement on Twitter. Coupons are pretty hot commodities these days and coupon site valuations have soared with Groupon famously being valued recently at $6 billion. The phenomenon is global and it is increasingly competitive. Zappon, an Avusa Limited initiative, is the latest entrant to the local market and a sizable one at that. It is backed by three of South Africa’s most popular publications: the Sunday Times, the Times and the Sowetan.

Essentially, for those who haven’t come across these sites before, these sites promote coupons offering discounts on products and services offered by third party providers. One example is an offer by popular restaurant JB’s of R160 worth of food for only R50. There are a limited number of “zappons” (Zappon’s name for a coupon) available and for a limited time period. Its all pretty exciting, particularly if you find an offer that is a great deal.

A deal on Zappon

These offers are not made by the coupon site itself, but are rather made by the provider and communicated to the public by the coupon site. In a way, the service is fairly similar to the coupons people still cut out of newspapers or pick up in stores for specified items. What is new is how these coupons are marketed to the public and obtained.

With April looming, the Consumer Protection Act is very much on everyone’s mind so one question that comes up in the context of these coupon sites is what the Consumer Protection Act has to say about them? Section 34 of the Consumer Protection Act deals with “Trade coupons and similar promotions”. The section does not apply to franchise agreements, customer loyalty programmes, loyalty credits or promotional competitions. The Act does use the term “promotional offer” which means the following:

an offer or promise, expressed in any manner, of any prize, reward, gift, free good or service, price reduction or concession, enhancement of quantity or quality of goods or services, irrespective of whether or not acceptance of the offer is conditional on the offeree entering into any other transaction.

Essentially, the section requires providers to give consumers what the coupon promises and not to change the offer terms or introduce artificial constraints after the coupon is purchased. Like many provisions of the Consumer Protection Act and the Consumer Protection Act itself, providers are required to be fair and not mislead consumers. If a provider is going to make an offer, it must do so with the intention of fulfilling the offer on the terms communicated to the consumer.

When it comes to the coupon itself and communications regarding the offer’s details:

Any document setting out a promotional offer must clearly state—

  • the nature of the prize, reward, gift, free good or service, price reduction or concession, enhancement of quantity or quality of goods or services, or other discounted or free thing being offered;
  • the goods or services to which the offer relates;
  • the steps required by a consumer to accept the offer or to receive the benefit of the offer; and>
  • the particulars of any person from whom, any place where, and any date and time on or at which, the consumer may receive the prize, reward, gift, free good or service, price reduction or concession, enhancement of quantity or quality of goods or services or other discounted or free thing.

In the JB’s offer example I mentioned above, Zappon and JB’s must take care to ensure that the copy on the Zappon offer page and the coupon itself set out all the requisite information mentioned above. When it comes to redeeming the coupon, JB’s is obliged to offer the consumer precisely what it offers, namely “any food from the JB’s menu, to the value of R160.” The terms on the offer page limit the offer somewhat by excluding drinks, tips and require consumers to redeem the coupon for sit-down meals during a single visit and the participating restaurant appears to be the JB’s Corner in Melrose Arch. The coupon further has a fixed time period within which it can be redeemed (between 28 March 2011 and 28 April 2011). The limitations are set out in a column prominently titled “Fine Print” which catches a visitor’s eye.

The copy on the Zappon page doesn’t contain all the information the Consumer Protection Act requires to be disclosed to the consumer. Some of this information (particularly regarding coupon redemption) is detailed in the site terms and conditions, and hopefully on the coupon itself. If not, this is obviously a deficiency Zappon would have to address (as would any other coupon site operating in South Africa). On a related note, the Zappon terms and conditions could use tweaking. The terms and conditions don’t appear to comply fully with the Electronic Communications and Transactions Act and the privacy policy referred to in the terms and conditions doesn’t appear to have been published yet (at least not as I write this on 22 March 2011) (Update: Derek Abdinor, one of the Zappon development team members, pointed out that the privacy policy is published and it is linked to in clause 11) does not have its own prominent link where a consumer would expect to find it at the bottom of the page. It should also be linked to earlier in the terms and conditions where it is referred to and not just in clause 11. This is more of a usability and accessibility issue which becomes important when the privacy policy isn’t accessible alongside the terms and conditions where a consumer would probably expect to see a link (this paragraph was updated on 22 March 2011 at roughly 17:30 in response to feedback from the Zappon development team in the comments – thanks for the feedback!).

A consumer, redeeming the coupon, can expect to receive the same products or services he or she would receive were he or she obtaining those products or services in the usual way. In other words, and using the JB’s offer as an example again, a consumer can expect to receive the same quality food when redeeming a coupon as he or she could when walking in and paying the usual price as a non-coupon redeeming customer. JB’s must also make sure that it covers the demands of all the issued coupons or offers a reasonable replacement for items ordered where there is legitimately a supply issue of the items ordered. Again, the restrictions on the provider effectively require the provider to offer the consumer the same products or services it would offer a consumer using another form of tender. A coupon consumer should not have to contend with, for example, a smaller size pizza just because she redeemed a coupon giving her a discount on the meal.

One potential challenge could arise where the coupon site uses the term “voucher” instead of “coupon”. I noticed a few instances of this on the Zappon site, both on the offer page and in the terms and conditions. The reason why this is potentially problematic is that the Consumer Protection Act distinguishes between coupons and vouchers. A voucher, as far as the Consumer Protection Act is concerned, is something more akin to store vouchers you may buy from a bookstore or shopping mall. Vouchers are alternate forms of tender, not necessarily discounted promotional offers such as the ones the coupon sites promote. One of the interesting features of a voucher is that the Consumer Protection Act states that a voucher only expires either when its full value is redeemed or after three years. That expiration term doesn’t work well in the context of coupons and, in the interests of maintaining a clear distinction between vouchers and coupons, Zappon should change its references to vouchers to coupons. Unless its intention is to issue vouchers, of course.

Update: Kerry-Anne Gilowey from August Sun Projects was part of the team that developed the Zappon site content and she pointed out that Zappon actually makes both vouchers and coupons available on the site. Take a look at her comment to this post for more information.

While this post points out potential challenges, Zappon is the latest iteration of an exciting trend for consumers. Zappon and its competitors must ensure that they comply with the Consumer Protection Act, bearing in mind that they could be construed as the providers’ agents in promoting these offers.

Plain language complexities in contracts

As you probably know by now, the Consumer Protection Act mandates contracts written in plain language. That means al that legal jargon few people understand should be removed and replaced with more straightforward language that the average person can understand, not just multi-lingual lawyers with a strong grasp of conversational Latin, Old English and Dutch. While we can all appreciate the value of plan language in a document as complex as a contract, actually writing a contract in plain language and still dealing with all the issues you need to deal with in a contract isn’t always that easy.


One of my clients asked me to take a look at a set of clauses in an agreement I prepared for the client a little while ago. The clauses are designed to limit my client’s liability and were the latest iteration of the liability limitation clauses I used in my contracts (lawyers frequently have precedent banks where they store old precedents and examples of contracts and documents – more often than not any documents your lawyer prepares for you is based on precedents in your lawyer’s precedent bank). Like many lawyers, I improve clauses I use in contracts almost on an ongoing basis. Each agreement I prepare for a client typically represents the latest wording and structure that I am using. The clause in question looked a little like this:

    1. Disclaimers and limitation of liability
      1. The Customer agrees that Acme is unable to, and is not required to, guarantee a particular result or set of results.
      2. The Customer agrees that Acme shall not be liable in respect of any loss or damage caused by or arising from the unavailability of, any interruption to the Services.
      3. The Customer further agrees that –
        1. under no circumstances whatsoever, including as a result of Acme’s negligent acts or omissions or those of its servants, agents or contractors or other persons for whom in law Acme may be liable, shall Acme or its servants, agents or contractors or other persons for whom in law Acme may be liable (in whose favour this constitutes a stipulatio alteri or stipulation for another), be liable for any direct, indirect, extrinsic, special, penal, punitive, exemplary or consequential loss, damage or damages of any kind whatsoever or howsoever caused (whether arising under contract, delict or otherwise or as a violation of any Party’s intellectual property rights and whether the loss was actually foreseen or reasonably foreseeable), including but not limited to any loss of profits, loss of revenue, loss of operation time, corruption or loss of information or data and/or loss of contracts sustained by the Customer, the Customer’s directors, servants, dealers or Customers, resulting from the performance or availability of the Services.
        2. no claims or legal action arising out of, or related to, the Services or this Agreement may be brought by the Customer more than 1 year after the cause of action relating to such claim or legal action arose.
    2. Indemnity
      1. The Customer hereby indemnifies Acme and its officers, directors, employees, servants, agents or contractors or other persons for whom in law Acme may be liable (in whose favour this constitutes a stipulatio alteri or stipulation for another) from any loss, damage, damages, liability, claim, expenses, costs orders or demand due to or arising out of or for:
        1. any violation of any Party’s intellectual property rights including, but not limited to, copyright, trade mark and/or patents; and/or
        2. breach of privacy as a result of the collection and/or processing of personal information (as defined in the Promotion of Access to Information Act, No. 2 of 2000) by the Customer, its directors, employees, agents, suppliers, contractors or service providers; and/or
        3. defamation or slander; and/or
        4. any loss or damage arising out of or in connection with an act or omission of the Customer in connection with the Services or facilities provided by Acme to the Customer.

    These clauses cover quite a bit of ground and are intended to curtail Acme’s liability to the point where any potential liability for harm suffered by something other than gross negligence (you can’t contract your way out of liability for gross negligence) or wilful misconduct should be pretty limited. The immediate problem with the clause is that it really isn’t very easy for the average person to understand on a first or second reading and that prejudices usability quite a bit. Adding to this, the Consumer Protection Act requires companies dealing with consumers to highlight these sorts of clauses and when you factor in the plain language requirements, these clauses need to be intelligible to the average person. Unfortunately it isn’t, despite it being a fairly good attempt at achieving their objective.

    I took a look at this clause yesterday afternoon and thought there had to be a better way to achieve the clauses’ objective of limiting my client’s liability while keeping the clauses written in as plain language as is possible. When it comes to plain language, there is always going to be a tension between using efficient and effective language and writing the clauses as simply as is possible to make the clauses intelligible to the average person. That is not easy at all. One reason is that many of the terms lawyers use are almost shorthand for fairly complex concepts with a lot of legal development behind them. Ditching the terminology would require us to explain the concepts in sufficient detail to retain the effect of the clause and not detract from that effect by diluting the language with terminology that is too simplistic. I suppose its analogous to watering down the jet fuel to a point where people can handle it safely but at the risk of negating its value as propellant in the jet.

    So I sat down with this complicated set of clauses and reworked them over the course of a couple hours. The process involved looking closely at what each element of the clauses was intended to achieve, the legal implications of those clauses and considering whether there was a way to achieve the same effect without blurred vision and headaches. This is one of the versions we (I collaborated with one of my colleagues) came up with:

      1. Disclaimers and limitation of liability
        1. The Customer agrees that Acme is unable to, and is not required to, guarantee a particular result or set of results pursuant to the provisions of this Agreement.
        2. The Customer agrees that neither Acme or Acme’s Associates shall be liable to the Customer in respect of any loss, damage or damages, howsoever caused and howsoever arising, as a result of anything done by Acme pursuant to the provisions of, or in furtherance of this Agreement.
        3. In addition to Clause 1.1.2, no action or proceedings arising out of, or related to, the Services and/or this Agreement may be instituted against Acme by the Customer more than 1 year after the cause of action relating to such claim or legal action arose.
      2. Indemnity
        1. The Customer hereby indemnifies Acme and Acme’s Associates from and against any loss, damage, liability, claim, expense, costs orders or demands which may be suffered by or may arise as a result of anything done by the Customer, save as a result of Acme’s unlawful conduct, wilful misconduct and/or gross negligence.

    The difference is pretty stark although the question now becomes whether this revision has the desired effect: protecting my client and limiting its potential liability as much as the original clause while improving the clause’s legibility and intelligibility.

    I think the revision does achieve what I set out to achieve but we lawyers can’t afford to rest on our upholstery. The law changes pretty quickly and so do drafting conventions. We have to keep iterating with our contract language or we risk falling foul of legal requirements like plain language requirements or opening holes in our clauses’ contractual protections. This sort of work is ongoing and I think it also reveals how seemingly plain language requirements are not always easily met.

    Photo credit: Contract by nyello8, licensed CC BY 2.0