Many companies have started to explore the possibilities of robotic(s) and robotic tailoring. Recently Start Today in Japan and 3D-aboutme in the Netherlands introduced robotic tailoring into the online retail sector. These technologies offer many possibilities for companies but also cause some legal restraints mostly with regards to consumer protection and data protection.
Background
In the summer of 2018, the Japanese online fashion retailer Start Today launched its innovative custom fit label ZOZO in 72 countries. Customers in the Americas, Europe and the Middle East can now receive a free ZOZO suit. These bodysuits, a smartphone camera and the ZOZO app, allows customers to take very precise measurements which can then be used to produce and sell tailor-made clothing.
3D-aboutme in the Netherlands offers Virtual Fit solutions for businesses, allowing online retailers to suggest the perfect fit to their customers based on 3D-models of the body parts of the customer.
Consumer protection
A first focus point relating to robotic tailoring is consumer protection.
European Directive 2011/83/EU on consumer rights obliges online retailers in the European Union to provide for a return shipment policy, allowing the B2C consumer to return online bought goods for any reason -and without giving any reason- but within 14 days after receival.
Exempted from return shipment are goods made to the consumer’s specifications or clearly personalised goods. This implies that in case a bodysuit is for example used to take measurements of the customer in order to suggest the right fitting, the customer is allowed to return the goods. However, in case the clothing is made specifically for the customer taking into account its specific measurements, then the retailer is not obliged to offer a return shipment. This of course implies transparency towards the customer of the making process of the goods.
And, in times where free return shipments are most common, we almost forget that the Directive does not oblige a free return service. The customer can be asked to bear the direct cost of returning the goods unless of course the retailer has agreed to bear them or has failed to inform the consumer that the consumer has to bear them.
Privacy legislation
Another important focus point related to robotic tailoring is the General Data Protection Regulation. On 25th of May 2018, the new General Data Protection Regulation (GDPR) came into force in the European Union, providing very strict rules on the processing of personal data and even more strict rules on the processing of biometric data within a very broad territorial framework.
Territorial scope
The territorial scope of the GDPR is very broad and extends outside the borders of the European Union in certain circumstances.
The GDPR applies to the processing of personal data in the context of the activities of an establishment of a controller/processor in the Union, regardless of whether the processing takes place in the Union or not. The GDPR also applies to the processing of personal data by a controller or processor not established in the Union, of data subjects who are in the Union, where the processing activities are related to the offering of goods or services, irrespective of whether a payment of the data subject is required; or the monitoring of their behaviour as far as their behaviour takes place within the Union.
Thus, online retailers who are established outside the European Union and who are processing personal data of customers in the EU will also have to abide by the rules set out in the GDPR. Moreover, the online retailers who often have offices in the EU as well as outside the EU have to take into account the rules on transfer of personal data. The GDPR states that any transfer of personal data to a third country shall only take place if the conditions laid down in the GDPR are complied with by the controller and processor who is established outside the EU. In other words: the online retailer established in any country outside the EU will have to take into the safeguards and guarantees of the GDPR in case personal data of customers in the EU is processed.
Biometric data
Another focus point should be the processing of biometric data.
Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.
In this case, the measurements obtained through a bodysuit for example can be considered as the processing of biometric data based on the GDPR-definition since the bodysuit captures information on the physical aspects of the customer which can then be used to confirm the unique identification of the customer.
In general the GDPR prohibits the processing of biometric data unless customers have given their explicit consent. The processor also needs to provide for a privacy policy explaining (amongst other things) the legal ground for processing as well as the purpose of the processing. Furthermore the processing of biometric data demands for adapted technical and organizational measures to be taken in order to process in a law and secure manner. Since biometric data is considered to be “sensitive” data, extra care should be taken when processing these data.
Data Protection Impact Assessment
It should also be noted that in most cases a Data Protection Impact Assessment or DPIA will be necessary before even starting to enroll these new technologies such as robotic tailoring especially when “sensitive” personal data such as biometric data is processed.
In case the Data Protection Impact Assessment indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk, then the prior consultation of the national supervisory authority is necessary.
Conclusion
New technologies such as robotic tailoring offer great opportunities to retailer in order to be more cost-effective and to offer a personalised service to their customer. However, together with these new technologies many questions need to be tackled relating to e.g. consumer protection and data protection even for retailers who are established outside the European Union.
Freekje De Vidts
freekje@siriuslegal.be
