LINKS
IN THIS SECTION
- Executive
Summary
- Introduction: The
Scope of E-commerce Legislation and Regulation
- Supranational Regulation:
the EU, the OECD and other bodies
- International Organisations
and Anti-Offshore Initiatives
RELATED
SECTIONS
-
Taxation
of Offshore E-commerce
- Offshore
E-commerce Facilities
- Offshore
Professional and Financial Services
-
Offshore E-commerce Applications
See Supranational
Regulation: the EU, the OECD and other bodies
for a description of measures which have been
adopted by the EU, and for details of other
pending legislation at a more technical level.
Some individual
member states have passed or plan legislation
dealing with aspects of e-commerce outside the
scope of the EU legislation, or which strengthen
individual parts of it.
In the UK,
an e-commerce act in 1999 dealt with contractual
and signature aspects, while the notorious Regulation
of Investigatory Powers Act 2000 (RIP) deals
with the powers of Government and ISPs to intercept
and/or decipher Internet communications. Although
the RIP Act has been much watered down since
it was drafted, it still places a duty on ISPs
to install monitoring equipment at the request
of the Government, and gives the Government
power to demand the key to any encrypted communication,
subject to penal sanctions. Such demands can
be contested in Court, but only after the event.
With the RIP Act in place, the UK has by far
the most intrusive investigatory legislation
of any OECD country.
Following
9/11, the UK government enacted the Anti-terrorism,
Crime and Security Act 2001. Provisions contained
in the Act allow the Home Office to push for
the retention of personal data, in order to
track the users of telecommunication services
if necessary. In 2003, the government introduced
a piece of draft legislation - entitled Code
for the Voluntary Retention of Communications
Data - allowing such information to be retained
for up to 12 months.
In
2003-04, the Office of Fair Trading said it
was planning the introduction of new rules for
e-tailers, intending to bring the sector into
line with other "distance sellers",
with a particular focus on guarantees, terms
and conditions, returns policies, and contact
details.
In
June, 2006, the Treasury published new legislation
to bring the UK's financial services regime
into line with the EU's e-Commerce Directive.
Ireland has
passed an Electronic Commerce Act, signed into
law by the President on 10th July 2000, which
provides for the legal recognition of electronic
contracts, electronic writing, electronic signatures
and original information in electronic form
in relation to commercial and non-commercial
transactions and dealings and other matters,
the admissibility of evidence in relation to
such matters, the accreditation, supervision
and liability of certification service providers
and the registration of domain names, and to
provide for related matters.
In
November, 2003, Ireland's Minister for Communications,
Dermot Ahern signed into law new regulations
dealing with spam, cookies, and other privacy
issues relating to electronic communication.
The European Communities (Electronic Communications
Networks and Services) (Data Protection and
Privacy) Regulations 2003 implemented the EU's
Privacy and Electronic Communications Directive.
The
regulations contained provisions regulating
the use of cookies and spyware, impose restrictions
on unsolicited direct marketing by phone, fax,
e-mail, or SMS, and allow subscribers listed
in freely available directories to specify what
personal information is listed. The rules also
required that subscribers listed in public directories
are informed as to how their data can be accessed
and used, and that mobile location data can
only be used with an individual's consent.
Germany passed
an Information and Communication Services Act
on 13th June 1997, which includes provision
for digital signatures. In mid-April, 2000,
the German government released a summary of
draft amendments to the Act. The amendments,
which are intended to implement the EU Directive
on Electronic Signatures, made several important
changes to the German Digital Signature Law,
but retained the basic security standard under
the current Act. Some German companies that
offer electronic signature products and services
want to retain the stricter standards in the
existing Act, but the Government will probably
stick with its proposals for a more liberal
legal framework.
In
Germany, the e-commerce directive was enacted
in national law (Gesetz zum elektronischen Geschäftsverkehr
(EGG)) on December 21, 2001. This meant a full
implementation of the country of origin principle
in German law.
Italy passed
a law on 15th March 1997 providing for the legal
validity of electronic documents. It provides
that "The instruments, data and documents
constituted by the public service and by private
individuals using computer or telematic methods,
contracts stipulated in such form, and their
archiving and transmission using computer instruments,
shall be valid and effective for all legal purposes".
It further states that "the criteria and
methods of application of this paragraph shall
be set out, for the public service and for private
individuals, in specific regulations".
On 10th November
1997, a presidential decree provided that a
digital signature is equivalent to a handwritten
signature. Different levels of equivalence are
provided. The Decree provided that a digital
signature must be certified by an accreditated
Certification Authority. According to the Decree
the digital signature can be the equivalent
of the hand-written signature but it can also
replace, for any purpose set out in the legislation,
the affixing of seals, embossing, stamps, signs
and marks of any kind. Technical rules relating
to digital signatures, electronic documents
and certification authorities were set out in
a Prime Ministerial Decree on 8th February 1999.
Italy
incorporated the 2000 European directive on
e-commerce into national law on 9 April 2003.
But Italian MPs interpreted the directive in
a more balanced way than their French colleagues.
The Italian version holds Website hosts responsible
for content they allow to be put out from the
time they learn of any illegal content, but
they can only censor a webpage if a "competent
body" rules it is illegal.
Parliament
approved a data protection measure in June 2003
including a section on spam, which could lead
to online censorship. A court can now order
an ISP to block access to foreign-based servers
responsible for repeated and massive spam. This
measure was supposed to include a code of conduct
to guard against infringements of individual
freedom but it was not added.
The
government proposed on 23 December 2003 to amend
the privacy law of June that year, notably to
oblige ISPs to retain customer data on e-mail
and other Internet activity for five years,
to be handed over to a court if required. Strong
protests by opposition parties and cyber-freedom
activists, as well as criticism by the Office
for the Protection of Personal Data, eliminated
this clause from the version approved by parliament.
ISPs
are required to cooperate with police and courts
in investigations but are not legally obliged
to retain any online activity data, except details
of Internet payments for a period of six months.
In Canada
some provinces have enacted digital signature
legislation as well as the national government,
and there are a number of other bills under
consideration at national level. The most important
are:
The Personal Information
Protection and Electronic Documents Act, enacted
October 26, 1999. The Act supports and promotes
electronic commerce by protecting personal information
that is collected, used or disclosed in certain
circumstances, by providing for the use of electronic
means to communicate or record information or
transactions and by amending the Canada Evidence
Act, the Statutory Instruments Act and the Statute
Revision Act
The Electronic
Commerce Bill (Bill 88) had its second reading
on 19th June 2000. The Bill removes barriers
to the legally effective use of electronic communications
by governments and by the private sector. It
is not intended to require the use of particular
technology or to have a large impact on the
methods that people use to communicate. It does
not require anyone to use, provide or accept
information in electronic form. The Bill is
based on the Uniform Electronic Commerce Act
which the Uniform Law Conference of Canada adopted
in 1999, and is consistent in principle with
the United Nations Model Law on Electronic Commerce.
The 'E-commerce
Bill' (Bill 70) was referred to Standing Committee
on May 11, 2000. The Bill provides that the
legal effect and enforceability of information
or documents may not be denied just because
the information is in an electronic form. Subject
to specified limits, where a law requires that
information or a document be in writing or that
a document be signed, the information or document
may be provided electronically and the document
signed electronically. Subject to specified
limits, if a law requires a person to present
or retain information or a document in its original
form, the person may provide or retain the information
or document in an electronic form. In specified
circumstances, an electronic form may be used
to satisfy a statutory or prescribed requirement
for the use of a form.
The Bill also provides that the legal effect
and enforceability of a contract may not be
denied just because information or a document
in an electronic form was used in its formation.
The Bill recognizes contracts formed as the
result of specified electronic exchanges and
allows for errors arising from transactions
with electronic agents to be corrected.
The
Personal Information Protection and Electronic
Documents Act came into force in 2001, with
the following main effects:
Part
1 of the enactment establishes a right to the
protection of personal information collected,
used or disclosed in the course of commercial
activities, in connection with the operation
of a federal work, undertaking or business or
interprovincially or internationally.
It
establishes the following principles to govern
the collection, use and disclosure of personal
information: accountability, identifying the
purposes for the collection of personal information,
obtaining consent, limiting collection, limiting
use, disclosure and retention, ensuring accuracy,
providing adequate security, making information
management policies readily available, providing
individuals with access to information about
themselves, and giving individuals a right to
challenge an organization's compliance with
these principles.
It
further provides for the Privacy Commissioner
to receive complaints concerning contraventions
of the principles, conduct investigations and
attempt to resolve such complaints. Unresolved
disputes relating to certain matters can be
taken to the Federal Court for resolution.
Part
2 sets out the legislative scheme by which requirements
in federal statutes and regulations that contemplate
the use of paper or do not expressly permit
the use of electronic technology may be administered
or complied with in the electronic environment.
It grants authority to the appropriate authorities
to make regulations about how those requirements
may be satisfied using electronic means.
Part
2 also describes the characteristics of secure
electronic signatures and grants authority to
make regulations prescribing technologies or
processes for the purpose of the definition
``secure electronic signature''.
Part
3 amends the Canada Evidence Act to facilitate
the admissibility of electronic documents, to
establish evidentiary presumptions related to
secure electronic signatures, and to provide
for the recognition as evidence of notices,
acts and other documents published electronically
by the Queen's Printer.
Part
4 amends the Statutory Instruments Act to authorize
the publication of the Canada Gazette by electronic
means.
Part
5 amends the Statute Revision Act to authorize
the publication and distribution of an electronic
version of the Consolidated Statutes and Regulations
of Canada.
Most US
states had adopted e-commerce legislation by
the time that the Congress passed the Electronic
Signatures in Global and National Commerce Act
1999, finally signed into law by Bill Clinton
in June 2000, and which was effective from 1st
October 2000.
The motivation
for a federal statute was the fact that over
the previous five years the fifty states had
passed an array of electronic signature and
electronic commerce statutes that fall into
three varying models and are authorized for
varying reasons. Some states provided that any
type of electronic signature was valid. Other
states stated that some minimal form of security
is required (such as tying the electronic signature
to the signer or being able to ascertain that
the message has not been altered). Still other
states validate only digital signatures, thought
to be the most secure and requiring the use
of PKI (Public Key Infrastructure).
In addition to
providing three inconsistent models for approving
of electronic signatures, the states provided
different uses for the approved electronic signature.
Certain states permit only transactions with
government agencies to be accomplished through
the use of electronic signatures, while others
permit only certain kinds of commercial transactions
to be validated.
The Federal Act
'preempts' state legislation unless the latter
conforms to the Uniform Electronic Transactions
Act (approved and recommended for enactment
by the National Conference of Commissioners
on Uniform State Laws in July 1999) or is technologically
neutral.
Under the Federal
Act, consumers must affirmatively consent to
receive electronic records; the consumer may
retain such records and withdraw consent.
The Act is technology-neutral
so that the parties entering into electronic
contracts can choose the system they want to
use to validate an online agreement. Many browsers
contain minimal authentication features and
companies are developing pen-based and other
types of technologies to facilitate online contracting.
In addition, a number of companies already provide
digital signature products using PKI.
The Act specifies
that:
no one is obligated
to agree to use or accept electronic records
or signatures;
its provisions do not affect any disclosures
required under regulation or law
if a notice must be provided to a consumer in
writing, an electronic version will fulfill
that requirement only if the consumer has consented
to accepting an electronic version and has demonstrated
that he can access the information in electronic
form;
it does not apply to the creation and execution
of wills, codicils and testamentary trusts;
to adoptions, divorce or other matters of family
law; to any notice of cancellation or termination
of utility services or the default, acceleration,
repossession, foreclosure or eviction under
a credit agreement secured by, or a rental agreement
for, the primary residence of an individual;
the cancellation or termination of health or
life insurance benefits; or the recall or notification
of a material failure of a product;
it covers contracts, agreements, or records
entered into or provided in, or affecting, interstate
or foreign commerce, as well as those within
the scope of the Securities Exchange Act of
1934;
it defines the term 'electronic signature' to
mean information or data in electronic form,
attached to or logically associated with an
electronic record, and executed or adopted by
a person or an electronic agent of a person,
with the intent to sign a contract, agreement,
or record.
In addition to
the electronic signature provisions, the Act
contains electronic record keeping provisions
that are effective on March 1, 2001.
In Hong
Kong, the Electronic Transactions
Ordinance was enacted on 7th January 2000 and
had effect from 7th April 2000. The Ordinance
establishes guidelines for the validity and
use of electronic signatures and electronic
records. It provides for the admissibility of
digital signatures and electronic records into
legal proceedings.
This Ordinance
also establishes electronic contract requirements
and regulations for certification authorities
are established. If law requires the signature
of a person or provides for certain consequence
if a document is not signed by a person, a digital
signature of that person satisfies the requirement
but only if the digital signature is supported
by a recognized certificate and is generated
within the validity of that certificate. If
a rule of law requires information to be or
given in writing or provides for certain consequences
if it is not, an electronic record satisfies
the requirement if the information is contained
in the electronic record is accessible so as
to be usable for subsequent reference.
Bermuda has
enacted The Electronic Transactions Act 1999.
The Act reflects international standards, including
the UNCITRAL Model Law on electronic commerce,
working papers of the European Parliament and
Council in respect of electronic signatures,
the European Union's safe harbour principles
for data protection, and “best practice”
legislation found in other jurisdictions.
The Act, drafted
by international law firm Linklaters & Payne,
lays a foundation for the conduct of electronic
transactions on a technology-neutral basis that
is sufficiently flexible to embrace new technological
developments and that contemplates a high degree
of self-regulation. It lays down a basis for
electronic documents and signatures to replace
their physical equivalents in all applicable
legislation.
Bermuda also adopted
a Code of Conduct in May 2000. The code is designed
to encourage business to observe integrity,
protect personal data, avoid abusive usage,
advertise truthfully, deal fairly and openly
with customers, and settle complaints and disputes
quickly. In essence, the legislation does not
regulate customers directly, but tasks ISPs
and e-commerce service providers, (such as transaction
gateways) to ensure that their customers adhere
to the Code. The Ministry of Telecommunications
and E-commerce is the final authority regarding
enforcement of the Code. For example, the Code
will outline remedial steps if a customer infringes
on copyright law, and requires the local providers
to report criminal or prohibited acts under
Bermuda law. Furthermore, Bermuda-based companies
are not allowed to engage in online gaming or
adult-content services.
Other
key pieces of legislation include the Electronic
Communications and Transactions Act 2003, The
Computer Misuse Act 2003, and the Data Protection
(Privacy of Personal Information) Act 2003.
REGULATION
OF OFFSHORE E-COMMERCE
- Executive
Summary - A quick overview of major developments
in national and international regulation of
E-commerce with special reference to offshore
e-commerce.
- Introduction: The
Scope of E-commerce Legislation and Regulation
- A review of the range of laws impacting the
conduct of onshore and offshore e-commerce.
- Supranational Regulation:
the EU, the OECD and other bodies - International
initiatives to regulate e-commerce and offshore
e-commerce; anti-offshore initiatives.
- International Organisations
and Anti-Offshore Initiatives - International
initiatives from the G7, the OECD and the EU
to restrict offshore regimes and their tax-saving
possibilities.
|
