THE INTERNET AND E-COMMERCE

Page 1

THOROGOOD PROFESSIONAL INSIGHTS

A SPECIALLY COMMISSIONED REPORT

THE INTERNET AND E-COMMERCE Peter Carey


Blank page


A Thorogood Report

THE INTERNET AND E-COMMERCE

Peter Carey


Published by Thorogood

Other Thorogood Titles:

10-12 Rivington Street London EC2A 3DU t: 020 7749 4748

Tax Aspects of Buying and Selling Companies

f: 020 7729 6110

Martyn Ingles

w: www.thorogood.ws

Techniques of Structuring and Drafting Commercial Contracts

© Peter Carey 2001

Robert Ribeiro

publication may be reproduced, stored in

e: info@thorogood.ws

All rights reserved. No part of this a retrieval system or transmitted in any form

Technical Aspects of Business Leases Malcolm Dowden

Employment Law Aspects of Mergers and Acquisitions: A Practical Guide Michael Ryley

or by any means, electronic, photocopying, recording or otherwise, without the prior permission of the publisher. This Report is sold subject to the condition that it shall not, by way of trade or otherwise, be lent, re-sold, hired out or otherwise circulated without the publisher’s prior consent in any form of binding or

Insights into Successfully Managing the In-house Legal Function

cover other than in which it is published and without a similar condition including this condition being imposed upon the subsequent purchaser.

Barry O’Meara

No responsibility for loss occasioned to The Company Director’s Desktop Guide David Martin

The Company Secretary’s Desktop Guide

any person acting or refraining from action as a result of any material in this publication can be accepted by the author or publisher.

A CIP catalogue record for this Report is available from the British Library.

Roger Mason

ISBN 1 85418 215 3 Printed in Great Britain by printflow.com


The author Peter Carey LL.B. LL.M. is a solicitor and consultant to Charles Russell where he advises on all aspects of e-commerce and data protection.He is a visiting professor at The College of Law and is the author of several leading books in the field of data protection and e-commerce including Data Protection in the UK (Blackstone Press).Peter is the Editor of the journal Privacy & Data Protection,and he lectures frequently on e-commerce issues.


CONTENTS

Contents Introduction .................................................................................................1

1

ORIENTATION

3

What is the Internet? ....................................................................................4 The nature of e-commerce ...........................................................................5 The law of commerce ...................................................................................6 The law of e-commerce ................................................................................7

2

E-MANAGEMENT

10

E-mail ..........................................................................................................12 Human resources ........................................................................................13 Customers ..................................................................................................14

3

WHAT’S IN A NAME?

15

The nature of domain names ......................................................................16 Management of domain names ...................................................................18 Trade marks and branding ..........................................................................19 Cybersquatting and dispute resolution ......................................................21


CONTENTS

4

E-COMMERCE CONTRACTS

25

Formation of a contract ..............................................................................27 Incorporation of terms ...............................................................................27 Unfair terms ................................................................................................29 The Distance Selling Regulations ...............................................................29 Website linking agreements .......................................................................32

5

LIABILITY FOR WEBSITE CONTENT

34

Reputation ..................................................................................................35 Third party materials ..................................................................................37 Offensive and indecent materials ...............................................................40 Descriptions and prices ..............................................................................42

6

CUSTOMER INFORMATION

43

What is data protection? .............................................................................44 Data protection and websites .....................................................................51 Use of cookies ............................................................................................53 Human rights and e-commerce ..................................................................53 Location data and m-commerce .................................................................54


CONTENTS

7

SECURITY

56

Electronic signatures ..................................................................................57 Encryption ..................................................................................................58

8

TAX

59

VAT .............................................................................................................60 The location of web servers .......................................................................61

APPENDICES

62

Appendix 1: Glossary ..............................................................................63 Appendix 2: Checklist of essential legal considerations .........................65 Appendix 3: Consumer Protection (Distance Selling) Regulations 2000 ...................................66 Appendix 4: Uniform Dispute Resolution Policy ....................................88 Appendix 5: Uniform Dispute Resolution Policy Approved Providers ....94 Appendix 6: Useful addresses and websites ...........................................95


INTRODUCTION

Introduction If you manage or advise a business that either trades online or shortly expects to do so, then this Report has been written for you.There is no doubt that, for all commercial enterprises,the world at the beginning of the 21st century is radically different from what it was towards the end of the last century.Change has always been present in the commercial world, but that change is now extremely fast, complex and unpredictable.Behind this new uncertainty lies the Internet.In order to be able to understand the Internet,and to make appropriate commercial decisions concerning its use,it is essential to have some knowledge of the law that is relevant to it. It is useful to begin with a ‘hypothetical’. Imagine that you either have an idea for a new online (Internet-based) business or you wish to move an existing oldeconomy business online.Having bought a domain name from an online registry, you next get hold of one or two ‘techies’to design a website for you.The website attractively describes your product or service and provides an online registration process. You commence trading with good publicity and the money starts to accumulate in your bank account. However, it is then that one of the following challenges arises: 1.

You wish to expand your business into new products or services and would ideally like to market your new ideas to your existing customer database.You are unable to do so because you failed to take account of data protection legislation when designing your website.

2.

You are contacted by a law firm acting for a company that provides a product or service that has a confusingly similar name to your domain name.The company benefits from being the owner of,and trading under, a registered trade mark.The law firm demands that you operate your site from an alternative domain name.You may be forced to abandon the domain name you have purchased and the goodwill that you have built up, because you failed to carry out appropriate searches as part of your business development plan.

3.

You wish to sell your expanding business and retire to the Caribbean. Your nest egg is threatened because the ‘techies’ (who were not your employees) who designed your website, are demanding a half share of your business.They have an arguable case because you did not enter into an appropriately drafted written contract with them that would have safeguarded your position.

1


INTRODUCTION

These are just a few of the catastrophes that may,and commonly do,arise.In every case they can be avoided by doing some initial research and by taking appropriate legal advice. This Report looks at the law that is relevant to e-commerce and describes the common pitfalls (including those above) that Internet businesses have fallen, and continue to fall, into.The electronic world is still, despite recent high-profile failures,an incredibly exciting,and potentially enormously lucrative, place to do business.But demanding times require precision and attention to detail. It is hoped that you will find this Report to be an essential tool in meeting the challenges presented by the online commercial environment.

2


Orientation W H AT I S T H E I N T E R N E T ? T H E N AT U R E O F E - C O M M E R C E THE LAW OF COMMERCE THE LAW OF E-COMMERCE

chapter

1


CHAPTER

1:

ORIENTATION

Chapter 1: Orientation

What is the Internet? Before we explore the legal and commercial realities of e-commerce it is first necessary to consider the nature of the Internet.We must do this in order to be able to apply the law to it. Common misconceptions can arise merely from the description of the Internet. Use of ‘the’ implies that it is some constant ‘thing’ which has definable edges and a shape and even a legal presence. Actually the Internet is a communications infrastructure, nothing more. It is made up of countless thousands of computers that are connected together by means of telecommunications systems.Not all these computers will be connected at any one time and hence it is impossible to define its size and presence.When one user’s computer is in communication with another user’s computer, the information that is sent and received by each will travel in different and unpredictable routes and will pass through many computers on its journey. All the computers and communications services providers that are not either the original sender or the final recipient of the information are intermediaries or ‘conduits’. Internet connectivity is commonly established by using an Internet Service Provider (ISP).ISP’s are organisations that have a permanent presence on the Internet and provide a fixed line or dial-up service. Some ISP’s make a charge for this service, but many do not. However, most businesses will require a website, and hence web space on the ISP’s server,and this is normally a chargeable service.Businesses wishing to establish a web presence for the first time are advised to consult the trade press (business Internet magazines such as The Industry Standard) for information on ISP’s.

4


CHAPTER

1:

ORIENTATION

The nature of e-commerce Before looking at the legal detail and common pitfalls of e-commerce, we will initially consider the nature of e-commerce – what exactly is it? We will also look at some terminology that is frequently used by e-commerce lawyers and business people, always bearing in mind that what we are dealing with here is not the technology, but rather the way the law applies to the transactions that are undertaken using the technology. E-commerce (or electronic commerce) is the term used to denote a commercial (usually contractual) transaction that takes place between two or more people using the communications infrastructure known as the Internet.The first thing to note is that there is a range of e-commerce transactions,the following of which are examples: •

the purchase by an individual of a book from a commercial website such as that run by Amazon.com

the ordering by Company A of office stationery from Company B’s website

the exchange of e-mails between two persons whereby it is agreed that a certain service will be carried out by one party in exchange for a fee from the other.

We do not usually think of the latter type of transaction as falling within the category of e-commerce, but it is just as much an electronically formed contract as the other two examples:an exchange of e-mails can result in a legally binding contract. For example, if I send you an e-mail offering to sell you one dozen doughnuts, and you respond accepting my offer,this is just as much an e-commerce transaction as one taking place using the colourful pages and flash technology of the World Wide Web. Initially it will be important for an e-commerce business to identify whether its e-commerce transactions will be classified as B2B (business-to-business) or B2C (business-to-consumer).This is because the law applies in a different way to each. Of course, it may be that the e-commerce business anticipates engaging in both types of transaction.The differences between these two types of transaction will be referred to throughout this Report. Other terms commonly referred to throughout this Report are as follows: •

World Wide Web – that part of the Internet which uses the Hyper Text Transfer Protocol (HTTP) to display so-called web pages and to allow links between such pages anywhere on the Internet.

ISP (Internet Service Provider) – a provider of Internet connectivity.

ASP (Applications Service Provider) – an online provider of computer applications, such as software.

5


CHAPTER

1:

ORIENTATION

The subject of e-mails and the potential liabilities that can arise for employers from their inappropriate use is a subject in its own right and will not be considered in detail in this Report.For further analysis see Volume 1,Issue 3 (February 2001) of the journal Privacy and Data Protection.

The law of commerce The law does not currently recognise an e-commerce transaction as being inherently different from a non e-commerce transaction. However, due to the online nature of e-commerce,particular aspects of the law apply differently where a transaction takes place online.This section will briefly consider those aspects of the law that apply to both online and offline transactions. This will be followed by an introduction to those areas of the law that have particular application in the case of e-commerce. None of the topics listed below – aspects of law that apply to commercial transactions generally – will be looked at in any detail in this Report, but it is important to put the e-commerce transaction in the context of its commercial and legal setting. Trading vehicle In the case of an existing business wishing to move online,the legal infrastructure will already be in place.For start-ups it is important to consider the way that trading is to be carried out.It may be that the business will be a partnership. Alternatively it might be a registered limited company. E-commerce start-ups should usually be advised to use a company for trading purposes.The advantages are many, the two main ones being that it is easier to attract investment capital, and that the owners of the company (its shareholders) will benefit from limited liability. Shares and responsibilities This is an issue for start-ups. If a company is chosen as the appropriate trading vehicle then there will be a number of issues that must be agreed upon by the participants:What are the appropriate proportions for share ownership? Who are the directors going to be? Who will be Company Secretary? Will a shareholder agreement be needed? Appropriate legal advice should be sought on these issues.

6


CHAPTER

1:

ORIENTATION

Taxation Once again the normal considerations will apply to both offline and online transactions.The position is slightly complicated in an e-commerce transaction due to the greater likelihood that such a transaction will involve parties who are not located in the same country. Chapter eight considers two particular aspects of taxation that are relevant only to e-commerce. Intellectual property rights The subject of intellectual property is relevant to all businesses but may be particularly important to e-commerce as the business model may involve a greater use of intellectual property.For this and related reasons this Report will deal with a number of intellectual property issues in its various chapters. Terms and conditions of trade Again, this is relevant to all businesses.The terms on which a business obtains its supplies, and upon which it trades with its customers, are of fundamental importance. Incorporation of a business’s terms into its contracts is not usually a problem with offline transactions but significant issues commonly arise with an e-commerce business – see Chapter four for further details.Choice of law and jurisdiction will be an issue in some contractual arrangements,both on and offline.

The law of e-commerce Of greater significance, and the subject of this Report, are those areas of the law that apply specifically to e-commerce.This may be due to the fact that ‘old’ law applies in an unusual way to e-commerce due to the unpredictable (at the time that law was made) nature of the transaction. Or it may be due to the presence of ‘new’law,which,though it may not have been formulated to deal with e-commerce exclusively,clearly has it in contemplation as the main target of its intended regulation. The list that appears below contains those areas of law that are of particular (and in some cases exclusive) interest to e-commerce businesses: Formation of contract How does the law of offer and acceptance apply to an online transaction? In other words, how will a contract be formed in the virtual world? Will a web page that displays a product for sale be an offer or an invitation to treat? This issue has yet to be decided by the courts.Chapter four will consider online contracts in detail and provide advice for ensuring that appropriate contract terms do actually form part of the contract that is created when a purchase is made online.

7


CHAPTER

1:

ORIENTATION

Intellectual Property Rights Much of the value in an idea for an e-commerce website can be tied up in the Intellectual Property Rights (IPR’s).It is essential,particularly when trying to attract seed money from venture capitalists,that these IPR’s are delineated and transferred to the trading vehicle.They may be owned by a number of different people and so IPR assignments will need to be executed at an early stage. In any event the value of IPR’s is notoriously underestimated by businessmen. Appropriate steps must be taken to protect this value and to take steps to safeguard any brand name and associated goodwill.This latter issue is considered further in Chapter three. Copyright Copyright is of course comprised in IPR’s,but there are some specific considerations in relation to copyright that need to be looked at.We know that the law of copyright protects literary and artistic works and that these are the sorts of works that comprise a web page. So far so good. But what about links from one web page to another? Could they constitute breach of copyright? Of course in most instances,there would be no complaint because a link from one website to another would generate increased traffic and this surely is the objective of websites. But in one case a newspaper’s website contained a link to the news section of another newspaper’s website.It was held in an interim application to the court that this could constitute copyright infringement.The reason for the case was that the link bypassed the front (or home) page of the other website and so the users did not get to see the advertising messages on that home page – this technique is known as deep-linking. Sites that undertake deep-linking should be aware of the potential legal challenges that could arise. Domain names and cybersquatting The fact that every website must have a unique Internet address means that many commercial enterprises will be disappointed in their desire for a specific domain name.This is the problem that is inherent in a first-come-first-served system of domain name registrations.Difficulties can arise when one business feels it should be entitled to use a domain name that has already been registered by someone else. Domain names are considered in detail in Chapter three together with the practice known as ‘cybersquatting’and the possible methods for acquiring a domain name that has already been registered by someone else.

8


CHAPTER

1:

ORIENTATION

Data protection This area of the law governs what may and what may not be done with individuals’ personal information.In many cases much of the value in an e-commerce business is in its customer database,which may consist of a variety of information including name, address, e-mail address, date of birth, shopping habits, annual household income, etc. The law establishes a code of conduct (known as the Eight Data Protection Principles) for the processing of such data as well as a right for every individual to see a copy of such data if they request it. Chapter six considers the significance of data protection law for e-commerce businesses. Distance Selling Regulations Towards the end of 2000, and in response to European Union legislation, the UK passed the Consumer Protection (Distance Selling) Regulations.These regulations require all UK businesses that enter contracts with consumers ‘at a distance’(clearly this includes, but is not exclusive to, Internet transactions) to do two main things that they were not legally obliged to do before.The first is to provide certain specific information to the consumer and the second is to allow consumers a ‘cooling-off’ period of seven working days from receipt of goods to return the goods for a full refund.The Distance Selling Regulations are considered in detail in Chapter four. IT requirements There will be a number of legal considerations which arise from the infrastructure and services which are required for an e-commerce business. Hence there may be purchase or rental of hardware and software,rental of server space if required and a website hosting and development agreement where the hosting is to be outsourced.These topics are considered where relevant throughout this Report. Law and jurisdiction One of the difficulties with an Internet transaction is that the buyer and seller may be in different parts of the world.The question then arises as to which legal system will govern the contract in the absence of any binding express provision. A related question but one which is more complex and somewhat political is which court system will have jurisdiction to hear any relevant litigation?

9


E-management E-MAIL HUMAN RESOURCES CUSTOMERS

chapter

2


CHAPTER

2:

E-MANAGEMENT

Chapter 2: E-management Before proceeding to look at the law of e-commerce,it is useful to consider some particular aspects of e-business management. There is no doubt that, for the managers of any commercial enterprise,the Internet presents the most significant universal challenge that has yet been presented in the history of commerce. It is tempting to think of the Internet as merely an electronic expression of what has gone before:e-mails replace typed letters,websites replace glossy brochures and electronic invoices replace their paper equivalents. But the Internet is not merely a more efficient replacement for existing systems. Its significance lies in its ability to be not merely a communications device,but a market,an information system and a manufacturing tool. It allows managers to do not only what they have done before – communicating with suppliers, advertising products and services,collecting customer data and obtaining payment – more efficiently,cheaply and comprehensively,but also opens up significant new possibilities for the core operations of every business. Of course it is the potential to increase productivity and cut costs that is a most attractive feature of the Internet, and this must not be overlooked. Suppose, for example, you are a car manufacturer.Traditionally you have obtained orders for new cars from a network of showrooms that have in turn obtained orders from their customers.Where outsourcing has been required, you have placed orders with your suppliers. Assembly takes place,the car is customised to the customer’s requirements and is shipped to the dealer.With the Internet comes the possibility of the customer placing their order online.They can choose their accessories and colour scheme and create a virtual image of how the car will look on-screen before proceeding with their order. Direct electronic communication of the order eradicates possible mis-communication in, and later arguments over, choice of specification.The delivery date can be electronically calculated and arrangements for payment can be finalised. The manufacturer’s automated system will communicate electronically with suppliers so that the alloy wheels,or whatever has been selected,can be delivered precisely when needed for fitting to the vehicle. The finished product can be delivered via an intermediary dealer or direct to the customer. For further ideas on how the Internet can be used to further your business objectives,see The Internet as a Business Tool by Brian Salter and Naomi LangfordWood (a Thorogood Report).

11


CHAPTER

2:

E-MANAGEMENT

E-mail The spread of electronic communication brings transparency and openness to the management process.The ease with which an e-mail can be forwarded to hundreds or thousands of people changes the nature of communication – one must now assume that not just the recipient will read an e-mail that is sent to him. It is no longer possible to hide behind mountains of paperwork or to ‘lose’ a letter to which it is currently not desirable to respond. It is common knowledge that the ability to send and forward e-mails causes two main concerns for employers.The first is that time will be wasted – some employees spend several hours each week in sending e-mails to friends.The second is that the employer will incur some liability as a result of the content of such e-mails. Both these concerns can be met by an ‘e-mail policy’, which should be clear and comprehensive.It should set out the employer’s attitude to e-mail and explain that employees’e-mails will be monitored (if this is desired) to ensure quality of service and appropriateness of communication.The presence of such a policy should have the effect of employees exercising some caution when sending and forwarding e-mails. It should also mean that embarrassing incidents such as the Norton Rose ‘blow job’ e-mail debacle can be avoided. It should be noted that the monitoring of employee e-mails has data protection and privacy implications that are beyond the scope of this Report (see Volume 1, Issue 3 of Privacy and Data Protection for an analysis of this topic). A related issue is that of pornography. Pornographic images are popular with employees but cause great concern for employers.Not only do they waste employee time,they cause offence and clog vital server space.They could also lead to liability for the employer (see Chapter five).To avoid the sort of situation experienced by Orange when it dismissed 30 employees for downloading and distributing pornographic images, a clear statement should be made to employees of the employer’s attitude to this activity.To stem the flow closer to its source,the business should consider installing software capable of screening-out unwanted material. E-businesses should remember that an e-mail is a business document in the same way as is a letter or a fax. E-mails must therefore comply with the requirements of the Companies Act 1985, namely that the following information must appear: •

the full name of the company;

the registered number of the company;

the address of the registered office; and

the country of registration of the company.

12


CHAPTER

2:

E-MANAGEMENT

Human resources Given the current climate of short-term working practices and the need to have efficient and productive staff, e-businesses need to focus on staff attraction and retention. E-businesses, generally speaking, need fewer but better staff. This may require a review of working conditions, working practices, pay structures and benefits.The e-business revolution has,significantly,created new jobs that did not exist in the offline economy – examples include website designers, knowledge management officers and e-business managers. Workers in e-business are increasingly flexible, many working from home or onthe-road.Rather than being feared,such practices should be embraced by businesses. Not only do they lead to a lowering of overheads (heat, light and a desk in the office are not required for mobile workers) but they can create greater satisfaction and loyalty amongst staff. Appropriate communication infrastructures should be employed so that staff are kept fully informed of events ‘back at the office’and are able to communicate with other staff members,as well as customers and suppliers.Where sales teams spend much of their time out of the office,they too should be kept fully informed and accountable. The lack of office presence of individual employees and the globalisation of businesses mean that the ‘drink after work’ and the ‘training weekend’ become increasingly difficult.Many businesses are developing corporate portals for their business to employee (B2E) communications. Such portals can prove invaluable in providing information and training to employees. Larger companies can additionally use the portals as an online job market and to provide maps of buildings and photographs and locations of staff. Some companies motivate employees to log on to the portal on a daily basis by posting the share prices of the company or by displaying a list of employee birthdays for the relevant week. A section of the portal can be used for selling the company’s products to the employees. The Internet can be used for recruiting staff.Potential job applicants can be given up-to-date information on vacancies, be taken on a virtual tour of the business and be invited to apply online.Communications between the HR department and job applicant can be undertaken by e-mail.The expense of using a recruitment agent can be saved.

13


CHAPTER

2:

E-MANAGEMENT

Customers The Internet gives rise to the possibility of a wider marketplace. Customers may now be located anywhere on the planet but have equal access to the marketing material of the business. Systems should be set up to deal with this new global presence. Better information on customers is available from the monitoring of their activities whilst visiting the website.Using cookies it is possible to ‘personalise’the content of the site for each particular customer.Knowing that a customer lives in Oxford, for example, it is possible to display a banner advertisement for an Oxford-based pizza restaurant on your homepage.Were a different customer to visit the homepage, the advertisement would be of a different kind. Location-specific and targeted advertising have data protection implications and detailed proposals should be submitted to a data protection lawyer before procedures are implemented. As the technology grows, so do customers’ expectations. Customers will expect to be kept informed of the process of their order and will want more information than would have previously been available.Electronic order tracking systems should be available to customers online to provide them with this information. DHL, for example,has a system which enables a customer to see the location of their package at each stage of its journey and to know the precise moment that it is ‘signed-for’ by the recipient.

14


What’s in a name? T H E N AT U R E O F D O M A I N N A M E S MANAGEMENT OF DOMAIN NAMES TRADE MARKS AND BRANDING C Y B E R S Q U AT T I N G A N D D I S P U T E R E S O L U T I O N

chapter

3


CHAPTER

3:

WHAT’S

IN

A

NAME?

Chapter 3: What’s in a name?

The nature of domain names One of the first things that an e-business must do is to choose a domain name. A domain name is essentially an ‘e-commerce logo’ which provides companies with their ‘e-identity’.It is in fact a user-friendly alphanumeric alias for an Internet Protocol (IP) address. An IP address is a unique number that identifies a particular computer that is attached to the Internet. A user wishing to connect with a particular website will type in the domain name relating to that site. Computers searching for the site will then convert this name back to the IP address so as to connect to the relevant server. It is important that the domain name chosen is memorable.Many companies choose a domain name that is associated with their product, brand or company name (e.g. www.barclays.com, www.virgin.co.uk, www.dyson.com). The process of domain name registration is easy and cheap and for this reason, as well as other legal reasons,the business would be wise to maximise the protection of its goodwill by registering alternate versions of its domain name. To see how the law applies to domain names and to understand the difficulties that can arise it is important to understand the difference between the constituent parts of a domain name.The section to the furthest right of the domain name is known as the Top Level Domain (TLD).TLD’s are split into ‘generic’top-level domain names (gTLD’s) and ‘country-code specific’ top-level domain names (ccTLD’s). There are only three gTLD’s that are generally available on a first-come-first-served basis to anyone in the world:

The gTLD’s .com .net .org

Figure 1:The gTLD’s

16


CHAPTER

3:

WHAT’S

IN

A

NAME?

For generic top-level domains there is no need to prove anything to the registering authority before registration can be effected. In other words, despite its name, a person wishing to register a .com domain name, is not required to prove that the website will be used for a commercial organisation – they could for example intend to use the site to display photographs of their cats.Traditionally however .com, .org and .net have been used by commercial enterprises,not-for-profit organisations and Internet infrastructure companies respectively. ccTLD’s are numerous (there are about 190 countries with ccTLD’s) and these are represented by two letters of the alphabet. Examples are shown in the box below:

Examples of ccTLD’s .ch

Switzerland

.ni

Nicaragua

.fr

France

.tv

Tuvalu

.in

India

.uk

United Kingdom

.my

Malaysia

.jp

Japan

Figure 2: Examples of ccTLD’s Many ccTLD’s are generally available to anyone on a first-come-first-served basis worldwide. The Economist for example recently registered economist.tv for its new venture,web broadcasting in video format of topical news stories.However, some countries restrict the use of their ccTLD – for example the Australian authority, which regulates the .au ccTLD, requires the applicant to show some connection with Australia. In Norway (.no) would-be registrants are required to provide an ‘enterprise number’,obtainable only by Norwegian companies.Some ccTLD’s include more than one TLD so that they can be used for a specific type of organisation, e.g. .co.uk, .ac.uk and .org.uk to denote a commercial body, academic institution and not-for-profit organisation respectively.The remaining .uk domains are .ltd.uk, .plc.uk, .net.uk, and .sch.uk. The next part of the domain name is the Second Level Domain (sometimes called sub-domain). For example in the case of the law firm Charles Russell, the SLD is cr-law.The combination of the TLD and the SLD is the part of a domain name that it is possible to register (e.g. cr-law.co.uk).

17


CHAPTER

3:

WHAT’S

IN

A

NAME?

It is of interest to note that new gTLD’s are being introduced from Summer 2001. They are the following:

The new gTLD’s .biz (businesses)

.web (Internet network providers)

.aero (airlines)

.info (information services)

.pro (the professions)

.coop (cooperatives)

.museum (museums)

Figure 3:The new gTLD’s

All commercial enterprises should put in place a strategy for registering the new gTLD’s when they go live. A ‘sunrise’ period of registration restriction will mean that only those applicants that own registered trade marks will be successful during the first few weeks of the new system.

Management of domain names No serious commercial enterprise is without a domain name.Indeed the number of domain names that have been registered during the past five years could be graphically represented by an exponential curve.By 1995 approximately 100,000 domain names had been registered.At the beginning of 2000 this number had increased to 6 million. At the time of writing the number of domain names registered stood at more than 40 million.Commonly there are no pre-conditions for registering a domain name and no restriction on the number of domain names that can be registered. In the case of start-ups or new ventures for existing businesses, it is important to register the chosen domain name as soon as possible, and certainly before any publicity about the business is released to the public.There have been several cases in the past few years where a company has sent out a press release concerning a new business venture,including the proposed business name without having secured the domain name.The same day a member of the public who has seen the publicity surrounding the venture has registered the proposed business name as a domain name.Mediation with Nominet or dispute resolution with ICANN (see below) can produce a satisfactory resolution but will inevitably be expensive and time-consuming.

18


CHAPTER

3:

WHAT’S

IN

A

NAME?

E-commerce businesses are advised to register all ccTLD variations of the domain name that relate to those countries where the client expects to do business as well as all gTLD’s that are available.This prevents someone from registering the same SLD as the business,albeit with a different TLD.Businesses should also register all variations of the name, for example using hyphens where the SLD consists of more than one word or even common misspellings.This prevents anyone from taking unfair advantage of the goodwill in the business by engaging in the activity known as cybersquatting.An appropriate and sensible commercial strategy for domain name registrations, coupled with relevant trade mark registrations, can reduce the risks posed by cybersquatters. It should also be remembered that a domain name is not a property right as such. Rather,a domain name registration allows the registrant the exclusive use of that domain name for the period of registration. Registration periods are commonly either one or two years.It is vital that renewal is made otherwise use of the domain name will be lost.

Trade marks and branding For the protection of a business or its product or service, the registration of a trade mark or service mark should be considered. An infringement action can then be brought against anyone using the same or similar mark in respect of a similar business in the jurisdiction of registration.Where brand protection is not available by use of a registered trade mark (due to,for example,the business being unable to comply with the strict requirements of the registration process) some protection may be available from that branch of the law known as ‘passing off’. This section considers the law of trade marks and passing off specifically in the context of protection of domain names. Trade marks The fundamental difference between a trade mark and a domain name is that there can be several identical trade marks registered in different parts of the world, or even in the same jurisdiction, by different people. Each identical trade mark can relate to a different type of goods without any possibility of the trade mark use constituting an infringement. By contrast there can only ever be one of each domain name, as such names are necessarily unique.Whilst use of an identical domain name to one registered by an e-business is therefore impossible, registration and use of a similar domain name by a third party is not unlikely. For example, although I may register the domain name, pwcarey.com, this does not stop someone else registering the domain name p-w-carey.com or pcarey.com.

19


CHAPTER

3:

WHAT’S

IN

A

NAME?

In other words,the domain name registration system offers no protection against the registration of similar names.An action for trade mark infringement on the other hand can be brought against not only those persons who use an identical mark in relation to similar goods or services, but also against those who use a similar mark in relation to similar goods or services.E-businesses should therefore aim to support the protection of their brands by registering a trade mark for their domain names in each of their principal trading territories.Trade mark registrations can be undertaken by law firms or trade mark agents. It is possible that use of a domain name by one person may constitute the infringement of a registered trade mark of another.The claimant must show,under s10 TMA 1994,that there has been use of an identical mark in relation to identical goods/services or use of a similar mark in relation to identical/similar goods/services where there is likelihood of confusion. Passing off Where goodwill in a business is being used by another for their own benefit but that other is not using an identical or similar registered trade mark, the business may be able to bring an action for ‘passing-off’. An action by one business against another or against an individual in the tort of passing off usually requires a misrepresentation in the course of trade, which leads to financial loss. An exception to the rule that to succeed in a passing off action the claimant must show that the defendant was using the same or similar mark in the course of trade was established in the context of domain names in the case of BT and Others v. One in a Million Ltd (1999) FSR 1. In the case, brought by BT,Virgin, Sainsburys and others,the court held that the ‘mere creation of an instrument of fraud’could amount to passing off. One in a Million Ltd was forced to give up its interest in certain domain names that it had registered such as sainsbury.com, virgin.com and bt.org. It had registered these domains in the hope of selling them to the relevant companies for a profit. Some would argue that the companies should have had the foresight to resister these domain names themselves and should not expect the law to rescue them from their lack of commercial awareness. Nevertheless the court showed a willingness to adapt the common law to the changing commercial environment. The laws of both trade mark infringement and passing off are difficult to prove and in any event litigation takes a good deal of time and money.For these reasons businesses that have found that others have registered domain names that they feel should in fact belong to themselves have chosen to engage in dispute resolution as an alternative to a court action.

20


CHAPTER

3:

WHAT’S

IN

A

NAME?

Cybersquatting and dispute resolution Cybersquatting is the activity that involves the bad faith registration of trade marks as domain names. Where an e-business finds itself to be the victim of a cybersquatter there are a number of potential courses of action. In appropriate circumstances the cybersquatter can be sued in a court of law for infringement of a registered trade mark or in the tort of passing off (see page 20). An alternative, and often cheaper and faster procedure is to enter into domain name dispute resolution. Dispute resolution is a useful alternative to litigation for those cases where a claimant feels that they should be entitled to use a domain name that has been registered by someone else.Such a situation commonly arises under the existing procedure for domain name registrations,which is essentially a ‘first-come-first-served’system. In most cases anyone can purchase the exclusive right to use a domain name, provided that no one has registered it beforehand.The One in a Million Case (see page 20) showed that it is possible to obtain a court order for the transfer of a domain name, but litigation is inevitably costly and time consuming. The Internet Corporation for Assigned Names and Numbers (ICANN) set up a dispute resolution system for the top-level generic domain names (.com,.net and .org) in December 1999.That system, known as the Uniform Dispute Resolution Policy (UDRP),has proved very popular and successful.It is administered by four bodies (the best known of which is the World Intellectual Property Organisation) and frequently results in a domain name being transferred to the claimant.This section considers the dispute resolution procedures of ICANN and Nominet (which administers all .uk domain names). ICANN dispute resolution procedure The important thing to bear in mind is that domain names are not property as such.The registrant’s rights to use a domain name derives from the contract that it enters into with the registration authority. As far as gTLD’s are concerned, the registration authority is ICANN (Internet Corporation for Assigned Names and Numbers). ICANN set up a Uniform Dispute Resolution Policy (UDRP), which became operational on 1 December 1999. The UDRP applies only to those domains administered by ICANN i.e.the three gTLD’s .com,.net and .org.ICANN has subcontracted out the job of hearing and adjudicating on the disputes to four bodies (listed in Appendix five),the best known of which is the World Intellectual Property Organisation (WIPO).

21


CHAPTER

3:

WHAT’S

IN

A

NAME?

The UDRP relates only to an ‘abusive registration’.This means that applicants will only be successful where they are able to show that: •

the disputed domain name is identical or confusingly similar to a trade mark or service mark in which the applicant has rights

the registrant has no rights or legitimate interests in the domain name

the domain name has been registered and is being used in bad faith.

Unfortunately the UDRP does not provide any guidance on how ‘confusing similarity’ is to be assessed. A ‘legitimate interest’ can be demonstrated by the registrant by showing some use or preparatory steps to use the domain name dating from prior to any notice by the applicant; evidence that the registrant is commonly known by the domain name or evidence that the registrant has engaged in a legitimate non-commercial use of the domain name. ‘Bad faith’, the most important element of the UDRP, can be shown where the registrant’s main purpose in registering the domain name was to sell it to the applicant; where it was designed to prevent the applicant using its trade mark as a domain name or where there was an intention to attract users to the registrant’s website by creating a likelihood of confusion with the applicant’s mark.It should be noted that bad faith can be shown not only by a demand for money, but also by a request for services. In a case involving the domain name uwyoming.com the respondent wanted free tuition for his daughter at the University of Wyoming, and in the gearmagazine.com case the respondent demanded the contract to build the complainant’s website.In both cases the complainants were successful in getting the domain names transferred to themselves. If the applicant is successful at the arbitration hearing (which is by written submission,no live witnesses) then ICANN will immediately transfer the domain name to the applicant. By way of example, Julia Roberts was able to obtain reregistration of the domain name juliaroberts.com in her own name by using the UDRP. By contrast Bruce Springsteen failed in a similar application for brucespringsteen.com,largely because the registrant was able to show legitimate use (for a Bruce Springsteen fan club website). Dispute resolution for .uk domain names Nominet, the UK domain name registry, has announced its intention to radically update its dispute resolution procedure for applications by claimants against cybersquatters.The principal criticism of the Nominet system to date has been that it does not allow transfers of the disputed domain name into the name of the claimant.Under the new system,to operate from Autumn 2001,Nominet will be able to remove the existing name from the register and replace it with that of the claimant.

22


CHAPTER

3:

WHAT’S

IN

A

NAME?

The new system proposed by Nominet for all .uk domains (see Figure 4 for a list of the main names and their intended uses) is modelled on the UDRP but has some interesting differences.

The main .uk domains .co.uk

commercial sites

.org.uk not-for-profit organisations .net.uk Internet infrastructure companies .ltd.uk

.plc.uk needs an identical registration at Companies House .sch.uk schools .ac.uk

academic institutions

needs an identical registration at Companies House

Figure 4:The main .uk domains At present the dispute resolution system available from Nominet,the second largest of the country code specific domain name registries, is a mediation service. It is free of charge and is undertaken by written submissions by the parties. Of the 1,200 mediations dealt with by Nominet since it began the service in 1997, approximately one third have been successfully resolved. Of the two thirds of claims that are not amicably resolved by the parties, the remaining alternative is litigation. Nominet will currently withdraw or suspend a domain name (but not transfer it) in the following circumstances: 1.

If the name is administered in a way that is likely to endanger the operation of the domain name system.

2.

If the basis on which the domain name was registered has changed.

3.

If Nominet finds that the name is being used in a manner likely to cause confusion to Internet users.

4.

Where Nominet UK has been informed that legal action has been commenced regarding use of the name.

5.

Where Nominet UK is of the opinion that one of the above is likely to occur.

23


CHAPTER

3:

WHAT’S

IN

A

NAME?

The need for a new dispute resolution system arises out of increased public awareness in the activity known as ‘cybersquatting’ and the desire for a quick and effective procedure for the transfer of a .uk domain name which has been registered by a third party.There is also, according to Nominet, a perception that cybersquatting threatens the principles of a first-come-first-served registration system, and that self-regulation is preferable to an enforced solution. Under the proposals Nominet will continue to offer a mediation service for disputed domain names but the mediation will ‘time-out’ if it has been unsuccessful after ten working days. The application will then be automatically referred to an independent expert who will be appointed in a ‘cab-rank’fashion from a list held by Nominet (under the UDRP applicants can choose particular experts – there may be up to three experts deciding each case). A fee – likely to be in the region of £500 to £1,000 – will be payable to Nominet for use of the service and all decisions of the experts will be published. In order to succeed in its application for domain name transfer, a claimant will be expected to show that the registration is ‘abusive’.There is to be a two-stage test for abusive registrations.The claimant must show that: 1.

They have rights in respect of a name or mark which is identical or similar to a domain name.

2.

The registrant has and/or is using the domain name in bad faith.

This test is similar to that under the UDRP, except under the latter, the claimant must additionally show that the registrant has no rights or legitimate interest in the domain name.Under the UDRP where the mark of the claimant is not identical to the domain name, the claimant must show that it is ‘confusingly similar’, as opposed to merely ‘similar’, to the domain name. The central requirement for both the UDRP and the Nominet proposal is that the domain name be registered (or used) in bad faith.However,although the burden of proof under both schemes is on the claimant,the standard of proof is different. Under the Nominet proposal, the claimant will be expected to prove, beyond a reasonable doubt, the bad faith of the registrant. Bad faith is commonly shown by a clear motive to siphon business goodwill away from the claimant or an attempt by the registrant to sell the domain name to the claimant at a grossly inflated price. It is unclear how the higher standard of proof will affect claims for the transfer of .uk domains.

24


E-commerce contracts F O R M AT I O N O F A C O N T R A C T I N C O R P O R AT I O N O F T E R M S U N FA I R T E R M S T H E D I S TA N C E S E L L I N G R E G U L AT I O N S WEBSITE LINKING AGREEMENTS

chapter

4


CHAPTER

4:

E-COMMERCE

CONTRACTS

Chapter 4: E-commerce contracts Virtually all commercial transactions are undertaken in the setting of a legally binding contract.Indeed,without the presence of such a contract the parties would generally be unwilling to perform their obligations (such as the delivery of goods, the performance of a service or the payment of money) under the transaction.Contracts provide certainty as to the obligations of each party and, more importantly, a guarantee of the right to sue the non-performing party for breach. The law of contract dates back centuries, and has equal application to an ecommerce transaction as an offline contract. But the nature of an e-commerce transaction gives rise to some special problems that do not arise offline: •

Formation of the contract – for each party to have confidence that the performance of its obligations will have legal effect, it is of vital importance that the contract has actually been formed at the time of that performance. In the offline world the existence of a contract can be evidenced in many ways – such as a signature on a printed order form or a note of a conversation – that are not available in the online world.

Incorporation of contractual terms – commercial transactions take place under a set of contractual rules. Usually these rules are set out in written form and will apply to the contract by virtue of being ‘incorporated’ within it. In the offline world terms are included in a contract by agreement.There is a considerable body of caselaw that describes how and why such terms will be incorporated.That caselaw may not,and indeed in some cases cannot,apply to online transactions.

Non face-to-face transactions – e-commerce transactions, by their definition,take place electronically.The advantage of this is that the parties do not need to be in each other’s presence at the time of formation of the contract. One disadvantage of this is that the law treats differently those contracts that are entered into between a business and a consumer ‘at a distance’– the e-business must comply with a set of rules that do not generally apply to its offline competitors.

26


CHAPTER

4:

E-COMMERCE

CONTRACTS

Formation of a contract It is generally well-known that a legally binding contract will arise where there is an offer to do something that is met by an unconditional acceptance of that offer. By way of example, where X offers to pay £250 for the delivery of a case of champagne to her home and Y agrees to perform that task for that sum of money, a contract is formed.To complicate matters, the law distinguishes an offer from an ‘invitation to treat’. An invitation to treat is something that might appear to be an offer,but in fact is not. An example is the display of goods in a shop window or on the shelf of a supermarket. It has long been decided (see Pharmaceutical Society of Great Britain v Boots Cash Chemists (Southern) Ltd [1953]) that such displays are not offers and that therefore they cannot be ‘accepted’.This is the rule that prevents a customer from being able to force a shopkeeper to sell goods to him at the displayed price, even where that price is clearly erroneous. Whilst in the offline world it is easy to determine when a particular communication is an offer or an invitation to treat,such a distinction is unclear in a virtual transaction. Argos recently felt the effect of this when it mistakenly advertised televisions on its website with a price tag of £2.99 instead of £299.When several people placed orders for the televisions Argos realised its mistake and refused to supply the televisions at the price advertised. One ‘purchaser’ sued the company for failure to deliver on the contract that she said had been created.The case was settled before it reached trial so we do not know what the judge would have decided. Although we can speculate that, in English law at least, a website is probably an invitation to treat as opposed to an offer,it would be wise for e-businesses to make clear the status of pricing and other information on their sites.

Incorporation of terms Of central importance to the e-commerce transaction are the terms and conditions on which the contract is based and by which it is governed. An e-business will always wish to trade on those terms that are favourable to it. For example, the business may wish to state that it is not to be held liable for late delivery of goods, or that its total liability for defective goods is to be limited to a certain monetary figure. In most cases this will be done by the insertion of terms and conditions on the website and by making some reference to them during the contracting process. By completing the transaction the customers will effectively be binding themselves to those terms and conditions.

27


CHAPTER

4:

E-COMMERCE

CONTRACTS

For the reasons mentioned above it is important for the terms and conditions of trade to form part of the contract. Without them we must rely on the ‘default position’ provided by the law (notably the Sale of Goods Act 1979) and this is rarely ideal for a seller.The difficulty with e-commerce transactions is incorporating the terms into the contract is rarely a straightforward matter. There are various techniques, such as those listed below (in descending order of preference): •

Click-through with acceptance – here the customer is required to click on a button which says,‘I accept’or similar.This is the best position for the e-commerce business because the acceptance by the customer is clear and traceable. However, there is a perception that customers may be ‘put off’ by the need for this formality.

Click-through without acceptance – the customer is required to scroll through the conditions but there is no acceptance button. Here there will be, at the very least, implied acceptance by the customer if they continue with the transaction after having scrolled through the terms and conditions.

Reference with link – here the customer is referred to terms and conditions of trade but not forced to scroll through them.However,there is a link that will take the customer to the terms should they wish to see them.This is not ideal but may amount to ‘incorporation by reference’ under English law – this has not yet been tested by the courts in the context of online transactions.

Reference without link – there is a reference to terms and conditions of trade but they do not appear on the site. Again this is an attempt at incorporation by reference. It is the least satisfactory method and is unlikely to have the desired effect in an e-commerce transaction as there is no reason why the terms and conditions could not appear somewhere on the website.

The legal formalities for online trading are expected to grow. The European Union, for example,has recently proposed several new laws which will govern e-commerce in the future.With this in mind, businesses would be wise to adopt a policy of requiring those persons they contract with online to click an ‘acceptance button’ to demonstrate their assent to the terms and conditions displayed on the website.

28


CHAPTER

4:

E-COMMERCE

CONTRACTS

Unfair terms E-businesses must be aware that since 1999 certain terms in their contracts with consumers will be void,i.e.unenforceable and of no legal effect.The Unfair Terms in Consumer Contracts Regulations 1999 (S.I.1999 No.2083) apply,by definition, only to B2C contracts. For the purpose of the Regulations a ‘consumer’ is a person acting privately and not in the course of business. In contracts with such persons any unfair term is void.An ‘unfair’ term is one which,‘contrary to the requirements of good faith, causes a significant imbalance in the consumer’s rights under the contract,to the detriment of the consumer’. Examples of terms that would be regarded as unfair under the Regulations include: •

allowing the business to change the characteristics of goods or services offered without recourse to the consumer; and

allowing the business to terminate the contract without reasonable notice of such termination being given to the consumer.

The Distance Selling Regulations A consumer who purchases goods or services from an e-commerce business is protected to a greater degree than a business purchaser is.It is important therefore, at an early stage, to determine whether the e-business will engage in B2B or B2C transactions. In many cases of course the e-business will wish to trade with both businesses and individual customers.Where the e-business anticipates that part of its customer base will be individual consumers, the so-called ‘Distance Selling Regulations’ become relevant. The Consumer Protection (Distance Selling) Regulations 2000 (reproduced in Appendix three) came into force on 31 October 2000.They apply to contracts between a business and a consumer that are not ‘face-to-face’ e.g. contracts concluded by way of coupons in newspapers,‘teleshopping’, and of course the Internet.The Regulations impose two main obligations on suppliers of goods or services.The first is to provide certain information to the consumer.The second is to furnish the consumer with a ‘cooling off’period of seven working days during which the consumer is able to return the goods to the e-business for a full refund. It is interesting to note that a recent survey of all 235 UK websites listed on Yahoo!, offering goods in the publishing, music and computer hardware sectors, found that 92% of the sites gave incomplete or incorrect advice on the right to withdraw. About half contained key contractual information that was not clear or prominent.

29


CHAPTER

4:

E-COMMERCE

CONTRACTS

Most of those companies would be shocked to be informed that after each online sale has taken place the customer could contact the business at any time within three months and request the business to collect the goods from them.The e-business would then be required to refund the purchase price to the customer, whether or not it decided to collect the goods. The information requirements In most cases the ‘information requirements’ in the Distance Selling Regulations can be satisfied by posting the appropriate information online. Consumers must be provided with the information shown in the box below in a clear and comprehensible manner.

The information requirements a)

the identity and address of the supplier

b)

the characteristics of the goods or services

c)

the price including all taxes

d)

delivery costs

e)

arrangements for payment, delivery, performance

f)

the existence of the right of cancellation

g)

any additional costs of using the means of distance communication

h)

the period for which the price remains valid

i)

where appropriate, the duration of a service contract.

Figure 5:The information requirements The consumer must also be informed of any intention by the supplier to provide substitute goods if the goods ordered are not available, and of the fact that the supplier will meet costs of return of such substitute goods by the consumer to the supplier in the event of cancellation.

30


CHAPTER

4:

E-COMMERCE

CONTRACTS

The cooling-off period The requirement of a ‘cooling-off’period for distance contracts puts e-commerce businesses at a disadvantage when compared with their offline competitors. For a consumer to be legally entitled to return goods purchased in the offline world (for example in a shop) for a full refund,they must prove that there is some defect in the goods or that the goods are not of satisfactory quality.The Regulations however allow an online purchaser to return goods within seven working days for a full refund, without obliging the purchaser to furnish any reason for doing so. As far as the cooling off period is concerned, consumers must be given a period of seven working days,from the day after receipt of the goods,in which to change their mind. During that period the consumer has the right to return the goods to the e-commerce business for a full refund.Crucially,if consumers are not informed of their right to cancel in this way, then the time period during which they have the right to cancel increases automatically to three months plus seven working days.Businesses should therefore be aware that their failure to inform consumers of the cooling-off period will effectively extend their potential liability to refund the purchase price by three months. Excluded contracts The requirement to provide consumers with the above information, and to give a cooling-off period, does not apply to the following contracts: •

for the sale or other disposition of an interest in land except for a rental agreement

for the construction of a building

for financial services

contracts concluded by means of an automated vending machine

contracts concluded with a telecommunications operator by use of a public payphone

contracts concluded at an auction.

It should be remembered that the Distance Selling Regulations apply to contracts with consumers,but not to contracts with corporate and business customers.The information above must be stated clearly and concisely on the website – this may mean some changes to existing sites. Additionally,the cooling-off period does not apply to bespoke or tailor-made products (see Regulation 13(C) in Appendix three). Any attempt to exclude the operation of the Regulations will have no legal effect.

31


CHAPTER

4:

E-COMMERCE

CONTRACTS

Website linking agreements To date operators of websites have provided links from their own sites to those of third parties with little thought for the legal consequences.Several legal actions in recent months have shown that this carefree attitude to linking is not good business practice. In one case, involving the website of a Scottish newspaper, an e-business was sued for providing a link to a page within the site of the newspaper. This practice,known as deep linking,was challenged on the basis that it allowed users access to the site without being required to travel via the homepage – it was the homepage on which revenue-generating advertising appeared. In a case by Stepstone, the recruitment site, an injunction was obtained in early 2001 that forced OFiR, a Danish media company, to remove links to Stepstone’s site. Recently a view has emerged that a link from one website to another could infringe the database right in the linked-to site (for a discussion of the database right see Chapter five).In any event,it seems that there is an emerging right for e-commerce businesses to control how users experience their sites,and a growing willingness by the courts to recognise such a right. E-commerce businesses should therefore consider,in appropriate circumstances, putting in place a written contract that sets out the obligations of the parties to a linking agreement.The contract should deal with the following issues: •

The link – consideration should be given as to how the link should be constructed,any technical requirements and where on the relevant web page the link should appear. If deep linking is to be allowed then the requirements and specifications for this should be set out.The contract should set out those circumstances in which the parties are able to sever the link.

Intellectual property – even where a copy of part of the site is not made when the link is used (this would raise copyright issues), there may be use of the linked site’s trade mark on the link itself.A licence to use all relevant Intellectual Property Rights should appear in the contract.

Commission – sometimes the motivation for providing a link will be in receiving revenue as a result of users travelling to a third party site via the link.The commission arrangements should be clear in their terms – will commission be paid for example merely upon the site visit by a user or must the user first purchase goods from the site? There should be appropriate provisions for monitoring traffic such that commission can be verified and charged.

32


CHAPTER

4:

E-COMMERCE

CONTRACTS

Data protection – if there is to be a sharing of customer information between the linked sites then it must be clear that each site is to obtain the data protection consent of its customers for that transfer to be able to take place – see Chapter six.

Database right – the contract should make it clear that the links envisaged by the agreement will not constitute infringement of the database right.

33


Liability for website content R E P U TAT I O N T H I R D PA RT Y M AT E R I A L S O F F E N S I V E A N D I N D E C E N T M AT E R I A L S DESCRIPTIONS AND PRICES

chapter

5


CHAPTER

5:

LIABILITY

FOR

WEBSITE

CONTENT

Chapter 5: Liability for website content Whilst websites are arguably the greatest business communications tool ever devised, it is important to realise that there can be legal liability for the content of a website,even in the absence of any contractual relationship.Indeed,the liability of an e-business for the content of its website can arise even where the e-business itself did not post the content to the site. Such liability can be felt not only by the business itself, by also by its directors.This chapter considers those aspects of the law of which e-businesses should be aware of when constructing websites and when determining the suitability of material for their content.

Reputation The law protects a person’s reputation by means of the action known as defamation. Any statement is actionable against the communicator of that statement where it adversely affects a person’s reputation.An example would be the appearance on a website of a news story (or piece of gossip) that accused a famous actress of taking class A drugs. It does not matter that the person being sued is not the original communicator – all ‘publishers’ in the chain of communication may be liable.It is this concept of publication that is of central importance to defamation law. It is clear that both the sending of e-mail and the display of information on a publicly-available website amount to publication for this purpose. The law of defamation applies to the Internet in precisely the same way as it does to other forms of communication.An example arose in 1998 in a case brought by Western Provident Association against Norwich Union – an e-mail, circulated by an employee of Norwich Union and which called into question the financial health of WPS, found its way out of the company and came to the attention of WPS.The case eventually settled with a payment by Norwich Union of £500,000. A precise definition of defamation seems to have eluded practising and academic lawyers alike. The following definition (provided by the Faulks Committee on Defamation in 1975) is as good as any: ‘Defamation is the publication to a third party of matter that in all the circumstances would be likely to affect a person adversely in the estimation of reasonable people generally.’

35


CHAPTER

5:

LIABILITY

FOR

WEBSITE

CONTENT

An action in defamation differs from other forms of legal action in several ways. Should the action reach the trial stage, it will be heard by a jury – most other ‘civil’ actions are tried by judge alone. Additionally it is the jury who will be responsible for setting the level of compensation payable to the claimant.There is no legal aid for a defamation action, leading to the justified criticism that the action is the preserve of the wealthy. There are many defences to a defamation action, the most widely used of which are: •

Justification – i.e. that the statement is true or substantially true

Fair comment – the defendant must show that the statement consists of an opinion that is based on true facts and on a matter that is of public interest.

Defamation and e-businesses As far as e-commerce businesses are concerned, defamation is a small risk, but it is a risk that should be guarded against.The important thing to bear in mind is that generally the e-business will be liable for any defamatory material that appears on its site, whether or not that material derives from the e-business itself.Thus the risk is most pronounced where the business includes material on its site that has been supplied by third parties (such as a rolling news service, or a ‘user comment’section).In the contract for the supply of such material (if there is one) the e-business should take a warranty that nothing contained in it is defamatory. This should be backed up by an indemnity to compensate the e-business where it suffers loss as a result of publishing a defamatory statement. Defamation and ISP’s There have been some scare stories relating to the liability of Internet Service Providers (ISP’s) but in the main ISP’s are in no different position than other mere disseminators (as opposed to publishers) of information. It is true that for ISP’s there is always the risk that they will inadvertently pass on information that is defamatory.In fact it would be surprising if this did not happen to every ISP, every day.The concern that ISP’s would be liable for the content of such material has been allayed by a clarification in the law that reflects a common sense approach. Section 1 of the Defamation Act 1996 provides a defence for an ‘operator of or provider of access to a communications system by means of which the defamatory statement is transmitted or made available,by a person over whom he has no effective control’. An ISP,who clearly falls within the foregoing definition, must show that it took reasonable care in relation to the publication of defamatory statements and that it did not know,and had no reason to believe,that what it did, caused or contributed to the publication of such a statement.

36


CHAPTER

5:

LIABILITY

FOR

WEBSITE

CONTENT

In Lawrence Godfrey v Demon Internet (1999) I.T.C.L.R. 282, the court was of the opinion that it was possible for the ISP, Demon Internet, to be liable for a defamatory posting to a newsgroup which was held on its server. However, the facts of the case were unusual in that Demon had been informed of the defamatory statement, and had been requested to remove it – it did not immediately do so. The ISP could not therefore show that it took reasonable care, or that it had no knowledge of the defamatory statement.The obvious lesson for ISP’s is to react to complaints made by individuals concerning defamatory material. If necessary the advice of a lawyer should be sought for a determination as to whether the material is actually defamatory.

Third party materials E-businesses commonly use third party materials in the design or content of their websites.This may arise because an e-business engages a web designer to produce the website, or it may be that material from another website or other third party source is used for the site content.In every case where material is used that derives from a source other than the e-business itself,it is vital to ensure that permission exists for such use. Failure to do so leaves the e-business open to an action for infringement of copyright or database right. Copyright The law of copyright provides protection to certain types of works. Essentially the protection that exists prevents any person from copying the material without permission.The most common misconception about copyright is that it requires registration. In fact copyright protection exists as soon as a copyright work is made.For example,if you design a web page then copyright will exist in the web page. If anyone copies your web page (online or offline) you should be able to maintain an infringement action.Similarly,if you were to include aspects of a third party website in the design of your own site then you would be at risk from an infringement action. By virtue of the Copyright Designs and Patents Act 1988, copyright subsists in the following types of work: •

original literary, dramatic, musical or artistic

sound recordings, films, broadcasts or cable programmes

the typographical arrangement of published editions.

37


CHAPTER

5:

LIABILITY

FOR

WEBSITE

CONTENT

Websites always consist of literary copyright – any set of words put together in an order determined by their author will attract the protection of literary copyright. Most sites also contain artistic copyright – this exists in drawings, diagrams and photographs. Increasingly websites contain music – the site owner must obtain copyright permission to use the music, which will usually consist of at least two types of copyright: musical works and sound recording of those musical works. Some sites include film or video footage – such works are protected by film copyright. Copyright is similar to other forms of property right in that it can be transferred from one person to another. However, a person wishing to use a copyright work does not necessarily have to take ownership of the work – it is far more common to take permission (called a licence) to use it. A significant difference between copyright and other forms of property right is that the law provides that there is a finite life to copyright.The duration of ownership of copyright is dependent on the life of its original author, as follows: a)

b)

c)

d)

Literary, dramatic or musical works •

Duration – 70 years from end of calendar year in which author dies

Author – the person who creates it

Sound recordings •

Duration – 50 years from the end of the year in which a sound recording was made; or

50 years from the end of the year in which it was released,whichever is the later

Author – the person by whom the arrangements necessary for the making of the recording are undertaken

Films •

Duration – 70 years from the death of the last to survive of the principal director, the author of the film screenplay, the author of the film dialogue and the composer of music specifically created for and used in the film

Author – the person by whom the arrangements necessary for the making of the recording are undertaken

Broadcasts and cable programmes •

Duration – 50 years from the end of the calendar year in which the broadcast was made or the programme included in a cable programme service

Author – the person making the broadcast or the person providing the cable programme service

38


CHAPTER

5:

LIABILITY

FOR

WEBSITE

CONTENT

Identification of the ownership of copyright is important for many reasons, not least of which is that it tells us from whom we should obtain permission to use a copyright work.The first owner of copyright will usually be the author.The only exception to this rule is where the author is employed, and creates the copyright work as part of his employment. In this event the employer will be the first owner.By way of example,where an e-business employs a web designer to create a website, the copyright (and thus the right to use, sell and sue others for copying) in the website will belong to the employer.But where a web designer is engaged as a contractor (as is commonly the case), the copyright will belong to the contractor.Whilst it is true in this circumstance that the e-business may have an implied licence to use the copyright work,other rights (such as the right to sell the website or to grant others permission to copy or deal with it) will be severely limited. It is thus vitally important for the contract with a web designer to include a clause that transfers ownership (a copyright assignment) in the work to the e-business. The right of copyright will be infringed if any person does one of the following acts without the permission of the owner: •

copies the work

issues copies to the public

performs the work in public

broadcasts or sends a cable transmission

makes adaptations of the work.

There are several defences to an infringement action that may be available in appropriate circumstances.The following are the most relevant: •

Fair dealing for the purposes of criticism, review or news reporting

Incidental inclusion

Interviews and speeches.

Database right Due to the need for some intellectual input into a work to qualify for copyright protection,a new right of protection for databases was created by the Copyright and Rights in Databases Regulations 1997. Databases can represent substantial investment and substantial value to an e-commerce business. They could, for example, contain a list of customers or a statement of business practices. The database right exists irrespective of the subsistence of copyright in the database.

39


CHAPTER

5:

LIABILITY

FOR

WEBSITE

CONTENT

A ‘database’is defined as ‘a collection of independent works,data or other materials: a)

which are arranged in a systematic or methodical way, and

b)

are individually accessible by electronic or other means.

‘The database right is a property right which subsists in a database ‘if there has been substantial investment in obtaining,verifying or presenting the contents of the database’.The maker (defined as ‘the person who takes the initiative in obtaining, verifying or presenting the contents of a database and assumes the risk of investing in that obtaining, verification or presentation’) of the database is the first owner of the database right unless they are employed to do so,in which case the employer is the first owner.The right exists for a period of 15 years from the calendar year during which the making of the database is completed. Infringing acts include ‘extraction’ or ‘re-utilisation’ of all or a substantial part of the contents of the database without the consent of the owner.Extraction means the permanent or temporary transfer of the contents of a database to another medium by any means or in any form.Re-utilisation means making those contents available to the public by any means.

Offensive and indecent materials Much of the growth in use of the Internet has been driven by the easy accessibility of pornographic material. As Gary Glitter recently discovered,it is useful to know the boundaries of the criminal offence of obscenity, even for those businesses that do not trade in such material. It has not been uncommon in the last year for businesses to dismiss employees on the grounds of the dissemination of offensive or obscene material – in mid-2000 Orange dismissed 35 workers for passing around unsavoury images.Other companies have found their dismissals for similar conduct facing challenges by the aggrieved employees in the industrial tribunal. In many cases an employer will have a code of conduct for e-mails which will provide that the forwarding of certain material is a disciplinary matter. But it is difficult to define precisely what is, and what is not, acceptable.The criminal offence of obscenity does at least provide an objective standard by which conduct can be measured. The original test for obscenity was laid down by a judge in the last century (R v Hicklin (1868) LR 3 QB 360). He said that the court must consider: ‘whether the tendency of the matter charged as obscenity is to deprave and corrupt those whose minds are open to such immoral influences and into whose hands such a publication might fall.’

40


CHAPTER

5:

LIABILITY

FOR

WEBSITE

CONTENT

Obscene Publications Act 1959, s1 provides that: ‘an article shall be deemed to be obscene if its effect or (where the article comprises two or more distinct items) the effect of any one of its items is, if taken as a whole, such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it.’ The definition is thus dependent on the type of person who may have access to the material and whether they are likely to be depraved and corrupted by it.To ‘deprave and corrupt’means to make morally bad or to pervert or corrupt morally. An article will be obscene only where it tends to deprave and corrupt persons who are likely to read, see or hear it. Any person who, whether for gain or not, publishes an obscene article shall be liable to prosecution. A person publishes an article where they: •

distribute, circulate, sell, let on hire, give, or lend it, or where they offer it for sale or for letting on hire

in the case of an article containing or embodying matter to be looked at or a record, show, play or project it.

The Broadcasting Act 1990 provides that publication extends to matter included in a cable programme service. It has been held by judges on several occasions that a website is akin to a cable programme service (at least as far as copyright is concerned). In any event there is no doubt that uploading obscene material to the Internet would amount to publication for the purposes of the offence. A person shall not be convicted of the offence, and an order for forfeiture shall not be made, where it is proved that publication of the article was justified as being for the public good. In the case of television and radio publication, will be for the public good where it is in the interests of ‘drama,opera,ballet or any other art, science, literature or learning or any other objects of general concern’.The concept of the Internet was not around at the time of the creation of this offence, but it is likely that a website (unless it is subject to some form of secure access such as password protection) would be treated in a similar way to a television programme for the purposes of the defence of public good. The Broadcasting Act 1990 charged the Independent Television Commission (‘ITC’) with doing everything within its power to ensure that television programmes do not offend against good taste or decency.There is no body that has this kind of self-regulatory control over the Internet but it is possible that the new government body that will be responsible for communications (OFCOM) may seek to impose decency requirements on publicly available websites similar to that required by the ITC.The ITC Programme Code lists a number of types of viewing material to

41


CHAPTER

5:

LIABILITY

FOR

WEBSITE

CONTENT

be regulated. It does not refer specifically to obscenity but provides that the ITC must do all it can to: ‘secure that every licensed service includes nothing in its programmes which offends against good taste or decency ...or be offensive to public feeling.’ Further, the: ‘portrayal of sexual behaviour, and of nudity, needs to be defensible in context and presented with tact and discretion.’

Descriptions and prices A website can be regarded as an advertisement for the goods or services that it promotes. Regard must therefore be given to general advertising law when considering the content of the site. Under the Trade Descriptions Act 1968 it is a criminal offence to ‘apply a false trade description’to goods or services.Where the person convicted of the offence is a corporate body, any director or manager found to have consented to or to have been negligent in relation to the offence may also be convicted.The maximum punishment is two years imprisonment. The Control of Misleading Advertisement Regulations 1988 impose a duty on the Director-General of Fair Trading to investigate any complaint made to him that an advertisement is misleading. If this is found to be the case then an injunction can be obtained to prevent further publication of the offending material. By virtue of Part III of the Consumer Protection Act 1987 it is a criminal offence ‘to give a consumer a misleading price indication as to goods, services, accommodation or facilities’. A price indication will be misleading where consumers might reasonably be expected to infer from it, of from any omission by it, any of the following: a)

that the price is less than in fact it is;

b)

that the applicability of the price does not depend on facts or circumstances on which its applicability does in fact depend;

c)

that the price covers matters in respect of which an additional charge is made; and

d)

that a person who in fact has no such expectation, expects the price to be increased or reduced.

42


Customer information W H AT I S D ATA P R O T E C T I O N ? D ATA P R O T E C T I O N A N D W E B S I T E S USE OF COOKIES HUMAN RIGHTS AND E-COMMERCE L O C AT I O N D ATA A N D M - C O M M E R C E

chapter

6


CHAPTER

6:

CUSTOMER

INFORMATION

Chapter 6: Customer information Much of the value in an e-commerce business lies in its customer database and its ability to market products and services to those customers.An enticing website can lure users to ‘register’ online and to supply valuable information. Further, it is possible to track the movements of the user around the website and to thereby gain access to further useful data. When a large customer database has been compiled, it is possible to sell access to that database (so-called ‘list rental’) to generate further revenue. The greatest threat to an e-business’s freedom to build up a customer database, and to market products and services to that database, is the law of data protection.This chapter considers the nature of that law and the requirements and restrictions it imposes on e-commerce businesses.

What is data protection? Some commentators have stated that e-commerce law is data protection.Whilst this is an overstatement, the importance of data protection must not be underestimated.Data protection is that area of the law that governs what may lawfully be done with an individual’s personal data.The current law can be found in the Data Protection Act 1998 and relevant secondary legislation.The 1998 Act was passed to give effect to Directive 95/46/EC, which had, as its aim, the harmonisation of data protection laws throughout the Member States of the European Union.The Act came into force on 1 March 2000. The 1998 Act, which replaced and repealed the Data Protection Act 1984, is considerably more pervasive than its predecessor due to a wider definition of ‘processing’,an extension of the law to cover manual (paper-based) files and new restrictions on what can be done with personal data. The person responsible for the enforcement of the legislation is the Data Protection Commissioner (DPC),currently Elizabeth France.The DPC has wide investigative powers to check that personal data are being processed in accordance with the legislation.

44


CHAPTER

6:

CUSTOMER

INFORMATION

In order to understand the legislation and its effect on the activities and content of websites, four fundamental definitions need to be considered: 1.

Personal data – the Act applies only to personal data, defined as information from which a living individual can be identified e.g.name, address,e-mail address,DNA sample,CCTV image,passport number,etc.

2.

Processing – the definition in both the Directive and the Act is complex, but essentially it includes virtually anything that can be done with personal data e.g. storing it on the hard drive of a computer, typing it into a computer keyboard, printing it out, passing it onto a third party, downloading it from the Internet, etc.

3.

Data controller – this is the person (or company) who determines the purposes for processing personal data – most businesses in the UK and certainly all businesses that have websites with user registration areas are therefore data controllers.

4.

Data subject – the data subject is the person who is the subject of the personal data e.g.in relation to your name and address,the data subject is you!

Notification The new law requires all data controllers to notify the fact that they process personal data to the Office of the Information Commissioner. Data controllers must also inform the DPC of the types of processing they undertake and provide information on the security arrangements that they have put in place to safeguard that data from theft and unintended loss, alteration or destruction. It is a criminal offence for a data controller to process personal data without having first notified the processing in this way. Notification can be undertaken online – see the details of the OIC’s website in Appendix six. Once the notification process has been completed the name of the data controller will be placed on the register, together with a list of the types of processing undertaken by that controller.The annual fee to maintain a register entry is £35. The Data Protection Principles The Data Protection Act 1998 contains,in Schedule 1,a set of eight Data Protection Principles.The Principles are a code of conduct that governs the processing by data controllers of personal data,and they are of central importance to the operation of the Act.

45


CHAPTER

6:

CUSTOMER

INFORMATION

The Eight Data Protection Principles 1.

Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless: a) at least one of a set of conditions (including ‘consent’ of the data subject) is met, and b) in the case of sensitive personal data, at least one of a further set of conditions (including ‘explicit consent’ of the data subject) is also met.

2.

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3.

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4.

Personal data processed shall be accurate and, where necessary, kept up-to date.

5.

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6.

Personal data shall be processed in accordance with the rights of data subjects under this Act.

7.

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8.

Personal data shall not be transferred to a country or territory outside the European Economic Areas unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Figure 6:The Eight Data Protection Principles The most important of the principles are those numbered one, seven and eight, relating to fair and lawful processing,security of data and the ban on data exports respectively.These principles will be discussed briefly below.

46


CHAPTER

6:

CUSTOMER

INFORMATION

Fair and lawful processing The First Data Protection Principle requires that data be processed fairly and lawfully and in particular that all processing comply with at least one of the pre-conditions for processing contained in Schedule 2 to the Act.The six conditions are as follows: 1.

The consent of the ‘data subject’ (the person to whom the data relate) has been obtained.

2.

The processing is necessary for the performance of a contract with the data subject.

3.

The processing is necessary to comply with a legal obligation.

4.

The processing is necessary in order to protect the vital interests (life or death scenario) of the data subject.

5.

The processing is necessary for the administration of justice or certain public functions.

6.

The processing is necessary for the legitimate interests of the data controller except where the processing is unwarranted due to prejudice being caused to the rights and freedoms or legitimate interests of the data subject.

To confuse matters further, there is a new category of personal data created by the new Act,called sensitive personal data.The processing of this type of data requires not only one of the pre-conditions contained in Schedule 2, but also one of the pre-conditions for processing sensitive personal data,contained in Schedule 3 and in secondary legislation. Sensitive personal data are those data that consist of information on one of the following matters as they relate to the data subject:

Sensitive personal data

Sensitive personal data

Racial or ethnic origin

Sexual life

Religious beliefs

Physical or mental condition

Political opinions

Membership of a trade union

The commission of a criminal offence

Figure 7: Sensitive personal data

47


CHAPTER

6:

CUSTOMER

INFORMATION

There are nineteen pre-conditions for the processing of sensitive personal data (nine in the Act and a further ten in secondary legislation) two of which are: •

The explicit consent of the data subject has been obtained for processing.

The processing is necessary for medical purposes.

Data security The Seventh Data Protection Principle requires that the data controller keeps all personal data secure so that its loss, theft or accidental destruction is prevented. Data controllers should have regard to current technology from time to time to ensure that systems are up-to-date in security compliance terms. Any outsourcing of personal data processing functions (such as web hosting) must be evidenced by written agreement.The agreement must contain appropriate data security provisions. Data exports The Eighth Data Protection Principle provides that exports of personal data to countries outside the European Economic Area (EEA) i.e. the Member States of the European Union (EU) plus Norway, Iceland and Liechtenstein – are unlawful unless there is adequate protection for the rights and freedoms of data subjects. Essentially this means that data transfers should not take place to those countries that do not have data protection legislation that offers similar protection for individuals to that provided in the EU. The difficulty for e-businesses is essentially twofold.The first is that UK businesses often prefer, for reasons of economy, to locate their web server offshore, usually in the United States.The second is that,due to the global nature of some e-businesses, such businesses move and copy customer data to various worldwide locations. Neither of these activities is permitted without the application of an exception to the general rule banning data transfers. Adequate protection can however be achieved by binding the transferee to appropriate contractual clauses that lead to appropriate protection of personal data.Such clauses should oblige the transferee to keep data safe,secure and intact, comply with data subject access requests,refrain from sending data to third parties without the consent of the exporter and allow the exporter access to the transferee’s systems to audit compliance. Where export is purely for the purpose of contracting out (or out-sourcing) a data processing function – such as a website hosting agreement – it will be less problematic to show that the privacy of data subjects will be prejudiced by the data export.But all data processor agreements must be in writing and must oblige compliance with the Seventh Data Protection Principle.

48


CHAPTER

6:

CUSTOMER

INFORMATION

Where the transfer is to the United States the export ban will not apply if the transferee has signed up to a set of voluntary rules known as ‘safe harbor’.The Safe Harbor Privacy Principles are essentially a slightly watered-down version of the DPA. In order to obtain ‘safe harbor’ certification a US company must selfcertify compliance with the principles and inform the US Department of Commerce of such compliance. Under the Data Protection Directive the EU Commission is empowered to declare that one or more countries is ‘safe’ for data exports. In this event a UK e-business may export personal data to such a country without fear of transgression. So far the Commission has declared only two countries to be safe for these purposes: Hungary and Switzerland. Schedule 4 to the Act contains certain exemptions from the operation of the Eighth Principle’s export ban.The most significant of the exemptions are that: •

the data subject has given their consent to the transfer

the transfer is necessary for the performance of a contract between the data subject and the data controller.

49


CHAPTER

6:

CUSTOMER

INFORMATION

CAN I SEND PERSONAL DATA ABROAD?

Am I transferring personal data to a country which is not within the EEA?

NO

YES Is the country on an EU approved list?

YES

The transfer does not breach the Eighth Principle

NO Does the country of the transferee have adequate data protection controls by virtue of a legal or self-regulatory regime (including ‘safe harbor’)?

YES

NO Is there a contract in place governing the transfer which ensures adequate protection?

YES

NO Has the data subject consented to the transfer?

YES

NO Does any other Schedule 4 exemption (including appropriate contractual clauses) apply?

YES

The transfer is lawful

NO The transfer is unlawful

Figure 8: Data exports

50


CHAPTER

6:

CUSTOMER

INFORMATION

Data subject access requests Data controllers must be ready to supply relevant information to any data subject that requests access to his or her personal data. An individual who suspects that any sole trader,company or other organisation is processing data concerning them may make a request of the data controller to see a copy of all such data.They are entitled to be given information as to: •

the purposes of processing

the types of recipient to whom the data may be disclosed

the source of the data.

Data controllers must comply with a data subject access request within the maximum time limit set by the law (usually 40 days).They may charge a fee,up to the statutory maximum (£10 in most cases).

Data protection and websites Only two of the six threshold conditions for processing that appear above are likely to apply to website processing.The first is that the consent of the data subject has been obtained to each use to which the personal data will be put.To put this in the context of a website, users may be required to register online to receive a particular service.Such a service might,for example,be the sending to the user of regular updates by e-mail, or it may be the provision of access to certain areas of the website.Where a user purchases goods online they will naturally be required to supply some personal details. In most cases the user is required to complete a number of fields on a user registration page,such as name,address,e-mail address, date of birth and any other information that may be required by the operators of the website for marketing or other reasons.Unless there is an appropriate data protection notice on the user registration page, the operators of the site will be substantially restricted in what they are able to do with the data they collect. This is unfortunate because much of the potential value in an e-commerce business is its database of customers or contacts and the marketing opportunities that may exist in relation to that database. E-commerce businesses should therefore consider all the purposes for which they will be using the data, and construct an appropriate data protection notice to obtain the relevant consent. In many cases an opt-out box will be appropriate so that the data subject is given an opportunity to withhold consent for certain anticipated usage.

51


CHAPTER

6:

CUSTOMER

INFORMATION

Example of opt-out provision We may use the information you have supplied to keep you informed of products and services that we feel may be of interest to you. If you do not wish us to do so, please tick the following box: 䡺 䡵

Figure 9: Example of opt-out provision The second of the processing conditions that may apply is that the processing is necessary to perform a contract between the user and the e-business.This will arise for example where the user makes an online order for delivery of goods. It will be necessary,in order to perform that contract,to request and otherwise process the name of the purchaser and their delivery address. It may also be necessary to take a credit card number and pass this to a third party bank so that payment can be taken. One further risk commonly run by website operators is in the requesting of too much information from registered users.The Third Data Protection Principle (see above) provides that,‘personal data shall be adequate, relevant and not excessive in relation to the purposes or purposes for which they are processed’.To take an example, suppose that a website offers free e-mail updates on the price of beef from time to time. On the user registration page, the data subject is required to supply their name,address,e-mail address and date of birth.Clearly the information being requested is excessive for its stated purpose.To carry out its function (sending an e-mail to users on the price of beef) no more information is required than the user’s e-mail address. If the excessive data (in this case name, address and date of birth) is required by the website operator for any purpose other than the supply of beef price information, then this purpose must be stated on the site and the user must be given an opportunity to opt-out of such processing. Breaching any of the data protection principles leads to the risk of enforcement action by the Office of the Information Commissioner. Some marketing schemes require the website user to supply the e-business with the names and details of their friends so that the e-business may inform the friend of its offers.Here the e-business will be obtaining data on an individual from someone other than the individual to whom it relates. In respect of such third party data, the legal position is problematic in that the e-business is under a duty to contact the relevant individual to inform him or her that it is in receipt of the data and the purpose for holding it.The only exception to this requirement is where such action would involve ‘disproportionate effort’ on the part of the business. The disproportionate effort exemption is unlikely to apply in the case of website processing due to the ease with which the e-business could send an e-mail containing the information to the relevant individual.

52


CHAPTER

6:

CUSTOMER

INFORMATION

Use of cookies Cookies are devices that are inserted on a user’s hard drive when he or she is visiting a website. Essentially they are pieces of code that will identify the user when he or she returns to the site and can be used to track a user’s movement around the site and throughout the Internet generally. The use of cookies for advertising and selling purposes will amount to ‘direct marketing’within the meaning of the DPA,and is therefore subject to the right of an individual to request the cessation of such activity. E-businesses must react to such a request within 21 days and will need to have procedures in place to either: •

disable the cookie in relation to the specific customer who made the request; or

flag the specific customer’s account so that no further attempts at direct marketing are made to that person.

From a user’s point of view, the implications for personal privacy of the use of cookies are substantial.In many cases the tracking of a surfer’s movements around the Internet will amount to sensitive personal data processing and therefore be unlawful. Users can make subject access requests of e-businesses to check what information is being stored on them.If the information stored is unrelated to their visit to the site,or where they have not given consent for its storage,a user could make a justified complaint to the Information Commissioner.

Human rights and e-commerce The Human Rights Act 1998 (HRA) came into force in October 2000. It has staggering implications for all aspects of commercial life,including e-commerce. The most significant aspect of the Act in the context of customer and user information is Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (see Figure 10). Whilst it is true that the HRA ostensibly applies only to the activities of ‘public authorities’, the recent decision of the Court of Appeal in the case brought by Catherine Zeta-Jones in respect of her wedding photographs suggests that the court may effectively enforce the right of privacy against all UK businesses, not just those which form part of the public sector.

53


CHAPTER

6:

CUSTOMER

INFORMATION

Article 8 of the European Convention on Human Rights 1.

Everyone has the right to respect for his private and family life, his home and his correspondence.

2.

There shall be no interference by a public authority with the exercise of this right except such as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals or for the protection of the rights and freedoms of others.

Figure 10:Article 8 of the European Convention on Human Rights

Location data and m-commerce M-commerce (or mobile commerce) is the facility to transact business by use of a mobile telephone.With the advent of broadband access, which is promised by the forthcoming third generation (3G) network,comes the possibility of massive growth in commercial activity over the airwaves.One of the most sensitive issues concerns the current ban on processing of location data. It is clear and undisputed that the facility to pinpoint a mobile telephone’s location is of significant commercial worth.The information that can be provided to a mobile telephone subscriber may be of substantial utility.Who would not be interested in receiving an on-screen version of the menu of the nearest French restaurant, or to have access to street directions to the nearest cinema which is showing a particular movie? But the technical ability to locate an individual mobile telephone user is not the same as the legal ability to do so.The realisation that telecommunications companies may be unable to benefit from location-based applications to the extent that they had once dreamed, has led many in the industry to conclude that too much money has been paid to governments for 3G licences. In order to understand the legal restrictions that apply to the use of location tracking technology, it is helpful to consider the potential types of geographical tracking that are available.Cell ID,already in use in GSM networks,can provide the location of an individual mobile telephone user to within an accuracy of about 200 metres in urban areas.Other technologies being developed provide greater precision in the ascertaining of location.Time Difference of Arrival (TDOA) is a network-based positioning technology that monitors the position of users continuously and does not allow them a method of disabling the function (other than turning off the

54


CHAPTER

6:

CUSTOMER

INFORMATION

telephone). Enhanced Observed Time Difference (EOTD) is a technology that requires the installation of appropriate software in mobile handsets,but does allow some degree of user control over whether or not location data is transmitted to the network. The first hurdle for location services providers to overcome is the Data Protection Act 1998. As has been described above,this statute requires (with a few exceptions) the consent of an individual for the processing of his or her personal data.The second hurdle, and one that will be more difficult to overcome in the short-term due to the irrelevance of ‘consent’ as an exception, is the Telecommunications (Data Protection and Privacy) Regulations 1999.The Regulations complement the DPA but provide for significant restrictions for telecommunications service providers beyond those relevant to non-telecommunications businesses. As identified in the November 2000 issue of Privacy and Data Protection, Regulation 8 of the 1999 Regulations bans telecommunications companies from sending marketing materials to their subscribers unless such materials relate solely to services that they themselves provide. Effectively this provision prevents the sending to subscribers of locationspecific advertising or marketing information relating to the goods and services of third parties. In the medium term there is a new legislative provision that is being drafted by the European Commission that will permit location-based services in certain circumstances. It will overrule the current marketing ban and allow the processing of geographical location data for the provision of ‘value added services’ as long as consent has been obtained.The new law is unlikely to be effective in the UK before the end of 2002. Of course, the UK Parliament could choose to short-circuit the process by amending the 1999 Regulations to allow what will, in any event,become permissible under the European proposals.The government has after all recently taken in excess of £22 billion from telecommunications companies for the 3G licences, money that was arguably paid in anticipation of the facility to provide location-based services.

55


Security E L E C T R O N I C S I G N AT U R E S ENCRYPTION

chapter

7


CHAPTER

7:

SECURITY

Chapter 7: Security

Electronic signatures The Electronic Communications Act 2000, the first piece of pure e-commerce legislation in the UK, provides that an electronic signature ‘incorporated into or logically associated with a particular electronic communication or particular electronic data, and the certification by any person of such a signature’ shall be admissible in evidence in any legal proceedings as to the authenticity or integrity of the communication or data. Although the definition seems somewhat cumbersome, it is designed to be ‘technologically neutral’ so as to be compatible with future needs. This provision is designed to increase confidence in the commercial use of the Internet,particularly in B2B transactions.Under the Act,an electronic identification of a person or company can be used in court to show that that person or company made a contract. An electronic,or digital,signature is essentially something associated with an electronic document that performs the same function as a manual signature. On 30 November 2000 the European Commission adopted a new legal framework for the use and recognition of electronic signatures.The E-Signatures Directive requires that e-signatures must be attested by a certificate that sets out the signatory’s identity,and obliges certification providers to comply with compliance with certain technical requirements (set out in Annex II).Devices used to create digital signatures must comply with the requirements set out in Annex III.The Directive – which can be seen at www.europa.eu.int/comm/dg15/en/media/sign/index.htm – should be implemented in Member States of the European Union (including the UK) by 19 July 2001.

57


CHAPTER

7:

SECURITY

Encryption The Electronic Communications Act 2000 sets up a register of cryptography service providers.The Act imposes a duty on the Secretary of State to establish and maintain a register of approved providers of ‘cryptography support services’.This is defined as any service to those sending or receiving electronic communications, or to those who store electronic data, and which is designed to facilitate the use of cryptographic techniques for the following purposes: •

ensuring that such communications or data can be accessed or put into an intelligible form, only by certain persons (the ‘confidentiality provision’)

ensuring that the authenticity or integrity of such communication or data is capable of being ascertained.

It should be noted that although the provisions of the Act that would have required e-businesses to deposit copies of their digital keys with third parties were dropped during its passage through Parliament,the Regulation of Investigatory Powers Act 2000 provides that e-businesses must hand over encrypted material in a decrypted form when required to do so by the police or security services.

58


Tax VAT T H E L O C AT I O N O F W E B S E R V E R S

chapter

8


CHAPTER

8:

TAX

Chapter 8: Tax There are several aspects of taxation that are unclear and confusing as far as ecommerce is concerned.This Report makes no attempt to analyse the law and practice of taxation in general but this chapter examines the main areas of controversy and the aspects of taxation that should be watched for future developments.

VAT Internet retailers are at risk from recent moves by governments trying to claw back sales taxes. How to tax e-commerce is a problem for governments, but it is a policy issue that is likely to become more prominent as e-commerce accelerates around the world.The global nature of e-commerce throws up jurisdictional issues as far as tax is concerned. The problems include which regions tax laws should apply when consumers buy goods over the Internet, and which organisation should take responsibility for collecting tax on goods and services sold. The Organisation for Economic Co-operation and Development (OECD) has sought to make its interest known on some of these issues by establishing a global framework for their discussion. Although loss of tax on Internet sales is still a small problem, there are signs of regional skirmishes emerging, especially over indirect sales taxes, or VAT. In the US, the debate over Internet taxation is between liberals, concerned about the loss to states if local sales taxes are not enforced, and free marketers, who wish for no tax to be imposed on commerce. Some European governments are keen to impose sales taxes on US companies when selling to European consumers.At the EU level, legislation on tax and ecommerce has not changed at all in the last six years. European companies are at a disadvantage to non-EU rivals because they have to include VAT on goods sold over the Internet, while their US and Japanese rivals do not.The European Commission proposed that non-EU companies that had more than 100,000 euros of Internet sales for digitally downloaded items should register in a single EU country for VAT purposes. The proposal of having a single tax point met with some approval from American companies. But many countries rejected the Commission’s plans. Instead France put forward alternative proposals that would require companies to register for VAT in all EU countries where they do business.

60


CHAPTER

8:

TAX

These new Commission proposals are not expected until June 2001 and even if voting on the new system is unanimous, it will probably be at least 2003 before Member States have to implement it fully. What this delay essentially means is that, for the time being, European consumers, should continue to be able to buy certain goods over the Internet at cheaper prices from overseas.

The location of web servers There has been some recent discussion on whether the mere use of computer equipment in another country could render an e-business liable to pay tax in that country. Some commentators suggest that a website server could constitute a ‘permanent establishment’and thus render a business located in one country liable to pay tax in the country where its server is located. International taxation issues of this sort are commonly dealt with under international conventions, many of which have been based on the OECD model convention. In early 2001 the OECD reported its view of the status of websites as follows: •

A website cannot, of itself, constitute a permanent establishment

A website hosting arrangement typically does not result in a permanent establishment for the enterprise that carries on business through that website

An Independent Service Provider hosting websites of other businesses on its own server will not,subject to very limited exceptions,constitute a dependent agent of another enterprise so as to constitute a permanent establishment of that enterprise.

As far as servers are concerned,the OECD was unable to reach a consensus view as to whether their presence at a particular location could amount to a permanent establishment.Currently the view is that if such equipment is part of the profit-making activity of the enterprise then it could well lead to a finding of ‘permanent establishment’ by the relevant taxation authority. The tax effects of UK e-businesses using computers located in other jurisdictions thus remains unclear.What is clear, from an Inland Revenue Press Release dated 11 April 2000, is that as far as foreign e-businesses are concerned, in no circumstances will the mere presence of a server in the UK constitute a permanent establishment of that business.The hope therefore is that other countries will follow the lead of the Inland Revenue.

61


Appendices APPENDIX 1:

GLOSSARY

APPENDIX 2:

C H E C K L I S T O F E S S E N T I A L L E G A L C O N S I D E R AT I O N S

APPENDIX 3:

CONSUMER PROTECTION ( D I S TA N C E S E L L I N G ) R E G U L AT I O N S 2 0 0 0

APPENDIX 4:

UNIFORM DISPUTE RESOLUTION POLICY

APPENDIX 5:

UNIFORM DISPUTE RESOLUTION POLICY APPROVED PROVIDERS

APPENDIX 6:

USEFUL ADDRESSES AND WEBSITES


APPENDIX

1:

GLOSSARY

Appendix 1: Glossary ASP Applications Service Provider – an online provider of computer applications,such as software. B2B Business to Business – commercial transactions undertaken between businesses. B2C Business to Consumer – business to consumer transactions is what has driven the rapid expansion in the commercial use of the Internet,particularly the World Wide Web, to date. Cookie A piece of hidden text/code which is stored on a user’s hard drive and which tracks their navigation around a website. Cybersquatting The activity of purchasing the exclusive rights to use one or more domain names in the hope of selling these rights in the future. Data protection That branch of the law that regulates the processing of personal data. Decryption A technique for the decoding of encrypted material. Deep-linking The process of linking one web page with another where that other page does not form part of the home or lead pages of the third party’s website.

63


APPENDIX

1:

GLOSSARY

Digital signature A secure identifier that can be transmitted across digital networks. Domain name The human-friendly version of an Internet protcol address.Domain names consist of a Top Level Domain (e.g. .com or .co.uk) plus one or more sub-domains. Encryption The encoding of material such that it cannot be understood by any person who does not have access to the relevant decryption technology. Internet protocol address A unique set of four numbers separated by full stops which denote a single computer or server which is connected to the Internet. ISP Internet Service Provider – a provider of Internet connectivity. Meta tags Text hidden within an HTML document which is picked up by search engines. Personal data Any information that identifies a living individual. URL Uniform Resource Locator i.e.the unique address of any resource on the Internet. World Wide Web That part of the Internet that uses the Hyper Text Transfer Protocol (HTTP) to display so-called web pages and to allow links between such pages anywhere on the Internet.

64


APPENDIX

2:

CHECKLIST

OF

ESSENTIAL

LEGAL

CONSIDERATIONS

Appendix 2: Checklist of essential legal considerations 1.

Does the e-commerce business intend to collect customer details online? If so, data protection legislation must be complied with. In most cases this will involve providing an appropriate data protection notice on the user registration page.Additionally, the e-business must be registered with the Office of the Information Commissioner.

2.

Is it intended to send future marketing materials to the customers of the e-business? If so, then additional data protection consent must be taken for this purpose by use of appropriate opt-out provisions.

3.

Is the website development and hosting function being outsourced? If so, an agreement should be entered into which safeguards the ecommerce business from the negative impact of a number of potential events, such as the hosting company going into liquidation. If not, employment contracts should be checked to ensure that IP assignments are taken from all relevant employees engaged in the design process.

4.

Are products or services to be sold online? If so, then appropriate terms and conditions for such sale must appear on the website.Where any of the customers are consumers,such persons must be informed of their right to return the goods for a full refund within 7 working days of receipt.

5.

Will the e-business correspond with its customers or suppliers by email? If so,certain formalities must be complied with.Each e-mail must contain certain information including the name, registered office address and company registration number of the e-business.

65


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

Appendix 3: Consumer Protection (Distance Selling) Regulations 2000

2000 No. 2334 CONSUMER PROTECTION The Consumer Protection (Distance Selling) Regulations 2000 Made

31 August 2000

Laid before Parliament 1 September 2000 Coming into force

31 October 2000

The Secretary of State, being a Minister designated for the purposes of section 2(2) of the European Communities Act 1972 in relation to matters relating to consumer protection,in exercise of the powers conferred on him by section 2(2) of that Act, hereby makes the following Regulations: 1.

2.

Title, commencement and extent 1)

These Regulations may be cited as the Consumer Protection (Distance Selling) Regulations 2000 and shall come into force on 31 October 2000.

2)

These Regulations extend to Northern Ireland.

Revocation The Mail Order Transactions (Information) Order 1976 is hereby revoked.

3.

Interpretation 1)

In these Regulations: •

‘breach’ means contravention by a supplier of a prohibition in, or failure to comply with a requirement of, these Regulations;

‘business’ includes a trade or profession;

‘consumer’ means any natural person who, in contracts to which these Regulations apply, is acting for purposes which are outside his business;

66


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

‘court’in relation to England and Wales and Northern Ireland means a County court or the High Court,and in relation to Scotland means the Sheriff Court or the Court of Session;

‘credit’ includes a cash loan and any other form of financial accommodation,and for this purpose ‘cash’includes money in any form;

‘Director’ means the Director General of Fair Trading;

‘distance contract’ means any contract concerning goods or services concluded between a supplier and a consumer under an organised distance sales or service provision scheme run by the supplier who,for the purpose of the contract,makes exclusive use of one or more means of distance communication up to and including the moment at which the contract is concluded;

‘EEA Agreement’means the Agreement on the European Economic Area signed at Oporto on 2 May 1992 as adjusted by the Protocol signed at Brussels on 17 March 1993;

‘enactment’ includes an enactment comprised in, or in an instrument made under, an Act of the Scottish Parliament;

‘enforcement authority’ means the Director, every weights and measures authority in Great Britain, and the Department of Enterprise,Trade and Investment in Northern Ireland;

‘excepted contract’ means a contract such as is mentioned in regulation 5(1);

‘means of distance communication’ means any means which, without the simultaneous physical presence of the supplier and the consumer,may be used for the conclusion of a contract between those parties; and an indicative list of such means is contained in Schedule 1;

‘Member State’means a State that is a contracting party to the EEA Agreement;

‘operator of a means of communication’means any public or private person whose business involves making one or more means of distance communication available to suppliers;

‘period for performance’has the meaning given by regulation 19(2);

‘personal credit agreement’ has the meaning given by regulation 14(8);

‘related credit agreement’has the meaning given by regulation 15(5);

2000

67


APPENDIX

3:

CONSUMER

2)

4.

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

‘supplier’ means any person who, in contracts to which these Regulations apply,is acting in his commercial or professional capacity; and

‘working days’ means all days other than Saturdays, Sundays and public holidays.

2000

In the application of these Regulations to Scotland, for references to an ‘injunction’ or an ‘interim injunction’ there shall be substituted references to an ‘interdict’ or an ‘interim interdict’ respectively.

Contracts to which these Regulations apply These Regulations apply,subject to regulation 6,to distance contracts other than excepted contracts.

5.

Excepted contracts 1)

2)

The following are excepted contracts, namely any contract: a)

for the sale or other disposition of an interest in land except for a rental agreement;

b)

for the construction of a building where the contract also provides for a sale or other disposition of an interest in land on which the building is constructed, except for a rental agreement;

c)

relating to financial services, a non-exhaustive list of which is contained in Schedule 2;

d)

concluded by means of an automated vending machine or automated commercial premises;

e)

concluded with a telecommunications operator through the use of a public pay-phone;

f)

concluded at an auction.

References in paragraph (1) to a rental agreement – a)

if the land is situated in England and Wales, are references to any agreement which does not have to be made in writing (whether or not in fact made in writing) because of section 2(5)(a) of the Law of Property (Miscellaneous Provisions) Act 1989;

b)

if the land is situated in Scotland, are references to any agreement for the creation, transfer, variation or extinction of an interest in land, which does not have to be made in writing (whether or not in fact made in writing) as provided for in section 1(2) and (7) of the Requirements of Writing (Scotland) Act 1995; and

68


APPENDIX

3:

CONSUMER

c)

3)

6.

(DISTANCE

SELLING)

REGULATIONS

2000

if the land is situated in Northern Ireland, are references to any agreement which is not one to which section II of the Statute of Frauds, (Ireland) 1695 applies.

Paragraph (2) shall not be taken to mean that a rental agreement in respect of land situated outside the United Kingdom is not capable of being a distance contract to which these Regulations apply.

Contracts to which only part of these Regulations applies 1)

Regulations 7 to 20 shall not apply to a contract which is a ‘timeshare agreement’within the meaning of the Timeshare Act 1992 and to which that Act applies.

2)

Regulations 7 to 19(1) shall not apply to:

3)

7.

PROTECTION

a)

contracts for the supply of food, beverages or other goods intended for everyday consumption supplied to the consumer’s residence or to his workplace by regular roundsmen; or

b)

contracts for the provision of accommodation,transport,catering or leisure services,where the supplier undertakes,when the contract is concluded,to provide these services on a specific date or within a specific period.

Regulations 19(2) to (8) and 20 do not apply to a contract for a ‘package’ within the meaning of the Package Travel, Package Holidays and Package Tours Regulations 1992 which is sold or offered for sale in the territory of the Member States.

Information required prior to the conclusion of the contract 1)

Subject to paragraph (4), in good time prior to the conclusion of the contract the supplier shall: a)

provide to the consumer the following information: •

the identity of the supplier and, where the contract requires payment in advance, the supplier’s address;

a description of the main characteristics of the goods or services;

the price of the goods or services, including all taxes;

delivery costs where appropriate;

the arrangements for payment, delivery or performance;

the existence of a right of cancellation except in the cases referred to in regulation 13;

69


APPENDIX

3:

8.

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

the cost of using the means of distance communication where it is calculated other than at the basic rate;

the period for which the offer or the price remains valid;and

where appropriate, the minimum duration of the contract, in the case of contracts for the supply of goods or services to be performed permanently or recurrently;

b)

inform the consumer if he proposes, in the event of the goods or services ordered by the consumer being unavailable, to provide substitute goods or services (as the case may be) of equivalent quality and price; and

c)

inform the consumer that the cost of returning any such substitute goods to the supplier in the event of cancellation by the consumer would be met by the supplier.

2)

The supplier shall ensure that the information required by paragraph (1) is provided in a clear and comprehensible manner appropriate to the means of distance communication used, with due regard in particular to the principles of good faith in commercial transactions and the principles governing the protection of those who are unable to give their consent, such as minors.

3)

Subject to paragraph (4), the supplier shall ensure that his commercial purpose is made clear when providing the information required by paragraph (1).

4)

In the case of a telephone communication, the identity of the supplier and the commercial purpose of the call shall be made clear at the beginning of the conversation with the consumer.

2000

Written and additional information 1)

Subject to regulation 9, the supplier shall provide to the consumer in writing, or in another durable medium that is available and accessible to the consumer, the information referred to in paragraph (2), either: a)

prior to the conclusion of the contract, or

b)

thereafter, in good time and in any event: •

during the performance of the contract, in the case of services; and

at the latest at the time of delivery where goods not for delivery to third parties are concerned.

70


APPENDIX

3:

CONSUMER

2)

3)

9.

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

The information required to be provided by paragraph (1) is: a)

the information set out in paragraphs (i) to (vi) of Regulation 7(1)(a);

b)

information about the conditions and procedures for exercising the right to cancel under regulation 10, including: •

where a term of the contract requires (or the supplier intends that it will require) that the consumer shall return the goods to the supplier in the event of cancellation,notification of that requirement; and

information as to whether the consumer or the supplier would be responsible under these Regulations for the cost of returning any goods to the supplier, or the cost of his recovering them, if the consumer cancels the contract under regulation 10;

c)

the geographical address of the place of business of the supplier to which the consumer may address any complaints;

d)

information about any after-sales services and guarantees; and

e)

the conditions for exercising any contractual right to cancel the contract, where the contract is of an unspecified duration or a duration exceeding one year.

Subject to regulation 9, prior to the conclusion of a contract for the supply of services, the supplier shall inform the consumer in writing or in another durable medium which is available and accessible to the consumer that, unless the parties agree otherwise, he will not be able to cancel the contract under regulation 10 once the performance of the services has begun with his agreement.

Services performed through the use of a means of distance communication 1)

Regulation 8 shall not apply to a contract for the supply of services which are performed through the use of a means of distance communication, where those services are supplied on only one occasion and are invoiced by the operator of the means of distance communication.

2)

But the supplier shall take all necessary steps to ensure that a consumer who is a party to a contract to which paragraph (1) applies is able to obtain the supplier’s geographical address and the place of business to which the consumer may address any complaints.

71


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

10. Right to cancel 1)

Subject to regulation 13, if within the cancellation period set out in regulations 11 and 12, the consumer gives a notice of cancellation to the supplier,or any other person previously notified by the supplier to the consumer as a person to whom notice of cancellation may be given, the notice of cancellation shall operate to cancel the contract.

2)

Except as otherwise provided by these Regulations,the effect of a notice of cancellation is that the contract shall be treated as if it had not been made.

3)

For the purposes of these Regulations,a notice of cancellation is a notice in writing or in another durable medium available and accessible to the supplier (or to the other person to whom it is given) which, however expressed,indicates the intention of the consumer to cancel the contract.

4)

A notice of cancellation given under this regulation by a consumer to a supplier or other person is to be treated as having been properly given if the consumer:

5)

a)

leaves it at the address last known to the consumer and addressed to the supplier or other person by name (in which case it is to be taken to have been given on the day on which it was left);

b)

sends it by post to the address last known to the consumer and addressed to the supplier or other person by name (in which case, it is to be taken to have been given on the day on which it was posted);

c)

sends it by facsimile to the business facsimile number last known to the consumer (in which case it is to be taken to have been given on the day on which it is sent); or

d)

sends it by electronic mail,to the business electronic mail address last known to the consumer (in which case it is to be taken to have been given on the day on which it is sent).

Where a consumer gives a notice in accordance with paragraph (4)(a) or (b) to a supplier who is a body corporate or a partnership,the notice is to be treated as having been properly given if: a)

in the case of a body corporate, it is left at the address of, or sent to, the secretary or clerk of that body; or

b)

in the case of a partnership, it is left with or sent to a partner or a person having control or management of the partnership business.

72


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

11. Cancellation period in the case of contracts for the supply of goods 1)

For the purposes of regulation 10, the cancellation period in the case of contracts for the supply of goods begins with the day on which the contract is concluded and ends as provided in paragraphs (2) to (5).

2)

Where the supplier complies with regulation 8,the cancellation period ends on the expiry of the period of seven working days,beginning with the day after the day on which the consumer receives the goods.

3)

Where a supplier who has not complied with regulation 8 provides to the consumer the information referred to in regulation 8(2), and does so in writing or in another durable medium available and accessible to the consumer, within the period of three months beginning with the day after the day on which the consumer receives the goods, the cancellation period ends on the expiry of the period of seven working days beginning with the day after the day on which the consumer receives the information.

4)

Where neither paragraph (2) nor (3) applies, the cancellation period ends on the expiry of the period of three months and seven working days beginning with the day after the day on which the consumer receives the goods.

5)

In the case of contracts for goods for delivery to third parties,paragraphs (2) to (4) shall apply as if the consumer had received the goods on the day on which they were received by the third party.

12. Cancellation period in the case of contracts for the supply of services 1)

For the purposes of regulation 10, the cancellation period in the case of contracts for the supply of services begins with the day on which the contract is concluded and ends as provided in paragraphs (2) to (4).

2)

Where the supplier complies with regulation 8 on or before the day on which the contract is concluded, the cancellation period ends on the expiry of the period of seven working days beginning with the day after the day on which the contract is concluded.

3)

Where a supplier who has not complied with regulation 8 on or before the day on which the contract is concluded provides to the consumer the information referred to in regulation 8(2) and (3), and does so in writing or in another durable medium available and accessible to the consumer, within the period of three months beginning with the day after the day on which the contract is concluded,the cancellation period ends on the expiry of the period of seven working days beginning with the day after the day on which the consumer receives the information.

73


APPENDIX

3:

CONSUMER

4)

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

Where neither paragraph (2) nor (3) applies, the cancellation period ends on the expiry of the period of three months and seven working days beginning with the day after the day on which the contract is concluded.

13. Exceptions to the right to cancel 1)

Unless the parties have agreed otherwise, the consumer will not have the right to cancel the contract by giving notice of cancellation pursuant to regulation 10 in respect of contracts: a)

for the supply of services if the supplier has complied with regulation 8(3) and performance of the contract has begun with the consumer’s agreement before the end of the cancellation period applicable under regulation 12;

b)

for the supply of goods or services the price of which is dependent on fluctuations in the financial market which cannot be controlled by the supplier;

c)

for the supply of goods made to the consumer’s specifications or clearly personalised or which by reason of their nature cannot be returned or are liable to deteriorate or expire rapidly;

d)

for the supply of audio or video recordings or computer software if they are unsealed by the consumer;

e)

for the supply of newspapers, periodicals or magazines; or

f)

for gaming, betting or lottery services.

14. Recovery of sums paid by or on behalf of the consumer on cancellation, and return of security 1)

On the cancellation of a contract under regulation 10,the supplier shall reimburse any sum paid by or on behalf of the consumer under or in relation to the contract to the person by whom it was made free of any charge, less any charge made in accordance with paragraph (5).

2)

The reference in paragraph (1) to any sum paid on behalf of the consumer includes any sum paid by a creditor who is not the same person as the supplier under a personal credit agreement with the consumer.

3)

The supplier shall make the reimbursement referred to in paragraph (1) as soon as possible and in any case within a period not exceeding 30 days beginning with the day on which the notice of cancellation was given.

74


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

4)

Where any security has been provided in relation to the contract, the security (so far as it is so provided) shall,on cancellation under regulation 10,be treated as never having had effect and any property lodged with the supplier solely for the purposes of the security as so provided shall be returned by him forthwith.

5)

Subject to paragraphs (6) and (7), the supplier may make a charge, not exceeding the direct costs of recovering any goods supplied under the contract,where a term of the contract provides that the consumer must return any goods supplied if he cancels the contract under regulation 10 but the consumer does not comply with this provision or returns the goods at the expense of the supplier.

6)

Paragraph (5) shall not apply where: a)

the consumer cancels in circumstances where he has the right to reject the goods under a term of the contract, including a term implied by virtue of any enactment, or

b)

the term requiring the consumer to return any goods supplied if he cancels the contract is an ‘unfair term’ within the meaning of the Unfair Terms in Consumer Contracts Regulations 1999.

7)

Paragraph (5) shall not apply to the cost of recovering any goods that were supplied as substitutes for the goods ordered by the consumer.

8)

For the purposes of these Regulations, a personal credit agreement is an agreement between the consumer and any other person (‘the creditor’) by which the creditor provides the consumer with credit of any amount.

2000

15. Automatic cancellation of a related credit agreement 1)

Where a notice of cancellation is given under regulation 10 which has the effect of cancelling the contract, the giving of the notice shall also have the effect of cancelling any related credit agreement.

2)

Where a related credit agreement is cancelled by virtue of paragraph (1),the supplier shall,if he is not the same person as the creditor under that agreement,forthwith on receipt of the notice of cancellation inform the creditor that the notice has been given.

3)

Where a related credit agreement is cancelled by virtue of paragraph (1): a)

any sum paid by or on behalf of the consumer under,or in relation to, the credit agreement which the supplier is not obliged to reimburse under regulation 14(1) shall be reimbursed, except for any sum which, if it had not already been paid, would have to be paid under subparagraph (b);

75


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

b)

the agreement shall continue in force so far as it relates to repayment of the credit and payment of interest,subject to regulation 16;and

c)

subject to subparagraph (b), the agreement shall cease to be enforceable.

4)

Where any security has been provided under a related credit agreement, the security, so far as it is so provided, shall be treated as never having had effect and any property lodged with the creditor solely for the purposes of the security as so provided shall be returned by him forthwith.

5)

For the purposes of this regulation and regulation 16, a ‘related credit agreement’ means an agreement under which fixed sum credit which fully or partly covers the price under a contract cancelled under regulation 10 is granted:

6)

a)

by the supplier, or

b)

by another person,under an arrangement between that person and the supplier.

2000

For the purposes of this regulation and regulation 16: a)

‘creditor’ is a person who grants credit under a related credit agreement;

b)

‘fixed sum credit’ has the same meaning as in section 10 of the Consumer Credit Act 1974;

c)

‘repayment’in relation to credit means repayment of money received by the consumer, and cognate expressions shall be construed accordingly; and

d)

‘interest’ means interest on money so received.

16. Repayment of credit and interest after cancellation of a related credit agreement 1)

This regulation applies following the cancellation of a related credit agreement by virtue of regulation 15(1).

2)

If the consumer repays the whole or a portion of the credit: a)

before the expiry of one month following the cancellation of the credit agreement, or

b)

in the case of a credit repayable by instalments, before the date on which the first instalment is due,

no interest shall be payable on the amount repaid.

76


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

3)

If the whole of a credit repayable by instalments is not repaid on or before the date referred to in paragraph (2)(b),the consumer shall not be liable to repay any of the credit except on receipt of a request in writing,signed by the creditor, stating the amounts of the remaining instalments (recalculated by the creditor as nearly as may be in accordance with the agreement and without extending the repayment period),but excluding any sum other than principal and interest.

4)

Where any security has been provided under a related credit agreement the duty imposed on the consumer to repay credit and to pay interest shall not be enforceable before the creditor has discharged any duty imposed on him by regulation 15(4) to return any property lodged with him as security on cancellation.

2000

17. Restoration of goods by consumer after cancellation 1)

This regulation applies where a contract is cancelled under regulation 10 after the consumer has acquired possession of any goods under the contract other than any goods mentioned in regulation 13(1)(b) to (e).

2)

The consumer shall be treated as having been under a duty throughout the period prior to cancellation: a)

to retain possession of the goods, and

b)

to take reasonable care of them.

3)

On cancellation,the consumer shall be under a duty to restore the goods to the supplier in accordance with this regulation,and in the meanwhile to retain possession of the goods and take reasonable care of them.

4)

The consumer shall not be under any duty to deliver the goods except at his own premises and in pursuance of a request in writing,or in another durable medium available and accessible to the consumer, from the supplier and given to the consumer either before,or at the time when, the goods are collected from those premises.

5)

If the consumer: a)

delivers the goods (whether at his own premises or elsewhere) to any person to whom, under regulation 10(1), a notice of cancellation could have been given; or

b)

sends the goods at his own expense to such a person,

he shall be discharged from any duty to retain possession of the goods or restore them to the supplier.

77


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

6)

Where the consumer delivers the goods in accordance with paragraph (5)(a),his obligation to take care of the goods shall cease;and if he sends the goods in accordance with paragraph (5)(b),he shall be under a duty to take reasonable care to see that they are received by the supplier and not damaged in transit, but in other respects his duty to take care of the goods shall cease when he sends them.

7)

Where,at any time during the period of 21 days beginning with the day notice of cancellation was given, the consumer receives such a request as is mentioned in paragraph (4),and unreasonably refuses or unreasonably fails to comply with it,his duty to retain possession and take reasonable care of the goods shall continue until he delivers or sends the goods as mentioned in paragraph (5),but if within that period he does not receive such a request his duty to take reasonable care of the goods shall cease at the end of that period.

8)

Where: a)

a term of the contract provides that if the consumer cancels the contract, he must return the goods to the supplier, and

b)

the consumer is not otherwise entitled to reject the goods under the terms of the contract or by virtue of any enactment,

2000

paragraph (7) shall apply as if for the period of 21 days there were substituted the period of 6 months. 9)

Where any security has been provided in relation to the cancelled contract, the duty to restore goods imposed on the consumer by this regulation shall not be enforceable before the supplier has discharged any duty imposed on him by regulation 14(4) to return any property lodged with him as security on cancellation.

10) Breach of a duty imposed by this regulation on a consumer is actionable as a breach of statutory duty. 18. Goods given in part-exchange 1)

This regulation applies on the cancellation of a contract under regulation 10 where the supplier agreed to take goods in part-exchange (the ‘part-exchange goods’) and those goods have been delivered to him.

2)

Unless,before the end of the period of 10 days beginning with the date of cancellation,the part-exchange goods are returned to the consumer in a condition substantially as good as when they were delivered to the supplier, the consumer shall be entitled to recover from the supplier a sum equal to the part-exchange allowance.

78


APPENDIX

3:

19.

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

3)

In this regulation the part-exchange allowance means the sum agreed as such in the cancelled contract, or if no such sum was agreed, such sum as it would have been reasonable to allow in respect of the partexchange goods if no notice of cancellation had been served.

4)

Where the consumer recovers from the supplier a sum equal to the partexchange allowance,the title of the consumer to the part-exchange goods shall vest in the supplier (if it has not already done so) on recovery of that sum.

2000

Performance 1)

Unless the parties agree otherwise,the supplier shall perform the contract within a maximum of 30 days beginning with the day after the day the consumer sent his order to the supplier.

2)

Subject to paragraphs (7) and (8),where the supplier is unable to perform the contract because the goods or services ordered are not available, within the period for performance referred to in paragraph (1) or such other period as the parties agree (‘the period for performance’),he shall: a)

inform the consumer; and

b)

reimburse any sum paid by or on behalf of the consumer under or in relation to the contract to the person by whom it was made.

3)

The reference in paragraph (2)(b) to any sum paid on behalf of the consumer includes any sum paid by a creditor who is not the same person as the supplier under a personal credit agreement with the consumer.

4)

The supplier shall make the reimbursement referred to in paragraph (2)(b) as soon as possible and in any event within a period of 30 days beginning with the day after the day on which the period for performance expired.

5)

A contract which has not been performed within the period for performance shall be treated as if it had not been made, save for any rights or remedies which the consumer has under it as a result of the non-performance.

6)

Where any security has been provided in relation to the contract, the security (so far as it is so provided) shall, where the supplier is unable to perform the contract within the period for performance, be treated as never having had any effect and any property lodged with the supplier solely for the purposes of the security as so provided shall be returned by him forthwith.

79


APPENDIX

3:

CONSUMER

7)

8)

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

Where the supplier is unable to supply the goods or services ordered by the consumer,the supplier may perform the contract for the purposes of these Regulations by providing substitute goods or services (as the case may be) of equivalent quality and price provided that: a)

this possibility was provided for in the contract;

b)

prior to the conclusion of the contract the supplier gave the consumer the information required by regulation 7(1)(b) and (c) in the manner required by regulation 7(2).

In the case of outdoor leisure events that by their nature cannot be rescheduled, paragraph 2(b) shall not apply where the consumer and the supplier so agree.

20. Effect of non-performance on related credit agreement 1)

Where a supplier is unable to perform the contract within the period for performance: a)

regulations 15 and 16 shall apply to any related credit agreement as if the consumer had given a valid notice of cancellation under regulation 10 on the expiry of the period for performance; and

b)

the reference in regulation 15(3)(a) to regulation 14(1) shall be read, for the purposes of this regulation, as a reference to regulation 19(2).

21. Payment by card 1)

Subject to paragraph (4), the consumer shall be entitled to cancel a payment where fraudulent use has been made of his payment card in connection with a contract to which this regulation applies by another person not acting, or to be treated as acting, as his agent.

2)

Subject to paragraph (4), the consumer shall be entitled to be recredited, or to have all sums returned by the card issuer, in the event of fraudulent use of his payment card in connection with a contract to which this regulation applies by another person not acting, or to be treated as acting, as the consumer’s agent.

3)

Where paragraphs (1) and (2) apply,in any proceedings if the consumer alleges that any use made of the payment card was not authorised by him it is for the card issuer to prove that the use was so authorised.

4)

Paragraphs (1) and (2) shall not apply to an agreement to which section 83(1) of the Consumer Credit Act 1974 applies.

80


APPENDIX

3:

CONSUMER

5)

6)

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

Section 84 of the Consumer Credit Act 1974 (misuse of credit-tokens) is amended by the insertion after subsection (3) of: •

‘(3A) Subsections (1) and (2) shall not apply to any use,in connection with a distance contract (other than an excepted contract), of a card which is a credit-token.

(3B) In subsection (3A),‘distance contract’and ‘excepted contract’ have the meanings given in the Consumer Protection (Distance Selling) Regulations 2000.’

For the purposes of this regulation: •

‘card issuer’ means the owner of the card; and

‘payment card’includes credit cards,charge cards,debit cards and store cards.

22. Amendments to the Unsolicited Goods and Services Act 1971 1)

The Unsolicited Goods and Services Act 1971 is amended as follows.

2)

Omit section 1 (rights of recipient of unsolicited goods).

3)

In subsection (1) of section 2 (demands and threats regarding payment), after ‘them’ insert ‘for the purposes of his trade or business’.

4)

The amendments made by this regulation apply only in relation to goods sent after the date on which it comes into force.

23. Amendments to the Unsolicited Goods and Services (Northern Ireland) Order 1976 1)

The Unsolicited Goods and Services (Northern Ireland) Order 1976 is amended as follows.

2)

Omit Article 3 (rights of recipient of unsolicited goods).

3)

In paragraph (1) of Article 4 (demands and threats regarding payment), after ‘them’ insert ‘for the purposes of his trade or business’.

4)

The amendments made by this regulation apply only in relation to goods sent after the date on which it comes into force.

81


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

24. Inertia selling 1)

Paragraphs (2) and (3) apply if: a)

unsolicited goods are sent to a person (‘the recipient’) with a view to his acquiring them;

b)

the recipient has no reasonable cause to believe that they were sent with a view to their being acquired for the purposes of a business; and

c)

the recipient has neither agreed to acquire nor agreed to return them.

2)

The recipient may, as between himself and the sender, use, deal with or dispose of the goods as if they were an unconditional gift to him.

3)

The rights of the sender to the goods are extinguished.

4)

A person who, not having reasonable cause to believe there is a right to payment, in the course of any business makes a demand for payment,or asserts a present or prospective right to payment,for what he knows are: a)

unsolicited goods sent to another person with a view to his acquiring them for purposes other than those of his business, or

b)

unsolicited services supplied to another person for purposes other than those of his business,

is guilty of an offence and liable, on summary conviction, to a fine not exceeding level 4 on the standard scale. 5)

A person who, not having reasonable cause to believe there is a right to payment,in the course of any business and with a view to obtaining payment for what he knows are unsolicited goods sent or services supplied as mentioned in paragraph (4): a)

threatens to bring any legal proceedings, or

b)

places or causes to be placed the name of any person on a list of defaulters or debtors or threatens to do so, or

c)

invokes or causes to be invoked any other collection procedure or threatens to do so,

is guilty of an offence and liable, on summary conviction, to a fine not exceeding level 5 on the standard scale.

82


APPENDIX

3:

CONSUMER

6)

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

In this regulation •

‘acquire’ includes hire;

‘send’ includes deliver;

‘sender’, in relation to any goods, includes: a)

any person on whose behalf or with whose consent the goods are sent;

b)

any other person claiming through or under the sender or any person mentioned in paragraph (a); and

c)

any person who delivers the goods; and

‘unsolicited’means,in relation to goods sent or services supplied to any person, that they are sent or supplied without any prior request made by or on behalf of the recipient. 7)

For the purposes of this regulation,an invoice or similar document which: a)

states the amount of a payment, and

b)

fails to comply with the requirements of regulations made under section 3A of the Unsolicited Goods and Services Act 1971 or, as the case may be,Article 6 of the Unsolicited Goods and Services (Northern Ireland) Order 1976 applicable to it,

is to be regarded as asserting a right to the payment. 8)

Section 3A of the Unsolicited Goods and Services Act 1971 applies for the purposes of this regulation in its application to England,Wales and Scotland as it applies for the purposes of that Act.

9)

Article 6 of the Unsolicited Goods and Services (Northern Ireland) Order 1976 applies for the purposes of this regulation in its application to Northern Ireland as it applies for the purposes of that Order.

10) This regulation applies only to goods sent and services supplied after the date on which it comes into force.

83


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

25. No contracting-out 1)

A term contained in any contract to which these Regulations apply is void if, and to the extent that, it is inconsistent with a provision for the protection of the consumer contained in these Regulations.

2)

Where a provision of these Regulations specifies a duty or liability of the consumer in certain circumstances,a term contained in a contract to which these Regulations apply,other than a term to which paragraph (3) applies, is inconsistent with that provision if it purports to impose, directly or indirectly, an additional duty or liability on him in those circumstances.

3)

This paragraph applies to a term that requires the consumer to return any goods supplied to him under the contract if he cancels it under regulation 10.

4)

A term to which paragraph (3) applies shall,in the event of cancellation by the consumer under regulation 10,have effect only for the purposes of regulation 14(5) and 17(8).

5)

These Regulations shall apply notwithstanding any contract term that applies or purports to apply the law of a non-Member State if the contract has a close connection with the territory of a Member State.

26. Consideration of complaints 1)

It shall be the duty of an enforcement authority to consider any complaint made to it about a breach unless: a)

the complaint appears to the authority to be frivolous or vexatious; or

b)

another enforcement authority has notified the Director that it agrees to consider the complaint.

2)

If an enforcement authority notifies the Director that it agrees to consider a complaint made to another enforcement authority,the first mentioned authority shall be under a duty to consider the complaint.

3)

An enforcement authority which is under a duty to consider a complaint shall give reasons for its decision to apply or not to apply, as the case may be, for an injunction under regulation 27.

4)

In deciding whether or not to apply for an injunction in respect of a breach an enforcement authority may, if it considers it appropriate to do so,have regard to any undertaking given to it or another enforcement authority by or on behalf of any person as to compliance with these Regulations.

84


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

27. Injunctions to secure compliance with these Regulations 1)

The Director or,subject to paragraph (2),any other enforcement authority may apply for an injunction (including an interim injunction) against any person who appears to the Director or that authority to be responsible for a breach.

2)

An enforcement authority other than the Director may apply for an injunction only where:

3)

a)

it has notified the Director of its intention to apply at least fourteen days before the date on which the application is to be made, beginning with the date on which the notification was given; or

b)

the Director consents to the application being made within a shorter period.

The court on an application under this regulation may grant an injunction on such terms as it thinks fit to secure compliance with these Regulations.

28. Notification of undertakings and orders to the Director 1)

An enforcement authority other than the Director shall notify the Director: a)

of any undertaking given to it by or on behalf of any person who appears to it to be responsible for a breach;

b)

of the outcome of any application made by it under regulation 27 and of the terms of any undertaking given to or order made by the court;

c)

of the outcome of any application made by it to enforce a previous order of the court.

29. Publication, information and advice 1)

The Director shall arrange for the publication in such form and manner as he considers appropriate of: a)

details of any undertaking or order notified to him under regulation 28;

b)

details of any undertaking given to him by or on behalf of any person as to compliance with these Regulations;

c)

details of any application made by him under regulation 27,and of the terms of any undertaking given to,or order made by,the court;

d)

details of any application made by the Director to enforce a previous order of the court.

85


APPENDIX

3:

CONSUMER

2)

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

The Director may arrange for the dissemination in such form and manner as he considers appropriate of such information and advice concerning the operation of these Regulations as it may appear to him to be expedient to give to the public and to all persons likely to be affected by these Regulations.

Helen Liddell Minister of State, Department of Trade and Industry 31 August 2000

SCHEDULE 1 Regulation 3 Indicative list of means of distance communication 1.

Unaddressed printed matter.

2.

Addressed printed matter.

3.

Letter.

4.

Press advertising with order form.

5.

Catalogue.

6.

Telephone with human intervention.

7.

Telephone without human intervention (automatic calling machine, audiotext).

8.

Radio.

9.

Videophone (telephone with screen).

10. Videotext (microcomputer and television screen) with keyboard or touch screen. 11. Electronic mail. 12. Facsimile machine (fax). 13. Television (teleshopping).

86


APPENDIX

3:

CONSUMER

PROTECTION

(DISTANCE

SELLING)

REGULATIONS

2000

SCHEDULE 2 Regulation 5(1)(c) Non-exhaustive list of financial services 1.

Investment services.

2.

Insurance and reinsurance operations.

3.

Banking services.

4.

Services relating to dealings in futures or options.

Such services include in particular: •

investment services referred to in the Annex to Directive 93/22/EEC;

services of collective investment undertakings;

services covered by the activities subject to mutual recognition referred to in the Annex to Directive 89/846/EEC;

operations covered by the insurance and reinsurance activities referred to in: –

Article 1 of Directive 73/239/EEC;

the Annex to Directive 79/267/EEC;

Directive 64/225/EEC;

Directives 92/49/EEC; and

92/96/EEC.

87


APPENDIX

4:

UNIFORM

DISPUTE

RESOLUTION

POLICY

Appendix 4: Uniform Dispute Resolution Policy Courtesy of ICANN

(As Approved by ICANN on 24 October 1999) 1.

Purpose

This Uniform Domain Name Dispute Resolution Policy (the ‘Policy’) has been adopted by the Internet Corporation for Assigned Names and Numbers (‘ICANN’), is incorporated by reference into your Registration Agreement,and sets forth the terms and conditions in connection with a dispute between you and any party other than us (the registrar) over the registration and use of an Internet domain name registered by you. Proceedings under Paragraph 4 of this Policy will be conducted according to the Rules for Uniform Domain Name Dispute Resolution Policy (the ‘Rules of Procedure’),which are available at www.icann.org/udrp/udrprules-24oct99.htm, and the selected administrative-dispute-resolution service provider’s supplemental rules. 2.

Your Representations

By applying to register a domain name, or by asking us to maintain or renew a domain name registration, you hereby represent and warrant to us that (a) the statements that you made in your Registration Agreement are complete and accurate; (b) to your knowledge, the registration of the domain name will not infringe upon or otherwise violate the rights of any third party; (c) you are not registering the domain name for an unlawful purpose; and (d) you will not knowingly use the domain name in violation of any applicable laws or regulations. It is your responsibility to determine whether your domain name registration infringes or violates someone else’s rights.

88


APPENDIX

3.

4:

UNIFORM

DISPUTE

RESOLUTION

POLICY

Cancellations, Transfers, and Changes

We will cancel,transfer or otherwise make changes to domain name registrations under the following circumstances: •

subject to the provisions of Paragraph 8, our receipt of written or appropriate electronic instructions from you or your authorised agent to take such action;

our receipt of an order from a court or arbitral tribunal, in each case of competent jurisdiction, requiring such action; and/or

our receipt of a decision of an Administrative Panel requiring such action in any administrative proceeding to which you were a party and which was conducted under this Policy or a later version of this Policy adopted by ICANN. (See Paragraph 4(i) and (k) below.)

We may also cancel, transfer or otherwise make changes to a domain name registration in accordance with the terms of your Registration Agreement or other legal requirements. 4.

Mandatory Administrative Proceeding

This Paragraph sets forth the type of disputes for which you are required to submit to a mandatory administrative proceeding.These proceedings will be conducted before one of the administrative-dispute-resolution service providers listed at www.icann.org/udrp/approved-providers.htm (each, a ‘Provider’). a)

Applicable Disputes. You are required to submit to a mandatory administrative proceeding in the event that a third party (a ‘complainant’) asserts to the applicable Provider, in compliance with the Rules of Procedure, that: •

your domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and

you have no rights or legitimate interests in respect of the domain name; and

your domain name has been registered and is being used in bad faith.

In the administrative proceeding,the complainant must prove that each of these three elements is present. b)

Evidence of Registration and Use in Bad Faith. For the purposes of Paragraph 4(a)(iii), the following circumstances, in particular but without limitation,if found by the Panel to be present,shall be evidence of the registration and use of a domain name in bad faith:

89


APPENDIX

c)

4:

UNIFORM

DISPUTE

RESOLUTION

circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name; or

you have registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that you have engaged in a pattern of such conduct; or

you have registered the domain name primarily for the purpose of disrupting the business of a competitor; or

by using the domain name, you have intentionally attempted to attract,for commercial gain,Internet users to your website or other online location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of your website or location or of a product or service on your website or location.

POLICY

How to Demonstrate Your Rights to and Legitimate Interests in the Domain Name in Responding to a Complaint.When you receive a complaint, you should refer to Paragraph 5 of the Rules of Procedure in determining how your response should be prepared. Any of the following circumstances, in particular but without limitation, if found by the Panel to be proved based on its evaluation of all evidence presented, shall demonstrate your rights or legitimate interests to the domain name for purposes of Paragraph 4(a)(ii): •

before any notice to you of the dispute,your use of,or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or

you (as an individual, business, or other organisation) have been commonly known by the domain name,even if you have acquired no trademark or service mark rights; or

you are making a legitimate non-commercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.

90


APPENDIX

4:

UNIFORM

DISPUTE

RESOLUTION

d)

Selection of Provider.The complainant shall select the Provider from among those approved by ICANN by submitting the complaint to that Provider.The selected Provider will administer the proceeding, except in cases of consolidation as described in Paragraph 4(f).

e)

Initiation of Proceeding and Process and Appointment of Administrative Panel.The Rules of Procedure state the process for initiating and conducting a proceeding and for appointing the panel that will decide the dispute (the ‘Administrative Panel’).

f)

Consolidation. In the event of multiple disputes between you and a complainant,either you or the complainant may petition to consolidate the disputes before a single Administrative Panel.This petition shall be made to the first Administrative Panel appointed to hear a pending dispute between the parties.This Administrative Panel may consolidate before it any or all such disputes in its sole discretion,provided that the disputes being consolidated are governed by this Policy or a later version of this Policy adopted by ICANN.

g)

Fees. All fees charged by a Provider in connection with any dispute before an Administrative Panel pursuant to this Policy shall be paid by the complainant, except in cases where you elect to expand the Administrative Panel from one to three panellists as provided in Paragraph 5(b)(iv) of the Rules of Procedure,in which case all fees will be split evenly by you and the complainant.

h)

Our Involvement in Administrative Proceedings.We do not, and will not,participate in the administration or conduct of any proceeding before an Administrative Panel. In addition, we will not be liable as a result of any decisions rendered by the Administrative Panel.

i)

Remedies.The remedies available to a complainant pursuant to any proceeding before an Administrative Panel shall be limited to requiring the cancellation of your domain name or the transfer of your domain name registration to the complainant.

j)

Notification and Publication. The Provider shall notify us of any decision made by an Administrative Panel with respect to a domain name you have registered with us. All decisions under this Policy will be published in full over the Internet,except when an Administrative Panel determines in an exceptional case to redact portions of its decision.

k)

Availability of Court Proceedings. The mandatory administrative proceeding requirements set forth in Paragraph 4 shall not prevent either you or the complainant from submitting the dispute to a court of competent jurisdiction for independent resolution before such

POLICY

91


APPENDIX

4:

UNIFORM

DISPUTE

RESOLUTION

POLICY

mandatory administrative proceeding is commenced or after such proceeding is concluded. If an Administrative Panel decides that your domain name registration should be cancelled or transferred, we will wait ten (10) business days (as observed in the location of our principal office) after we are informed by the applicable Provider of the Administrative Panel’s decision before implementing that decision. We will then implement the decision unless we have received from you during that ten (10) business day period official documentation (such as a copy of a complaint, file-stamped by the clerk of the court) that you have commenced a lawsuit against the complainant in a jurisdiction to which the complainant has submitted under Paragraph 3(b)(xiii) of the Rules of Procedure.(In general,that jurisdiction is either the location of our principal office or of your address as shown in our Whois database. See Paragraphs 1 and 3(b)(xiii) of the Rules of Procedure for details.) If we receive such documentation within the ten (10) business day period,we will not implement the Administrative Panel’s decision,and we will take no further action,until we receive (i) evidence satisfactory to us of a resolution between the parties; (ii) evidence satisfactory to us that your lawsuit has been dismissed or withdrawn; or (iii) a copy of an order from such court dismissing your lawsuit or ordering that you do not have the right to continue to use your domain name. 5.

All Other Disputes and Litigation

All other disputes between you and any party other than us regarding your domain name registration that are not brought pursuant to the mandatory administrative proceeding provisions of Paragraph 4 shall be resolved between you and such other party through any court, arbitration or other proceeding that may be available. 6.

Our Involvement in Disputes

We will not participate in any way in any dispute between you and any party other than us regarding the registration and use of your domain name.You shall not name us as a party or otherwise include us in any such proceeding. In the event that we are named as a party in any such proceeding, we reserve the right to raise any and all defences deemed appropriate, and to take any other action necessary to defend ourselves. 7.

Maintaining the Status Quo

We will not cancel,transfer,activate,deactivate,or otherwise change the status of any domain name registration under this Policy except as provided in Paragraph 3 above.

92


APPENDIX

8.

9.

4:

UNIFORM

DISPUTE

RESOLUTION

POLICY

Transfers During a Dispute a)

Transfers of a Domain Name to a New Holder.You may not transfer your domain name registration to another holder (i) during a pending administrative proceeding brought pursuant to Paragraph 4 or for a period of fifteen (15) business days (as observed in the location of our principal place of business) after such proceeding is concluded; or (ii) during a pending court proceeding or arbitration commenced regarding your domain name unless the party to whom the domain name registration is being transferred agrees, in writing, to be bound by the decision of the court or arbitrator.We reserve the right to cancel any transfer of a domain name registration to another holder that is made in violation of this subparagraph.

b)

Changing Registrars. You may not transfer your domain name registration to another registrar during a pending administrative proceeding brought pursuant to Paragraph 4 or for a period of fifteen (15) business days (as observed in the location of our principal place of business) after such proceeding is concluded. You may transfer administration of your domain name registration to another registrar during a pending court action or arbitration, provided that the domain name you have registered with us shall continue to be subject to the proceedings commenced against you in accordance with the terms of this Policy. In the event that you transfer a domain name registration to us during the pendency of a court action or arbitration, such dispute shall remain subject to the domain name dispute policy of the registrar from which the domain name registration was transferred.

Policy Modifications

We reserve the right to modify this Policy at any time with the permission of ICANN. We will post our revised Policy at least thirty (30) calendar days before it becomes effective. Unless this Policy has already been invoked by the submission of a complaint to a Provider, in which event the version of the Policy in effect at the time it was invoked will apply to you until the dispute is over, all such changes will be binding upon you with respect to any domain name registration dispute, whether the dispute arose before, on or after the effective date of our change. In the event that you object to a change in this Policy,your sole remedy is to cancel your domain name registration with us, provided that you will not be entitled to a refund of any fees you paid to us.The revised Policy will apply to you until you cancel your domain name registration.

93


APPENDIX

5:

UNIFORM

DISPUTE

RESOLUTION

POLICY

APPROVED

PROVIDERS

Appendix 5: Uniform Dispute Resolution Policy Approved Providers CPR Institute for Dispute Resolution 366 Madison Avenue, New York, NY 10017, USA Tel: (212) 949 6490 • Fax: (212) 949 8859 • www.crradr.org eResolution 4200 St-Laurent, Suite 711, Montreal, Quebec H2W 2R2, Canada Tel: +1 (514) 908-2900 • Fax: +1 (514) 908-2901 • www.eresolution.ca The National Arbitration Forum P.O. Box 50191, Minneapolis, MN 55405, USA Tel: (800) 474 2371 • Fax: 651-631-0802 • www.arbforum.com The World Intellectual Property Organisation Arbitration and Mediation Center, 34 Chemin des Colombettes P.O. Box 18, 1211 Geneva 20, Switzerland Tel: (41-22) 338 9111 • Fax: (41-22) 740 3700 • www.wipo.int

94


APPENDIX

6:

USEFUL

ADDRESSES

AND

WEBSITES

Appendix 6: Useful addresses and websites Advertising Standards Authority Telephone: 020 7580 5555 • www.asa.org.uk CBI – E-Business Group Centre Point, 103 New Oxford Street, London WC1A 1DU Telephone: 020 7395 8247 • Fax: 020 7240 1578 • www.cbi.org.uk Charles Russell Solicitors 8-10 New Fetter Lane, London EC4A 1RS Telephone: 020 7203 5000 • Fax: 020 7203 5302 • www.cr-law.co.uk Data Protection Training 44 Tregarvon Road, London SW11 5QE Telephone: 020 7924 1927 • Fax: 0870 137 7871 • www.legaleducation.co.uk Department of Trade and Industry Information Security Policy Group 2.112 Red Core, 151 Buckingham Palace Road, London SW1W 9SS Telephone: 020 7215 1962 • Fax: 020 7931 7194 • www.isi.gov.uk Inland Revenue www.inlandrevenue.gov.uk National Consumer Council 20 Grosvenor Gardens, London SW1H 0DH Telephone: 020 7730 3469 • Fax: 020 7730 0191 • www.ncc.org.uk Office of the Information Commissioner Wycliffe House,Wilmslow, Cheshire SK9 5AF Telephone: 01625 545 700 • Fax: 01625 524 510 www.dataprotection.gov.uk

95


APPENDIX

6:

USEFUL

ADDRESSES

AND

WEBSITES

Privacy and Data Protection Ltd 12 Haymakers Lane,Ashford, Kent TN23 4GN Telephone: 07949 168245 • Fax: 0870 137 7871 www.privacydataprotection.co.uk SurfControl.com Riverside, Mountbatten Way, Congleton, Cheshire CW12 1DY Telephone: 01260 296 250 • Fax: 01260 296 251 • www.surfcontrol.com

96


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.