AustLII Home | Databases | WorldLII | Search | Feedback

Journal of Law, Information and Science

Journal of Law, Information and Science (JLIS)
You are here:  AustLII >> Databases >> Journal of Law, Information and Science >> 2000 >> [2000] JlLawInfoSci 6

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Brownsword, Roger; Howells, Geraint --- "Europe's E-Commerce Directive - A Too Hasty Legislative Rush to Judgment?" [2000] JlLawInfoSci 6; (2000-2001) 11(1) Journal of Law, Information and Science 77

Europe's E-commerce Directive - A Too Hasty Legislative Rush to Judgment??

ROGER BROWNSWORD & GERAINT HOWELLS[*]

Abstract

This article evaluates the European Union Directive 2000/31EC which came into being on 8 June 2000. The authors sketch the main provisions of the directive and argue that the ‘rush to legislation’ has resulted in poor quality solutions to many e-commerce problems.

1. Introduction

Governments around the globe are grappling with the regulatory issues surrounding e-commerce. Reports are being issued and laws promulgated in a desire both to give the appearance that the topic is capable of regulation and at the same time to bolster business confidence that it is operating in an e-commerce friendly environment. There is also a struggle between states as to the form such regulation should take and indeed as to the appropriate balance between regulation and self-regulation. It was from within this fulcrum of regulatory confusion that Directive 2000/31/EC on certain legal aspects of Information Services, in particular electronic commerce in the Internal Market emerged on 8 June 2000.[1] The rush to legislation is underlined that by the fact that the Parliament agreed to forego its right to press for amendments and the final version is identical to the Common Position of 28 February 2000.[2] We suggest that this haste is reflected in the poor quality of many of the legal solutions adopted.

Of course one must not be misled into believing that all the European law of e-commerce is found in this Directive. Whilst it is a maximal harmonisation - meaning that member states cannot have more protective rules - there are other directives affecting e-commerce trade such as those concerned with electronic signatures,[3] distance selling,[4] data protection[5] and telecommunications privacy.[6] Contracts made on the internet will of course be subject to the general rules of EC law that have been developed by the EC. Indeed the E-Commerce Directive states that is without prejudice to the level of protection established by Community acts for in particular public health and consumer interests.[7] The Unfair Contract Terms[8] and Distance Selling[9] directives are singled out for special mentions as forming 'a vital element for protecting consumers in contractual matters'.[10] A whole host of other directives are then said also to be applicable.[11]

We will start our study of the Directive by looking at how it seeks to achieve its central goal of making it possible to provide information society services[12] across borders by in effect adopting a principle of mutual recognition and home country control. Next we will analyse the way in which information is used as regulatory tool. The particular controls on unsolicited commercial communication will also be reflected on. The way electronic contracts are made and given effect to will then be studied. The approach to liability of intermediary service providers will be explained. The encouragement given to self-regulation and ADR will be mentioned as well as the manner in which regulatory effectiveness is linked to greater co-operation. Finally the particular rules on regulated professions will be mentioned. This brief survey will introduce the reader to the main features of the Directive.

2. Internal Market

The E-Commerce Directive adopts the country of origin principle. This means that the country in which an enterprise is established (the home state) is responsible for supervising businesses established within its territory and other Member States' powers to supervise such firms are restricted. The idea is to promote the free movement of services by only requiring operators to comply with one set of rules and regulators. However, inevitably there is a tension as the State hosting the enterprise (the host state) will wish to retain sufficient powers to protect their citizens. Thus there are safeguard powers provided both by the Treaty and within the secondary legislation itself. The balancing of these interests is complex, for if national governments retain too much power this will stifle integration, but too great a liberalisation could threaten consumer protection as businesses relocate to exploit laxer legislative regimes.

The home country principle in the E-Commerce Directive is novel in that it seeks to extend beyond merely regulatory requirements to cover some private law aspects. This policy seems to bring it into conflict with the rules of private international law, which the Directive claims not to seek to regulate. It would probably be advisable to restrict the country of origin principle to regulatory matters.

The home country principle is found in art. 3. Art. 3(1) requires each member state to ensure that information society services provided by a service provider established on its territory comply with the applicable national provisions falling within the co-ordinated field. Art. 3 (2) goes on to provide that Member States may not restrict the freedom to provide Information Society services from another Member State for reasons falling within the co-ordinated field. Within the co-ordinated field Member States must ensure that Information Society service providers established on their territory[13] comply with relevant applicable national provisions. These provisions should be read in conjunction with art. 4(1) which states that member states should ensure that the taking up and pursuit of the activity of an information service provider may not be made subject to prior authorisation or any other requirement having equivalent effect.[14]

The scope of the home country control provision is broader than the issues dealt with in the Directive. If there is a national rule on a matter falling within the co-ordinated field the home Member States must supervise that rule and the host country where the company is doing business cannot apply its own rules, even though the Directive does not deal with that topic.[15] The extent of home country control is, however, limited by the definition of 'co-ordinated field'; the exemptions provided by the Directive and the safeguard powers of the Member States.

The co-ordinated field is defined in art. 2(h). This starts off mapping a very broad scope of application covering 'requirements laid down in Member States' legal systems applicable to information society service providers or information society services, regardless of whether they are of a general nature or specifically designed for them.' However, this seems to be limited by the following provisions, which explain that it concerns requirements for taking up the activity (qualifications, authorisation or notification) and pursuing it (behaviour of the provider, quality or content of service including advertising and contracts and the liability of the provider). This clearly seems to encompass some aspects of private law, but it goes on to explain that this does not cover requirements applicable to goods as such; the delivery of goods; or services not provided by electronic means. Also recital 21 rather opaquely provides that 'the coordinated field covers only requirements relating to on-line activities such as on-line information, on-line advertising, on-line shopping, on-line contracting'.

The scope of the co-ordinated field is further limited by the fact that it does not apply to those fields listed in the annex. Those which are of particular relevance to consumers include the reference to contractual obligations concerning consumer contracts, the permissibility of unsolicited commercial communications by electronic mail and the freedom of the parties to choose the applicable law. Most interest centres on ascertaining what is meant by contractual obligations concerning consumer contracts. The concept is developed in recitals 55 and 56. Recital 55 states that this means that the Directive cannot deprive the consumer of the protection afforded to him by mandatory rules relating to contractual obligations of the state in which he has his habitual residence. Thus, the protection the Rome Convention on the Law Applicable to Contractual Obligations provides to a limited category of consumers is unaffected by the country of origin principle.[16] Recital 56 states that the relevant contractual obligations should be interpreted as including information on the essential elements of the content of the contract, including consumer rights which have a determining influence on the decision to contract. Of course the fact the exemption only applies to consumer contracts would seem to mean that for other contracts the country of origin principle is intended to extend to private law matters.

Member states have a residual safeguard ability to act against information service providers established in another state.[17] Specified grounds for intervention are listed covering public policy, public health, public security and the protection of consumers, including investors.[18]

The proposed Directive states that it does not introduce additional rules on private international law nor deal with issues of jurisdiction.[19] In fact the rules of private international law look to be developing in a far more consumer friendly manner than the country of origin principle.[20] Yet, the country of origin principle must extend to applying the home state's private international law, for otherwise there would be no sense in the exemption from the co-ordinated field of the issue of the parties' freedom to choose the law applicable to their contract.

By extending the country of origin principle beyond its traditional scope of regulatory rules the E-commerce Directive has introduced confusion. Within the regulatory sphere the principle can perhaps be tolerated, especially given that this Directive will be subject to the consumer injunctions directive which gives qualified entities in other member states the right to bring actions in other states.[21] However, the extension of this principle to private law matters is problematic.

3. Information

Information is a cornerstone of Community law, especially in the field of consumer protection. National rules that restrict the provision of information have been struck down by the European Court and information requirements abound in Directives and often act as a surrogate for substantive controls. Indeed information requirements combined with a right of withdrawal are the main tools of consumer protection found in the Distant Selling Directive. One of the debates in that context is whether it is sufficient that the information be provided in electronic form. The trend is for the European legislature to treat this as enough, but we have argued that this is a wrong policy in some respects and not entirely supported by the wording of the directives.[22] However, our contention is that it is the follow up confirmation that should be provided in traditional form and we would not want to inhibit e-commerce by imposing such requirements prior to the moment of contracting.

The information requirements found in other directives, such as the Distance Selling Directive, are added to by the E-Commerce Directive.[23] To counter the ephemeral nature of the internet the service provider should provide its name, geographic address, details, including e-mail, which permit rapid contact and direct and effective communication. Any details of inclusions on public registers, supervisory authorities and details relating to regulated professions should be provided. The VAT identification number should be provided. This information should be easily, directly and permanently accessible, which presumably means placing it on a web site is sufficient. In addition any price indications should be clear and unambiguous and indicate whether tax and delivery costs are included.

There are additional information rules for commercial communications.[24] These should be clearly identifiable as such and the natural or legal person on whose behalf it is made shall be clearly identifiable. There are special rules for promotional offers, such as discounts, premiums and gifts and promotional competitions and games. This is a sensitive issue as they are not permitted in all member states. Where they are permitted in the state where the service provider is established they should be clearly identifiable as such and the conditions to qualify or participate should be presented clearly and unambiguously.

4. Unsolicited Commercial Communications

The approach of earlier EC Directives had been to require prior consent before automated calling machines and faxes could be used for commercial communication, but for other forms of communication to only require consumers be given the opportunity to opt-out. In the e-commerce context the problem is of course how to control spam e-mail. The approach of the Directive is partly to follow the information approach outlined above by requiring such e-mails to be clearly and unambiguously identifiable as such. It also goes on to support the opt-out approach by requiring service providers using this form of unsolicited commercial communication to regularly consult and respect opt-out registers in which natural persons have registered their wish not to receive such commercial communication.[25]

However, as an indication of how volatile policy is in this area the recent proposal for a Directive concerning the processing of personal data and the protection of privacy in the electronic communications sector would make the use of electronic mail for direct marketing purposes subject to prior consent.[26] This seems to be the right approach.[27] It will certainly be welcomed by those computer users who are fed up with receiving unwanted mail and internet service providers who bear the bulk of the costs associated with spam e-mail. However, it is also the best rule for legitimate businesses. Few responsible businesses use unsolicited e-mails to advertise and adopting an opt-out system would only impose costs on them resulting from the charges that are likely to be levied to consult opt-out registers. The problem will remain, however, of to how to deter those businesses which will simply ignore any regulation and continue to spam. Perhaps some sort of private law damages system will be the only effective deterrent for such rogues.

5. Electronic Contracting

In line with international trends the EC Directive requires member states to allow contracts to be concluded by electronic means. In particular legal requirements should not create obstacles nor deprive electronic contracts of legal effectiveness and validity.[28]

Earlier drafts of the Directive had detailed rules stipulating when the contract was to be treated as concluded.[29] The Directive itself only requires information to be provided on how the contract is concluded. Its formal rules are restricted to merely requiring that the service provider acknowledge receipt of the order without undue delay and by electronic means; stipulating that the order and acknowledgment are deemed to be received when the parties are able to access them; and requiring service providers to have effective and accessible technical means for consumers to identify and correct input errors prior to the placing of the order.[30] The question of the legal effects of these actions for the purposes of determining whether a contract has been formed is left unstated and therefore subject to national law. Because of the country of origin principle discussed above, this will within Europe be the country where the supplier is established (although there is some confusion as to how these rules interact with those of private international law).

Member states saw the previous rules detailing the contractual process as too great an infringement of their national contract law. This is too precious and does not bode well for any more ambitious project such as the development of a European Civil Code. All that was being proposed was a common approach to contract formation over the internet. Other national rules on formation could be left unaltered. There is a need for some concessions to be made in order to promote certainty in the legal environment for internet trading.

6. Liability of Intermediary Service Providers

The liability of service providers for defamation has recently been a live issue in the United Kingdom following the case of Godfrey v Demon Ltd.[31] This held that internet service providers would be treated as the publishers once they had been told of the defamatory material and had not taken it down. The House of Lords has recently upheld a 'fishing expedition' by Russian litigants seeking to take advantage of UK defamation laws (and high damage awards) despite only limited publication in the UK.[32] Thus one might foresee that such claims might increase in the future. Equally service providers might see themselves exposed to claims for breach of intellectual property rights.

The Directive seeks to balance the conflicting interests at stake in this area. It has a general principle that the intermediary service provider does not have to monitor the information they store nor actively seek facts or circumstances indicating illegal activity.[33] Member states may however, require providers to inform their competent authorities of any illegal activity, to give them any information provided to them by a recipient of their service or enabling identification of the recipient of their service.[34]

The Directive provides that there will be no liability in principle, so long as certain conditions are met, for intermediary service providers who act as mere conduits for information[35] or cache data.[36] Service providers who host data will only become liable if they have actual knowledge of illegal activity or information, and, as regards claims for damages, were aware of facts or circumstances from which that should have been apparent or upon obtaining such knowledge or awareness failed to act expeditiously to remove or disable the information. Thus a similar result to the Demon case is achieved, which still leaves internet service providers with the difficult task of deciding whether to take down data at the first suspicion that it is infringing a law and thereby facing the wrath of its customer who might feel justified in placing that data on the web. All of the above is without prejudice to the power of courts and administrative authorities in member states to require the provider to terminate or prevent an infringement. As regards hosts, member states are free to establish procedures governing the removal or disabling of access to information.[37]

7. Regulated Professions

Art. 8 deals with the use of e-commerce by regulated professions, by which is meant professions such as lawyers, accountants and doctors that require professional training and are already subject to Community rules on mutual recognition. The Directive seeks simply to permit them to use commercial communications as part of an information society service, subject to professional rules. In order to reflect the internal market dimension encouragement is required to be given to the drawing up of codes of conduct at the European level. This is a brave aspiration, for to-date codes of conduct at the European level have not proven to be very effective in many fields.

8. Self-Regulation and ADR

Self-regulatory solutions appear to be the order of the day for the internet. Given the complexities of regulating across borders this may be a sensible way forward so long as this self-regulation is effective, inclusive of all interested parties and operates against a back cloth of regulatory rules to be used against those who abuse or fail to adhere to the self-regulatory standards. Regulatory resources can then be focused on the rogue traders. This trend towards self-regulation is expressed in the Directive by a provision requiring member states and the Commission to encourage the development of codes of conduct.[38] It seems to take the involvement of consumers in this process seriously by requiring encouragement of consumers in the drafting and implementation of relevant codes.

One of the first examples of this type of scheme in Europe is the TrustUK scheme. This scheme is endorsed by Government and involves a partnership between Alliance for Electronic Business and the Consumers' Association. An Approvals Committee decides whether to award the TrustUK hallmark if a particular code of practice meets TrustUK's Accreditation criteria. Codes must protect privacy, secure payments, help make an informed buying decision, permit orders to be cancelled and let customers know what they have agreed to, ensure delivery within agreed time, protect children and have a complaints procedures. So far the Codes of the Direct Marketing Association (DMA), Association of British Travel Agents (ABTA) and the Consumers' Association (CA) have been approved. CA therefore finds itself in the unusual position of being a beneficiary of a scheme it has sponsored.

ADR of consumer disputes is another trend in the real world for which there are even greater incentives for its adoption in the virtual world. The E-commerce Directive states that Member States legislation should not hamper such out of court schemes, including those using electronic means.[39] There are a range of options for ADR and several experiments are currently on-going.[40] The creation of these schemes might give rise to a number of problems. The Directive requires member states to encourage them to operate in a way that provides adequate procedural guarantees.[41] One issue will be whether they should apply the rules of private international law. EC Commission Recommendation 98/257/EC on the Principles applicable to the bodies responsible for out-of-court settlement of consumer disputes provides that:

'In the case of cross-border disputes, the decision taken by the body may not result in the consumer being deprived of the protection afforded by the mandatory provisions applying under the law of the Member State in which he is normally resident in the instances provided for under Article 5 of the Rome Convention of 19 June 1980 on the law applicable to contractual obligations.'[42]

However, this laudable principle comes up against economic reality, ADR is intended to be cheap and many ADR bodies simply cannot afford the costs of investigating foreign law.[43] Thus the realities of e-commerce and the drift to ADR for dispute resolution may threaten to undermine the use of private international law rules in practice.

In order to promote discussion of topics related to self-regulation and ADR the E-Confidence forum has been launched.[44]

This has discussions on codes of conduct, trust marks, complaint settlement procedures and ADR.

A drafting group is working on principles which could be endorsed by Commission. This will have three sections and the forum allows for discussion of these principles as they develop:

1. General Guiding Principles.

2. Specific Additional Requirements - i.e. additional to EU law.

3. Guiding Principles for Accreditation Bodies.

Of course a residual role must be left for traditional legal redress. The Directive provides that member states have to ensure court action is available to permit the rapid adoption of measures, including interim measures, to terminate infringement and prevent further impairment of the interests involved.[45] This Directive is also added to the annex of the Consumer Injunctions Directive, which permits notified bodies member states to seek injunctions in other member states.[46]

The cross border nature of the internet will require enforcement authorities in different countries to work more closely together. Indeed the E-Commerce Directive has a specific provision requiring member states to co-operate with one another.[47] Contact points must be established and they have to provide assistance and information requested by other member states or the Commission. Recipients and service providers should also be able to contact them for information on contractual rights and information and complaints and redress mechanisms as well as details of authorities, associations or organisations from which further information and practical assistance can be obtained.

9. Assessment

European directives have an important impact beyond Europe as legislative models. In a new area like e-commerce this function is enhanced, especially as the US has been reluctant to regulate. Although only part of the picture concerning e-commerce regulation in Europe there are several reasons why this present Directive should not be viewed with too much veneration. It certainly bears the hallmarks of a speedy legislative passage. The central issue of the home country principle is ambiguous. This may, however, be viewed as a domestic European question. More fundamentally one might regret that the early proposals to place a clear legal framework on the internet contracting process have been jettisoned and an opportunity to enhance certainty has been missed. The rules on unsolicited communications are already ripe for reform. The rules on information provision, when taken as a package with those in the Distance Selling Directive, give rise to questions about their practical application.

Nevertheless, the Directive does mark the acceptance by Europe of the legality of electronic contracting and emphasis has been placed on removing barriers to the establishment of Community wide internet service providers. The internet is not, however, affected by national or even regional boundaries. Recital 58 makes it clear that the Directive does not apply to service providers established in a third country and is without prejudice to discussions with international organisations. Those discussions will undoubtedly emphasise the role of self-regulation and ADR. Perhaps what the Directive can be praised for is its attempts to ensure those voluntary rules develop in a principled and meaningful manner. It remains to be seen whether this is possible.


[*] Institute for Commercial Law Studies, University of Sheffield.

[1] OJ 2000 L 178/1.

[2] OJ 2000 C 128/32.

[3] Directive 99/93 on a Community framework for electronic signatures: OJ 2000 L 13/12.

[4] Directive 97/7 on the protection of consumers in respect of distance contracts: OJ 1997 L 144/19, see also amended proposal for a directive concerning the distance marketing of financial services and amending directives 97/7/EC and 98/27/EC Com (1999) 385.

[5] Directive 95/46 on the protection of individuals with regard to the processing of personal data and on the free movement of such data: OJ 1995 L 281/31.

[6] Directive 97/66 concerning the processing of personal data and the protection of privacy in the telecommunications sector : OJ 19978L 24/1.

[7] Recital 11.

[8] OJ 1993 L 95/29.

[9] OJ 1997 L 144/19.

[10] Recital 11.

[11] These cover misleading and comparative advertising (OJ 1984 L 250/17, as amended by OJ 1997 L 290/18); consumer credit (OJ 1987 L 42/48, as last amended by OJ L 101/17); investment services in securities (OJ 1993 L141/27, as last amended by OJ 1997 L 84/22); package travel )OJ 1990 L158/59); product price indications OJ 1998 OJ L /27); general product safety (OJ 1992 L 228/24); timeshares (OJ 1994 L 280/83); injunctions (OJ 1998 L 166/51 as amended by OJ 1999 L 171/12; product liability (OJ 1985 L210/29 as amended by OJ 1999 L141/20); consumer sales (OJ 1999 L 171/12); advertising of medicinal products (OJ 1992 L 113/13); advertising and sponsorship of tobacco (OJ 1998 L213/9) and the forthcoming directive on distance marketing of consumer financial services.

[12] The term used by the Directive, see art. 2(a).

[13] The ECJ looks to the actual pursuit of an economic activity through a fixed establishment for an indefinite period. Recital 19 makes it clear that it is the place of economic activity that is important not the place where the technology supporting the website is located or where the website is accessible.

[14] This is without prejudice to authorisation schemes not specifically targeted at Information Society Service providers : art 4(2).

[15] Micklitz points out that this follows the approach of Directive 89/552/EEC as amended through Directive 97/36EC on television broadcast services.

[16] OJ 1998 C 27/34 art. 5.

[17] Art. 3(4).

[18] Art. 3(4)(i).

[19] Art. 1(4).

[20] See Council Regulation No 44/2001 of 22 December 2000 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters: 2001 OJ L12/1. The rules on consumer contracts made over the internet were one of the most controversial topics.

[21] Directive 98/27/EC on injunctions for the protection of consumers' interests: OJ 1998 L 166/51.

[22] See, R. Brownsword and G.Howells, 'Consumer Protection on the Internet: Law and the Information Society” Contemporary Issues in Law (forthcoming).

[23] Art. 5.

[24] Art. 6.

[25] Art. 7(2).

[26] Art. 13, COM (2000) 385.

[27] See G. Howells, 'The Privitisation of Justice 2000 (150) NLJ 972.

[28] Art. 9(1). Art 9(2) allows member states to exclude certain contracts concerning real estate (except rental contracts); contracts where the law requires the involvement of courts, public authorities or professions exercising public authority; contracts of suretyship and contracts governing family law or succession law.

[29] See Art. 11 of first and second draft Directives.

[30] Art. 11.

[31] The Times, 20 April 1999, See Y Akdeniz, Case Analysis: Laurence Godfrey v. Demon Internet Limited, (1999) 4 Journal of Civil Liberties, 260. The case was settles in April 2000. One must wonder at a legal system where a plaintiff can win £15,000 and the defendant be liable for £480,000 costs.

[32] Berezovsky v Michaels [2000] UKHL 25; [2000] 2 All ER 986.

[33] Art. 15(1).

[34] Art. 15(2).

[35] Art. 12.

[36] Art. 13.

[37] Art. 12(3), art. 13(3) and art. 14(3).

[38] Art. 16.

[39] Art. 17 (1).

[40] M. Wilikens, A. Vahrenwald, P. Morris, Out of court dispute settlement systems for e-commerce, (Joint Research Centre, 2000).

[41] Art. 17(2).

[42] OJ 1998 L 155/31.

[43] See special issue of Consum LJ 1999/4.

[44] http://econfidence.jrc.it

[45] Art. 18.

[46] Art. 18(2).

[47] Art. 19.


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/JlLawInfoSci/2000/6.html