E-commerce in the new millennium: Regulating e-business
by Guy Betar, Partner Spark Helmore
Guy Betar, in his article, gives
us a practical guide to the legal issues arising out of e-commerce. Guy also
gives us an overview of how to take your business online. We hope you enjoy
this issue.
The areas broadly covered by this paper are:
-Applying traditional principles to the E-Business environment;
- Some practical information on territorial issues of E-Business
& case notes;
1. APPLYING TRADITIONAL PRINCIPLES TO E-BUSINESS
Perspective
The Internet challenges many traditional and conventional concepts, not least
of them the law. Its opportunities require an adjustment of outlooks and development
of an understanding of the implications of what is happening and developing.
To effectively carry on commercial activities through the web, businesses must
embrace technological developments in an economical and efficient way, so that
their business goals are delivered and enhanced.
The three fundamental elements of commercial activity, marketing,
selling and delivery, can all be achieved through the Internet, though not all
of them for all types of business. Clearly a tangible commodity cannot be literally
delivered through the net, but digital ones like software, music and others,
can. Equally, tangible commodities can be marketed and "sold" through the Internet,
with delivery being effected in the traditional way.
In translating business activities into the electronic realm, it is important
to have an awareness of adaptations to business processes that need to be implemented
and also the relevance of a wide spectrum of areas of law. It is essential to
keep in mind that technological inventiveness does not render our laws inoperative.
What it does do is require development of an understanding as to how the law
applies to the new technology.
Dramatic advancements, especially those that open entirely new avenues of doing
business, place considerable pressure on the legal system to comprehend its
application. This never occurs with the same speed that the technology itself
develops.
In relation to the web generally, and particularly with respect
to "e-commerce" or "e-business", one of the major challenges facing the regulators
and law makers is to foster development of commerce and activity on the web
and not stifle this with over regulation. At the same time, it is critical to
provide adequate protection of rights. As much as our current law applies to
presence and activities on the Internet just as it does to any other commercial
channel, the extent and manner of application is yet to be tested in many areas.
There is also recognition that there are deficiencies in the law in its ability
to embrace all aspects of current technology, let alone what might develop in
the near future. There is no doubt that new laws need to be formulated to deal
with this.
Over the past eighteen months in most parts of the developed
world, the introduction of new Bills and Acts exemplifies recognition of the
need to upgrade our laws to both cope with new developments, and open the way
for further ones. In the realms of electronic and digital transactions, copyright
and broadcasting in particular, the pressures of rapid technological development
have achieved a level of legislative change never before seen in these areas.
There has also been a growing body of decisions of superior courts, expanding
the understanding of our present laws as they apply to the Internet and associated
technology, as well as highlighting some of the deficiencies of the law in coping
with the new developments.
Key Issues
There are three primary considerations on which e-business
development and activity should be based:
1. Relationships
- What relationships need to be established with
third parties to create, host, support, use and carry on business activities
through, a commercial web site?
2. Terms & Conditions
- What are the terms and conditions on which you
will enter into these relationships and trade with customers?
3. Protection of Rights
- Intellectual property and other rights are becoming increasingly significant
in the electronic realm. What they are and how to protect them are issues of
considerable importance to the e-business site owner.
4. Regulatory Compliance - Industries which have dedicated legislation
or other regulation must take this into account in the electronic realm just
as much as in the tangible world.
Responses to these issues and calculated action based on those responses, will
provide a platform for minimising legal exposures.
The issue of relationships highlights the need to understand
the various technical and other ingredients required, and the variety of parties
with whom you will deal in getting a business operating on and through the web.
The second consideration focuses on the issues needed to be
covered in agreements with the parties you will rely on in setting up your e-business
and with your customers. The third and fourth points concern the need to
protect rights and property and recognise and comply with regulation, respectively.
E-commerce embraces everything from the simplest web site, being merely a marketing
limb for your business with an email facility, or a point of receipt for orders,
to the most sophisticated of interactive sites. These latter sites deal with
ordering, payment processing, inventory and back office interfaces. In both
scenarios and all those in between, legal relationships exist and the viability
of the site and indeed your business may depend on getting those legal relationships
properly settled and documented.
Key Areas: When looking to take a business
into the digital realm, several key areas should be considered in terms of the
needs and what you expect to get from them.
(a) Web Site Development Agreements:
- It is critical to ensure clarity of what is to be delivered
by a developer and the rights to be granted to the web site owner out of the
development process. A fundamental issue is the software on which the site is
built, including third party supplied software and that which is developed or
supplied by the developer. Attachment A to this paper is a check list of issues
to cover when entering into a web site development agreement.
(b) Web Site Hosting Agreements:
- Businesses will partially or wholly depend on the availability of the web
site and the functionality of its components. The web site hosting agreement
must provide assurances to the web site owner of continuity of service and timeliness
of problem fixes. Attachment B to this paper is a check list of issues to cover
when entering into a web site development agreement.
(c) Business questions:
- A variety of legal issues will depend
on the answers to the following questions.
- Where will you or are you carrying on business?
- Who and where are your customers?
- Do you want or need to limit who you will trade with?
- Who can use your goods or services?
- How do you get goods or services to you customer?
- How do you get paid and what constraints affect payment
mechanisms especially payment by credit cards?
- Will you be affected by foreign currency dealings and compliance
with offshore requirements?
(d) Legal Issues:
- Can I tell legally where I am carrying on business?
- Where are my contracts made?
- What are the terms of the contracts I make?
- With whom am I making the contract?
- If I have to take action against a customer, or they want
to take action against me - can I or they either legally or practically do it
and if so, where will that action take place?
- Do I really want to trade with the world and if not, how
do I limit this?
- What are the implications of offers made to supply with
territorial limitations placed on them?
- Are there local restrictions on exporting products or services?
- Are there import or other restrictions in other territories?
Being Selective
-
Having the whole world, as the potential market for a business
may be neither practical nor bare any resemblance to the market in fact defined
for that business. Being selective is a necessary element of your development
and planning process.
-
The Internet has inherent characteristics which
enable sellers and suppliers to limit the scope of the offers they make and
who they make them to. Web sites can easily be structured in such a way that
visitors effectively only have two choices. They accept the site owner's terms
of visiting or trading, or they do not.
-
A web site has a unique character in that to
communicate with the visitor, text and other material must be displayed in order
to describe what is being sold, on what terms and how the visitor buys the items
or services being sold. The same medium draws attention to the limitations the
web site owner places on its responsibilities and those it wants the visitor
to accept.
-
Consequently, contract forms and law are the
foundation of web-based business. To ensure that its terms of trading and disclaimers
are clearly accepted and are enforceable, the prudent web site owner will have
them clearly displayed and employ mechanisms to prove they were accepted by
the customer. This is dealt with in more detail below.
The on-line channel of business at once opens a much larger
potential market, client base and simultaneously presents the e-commerce business
person with a challenge to adjust their perspective of the benefits gained and
the new exposures created.
Trading through the web should attract the same degree of
precaution in minimising liabilities and exposures as any other channel of business. In particular, there are a number of essentials that must
be translated from the tangible world to the electronic one.
Trading Terms
-Trading terms are the conditions on which a site owner will
give access to the site and enter into trading activity with a customer.
Carrying on business through a web site is arguably merely another channel
of business and thus should attract similar considerations to any other business
methodology. The web has its own idiosyncrasies, which should be taken into
account, but the basic premises of carrying on any business should be reflected
in web based business.
It is important to make clear to any customer, the terms and
conditions on which they can acquire goods or services from you and the bases
on which people are entitled to visit and browse through your web site. The
structure of web sites enables a trader to ensure that a customer specifically
acknowledges express trading and other terms, by merely continuing to view the
site and before being able to purchase.
Trading terms on web sites need to cover all issues that should
be addressed in the tangible world, as well as those unique to the electronic
realm. In particular, they need to be brought to the attention of a customer
and preferably acknowledged, before allowing a customer to continue on the site.
The specific issues that should be covered in the access and
trading terms are:
- prices;
- delivery;
- warranty;
- return;
- payment (including debiting of credit cards);
- passing of ownership in goods.
Disclaimers - Disclaimers are
similar to trading terms, but have a very specific and distinct function. They
identify what the site host is, or is not, accepting responsibility for. They
can also include notices to a visitor about the conditions of visiting the site
and the basis upon that the visitor can proceed further on the site to lower
level pages or documents.
A significant issue is the extent to which traders may want
to limit who they are offering their goods or services to. Part of the sites'
"disclaimer" should address this issue. An example would be the limits on offering
shares or other interests in corporations. Constraints may also arise from limits
of licence granted to the web site owner by the ultimate rights owner for the
product. If you distribute products under licence and you have a defined territory
granted by your licensor, then your web site offering those products should
make it clear that anyone outside that territory is not able to acquire those
products. The web trader also needs to take into account export or import restrictions
of territories outside their knowledge or control and their ability to service
customers geographically.
Negotiability
- One of the interesting aspects of e-commerce,
in its basic forms, is the ability of the trader to set terms that are not negotiable.
A customer at a web site must accept the site owner's terms in order to acquire
the goods or services offered.
Negotiation of terms is not an option. In much of our day to day trading the
lack of negotiability of terms is not unusual, but with commerce on the Internet,
this is largely taken for granted.
A significant effect of this lack of negotiability and to
some extent de-personalisation, has been the extranet functionality developed
for key clients. This creates a specific access point and interactivity level
for select customers, enabling personalization of price, terms and product offerings
for that customer. It also enables higher levels of data exchange with back
office connection and accounts functions directly between supplier and customer.
Intellectual Property
-Virtually all areas of Intellectual Property ("IP") are impacted by, or affect,
the Internet and especially e-commerce. I have not attempted to give a detailed
review of the many IP issues that arise in the Internet context. The considerations
are many and detailed. The primary point briefly touching on them is to highlight
their importance in all aspects of web based business. It should never be overlooked
that the fundamental nature of the Internet is IP itself - software. From the
fundamental ingredients, through the marketing elements and the operating structure,
IP considerations have considerable relevance. The IP elements should be considered
in the following areas;
(a) Development of the site and the third party elements to
be incorporated into it;
(b) The domain name, particularly in the context of trade
marks;
(c) Software to be licensed for use on the site or developed
for the site;
(d) Various other copyright ingredients that may be incorporated
into the site, including original text, graphics, pictures and sounds;
(e) Hyperlinks and frames to other
sites and issues as to how the links are represented and how the framed content
is represented;
(f) Meta tags and whether they take advantage of other traders'
names of trade marks;
(g) Representations regarding downloads and material which
can be viewed or copied form the site;
(h) Data, which is collected from or moved between sites and
repositories.
The fundamentals of ownership or entitlements to use, can affect the ability
to trade and the flexibility of future business and development.
The establishment and ongoing operation of any E-Business
site must take these points into account.
2. TERRITORIAL CONSIDERATIONS & CASE NOTES
In this section of the paper, I have focused on two areas,
jurisdiction and privacy. Clearly other areas could have been considered within
such a broad based topic. Jurisdiction has been chosen because it is representative
of the unpredictable aspect of territorial laws as they apply to E-Business
activities. Privacy was selected as one of the most significant issues of concern
in the mind of business people and consumers alike, with respect to buying and
selling on the Internet.
Jurisdiction
-Questions of jurisdiction affect many aspects of the law and its application
to activity and presence on the Internet. Matters of principle and practicality
will each play a role that will vary from territory to territory. Already decisions
of the US, United Kingdom and Australian courts indicate that each situation
will be considered on its facts and it will be difficult to formulate concise
rules and to make accurate predictions of outcomes.
Nothing is likely to challenge the "jurisdiction or courts and legal systems
to the same degree as will the Internet. Until recently, decisions dealing with
the Internet and jurisdiction were predominantly American and showed marked
contrast in the handling of the letter of the law as balanced against sensitivity
of the offence (most notably regarding pornography), some interstate political
influences and practical limitations of enforcement.
In June 1999, the NSW Supreme Court handed down a significant decision on the
issue of jurisdiction in civil matters, in the Macquarie Bank case. The bank
was seeking to restrain an ex-employee, who was not within Australia, from publishing
defamatory material on a web site, the site itself also not being physically
hosted in Australia. Firstly, the court did not question that regardless of
the physical locality of the web site on which the material was placed, it was
being "transmitted" to and could be "received" in NSW. Consequently, jurisdiction
over the alleged offence existed. Secondly, the court had to consider
its power to restrain acts occurring outside its jurisdiction. The court noted
that whilst it had such a power, it was a discretionary one, to be exercised
having regard to the potential enforceability of its orders and whether another
court was a more appropriate forum. The Court declined to make orders restraining
the conduct of the ex-employee,basing its decision on two significant points.
Firstly, it could not make orders having the effect of preventing publication
of the material anywhere in the world. The court recognized the laws of other
territories may bear no resemblance to those of NSW and the matter of defamation
pertained to publishing only in NSW. Secondly, there was no physical means available
to restrict the prohibition to only operate for publishing in NSW. Once something
was published on the Internet, it was available for the whole world to access.
How other countries around the world will treat these issues
is extremely difficult to predict. In addition to the letter of the law, matters
relating to practicality and to "politics" will also influence decisions. The
end result is that the Internet represents a virtual trading arena with potentially
no limit in geographical reach. This inevitably entails a potential to be exposed
to a variety of legal systems that may be similar to that of Australia or bear
no resemblance at all.
Privacy
-In 1998 the US Federal Trade Commission conducted a web site survey and found
that 92% of sites surveyed collected some personal information about visitors
to the sites and only 14% of those informed visitors of the data collection.
Personal data is a highly valuable commodity on the Internet and its collection
and use is largely unregulated.
The adverse perception regarding unauthorised collection and use of personal
data should not be underestimated. A recent example of popular concern over
intrusions into privacy, focused on the Intel Pentium III chips. Intel bowed
to pressure from representative groups, which had culminated in a complaint
lodged with the US Federal Trade Commission, by deactivating the identifying
serial number facility in its Pentium III chips, making it an option for the
user to activate. Notwithstanding that such a facility did have potential benefits
for support and management of computers in large organisations, the potential
for misuse was seen as significant.
There are several essential elements to understanding the current position
on "privacy" in Australia. Firstly, the Federal Privacy Act 1988 does not apply
to the private sector. In other words, it only affects government bodies and
instrumentalities. Significant amendments to the Privacy Act are proposed through
the recently released Privacy Amendment (Private Sector) Bill 2000 (the "Bill").
As much as the Bill is not confined to any method of collection of personal
information, its potential impact on web based activities is significant. The
Bill implements the National Privacy Principles ("NPPs"), which had been prepared
by the Government under the Privacy Act, as the primary guidelines for development
of privacy practice.
The Bill has attracted significant criticism as not being strong enough and
not bringing Australia into line with overseas positions, particularly that
of the European Union. It is therefore not clear when the Bill will become law
and in what form. However, it is difficult to see how the enactment could be
delayed beyond next year, given the business and community pressure on the need
for it.
Even when enacted, there will be exclusions. The Bill currently
exempts "small business" for a period of twelve months from the date of enactment,
representing a concession to developing business. A "small business" is one
with an annual turnover of $3,000,000 or less.
In very broad terms, the Bill looks to protect personal information from improper
use. Primary rights that are recognised are that an individual's consent must
be obtained for use of their personal information and that an individual is
entitled to have access to that information and be able to ensure it is correct
and up to date.
Other than small business, the Bill requires "organisations"
to comply with the provisions of the Bill unless they have their own privacy
code that has been approved by the Privacy Commissioner. A code will only be
approved by the Privacy Commissioner where it provides at least the same standard
of protection as under the NPPs. For small to medium businesses it is unlikely
to be practicable to undertakepreparation of their own code, unless there are
specific nuances of their industry requiring it.
The Bill applies to "organisations" which is broadly defined. It is worth noting
there is no requirement that the organisation be resident or incorporated in
Australia. In fact the Bill has specific extra territorial provisions, extending
its operation to certain acts and practices which take place outside Australia,
to both "Australian" and foreign organisations. These provisions recognise the
global importance and movement of information and simultaneously ensure that
the requirements are not avoided by merely taking the information outside Australia.
The Bill does distinguish between Australian organisations and foreign ones.
Where an Australian organisation deals with information about Australians, such
activity is governed by the Bill whether the dealing is done inside or outside
Australia. For a foreign organization to be affected, it must carry on business
in Australia as well as deal with information about Australians. Further, the
information must have been collected, or held at some time, in Australia.
This highlights some interesting questions as to what constitutes "carrying
on business". Will the mere operation of a web site accessible in Australia,
though hosted in another country, be "carrying on business" here? Is information
obtained about Australians through such a web site "collected in Australia".
Certainly as a consequence of the Macquarie Bank case, for defamation purposes,
publishing through a foreign hosted web site has been deemed to be publishing
in Australia. It does not seem a major step for collecting information through
a foreign hosted web site to constitute "carrying on business" in Australia.
Some care also is needed in considering what might fall within the term "personal
information". The definition under the Privacy Act (being the Act of 1988 which
only applies to government and instrumentalities) is very broad but notably
says "information or an opinion, whether true or not". It is reasonable to assume
this definition is not likely to change when the private sector amendments are
finally enacted. Clearly this could extend well beyond factual statistics to
such summaries.
Conversely, there will undoubtedly be things that people might
hope were covered by "personal information" but that will not fall within the
definition. The concepts are made less clear by the use of the terms "data"
and "personal information". A recent Hong Kong case exemplifies the point. Hong
Kong has a generic "privacy" code, set out in the "Personal Data (Privacy) Ordinance".
The case involved a popular Hong Kong magazine having taken a photograph of
a young lady in the street, to illustrate a fashion article about poor dress
sense. The lady was not aware of the photograph being taken nor of it being
used by the magazine. When she became aware of the article she complained to
the Hong Kong Privacy Commissioner that the taking and use of the photograph
was a taking of personal data in breach of data protection principle 1, requiring
it to be "fair in the circumstances of the case". The Privacy Commissioner agreed
with her. However, the Court of Appeal ultimately overturned the decision. In
particular, the Court found that the act of photographing the lady was not an
act of data collection. The Court also stated that the Ordinance was not intended
to create a general right of privacy against all forms of intrusion into the
private domain.
Australian organisations would be wise to consider how to
embrace the basic privacy principles now, so that when the private sector legislation
ultimately becomes law, which it will, they will not be compelled to significantly
restructure their business.
The Future
- The issue of both legal and practical jurisdiction will
become more and more relevant in determining legal rights and the application
of territorial laws. Laws central to the operation of commerce will be tested
in terms of the non-territorial nature of the Internet. In areas of tax, trade
practices (and its where web based businesses are "carrying on business", or
whether they are within or outside of the jurisdiction.
Conclusion
- The successful web businesses will be those who have
understood the need for balance between the maximisation of market penetration
and the minimisation of responsibilities, with the recognition of the application
and impact of law. Success will come to those who incorporate both a commercial
focus and a legal awareness into their sites, intranets and extranets.
ATTACHMENT A
Web Site Development Agreements
Such an agreement should contain the terms and conditions governing construction,
support and maintenance, access to and ownership of, a web site. In embarking
on securing the services and products of third parties to develop a web site,
it is essential to identify clear objectives to be achieved artistically, functionally
and commercially.
Key Ingredients
- The key ingredients to be considered
for inclusion in the agreement are:
- Creative components: The elements, which are to be
developed. These may include original software, a variety of copyright works
including graphic images, music, video and literary texts;
- User provided components: -
What items of the commissioning party must the developer include. They could
be text files, graphic images or logos, data, proprietary software, or other
copyright works;
-Third party components: -
3 rd party software, graphics images and other varieties of copyright works;
Unless these ingredients are identified and in particular, the responsibility
for delivering them allocated, any agreement will fall well short of codifying
all the required obligations and rights.
Specific issues which should be covered by the agreement
are:
- Ownership: Who owns the web site and its components, noting that ownership may
be spread. Where ownership of some elements is to be retained by the developer
or a third party, have adequate licences been granted for their use and to whom,
to enable continued use of the site?
- Third Party Sources: It is desirable (question the practicality) to require identification
of all third party or developer owned components and secure production of licences
for the third party components.
- Transportability: Is the site readily transportable? This may be adversely affected
by the ownership and rights granted over the components.
- Specification: Has a specification
for the site been agreed to, covering all of the ingredients identified above?
Are time factors and a delivery schedule part of this specification?
- Acceptance: How is
acceptance of the site to be determined? Will there be acceptance testing and
if so, by whom and against what criteria?
- Warranties: What warranties
are given in respect of the site and its components?
- Site Maintenance: If the developer is also to maintain the site, what are its obligations,
responsibilities and fees?
- Links: Will the site
be linked to third party sites and does the agreement specify those links and
who is responsible to get authority for them?
-Third Party Authorities: Does operation of the site require any third party authorities eg securities
trading licences, gambling permits - and who is responsible to obtain them?
Deliverables: The
agreement should specify deliverables and the time frame for delivery. It should
also provide for the consequences of failure to deliver. In particular, is it
to be a consequence of such failure that the commissioner of the site can take
the development elsewhere and with it any materials developed to that point?
ATTACHMENT B
Web Site Hosting Agreements
Such an agreement should contain the terms and conditions
of providing for the establishment of the web site on an appropriate server
network able to be accessed from the world wide web and its continued availability
from such network.
A significant practical issue which should be considered is
the nature of the connection provided by the host - At what level in the connection
hierarchy does the host server network sit and how many servers removed from
a primary connection is it. This may affect the speed of access, response and
vulnerability to downtimes.
Specific issues which should be covered by the agreement are:
- Hosting Services: Have specific hosting services been identified?
- Connection: What continuity of connection
is undertaken by the host and are there backup facilities? This may be a significant
issue in the e-commerce context - from a practical point of view, the host cannot
warrant there will be no interruptions to service. However, the web site owner
may suffer significant loss if its site is inoperative for any length of time,
so there needs to be a balance between these two factors.
- Systems Recovery: What system recovery undertakings are given and what are the consequences
of system outages?
- Site Restrictions: Are there limitations on volume of files and data able to be stored
and accessed?
- Domain Name: Is the host to secure a domain name for the web site owner? The host
will normally require warranties and indemnities over the information provided
by the web site owner to enable obtaining a domain name and also to ensure that
it does not infringe third party rights.
- Indemnities: Is the customer obliged to give indemnities over such things as infringement
of intellectual property rights, defamation and obscene or offensive material?
- Maintenance: A web site hosting agreement does not normally oblige the host to
maintain the site. It should include specific provision enabling
the web site owner to have access to the site for maintenance
and development.
- Security: Are there warranties given regarding security of the site?
- Charges: On what basis
are charges levied?
ATTACHMENT C
Intranets & Extranets
Intranets are seen as a means of delivering true communication and information
management on an organisation wide basis. They provide significant potential
as a living information repository, reducing replication of tasks and re-creation
of similar jobs. Extranets take this significant benefit one step further, by
opening this wealth and means of communication to select parties outside of
the organisation. They provide direct channels of information exchange and inter-activity
between organisations who might share common goals, or those who are in a customer
and supplier relationship.
It may appear that intranets and to a lesser extent extranets have little potential
to create legal exposures. Unfortunately this is not the case. A vast array
of material from joke email to sensitive management documents regularly travel
across corporate electronic communication systems. Copyright materials of various
kinds can find their way into the traffic stream and particularly into the knowledge
base system. These could include graphic images and photos, sound clips, video
clips and text material, as well as software. The content of material could
be defamatory, or might be subject to confidential obligations. It might be
racist or amount to harassment, or both.
Consequently, there is a need to temper the free flow of information
and the stimulation of growth to an intranet and extranet knowledge base,with
controls and safety checks to minimise the possibility of breaches of law or
third party rights. The executive management of a company ought to consider
a brief checklist in assessing the potential for legal exposure through its
intranet and minimising that exposure:
• Control mechanisms to be put in place and responsible individuals appointed
to vet the source and content of material to be put into the knowledge base;
• Vetting should include verification of source of material for copyright,
defamation and confidentiality purposes;
• Corporate guidelines should be established as to the material which
must not be circulated or put into the system;
• A clearing process must be implemented to check material before it
is put into the knowledge base system;
• A monitoring system should exist which does regular checks of the material
which is on the system;
• A clear policy should be formulated and enforced regarding email and
other communications.
There are clearly practical difficulties in effectively vetting and monitoring
the content of the corporate knowledge base and the communication traffic within
an organisation. Notwithstanding such difficulties, the consequences of breaches
of statutory obligations and third party rights make it essential that corporate
management recognize and act to minimise such exposures through carefully structured
policies and content management processes.
Additional considerations apply in terms of extranets. In a similar respect
to arms length trading through web sites, so to with extranets, the terms and
conditions of access and use, together with disclaimers, are essential.
In particular, issues to do with security, containing representations
and limitations of liability, are important ingredients when establishing extranets.
Reference should be made back to the points made regarding trading terms and
conditions and to disclaimers.
September 2000 contents
|
