Briefing Note - The Application of the E-Commerce Regulations to Suppliers & ISPs

The E-Commerce Regulations 2002 implements part of the Electronic Commerce Directive (00/31/EC). The aims of the Directive are to ensure the free movement of “Information Society Services” throughout the EC; to encourage greater use of e-commerce by breaking down barriers across Europe; and to boost consumer confidence and trust by clarifying the rights and obligations of businesses and consumers.

These aims reflect the single market policy to foster competition within the EC through free movement of services within the internal market without restriction.

Information Society Services

The E-Commerce Regulations define 'Information Society Services' as any services normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a customer. A customer for these purposes may be a business or a consumer.

Application of the Regulations

The Electronic Commerce (EC Directive) Regulations applies to businesses that:

• Sell goods or services to businesses or consumers by the Internet or by email
• Advertise on the Internet or by email, or
• Convey or store electronic content or provide access to a communications network.

Information Requirements under the E-Commerce Regulations

Businesses providing an Information Society Service are obliged to make available to their customers and any relevant enforcement authority, in a form and manner which is easily, directly and permanently accessible, the following information:

• The name of the Supplier
• The geographic address at which the Supplier is established
• The details of the Supplier, including their electronic mail address
• Where the Supplier is registered in a trade or similar register available to the public, details of the register in which the Supplier has entered and their registration number, or equivalent means of identification in that register
• Where the provision of the service is subject to an authorisation scheme, the particulars of the relevant supervisory authority
• Where the Supplier exercises a regulated profession –
  • The details of any professional body or similar institution with which the Supplier is registered;
  • The professional title and the member State of the EC where the title has been granted;
  • A reference to the professional rules applicable to the Supplier in the member State of establishment and the means to access them; and
• Where the Supplier undertakes an activity that is subject to VAT, the VAT number must be supplied.

Commercial Communications

Commercial communications constituting part of an Information Society Service must be clearly identifiable as commercial communications and identify the persons on whose behalf the communication is made and clearly identify if it is a promotional offer, competition or game.

The information to be presented within such commercial communications must be easily accessible and presented clearly and unambiguously.

In the event that commercial communications are unsolicited and sent via e-mail, the fact that the e-mail is unsolicited must be clearly and unambiguously identifiable as soon as it is received.

Concluding Contracts by Electronic Means

The E-Commerce Regulations permit for contracts to be concluded by electronic means although the position at law as to whether a contract does exist will be dealt with on a case-by-case basis.

In order for electronic contracts to be successfully concluded using electronic mail or equivalent electronic communications, prior to an order being placed by a customer the supplier must provide in a clear, comprehensible and unambiguous manner the following information:

• The different technical steps to follow to conclude the contract
• Whether or not the concluded contract will be filed by the supplier and whether it will be accessible
• The technical means for identifying and correcting input errors prior to the placing of the order, and
• The languages offered for the conclusion of the contract.

In the event that a supplier is dealing with consumers, these details must be provided. In business to business (B2B) contracts the details must be provided unless there is agreement to the contrary. Service providers must also indicate which codes of conduct they subscribe to and information must be given as to how these codes can be consulted electronically.

The terms and conditions applicable to the contract must at all times regardless of the electronic means of conclusion of the contract must be made available to the customer.

Placing Orders

Unless there is agreement to the contrary, orders placed through technological must be acknowledged by the supplier without any undue delay. Businesses should make the order details available to the customer using appropriate, effective and accessible technical means that gives the customer the opportunity to identify and correct input errors prior to the making of the order. For all consumers this service must be provided and agreements to the contrary are void.

Where the supplier does not make available the means of correction of input errors the customer is entitled to cancel the contract the supplier applies to a court for an order to the contrary.

Internet Service Providers (ISPs)

The Regulations limit the certain types of liability of suppliers who unwittingly transmit or store unlawful content provided by others in certain circumstances. There are 3 classes of service providers whose liability is thus limited by the Regulations:

• those who transmit information in a capacity that of a conduit
• those who engage in ’caching’ information, and
• those engaged in “hosting” information.

Simple Relay of Information

Where transmission of information occurs through a communication network – typically an ISP – the provider is not liable for damages or any other remedy that may be available including criminal sanction as a result of the transmission of information where the provider of the service did not initiate the transmission; did not select the receiver of the transmission; and did not select or modify the information contained in the transmission. The defences will apply equally any automated communications system, such as telecommunications carriers.

Where a provider transmits information that is the subject of automatic, intermediate and temporary storage for the sole purpose of making more efficient the onward transmission of the information to other recipients the supplier is not liable provided the ISP:

• does not modify the information
• complies with conditions on access to the information
• complies with any rules regarding the updating of the information
• does not interfere with the lawful use of technology to obtain data on the use of the information, and
• acts expeditiously to remove or disable access to the information stored upon obtaining actual knowledge of the fact that the information from the initial source has been removed, access to the information has been disabled or a court has ordered as such.

Caching

ISPs that store information provided by a customer are not liable where the ISP 1) does not have actual knowledge of unlawful activity or information and 2) where a claim is made the ISP is not aware of the facts or circumstances from which it would have been apparent (to the ISP) that the activity or information was unlawful, or upon obtaining such information acts expeditiously to remove or to disable access to the information and 3) the customer was not acting under the authority of the supplier.

ISPs should be careful to implement systems to record notices received from the public, and act promptly in determining whether information should be removed. A failure to do so in a proper may expose the ISP to liability for defamation, copyright infringement or some other breach of the law. Liability may be managed to a limited extent by contracting with clientele for indemnities and other relief in website terms and conditions. Using dedicated email addresses to receive such notifications are simple means of doing so.

Monitoring Activities

The Regulations do not impose a general obligation on ISPs to monitor the information that they transmit or store or to actively seek facts or circumstances indicating illegal activity. However, this does not affect the imposition of monitoring obligations in specific cases, for example in compliance with a warrant issued under Section 5(1)(a) of the Regulation of the Investigatory Powers Act 2000 to secure the interception of a communication in the course of its transmission by means of a telecommunication system. Existing statutory obligations continue to apply equally online as well as offline.

Conclusion

The E-Commerce Regulations are in place to regulate and standardise the provision of information services using the Internet and e-mail throughout the EC to ensure the necessary information is supplied to customers prior to the conclusion of contracts to ensure that the creation of contracts is within the bounds of the law.

Certain amounts of protection are afforded to Internet Service Providers in terms of their liability in dealing with information. This protection is not afforded to suppliers advertising and selling goods and services for none compliance with the Regulations. Although the Internet Service Providers role in the policing of information in certain cases can become a vital aspect in the gathering of evidence to determine what information has been transmitted.