The European Union Takes Initiative in the Field of E-Commerce
The aim I pursue with this article is to give to the reader an overview of the European e-commerce initiatives and a basic understanding of the issues surrounding them. The Article sketches recent political developments, followed by a tabular overview of the various legislative initiatives, showing the stage each initiative has reached in the legislative process. The main body of the text will then briefly describe and evaluate the e-commerce issues addressed by the initiatives. Regulation of e-commerce issues is particular pertinent for those aspects of electronic trading which require different legal solutions than offline trading because of the particular characteristics of the Internet. Finally, in the EU context, such regulation can contribute to a further reduction of the existing barriers to the Internal Market.
Keywords: Electronic commerce, European, regulation of e-commerce, Internet regulation, jurisdiction, applicable law, consumer protection, electronic contracts, taxation, copyright, alternative dispute resolution, electronic payment, e-money
This is a Commentary published on 31 October 2000.
Citation: Hornle J, 'The European Union Takes Initiative in the Field of E-Commerce', Commentary 2000 (3) The Journal of Information, Law and Technology (JILT). <http://elj.warwick.ac.uk/jilt/00-3/hornle.html>. New citation as at 1/1/04: <http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2000_3/hornle/>
E-commerce and adaptation to the digital age have been issues high up on the agenda of the European institutions in recent years. There has been a plethora of initiatives, policy documents and legislative proposals in the last five years. An overview and discussion of the most important current legislative initiatives for the regulation of various aspects of e-commerce can be found in the next two sections. However, before looking at the proposals for a legal framework of e-commerce it might be useful to look at the current political concerns of the Commission and to outline future trends. The most recent political developments can be briefly described as follows:
In December 1999 the Commission launched an initiative entitled 'E-Europe' as part of its strategy to increase the uptake of the Internet across Europe and with the aim of giving access to Information Society services to all citizens [EC 1999a]. The Commission also addressed the issue of job creation in a Communication entitled 'Strategies for jobs in the Information Society' [EC 2000a].
At the Lisbon European Council on 23 and 24 March 2000, the Council acknowledged the transformation of the economy to a global, digital and knowledge-driven economy [Council 2000]. It drew the conclusion that it was therefore necessary to create more favourable conditions for the growth of e-commerce. The Council further emphasised that the rules for electronic commerce must be certain for the sake of business and consumer confidence. In this connection, it pointed to the current legislative proposals for the regulation of e-commerce. However it is noteworthy that the Council also stated that the problems created by the speed of technological change may mean that 'new and more flexible regulatory regimes' are required. It reiterated the Commission's political aim of achieving access to the Internet for every citizen [Council 2000].
In order to achieve these aims, the Presidency of the Lisbon European Council called upon the Commission to draft an action plan entitled 'e-Europe' for presentation to the Council [Council 2000]. The action plan [EC 2000b] was endorsed by the Council, at the final European Council of the Portuguese Presidency in Feira on 19 and 20 June 2000. The Feira Council emphasised as a short-term priority the bringing down of the cost of accessing the Internet through the unbundling of the local loop.
The e-Europe Action Plan is the main EU policy document in this area.
Building on the previous initiative, the Action Plan sets out ambitious goals and standards to be achieved on a wide range of issues. These issues reflect the Commission's main concerns: faster and cheaper access to the Internet, accelerating e-commerce, the completion of the legal framework for e-commerce, building consumer confidence in e-commerce, the promotion of ADR, the promotion of electronic payment systems, enhanced electronic access to public services and IT supported learning networks [EC 2000b].
As the methods for implementation of these goals, the Action Plan mentions legal measures, financial support for new infrastructures (mainly private funding) and services and benchmarking by statistics and specific surveys [EC 2000b, pp. 2-3].
Although, clearly the E-Europe action plan sets ambitious policy objectives and high standards for access to the Internet and for the promotion of e-commerce, for social inclusion and the use of technology for desirable goals, it is perhaps questionable how effective its methods of implementation will be.
The work programme for the French Presidency, having taken over from the Portuguese Presidency on 1 July 2000, refers to the aims of the e-Europe Action Plan. It emphasises in particular the following three goals:
1. equal access to the information society for all,
This section is to give a brief overview in the form of a table over the EU legislative instruments and other initiatives being discussed or, as the case may be, having recently been adopted:
This section is to examine the issues addressed by the EU initiatives.
It may be questioned why Internet specific regulation should be necessary at all. Essentially and perhaps obviously the purpose of such regulation is to create legal certainty for businesses and customers conducting commerce on the Internet. This is particular pertinent for those aspects of electronic trading which require different legal solutions than offline trading because of the particular characteristics of the Internet. (On this topic generally, see [Hoeren T 2000]) Finally, in the EU context, such regulation can contribute to a further reduction of the existing barriers to the Internal Market.
The EU initiatives (and, hence this article) focus on e-commerce within Europe. Admittedly, the issues relating to e-commerce and the Internet have a global dimension and should therefore be addressed at global level. However a regional approach is justified for the reason that, if a workable basis is found on a regional level such as the EU, this might serve as a model for international solutions.
The following are the main issues addressed by the EU initiatives.
Naturally, the Internet leads to a growth in cross-border marketing and an increase in cross-border transactions. As for all cross-border trading the conflict as to which Member State's laws will apply to the transaction must be answered.
There are two aspects to this question: the first aspect is laws imposing requirements the goods or services (or their marketing) must comply with (the regulatory regime) and the second aspect is the contractual obligations of the parties to a transaction (contract law).
The question here is to what extent is the importing Member State free to impose its own regulatory regime and thereby restrict imports from other Member States. This aspect is addressed by the principles of the free movement of goods and free provision of services in the EC Treaty. These principles restrict the regulatory barriers a Member State can impose on goods and services imported from another Member State.
For goods, this is the prohibition on quantitative restrictions on imports and on measures having equivalent effect (Article 28 (ex Article 30) EC Treaty) subject to grounds of justification (Article 30 (ex Article 36) EC Treaty). This prohibition has been further defined by the 'Cassis de Dijon' (Case 120/78 Cassis de Dijon  649) jurisprudence of the European Court of Justice. This establishes, in essence, the principle that a product legal in another Member State must be legal in the importing Member States unless the importing Member State can show that the restrictions are necessary to satisfy certain mandatory requirements. Similarly for services, the Treaty prohibits restrictions on the freedom to provide services (Article 49 (ex Article 59) EC Treaty), unless justified under certain grounds (Article 46 (ex Article 56) EC Treaty). The 'Cassis de Dijon' jurisprudence has been further refined by the decisions in 'Keck and Mithouard' (Cases C-267 and 268/91  ECR I 6097) and 'Hünermund v. Landesapothekerkammer Baden-Würtenberg' (Case C-292/92  ECR I 6787) laying down the rule that regulations concerning selling or marketing arrangements, as opposed to requirements relating to the product itself, are not quantitative restrictions or measures having equivalent effect. Many of the national rules constituting a barrier to e-commerce are in fact rules governing selling or marketing arrangements.
However, specifically for electronic commerce, the Framework Directive now stipulates that 'Member States may not (...) restrict the freedom to provide Information Society services from another Member State' (Article 3 (2) of the Directive). Therefore, Member States may not restrict the freedom of an Internet service provider established in another Member State to provide its Internet services on the basis that it does not comply with the local requirements applicable to Information Society services in the destination Member State. The idea behind this is that the Information Society service provider need only comply with the regulatory requirements imposed on Information Society services in its Member State of origin.
However, this 'country of origin rule' does not apply to all rules and regulations. It only applies to the following 'co-ordinated' fields:
1. The requirements on taking up of the electronic business, e.g. requirements as to qualification, authorisation or notification. (Article 2(h)(i) of the Directive)
2. The rules governing the pursuit of the electronic business, the conduct of the electronic business, the quality and content of its services or its liability. This includes the rules on advertising. (Article 2(h)(i) of the Directive)
The 'country of origin rule' contained in the Directive does not apply to the national regulations on goods as such, the rules on delivery of goods nor to the national rules on services not provided by electronic means. (Article 2(h)(ii)) In these areas the general rules of the EC Treaty on free movement of goods and free provision of services, briefly mentioned above, apply.
The Directive allows a Member State to derogate from this 'country of origin rule' by taking measures (e.g. prohibiting an Information Society service originating from another Member State). (Article 3(4)) These measures must be strictly necessary for reasons of public policy, public health, public security or consumer protection (Article 3(4)(a)(i)) and the Member State where the service originates from, must, except in cases of urgency (Article 3(5)), have failed to take adequate measures after having been asked to do so by the 'destination' Member State. In addition the Member State must notify the Commission (Article 3(4)(b)) who may prohibit such measures (Article 3(6)).
Furthermore certain fields are excluded from the 'country of origin rule' (Contained in the Annex). These are for example: copyright and neighbouring rights, contractual obligations concerning consumer contracts, the validity and the formal requirements for contracts concerning rights in land.
One further very specific exception should be mentioned here: the question as to whether unsolicited e-mail for advertising purposes are lawful. This question is governed by the law of the destination Member State. However, the Directive provides that as minimum protection, service providers should be under an obligation to consult and respect opt-out registers in which consumers can register their wish not to receive such unsolicited commercial e-mails. (Article 7(2))
Finally, as another aspect of the regulatory regime it should be pointed out that Member States may not make the provision of Information Society services conditional on prior authorisation. (Article 4(1))
The second aspect to the question of applicable law is which national law governs the contractual rights and obligations of the parties to the transaction, including the contractual terms implied by national (or increasingly, European) legislation for the protection of the consumer.
The Rome Convention contains harmonised rules determining which Member State's contract law applies to the contract of a cross-border transaction. Essentially the parties are free to choose the law applicable (Article 3). In the absence of choice, the law of the state to which the contract has the closest connection will govern the contract (Article 4(1)). It is presumed that this is the state where the party performing the characteristic obligation is established (Article 4(2)), for a contract of sale, for example, this means the state where the seller is established. These two basic rules are subject to exceptions, for example for consumer contracts.
With traditional forms of cross-border distribution of products, the distributor or retailer with whom the final consumer contracts is more often than not established in the same Member State, so that no conflict of law problem involving a consumer arises. With traditional forms of commerce, direct marketing is rather the exception.
Distribution over the Internet, however is usually direct marketing where the seller and the buyer are often located in two different Member States and therefore Internet commerce leads to an increase in cross-border selling to consumers and conflict of law situations involving consumer protection issues.
The Rome Convention provides for special rules for some consumer contracts. The consumer protection rules of the Member State in which the consumer has his habitual residence must be applied if either:
It is difficult to see how these rules, based on the territory in which the contract is made or on the territory where the advertising took place, would apply to a consumer contract concluded via a website. It could be argued that this would depend on the website itself and whether it could be linked to a particular territory by targeting the consumers of a particular Member State. Indicators for this could be the language used, the way the product is presented, the product itself and the contact details given. On the other hand, in many cases it will be impossible to make such a link.
An updated version of the Rome Convention is being discussed in the Council working groups. Although no official version has yet been published, it is suspected that the same approach will be taken as for the revision of the Brussels Convention on jurisdiction (See next section ). This is that for interactive websites the contract law of the consumer's residence would apply.
This issue has been highly controversial business (and especially SMEs without establishment in every Member State) fear high costs, since they would have to design their contracts to comply with the contract law in each Member State [Pullen M 1999]. On the other hand, consumer organisations [BEUC 1999a] fear a lowering of consumer protection standards, if the law of the country where the business is established was applied. This is because the Member State with the lowest consumer protection standards would be the most competitive for businesses to operate from.
On the other hand it must be pointed out that the conflicts regarding consumer protection are being reduced, since increasingly there is harmonisation of consumer protection law on an European level. (See Directives 97/7 and 98/27 and also the Proposal for a Directive on the Distance Marketing of Consumer Financial Services, discussed below.)
A similar question arises with regard to jurisdiction:
This question is governed by the 1968 Brussels Convention. The parties may choose which jurisdiction shall hear disputes arising out of their contract (Article 17). In the absence of such a choice, the general rule is that the courts of the defendant's domicile have jurisdiction (Article 2). The Convention also lays down various categories of special jurisdiction, for example for disputes relating to a contractual obligation, the place where this obligation should have been performed (Article 5(1)).
For consumer contracts, the jurisdiction rules are asymmetrical: whereas the consumer can sue the business in either the state where the business is established or in his own state of domicile, he can only be sued in his own state. (Article 14)
Consumer contracts are defined as contracts with a consumer for:
Regarding contracts made on websites, the same problems as discussed above in the context of applicable law arise. Again the question arises whether the e-commerce transaction is more akin to a consumer 'travelling' abroad or to the business making offers in the consumer's state of domicile. The Council has tried to address these issues by amending the wording in the proposed revision of the Convention ('Jurisdiction Proposal'). It has in particular removed the requirements that the consumer must have taken the steps to conclude the contract in his Member State of domicile, which would be difficult to determine in the case of a contract concluded via a website.
The revised text now replaces the third indent by contracts 'concluded with a person who pursues commercial or professional activities in the Member State of the consumer's domicile or who by any means directs such activities to that Member State (...)'
The explanatory memorandum to the proposed Regulation [EC 1999b, p.16] states that this third indent would apply to contracts 'concluded via an interactive website accessible in the consumer's Member State of domicile'. This interpretation might be too wide-for example if the website expressly stated that it does not address itself to consumers of particular states? Furthermore for example if it is clear from the language or the layout that it is not directed at the consumers of particular states? A website in German offering products typically consumed in Germany is on the face of it is only directed at consumers in Germany.[22 ]
As with applicable law, these issues have provoked some debate [Pullen M 1999 and BEUC 1999b]. The suggestion that businesses are liable to be sued in every jurisdiction has evoked great criticism from the business community [Pullen M 1999 and DTI 2000] on the basis that it would drive many SMEs out of business if they had to face litigation in every Member State. How real this risk might prove in practice is another question. Consumers tend to resort to litigation only above a certain value of the claim. Regardless of whether it is the consumer or the business who has to cross a border in order to obtain legal redress, cross-border litigation will be expensive and this cost will only be justified for larger claims. Therefore it will be necessary to set up complementary Alternative Dispute Resolution mechanisms, since otherwise access to justice will be practically denied in many cases.
The Commission issued a Recommendation already in 1998 to set essential standards and principles for ADR bodies. The Recommendation sets requirements for the independence of such a body for example by stipulating that consumers and professionals must be equally represented (Paragraph I). The Recommendation further contains stipulations as to the transparency of the procedure. It requires that it must be transparent whether decisions are based on law, Codes of Conduct, equity etc. It requires the publication of an annual report (Paragraph II). The Recommendation then lays down the requirements for the parties to be able to state their case (Paragraph III) and that the procedure must be efficient (Paragraph IV). The consumer must not be deprived of mandatory consumer protection laws of his normal residence (Paragraph V) nor of access to the courts (Paragraph VI). Decisions must be communicated with grounds (Paragraph V). The Recommendation also stipulates that the consumer must be able to choose whether or not to be legally represented (Paragraphs IV and VII). Finally it must be agreed between the parties in advance whether or not the body's decisions are binding or not (Paragraph VI).
The need for Alternative Dispute Resolution was also recognised in the Framework Directive. It provides that Member States shall not hamper (non-state) out of court dispute resolution procedures including electronic means (Article 17(1)) and encourage adequate procedural safeguards (Article 17(2)). Member States are under an obligation to co-operate and shall appoint contact points for this purpose (Article 19(2)). These contact points are to provide practical assistance and information to service providers and recipients of services with regard to out of court dispute resolution procedures. However, the Directive does not oblige Member States to set up or regulate out of court procedures. Presumably it is envisaged that such mechanisms develop on the private sector.
For the exchange of information and experience in this field, the Commission has set up an 'e-confidence' forum and conducted studies to look at a number of initiatives and projects such as 'WebTrader' (EU), e-Resolution (Canada/EU), BBB-Online (USA and Canada) and Trusted Shops (Germany). (See the Commission's 'e-confidence' online forum at <http://dsa-isis.jrc.it/ADR/>)
A European Extra Judicial Network (EEJ-net) linking ADR initiatives in the Member States was launched on 5 May 2000. This is a support and communication network with single contact points ('Clearing Houses') in each Member State, as envisaged in the Directive. The consumer in the event of a dispute with a business established in another Member State could complain to the Clearing House in his Member State and request information and support on making a claim to an ADR body in the Member State where the business is established. It is intended that the network is up and running by the end of 2000. (Rapid Press Release IP/00/445, 5 May 2000 available at < http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=IP/00/445|0|RAPID&lg=EN>)
Transactions over the Internet are generally easy and convenient but thus leave a consumer less time for deliberation so that the consumer may have second thoughts as soon as he clicked on the order. Mailshots and other advertising activities are much cheaper for suppliers to produce and send and may therefore lead to a flood of advertising material in the recipient's mailbox. Furthermore, often the trader will not be in the same location or even located abroad or indeed it will not be clear at all where the trader is physically located or, worse still, who the trader is. All these factors call for enhanced consumer protection.
The Framework Directive prescribes certain details to be provided by the Internet service provider to the recipient of the services (both consumers and non-consumers), as applicable: the name and (geographic) address, contact details, trade register number, particulars of licence or professional registration and its VAT registration number (Article 5(1) Framework Directive). Prices must be given unambiguously, stating clearly whether or not tax and delivery costs are included in the price given (Article 5(2)).
The Distance Contracts Directive (Directive 1997/97/EC of 20 May 1997 on the Protection of Consumers in Respect of Distance Contracts, OJ L144 of 4 June 1997, pp. 19-27) deals with consumer contracts for the sale of goods or the provision of services concluded at a distance, including e-mail and teleshopping (Article 2 and Annex I of the Distance Contract Directive). It provides that the consumer must be given a list of information prior to the conclusion of the contract. This list partly overlaps with the list contained in Article 5 of the Framework Directive, albeit that the Framework Directive also applies to non-consumers.
The Distance Contracts Directive does not apply to financial services (Article 3(1) Distance Contract Directive). However, similar provisions as to which prior information must be given by the supplier are now being discussed in the Distance Marketing of Financial Services Proposal.
The Distance Contract Directive allows the consumer to withdraw from the contract within 7 days, without penalty and without giving any reasons (Article 6(1) Distance Contract Directive). By way of exception, the right of withdrawal does not apply in the following situations (Article 6(3)):
The Distance Contract Directive provides that the right of withdrawal includes a right to cancellation of a connected credit agreement (Article 6(4)). Finally it stipulates that the supplier must perform the contract within 30 days (Article 7 Distance Contract Directive).
Again, the Distance Marketing of Financial Services Proposal contains similar provisions with regard to financial services. It provides for a right of withdrawal which Member States could set between 14 and 30 days. This would of course mean that the period might vary between the different Member States. If the service provider and the consumer are located in different Member States and the Member State where the supplier is located provides for a shorter withdrawal period, the supplier may apply that shorter withdrawal period (Article 4(1)). Consumers would not need to indicate any reasons or pay any penalty for such withdrawal (Article 4(1)).
However the right of withdrawal would not apply to certain contracts, such as contracts for foreign exchange services, money market instruments, transferable securities, collective investment schemes, futures and options, certain exchange and interest rate instruments, non-life insurance for a period of less than two month or contracts which have been fully completed before the expiry of the withdrawal period (Article 4(1a)).
Also controversial is the question in what circumstances the right of withdrawal should apply to mortgages (termed 'real estate credit'). (Article 4 (1b))
The Framework Directive provides that commercial communications, i.e. e-mail advertising goods or services, must be clearly identifiable as such and any conditions for promotional offers must be clear (Article 6 Framework Directive).
Finally, as mentioned above (See under 3.1.1), the Framework Directive provides as a minimum protection that service providers must consult and respect registers where persons (only natural persons) not wishing to receive unsolicited commercial communications (e.g. mailshots sent by e-mail) can register (Article 7(2) Framework Directive). Therefore as a minimum standard, Member States must provide that where a consumer actively makes known his objection to unsolicited mail, that this 'opt-out' must be respected. This means on the other hand that under this minimum standard, where a consumer has neglected to register such a wish, unsolicited mail is permissible. However, Member States can provide stricter protection by stipulating that unsolicited advertising mails are only permissible if the consumer has previously consented to this ('opt-in'). If the consumer stays passive in this situation and does not register a wish to receive such mail, unsolicited mail is not permissible. As mentioned above, the law whether or not such unsolicited mails are permissible depends on the law in the consumer's (or other person's) residence, as the country of origin rule does not apply (Annex of the Framework Directive).
The Distance Contract Directive and the Distance Marketing of Financial Services Proposal provide that the unsolicited supply of goods or services with a demand for payment shall be prohibited. (Article 9 Distance Contract Directive and Article 9 Distance Marketing of Financial Services Proposal) Both instruments furthermore provide that the use of automated calling machines or faxes for unsolicited advertising requires the consumer's prior consent. (Article 10(1) Distance Contract Directive and Article 10(1) Distance Marketing of Financial Services Proposal) Other means of unsolicited commercial communications (e.g. e-mail) is only permissible in the absence of objection by the consumer. (Article 10(2) Distance Contract Directive and Article 10(2) Distance Marketing of Financial Services Proposal) This is similar to the provisions in the Framework Directive equally providing for a 'opt-out' system as the minimum protection.
The Distance Contract Directive and the Distance Marketing of Financial Services Proposal provide that consumer organisations, public bodies representing consumers or professional organisations have locus standi before the national courts to enforce the implementation provisions of each Directive. (Article 11(2) Distance Contract Directive and Article 12(2) Distance Marketing of Financial Services Proposal) This provision might be a useful tool against widespread breaches where individual consumers might be reluctant to bring claims before the courts where either the value of each claim is too small or the costs of proceedings are too high.
The Framework Directive provides that the national laws of the Member States must allow for conclusion of contracts in electronic form (Article 9(1) Framework Directive). Presumably this is intended to mean that the national requirements as to form for particular types of contracts must be translated into the equivalent electronic form. Therefore if national law stipulates that a particular kind of contract must be in writing then electronic writing, e.g. e-mail will fulfil this requirement. (As to the question how to reproduce a signature electronically, see the next section)
As Rosa Julià-Barceló [Julià-Barceló R 1999 p. 148] points out, e-commerce transactions will mainly be contracts for the sale of goods or the provision of services. Therefore the usual formal requirements for such contracts (in writing, signed) will not pose significant obstacles to e-commerce.
This principle must apply to all stages of the conclusion of a contract, including invoicing and record keeping and will require Member States to systematically review all rules preventing the effective use of electronic contracts [Julià-Barceló R 1999, p.149]. (See also Recital 34 of the Framework Directive)
Member States may provide that the following types of contracts cannot be concluded electronically: contracts creating or transferring interests in land, contracts requiring the involvement of public authorities, the courts or of a profession, e.g. a notary public, contracts of suretyship and finally, contracts governed by family law or the law of succession (e.g. a will). (Article 9 (2))
The Framework Directive then provides that, for (standard) contracts with consumers, the supplier must clearly set out the steps for the conclusion of the contract, unless the contract is concluded by individual communication such as e-mail (Article 10(1)(a) and (4)). This is also advisable from the supplier's point of view: to avoid legal uncertainty, the website should make clear at what exact point the contract is concluded [Chissick M & Veysey G 2000, p.122].
The Framework Directive seems to assume that the website itself is not the offer, but only an invitation to treat. (See the wording of Article 11(1) 'where the recipient of the service places his order through technological means', ie the customer places an order, he does not accept the website's 'offer'.) This would be in line with the contractual rule that a retailer is not necessarily bound by offering a product for sale. However whether or not a website contains a mere invitation to treat presumably depends on the design of the website: if order buttons are marked 'place order' instead of 'purchase' this is more likely the case [Chissick M & Veysey G 2000, p.122].
Furthermore the supplier must acknowledge the receipt of the consumer's order (Article 11(1), again, this provision does not apply if the contract is concluded by individual communication such as e-mail, Article 11(3)). Unlike previous proposals, the Directive now leaves open the question as to when the contract is concluded.
The supplier must give the consumer a chance in the ordering process to detect and correct errors (Article 11(2), again, this provision does not apply if the contract is concluded by individual communication such as e-mail, Article 11(3)). However, the Framework Directive does not determine the legal consequences if the supplier does not provide such error correction procedures. For example if a consumer clicked on the 'accept' button by mistake and there is no further step to confirm the conclusion of a contract, would the contract be void for mistake? [see also Julià-Barceló R 1999, p.152]
Finally, the Framework Directive does not prescribe the manner of presenting contractual terms or general conditions to ensure that the consumer acknowledges them and that they are incorporated in the contract. The existing caselaw on incorporation will have to be applied by analogy.
The provisions of the Electronic Signatures Directive are aimed at achieving that electronic signatures are legally recognised as signatures and to establish technical standards for such signatures. The purpose of an electronic signature, like that of a hand-written one is to guarantee that the message or document stems from the person who undersigned and also to guarantee that it has not been tampered with. (See the defining criteria for advanced legal signatures in Article 2(2) of the Electronic Signature Directive)
Arguably a hand-written signature has the further function of warning the person signing that he is doing something legally significant. This warning function is perhaps not equally provided by an electronic signature [Cavanillas S 2000]. Benjamin Wright argues that the primary purpose of a signature is to show legal commitment rather than confirming the identity of the sender and that therefore electronic signatures should also use an appropriate interface reflecting the ceremonial nature of a signature [Wright B 1999, p. 401].
An electronic signature works by an asymmetrical pair of keys. The signatory is using his private key to encrypt his messages. Whether the private key has been used can be verified by means of a public key used for decrypting the message. A service provider certifies who is holding the private key corresponding to the public key, thereby establishing the identity of the signatory. In other words, the certification service provider makes the link between the signature and the identity of the sender. Although the Directive is based on the asymmetrical key cryptography, the draftsmen of the Directive attempted to couch it in neutral terms so that it may be applied to other techniques in the future [Dumortier J & Van Eecke P 1999, p. 107].
The Directive lays down technical requirements for the following:
In particular, certification service providers are not allowed to store the private keys (Annex II, lit. j).
The Directive establishes that if these requirements are met, electronic signatures shall be recognised as the equivalent to hand-written ones (Article 5(1)). This does not mean that electronic signatures not fulfilling all of these requirements are not legally effective. For such signatures, the burden of proof is reversed; the person relying on the signature would have to show that it was reliable (Article 5(2)).
Certification service providers may join a voluntary accreditation scheme. Member States cannot make the provision of services related to electronic signatures subject to mandatory licensing (Article 3(1) and (2)). However, Member States are under an obligation to establish a system of supervision for the providers of qualified certificates established on their territory (Article 3(3)).
In accordance with the principle of free movement of services, Member States may not restrict the provision of the certification services by a service provider established in another Member State (Article 4).
Finally the Directive provides for liability of service providers for the content of a qualified certificate and imposes the burden of proof on the certification service provider to show that it was not negligent (Article 6). However the certification service provider is allowed to limit its liability, if this is apparent to third parties relying on the certificate (Article 6(3) and (4)).
Broadly speaking there are two types of instruments for electronic payment:
Although electronic payment systems (with the exception of credit and debit cards) have not experienced the mass proliferation expected, this is generally believed to be the result of commercial barriers rather than legal ones. The greatest barrier seems to be the lack of interoperable systems. Therefore the use of credit and debit cards is still most common [Edgar L 2000].
Where payment cards are used for distance selling, the consumer will usually give details of his card for payment of the goods or services. This raises concerns about the fraudulent abuse of these details by the provider or by a third party intercepting the communication.
In the case of a fraudulent use of the payment card in connection with a distance contract, both the Distance Contracts Directive and the Distance Marketing of Financial Services Proposal provide that the consumer must be able to cancel payment. If payment has already been made, the consumer must be able to obtain a refund (Article 8 of the Distance Contract Directive and Article 8a of the Distance Marketing of Financial Services Proposal). This provision is to ensure that where a rogue has obtained the card details in connection with a distance transaction, the loss does not fall with the consumer thereby ensuring consumer confidence. However it does not decide whether the final loss should fall on the bank or the retailer.
The Electronic Payment Recommendation albeit non-binding on the Member States also recommends a limitation of the cardholder's liability. The cardholder is only liable for unauthorised use consequent to loss or theft of the card for a maximum of 150 Euro before notification of the issuer (In the absence of 'extreme' negligence or fraud by the cardholder, Article 6(1) of the Recommendation). For loss after he has notified the issuer, he is not liable at all (In the absence of fraud, Article 6(2) of the Recommendation).
These provisions do not apply to electronic money instruments storing value (Article 1(2)), since these are treated in this respect more akin to cash [Edgar L 2000].
Furthermore the Electronic Payment Recommendation recommends that the issuer be liable for a defective execution of the cardholder's transaction, for unauthorised transactions, subject to the provisions on loss and theft, and for any irregularities in the maintenance of the account (Article 8).
Finally, two complementary E-Money Directives have recently been adopted, containing the rules on regulatory control and supervision of institutions issuing money instruments. Since, unlike credit institutions (banks) these institutions do not take deposits as such or give credit, it was felt that some, albeit lesser regulation was necessary [Edgar L 2000] (See Recitals of Directive No 8/2000). Directive 9/2000/EC amends the definition of 'credit institution' in the First Banking Co-ordination Directive (Directive 77/780/EEC) to bring electronic money institutions in principle within the scope of the First and Second (Directive 89/646/EEC) Banking Directives. (Article 1(1) of Directive No 9/2000) Essentially this means that these institutions benefit from the Single Market in this area: if they are authorised by one Member State they will be able to operate throughout the EU. The issuers of electronic money are exempt from some of the prudential supervision rules (Article 2(2) of Directive No 8/2000). Instead, Directive No 8/2000 lays down specific rules and principles (Such as prior authorisation, initial and ongoing capital requirements, limits on permissible investments, standards as to management and ongoing supervision, see Articles 4 and 5 of Directive No 8/2000), to ensure that these institutions are stable and sound.
The Copyright Proposal would harmonise certain aspects of copyright (and related rights) across the Member States. It deals specifically but not exclusively with the problems and issues raised by the Internet and digital technologies. It would also implement the EU's international obligations with regard to two WIPO Treaties concluded in December 1996.
Unlike previous EU legislation on copyright, the Copyright Proposal adopts a broad approach protecting a range of rightholders such as authors, performers, phonogram producers, film producers and broadcasting organisations (Article 2, 3 and 4). It would give such persons the exclusive rights to authorise or prohibit the following:
With analogue copying some protection is derived from the fact that each copy is of a slightly worse quality than the original. This is not the case for digital copying. Furthermore digital copying is fast and relatively cheap. For these reasons there is a greater risk of copyright infringement [Edwards J & Tiwari S 2000, p.15].
Copyright protection against digital copying has been partly achieved by technological measures preventing copying ('anti-copying devices'). The Proposal makes clear that such anti-copying devices may be used and gives further protection by providing that Member States must provide for sanctions against circumvention of anti-copying devices. (Article 6: Member States must provide adequate legal measures against circumvention, see also Article 8(1). The Proposal does not expressly provide that Member States must make circumvention a criminal offence.)
However, the exclusive rights contained in the Proposal would be subject to exceptions. Generally speaking these are instances of reproduction or making available to the public outside the normal exploitation of the work. The Proposal contains a detailed list of such exceptions (Article 5), including, for example photocopying, private use, illustration for the purposes of teaching, and scientific research, certain activities of public libraries, archives or educational establishments, reporting of current events and use by persons with a disability. The Proposal provides that these exceptions are optional, Member States may implement all or any of these exceptions in their national legislation (See the wording of Article 5(2) and (3) 'Member States may provide..'). Furthermore it now provides that the list is exhaustive (See Rapid Press Release of 9 June 2000, IP/00/601). Thus, Member States would not be allowed to introduce any exceptions not contained in that list. This was a very controversial point. The attitude to copyright exceptions underlines the cultural differences of the Member States [Edwards J & Tiwari S 2000, p.14]. A compromise was reached in the so-called 'grandfather clause' that Member States may retain existing exceptions not contained in the list but only in respect of analogue copying (See Rapid Press Release of 9 June 2000, IP/00/601).
The Proposal also provides that the Member States must provide in their national legislation for 'fair compensation' to the rightholders for photocopying, private copying and illustration for teaching and scientific research (Article 6(2) and (3)). This could take the form of levies charged for photocopying in public libraries and copy shops, levies on sales of blank tapes or on other equipment for copying. However Member States would be given flexibility in the implementation of this, in certain minor cases no fair compensation would have to be provided (See Rapid Press Release of 9 June 2000, IP/00/601).
The next controversial point was the question as to how can the beneficiaries of the exceptions make use of the relevant exception if the rightholder has an anti-copying device in place making copying in fact impossible. Excessive use of anti-copying devices would undermine the exceptions and infringe information rights of the public. The compromise reached here was that rightholders would have to provide the beneficiaries, such as schools and libraries, with the means to use the exceptions applying to them. It would be up to the Member States to ensure that such means are made available (See Rapid Press Release of 9 June 2000, IP/00/601). However there would be one exception to this: where rightholders prevent private (digital) copying by anti-copying devices, they would be under no obligation to provide the means to allow private copying (Article 5(2)(b) bis). The reason for this is that it is difficult to prevent abuse of the private copying exception for digital material [Penfold R 2000, p.27].
Finally, the Proposal provides for Community exhaustion of the distribution right (Article 4(2)). This means that where an author has allowed distribution anywhere in the Community he would not be able to restrict any further distribution by a licensee within the Community. However there is no provision for international exhaustion, so that imports into the Community by licensees from third countries may be prevented.
This section deals with the following two issues:
First, as part of the process of transmitting data over the Internet certain technical copies are made by service providers. This raises the question of the liability of such service providers under copyright.
The Framework Directive provides that Internet service providers are immune from liability where the service provided is mere transmission without choosing the recipient or modifying the information contained in the message (Article 12(1)). Likewise, on condition that they observe certain rules, service providers are not liable for the automatic, intermediary and temporary storage of information to facilitate onward transmission ('caching') [Julià-Barceló R 2000].
The Copyright Proposal equally provides that certain necessary temporary acts of technical copying, including those facilitating effective transmission, must be exempted from copyright (See Article 5(1)).
Richard Penfold argues that this exception from liability for copyright infringement is much wider than the immunity conferred by the Framework Directive [Penfold R 2000, p.26]. This is at least doubtful, since the conditions for exception are equally stringent: in order to gain immunity the Internet service provider would have to prove that the copying was an integral and essential part of the technological process without independent economic significance.
Secondly, the question arises whether Internet service providers are liable for infringing material posted by users on their server. Infringing material could be for example, defamatory material, material in breach of copyright, material breaching criminal law (e.g. communications relating to criminal activities such as drug dealing; statements inciting racial hatred, child pornographic material). This involves problematic issues as to the enforcement of public law regulation against obscenity, the expression of racial hatred etc. [Akdeniz Y 2000 , p.55]
Where a service provider stores ('hosts') information on its server at the request of the user, e.g. storing the user's website, it is not liable for illegal material stored if two conditions are fulfilled:
This in effect means that where a service provider is put on notice that material hosted on its server is illegal, it will risk losing the benefit of the immunity and will have to remove the material. This might be criticised as unduly infringing the principles of freedom of speech, fair competition and due process, since to play safe, service providers will always remove material when put on notice, even where such notice might not be justified. This is in contrast to the provisions in the US Digital Millenium Act which have addressed these issues and provide for a notice and take down procedure. In many instances, the service provider will not give the person whose material is taken down an opportunity to state its case, as the service provider may contractually be entitled to remove material at any time without consulting the customer [Julià-Barceló R 2000 and Julià-Barceló R & Koelman KJ 2000, p.232].
On the other hand the provision might be criticised on the basis that it does not impose any liability on service providers to apply filtering techniques which might reveal, for example (some) child pornographic material. This is expressly stated by Article 15(1) of the Framework Directive, which provides that service providers, when transmitting, caching or hosting material are under no obligation to monitor such material for signs indicating illegal activity.
This said, Recital 48 provides that Member States may require service providers to 'apply duties of care.... to detect and prevent certain types of illegal activity'. According to this the Member States might require service providers to apply state of the art filtering techniques.
Furthermore, the immunity conferred by the above provisions only relate to immunity from criminal liability and civil damages, but do not prevent the courts of the Member States from granting an injunction against a service provider to prohibit the transmission, caching or hosting of any illegal information. (Articles 12(3), 13(2) and 14(3) of the Framework Directive, see also Recital 45 of the Framework Directive.)
The Taxation Proposals cover the VAT treatment of items and services delivered electronically such as downloadable information, books, music, computer software, data processing services, computer services such as web-hosting, web-design or similar services (Article 1(1) of the proposed Directive adding a subparagraph to Article 9(2) of Directive 77/388/EEC). It also deals with subscription based and pay-per-view television and radio. (Article 1(1) of the proposed Directive adding a subparagraph to Article 9(2) of Directive 77/388/EEC, see definition of 'supply by electronic means'.) All of these would be treated as services.
The main deficiency of the current rules was considered to be that third country based suppliers providing services to non-VAT registered customers (mainly consumers) in the EU can do so without charging VAT, whereas suppliers based in the EU have to add VAT to their bill. Furthermore, EU suppliers to customers outside the EU may also have to charge VAT. This is putting third country suppliers at a considerable and unjustified price advantage.
The basic rule under the Proposals is that where the place of consumption is within the EU the services are subject to VAT, whereas if the place of consumption is outside the EU no VAT is payable under EU rules.
For services consumed in the EU, payment of VAT would depend on the tax status of the recipient of the services. If the recipient is a VAT registered business, the supplier would charge no VAT and the business recipient would pay the VAT on a self-assessment basis in its home Member State. (Article 1(4) of the Directive)
However for non-registered recipients, mostly consumers, the provider would charge VAT on the rate applicable in its Member State. (Article 1(1) of the Directive)
Non-EU businesses providing services into the EU would have to register in the EU if they undertake transactions with consumers, if their annual sales to consumers in the EU exceed Euro 100,000 (Article 1(3), inserting a new Article 24(2a) into Directive 388/77/EEC). However they would only have to register in one Member State, which they can choose (Article 1(5) of the Directive). Non-EU businesses would then charge VAT to consumers at the rate applicable in the Member State of their registration. However non-EU businesses would not add VAT to their bill when dealing with EU business clients who would pay VAT in their own Member State on a self-assessment rules.
One practical issue for businesses is to verify that the recipient is in effect validly VAT registered. The proposed Regulation therefore provides in Article 1(3) that the competent authorities in the Member States must ensure that suppliers are allowed to verify the registration numbers. It is further provided in the proposed Directive that if the supplier has acted with 'all possible diligence normally used in commercial practice' and has verified that his customer is a taxable person, the supplier would not be liable to tax (Article 1(4)(a) of the Directive).
Finally, the proposed Directive provides that tax returns and statements can be delivered electronically (Article 1(5)).
The European institutions have been very pro-active in the issuing of policy documents and legislation regarding e-commerce, covering a very broad range of topics and finely balancing the interests of consumers and business. The Commission has latched on the promotion of e-commerce as an opportunity for the completion of the Internal Market and the removal of existing barriers to trade. By the same token this means that it has had to overcome cultural differences, for example in the different approaches to regulation or in the field of copyright exceptions. However, since all Member States aspire to promote e-commerce it has had a comparatively easier task than in other fields. It can therefore be expected that compromises will be found even in such controversial areas as jurisdiction, distance marketing of financial services and taxation, possibly even before the end of the French Presidency.
[BEUC 1999a] BEUC position paper, BEUC 183/99, 'Consumer Rights in electronic commerce-Jurisdiction and applicable law on cross-border consumer contracts' of 8 October 1999 available at the BEUC website at < http://www.beuc.org/public/papers/pa1999/content.htm>
[BEUC 1999b] BEUC position paper, BEUC/197/99, 'Address by Jim Murray, Director of BEUC (...) to the Forum on E-commerce and Jurisdiction', Brussels 9 September 1999 available at the BEUC website at < http://www.beuc.org/public/papers/pa1999/content.htm>
[Council 2000] Presidency Conclusions of the Lisbon European Council, Rapid Press Release of 28 March 2000, PRES/00/900, available at < http://www.europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=PRES/00/900|0|RAPID&lg= EN>
[DTI 2000] UK Department of Trade and Industry, Consultation Paper of 13 April 2000, available at <http://www.dti.gov.uk/cacp/ca/ecommerce.htm>
[Dumortier J & Van Eecke P 1999] Dumortier, Jos and Van Eecke, Patrick, The European Draft Directive on a Common Framework for Electronic Signatures, in Computer Law & Security Report, Vol. 15, No.2, 1999
[EC 1999a] European Commission, Communication, e-Europe, An Information Society for All, available at < http://europa.eu.int/comm/information_society/eeurope/pdf/com081299_en.pdf>
[EC 1999b] European Commission, Explanatory Memorandum to the Proposal for a Council Regulation on Jurisdiction, COM (1999) 348 final of 14 July 1999, available at < http://www.europa.eu.int/comm/justice_home/pdf/com1999-348-en.pdf>
[EC 2000a] European Commission, Communication, Strategies for Jobs in the Information Society, January 2000, COM (2000) 48 available at < http://europa.eu.int/comm/commissioners/diamantopoulou/infosoc_en.htm>
[EC 2000b] European Commission, e-Europe 2002-An Information Society For All-Action Plan, available on the Information Society DG's website at < http://www.europa.eu.int/comm/information_society/eeurope/actionplan/index_en.htm>
[Julià-Barceló R 2000] Julià-Barceló, Rosa, Liability for On-Line Intermediaries: Comparing EU and U.S. Legal Frameworks, in E-commerce Law and Practice in Europe, Woodhead, 2000 (to be published shortly)
[Julià-Barceló R & Koelman KJ 2000] Julià-Barceló, Rosa and Koelman, Kamiel J., Intermediary Liability in the E-Commerce Directive: so far so good, but it's not enough, Computer Law & Security Report Vol 16 No 4, 2000
2. See Council Press Release of 1 July 2000, Nr 3417/2/00 available on the Council's website
3. See Council Press Release of 1 July 2000, Nr 3417/2/00 available on the Council's website
4. See the Commission Working Paper on the Creation of the .EU Internet toplevel domain, dated 2 February 2000
5. See Rapid Press Release IP/00/601 of 9 June 2000 at <http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=IP/00/601/0/RAPID&lg=EN>
6. Source: Council Press Office, Ms Kaufmann-Bühler, 27 July 2000
7 . See Press Release, Consumer Affairs Council Meeting, 13/4/00, Press:108, Nr 7707/00.
8. Source: Council Consumer Affairs Spokeswoman, Chiara Mantegazzini.
9. See Rapid Press Release IP/00/583 of 7 June 2000
10. This part (Title IV) of the Treaty does not apply to the UK, Ireland and Denmark. However, the UK and Ireland have indicated at the Council Meeting on 12 March 1999 that they would 'opt in'.
11. See Rapid Press Release, IP/00/445, dated 5 May 2000
12. COMDOC (2000) 0333
13. Where the text of a proposal has been politically agreed any Council can formally adopt it, 'A-point' procedure.
15. 1980 Rome Convention on the Law Applicable to Contractual Obligations, entered into force 1 April 1991
16. A 'Rome II' Convention on the law applicable to non-contractual obligations (covering, for example torts) is also being discussed in the Council working groups. However, it is not clear yet how the 'Rome II' Convention would tie in with the law on free movements of goods and free provision of services or the 'country of origin' rule in the Framework Directive.
17. The Commission organised a Public Hearing on these issues on 4 and 5 November 1999 in Brussels.
18. 1968 Brussels Convention on Jurisdiction and Enforcement of Judgements in Civil and Commercial Matters signed on 27 September 1968 and the similar Lugano Convention on Jurisdiction and Enforcement of Judgements in Civil and Commercial Matters signed on 16 September 1988 by the EU Member States and EFTA countries (Austria, Switzerland, Norway, Finland, Sweden and Iceland).
19. Defined in Article 13 as someone concluding the contract for purposes outside his trade or profession
20. Proposal for a Council Regulation on jurisdiction and the recognition and enforcement of judgements in civil and commercial matters
21. The revised wording of Article 13 of the Convention is now contained in Article 15 of the Proposal.
22. It could perhaps be argued that it is also addressed to Germans living abroad.
23. Commission Recommendation 98/257/EC on the Principles Applicable to the Bodies Responsible for Out-of-Court Settlement of Consumer Disputes
24. Article 19 (4); similarly, the Distance Marketing of Financial Services Proposal provides that Member States shall encourage dispute resolution bodies to co-operate in the settlement of cross-border disputes, Article 12a
25. This refers to the situation where the activity is subject to authorisation and/or is regulated by a professional body, e.g. for solicitors in England & Wales, the Law Society. For activities regulated by a professional body the Directive requires details as to the name of the professional body, title of the professional and the Member State where such title has been granted and a reference to the rules applicable to the profession.
26. Article 4 of the Distance Contract Directive. It covers such matters as: identity of the supplier, the main characteristics of the goods or services, price including all taxes and delivery costs, arrangements for performance/payment, existence of a right of withdrawal, the costs of using the means of distance communication, how long the offer is to remain open.
27. Article 3(1) Distance Marketing of Financial Services Proposal. This includes the identity and address of the supplier, a description of the main characteristics of the financial services, price including taxes, arrangement for performance of the contract, duration of the offer, whether the price will vary and how it will be assessed, the existence of the right of withdrawal, information on cancellation and out of court redress procedures etc.
28. Defined as 'any form of communication designed to promote directly or indirectly the goods or services or image of a company, organisation or person...' in Article 2 (f)
29. Although a priori also applicable to business, business parties can contract out of these provisions
32. The Commission has announced to monitor the implementation of the Recommendation and to propose a binding instrument if necessary, see for example Recital 12.
33 . The funds received are immediately exchanged for e-money, Articles 2 (3) and 1 (5) (a) of Directive No 8/2000
34. The latest version is the Council Common Position. However at the time of writing this had not been published. Therefore the text will refer to the Commission's amended Proposal and the Press Releases about the Political Agreement reached in the Council Working Groups.
35. The WIPO Copyright Treaty (on the protection of authors) and the WIPO Phonograms and Performances Treaty (on the protection of performers and phonogram producers). See also Council Press Release of 9 June 2000 No 9273/00 and information available at Internal Market DG Website at < http://www.europa.eu.int/comm/internal_market/en/intprop/intprop/news/index.htm>
36. These rules relate to the integrity of the information and conditions of access. This is to ensure that the cached sites are up to date and subject to the same conditions of access (e.g. payment of a fee) as the original site.
37. Caching is a process whereby certain frequently visited sites are automatically stored on a local server to speed up the transmission. Article 13(1) of the Framework Directive.
38. This is the standard imposed for criminal liability, ie the service provider can only be made liable under criminal law if it actually knew of the illegal material (actual knowledge)
39. This is the standard imposed for civil liability/damages. Here constructive knowledge is sufficient
40. On this issue see for example the discussion in the UK on the Godfrey case where a service provider had been liable for defamation after it had been put on notice: Internet Magazine, July 2000, Computer Law & Security Report, Vol 15 No 4, 1999, p.260.
41. 'supply of services relating to cultural, artistic, sporting, scientific, educational, entertainment or similar activities...', Article 9 (2) (c) of Directive 77/388/EEC
42. Therefore, whereas delivery of music on a CD would be treated as supply of goods, the delivery of the same music by making it available for downloading from the Internet would be treated as a service. This might lead to some market distortion.