 Content summary: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Topics: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Key Contacts: |
|
|
|
|
|
|
|
|
DTI Consultation on Implementation of the Directive on Electronic Commerce (2000/31/ec) Summary of Responses
Introduction
General Overview
Scope and Definitions
Country of Origin Regulation
General Information to be Provided
Unsolicited Commercial Communications
Treatment of Electronic Contracts
Liability of Intermediary Service Providers - "Mere Conduit" and "Caching"
Liability of Intermediary Service Providers - "Hosting"
Monitoring
Out-of-Court Dispute Settlement
Costs and Benefits
Other Points
Introduction
There were 94 responses, as follows: 26 from trade associations mainly representing content providers, and 5 from content providers themselves; 13 from internet service providers (ISPs) or their trade association, and communications companies; 9 from the public sector, including agencies or regulators; 8 from IT and related companies; 7 from lawyers or their professional bodies; 6 from consumer bodies; 6 from individuals; 4 from the finance and banking sector; 3 from broadcasters; and 7 from other business or professional associations.
Most respondents commented on a 'per topic' or 'per article' (of the Directive) basis, rather than answering the specific questions posed in the consultation document. Few addressed every topic, and many confined themselves to just one or two. Although the consultation document focused on implementing the Directive in UK law, many comments were aimed at the text of the Directive itself.
After a general overview, the responses on each topic are summarised. Because opinions on most issues represented several shades of grey rather than black or white, a purely quantitative approach would be difficult and potentially misleading.
General overview
The Directive and the consultation were generally welcomed as likely to lead to a more coherent framework for the provision of information society services across Europe, and therefore to the growth of e-commerce.
The clearest view emerging from the consultation is support for the 'country of origin' regulatory principle. This support was often coupled with a call for vigilance by HMG and the Commission in preventing more than a bare minimum of exclusions and derogations by Member States.
There was also general approval for the 'light touch' approach favoured by the consultation document. Examples cited were the flexibility envisaged in implementing the Directive's requirements on the provision of information and the treatment of electronic contracts, and the favouring of self-regulation where possible.
The most contentious issue is how to implement the Directive's provisions on limiting the liability of intermediary service providers. In particular there were strongly held views across a wide spectrum on whether 'notice and takedown' procedures should be implemented by industry self-regulation codes, or by statutory regulations, or some combination of both.
There were also strongly held and conflicting views on unsolicited commercial communications. Most of them were in favour of opt-out, but a minority were for more stringent measures. There was some disagreement on how such communications should be identifiable.
Scope and definitions
Vodafone and others were concerned that although the Directive appears to cover activities carried out over mobile phones (in particular third generation ones), the wording was almost entirely aimed at 'full screen'-based systems.
Similarly ITV was concerned that the wording seemed to be aimed at systems where the end-user had a PC/internet connection, whereas it expected many future systems to be delivered over digital television: they (and others) pleaded for co-ordination and regulatory consistency between this Directive and those concerned with broadcasting and television. ITN emphasised the overlap with the TV Without Frontiers Directive, calling for common definitions, scope and wording where possible in the implementation. The British Retail Consortium also asked for common terminology with the Distance Selling Regulations.
There was a strong plea from the Information Commissioner that the regulations should define what constitutes an 'information society service'—and in as technologically neutral a manner as possible. British Music Rights wanted it defined as broadly as possible, with the term 'remuneration' in recital 17 of the Directive construed so as to include all forms of consideration. Consignia and others sought clarification on the question of hybrid services—those involving both off-line and on-line elements.
Olswang noted difficulties over the country of establishment for companies operating in several countries. They proposed implementation on the basis that where a service provider is established only in a country or countries outside the EU/EEA the Directive does not apply, but that where it has places of establishment both within and outside the EEA only those in the EEA will be considered when determining where it has its centre of activities relating to its EEA services.
The Civil Aviation Authority and other travel-related bodies feared that if the Directive were implemented to include the sale of travel, EU-based operators would be able to sell travel in the UK without holding a UK ATOL licence, but would not be able to supply it. To avoid causing confusion for travel customers and impairing consumer protection, they called for an implementation to exclude travel.
Similarly ICSTIS (the Independent Committee for the Supervision of Standards of Telephone Information Services) wished to ensure that consumers continue to be properly protected from services which are deceptive or contain inappropriate content.
Country-of-origin regulation
Almost all of the 40+ respondents who addressed this issue strongly favoured country-of-origin regulation. Many enthusiastically rehearsed the arguments for it, quoting with approval the Directive's recitals, the consultation paper's restatement of them, and the Commission's backing for the approach. The main point made was that it would be difficult, costly, or even impossible for a service provider to adhere to 15 or more national laws or sets of regulations. 'Host state' regulation would cause legal uncertainty and act as a barrier to market entry, particularly for SMEs, and would thus stifle the growth of e-commerce, effectively restricting the free movement of goods and services. This in turn would deprive consumers of choice and the other benefits of real competition.
Many coupled their support for country of origin regulation with opposition to any extension at all to the exceptions and derogations. They argued for the narrowest possible use and interpretation of the derogations by Member States, including the UK. In particular, respondents wanted to prevent the derogation on 'contractual obligations concerning consumer contracts' being applied to pre-contractual matters, or to any aspects of consumer protection other than contractual obligations.
Reservations were, however, expressed by the National Consumer Council (NCC), LACOTS (the Local Authorities Coordinating body on Food and Trading Standards), and Freshfields Bruckhaus Deringer. They were concerned that UK consumers could lose valuable protections under existing UK law, and would as a result avoid on-line cross-border transactions. While acknowledging the Directive's stance on country of origin regulation, they called for HMG to use the available derogations to the extent possible to protect UK consumers. They also urged HMG to engage in a consumer awareness and education programme to highlight the issue and illustrate the levels of protection in other EU countries.
The Mail Order Traders Association recognised that they could be disadvantaged by foreign retailers being able to sell to UK customers while complying with their own country's laws and regulations rather than, for example, the UK's Consumer Credit Act legislation. However they concluded that the overall benefits of country of origin regulation substantially outweigh that. BSkyB reached a similar conclusion.
10 respondents raised the issue of the relationship between the country of origin principle and private international law. All of them wanted the country of origin provisions to override private international law rules that determine applicable law in the event of conflict. Most were confident that the Directive requires this apart from the specific derogations. However the CBI, ICC and others were concerned over what they saw as the hesitant wording of the consultation paper, and possible conflicts with the forthcoming proposals from the Commission for a 'Rome II' regulation based on the Rome Convention, or with the draft convention of the Hague Conference on Private International Law.
Derogation on grounds of copyright protection was seen as particularly important by the British Phonographic Industry, and the DTI was urged to expressly affirm in the implementing regulations that the Directive does not diminish copyright owners' rights and remedies against foreign 'pirate' offerings.
General information to be provided
Among the 20+ responses on the subject, there was general support for not specifying the form in which the required information should be provided. Flexibility in the way websites are laid out and accessed was seen as important. Whilst it was largely accepted that information should be available to service recipients in an easily and directly accessible form, some made the point that the Directive's phrase 'permanently accessible' should not be interpreted too literally—to cater for occasional and inevitable interruptions of service, website maintenance and updating, etc.
However there was some surprise at the detailed information requirements in the Directive, and both surprise and scepticism at some of those in the already implemented Consumer Protection (Distance Selling) Regulations 2000. Examples were the requirements to state how long an offer or price remains valid, and to provide membership of professional or other bodies (to whose details and rules the service provider should refer or link).
Several respondents pointed to some purely practical considerations. Commercial SMS messaging was frequently mentioned, with its limit of 160 characters for the entire message imposing obvious constraints on any requirement to provide the information 'up front', rather than separately. Other examples were WAP phones, and web advertisements and links—where it was seen as essential that the implementation should not prevent making the information accessible after 'clicking through' rather than before. To ensure future-proofing in implementing this part of the Directive, respondents wanted a technologically neutral way of allowing for the practicalities of information provision.
The Interactive Media Retail Group (IMRG) saw both the information and contract requirements of the Directive as potentially very expensive for electronic retailers. In this context they particularly cited interactive TV, and asked for sensitive implementation generally.
Unsolicited commercial communications
A large majority of the 30+ respondents on this issue broadly favoured opt-out. They agreed with HMG's view that the suggested 'harmonised opt-in' is a disproportionate response to the problems of unsolicited commercial communications. They cited barriers to entry (particularly for SMEs), and excessive cost compared to any real benefits for consumers. There was explicit support for the approach adopted in the committee report to the European Parliament at the first reading of the proposed Directive concerning the processing of personal data and the protection of privacy in the electronic communications sector ('the Cappato report')—under which each member state could implement its own policy on the opt-in / opt-out issue.
NCC and LACOTS expressed support for opt-in, and for the Commission's approach in the proposed Directive. Thus supported the European Parliament's proposed amendment 34 to it, with emphasis on the potential recipient being given a clear opportunity (when their data is collected) to avoid further mail, or the existing customer being able to stop further messages easily. The Information Commissioner (among others) suggesting waiting for the proposed Directive's outcome. She favours obtaining a positive indication of the individual's wishes, typically by posing a question requiring a Yes or No answer.
On the mechanics of opt-out, respondents in general favoured codes of conduct, for example to indicate how many opt-out registers they should consult, which ones, how frequently, and the extent to which specific consent can override a register entry. Some Government involvement in encouraging and specifying these codes and registers was expected.
The eMail Marketing Association (eMMa) supported a hybrid scheme (as in its own code of practice) requiring opt-out for marketing emails from the organisation that originally collected the email address, but an explicit opt-in if it wants to pass on the address to a third party, permission to be obtained at the point of data collection. In order to promote transparency and accountability, eMMa (and others) would insist on each email identifying the list owner and containing an 'unsubscribe' facility.
The British Market Research Association, in conjunction with The Market Research Society, asked that survey research conducted by e-mail, where the responses would be anonymised or passed on only with the explicit consent of the individual and for the purposes of market research, should be exempt from the requirement to screen against any email opt-out register; this position would be consistent with the Data Protection Act 1998 requirements on screening against the TPS and the FPS.
Many responses evidenced the great frustration felt at the intractable nature of this whole issue, and the extent to which it seems to dominate public perception of advertising e-mail. Many highlighted 'spam' (bulk unsolicited e-mails, using addresses unscrupulously 'harvested' without any regard to data privacy laws) as the basic problem, rather than more targeted commercial mailing. There was agreement that spam is growing, and is not limited to individuals: Xi Software (an SME) said it had received 6,900 in two weeks.
Virtually all of such spam is from outside the EEA, and a common view was that nothing in the Directive or any country's implementation of it will reduce the levels. Some claimed that opt-out registers were useless and even counter-productive, as unscrupulous spammers harvest the registers for active email addresses.
Several saw the only workable solution as a technical one—better filtering by ISPs at source, with more robust action by them against the instigators. Individuals in particular strongly urged the Government to 'do something about spam'. And it was argued by AOL, the Periodical Publishers Association, the Directory and Database Publishers Association, Brightmail and others, that spam be treated as different from other unsolicited commercial communications, and the spam issue separated from that of 'opt-out versus opt-in'.
Hutchison 3G UK Limited assumed that a welcome message routinely sent to roaming customers, introducing them to the local network and setting out useful contact numbers, would not be a commercial communication as it would constitute "information allowing direct access to the activity of the company" within the meaning of Article 3(f) of the Directive.
On the Directive's requirement that any unsolicited commercial communication shall be identifiable clearly and unambiguously as soon as it is received by the recipient, there was some disagreement on whether the implementing regulations should require a standard form of such identification, so that the recipients and ISPs can more easily recognise (and/or automatically filter) them. The Information Commissioner, Energis and Thus (the latter both ISPs) favoured this, but on balance the consensus was that specifying a label would be too prescriptive and could restrict legitimate commercial / entrepreneurial creativity and scope.
Treatment of electronic contracts
More than 30 respondents commented on articles 9, 10 and 11.
There were renewed pleas for HMG to move faster on eliminating requirements for writing etc from existing statute and common law. It was suggested by the Alliance for Electronic Business and others that the order-making power given by s.8 of the Electronic Communications Act 2000 would not implement article 9 of this Directive and that a general enabling of electronic writing etc (with a few specific 'carve-outs') is required. There were specific requests for orders under that Act in respect of the Consumer Credit Act 1974 and some associated Regulations, the 1997 Trading Schemes Regulations, and certain 1989 Copyright Regulations. On the other hand British Music Rights requested preservation of the need for writing in certain sections of the Copyright Design and Patents Act 1988.
There was great emphasis that articles 10 and 11 do not, and should not be taken to, affect legal requirements for contract formation. Any failure to comply, it was urged, should at the most render a contract voidable by the customer for a certain period of time; alternatively, sanctions should be proportionate to any harm done.
Cable & Wireless and others interpret articles 10 and 11 as only applying to contracts concluded on-line and not to contracts whose final stages are negotiated individually off-line.
The majority of respondents agreed that 'without undue delay' is an adequate requirement for acknowledgement of receipt of a customer's order, although the NCC preferred 'immediate'. Many wanted it made explicit that service delivery itself (for example of a requested SMS message or information service via WAP) would normally be considered acknowledgement, and in this respect Consignia asked for recital 34 to be specifically incorporated into the UK implementation.
On the timing of any deemed receipt of order and/or acknowledgement of it (article 11.1), ISPs and others wanted as much technological neutrality as possible in the implementation. However they were concerned to ensure that once an order or acknowledgement had been sent, any technical failures or inabilities to access it that were outside their control should not be considered a breach. There were several requests for a general rule that receipt should be deemed to occur at most 48 hours after sending.
On the question of whether email is an acceptable way of sending a storable and reproducible form, LACOTS and others raised the problem that the consumer could be using a 'CyberCafé' or similar for which this form of communication could be unsuitable. Several respondents said that email should not be the only way of fulfilling the requirement in article 10 paragraph 3, for example citing the availability of a downloadable document on a website as a possible alternative.
Codes of conduct were generally favoured in implementing requirements on contract information and acknowledgement of order.
Liability of intermediary service providers—'mere conduit' and 'caching'
Many of the 20+ respondents who covered this aspect wanted the exact copying of the liability exemptions for 'mere conduit' and 'caching' (articles 12 and 13) into UK law, to preserve the delicate balance struck in the Directive. It was noted however that they would be dependent on industry codes of practice, for example to interpret 'modifying' in such a way that it does not include protocol transformations or the addition of message headers, etc. Bolero gave examples of automated processes demanded of it by its customers, applied to each message, that it felt should still not amount to 'modifying' for this purpose.
Another example of the need for codes was to determine what practices are 'widely recognised and used by the industry'.
ISPA (the Internet Service Providers Association in the UK), Yahoo! and others made a strong plea that the provision of linking and location tools, typically hyperlinks to web sites, should attract similar exemptions from liability, and could and should be legitimately incorporated into the implementing Regulations.
Consignia asked that certification service providers be included in the ambit of article 12.
Vodafone asked that telecommunications companies should also be able to benefit, citing the example of converting a voice message to text, or vice versa, which would probably involve caching.
Liability of intermediary service providers—'hosting'
There were conflicting views among the 50+ responses on the various aspects of the 'hosting' exemption. Most wanted more clarity and definition—particularly on what would constitute 'actual knowledge' or 'awareness', but again some wanted direct copying of this liability exemption (article 14) into UK law. One response (from Justin Rushbrooke, a barrister) explicitly saw no difficulty in leaving the courts free to give the words 'actual knowledge' their normal meaning as far as knowledge on the part of an ISP that a complaint had been made was concerned but observed that the wording of the Directive posed difficulties of interpretation on the question of what it was that the ISP had to have knowledge of as far as the unlawfulness of the material was concerned.
The biggest single stumbling block was perceived to be the difficulty of imposing upon ISPs etc the task of deciding whether some content on their service is illegal or not. Neither they nor the content providers were happy if this involved ISPs acting as 'judge and jury' to decide what could be complex legal issues of libel, copyright infringement, etc. Thus and Verizon described receiving daily complaints about material on their servers, some of them computer-generated and many turning out to be malicious or false.
There were nearly 50 comments on the question of a 'notice and takedown' procedure, and a large majority wanted an industry code to define the procedure. Just under a third of these (including ISPA) asked for some sort of statutory backing for such an industry code, and others felt the Government should take reserve powers to impose a statutory scheme if necessary. It was seen as essential that both rights-holders and service providers should participate in the drafting of any such code.
Four respondents favoured a completely statutory regime for 'notice and takedown', and did not want the Government to wait for the Commission review of the Directive in 2003. One argument was that industry codes could be inappropriate in principle where three parties (typically ISP, content provider, and complainant aggrieved by the content) are asserting conflicting rights, or where one of them (the ISP) is in the position of adjudicating between the conflicting rights of the other two.
Several respondents went into detail on what a 'notice and takedown' procedure (with or without statutory backing) should consist of. Most wanted a standard form of notice, to be delivered in writing or electronic equivalent to a well-publicised designated point in the service provider's organisation. Some wanted an independent intermediary body or bodies to broker such notices, and/or relieve the ISPs of the need to adjudicate, but two respondents were strongly opposed to this. IWF and Rightswatch were both referred to favourably.
In the case of claims of copyright infringement, several respondents cited the US Digital Millennium Copyright Act as a model. Requirements for a notice were said to include the identity of the complainant, their legitimate interest, unambiguous pointers to both the infringing and the infringed material, a formal claim in good faith that the infringing material is not authorised, and a formal claim of the correctness of the notice.
In the case of claims of libel, Olswang proposed a model in which a notice must come from the subject of the claimed libel and would contain identity, pointer to the material, and a formal claim of good faith and accuracy of the notice. The ISP must then take down the material if it is defamatory (without enquiring into possible defences such as truth), and notify the content provider that it has done so; then if the provider wishes the ISP to reinstate the material they must serve a counter-notice containing their full identity and an undertaking to defend any action in court.
There were requests for other forms of illegality to be approached in similar ways, though most people favoured a faster and more robust procedure on potentially illegal pornographic material.
For ISPs (and Olswang) it was a fundamental requirement of any such procedures or codes that in effect they should define a 'safe harbour'. In other words ISPs should not be liable for either wrongful takedown or wrongful non-takedown if they have followed them in good faith.
The Motion Picture Association (MPA), while generally accepting the compromise achieved in the liability provisions in the Directive, emphasised the importance of court injunctions to stop and prevent illegality. They wanted them available fast, and ex parte.
An information society service provider expressed concern about potential abuse of ex parte injunctions and proposed that legislation be implemented that would limit their application to narrowly defined circumstances.
Thus made the technical drafting point that since gambling etc is excluded from the scope of the Directive, it would be helpful to make clear in the implementing regulations that this exclusion does not prejudice the liability exemptions in articles 12 to 15. In other words, the liability exemptions should still apply even though the service hosted (or the information cached or going through the 'mere conduit') relates to an excluded activity.
Monitoring
While the 'no general obligation to monitor' rule was welcomed, particularly by ISPs, there was also a call to prevent individuals from seeking specific monitoring orders, for example to prevent future breaches of copyright etc. However the MPA favoured the possibility of specific monitoring where some future illegality is reasonably suspected, citing recitals 47 and 48.
Out-of-court dispute settlement
There was general consensus among the 20+ responses to this question that alternative dispute resolution methods should be encouraged. Caveats included: that they must not become compulsory or rule out recourse to the courts (NCC); on the other hand that they should not result in ISPs etc becoming subject to 'double jeopardy' (ntl); and that more certainty was needed under the Unfair Terms in Consumer Contracts Regulations 1999 as to whether out-of-court settlement clauses can be relied on in consumer contracts (BT).
Costs and benefits
With one exception there was no detailed comment on the consultation document's Draft Partial Regulatory Impact Assessment, though some respondents acknowledged that there would be costs involved in amending websites and introducing new procedures. Benefits were also referred to generally, and where comparisons were made they outweighed the costs.
The exception was the IMRG, which provided cost estimates ranging from £180,000 for the 2,500 largest UK companies to £3,000 for involved SMEs.
Other points
Two respondents, including the National Library for the Blind, wanted HMG to foster social inclusion by requiring information society service providers to take reasonable steps to make their services accessible to the blind and other disabled people.
One respondent preferred the title 'The Electronic Commerce Regulations' as being more straightforward than 'The Information Society Services Regulations'.
|
|
|
|
