E-Commerce Law:Introduction to CourseMaster of Laws

Emily M. Weitzenböck

Norwegian Research Centre

for Computers & Law

30th January 2007

Programme for Seminar

•Overview of the course:

–Contract and intermediary liability (topics 1-5)

–Security and cyberspace (topics 6-8)

–Private international law & self-regulation (topics 9-11)

Issues

•From closed to open systems

•Deterritorialisation - “death of distance”

•Dematerialisation

•Detemporalisation of the law - speed of Internet communication

•Depersonalisation - identification in the digital world

From closed to open systems

•From communication over closed systems (ETDI, EDI) to communication over an open network (i.e. Internet)

•EDI has 3 basic requirements:

–a transaction message standard

–translation sofware

–communications

•Standards re EDI message structure:

–UN/EDIFACT

–ANSI ASC X.12

EDI (1)

•Legal issues raised by EDI:

–between the user and the network provider(s)

»Responsibilities of the network provider:
•message sent in the correct format and protocol
•safeguard message integrity
•ensuring message sent to the recipient
•confidentiality of the message

–between the users themselves

»Distinguish between the communication itself and the underlying commercial transaction (e.g. Sale of goods) which is entered into using that communication process

EDI (2)

•EDI Contracts:

–subscription to a set of previously agreed contracts:

»Interchange Agreements
•“writing”, “signed”
»Connection Agreements
•Use of VAN services
•Regulates the rights and obligations of users and intermediaries with regards to technical requirements and legal issues
»Support Agreements
•sub-contracts resulting from Interchange or Connection Agreements, e.g. To deliver hardware, software, maintenance, security services, etc.

EDI (3)

•European Model EDI Agreement

•US Model Trading Partner Agreement (ABA, 1990)

•UK EDI Association Standard EDI Agreement

•UNCID Rules - Uniform rules of conduct for the interchange of trade data by teletransmission

The Internet

•A public international network of networks

•Role of:

–IETF

–ICANN

–W3C

•3 layers:

–physical infrastructure

–service infrastructure

–user level - e-commerce

Deterritorialisation (1)

•Notions of “place”, “distance” blurred …

–ICT enables businesses and individuals to have access to goods and services in a wider market, irrespective of geographical boundaries

–Where the parties to a dispute are based in different jurisdictions, the dispute is deemed to have an international character

»private international law issues (jurisdiction, choice of law, enforcement of judgements)

•Law is essentially territorial; in international contracts:

–choice of forum & choice of law clauses

•What happens when there has been no express choice of forum or of law? What about tort claims?

–Where is “where” on the Internet?

Deterritorialisation (2)

•Jurisdiction: Traditional approach: apply a state’s national laws only to activities undertaken within the state, e.g.

–place of delivery of products sold

–place where services performed

–place where purchaser took steps towards concluding a contract

–whether the supplier targeted the jurisdiction in question

•Issues:

–Physical delivery vs. Digital delivery

–Goods vs. services

•How are these to be applied re online services?

Deterritorialisation (3)

•National law provisions, international & regional conventions

–Domicile

»EU Jurisdiction Regulation, Lugano Convention, etc.

•Another alternative

–“country of origin” rule

»Article 3, E-Commerce Directive

Deterritorialisation (4)

•Criterion of domicile re jurisdiction:

–Where should one sue?

»E.g. Jurisdiction Regulation, Art. 2: A person shall be sued in the courts of the place where such person is domiciled.

–Where to sue is linked to whom one should sue.

»E.g. Regulation, Art. 60: In respect of a company, other legal person or association of natural or legal persons, domicile is the place where it has either:
•(a) its statutory seat or
•(b) its central administration or
•(c) its principal place of business.

•In tort:

–in the courts for the place where the harmful event occurred (Brussels & Lugano, Art 5(3)) …

–… or may occur (Jurisdiction Regulation, Art. 5(3)

Deterritorialisation (5)

•When the forum is selected, which is the applicable law?

–Rules of the lex fori

–International or regional treaties/conventions

»1980 Rome Convention
»1955 Hague Convention
»1980 CISG

–rule of the closest connection to the contract (default Rome)

–rule of the most significant relationship to the contract (US, UCC s. 2B-108)

–etc.

Dematerialisation (1)

•Paperless communication

–original & copies

»UNCITRAL Model Law on Electronic Commerce, Art. 8

–signature

»UNCITRAL Model Law on Electronic Commerce, Art. 7

»EU Electronic Signatures Directive

–writing

»UNCITRAL Model Law on Electronic Commerce, Art. 6

Dematerialisation (2)

•Authentication:

–contents of a record have remained unchanged

–the information in the record does in fact originate from its purported source

–extraneous information (e.g. Date of record) is correct

•Authentication provisions in contracts between parties (e.g. EDI type clauses)

•Authentication through trusted third parties

•Cryptography

–confidentiality of message (encryption)

–authentication of sender (digital signature)

Dematerialisation (3)

•Admissibility:

–Traditional rules, e.g. Best evidence rule, requirement for originals, etc.

–E-Commerce Directive, Art. 9

–UNCITRAL Model Law on Electronic Commerce, Art. 8

Detemporalisation

•Detemporalisation of the law

–Speed of Internet communication

–“Warning” function of physical signature (Hoeren)

–Consumer protection

»right to withdrawal from contract within a certain period

»duty to inform consumer of such right

Depersonalisation

•“On the Internet, nobody knows you’re a dog …”§

•Problems with identification in the digital world e.g. Privacy & data protection

•New ways of structuring organisations, e.g. Virtual organisations

Contract and intermediary liability

•Contract

–electronic and web contracting

–contracting via electronic agents

–IT contracts

•IT & new ways of doing business

•Liability of online intermediaries

–E-Commerce Directive

–U.S. DMCA

Electronic payment

•Electronic payment systems

–From tangible cash to electronic payment systems to digital cash payment systems

–What is digital cash?

•Contractual relationship between the issuer of electronic money and the consumer

Need for security in an open network

•Statutory obligation: Examples:

–EU Data Protection Directive (Article 17)

»duty of security on the data controller

»problems re transborder data flows outside the EU: What is ”adequate level of protection”

–Safe Harbor Privacy Principles

–Intellectual property legislation

»European Patent Convention

–Trade secret laws

»NAFTA, TRIPs Agreement

•Contractual obligation

–Confidentiality clause

Mechanisms to ensure security (1)

•Legal mechanisms

–Confidentiality clause

»damages (e.g. Preliquidated damages)

•Technical & organisational measures

–Protection from the outside world

»Risks: hacking, virus, industrial espionage, fraud, etc.

»Measures: firewalls, passwords

–Protection in the outside world

»Risks: espionage, fraud, etc.

»Measures: Cryptography, digital signatures, privacy enhancing technologies (PETs)

Mechanisms to ensure security (2)

•Need to ensure trust

•Encryption

»private and public key encryption

»electronic signatures

»legal framework

•TTP services

–certification

–legal framework

Computer crime

•Cybercrime

–“traditional crimes” in new medium, e.g. fraud, forgery, blackmail

–computer crimes, e.g. hacking, virus, etc.

•Cybercrime Convention

–Offences against the confidentiality, integrity and availability of computer data and systems

–Computer-related offences

–Content-related offences

–Offences related to infringements of copyrightand related rights

PIL and Self-regulation

•Deterritorialisation issues

•Self-regulation

–Netiquette

–Voluntary schemes: codes of practice, codes of conduct, etc.

–Trust marks

–Problems of enforceability?

•ADR and ODR schemes

Links

•2003 First Commission Report on the implementation of the E-Commerce Directive: