Drastic sanctions announced for breach of the new e-Commerce rules

The UK's DTI has published Regulations to implement the e-Commerce Directive. There are penalties for companies that fail to comply

After months of anticipation, the DTI finally published draft Regulations to implement the e-Commerce Directive on 7th March. The Electronic Commerce (EC Directive) Regulations 2002 (the "Regulations") are expected to come into force some time in the Summer. Businesses have until 2nd May to submit final comments to the DTI, although realistically there i-s now only limited scope to lobby for amendments. Although there were a few surprises in the draft rules, what is new is that the sanctions for non-compliance with the Regulations have now been set. Of most significance is the fact that e-tailers will risk giving customers the right to cancel online orders and demand a refund "at any time" if they fail to provide certain contractual information on their websites. Even non-transactional sites must make available to users a raft of new information or risk being forced by trading standards or consumer bodies to amend their sites, on pain of criminal penalties. Because the information requirements will entail textual -- and in many cases structural -- coding changes to websites and mobile and interactive applications, businesses should address a number of issues now to ensure they avoid such sanctions when the Regulations come into force. The main areas which businesses need to consider are highlighted below. New information requirements for all sites: all commercial sites (whether transactional or not) on the web, interactive TV (iTV) or mobile platforms must provide certain minimum information about the supplier, its products and services. If the requisite information is not provided to users "easily, directly and permanently", trading standards or consumer bodies could apply to the courts for a "Stop Now Order" to force the site owner to amend its site, or face criminal penalties. Essential information for transactional sites: the basic details about the supplier, its products and services will need to be supplemented by a raft of new information related to the ordering process (including providing details of the technical steps a customer will need to go through to conclude a contract), the contract and whether or not a customer will be able to access the concluded contract. The customer must also be given the means to identify and correct input errors prior to placing the order and the supplier must acknowledge receipt of the order "without undue delay". If certain of these requirements are not met, the consumer will be entitled to rescind the contract at any time and obtain a refund. The practical effect of this is to greatly enhance consumers' online rights compared to those enjoyed in the non online world and to extend even further the rights conferred by the Distance Selling Regulations under which the customer's option of walking away only lasts for a limited period. Businesses, many of which have yet to get to grips with distance selling obligations, now have yet another set of rules to digest. These obligations apply to B2B (business to business) as well as B2C (business to consumer) transactions, although in a B2B context it is possible to contract out of some (but not all) of these provisions. E-mail and SMS: to the extent it makes use of e-mails (or SMS) as a marketing tool, a business should also be reviewing its procedures to ensure compliance with the Regulations. All "commercial communications", i.e. all marketing and promotional e-mails (whether solicited or unsolicited) will need to be clearly identifiable as such and identify the person on whose behalf they are sent. Additionally, promotional offers, games and competitions must set out the specific terms and conditions governing qualification and participation criteria in an easily accessible, clear and unambiguous way. There are also new provisions to regulate unsolicited e-mails (which will be supplemented in due course by further EU legislation on electronic communications in the form of the Communications Data Protection Directive). Interactive television and mobile platforms: the requirements outlined above will apply equally to iTV and mobile applications. However, disappointingly, the Regulations themselves do not address the difficult issue of how suppliers should provide the requisite information within the technical constraints of such platforms. The DTI has issued some interim guidance which suggests that compliance may be achieved by making the requisite information accessible on another service, for example a website. (It should be noted that this guidance, does not, however, have any legal force, and the approach to enforcing the new rules taken by those responsible for enforcement - who do not include the DTI - remains to be seen.) Service providers' liability for third party content: the Directive also addresses the issue of service providers' liability for third party content. The new Regulations will provide intermediaries with a specific defence to criminal liability, but this is subject to the service provider having "actual knowledge" that the content in question was illegal and "acting expeditiously" to remove it. Despite intense lobbying for clarification of these terms, neither the Regulations nor the DTI Guidance sheds any further light on what exactly is meant by "actual notice" or "acting expeditiously". Clarification of these issues is really only likely to emerge in the form of "notice and takedown" schemes when (or indeed if) these are developed either for specific industries or across industries on a UK or Europe-wide scale. Country of origin principle: as was widely expected, the Regulations confirm the need for businesses providing services across borders within the EU to comply with the laws of their home state and put the onus on local enforcement authorities to monitor the application of the principle. Additionally, the Regulations make it quite clear that restricting suppliers in other EU countries from supplying online, web based or mobile services into the UK is prohibited. However, an opportunity was missed to clarify the approach to determine the country of establishment for businesses based outside the EU but which are established in one or more EU countries. There are, of course, some significant derogations from this principle, particularly in relation to consumer protection. Businesses will want to ensure that any such derogations are proportionate and balance the needs of both businesses and consumers otherwise the benefits to businesses of the country of origin principle will be significantly diluted. Treasury and FSA consultations: both the Treasury and the FSA have issued consultation papers on the impact of the e-Commerce Directive in the financial services sector. For more detailed analysis on the consultation papers see elsewhere on this site. As mentioned above, businesses have until 2nd May to comment on the Regulations. This is a useful opportunity to seek further clarification on a number of issues which the DTI Guidance has so far failed to address fully. For example, the uncertainty posed by the Regulations in clearly defining what is meant by acknowledging receipt "without due delay" or providing information "easily, directly and permanently" and other similar terms liberally used in the Regulations leaves the interpretation of such terms in the hands of a court. Given the serious nature of the sanctions for breaching these rules, businesses need even clearer guidance on what they need to do to comply.

For more information email the authors or visit Olswang. Have your say instantly, and see what others have said. Go to the Tech Update forum. Let the editors know what you think in the Mailroom. The information contained in this bulletin is intended as a general overview of the subjects featured and detailed specialist advice should always be taken before taking or refraining from taking any action.