| ELECTRONIC COMMERCE |
| |
| EC (Directive 2000/31) Regulations 2003 (SI. No. 68 of 2003) |
| |
| The purpose of the Regulations is to create a legal framework in
Ireland so as to ensure the free movement of information society services
between Ireland and EC & EEA. An Irish service provider who provides
his services in another member state must comply with Irish Law (sometimes
referred to as the “single market principle” or “country
of origin rule”). This does not apply in the following cases
|
| |
| Protection of consumers and investors |
| Prevention or detection of crime |
| National security |
| Protection of minors |
| Protection of public health |
| |
| |
| The Regulations do not apply inter alia to |
| The collection of taxes |
| The representation of a party to legal proceedings |
| Gambling. |
| |
| |
| Definitions |
| |
| “at a distance” means that the parties are not simultaneously
present. |
| “by electronic means" means a service using electronic
equipment. |
| “relevant service” means any service normally provided
for remuneration at a distance by electronic means and at the individual
request of a recipient of the service. |
| “commercial communications” means any form of communication
designed to promote the sale of goods and services. |
| |
| |
| Information must be provided to purchasers |
| (Regulation 7) |
| |
| Similar information must be provided as required under the Distance
Selling Regulations. But in addition to those requirements, a service
provider must provide details of how individuals can register their
choice about receiving or not receiving unsolicited commercial communications.
Failure to comply with these requirements is a criminal offence. |
| |
| |
| Commercial communications |
| (Regulation 9) |
| |
| Commercial communications should be clearly identifiable as such
|
| The person on whose behalf the communication is being made
should be clearly identifiable. |
| Promotional offers, competitions etc should be identified as such.
|
| Failure amounts to an offence. |
| |
| |
| Unsolicited commercial communications. |
| (Regulation 9) |
| |
|
Persons in Ireland sending UCE (unsolicited commercial email) or ‘S’
must ensure that it is identifiable clearly and unambiguously as
such as soon as it is received by the recipient.
|
| Failure to do so amounts to a criminal offence. |
| The Data Protection Commissioner has the responsibility
for enforcement |
| It is recommended that the letters ADV or UCE be included
in the subject line of the email |
| The Dept. is in discussions with the Irish Direct Marketing
Associations about this |
| |
| |
| Conclusion of contracts by electronic
means. |
| (Regulations 13) |
| |
| Prior to an order being placed the service provider
must provide the following information clearly and unambiguously |
| The different technical steps that need to be followed
to conclude the contract |
| Whether the contract will be filed by the relevant
service provider. |
| The technical means for identifying and correcting
input errors prior to entering to placing the order. |
| Languages in which the contract may be concluded. |
| Where the parties are not consumers, they may agree
that the above will not apply. |
| |
| |
| Placing of orders to contracts concluded
by electronic means. |
| (Regulation14) |
| |
| The service provider must provide a receipt of the order
without due delay and by electronic means. |
| |
| |
| Offences: |
| |
| Most offences may be prosecuted by the Director of
Consumer Affairs. |
| €3,000 fine may be imposed on summary conviction
or a term of imprisonment not exceeding 3 months or both. |
| |
| |
| Liability of intermediary service
providers – ‘mere conduit’. |
| (Regulation 16) |
| |
| An intermediary service provider will not be not liable
where they are mere conduit providing they; |
| Do not initiate the transmission |
| Do not select the receiver of the transmission
and
|
| Do not modify the information contained in the transmission. |
| This does not affect the power of any court to make
an order against an intermediary service provider requiring the provider
not to infringe or case to infringe, any legal rights. |
| |
| ISP’s will not be liable for
‘caching’ |
| (Regulation 17) |
| |
| ‘automatic, intermediate and temporary storage
of … information, performed for the sole purpose of making
more efficient the information’s onward transmission to other
recipients of the service upon their request, on condition that’:
|
| The provider does not modify the information |
| Provider complies with conditions on access to the
information. |
| Provider complies with rules on updating the information
(specified in rules used by the industry) |
| Provider does not interfere with the lawful use
of technology.
|
| Provider acts expeditiously to remove or to disable
access to the information it has stored, upon obtaining actual knowledge
of the fact that the information at the source of the transmission
has been removed from the network, or access to it has been disabled
or that a court or an administrative authority has ordered such removal
or disablement |
| |
| |
| Hosting information |
| (Regulation 18) |
| |
| Information society service consisting of storage of
information (hosting) will not be liable providing |
| They do not have actual knowledge of the illegal activity;
or |
| Once they obtain knowledge they act expeditiously to
remove or disable access to the information. |
| However, this does not apply where the recipient of
the service is acting under the authority or the control of the intermediary
service provider. |
| |
| |
| The Electronic Commerce Act, 2000.
|
| |
| Ireland is determined to produce a body of legislation
that will ensure that consumers and businesses will be able to engage
in e-commerce easily and securely. In the main the Electronic Commerce
Act, 2000 does two things, it codifies elements of the existing common
law of contract and it implements much of the EU Directive on e-signatures.
The main provisions of the Act are as follows: |
| |
| Information (such data, writing or other text) cannot
be denied legal effect, validity or enforceability simply because
it is in electronic form (section 9) |
| Where a person is required by law or contract to give
information in writing then, in general, this may be given in electronic
form by e-mail or otherwise. This would include making an application
or request, lodging a claim or return and recording and disseminating
a court order (section 12). |
| Where law or contract requires a person, to sign a
document, then this may be given in electronic form. (section 13).
|
| Contracts may not be denied legal effect simply because
they are in electronic form (section 19). |
| The courts may not deny the admissibility into
evidence of documents, information, communications and contracts
simply because they are in electronic form (section 22). |
| ‘Advanced Electronic Signatures’, such
as public key systems that utilise encryption, may be used for witnessing
signatures or sealing documents (section 14 & 16). |
| If information is required to be kept in its original
form, by law or contract, then it may be kept in electronic form.
This is provided that its integrity and accessibility is assured (section
17) |
| If information is required to be retained or produced,
by law or contract, this may be done in electronic form (section 18).
|
| The Act contains provisions on the dispatch and receipt
of electronic communications (sections 20 & 21). |
| The Act gives the Minister for Public Enterprise power
to prohibit and regulate the registration of the ie domain name within
Ireland (section 31). |
| Defamation law will apply on-line (section 23). |
| Consumer law will apply on-line (section 15). |
| Nobody can be forced to use electronic signatures as
a result of the Acts provisions (section 24). |
| |
| |
| At this point legislation mandating the use of electronic
signatures and contracts is commonplace; the Acts provisions may be
compared to the UK’s legislation on electronic signatures. The
Acts main innovations is that it strenuously protects the privacy
of anyone who uses encryption. The Act plainly states that nothing
in it may be construed as requiring the disclosure or enabling the
seizure of unique data such as codes, passwords, algorithms, private
cryptographic keys or other data. Accessing the signature creation
device of another person and using that device to create an electronic
signature is an offence punishable by up 5 years imprisonment (section
25). The Act also provides that it will not require the disclosure
of codes, passwords, private cryptographic keys or other data (section
28). |
| |
| Certification services are vital to the development
of advanced electronic signatures; the Act provides that prior approval
will not be required before setting up such a service. Although the
Minister may provide a regulatory regime for service providers, this
will be voluntary. Service providers cannot be forced to obey it. |
| |
| In this regard the contrast between Ireland and the
UK’s Regulation of Investigatory Powers Act 2000 (RIPS) is obvious.
It will be interesting to see how Ireland’s E-commerce Act 2000
can be balanced with other legislation such as the Interception of
Postal Packets and Telecommunications Messages Act, 1993. |
| |
| The Electronic Commerce Act 2000 came into force on
the 1st day of September 2000. |
| |
| |
| Relevant sites |
| |
| Directive 2000/31/EC of the European Parliament and
of the Council of 8 June 2000 on certain legal aspects of information
society services, in particular electronic commerce, in the Internal
Market ('Directive on electronic commerce'). Official Journal L 178
, 17/07/2000 P. 0001 – 0016. |
| |
| |
| © Karen Murray2003 |
| |
