#10183 - E Commerce - International Commercial Law

1. Consumer Protection (Distance Selling) Regulations 2000 (CPR)

It applies to B2C.

The intention behind these rules is that the buyer knows exactly what they are getting themselves into when they “sign” in the electronic dotted line. Therefore, the buyer is being protected from nasty surprises about: who is to deliver, who pays for delivery etc.

• Reg. 3: Definitions (Distant Contract)

• Reg. 5:Excepted Contracts (Land Building Financial Services and Auction Contracts)

• Reg. 6(2)(a): Partly Excepted Contracts: Regs 7 to 19 won’t apply to contracts of food, beverages or other goods for everyday consumption

• Reg. 6(2)(b): Partly Excepted Contracts: Regs 7 to 19 won’t apply to contracts for accommodation, transport, catering or leisure

• Reg. 7: Informationprior toconclusion of Contract (Identity, Description of goods, Description of price,Cost of Delivery, Delivery Arrangements, Buyer’s right to withdraw, availability on the stated terms, Cancelation)

2. E-Commerce (EC Directive) Regulations 2002 (ECR)

It applies to both B2B and B2C

It Requires sellers selling on the internet to provide certain information pre-contract information about their:

• Reg.6(1):General information about the seller (name, geographical address, e-mail, registration number or ID, supervisory authority and VAT )

• Reg.6(2):Price List

• Reg.7:Commercial communications (i.e. marketing) information

• Reg.9:Information Prior to Orders being placed by user i.e. prior contract (Technical steps, whether contract will be filled and where, how to correct errors, language, the T&Cs)

Contract Formation

Reg 11(2)(a)The directive requires the online seller to:

• Acknowledge receipt of order quickly (method is not specified so the webpage can be used). Include:

• Rights to cancel the order

• Guarantee

• After sale services

• Geographic address where complaints can be addressed to

• Contractual terms can be stored and reproduced (i.e. downloadable terms)

Reg.12: (Offer and Acceptance) The Customer’s order = Contractual offer. The supplier’s acknowledgement = acceptance. Thus, USEFUL for Keeping out OVERSEAS orders!

Post Contract Issues (based on the Consumer Protection (Distance Selling) Regulations 2000 (CPR))

• CPR s.12(2)A 7 working day cooling-off periodto CANCEL (where consumers can change their mind about the order). This term is very controversial as it gives the consumer wide leeway to cancel.

• CPR s.14(3)A 30 day period to reimburse

• CPR s.19(1)The order must be executed within 30 days

3. Directive on Privacy and Electronic Communications 2003 (PECR)

It applies to both B2B and B2C

It’s about Data protection. It Requires sellers selling on the internet to provide certain pre-contract information about:

• Consent is required for unsolicited advertising

• Provide the recipient with “opt-out” rights

• Marketing/Spam information should identify the person on whose behalf it is sent

• Marketing information should identify any promotional offer including discount, premium or gift

• Marketing Information should identify any conditions that apply (clear and noticeable)

• Regulates the use of cookies (Website should announce the use of cookies and how to opt-out)

DPA 1998 Aims to:

1. Protect info about individuals from being disclosed improperly and to harmonise UK and EU law

2. Allow individuals to access information held about them

DATA PROTECTION APPROACH:

‘data controller’ means . . . a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which personal data are, or are to be, processed;

‘personal data’ means data which relate to a living individual who can be identified—

(a) from those data, or

(b) from those data & other info which is in the possession of, or is likely to come into the

possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of thedata controller or any other person in respect of the individual;

‘processing’, in relation to information or data, means obtaining, recording or holding theinformation or data or carrying out any operation or set of operations on the information or data,including—

(a) organisation, adaptation or alteration of the information or data,

(b) retrieval, consultation or use of the information or data,

(c) disclosure of the info or data by transmission, dissemination or otherwise makingavailable, or

(d) alignment, combination, blocking, erasure or destruction of the information or data;

‘data subject’ means an individual who is the subject of personal data.

1. Does the DPA apply?

2. If DPA applies = DATA Controller must be registered with the Info. Commissioner:

DPA ’98 s.17, the obligation to register arises before the controller begins 'processing' personal data. By s. 1, 'processing' includes obtaining the data.

There are exemptions from the requirement to register. They include where data is processed solely for marketing purposes and where it is used solely for the purposes of business accounts and records. Controller may therefore be able to avoid the need to register. It still needs to comply with the Act's other requirements. (No need to worry about rest of exemptions)

3. Apply the 8 Principles – ¿Which are relevant on the facts?

DPA 199 Sch 1 state that data must be:

1. fairly and lawfully processed; If under Sch 2:the info has been obtained with consent or for any of the legal/public interest reasons for processing the info in question.

2. processed for limited purposes;

3. adequate, relevant and not excessive;

4. accurate and up-to-date;

5. not kept longer than necessary;

6. processed in accordance with the individual’s rights;Main rights include:

s.7: Right to subject access = individual can request data controller, in writing, whether any personal data is being processed, its purpose, and to whom it is being disclosed

s.10: The right to prevent processing likely to cause damage or distress

s.11: the right to prevent processing for purposes of direct marketing= in writing request to cease or not begin, any processing outside the authorised purpose by individual

s.13: the right to compensation

s.14: the right to rectification, blocking, erasure and destruction

s.42: the right to ask the commissioner to assess whether the act has been contravened.

7. secure; and

8. not transferred to countries outside EEA unless country has adequate protection for individual.

4. ¿is there Direct Marketing? If so apply PECR 2003 Reg. 22 & 23

Reg.22: Use of e-mail for direct marketing purposes

Reg.23: Use of e-mail for direct marketing purposes where identity or address of sender is concealed

5. Consequences of Breach

• Enforcement Notice served by the Information Commissioner

• Backed up by...