E-COMMERCE - Law and order
Trading over the internet is not as simple as it sounds - transactions are fraught with legal difficulties which can cause problems for vendors and customers alike. It's vital that businesses work out a code of practice before online ordering wins the confidence of consumers.
E-commerce is many things to many people. A simple definition is thens are fraught with legal difficulties which can cause problems for vendors and customers alike. It's vital that businesses work out a code of practice before online ordering wins the confidence of consumers. conducting of business over the internet. The Net is seen as delivering a long-held panacea for many companies, giving customers direct access to its products from their own premises, without prohibitive investment in computer hardware and software.
On the Net, it's easy to display catalogues, take orders, deliver invoices, automate payment, provide account information, show delivery status and take returns information, as well as a panoply of other business-related activities.
That this perception is becoming reality is shown in the rapid growth of e-commerce in Europe. There are 35 million users online at present, and it's predicted there will be between 80 million and 100 million users by mid-2001. Approximately 20 per cent of companies in the UK, France and Germany currently buy and sell over the internet and this is set to increase to 40 per cent next year.
But e-commerce's continued growth depends on more businesses identifying and overcoming the legal issues associated with trading on the Net. Uncertainty reigns among companies that have not experienced electronic trading before and don't know how to structure their e-commerce business within existing legal boundaries or how to protect themselves from fraud or the misuse of confidential information.
It is important for anyone considering establishing an e-commerce site to set some ground rules. The vendor should prepare the briefest, clearest terms possible covering the issues of importance to it. These should deal with many of the things that would not need to be clarified during a normal retail transaction (see box, page 44). The terms must then be incorporated into the contract by the vendor by ensuring that the customer knowingly has to accept them - for example, by structuring the Website so that the customer has to click on an appropriate icon.
A legally binding contract is only formed once an offer is accepted, and this can be done electronically. In e-commerce, the customer usually offers to buy by clicking on an icon on a Web page, agreeing to purchase under the terms and price stated. The vendor must fulfil this contract - even if the product ordered is out of stock.
However, this obligation only exists after the offer has been accepted by the vendor. This is important because an offer may be revoked at any time before it is accepted (see box, shopping.com, page 45) The vendor needs to operate a process that accepts each order quickly - for example, by emailing customers to confirm the purchase.
If the vendor trades internationally, it must assess whether it will breach any of its existing contracts with suppliers, distributors or agents.
They may prohibit selling abroad, perhaps because it has appointed an exclusive distributor for some parts of the world.
It's important to avoid breaching these contracts. Sometimes it's possible to say you will not accept orders for delivery to a particular territory, or that all orders for delivery in that territory will be passed on to the distributor - but competition laws need to be considered carefully.
The vendor must not breach the relevant consumer legislation - for example, any term requiring the customer to return goods must be fair and reasonable.
Intellectual property rights must also be considered on an international basis, particularly if the vendor has not exported in the past. Because the Website will be accessible worldwide and sales may occur anywhere, the vendor must take care not to infringe patents, designs, trademarks and copyright - not only in the UK but also abroad.
The vendor should also protect the copyright in its Website. This can be achieved by ensuring that any copyright in the site (if it is developed by a third party) is assigned to the vendor (the default position is that the designer owns the copyright) and by incorporating copyright notices into the Website prohibiting unauthorised copying. The vendor should also periodically review the territories where its products sell well - does it have appropriate protection for its trademarks or does it need to review its strategy?
In e-commerce, debit and credit cards are the most practical payment methods available. Customers need to know that security has been addressed so they have confidence in carrying out the transaction is vital and, in the long term, a standard mechanism such as MasterCard's SET (secure electronic transaction) should be adopted.
E-commerce, by its very nature, requires the vendor to store customer information. It must, however, obtain, process and use data fairly and lawfully and provide adequate security measures (see box, ibm.com and dell.com, page 45).
Compliance with any data protection legislation is mandatory. Security is key for e-commerce and while companies naturally try to keep security breaches quiet, there have been a number of apocalyptic stories which suggest that all is not as it should be.
It has been reported, for example, that at least one company kept customers' credit card details unprotected on their Web server, with the inevitable consequence that the information was stolen by hackers.
Security and privacy increase customer and vendor confidence in a service and encourage them to use it. In many respects, confidence is really a matter of user perception. Many customers are reluctant to commit their credit card details to a Web-delivered transaction, but are happy to do so over the telephone. By the same token, companies will happily take telephone orders paid by credit card, but can be reluctant to do so over the Web. This is probably because of the poor reputation of internet security and also because the whole process is invisible.
Many of the dangers relate to the way the underlying technology works, or its architecture. An important choice faced by companies setting up an e-commerce site is whether to design a site themselves on their own hardware or to use another company - usually an ISP - to host the service.
A big advantage of using an ISP is the saving made by sharing the cost of a high-bandwidth connection to the internet with the ISP's other customers.
Against this must be balanced the risk of holding confidential company information on an external computer - although the dangers associated with this can be reduced by carefully drafted contract terms.
Maintaining privacy while the information is stored is largely a matter of the rigour of access control - who is allowed to read or write what, once users have been properly authenticated. Many sites adopt a policy of permitting access unless it is expressly prohibited. This is a convenient way of working but is probably insufficient for e-commerce sites, where it is preferable to adopt a policy of denying access unless expressly permitted. For shared servers, such as ISP-hosted sites, this is especially important, as users belonging to the companies sharing the server will require more powerful privileges than other visitors to the site because they have to be able to maintain their own Web pages.
Since e-commerce is mostly concerned with encouraging visitors to the site, stopping anyone entering is not of great benefit. However, visitors must be authenticated before transactions can take place. The method of authentication used depends on the value and risk of the transaction taking place. For low-value, low-risk transactions, sufficient authentication is provided in the credit card details. Such a transaction is, after all, no different from using a credit card over the telephone.
For higher value or higher risk transactions - say, sports betting - the vendor may wish customers to set up an account, or be financially vetted, before interactive trading. In this situation, customers must be provided with a password or personal identifier. If the transaction values are high or the perceived risk is large, then digital signatures can be used for authentication.
Proof that a transaction has taken place is important to the integrity of e-commerce. There are times where both buyer and vendor might find it convenient to claim that the transaction never occurred or was not completed. This can be dealt with by specifying in the contract what evidence is required.
Techniques such as digital signatures are a fast-developing area, but a cheaper alternative is a simple audit of transactions, especially if the audit trail is recorded by an 'independent' party.
Security is a trade-off between affordability, functionality, cultural compatibility and legality. A well-structured Website, with clear and identifiable processes, helps to avoid contractual disputes and ensures a degree of internal and external security. Only by having such a mechanism will e-commerce truly flourish. Without it, cyberspace will descend into anarchy.
Rex Parry is a partner in the Intellectual Property Department of Eversheds, a national UK law firm.
LAYING DOWN THE LAW
The ground rules on which the parties are to trade should be stated clearly on the vendor's Website. The vendor should prepare the briefest, clearest terms possible covering the issues of importance to it:
- Clarifying the vendor's right to refuse or cancel orders at any time
- Stating that prices are 'guide prices', if the vendor's prices change regularly
- Covering the cost of delivery (after all, it could be delivery to anywhere in the world)
- Covering who pays any import/export duties and taxes
- Providing a refund policy for defective goods
- Addressing payment (and credit assessment, if credit is to be given)
- Addressing any use that will be made of the data generated by the sale (do you wish to create a database of e-commerce customers?)
- Stating delivery times (which clearly should not be too non-specific)
- Detailing what law applies
EXAMPLES OF WEBSITE AGREEMENTS
www.dell.com - keeping your details private
'The privacy and confidentiality of your personal information is important to us. It is the policy of Dell Computer Corporation not to disclose or sell information regarding your orders and the products you purchase to any outside organisation for solicitation purposes. Dell may use such information to communicate select special news, promotions and product deals to you on a regular basis, by email or regular mail, unless you notify us that you do not want to receive such communications.'
www.dan.com - dealing with delivery dates
'The only slight drawback to buying a build-to-order PC is that you have to wait a while for us to put it together for you. How long this takes varies according to a number of factors, but you can always rest assured that when we give you our estimated delivery date, it will be a realistic one. We never attempt to influence your purchasing decision by giving you a delivery date that we cannot possibly achieve. However, do bear in mind that from time to time, we might experience delays in the delivery of components from our suppliers. Such occurrences, while extremely rare, are entirely outside our control.'
www.ibm.com - your wish is our command
'If you choose to give us personal information via the internet that we or our business partners may need - for example, to correspond with you, process an order or provide you with a subscription, - it is our intent to let you know how we will use such information. If you tell us that you do not wish to have this information used as a basis for further contact with you, we will respect your wishes. We do keep track of the domains from which people visit us. We analyse this data for trends and statistics, and then we discard it.'
www.shopping.com - when an order isn't an order
'Order acceptance - the receipt of an email order confirmation does not constitute the acceptance of an order or as a confirmation of an offer to sell. Shopping.com reserves the right, without prior notification, to limit the order quantity on any item, on both an order and time basis. In order to protect the interests of our customers, all orders placed for more than $5,000 must obtain pre-approval with an acceptable method of payment, as established by our commercial department. Additional verification of information may be required prior to the acceptance of any order.'
www.compaq.com - you have been warned
'Any software that is made available to download from this server is the copyrighted work of Compaq and/or its suppliers. Use of the software is governed by the terms of the user licence agreement, if any, which accompanies or is included with the software licence agreement. A user will be unable to install any software that is accompanied by or includes a licence agreement unless he or she first agrees to the licence agreement terms. The software is made available for downloading solely for use by users according to the licence agreement. Any reproduction or redistribution of the software not in accordance with the licence agreement is expressly prohibited by law and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible.'