(iii.) US Law: Analysis and Comparison with EU Law[38]
Some have argued that the European legislative model suffers in comparison to the U.S. legislative approach to e-commerce, particularly the Uniform Computer Information Transactions Act (“UCITA”). UCITA is a model law drafted in 1999 by the National Conference of Commissioners on Uniform State Law for enactment in U.S. state legislatures.[39] Some argue that many of the consumer protection provisions in the European directives create unnecessary burdens for e-businesses, particularly in comparison to similar U.S. legislation.[40] They criticize the “cooling off” period in the Distance Selling Directive on the ground that it imposes significant costs on businesses. Comparing this requirement with the provisions set out in UCITA, which allows consumers to return goods only if the terms of the contract were not made available to the consumer before payment is made, some commentators favor this latter provision. For instance, one such commentator argues that Article 11 of the E-Commerce Directive (which requires ISSPs to electronically acknowledge receipt of the recipient’s order “without undue delay”) is another example of an unnecessary administrative burden, and is “not suited to the instantaneous nature of electronic commerce.”[41]
The E-Signatures Directive has similarly received criticism when compared with the U.S. model. Again, commentators argue that the E-Signatures Directive is inferior to the U.S. model. In particular, one critic argues that the E-Signatures Directive is not technologically neutral, because it favors electronic signatures over all other signatures, including written ones. Another similarly argues that the model “locks in” certain technologies. This critic prefers the U.S. approach to electronic signatures in the form of the revisions to the Uniform Commercial Code, UCITA and the Uniform Electronic Transactions Act, because it “recognize[s] the legal equivalency of electronic records and traditional writing without favoring any particular technology.”[42]
Finally, it has also been argued that the U.S. model law is superior, because it more clearly establishes how contract law applies online. For example, UCITA states that assent is manifested if a record or term is authenticated, or if an individual intentionally acts or makes statements and knows that the other party will infer assent from those acts or statements. According to UCITA, authentication can occur by adopting a symbol or by processing the record with the intent to authenticate it.
UCITA similarly provides that where a signature or authentication is not required, a party may manifest assent by acting or failing to act, or by making statements with knowledge or reason to know that the other party will infer these as assent.[43] These provisions of UCITA therefore establish that contractual acceptance can occur simply by clicking an icon on a website.[44] The European directives, on the other hand, neither expressly nor implicitly state that contractual acceptance can occur in this manner. Unlike the European directives, UCITA also establishes that a contract may be formed between an individual and an electronic agent, or between two electronic agents.[45]
III
In this segment, we discuss the South African experience with the E-Commerce legislative framework.
Online merchants looking at exciting electronic commerce opportunities in South Africa will be pleased to know that legally-protected electronic transactions are a reality in South Africa. The government has now passed legislation dealing with electronic commerce, namely, the Electronic Communications and Transactions Act[46] (Act). The object of the Act is to facilitate electronic transactions and communications, to inspire confidence in the use of such medium, and to encourage universal accessibility of e-commerce by all sectors of the population.[47]
Foreign merchants should be aware of the provisions of the Act if they intend to provide goods or services online to the South African marketplace, in particular, how agreements are formed in South Africa using online transactions.
The objects of this Act are to enable and facilitate electronic communications and transactions in the public interest, and for that purpose to:
(a) recognise the importance of the information economy for the economic and social prosperity of the Republic;
(b) promote universal access primarily in underserviced areas;
(c) promote the understanding and, acceptance of and growth in the number of electronic transactions in the Republic;
(d) remove and prevent barriers to electronic communications and transactions in the Republic;
(e) promote legal certainty and confidence in respect of electronic communications and transactions;
(f) promote technology neutrality in the application of legislation to electronic communications and transactions;
(g) promote e-government services and electronic communications and transactions with public and private bodies, institutions and citizens;
(h) ensure that electronic transactions in the Republic conform to the highest international standards;
(i) encourage investment and innovation in respect of electronic transactions in the Republic;
(j) develop a safe, secure and effective environment for the consumer, business and the Government to conduct and use electronic transactions;
(k) promote the development of electronic transactions services which are responsive to the needs of users and consumers;
(l) ensure that, in relation to the provision of electronic transactions services, the special needs of particular communities and, areas and the disabled are duly taken into account;
(m) ensure compliance with accepted International technical standards in the provision and development of electronic communications and transactions;
(n) promote the stability of electronic transactions in the Republic;
(o) promote the development of human resources in the electronic transactions environment;
(p) promote SMMEs within the electronic transactions environment;
(q) ensure efficient use and management of the .za domain name space; and
(r) ensure that the national interest of the Republic is not compromised through the use of electronic communications.[48]
The following are the detailed provisions of the Act.
I. LEGAL RECOGNITION OF DATA MESSAGES
The Act places computer-generated documents on the same footing as traditional paper evidence. For example, a “data message” means data generated, sent, received, or stored by electronic means. Such information will not be regarded as devoid of any legal status merely because it is in this form. Information incorporated into an agreement will be regarded as being incorporated into a data message if such information is referred to in a way in which a reasonable person would have noticed the reference and the incorporation of such information; and such information is accessible by means of reading, storage, or retrieval by the other party, whether electronically or as a computer printout. In addition, a signature will not be regarded as devoid of any legal recognition merely because it is in an electronic form. A data message made by a person in the ordinary course of business, or a copy or an extract from such data message certified to be correct by an officer in the service of such person, will on mere production in any civil, criminal, administrative or disciplinary proceedings under any law or common law, be admissible in evidence against that person.[49]
II. CONSUMER COOLING OFF AND OTHER PROVISIONS[50]
In concluding agreements with South African consumers, merchants (foreign and local) should note the following provisions pertaining to consumer protection: Merchants are obliged to make certain information available to consumers on Web sites where such goods or services are offered. Examples of such information are:
(1) merchant’s full name and legal status;
(2) physical address and telephone number;
(3) security procedures, policies and any code of conduct that the merchant subscribes to; and
(4) the manner of payment and the full price of goods or services, including transport costs, taxes and any other fees or costs.
Merchants are also expected to provide consumers with an opportunity to review the entire electronic transaction, to correct any mistakes and to withdraw from the transaction, before finally placing any order. Should any merchant fail to comply with this obligation, the consumer can cancel the transaction within fourteen days of receiving the goods or services under the transaction.
Other than the exception of the excluded items mentioned above, the consumer is also entitled to a “cooling-off period” and can cancel without reason any transaction within seven days from the date of receipt of the goods. Merchants should be aware that the protection given to consumers under this chapter applies irrespective of the legal system applicable to the agreement in question. Any provision in the agreement that excludes any rights guaranteed under this chapter is null and void.
There are also important provisions in the Act affecting merchants including foreign merchants offering goods or service online. The following provisions deal with technology used by merchants in conducting online business.
III. ACCREDITATION AUTHORITY[51]
Accreditation in this context means recognition of an authentication product or service by the Accreditation Authority. Authentication products are described as products or services designed to identify the holder of an electronic signature to other persons. The Accreditation Authority is the Director-General of the Department of Communications. Unlike rules regarding cryptography services, accreditation is voluntary. Any service provider can sell or provide authentication products or services in South Africa. The Accreditation Authority has the power to do the following:
(1) monitor the conduct, systems and operations of the authentication service provider to ensure that such service provider complies with the Act;
(2) temporarily suspend or revoke accreditation of an authentication service provider; and
(3) appoint an independent auditing firm to conduct periodic audits of the authentication service provider.
It should be noted that the Minister of Communications may, by notice in the Government Gazette, recognize the accreditation granted to any authentication service provider in any foreign jurisdiction.
The Accreditation Authority will examine a number of factors before accrediting authentication products or services. The following are some of the factors taken into account:
(1) the financial and human resources, including the assets of the service provider;
(2) the quality of hardware and software systems of the service provider;
(3) the procedures for processing of products or services; and
(4) the regularity and extent of audits by an independent body.
Different jurisdictions with enforceable data protection and electronic commerce legislation have specific provisions relevant to that jurisdiction. Merchants including foreign merchants should note the following provisions when dealing with South African consumers.
IV. UNSOLICITED GOODS, SERVICES, OR COMMUNICATIONS[52]
A merchant who sends unsolicited electronic communication (“spam”) must provide the consumer with the option to cancel its subscription to the mailing list, and must identify the source from which that merchant obtained such consumer’s personal information. No agreement may be concluded if the consumer has not responded to the spam. Failure to comply with the Act will attract a fine or imprisonment for a period not exceeding twelve months.
V. PROTECTION OF PERSONAL INFORMATION[53]
In collecting personal information electronically, merchants should be aware that a data controller must comply with certain stringent requirements. The data controller must have the express written permission of the consumer for the collection, collation, processing or disclosure of any personal information on that consumer. Furthermore, the data controller may not electronically request, collect, collate, process or store personal information regarding a consumer that is not necessary for the lawful purpose for which the personal information is required. The Act stipulates a number of onerous requirements for the data controller that have not been covered in this Article. The Act is clear that the data controller is not allowed to “pick and choose” the obligations imposed by the Act. The rights and obligations of the parties regarding any breach of the obligations contained in the Act are governed by the terms of the agreement between such data controller and consumer.
Print Page
Some have argued that the European legislative model suffers in comparison to the U.S. legislative approach to e-commerce, particularly the Uniform Computer Information Transactions Act (“UCITA”). UCITA is a model law drafted in 1999 by the National Conference of Commissioners on Uniform State Law for enactment in U.S. state legislatures.[39] Some argue that many of the consumer protection provisions in the European directives create unnecessary burdens for e-businesses, particularly in comparison to similar U.S. legislation.[40] They criticize the “cooling off” period in the Distance Selling Directive on the ground that it imposes significant costs on businesses. Comparing this requirement with the provisions set out in UCITA, which allows consumers to return goods only if the terms of the contract were not made available to the consumer before payment is made, some commentators favor this latter provision. For instance, one such commentator argues that Article 11 of the E-Commerce Directive (which requires ISSPs to electronically acknowledge receipt of the recipient’s order “without undue delay”) is another example of an unnecessary administrative burden, and is “not suited to the instantaneous nature of electronic commerce.”[41]
The E-Signatures Directive has similarly received criticism when compared with the U.S. model. Again, commentators argue that the E-Signatures Directive is inferior to the U.S. model. In particular, one critic argues that the E-Signatures Directive is not technologically neutral, because it favors electronic signatures over all other signatures, including written ones. Another similarly argues that the model “locks in” certain technologies. This critic prefers the U.S. approach to electronic signatures in the form of the revisions to the Uniform Commercial Code, UCITA and the Uniform Electronic Transactions Act, because it “recognize[s] the legal equivalency of electronic records and traditional writing without favoring any particular technology.”[42]
Finally, it has also been argued that the U.S. model law is superior, because it more clearly establishes how contract law applies online. For example, UCITA states that assent is manifested if a record or term is authenticated, or if an individual intentionally acts or makes statements and knows that the other party will infer assent from those acts or statements. According to UCITA, authentication can occur by adopting a symbol or by processing the record with the intent to authenticate it.
UCITA similarly provides that where a signature or authentication is not required, a party may manifest assent by acting or failing to act, or by making statements with knowledge or reason to know that the other party will infer these as assent.[43] These provisions of UCITA therefore establish that contractual acceptance can occur simply by clicking an icon on a website.[44] The European directives, on the other hand, neither expressly nor implicitly state that contractual acceptance can occur in this manner. Unlike the European directives, UCITA also establishes that a contract may be formed between an individual and an electronic agent, or between two electronic agents.[45]
III
In this segment, we discuss the South African experience with the E-Commerce legislative framework.
Online merchants looking at exciting electronic commerce opportunities in South Africa will be pleased to know that legally-protected electronic transactions are a reality in South Africa. The government has now passed legislation dealing with electronic commerce, namely, the Electronic Communications and Transactions Act[46] (Act). The object of the Act is to facilitate electronic transactions and communications, to inspire confidence in the use of such medium, and to encourage universal accessibility of e-commerce by all sectors of the population.[47]
Foreign merchants should be aware of the provisions of the Act if they intend to provide goods or services online to the South African marketplace, in particular, how agreements are formed in South Africa using online transactions.
The objects of this Act are to enable and facilitate electronic communications and transactions in the public interest, and for that purpose to:
(a) recognise the importance of the information economy for the economic and social prosperity of the Republic;
(b) promote universal access primarily in underserviced areas;
(c) promote the understanding and, acceptance of and growth in the number of electronic transactions in the Republic;
(d) remove and prevent barriers to electronic communications and transactions in the Republic;
(e) promote legal certainty and confidence in respect of electronic communications and transactions;
(f) promote technology neutrality in the application of legislation to electronic communications and transactions;
(g) promote e-government services and electronic communications and transactions with public and private bodies, institutions and citizens;
(h) ensure that electronic transactions in the Republic conform to the highest international standards;
(i) encourage investment and innovation in respect of electronic transactions in the Republic;
(j) develop a safe, secure and effective environment for the consumer, business and the Government to conduct and use electronic transactions;
(k) promote the development of electronic transactions services which are responsive to the needs of users and consumers;
(l) ensure that, in relation to the provision of electronic transactions services, the special needs of particular communities and, areas and the disabled are duly taken into account;
(m) ensure compliance with accepted International technical standards in the provision and development of electronic communications and transactions;
(n) promote the stability of electronic transactions in the Republic;
(o) promote the development of human resources in the electronic transactions environment;
(p) promote SMMEs within the electronic transactions environment;
(q) ensure efficient use and management of the .za domain name space; and
(r) ensure that the national interest of the Republic is not compromised through the use of electronic communications.[48]
The following are the detailed provisions of the Act.
I. LEGAL RECOGNITION OF DATA MESSAGES
The Act places computer-generated documents on the same footing as traditional paper evidence. For example, a “data message” means data generated, sent, received, or stored by electronic means. Such information will not be regarded as devoid of any legal status merely because it is in this form. Information incorporated into an agreement will be regarded as being incorporated into a data message if such information is referred to in a way in which a reasonable person would have noticed the reference and the incorporation of such information; and such information is accessible by means of reading, storage, or retrieval by the other party, whether electronically or as a computer printout. In addition, a signature will not be regarded as devoid of any legal recognition merely because it is in an electronic form. A data message made by a person in the ordinary course of business, or a copy or an extract from such data message certified to be correct by an officer in the service of such person, will on mere production in any civil, criminal, administrative or disciplinary proceedings under any law or common law, be admissible in evidence against that person.[49]
II. CONSUMER COOLING OFF AND OTHER PROVISIONS[50]
In concluding agreements with South African consumers, merchants (foreign and local) should note the following provisions pertaining to consumer protection: Merchants are obliged to make certain information available to consumers on Web sites where such goods or services are offered. Examples of such information are:
(1) merchant’s full name and legal status;
(2) physical address and telephone number;
(3) security procedures, policies and any code of conduct that the merchant subscribes to; and
(4) the manner of payment and the full price of goods or services, including transport costs, taxes and any other fees or costs.
Merchants are also expected to provide consumers with an opportunity to review the entire electronic transaction, to correct any mistakes and to withdraw from the transaction, before finally placing any order. Should any merchant fail to comply with this obligation, the consumer can cancel the transaction within fourteen days of receiving the goods or services under the transaction.
Other than the exception of the excluded items mentioned above, the consumer is also entitled to a “cooling-off period” and can cancel without reason any transaction within seven days from the date of receipt of the goods. Merchants should be aware that the protection given to consumers under this chapter applies irrespective of the legal system applicable to the agreement in question. Any provision in the agreement that excludes any rights guaranteed under this chapter is null and void.
There are also important provisions in the Act affecting merchants including foreign merchants offering goods or service online. The following provisions deal with technology used by merchants in conducting online business.
III. ACCREDITATION AUTHORITY[51]
Accreditation in this context means recognition of an authentication product or service by the Accreditation Authority. Authentication products are described as products or services designed to identify the holder of an electronic signature to other persons. The Accreditation Authority is the Director-General of the Department of Communications. Unlike rules regarding cryptography services, accreditation is voluntary. Any service provider can sell or provide authentication products or services in South Africa. The Accreditation Authority has the power to do the following:
(1) monitor the conduct, systems and operations of the authentication service provider to ensure that such service provider complies with the Act;
(2) temporarily suspend or revoke accreditation of an authentication service provider; and
(3) appoint an independent auditing firm to conduct periodic audits of the authentication service provider.
It should be noted that the Minister of Communications may, by notice in the Government Gazette, recognize the accreditation granted to any authentication service provider in any foreign jurisdiction.
The Accreditation Authority will examine a number of factors before accrediting authentication products or services. The following are some of the factors taken into account:
(1) the financial and human resources, including the assets of the service provider;
(2) the quality of hardware and software systems of the service provider;
(3) the procedures for processing of products or services; and
(4) the regularity and extent of audits by an independent body.
Different jurisdictions with enforceable data protection and electronic commerce legislation have specific provisions relevant to that jurisdiction. Merchants including foreign merchants should note the following provisions when dealing with South African consumers.
IV. UNSOLICITED GOODS, SERVICES, OR COMMUNICATIONS[52]
A merchant who sends unsolicited electronic communication (“spam”) must provide the consumer with the option to cancel its subscription to the mailing list, and must identify the source from which that merchant obtained such consumer’s personal information. No agreement may be concluded if the consumer has not responded to the spam. Failure to comply with the Act will attract a fine or imprisonment for a period not exceeding twelve months.
V. PROTECTION OF PERSONAL INFORMATION[53]
In collecting personal information electronically, merchants should be aware that a data controller must comply with certain stringent requirements. The data controller must have the express written permission of the consumer for the collection, collation, processing or disclosure of any personal information on that consumer. Furthermore, the data controller may not electronically request, collect, collate, process or store personal information regarding a consumer that is not necessary for the lawful purpose for which the personal information is required. The Act stipulates a number of onerous requirements for the data controller that have not been covered in this Article. The Act is clear that the data controller is not allowed to “pick and choose” the obligations imposed by the Act. The rights and obligations of the parties regarding any breach of the obligations contained in the Act are governed by the terms of the agreement between such data controller and consumer.
No comments:
Post a Comment