Website-law.co.uk

The preponderance of the laws that regulate commercial conduct online are the same laws that regulate commercial conduct offline: contract law, the law of torts, commercial law, consumer law,  intellectual property law, and so on.

If you know a little (or a lot) about publishing law, you know a little (or a lot) about digital publishing law.

But doing business on the internet involves added complexity and added uncertainty.   Added complexity, because a new layer of laws veils the legal backcloth.  Added uncertainty, because the new and evolving technologies may not yet have been digested by the system of legal precedent - and by the time a recognisable body of jurisprudence about a technology has emerged, the technology may be obsolescent.

Complexity, uncertainty and evolution are three causes of widespread non-compliance with the law.

The extent of non-compliance should not be underestimated.  For example, the E-commerce Regulations demand, with the inevitable exceptions, that e-retailers must make available to their customers “appropriate, effective and accessible technical means” allowing the customer to identify and correct input errors before placing an order.  This may be dealt with by means of a “confirm your order” page: but anyone with a passing familiarity with online shopping will know that as often as not there is no pre-order correction procedure.

Some fairly common internet practices are outlawed. For instance, many websites will send marketing emails to users who do not opt-out – when in some cases they should only be sending the emails to users who opt-in.

One reason why online compliance is particularly important is that anyone can conduct an impromptu audit of your website – and potentially find you wanting.  This can be embarrassing.

For example, whilst writing this I visited the website of one of the most prestigious law firms in the world.   Under the Privacy and Electronic Communications (EC Directive) Regulations 2003, a person using a website that serves cookies should, amongst other things, be “provided with clear and comprehensive information” about the cookies.  (Cookies are sent by a web server to a web browser and then sent back to the server each time the browser accesses that server, enabling the server to recognise and track the browser.)

The law firm website uses site-wide session cookies and instructs Google to serve four persistent Google Analytics cookies to the user.  But the legal notice on the firm’s website says that the website doesn’t use cookies, other than session cookies in one particular part of the website.

I doubt whether the firm in question would welcome publicity about this kind of (albeit technical) non-compliance.

But there is more than just embarrassment at stake if you fail to comply with the laws relating to digital publishing.  Contracts of sale that can be rescinded at the option of your customers; Trading Standards investigations and prosecutions; investigations and adverse decisions of the Information Commissioner; and civil claims by customers: the risks are varied, and non-compliance can be expensive.

Because of regular changes in the law relating to the internet and the technologies from which it is built, digital publishers should ensure not only that they have the expertise to identify the issues, but that they regularly update that expertise and regularly audit their compliance.

In yesterday’s post, I considered the basic legal information that most commercial websites are required by English law to disclose. Many of these basic disclosure requirements are contained in the Electronic Commerce Regulations (EC Directive) Regulations 2002 (the “Ecommerce Regulations”).

The Ecommerce Regulations also contain a number of (widely ignored) provisions that apply where contracts are entered into online.

This post considers those provisions. (It does not, amongst other things, consider the requirements of the Distance Selling Regulations which will affect consumer contracts concluded online.)

Technical steps to conclude a contract

Prior to the conclusion of an electronic contract, the service provider must provide to the service recipient in a clear, comprehensible and unambiguous manner details of the different technical steps to follow to conclude the contract.

The easiest way to do this is to include, somewhere on the website – e.g. in the legal documentation – a step-by-step guide to the contracting process.

Filing and accessibility of contract

Prior to the conclusion of an electronic contract, the service provider must tell the service recipient in a clear, comprehensible and unambiguous manner whether or not the concluded contract will be filed by the service provider and whether it will be accessible to the service recipient.

Given that online T&Cs may be regularly amended, the simplest way to deal with this requirement is to state, in the T&Cs, that the contract will not be filed and therefore may in inaccessible!

Correcting input errors

Prior to the conclusion of an electronic contract, the service provider must provide to the service recipient in a clear, comprehensible and unambiguous manner details of the technical means for identifying and correcting input errors prior to the placing of the order. The service provider must also actually provide such appropriate, effective and accessible technical means, prior to the placing of the order.

The usual way to fulfil this requirement is to have a pre-order web page detailing the information submitted and asking the customer to confirm whether they would like to amend that information or place the order on the basis of that information.

Languages

Service providers must also, strangely, provide service recipients with information about the languages offered for the conclusion of the contract.

This requirement can be met by stating in the website legal documents that the contract is only available in Esperanto (or whatever).

Codes of conduct

A service provider must indicate which relevant codes of conduct he subscribes to – and give information on how those codes can be consulted electronically.

T&Cs: storage and reproduction

Where the service provider provides terms and conditions applicable to the contract to the recipient, the service provider shall make them available to him in a way that allows him to store and reproduce them.

In my view, an HTML page or .pdf file can be stored or reproduced with ease, and so should fulfil this requirement. However, a cautious website operator might include a “print now” button on the terms and conditions.

Acknowledgement of order

Where a recipient of the service places his order through technological means, a service provider must acknowledge receipt of the order to the recipient of the service without undue delay and by electronic means.

However, the acknowledgement of receipt may take the form of the provision of the service paid for where that service is an “information society service” (e.g. a subscription to a website).

Exceptions

Where a contracts is concluded exclusively by email, the only requirements that apply are those set out under the “T&Cs: storage and reproduction” heading.

Businesses contracting online with other businesses may agree that the above provisions – other than those set out under the “T&Cs: storage and reproduction” heading - do not apply.

English law requires that most business websites supply certain information.

The basic information requirements are set out in:

• The Electronic Commerce Regulations (EC Directive) Regulations 2002 (the “Ecommerce Regulations”). These Regulations implement into English law Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (the “Ecommerce Directive”); and

• The Companies Act 2006 and the Business Names Act 1985.

The application of each piece of legislation, and the detailed information that will be required where the legislation applies, is considered below.

Ecommerce Regulations: application

The Ecommerce Regulations basic disclosure requirements apply to “…a person providing an information society service…” (Regulation 6).

“Information society service” means “any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service” (Recital 17 of the Ecommerce Directive). This requirement should be broadly construed. For example, although a simple “brochure” website might not be an information society service, a website that earns money through advertising almost certainly will constitute an information society service, even if it is completely free to users.

The Ecommerce Regulations only apply to service providers established in the UK. However, service providers established elsewhere in the EU will have to comply with equivalent requirements under the national law of the state in which they are established.

“Established service provider” is defined in the Ecommerce Directive as follows: “a service provider who effectively pursues an economic activity using a fixed establishment for an indefinite period. The presence and use of the technical means and technologies required to provide the service do not, in themselves, constitute an establishment of the provider;”

So, the location of the servers hosting a website do not determine the place of establishment.

Where there are multiple “fixed establishments” in relation to a given service, then Recital 19 of the Directive provides guidance: “… in cases where a provider has several places of establishment it is important to determine from which place of establishment the service concerned is provided; in cases where it is difficult to determine from which of several places of establishment a given service is provided, this is the place where the provider has the centre of his activities relating to this particular service.”

Ecommerce Regulations: requirements

A person providing an information society service must make available to the recipients of the service (and any relevant enforcement authority) in a form and manner which is easily, directly and permanently accessible, the following information:

• the name of the service provider;

• the geographic address at which the service provider is established;

• the details of the service provider, including his electronic mail address, which make it possible to contact him rapidly and communicate with him in a direct and effective manner;

• where the service provider is registered in a trade or similar register available to the public, details of the register in which the service provider is entered and his registration number, or equivalent means of identification in that register;

• where the provision of the service is subject to an authorisation scheme, the particulars of the relevant supervisory authority;

• where the service provider exercises a regulated profession: (i) the details of any professional body or similar institution with which the service provider is registered; (ii) his professional title and the member State where that title has been granted; (iii) a reference to the professional rules applicable to the service provider in the member State of establishment and the means to access them; and

• where the service provider undertakes an activity that is subject to value added tax, the relevant identification number.

In addition, where a person providing an information society service refers to prices, these must be indicated clearly and unambiguously and, in particular, must indicate whether they are inclusive of tax and delivery costs.

Companies Act 2006 and Business Names Act 1985

Every UK company should list on its website:

• its name;

• its company registration number;

• its place of registration; and

• its registered office address.

Sole traders and partnerships who carry on a business in the UK under a business name (very roughly, not the names of the trader/partners) must also make certain website disclosures:

• in the case of a sole trader, the individual’s name;

• in the case of a partnership, the name of each member of the partnership;

• in either case, in relation to each person named, an address in the UK at which service of any document relating in any way to the business will be effective.