Legislation to support the development and implementation of new Information and Communication Technology (ICT) and reduce barriers to the adoption of eBusiness is an important indicator for economic success. While the EU’s legal and regulatory framework in this regard has only been gradually developed over the last years, there are valuable lessons  learnt which can be leveraged  in the implementation of a legislative environment to support the adoption of eBusiness in African States.

Reflecting research carried out under the Legal-IST project, which was funded under the European Commission IST Programme, this case study addresses four recently studied  issues  determined  to  be  of  high  importance  for  eBusiness  adoption  in Europe. The  objectives was to identify, address and study legal research areas to define research and development needs for short, medium and long-term focus (with regard   to   technology,   methods,  organisational  and   human  issues,  business relationship and working groups,  national legal entities and codes) as well as to initiate  and  co-ordinate  the  analysis  of   specific  issues  of  relevance  for  ICT- businesses and to provide recommendations on each research area studied, suitable for being used and adopted by policy-makers at EC level in order to evolve current legal  framework.  This  research  was  based  on   questionnaire-based  feedback received from legal experts, SMEs, policy makers and NGOs across Europe.

The four key legal issues for eBusiness in Europe identified are:

•   Legal issues related to RFID

•   Liability of information society service provider

•   Self regulation on B2B internet trading platforms

•   Business registry.

1.1.1  RFID

Radio Frequency  Identification (RFID)  Technology  uses  radio  waves  to  identify objects  or people wearing RFID tags automatically and wirelessly. RFID has two parts: a tag  containing an identification number and reader that triggers the tag to broadcast  its   identification  number.  RFID  is  of  considerable  interest  in  retail, consumer packaged  goods and manufacturing supply chains in terms of potential efficiency.

Hospitals also plan to  deploy RFID to  identify patients, call up records, reduce medical  errors and improve overall productivity. For instance, a pilot project has started  in  July  2005  in  the  clinical  centre  of  Saarbrücken  in  cooperation  with companies such as  Intel,  Siemens Business Services and Fujitsu-Siemens. The study also points out other fields of application including the use of RFID in passports (in November 2005 Germany introduced the first European e-passport, equipped with biometric data stored on a RFID tag) and banknotes, use in libraries and even in the tracking of people (like for example in prisons).

The key legal implications are related to RFID tags that directly store personal data such as name, age, nationality etc. The most prominent current legal issue is the one related with the protection of privacy and data protection. The study examines which European directives  apply in relation to different categories of RFID tags, some of which only include product  reference numbers, while others can provide access to personal data  only  in  conjunction  with  a  backend  database.  Issues  related  to obligations of the data controller are also considered.

1.1.2  Liability of Information Society Service Providers

The background to this issue goes back to the adoption of the EU E-Commerce Directive, and whether there should be stronger protection for the fundamental rights and freedoms of all internet users, or whether the directive should facilitate hunting down individual internet users who broke the law by for example, sharing files and breaching copyright in music. The original intention was facilitate the establishment of Internet  Service   Providers  (ISPs)  as  a  business  model  and  not  hamper  its establishment through liability risks.

The study aims to provide a diagnosis of current liability problems as there is a general lack of regulation at the European Community level of a specific system of liability. The  study points out four fields of interest: The question of the liability of providers  of  Hyperlinks  and  Location  Tools  (where  there  is  a  general  lack  of European case law); liability for the provision of AdWords; claims for information; and problems concerning injunctions.

The main problems detected to date in relation to Hyperlinks and Location Tools are that  linking may give rise to a range of unlawful acts such as libel, intrusion of privacy, IPR  infringements, trademark infringements, misleading advertising, unfair competition and breach of contract. A large number of the complaints are brought for practical reasons:  economic precariousness or lack of knowledge of the identity of the infringing party.

In light  of  applicable legislation  and  available  case  law,  the  potential  problems concerning Adwords (where suppliers pay a premium for their goods or services to be highlighted if certain words are used in a search engine for example) are related to the legal definition of the concepts “keyword” and “metatag” and the legal nature of the “Adwords System”.

The potential problems in relation to issue of claims for information are the lack of harmonised legislation on the obligation for the ISP to retain traffic data and the lack of harmonised legislation related to claims for information.

With  regard  to  injunctions  the  study  considers  problems  related  to  intellectual property   infringements,  and  specifically   some  specific  responsibilities  of   the intermediary.

 

1.1.3  Self Regulation on B2B Internet Trading Platforms

While across Europe there is eCommerce related legislation at both a national and European  Directive  level,  self-regulation  is  still  an  important  facet  of  Internet regulation. The development of codes of conduct is actually encouraged by the Directive on Electronic Commerce (2000/31/EC - Article 16). Legal issues related to self-regulation are analyzed from the perspective of legal validity and enforcement, including  different types  of  self-regulation such as codes of  practice /  codes of conduct, the use of trust marks and labelling, and best practice guidelines and their legal implications. There are valuable lessons to be learnt that can be considered for adoption in other jurisdictions outside Europe.

Because of rapid technical developments and the trans-national nature of Internet trading   platforms,  self-regulation  was  proposed  as  a  solution  to  increase  the willingness of businesses to join a B2B trading platform. Part of the focus of this study is to develop a template for such a voluntary code of conduct, identifying the main  features  of  self-regulatory  mechanisms  and  discussing  the  opportunity  to address the identified barriers of entry on the B2B Internet trading platforms through self-regulation rather than state intervention. It also outlines future research required into how efficient a tool  self-regulation can be for those considering joining a B2B trading platform.

1.1.4  Business Registry

An  electronic  business  registry  (eBusiness  registry)  is  a  software  system  and infrastructure that enhances information channeling and interactions, required by eBusiness. It enables organisations to store information, select business partners and provide content for customers. However, information supplied by such a registry may raise  issues related to data protection and liability issues, depending on the quality and standards of its service.

Using data  warehousing techniques, allows analysis of  data  in  a  registry easy. However, depending on the methods used, information of varying quality can be produced. The study on business registry gives a clear overview over what business registries are as well as of legal issues regarding this sector. It ends with a summary of legislative recommendations.

 

Barriers to eBusiness

The B2B Expert Group identified a series of factors that might explain the reluctance of  businesses (and especially  SMEs) to  fully engage in  electronic trade. These include:

o    lack  of  awareness  regarding  the  risks  and  benefits  of  joining  a  trading platform,

o    difficulties in identifying the most suitable platforms for them to join,

o    incompatibilities between technical standards,

o    insufficient  information  about  the  rules  applicable  to  the  marketplace

Transactions,

o    financial barriers (costs of implementing a secured transaction protocol and maintaining IT systems and websites).

The study recommends:

 

a.  The formulation of Guidelines on the procedures to be followed in drafting a code of conduct and in the involvement of relevant stakeholders

b.  Studying  the  true  effectiveness  of  the  codes  of  conduct  in  modifying  the behaviour of market players, or marketplace operators. Such a research should include concrete examples of market changes brought by the implementation of self regulatory measures

c.  Carrying out legal research on the enforceability of the provisions of codes of conduct by business partners or by third parties and available dispute resolution mechanisms.

d.  Carrying out legal research regarding trustmarks, what rules govern their activity and the extent of their certification obligations

 

Key Conclusions

For RFID, it is essential there is good coordination between technologists, regulators, legislators, and consumers to ensure that RFID can realize benefits to businesses and the wider society. Use of RFID requires serious consideration of data protection  and data security implications, which in turn requires re-examination of the traditional    legal principles and instruments.

For Liability of ISPs, it is essential to review the liability regime, taking into account the  special role of ISPs in the Information Society. Greater legal certainty can be achieved by  providing a legal definition of the appropriate court and out-of-court action and procedures.

Technical rules for business registries should be standardized in order to protect privacy of communication and to assure integrity and security of communications.

Self-regulation including  use  of  codes  of  conduct  is  essential  for  B2B  Trading Platforms. The creation of guidelines to help in the drafting of codes of conducts would  be  very  beneficial. However, research into  the  enforceability of  codes of conduct is recommended.

 

 

Questions: 

Are similar legal issues currently being faced in your country or region?

What relevance do you believe such legal related issues have for your region or country?

What cultural, legislative or other barriers exist to successful adoption of eBusiness in your country?