November 1999

The Parliament Industry group

concerned with the politics of

the Information Society

This paper examines the consumer protection issues that have to be resolved if the EU in general, and the UK in particular, is to be the location of choice for global electronic commerce activities by both large and small businesses and if the equivalent law is to apply to on-line and off-line trading.

90% of international business is now conducted electronically at some stage of the transaction. In 1998 20% of UK business transactions were electronic, but only 0.01% were over the Internet. This is set to change rapidly as consumers and small firms increasingly discover the economic advantages of electronic commerce. Consumers get more information, lower transaction costs, enhanced product customisation and on-line delivery for that which can be delivered electronically. Suppliers can bypass traditional retailers and distribution chains, giving them direct access to global markets. However, take up is being held back by widespread scare stories which are undermining consumer confidence.

E-commerce does pose some genuinely new challenges. It enables consumers to purchase from a remote, and maybe unknown, location which is not under human control during the course of the transaction, opening up new possibilities for errors, flaws and fraud. Consumers require a level of certainty which gives them confidence in the process used, the bona fides of the apparent trader, and the underlying security of their data and their money. Little new law is needed in the UK, which already has strong relevant legislation, most of it applicable to electronic commerce with only minor amendments. Much can be achieved at a technical, design or marketing level if there is a requirement to do so - whether stemming from self or statutory regulation or market forces.

Over-protection could be as damaging as no controls at all since it would drive electronic business offshore. The consumer is probably no more vulnerable when purchasing goods or services over the Internet than when ordering goods by telephone for later delivery, having already paid by credit card. It is not possible to remove all risk from trading, but consumers can, and should be, alerted to those risks.

Those wishing to enhance confidence in the Internet as a medium for achieving economic benefits are concerned that regulations which increase cost or reduce choice will drive electronic commerce "off-shore", out of the reach of EU jurisdiction, helping neither consumers nor EU-based suppliers.

The "light touch" of self-regulatory codes is favoured whereever practical Their application and effectiveness must be closely monitored and any deficiencies remedied in order to achieve the level of confidence envisaged. Those applying such codes in specific markets (sector or national) must also be able to co-operate, globally if necessary, to maintain and promote overall consumer confidence.

Some argue for a single regulatory framework, promoted and administered by an alliance or partnership between service providers and consumer organisations, which can act as a focal point - perhaps in partnership with Government (co-regulation). They claim that the component parts of such an "On-line Trust Foundation" already exist.

Others, including many users already subject to statutory regulation in their off-line markets, regard such a unitary approach as impractical because their state regulators (e.g. those for Financial Services - from consumer credit or insurance sales to personal savings and investment), in the US as well as EU, are already applying their off-line rules to those selling on-line into their regulated markets.

There appears to be consensus on the need for rationalisation and co-operation (between both self-regulators and statutory regulators) with regard to the promotion and policing of codes of practice with compliant Internet web-sites easily identified by "seals" or trust marks". Such co-operation needs to be international and to cover the security of transactions, data protection and privacy and warranties and redress procedures.

It is critical for business confidence that consumers know about the regulatory regimes and see them as effective. A structure that meets management objectives is not much use if the customers stay away!

Business prefers market solutions to additional consumer protection regulation or legislation and believes this can best be achieved by the promulgation of good practice through example and by competition. Buyer-driven good practice is seen to be essential if potential customers are to move from browsing to buying. Those wishing to promote e-commerce (suppliers, traders and governments) must therefore be seen to be taking consumer protection seriously, including funding and other support. Government and industry should also actively promote consumer education, particularly by their own example. EU Governments and the Commission could do more to demonstrate confidence and best practice by their own use of electronic commerce than by legislative initiatives.

Protection, including checkable information and security of payment, has a cost. Perceptions of the need for such protection (including the role of Trusted Third Parties to authenticate transactions and guarantee payment between those who have never met) vary according to the nature and location of the transaction, supplier and consumer as well as the value. Moreover "trust is earned", by those who live up to their word, meeting their obligations, whether or not the technology works or their trading partners meet theirs. "Trust" is rarely conveyed by licensing, whether by Government or Trade Association, save where the licensing body is seen to build a track record of credibility, including the acceptance of liability for the consequences of its actions and of its decisions not to take action.

Banks, credit card companies and notaries are developing a variety of new electronic authentication, authorisation and payment protection services, based on existing "trust" frameworks, many of which already make extensive use of secure global electronic communications networks, in the expectation that these will be covered by the same regulatory frameworks and statutory liabilities as for the traditional paper-base equivalents. Meanwhile some e-commerce product and service suppliers see a need for lower cost, self-regulatory, solutions and wish to limit the liability of participants to enable increased competition. There are legal moves in the United States (proposed new Commercial Code) to limit the default liability of software and service providers. There is also strong lobbying on the part of Telcos and Internet Service Providers regarding their liabilities for the traffic they carry.

Given the volume of international trade that is already conducted electronically, albeit commonly via structured EDI and secure e-mail rather than the public Internet, it is important that any proposed changes to traditional regimes be rigorously assessed for their potential to disrupt well established and effective methods without giving commensurate consumer benefit.

Widely - ideally, universally - recognised seals or trust marks are needed to indicate which merchant’s websites comply with which clear sets of standards, rather than merely implying approval by a responsible body. The technology is becoming available for trust marks to be mounted on the "browsers" used by consumers to alert them as to whether sites are accredited. Trust marks are particularly important to engender confidence in SMEs and in lesser known brands, but need the support of major brands in order to ensure universal acceptance.

A recent survey in the USA found that 70% of kite marked traders were not complying with the relevant codes of conduct. This underlines the need for schemes to have routines for effective action against non-compliance (by those who have subscribed) and against "passing off" (by those who have copied the mark with little or no intention of compliance). The UK Government’s statement (White Paper "Modern Markets: Confident Consumers" of 22 July 1999) that it is working with the Alliance for Electronic Business, the Consumers’ Association and the Office of Fair Trade to set up a new body to accredit electronic commerce codes which guarantee security of payment and privacy of information, identified by digital hallmarks to deter unauthorised copying, is therefore an important initiative.

The overall objective is that consumers using electronic commerce will have a level of protection consistent with other forms of commerce. They should be neither advantaged nor disadvantaged. Attempts to use the harmonisation of e-consumer protection across the EU to "pull through" in other areas break this principle and could well be counter-productive. In broad terms, what is bad practice or illegal off-line should be bad practice or illegal on-line.

However, as off-line laws vary so widely between nations (within the EU as much as globally), there will be difficulties in achieving these goals. There cannot be consistency both across the Internet and between on-line and current off-line law at a particular location.

Self regulation schemes do not necessarily have to be confined to participants within a single legal jurisdiction and can therefore help achieve some level of international consistency. Rules and standards for entry to a self-regulation scheme must be clearly identified through trader best practice guidelines. Governments can give a lead here by the public acceptance of best practice for all their own transactions. Information about existing advisory and regulatory bodies should be accessible electronically, via a help button or hotlink, as well as physically (postal address and phone/fax numbers).

Consumers need confidence that enquiries and complaints will be dealt with at least as fairly and effectively as in traditional trading, although it may not be feasible (or useful to consumers) to use the same processes. The objective must be an equality of outcome.

Suppliers should provide information on accessible, affordable and effective routes for redress and, where available, the procedures for the resolution of disputes. These should avoid the expense of involving courts or regulators. Authoritative and recognised ombudsman procedures, with cost-effective routines for handling cross-border dispute resolution are the ideal. Suppliers should also monitor their own performance on meeting customer expectations, including response and resolution times for customer complaints, and take remedial action where necessary.

Initially, policing procedures tend to be passive, responding to customer complaints rather than actively seeking out breaches, but visible. effective, fast and enforceable sanctions against rogue traders are essential for codes to acquire credibility. It may be, however, that the active encouragement of whistle blowing by competitors as well as consumers will also be needed to test and publicise procedures and to secure acceptance and credibility on all sides.

The routes for redress must be easily identifiable (both within states and cross-border), reliable and rapid and with clear and achievable procedures. These could include:

• the existing customer service measures of the trader;
• the trade association of which the trader is a member;
• an independent self-regulation scheme set up to control a market sector;
• statutory measures, both national and international.

There are well established rules on applicable law for international business to business trade. These have led to three broad approaches for physical cross-border commerce:

• shipping so as to comply with the law of the country of destination (assumed by most existing legislation and by the participants in the G8 discussions on electronic commerce);
• shipping "free on board" under the law of the country of origin (leaving the recipient to comply with all local documentary, fiscal, etc requirements before the goods can be released at their destination);
• doing business under an agreed contract which specifies the applicable law and location for the adjudication of disputes (e.g. Islamic Law adjudicated in London).

Many of the small firms being encouraged to sell over the Internet have never before sold their products and services across national boundaries. Some believe the growth of e-commerce will depend on their being able to sell overseas under the laws that apply in their domestic markets.

Meanwhile many of the consumers now being encouraged to buy on-line have never bought abroad other than as tourists making purchases to bring back as personal imports. They are unaware just how different are the consumer protection laws of neighbouring states within the EU, or the different legal implications of giving authorisation to charge either your credit or your debit card. The issues become more acute as the digital TV "couch potato" goes "seamlessly" on-line to the web after clicking the TV zapper on an advert and moves "equally seamlessly" from the "protection" of the UK Advertising Standards Authority and Independent Television Commission to ...?

Attempts to "harmonise" within the EU on issues which are outside the remit of the US Federal Government are likely to be counter-productive. Rapid progress within current international forums is unlikely, given the slow progress on long-standing problems on responsibility for action on international telecoms fraud.

The growth of mass-market international e-commerce is more likely, therefore, to depend on contract-based frameworks which apply the expertise of the global freight-forwarding industry (largely centred around Heathrow). This already handles the physical delivery of high value goods ordered over the Internet from well-known US ICT suppliers. We can see global parcels operations beginning to look at low-cost services for small firms.

There is also a need for much greater support for, and attention to, the work of organisations such as SITPRO (Simplification of International Trade PROcedures) in the UK as well as a radical improvement in the interfaces for documentation, including for VAT, between EU Customs and Tax authorities.

The Internet blurs established concepts of legal boundaries but the rights of consumers vary considerably between nations. It is important that both trader and consumer know what laws apply to the transaction they are considering. The problem of location provides an opportunity for the UK to be seen by the world’s consumers as the place where problems can best be resolved. Little additional legislation is required within the UK to meet the needs of consumer protection in electronic commerce.

Consumers and suppliers will soon find existing laws and taxes catching up with them when they trade electronically. Governments were willing to turn a blind eye to personal imports while they were low volume, but now they are becoming too big to ignore. This gives added urgency to the need for solutions to the current policy logjam on applicable law and jurisdiction(s). This will be the subject of a separate EURIM Briefing.