Legal Issues:
1. Hierarchy of legal jurisdictions (UK)
1. Standards & Codes of practice (UK bodies)
2. UK statute & common law
3. EU directives to governments
4. International agreements
2. Concerns are global
1. Domain names & trademarks, advertising, defamation, IPR, privacy, taxation of e-commerce
UK statutes:
1. Consumer Credit Act 1974
2. Health & Safety at Work Act 1975
3. Data Protection Acts 1984 & 1998
4. Copyright, Designs & Patents Act 1988
5. Computer Misuse Act 1990
6. Electronic Communications Act 2000
7. Regulation of Investigatory Powers Act 2000
8. Law of contract, sale of goods, etc.
EU Directives:
1. Must be enacted into UK law
1. Often done through statutory instruments
2. Basis for privacy, H&S laws
2. Try to look at Europe-wide standards
1. Can conflict with basis of national law
3. Many changes due through this route
1. E.g. Harmonisation of aspects of copyright, taxation of sales
Protecting Privacy:
1. Privacy
1. The right to be left alone and the right to be free of unreasonable personal intrusions
2. Information Privacy
1. The claim of individuals, groups, or institutions to determine for themselves when, and to what extent, information about them is communicated to others
How is Private Information Collected?
1. By individuals providing data during registration, searching, purchase
2. From Internet Directories
3. By making your browser record information about you
4. Server logs of what you browse
5. From e-mail monitoring
Five principles of e-commerce privacy:
1. Notice/Awareness €“ Notice to make informed decisions.
2. Choice/Consent €“ on use of personal information. Consent may be granted through €˜opt-in €™ clauses requiring steps.
3. Access/Participation €“ Must be able to access their personal information and challenge its validity.
4. Integrity/security €“ Must be assured that data is secure and accurate.
5. Enforcement/Redress €“ methods should exist. Alternatives are self-regulation, legislation for private remedies, government intervention.
Company Guidelines:
1. UK - the relevant legislation is Data Protection Act 1998
2. USA - few laws directly controlling use of personal data
1. Privacy Act 1974 - regulates Federal record keeping
2. 1997 €˜Framework for Global e-Commerce €™ from Clinton Admin. - recommended self-regulation
3. Federal Trade Commission Children €™s Online Privacy Protection Rule (from 21/4/2000) - before collecting personal information from a child under 13, must have consent of parent.
Web Site Registration:
1. Much information can be gathered
2. Presents problems for sender & recipient:
1. Who will receive the data?
2. How will the data be used - business planning, sale to a third party, appropriately?
3. Is the data correct?
4. Who really sent it?
99.99% of statistics are made up on the spot:
1. 10th User Survey by GVU suggests:
1. 40% of all users have falsified information when registering online
2. 66% of all U.S. and European respondents don €™t register as they don €™t know how the information is going to be used
3. 63% don €™t feel that registration is worthwhile considering the content of the sites
4. 58% don €™t trust the sites collecting this information from them
2. http://www.gvu.gatech.edu/user_surveys/
Protecting Intellectual Property:
1. Copyright - Copyright Design & Patents Act, 1988 gives protection for literature, including
i. Derived works - translations, adaptations);
ii. Art (inc. applied art - jewelry, furniture etc.);
iii. Computer programs
1.
2. Copy; distribute; record; perform; broadcast;
i. Lawful only with authorisation of copyright owner
1.
3. Case: Shetland Times v. Wills (i.e. €˜Times €™-v- €˜News €™)
i. Court decreed that headlines had copyright protection, and hence could not be linked without authorisation
2. New EU directive on copyright harmonisation due soon.
Trade Marks:
1. A sign (words, pictures, colours etc.) - a means of identifying a business capability for particular goods/services
1. protection through registration
2. E-commerce problems for trademarks:
1. domain name problems - misuse; cybersquatting & selling; character string problems (e.g. CANDYLAND case - Hasbro v. IEG Ltd. 1995)
2. deep linking (e.g. case: Ticketmaster v. Microsoft, 1997; Ticketmaster 2001)
3. metatagging (e.g. case: Playboy v. Calvin DL, 1997)
More Intellectual Property Issues:
Trade Secret
1.
1. Intellectual work such as a business plan, which is a company secret and is not based on public information.
2. Corporate espionage via internet technologies is said to be a problem.
2. Patent
1. A document that grants the holder exclusive rights on an invention for some years.
2. Case: Amazon v. Barnes & Noble (1999) for 1-click purchasing.
Public Key Infrastructure:
1. Aim: secure and trusted environment for the conduct of electronic commerce.
2. Digital Signatures authenticate the identity of the sender and give assurance of message integrity, and thus can provide a system of non-repudiation.
3. Smart Cards - implements PKI in hardware rather than merely in software, for greater security.
1. Card can contain PKI chip containing user’s private key, which can only be used by someone with physical possession of the card (WHAT YOU HAVE), and knowledge of a secret pass phrase (WHAT YOU KNOW) plus perhaps a biometric identifier (WHO YOU ARE).
2. Time/date-stamping - by third party
Implications for business internet usage:
1. Specify the rules of electronic contracting and jurisdiction prevailing when buyers, brokers, and sellers are in different countries
1. Establish whether encryption, e-certs required
2. Have a policy to ensure compliance with law (esp. in UK €“ e.g. Data Protection Act 1998)
3. Ensure that sites do not breach copyright (including within intranets)
4. Be aware of infringing laws (e.g. on data handling, content, trading) of other nations if scope is beyond own national boundaries.
