MICHAEL M. SAX

B.A., B.C.L., LL.B., LL.M.

Barrister & Solicitor

 

 

 

 

 

SAX

                                              SS                       

                      Law Office

 

 

 

 

 

 

One University Avenue, Suite 402

Toronto, Ontario, Canada  M5J 2P1

Phone: (416) 955-0300 Fax: (416) 364-9880

Web: http://www.saxlaw.com  E-mail: mmsax@saxlaw.com

 

 

 

 

 

 

BUYING AND SELLING GOODS OVER

THE INTERNET

 

 

 

 

 

 

Michael M. Sax

January 24, 2000

All rights reserved.

Data protection rights reserved.

 

 

 

 

 

 

Presented Toronto, Ontario, Canada

Thursday, March 2, 2000

 

Buying And Selling Goods Over The Internet

 

 

Introduction:

 

…       The purpose of my portion of the seminar is to inform business leaders, such as yourselves, and your advisors about the laws and business strategies, which have to be contemplated in the sale of goods and services through electronic means such as the Internet.  We will look at the Internet as a borderless world and apply principles of international commerce and trading by analogy.  We will look at the concerns businesses have about e-commerce, strategic decision on how a business will conduct its electronic commerce, and borrow some pointers on how various business sectors in the distribution channel should conduct their electronic commerce.  We will then examine the legal issues involved in Web-site development, obtaining a domain name, the essential terms and conditions which should be contained on websites, and where they should be located.  We will quickly review the current privacy policy in Canada and Ontario, and explore the reasons for adhering to such a policy as a tool to build confidence.  We will look at contract formation over the Internet and some of the secure methods of payment. Finally, (although the title would expect this to be covered first, logic places it last) we will examine the use of the Internet from the perspective of business buyers who partner with their suppliers or use it to locate goods for resale. We will also examine the use of intelligent agents in assisting the buying and selling process.

 

 

 

Selling over the Internet

 

In order to succeed in international business transactions in the real world you have to:

…       Make a earnest commitment, allocate a realistic amount of money (including grants and other financing), develop a hard-nosed business plan, be creative on how you will get paid, understand the requirements of the target countryís trade and foreign investment laws, use local experts to achieve a real understanding and agreement.

…       You also have to understand various business cultures and if the target country is a developing one, whether there is a respect for the rule of law to which you are accustomed.

…       The law cannot be interpreted and applied without an appreciation of the non-legal issues.

The world of e-commerce is not drastically different.

…       It is not possible to advise on laws relating to jurisdiction, taxation, copyright, privacy and contracting relative to conducting electronic business without looking at the concept of trust, cultural differences, language, offensive advertisements and censorship, to name a few.  Since we are dealing in a borderless world, you cannot only be looking through glasses that have maple leaf lenses.

 

From the perspective of sellers wishing to use the Internet as the medium to offer products and services to consumers and businesses, I want to address some of the start-up legal considerations companies and individuals should apply including the structuring and locating of web sites, electronic contract formation; and how technology affects other issues normally dealt with in the international sale of goods by traditional commerce.

 

Common concerns businesses have about e-commerce include

…       Uncertainty about its benefits for their business

…       Start-up costs of connecting, such as purchasing hardware and software, obtaining a domain name, subscribing to an Internet connection or service provider, and training staff.

…       Search and navigation skills they have to develop to use e-commerce as a cost effective business tool.

…       Transparency of their terms and conditions which are available for viewing by competitors, as well as consumers.

…       Low barriers to entry for competitors, i.e., $1000 can get a business or its competitor up and running, although it will not generally buy the fulfillment capabilities of an e-commerce site.

…       As a result of technical congestion during certain times, the Internet will not effectively improve the ability of a business to disseminate and retrieve information.

…       Internet security relating to issues of unwanted intrusions into sensitive databases, electronic payments, contracting with authorized parties and protection from electronic viruses. Communication exchange, market opening and development and on line ordering/purchasing coupled with off-line transactions (i.e. C.O.D.) are of a lesser concern.

…       Lack of a stable legal foundation. The www does not recognize national borders, although laws, taxes and customs levies are applicable on a national and/or provincial/state basis.

…       The cost of attracting visitors to the site and establishing a trusted brand, i.e. offsite advertising and portal advertising.

 

 

STRATEGY

 

Decision On How A Business Conducts Its Electronic Commerce

 

If a business wishes a presence on the www, it should resolve whether it is going to use the site for:

…       Marketing, or to provide information in an advisory capacity to business partners and/or the public. This approach underutilizes the commercial potential of the www.

…       On a B2B level, the Internet can support the existing business processes.  An intranet between suppliers and distributors can be set up to replace EDI and thereby enable smaller suppliers to exchange data on a platform that is less costly than proprietary EDI VANS systems, which were generally available to larger companies;

…       Or on a B2C basis to conduct on-line transactions for the sale of goods and services ("e-Commerce").  Both B2B and B2C transactions increase revenues and reduce costs, but do not use the full potential of the Net;

…       Or to create new Internet enabled distribution models on both a B2B and B2C basis with low overhead and decentralized structures. Examples are:

1.     Affiliate Programs (paying commission to website owners for generating revenue sales through links in their websites), used by Amazon.com.  These programs generate book-selling revenue for website owners, enabling them to add products, such as books, for their customers without warehousing and distribution concerns.  This is a growing method used by far more businesses than booksellers.

2.     Merchants can join shopping portals.  Shopping portals allow them to focus on their core products, while benefiting from the process which enables consumers to purchase in a structured environment and clear purchases from various specialized merchants with one consolidated bill at the end of their shopping experience.  This method could probably be used on B2B level, where purchasers would be able to deal with specialized suppliers who complement each other.

3.     Another vehicle is Internet auctions, which allow merchants to expose their goods to buyers from across the globe and conclude transactions at low cost and at the ideal price level.  These are good to sell low priced goods, goods with a small target audience, or clearance inventory.

4.     Dell Computers uses customized shopping which allows the consumer to select from a wide range of options.  This encourages the customer to stay at the site and allows for same time inventory and delivery and disintermidiation (i.e., no middlemen).[1]

 

 

Once it has decided how its site should transact its operations, a business should always keep examining its best strategies.  In a sidebar in a recent Harvard Business Review article, the authors summarizes the strategic planning and action, which various types of players in the distribution channel should undertake.  The article examines it in the three dimensions of "reach" (access and connection), "affiliation" (whose interest does the business represent) and "richness" (the depth of information a business gives to or collects about its customers).  I have summarized it as follows:

 

If You Are an Electronic Retailer:

• Redefine your business in terms of a coherent consumer search domain, not an irrelevant physical category.
• Stay flexible.  Be very skeptical of exclusives with product suppliers. The sacrifice of reach and consumer affiliation is likely to cost you more in competitive advantage than the gain in margin is worth.
• Beware of Category Killer Physical Retailers.   Big Box retailers often have better consumer information and better logistics. Their only handicap is an inability to think differently. That could change.

 

If You Are an Incumbent Product Manufacturer:

• Adding richness, especially product-specific richness, is the most powerful way for you to compete. Concentrate on enhancing brand as experience.
• Mentally deconstruct your own business. Look at its informational components as businesses in its own right. Develop indices for pertinent strategies and create an organization that takes those strategies seriously.
• For you, reach is a two-edged sword: it might enable you to escape the stranglehold of your retailers, but it simultaneously exposes you to others whose potential reach is far greater than yours.

 

If you are an incumbent Category Killer Retailer:

• Redefine as an info business.  You have been beating department stores and general merchandisers in the reach game through overwhelming selection and mastery of logistics. But that is all economics of physical things. The new reach game is about information. If you play it seriously, it will force you to redefine your business.

…       Redefine and reinvent yourself.  You are going to be attacked, so do it to yourself before somebody does it to you.  Understand the multiple effects that even slight revenue erosion can have on the profitability of a high, fixed cost physical business. You will have to make those fixed costs variable.

• Understand your strengths.  You ought to win in the new world of e-commerce. You start with reach, a high measure of consumer affiliation, physical distribution, rich consumer data, options for multi-channel marketing, brands, and many of the right merchandising skills. You just have to be willing to compete against yourself.
• Know that your operating managers, if you leave it to them, will never make the necessary changes. The threat to their core business is simply too great.  Create a separate entity and give its managers the authority to exploit the assets of the traditional business. Synergy must be a one-way street, from the old business to the new.[2] 

 

 

What are the legal issues necessary to construct the site and transact the actual sale?

 

Website Development

…       Copyright to existing material: make sure that you own all the intellectual property rights to the content of your website or you will need to obtain a license.  This might include graphics, textual or video material in your company catalogue or database prepared by an outside source.  If a third party prepared the material for your company for off line use, obtain the release or title to use it in other media, including the Internet and the right to use it outside of your jurisdiction (borderless world).  If you are using multimedia such as video clips, photos or music you will need permission from the artist or the representative society.

…       Licenses will generally permit broad or limited use of the creative work, the reproduction ability of visitors to your site, the term and territorial scope, and representations that the licensor is the owner or has the right to grant you the license.

 

Website Development Agreements

…       If you are not familiar with HTML and do not want to create your own site through Microsoft FrontPage or other website creation software, you have to consider retaining a website designer.  Depending on your budget, your choice ranges from part time squeegee kids to international e-Commerce firms.  Since you are purchasing knowledge, either one may satisfy your strategic needs.  The difference may become apparent in their ability to provide you with or direct you to e-Commerce services, such as online credit verification, back room order processing and related delivery logistics.

…     Your agreement with a web site designer should set out very clearly your expectations as to what you want to achieve with the website, what you want it to look like, whether you want the developer to register a domain name for you and in which jurisdictions, which search engines you want to be registered with, and who will update and maintain the site.  Address the ownership of the material created for you, ideally, you want the ownership.  You should obtain representations that the designer is not going to use previously copy-written material.  If so, you will need a license to use the material as described above, unless it is from the public domain.

…       The agreement should deal with price, when payments are to be made, and the expected time of completion. You will want a completed site that is uploaded, but not accessible by the public, in order to test it and get feedback from selected viewers.  The agreement should contain technical specifications and representations from the developer as to the siteís competency, skills and compliance with industry standards.  In addition to other matters, you will want to be sure that the site has safeguards against tampering by hackers (although this is difficult) and that the developer has not imbedded profane words into the code which could embarrass you (ask Bill Gates about disgruntled employees).  The developer might use defamatory, misleading, deceptive or objectionable material on the site.  Obtain an indemnity.  Set objective criteria to ensure that the web site performs in terms of download rates, bandwidth usage and response times.  Customers will not visit a site on a repeat basis, if getting to it uses up their prepaid Internet account credit.[3]

 

Issues To Consider In Deciding Where To Locate Your Website

As the Internet is a global borderless architecture, it is possible to carry on a web business where your physical location could differ from your place of incorporation, from the location of your server, your service provider, or from the place of registration of your domain name.  On the one hand, web businesses attempt to isolate their assets by establishing a hosting of their website in a foreign jurisdiction.  On the other hand, that is a double-edged sword, because as a result of the wide net of jurisdictional laws, you can be subject to the laws of the jurisdiction in which you carry on business, reside or have a substantial presence.  In the real world in Canada, courts ensure that the action is tried in the jurisdiction that has the closest connection with the action and the parties.  In the U.S. the defendantís conduct and connection with the forum must be such that the defendant should reasonably anticipate being haled into court there.  The defendant has to have had minimum contact with the forum, so that the maintenance of the suit does not offend ìtraditional notions of fair play and substantial justiceî.[4]

A series of cases (fourteen) found personal jurisdiction over a non-resident defendant resulting from Internet contact including inter alia presence of a Web site, which was within the access of residents of the forum.[5]  A further series of cases[6] found no personal jurisdiction based on the mere fact that a defendant may have placed an ad on the Internet or maintained a Web site.  The line of reasoning is that the placing of a Web site is analogous to placing of an ad in a national or international periodical.  Without any other forum related actions, it would be unfair to claim jurisdiction.

In mid to late 1997, a case was decided that I think changed everything that was going on in the United States and began the process of making some sense out of the long arm jurisdiction cases.  In Zippo Manufacturing Company V. Zippo Dot Com, Inc. [7], the United States District Court for the Western District of Pennsylvania reviewed the case law and developed a test which was followed in Canada.  Zippo adopted what it called a Sliding Scale, a set of categories based on the nature and quality of the defendant Internet activity;

1.     First is the passive website where there is merely an ad, no jurisdiction.  Merely advertising in a forum, without more, is not a sufficient minimal contact.  Dot Com has done more than advertise on the Internet in Pennsylvania.  Defendant has sold passwords to approximately 3,000 Subscribers in Pennsylvania and entered into seven contracts with Internet access providers to furnish its services to their customers in Pennsylvania.

2.     Second is the intermediate website, where there is some interaction between website and persons who visit.  Some of those cases may permit the exercise of long arm jurisdiction.  Whether Dot Com's conducting of electronic commerce with Pennsylvania residents constitutes the purposeful availment of doing business in Pennsylvania.  When a defendant makes a conscious choice to conduct business with the residents of a forum state, "it has clear notice that it is subject to suit there.  If a corporation determines that the risk of being subject to personal jurisdiction in a particular forum is too great, it can choose to sever its connection to the state.  The Zippo intermediate category is interesting.  In this category, there is some Internet exchange of information, and the specific test in this category, what the courts are supposed to look at, is the level of interactivity and the commercial nature of the exchange.  They may be sufficient to show purposeful availment

3.     The third category is the fully interactive website, where large numbers of files are exchanged and where contracts are entered.  Dot Com argues that its forum-related activities are not numerous or significant enough to create a "substantial connection" with Pennsylvania.  The test has always focused on the "nature and quality" of the contacts with the forum and not the quantity of those contacts.

Zippo represents a major step forward, because the case was well written, analytical and persuasive.  As a result, numerous lower U.S. federal courts have bought into the Zippo analysis, so that now instead of cases on long arm jurisdiction in the United States going off in a number of different directions, it appears that a single test for application of the minimum contacts long arm jurisdiction is evolving.  Most courts, following Zippo, now agree on a certain set of relevant factors.[8]

 

 

Obtaining a Domain Name and its Relationship to Trademarks

 

Domain Names

 

…              TCP/IP Protocols (Transmission Control Protocol/Internet Protocol) was vital to the expansion of the Internet outside of its original military and research community environment.  One of the components that make up the TCP/IP are the Internet Protocol (IP), which provides the basic transportation and addressing facility.  It neither knows nor cares if the data packs arrive at their destination.  This form of address is not human friendly.  An IP address consists of 4 sets of numbers separated by periods.  Internet protocol numbers, for example 99.35.250.30, serve as a routing address on the Internet.  An IP address is an Internet equivalent to a telephone number - it refers to an address of a specific computer on the Internet.  The TCP/IP protocol includes the use of numeric IP addresses and domain names.  One needs to use either the numeric IP address or domain name to establish a link with another computer on the Internet.  Since people often remember names better than they do numbers, the people involved in the Internet came up with the Domain Name System (DNS).[9]  This permits each computer (referred to as a ìhostî) on the Internet to be reached by a simple name, rather than just an IP address.  Domain names are familiar and easy to remember names, for example: ìwww.amazon.comî. 

…              The management of domain names is constructed as a hierarchy.  It is divided into top-level domains (TLDís) and each TLD is divided into second level domains (SLDís) and so on.  More than 200 national or country code TLDs (ccTLDs) are administered by their corresponding governments or by private entities with the appropriate governmentís acquiescence.  An example might be ë.caí or ë.ukí.  A small set of Generic Top Level Domains (gTLDs) do not carry any national identifier, but denote the intended function of that portion of the domain space.  For example, ì.comî was established for commercial users, ì.orgî for not-for-profit and ì.netî for network service providers.  The registration and generation of these gTLDís used to be performed by Network Solutions Inc. (NSI), but is now performed by ICANN.  

 

…       What type of domain name will you have?  If you purchase a dial-up net Internet account that will be accessed by a modem for your own use, your account will often be assigned to the existing domain of your Internet service provider.  Example: mmsax@istar.ca or: www.saxlaw@istar.com.  If you plan on linking your organization to the Internet, you can obtain an Internet domain name for your organization.  Example: www.saxlaw.com.  You would register in the Canadian domain (.ca) or in the descriptive zone name (e.g. .com, or .org,) and your choice might depend on many factors depending on how your organization wishes to portray itself on the Internet.  The .ca domain is structured according to Canadian political geography, so if you register under this domain, it will be of the form "yourorg.CA", or "yourorg.province-or-territory.CA", or "yourorg.locality.province-or-territory.CA".[10]  A given organization may register at most one .ca sub-domain, with two exceptions.  The first is an allowance for a temporary overlap interval while changing from one .ca sub-domain name to another. The second is for an organization whose legal name has both an English form and a French form.  To qualify for a second level (national) domain, e.g. xyz.ca, your organization must be a legal entity, which is either federally incorporated, has its own office in multiple provinces or territories or own a trademark which is registered with the Canadian Registrar of Trade-Marks and which is being put forward in full as the organizational part of your subdomain name. 

 

What happens if you have a trademark and someone requests a domain name like your trademark, preventing you from getting that domain name?  In May 1999 the WIPO and ICAAN and other interested parties, including Canadaís CANARIE (soon to be CIRA), formulated the following policy.

 

Exclusions for Famous and Well-known Marks

…       A mechanism should be introduced whereby the owner of a famous or well-known mark can obtain exclusion in some or all gTLDs for the name of the mark where the mark is famous or well known on a widespread geographical basis and across different classes of goods or services. The effect of the exclusion would be to prohibit any person other than the owner of the famous or well-known mark from registering the mark as a domain name.

…       WIPO and ICANN also recommended that domain name applicants should be required to submit to the procedure in respect to any intellectual property dispute arising out of a domain name registration only in respect to allegations that they are involved in cybersquatting. 

…       The exclusion mechanism gives a cyberspace expression of the special protection that was established for famous and well-known marks in the ìParis Convention for the Protection of Industrial Property and the TRIPS Agreementî of the WTO. 

…       Experience shows that cybersquatters typically register many close variations of famous or well-known marks.  An exclusion, once granted, would place the burden of proving justification for the use of a domain name on the domain name holder where the domain name is identical or misleadingly similar to the famous or well-known mark and the domain name is being used in a way that is likely to damage the interests of the owner of the mark.  This is not yet law in Canada.[11]

Registering domains "is getting closer to the top of company's priority lists" in mergers, said Cheryl Regan, spokeswoman at Network Solutions Inc., which oversees a database with more than 6.7 million domain names. "It's important to your identity -- as much as your printed materials." 

…       Before America Online Inc. announced it would acquire Time Warner Inc. for $165 billion; it made sure it had the right Web site.  AOL registered at least 21 domain names that might be useful to the new company, which will be named AOL Time Warner.  The sites the company registered on Sunday ranged from AOLTW.com to AmericaOnlineTimeWarner.com.

…       According to an AOL database accessible from the Web, AOL registered the following domain names on Sunday:

ïAmericaOnlineTimeWarner.com;

ïAmericaOnlineTimeWarner.net;

ïAmericaOnlineTimeWarner.org;

ïTimeAmericaOnline.com;

ïTimeAmericaOnline.net;

ïTimeAmericaOnline.org;

ïAmericaOnlineTime.com;

ïAmericaOnlineTime.net;

ïAmericaOnlineTime.org;

ïAOLTimeWarner.com;

ïAOLTimeWarner.net;

ïAOLTimeWarner.org;

ïAOLTime.com;

ïAOLTime.net;

ïAOLTime.org;

ïTimeAOL.com;

ïTimeAOL.net;

ïTimeAOL.org;

ïAOLTW.com;

ïAOLTW.net;

ïAOLTW.org.[12]

The registrations were probably an effort to ensure that cybersquatters would not lay claim to the sites. 

…       In USA, federal courts have recently been favoring companies in cases involving domain-name piracy.  The Anti-Cybersquatting Act, which was passed last year, allows companies to seek up to $100,000 in damages against those who register domains with intent to sell them later.

 

 

Legal "Stuff" on the Website

 

Terms of use

…       Balancing marketing appearance with legal disclaimers and privacy policy in Web sites.  It is tempting to forgo a lot of legal jargon in favour of the marketing appearance for fear of scaring the potential customer from your site.  This could be dangerous, because if you don't specify the terms and conditions, which you will allow visitors/business partners to view your wares and services and enter into e-Commerce transactions with you, courts will likely have to interpret the relationship and violations of so-called agreements.

…       Prior to the Internet, in EDI relationships, parties entered into Partner Agreements before transacting data, but this is usually a supplier-customer relationship where parties have and continue to deal with each other in the real world. 

…       When you are dealing with the unknown party, both parties would like to know the terms and conditions up front. If you are dealing across jurisdictions you will want to specify your local laws in the same way real world international contractors usually try to specify the place of creating the contract and the place where disputes will be dealt with. 

…       I suggest you use wording such as:

"To keep everything running as smoothly as possible we try not to put too many restrictions on visitors to our site, however, there are a few key legal terms and conditions that we need to have in order to maintain security and efficiency. We apologize for the overly wordy and legalistic phrasing, but modern business practice dictates that we take these measures."

Where do you place these disclaimers?

…       Many sites hide these disclaimers in small print that most consumers can't find, let alone read.  However, the US Federal Trade Commission has asked sites to make such provisos more prominent.  It is always questionable how much protection disclaimers provide: "Posting 'Click here for our terms-of-service agreement' is nice, but what if I don't see it or if it is not an acknowledgement of those terms and conditions?î  It is for this reason that links to the terms and conditions governing the site should be on all pages and not merely the home page.  It is possible to access a site from an external link and be directed to e.g., a publication page without visiting the home page. If you are going to conduct an e-Commerce transaction with the visitor, it is advisable to require them to agree to the terms and conditions before doing business with you.[13]

…       Then, depending on the type of site, you will want to cover a number of items that could include:

…       Accessing and using the site binds viewers to the terms of use and conditions provided they can access and read the terms and conditions.  Terms and conditions may be revised from time to time and it is advisable to revisit this page.

…       Applicable copyright and trademark rights you are claiming, how visitors may use the site and what copying is permitted.

…       No guarantee of accuracy or currency of the information on the site and whether or not the information on the site is an invitation to treat (information for viewers to make an offer to buy which you have to accept), as opposed to an offer to sell by you (which they accepted by agreeing to purchase by adding to their shopping cart or clicking "I agree.î  This will be discussed in greater detail below).

…       Any disclaimers of general nature you wish to make.

…       Notwithstanding the encryption security you maintain, you are not able to guarantee the integrity of confidential information over the net.

…       Hyperlinks to other sites are for convenience only and not an endorsement.

…       Governing Law.

…       Who can use the site to conduct e-Commerce with you - age, citizenship, and any other restrictions you may place on the global aspect of your buyer.

 

 

Privacy policy

 

…              People who visit your site and supply you with personally identifiable information want to know what you will do with that information.  Visitors to your website want reassurances that privacy rights will be respected when they engage in e-Commerce.  In fact, it has become a major selling point with potential customers and clients.  It is a part of the confidence-creating role that successful e-Commerce businesses have to convey to the consumer.  If industry does not make sure it is guarding the privacy of the data it collects, some governments may feel it is their obligation and enact legislation. 

…              Some Canadian provinces have enacted privacy legislation, with Quebecís Act[14] respecting the protection of personal information in the private sector being the most extensive as it applies to data mining and disclosure.  As a matter of fact, the Canadian House of Commons has passed Bill C-6 on October 26, 1999 (formerly C-54).  The bill, based on the Canadian Standards Association's Model Code for the Protection of Personal Information that set down principles for the protection of personal information in the private sector, received its third reading in the Senate on December 3, 1999.  Because of concerns expressed by the health care sector regarding the definition of personal information, the Senate has introduced amendments to clause 2, page 3 and clause 30, page 23, clarifying that definition in respect to personal health information[15].  The amended bill should go back for a reading at the House of Commons on February 7, 2000.

…       The Bill would eventually apply to every organization that collects, uses or discloses personal information in the course of commercial activity.  Commercial activity is any activity that is of a commercial character and would include sales and purchases, as well as activities such as barters and exchanges.  An organization is a company, an association, a partnership, a person, or a trade union.  The Bill would not apply to organizations such as hospitals, public health clinics or physicians providing public health services.  It would not apply when an organization uses personal information solely for journalistic, artistic or literary purposes; and it would not apply to personal information used solely for personal or domestic purposes, such as Christmas card lists.

…       To encourage harmonization of provincial and federal privacy protection laws, the Bill would adopt a phased-in approach.  Essentially, a company would have to meet the obligations of Schedule 1.[16]  Schedule 1 contains ten principles similar to the fair information practices[17], those enumerated below, which are explained and elaborated, sometimes by way of example.  Since it would apply to all industry sectors and to companies of all sizes across the country, the principles are general.  The Schedule also gives companies the flexibility to adapt the principles to their particular operations.  The ten principles, in a nutshell, relate to accountability, identifying purposes, consent, limiting collection, limiting use, disclosure & retention, accuracy, safeguards, openness, individual access, and challenging compliance.

…       The most important principle in Schedule 1 is the requirement that companies obtain an individual's consent when they collect, use or disclose his/her personal information.  The general rule is that no one else would be able to make use of an individualís personal information without his/her permission.  An individual would have the right of access to his/her personal information, which is held by a company and to have it corrected if necessary.  Personal information could only be used for the purposes for which it was collected.  If a company were going to use it for another purpose, it would have to obtain consent again.  Individuals would also have to receive assurances that specific safeguards, like locked cabinets, computer passwords or encryption will protect their information.

…       The Bill would establish the Privacy Commissioner as an Ombudsman, for the purpose of obtaining a resolution of privacy disputes in a non-confrontational manner.  Companies would not be subject to the heavy-handedness of fines or imprisonment of the criminal law (except for obstruction and destruction of records) and they would be given the opportunity to solve the problems directly with their clients and customers.[18]

…              The type of information that could be collected by those companies that collect, store and use information can be generally classified as either "personally identifiable information" (or "individually identifiable information"), or "mass anonymous information".

…              Individually identifiable information can be defined as information that:

1.           Can be used to identify an individual.

2.           Is elicited by the company's Web site through active or passive means from the individual, and

3.           Its retrieval by the Company is in the ordinary course of business.[19]

…       Individually identifiable information could consist of an individualís name, address, telephone number, credit card number, social insurance number, e-mail address, or other consumer specific information, to name a few fields.  Personally Identifiable Information does not include information that is collected anonymously (i.e. without identifying the individual user) or demographic information that is not connected to an identified individual.[20]

 

…       Mass anonymous information can be defined as information that:

1.     A website or third party aggregates on its behalf and categorizes by demographic characteristics or established geographical areas, such as postal codes.

2.     Contains non-consumer specific information created from conducting mass media advertising and anonymous transactions for merchantsí use to better manage their businesses.

3.           Is not information that would enable direct marketers to engage in telephone solicitation, direct mail, e-mail contact or any other form of direct marketing directly to consumers.

…       There are a plethora of technologies that are used to collect both classes of information about consumers.  One of these tools is called "Cookies", which is simply a piece of information (computer code) that is saved on your own computer or your browser.  It contains information such as the personal preferences you exhibited when visiting a website. 

…       Although many online companies now understand the business case for protecting consumer privacy, they also show that the implementation of fair information practices is not widespread among commercial Websites.  Private information is still left unguarded on the Net and people need to hold such companies accountable for not protecting their customers.

 

Contracts / payment / delivery

 

Selling on the Internet or through the WWW is similar to selling in the real world.

1.           Prior to the contract: the customer enters the merchantís website, views the product and company information.

2.           Contract:

a)           If the vendor and the buyer have established a mechanism that neither of them should be able to repudiate the offered price or the products ordered, and

b)           If the customer is convinced that the product will arrive at the approximate specified delivery time, and

c)            If the vendor is satisfied that the order will be paid,

d)           Then the customer will place an order.

3.           Settlement of the amount due: the vendor invoices, the customer authorizes/pays.

4.           Post Sales: warranty, support and customer data gathering.

…              There is some debate regarding the formation of an electronic contract over the Internet.  One of the differences between contracting over the Internet and contracting by any other electronic means is the on-line Internet service provider. The issue is whether the parties are communicating and contracting directly, or are they communicating and contracting through a third party.[21]  Under the acceptance rule, a contract will not be formed until acceptance of the offer by the offeree has been communicated to the offeror.  The exception to the rule is called the postal rule, where an offeror has explicitly or implicitly agreed to the offer being accepted by the post office, once the letter or other communication has been posted.  The contract is deemed to have been formed even if the offeror does not receive the letter accepting the offer.  In building website documentation, it should be made clear in the relevant terms and conditions or by a statement which the user will see before sending his/her request by email to purchase an item, that the contract will not be formed until the web site owner has received the email accepting its offer.[22]

…              The international aspect of contracting over the Internet may complicate matters, because other jurisdictions (Civil Law for example) might hold that the local legal requirements for valid contract formation, have not been complied with.[23] If the sale is other than consumer goods, the principles of the UN Convention on Contracts for the International Sale of Goods (CISG) adopted by UNICITRAL[24] may apply.  Other issues are the requirements that certain contracts have to be in writing and require an actual signature of the contracting parties by statute formalities, (e.g., Statute of Frauds).  Ontario is on its way to recognizing electronic contract formation by adopting the UN model law on electronic commerce and the work of the Uniform Law Reform Commission, but it is not law yet.

…              Web page presentation content, products, description, pricing and delivery, will help the consumer decide.  The rest of the transactions are carried on across the World Wide Web, but most cases will require additional mechanisms connected to it.  The purchase of digital products, such as the text of an article, can be carried on entirely through the web page.  The buyer selects the desired article, enters a credit card account number, and the web server transmits the article.  If there are some security mechanisms to keep the buyerís credit card private, then the sale is completed without risk.   However, commerce over the Web requires a sales processing mechanism, as well.  Such mechanisms cover the process or the point at which the sale information has been captured through the web. It is then necessary to move the information to the appropriate systems within the merchantís organization, as well as outside, and to companies that provide services like credit card authorization, banks, electronic banking services, organizations involved in the electronic transfer of value and, if non-media tangible goods, an external shipping mechanism.[25]

…              The problems of conducting business over Internet are the following:

…              Fraud: Negotiating Prices and delivery options by e-mail are quite easy; but making sure that both payment and delivery occur is hard.  With no control over online identities, it is difficult to determine who actually sent the email.  In traditional commerce, buyers often send funds (by cheque or money order) to a post office box and never receive the merchandise they order.  There are methods to minimize these risks, and they have include obtaining telephone numbers, addresses and references.  There has been a minimal amount of fraud with credit cards, but people are reluctant to give their credit card number to vendors whom they suspect might be subject to fraud.[26]

…              In addition to the problems between the buyer and seller, there are problems inherent in the Internet that contribute to the insecurity of the system.  Once the data is transmitted beyond the originating computer, it could be handled by a number of intermediate computers (called routers), which make sure the data is delivered to its intended destination.  In this process, however, "eavesdroppers may be able to intercept information.[27]

…              There are weaknesses within organizations themselves.  Examples are poor procedure for password security.

…              Interception by third parties, particularly when youíre sending sensitive information like credit card numbers or electronic cash. 

…              Another risk might be forgery through the use of email based on the structure of the email protocols.  It is possible and probable that someone could send a message that appears to be coming from someone else (i.e. someone sends mail and signs your name).  Another risk is that someone intercepts your mail, changes it and sends it on to its final destination.  An example could be a change of payment instructions, so that the payment is redirected to the criminalís account

 

More Secure Methods of Payments on the Internet

 

…              The private sector is beginning to provide solutions to make electronic commerce more secure and trustworthy.  There are now insurance policies protecting merchants against liability risks of business on the Internet, as well as transaction brokers who provide centralized secure and cost effective service.  They act as intermediaries between the banks and small businesses unable to obtain merchant credit card numbers or who canít afford to acquire software to offer secure commerce. Accordingly, the barriers to secure electronic commerce are gradually reduced.

…              In traditional commerce consumers like the flexibility of cash, credit cards, personal cheques, and other instruments of convenience. For the Internet seller, the ability to offer customers flexibility and security translates into increased sales.  Internet commerce can focus on secure credit card transmission, electronic cheques, smart cards and digital currencies. Applying encryption to credit card transactions can be relatively simple from a technological viewpoint, however, it is still not prevalent on the Canadian market.

…              SET (Secure Electronic Transaction Technology)[28] was developed by VISA and MasterCard to bring security, privacy and authentication to Internet purchases.  To prevent someone from stealing a consumer/card holderís account number while the cardholder is on the Internet, a public key encryption is used to scramble and protect customerís credit card account information in a SET secure electronic transaction.  The consumersí second problem is knowing if he/she is dealing with a legitimate merchant.  SET also certifies that the merchant is a legitimate merchant who is registered with the Visa or MasterCard Secure Electronic Commerce by accepting Visa or MasterCard through its relationship with the bank that processes the merchantís authorizations and transactions.  A digital certificate is issued containing information that can be used to authenticate that the consumer is a valid cardholder dealing with a legitimate merchant, while being delivered to the consumerís bank, the merchant and the merchantís bank all in one transaction.  Once it is authorized, a merchant sends the confirmation of the purchase and forwards the order to the consumer by digital or physical delivery.  The consumerís computer software actually signs on his/her behalf.  The consumer obtains the software through its bank or through its web browser.

…              VisaCash - this is similar to prepaid telephone cards, used to make small purchases such as a cup of coffee, newspaper or public transportation.  Some are disposable and some are reloadable.  The disposable ones are predetermined: once the value of the card is used, the card is discarded.  Loadable cards come without a predefined value; they are loaded at the special ATMís and can be reloaded as many times as you have available cash.  VisaCash is going to be used on the Internet and is currently in its trial state.  Transactions occur similarly to the physical world, with card balances displayed both before and after the transaction.  It gives financial institutions participating in the cash program an Internet payment alternative that does not require incremental system changes.  For merchants, VisaCash can be integrated into the existing transaction settlement process.  Moreover, small payment transactions enable merchants to offer a wider range of merchandise, particularly low cost items.[29]

…              Mondex International is implementing digitally signed electronic cash encoded in smart cards that can be loaded by ATMs.  They are tested in U.K., USA and Australia.[30] A consortium of Canadian banks abandoned wide scale testing and a few still support it.

…              For intangibles such as electronic newsletters, First Virtual is one of the leaders.  Its Internet Payment System is based upon three principles:

…              Electronic information merchants can produce as many copies of electronic information at no incremental cost per copy.  If digital material is delivered and not paid for, no real loss occurs.

…              Information buyers need a way to examine before they buy.

…              Buying and selling should be easy.

Using an automated telephone system and sophisticated email to collect payment information, First Virtual eschews encryption or digital signature, preferring to rely on close monitoring of sales and purchases to reduce fraud. For small companies selling intangible products or companies just entering the Internet marketplace, it will remain an important mechanism.

…              CyberCash[31] acts as a conduit between Internet merchants, consumers and banking networks.   Merchant and consumers require the software.  CyberCash verifies that the order and the payment have not been modified by cryptography.  For security, payment information is not decrypted until it arrives at their server.  For the consumer once registered, there is no need to give information on subsequent purchases.

…              The above is only a description of a few methods that will be used for secure Internet payment.  Banks and other financial institutions are working with companies like Netscape, Microsoft Entrust and others to produce seamless payment systems for consumers and merchants alike.  For consumers the most important issues will be reliability, security, simplicity and acceptability to many merchants.  To keep abreast on the status of the newest methods and companies offering secure payment, search with your favorite web browser.

…              Added Internet payment security might change the demographic profile of the average online shopper.  Studies show that 43% of men online currently order from e-commerce sites, compared to only 28% of women users.  Most women rate payment security, privacy and lack of Internet regulations as important enough to keep them shopping in the real world.  Because women still make the majority of household purchase decision, e-commerce marketers are hoping that added security features and specific gender targeting will increase sales.[32]

In summary, if a consumer is looking for a particular product and a vendorís site is located in another city, country or part of the world, the consumer may have reservations as to whether the vendor is reputable, whether goods will ever be delivered, and whether they have the same ability to exchange or return the goods as they would dealing with a local retailer, a reservation probably not much different than print mail order houses.  Perhaps Internet retailers could learn from reputable and trusted catalogue vendors, such as Timothy Eaton, who assured satisfaction guaranteed or money refunded.  This issue has not been lost on a lot of big name retailers whose annual Christmas sales increased more than 25% over last year, due to their online retailing period.  A search conducted on a web browser under the heading of ìshoppingî would reveal many familiar names.

 

Buying over the Internet

 

 

Both offline and online, in order for a contract to be valid and enforceable, there must exist:

1.     An offer with an adequate description of the subject matter which expresses a party's willingness to enter into a binding agreement with another party,

2.     The unequivocal and non-conditional acceptance (and the communication of the acceptance) of the offer by the other party or parties back to the offeror, and;

3.     Subsequent transfer of valuable consideration.

 

…       We have heard from previous speakers how offline contracts to buy are created and the legal implications associated therewith.  I want to focus on the laws from the perspective of business buyers who use the Internet to partner with their suppliers or use it to locate goods for resale.

…       Unless the offer expressly states otherwise, its acceptance may be made and communicated in the same manner or medium of communication.  An offer sent by email may be accepted by email.  Acceptance can be evidenced in writing, verbally, or by conduct -- it is merely a matter of evidence although consumer protection rules or Statute of Fraud laws sometimes require "written agreements".

 

 

How are Internet contracts formed?

 

…       After your search engine identifies a web address (URL) e.g. http://www.buy.com/ that is of interest to you, and you visit the site for the purpose of conducting an e-Commerce transaction, you will generally be required to scroll through the terms and conditions of an agreement.  The reader will be asked to signify his/her acceptance of the terms and conditions before him/her by clicking on an " I ACCEPT" button with the mouse before proceeding with the transaction.  The visitor should have the choice of clicking "I DO NOT ACCEPT" and presumably visiting the site, but not transacting business.  The enforceability of this click is found in software that is sold offline.  These agreements in a shrink-wrapped box of software are appropriately called "Shrink-Wrap Agreements".

 

…       Shrink-Wrap Agreements come in different forms.  A software box may include a message which indicates that the license terms can be found inside the package, or a card detailing the license terms may be shrink-wrapped to the outside of the package.  In both cases, the purpose is to ensure that the customer receives an opportunity to review and indicate acceptance of the terms of the license prior to gaining access to the software.  Once a consumer "breaks the seal" of the wrapper or first uses the software, as the case may be, the customer is deemed to have read and assented to the terms of the Shrink-Wrap Agreement.[33]

 

…              In ProCD et al v. Zeidenberg[34] the defendant purchased copies of the plaintiffís telephone listings stored on CD, set up a bulletin board, downloaded telephone listings stored on the CDs and then made the telephone listings available to Internet users by placing the data on an Internet host computer.  The lower court said that the shrink-wrap license was not enforceable, since the buyer could not read it before purchasing.  On appeal on issues of copyright infringement, however, the terms of the shrink-wrap license on the CD were held enforceable.

 

…       Online, the Shrink-Wrap Agreement is called a Web-Wrap Agreement (or a Click-Wrap Agreement).  A recent report to the Uniform Law Conference of Canada stated that: "Web-Wrap Agreements satisfy the offer and consideration requirements as well as any other form of agreement, however, it is not clear whether clicking a button ("Clicking") satisfies the acceptance requirement.  During the case of Web-Wrap Agreements, there is no option to indicate written or verbal assent.  Therefore, the question is whether the act of Clicking is conduct, which sufficiently binds the Customer to the vendor/licensor's offer in a manner which constitutes acceptance of such offer.  Web-Wrap Agreements are valid and enforceable methods of contracting"[35].

 

…       Some authors believe, however, that certain procedures have to be followed to bind the offeror. They include:

…       The user must be required to scroll through the actual terms before being able to click on the "I ACCEPT" button.  The user must not have to take the action to find the terms and conditions (this is a marketing vs. legal issue).

…       The userís actions should be logged for evidence.

…       Direction and reference to the agreement have to be made at all products on the site.

…       Terms and conditions should be in plain language.

…       Bring unusual conditions, exonerations and disclaimers to the users attention[36]

…       Consumer protection legislation, which requires executory contracts to incorporate a signature element, may present an obstacle to the enforceability of certain consumer related Web-Wrap Agreements in Ontario and other provinces with similar legislation.

 

…       It is likely that other types of contracts, particularly in commercial contexts, such as employment arrangements, real estate transactions, purchasing of insurance and financial lending, may be drafted in the form of a Web-Wrap Agreement.  Web-Wrap Agreements, which are increasingly used for a variety of contractual relationships, will eventually become part of the normal course of dealing.  Thus, from a legislative perspective, the best approach may be to adapt existing statutes, consumer related or otherwise, to remove barriers to the use of electronic means of contracting, and thereby establish greater certainty with respect to the validity and enforceability of such agreements.[37]

 

…       Traditionally, from a legal viewpoint, humans interacted to create contracts.  In the last four decades, however, contracts have been created with little or no human interaction after the initial establishment of the relationship.  In EDI transactions, suppliers and buyers agree to trade with each other and a trading partner agreement sets out the terms and conditions that govern their relationship.  From that point forward, the buyerís computer might initiate an EDI message to a supplier after it searches and detects that the inventory level is low on a particular SKU.  The supplier's computer may return a message accepting the order and then forward it for processing.  Outside of EDI relationship, buyers could visit a supplier's website, scroll through an electronic catalogue and place an order which could be accepted by the supplier's computer system.[38]

 

…       The Uniform Law Conference of Canada has adopted the Uniform Electronic Commerce Act as a uniform act, recommending it to the member jurisdictions for enactment.  From here, it is up to provincial and territorial legislatures to decide whether to adopt the Uniform Act, uniformly.  The Uniform Electronic Commerce Act is fashioned after the UNICITRAL Model Law on Electronic Commerce.  The Model Law was prepared as a model to countries for the evaluation and modernization of their laws relating to computerized or other modern communication techniques, also to be used by a number of states with limited familiarity with modern communication techniques.

 

…       The Model law took a ìfunctional equivalentî approach, based on the analysis of the purposes and functions of the traditional paper-based requirements of contracting, to determine how those functions could be fulfilled electronically. The purposes of paper documents are, inter alia:

1.     Legibility.

2.     Inalterability. 

3.     Ability to produce a copy.

4.     Authentication of data by means of a signature.

5.     Easy storage, finalizing and recording the intent of the author in a form acceptable to public authorities.

The Model Law intends that electronic means will fill a similar function. 

 

…       The scope of application of the Law is to provide the principles for the coverage of all factual situations where information is generated, stored or communicated, irrespective of the medium on which such information may be affixed.[39]  Its intention was not to alter traditional rules on paper-based communications, but was intended to apply to commercial applications growing out of trade relationships.  This should not discourage states from using the Model Law to apply to both domestic and international matters, as well as non-commercial matters, that use electronic media.  The law does not specifically deal with consumer protection and the Commission deferred to existing or future domestic legislation in this area. [40]

 

…       The Uniform Electronic Commerce Act recognizes the valid conclusion of contracts by electronic means lacking human intervention where a computer generates a message expressing offer and acceptance. [41]

 

Definition of "electronic agent

…       19. In this Part, "electronic agent" means a computer program or any electronic means used to initiate an action or to respond to an electronic documents or actions in whole or in part without review by a natural person at the time of the response or action.

Comment:    Computer transactions are largely automated transactions.  The novelty of electronic commerce is less the automation, than the electronic communications used to establish relationships that require legal effect.  The forms of automation are changing, too. Businesses and individuals use "electronic agents", which are software programs, sometimes embedded in hardware, that can seek out information and respond to it or to incoming messages. 

 

I will now discuss some of the legal effects of using such tools.  The use of the term "electronic agent" is widespread. The law of agency, however, plays no part in this discussion. An electronic agent is a tool, not an agent in law.

 

Formation and operation of contracts

…       20. (1) Unless the parties agree otherwise, an offer or the acceptance of an offer, or any other matter that is material to the formation or operation of a contract, may be expressed

a)     by means of an electronic document; or

b)     by an action in electronic form, including touching or clicking on an appropriately designated icon or place on a computer screen, or otherwise communicating electronically in a manner that is intended to express the offer, acceptance or other matter.

…       (2) A contract shall not be denied legal effect or enforceability solely by reason that an electronic document was used in its formation.

Comment:    The Act does not purport to change the general law of contracts.  This section ensures that electronic communications are capable of conveying the kinds of intention that are necessary to support contractual relations.  In particular, actions that do not involve detailed language, such as clicking on icons on computer screens, are expressly made acceptable for contract purposes.

 

Involvement of electronic agents

…       21. A contract may be formed by the interaction of an electronic agent and a natural person or by the interaction of electronic agents.

Comment:     The law has been unclear whether automated means of communication, such as electronic agents, could convey the intention needed to form a contract where no human being reviewed the communication before the contract was made.  This section makes it clear that this can be done, both where a natural person communicates with an electronic agent and where a communication has an electronic agent at both ends.

 

Errors when dealing with electronic agents

…       22. An electronic document made by a natural person with the electronic agent of another person has no legal effect and is not enforceable if the natural person made a material error in the document and

a)     the electronic agent did not provide the natural person with an opportunity to prevent or correct the error;

b)     the natural person notifies the other person of the error as soon as practicable when the natural person learns of it and indicates that he or she made an error in the electronic document;

c)     the natural person takes reasonable steps, including steps that conform to the other person's instructions to return the consideration received, if any, as a result of the error or, if instructed to do so, to destroy the consideration; and

d)     the natural person has not used or received any material benefit or value from the consideration, if any, received from the other person.

Comment:    The law has rules about the effect of mistakes.  Particular concerns have been expressed about computer communications, however, for two reasons.  Firstly, it is easy to hit a key when typing quickly, or click a mouse on the wrong spot on a screen, and by doing so send a command with legal consequences ("the single keystroke error").  Secondly, much electronic commerce is done by electronic agents, as noted in the comment to the previous section. The electronic agents may not be programmed to respond to a subsequent message saying, "I didn't mean that."

    In addition, the section applies only if the legal entity to which the message was sent did not provide a method of preventing or correcting the error. The Act does not tell people how to do this, but one may imagine a message on a screen saying "You have ordered X at $Y. Is this correct?" If the person confirms the first order, this section would not apply. This provision gives online merchants a way of giving themselves a good deal of security against allegations of mistakes, and encourages good business practices, which is in everybody's interests."

 

…       New Internet enabled distribution models have a corollary; new Internet enabled purchasing methods.  These are in the form of Shopping Bots or intelligent agents, which are bits of software that help buyers sift, filter and process information.  However, agents that perform the tasks of comparing have not been created.  Buying and sometimes even selling goods, they can finesse dozens of purchasing decisions at once, searching for efficiencies.  The first generation of intelligent agents focused on consumer goods and, particularly, price comparison.  Buyers, however, found that the cheapest price in the world was useless if the supplier was unable to fulfill the order.  Frictionless Commerce's http://www.frictionless.com/ initial technology, the Frictionless^SM ValueShopper, evaluates products and services based on their overall value to consumers -- not just price.  Because the Frictionless^SM ValueShopper evaluates merchant features as well, unlike most shopping solutions, Frictionless Commerce offers merchants a way to differentiate their value-added services.

…       Accompany's http://www.accompany.com/Get It Together Network^SM aggregates demand for products and services in real time, changing the way people buy.  Rather than search for products, they bring together buyers all of whom want the same product.  It pools consumer purchasing power across its network of Web Community Partners to drive volume pricing from its Supplier Partners.  The problem with agents is that they cannot absorb information outside their programmed parameters.[42]

 

I hope this has given you a general picture of some of the issues involved with buying and selling goods and services over the Internet.