- Kodak Fulfills Orders for Under Priced Cameras
- Data Privacy - ‘Safe’ to send personal data to Canada
- Information Commissioner’s Web Site Data Protection Audit
- BSA Truce Does not Extend to UK
- UK Government Misses E-Commerce Directive Implementation Deadline
- Implementation of Electronic Signature Directive
- UNCITRAL Draft Convention on Electronic Contracting
1. Kodak Fulfills Orders for Under Priced Cameras
The potential hazards caused by website errors were demonstrated last month by Eastman Kodak when they decided to supply website ordered cameras to customers at a hefty discount. The cameras had been mistakenly offered for sale on Kodak’s website at a price of £100 instead of the RRP of £329. The mistake remained on the website for only twelve hours but attracted more than a reported 10,000 orders during that time.
Initially, Kodak had emailed customers arguing that the customers’ orders, placed on the website, were only an “offer to purchase” which Kodak could choose to turn down.
An important factor in this case, however, was that Kodak subsequently emailed those who had placed orders on the site in acknowledgement of those orders. This act is thought by many to constitute acceptance of the order and hence form a binding contract. Unhappy consumers had threatened Kodak with litigation and many feel it is a case Kodak could easily have lost.
The confirmation email sent by Kodak distinguishes this scenario from that experienced by Argos when it offered TVs on its website at an incorrect price (Argos had misplaced the decimal point!) because Argos did not send an email confirming orders.
Kodak claims to have decided to honour the orders for the sake of good customer relations and refused to comment on whether a legally binding contract had been formed. How much this decision has cost Kodak is not known, but based on the difference in price, the error could cost Kodak over £2 million.
2. Data Privacy - ‘Safe’ to send personal
data to Canada
Article 25 of the Data Protection Directive prohibits the transfer of personal data (any information that can identify a person) from inside the EEA (European Economic Area) to third parties in countries that do not have ‘adequate levels of protection’.
On 20th December 2001 the European Commission officially declared that Canadian data protection laws provide adequate protection for personal data under EC law. Until recently the Commission had approved only Switzerland and Hungary. Companies in the US can join the Safe Harbour scheme which has also been approved by the Commission.
In the past transfers outside the EEA have been carried out by requiring (under contract) the transferee to comply with data protection principles even though the transferee’s country of residence does not have data protection laws. This can be achieved using the set of clauses approved in January 2002.
This approval now means that companies in the EEA can safely transfer personal data (e.g. for processing) to Canada in the same way that they could previously transfer data within the EEA.
3. Information Commissioner’s Web Site Data
Protection Audit
The Information Commissioner has commissioned a study to ascertain the extent of compliance by UK web sites with the Data Protection Act 1998. The study will be carried out during January and February 2002.
The study will review if organisations operating web sites that collect personal data have:
- data protection notices and a privacy policy;
- notified the Information Commissioner of their processing activities;
- a notification that reflects what they do in practice;
- considered direct marketing requirements; and
- a secure web site.
In order to prevent the Commissioner from taking such action, organisations that have not complied with the Act may wish to carry out a review of their on-line activities and their data handling procedures to ensure compliance.
4. BSA Truce Does not Extend to
UK
At the beginning of January 2002, the Business Software Alliance (the "BSA") launched a month long grace period in five US cities to give companies running unlicensed software the chance to become legal without facing action by the vendor group.
The BSA is an international organisation representing leading software, hardware, internet and e-commerce developers in 65 countries around the world, with offices in the USA, Europe and Asia. The BSA's self professed role includes helping governments and consumers to understand how software can strengthen the economy, increase worker productivity and aid global development; educating computer users about software copyright; and fighting software piracy and internet theft.
The BSA stated that the truce was motivated by a recognition that some businesses may simply not have managed their software assets properly. The grace period offers businesses a chance to catch up, to conduct a software audit and to acquire the necessary licences they need.
However, the BSA truce has not been extended to the UK. The last time a similar programme ran in the UK was in Spring 2000. The BSA has recently been criticised by IT professionals and lawyers for its name and shame policy, which saw the BSA naming a leisure centre, a county council and candle maker as guilty of licence violations, culminating in the amount of £65,000 being paid in September 2001.
In a more recent out-of-court settlement, Clackmannanshire Council in Scotland has agreed to pay an undisclosed sum to the BSA for the use of 470 copies of Microsoft Office 97 without valid software licences.
Clackmannanshire Council bought 470 loose end-user licences at discounted price and when the council presented these licences to Microsoft for verification, they were found to be counterfeit and invalid. Microsoft advised the council to revert to the supplier to seek redress and also advised the council to purchase valid licences to replace the 470 illegal licences in use. Microsoft referred the case to the BSA early last year when the council refused to carry out an audit of its software, or to legalise its software.
5. UK Government Misses E-Commerce
Directive Implementation Deadline
Only three of the fifteen EU member states, namely Austria, Germany and Luxembourg, have implemented the E-commerce Directive by the 17 January 2002 deadline, leaving twelve countries in technical default with the UK being one of them. Member states that do not meet the 17 January 2002 deadline are supposed to be penalised but since there are so many non-compliant countries, it is believed that immediate penalties are unlikely.
The aim of the E-commerce Directive is to facilitate intra-EU electronic commerce through harmonisation and the removal of regulatory obstacles. One of the key reasons given for the UK's delay in implementing the Directive centred on the need for further consultation on legal aspects of its transposition into national law. This is expected to take place sometime in early March this year together with a separate consultation focused specifically on the financial services sector.
The UK government aims to implement the E-commerce Directive into national law by early June of this year.
6. Implementation of Electronic Signature
Directive
A consultation was recently conducted by the Department of Trade and Industry on the aspects of the EU's Electronic Signature Directive which failed to be implemented by the Electronic Communications Act 2000. The consultation was closed on 19 June 2001.
The consultation had raised some issues particularly in relation to the implementation of the data protection requirements in Article 8 of the Directive as well as understanding the development of new information and communication technologies. This means that the implementation of the Directive into national law will be delayed.
To see a detailed summary of the responses to the consultation, please
click on to
http://www.dti.gov.uk/cii/datasecurity/electronicsignatures/signatures.shtml
7. UNCITRAL Draft Convention on Electronic Contracting
Overview
The Electronic Commerce Working Group of the United Nations Commission
on International Trade Law will hold its 39th session in New York for one
week from 11th to 15th of March 2002, to discuss the Draft convention on
electronic contracting (available at The Draft specifically excludes two types of contract:
The Draft also confirms that contracts can be formed by automated
computer systems, as will usually be the case for any e-Commerce
transaction.
The Draft covers the issues of time of formation of an electronic
contract and also the time and place of dispatch and receipt. Time of
formation is described as the moment when the buyer receives notification
from the seller that the offer to buy has been accepted. This could be a
web page informing the buyer that the goods have been purchased or that
the order is being processed, or alternatively an email from the seller.
The Draft also sets out the criteria that must be satisfied for an
electronic signature to be considered reliable. The criteria are
essentially the same as the requirements under the EC Electronic
Signatures Directive (1999/93/EC) and the Electronic Communications Act
2000 and demonstrate what is becoming accepted as a legal framework by the
international community.
The Draft should provide companies with assurance that the current
approach to online contracting, as influenced by EC legislation, is
correct and is likely to be in accordance with any future international
trade laws.
"© Herbert Smith 2002 The information contained in this article is of a general nature. and should
not be relied on in that way. Specific advice should be sought about
your specific circumstances."
Chapter III of the Draft deals with
formation of contracts. The Draft confirms that advertising on websites is
usually only an invitation to treat. In other words a contract will not be
formed until the website (the seller) accepts the surfer’s (the buyer’s)
offer to buy the goods or services advertised.
