E-commerce raises issues

The growing popularity of e-commerce will lead to knock-on work for the legal profession, according to Paula Staunton

In a rapidly developing field, IT lawyers not only have to deal with the cases and clients in hand, they must also keep an eye on the issues of the future.

In 1998, a number of issues will emerge in the IT industry that will also have a direct impact on the law and none more so than the issue of data protection.

The 1998 RSA Data Security conference was held in San Francisco. With a guest list of over 3,000 delegates ranging from software engineers to company presidents, representing hundreds of high-tech companies and users, data security is big news.

For all the hype surrounding electronic commerce, it has yet to reach its potential as the business community and users are concerned with privacy, data integrity and authentication issues.

It is inevitable that if "e-commerce" (essentially using e-mail to do business) is to thrive, security technology will become integral to products which create or deliver digital information.

Given the international nature of e-commerce, there are a number of initiatives under way to try to harmonise possible conflicting local laws in this area.

The UN has developed a Model Law of Electronic Commerce, which has been adopted by various states in the US and the European Commission has proposed that by the year 2000 there should be a common framework for cryptography in place across the EU.

In the meantime, cryptography is big business. BT has jumped on the bandwagon by forming an alliance with VeriSign, a leading US based digital certification service provider.

Under the deal, BT and VeriSign will work together to provide digital certification services from the UK. The service will be aimed at business and consumers to give users confidence in safely communicating and trading on the Internet and other open networks.

Articles on the year 2000 are currently very much in vogue. Needless to say, the industry is taking note and some users (if not all) are taking positive steps in an attempt to minimise the risk of system disruption or failure.

However, there is still the odd "It's our suppliers" or "It's our users" problem – so litigators, start preparing yourselves.

No sooner has the issue of year 2000 been discussed than the question of European Monetary Union (EMU) compliance rears its ugly head.

Osborne Clark recently gave a seminar to a group of clients on the legal and business implications surrounding the introduction of EMU. Many of the clients were left green around the gills by the end of it.

In addition, many IT companies are subsidiaries of US or Asian parents and, depending on the control exercised by the parent, interest in EMU may be negligible if the parent is not familiar with what is happening within the EU.

Although there has been much confusion and uncertainty surrounding the introduction of the Euro, what is clear is that on 1 January 1999 the Euro will become a currency in its own right and on 1 January 2002, Euro bank notes and coins will be introduced as legal tender in participating countries, with a deadline of 1 July 2002, when the national currencies of participating states will be withdrawn from circulation.

Although the UK does not look as though it will be joining round one of monetary union, with most IT companies and business users operating throughout Europe, EMU compliance should be a top priority for senior management.

On 1 January 1998 the Database Directive was implemented in this country. In brief, it will now be harder to secure copyright protection for databases. To do so under the regulations, there has to be an "intellectual creation" of the database. It will be interesting to monitor how the courts will interpret the meaning of an "intellectual creation".

For a database to profit from the new database right, there must be "a substantial investment (in terms of quantity or quality or both) in obtaining, verifying or presenting the contents of the database," according to the regulations.

The term of protection for the database right is 15 years from the end of the calendar year in which the making of the database was completed or first made available to the public.

In addition, the 15-year term can be extended by further 15-year periods if there again follows a substantial change to the database which satisfies the above test. The term afforded to copyright protection is 70 years from the death of the author of the database.

Trade on the Internet and electronic commerce has yet to reach its potential in Europe. In order to offer further protection for consumers who purchase goods or services electronically via distance sales, the EU has enacted a directive on distance selling.

The directive came into force on 4 June 1997 and member states have three years from that date in which to implement it.

Here are some of the issues covered by the directive:

a right for the consumer to be provided with the main terms of the contract before it is made and to have written confirmation of the terms;

a right for the consumer to withdraw from the contract, even if it is legally binding;

an obligation on the supplier to execute the consumer's order within 30 days; and

an obligation on the supplier to ensure that appropriate measures exist to allow a consumer to request cancellation of a payment where fraudulent use has been made of his card.

Clearly 1998 will continue to see the growth of new and interesting developments in IT.

Paula Staunton is an associate in Osborne Clarke's IT/Telecoms Unit in London.