News, Comments and Opinions on information law and legal informatics. Στο παρόν ιστολόγιο μπορείτε να βρείτε ειδήσεις και νέα από το χώρο του δικαίου των νέων τεχνολογιών.
Πέμπτη 24 Σεπτεμβρίου 2015
The EU legal framework on electronic signatures
Electronic signatures and
related services that allow data authentication can play an important role in
ensuring security and trust in electronic transactions. Certainly, in open
networks such as the Internet, security issues are emerging, which hinder the
development of electronic services. In particular, concerns are raised on the
confidentiality and security of electronic communications, which hold back the
exploitation of the Internet as a platform for e-commerce.
To deal with the issues of security and trust in electronic transactions, the EU adopted in 1999 the eSignature Directive. This Directive (Directive 1999/93/EC) establishes the legal framework at EU level
for electronic signatures and certification services. The aim is to make
electronic signatures easier to use and help them become legally recognised
within the Member States. The Directive does not favour any specific
technology.
The Directive
lays down the rule of legal recognition of electronic signatures;[1] it
establishes a legal framework for electronic signatures and certification
services and defines two levels of security that organizations may apply to
e-signatures depending on the sensitivity of the transaction, that is: (a)
simple e-signatures, which provide a minimum level of security and (b) advanced
electronic signatures, which provide a higher level of security and can be used
as a substitute for a handwritten signature.
In order for a signature to
be qualified as an advanced signature, certain requirements have to be
fulfilled (Article 5(1) of the Directive). These requirements concern the
technical function of the signature software and the existence of a qualified
certificate, which is provided by a certification service provider which meets
certain criteria. As is obvious, apart from the regulation of the legal effect
of electronic signatures, the legal regulations concerning the certification of
e-signatures and the accreditation of service providers are also of great
importance.
As already mentioned, the
Directive adopts a technology neutral approach regarding the recognition of
electronic signatures. It defines electronic signatures in an abstract manner,
so that different technologies can be used to fulfil the legal requirements in
order to be qualified as electronic signatures. However, advanced electronic
signatures correspond essentially to digital signatures, since the requirements
laid down are only met by public key crypto systems.
Regarding the legal effect
of e-signatures, a two-tier system is created, in accordance with Article 5 of
the directive. Firstly, advanced electronic signatures, which are based on a
qualified certificate and are created by a secure signature creation device,
are equal in their effect, that is legal validity and probative effect, to
handwritten signatures in paper documents. Secondly, the rule of
non-discrimination of e-signatures is laid down. Accordingly, EU Member States
shall ensure that an electronic signature is not denied legal effectiveness and
admissibility as evidence in legal proceedings solely on the grounds that it
is:
— in electronic
form, or
— not based upon
a qualified certificate, or
— not based upon
a qualified certificate issued by an accredited certification-service-provider,
or
— not created by
a secure signature-creation device.
Furthermore, the |Directive
includes rules on market access (Article 3) and establishment of providers of
e-signatures services (Article 4), which are in line with EU principles. The
liability of certification service providers is regulated in Article 6, which
provides for a strict liability regime; accordingly, as a minimum, by issuing a
certificate as a qualified certificate to the public or by guaranteeing such a
certificate to the public a certification service provider is liable for damage
caused to any entity or legal or natural person who reasonably relies on that
certificate.
The recognition of
certificates issued by providers established in third countries is regulated in
Article 7. Certification service providers are further under the obligation to
comply with data protection requirements, laid down in directive 95/46 and more
specifically, to collect personal data only directly from the data subject, or
after the explicit consent of the data subject, and only insofar as it is
necessary for the purposes of issuing and maintaining the certificate. The data
may not be collected or processed for any other purposes without the explicit
consent of the data subject.
On the basis of this
Directive, Commission Decision 2003/511/EC of
14 July 2003 on the publication of reference numbers of generally recognised
standards for electronic signature products was issued. The Annex of this legal
act includes a list of standards in compliance with the requirements in Annex I
f of the Directive, i.e., CWA 14167-1 (March 2003): security requirements for
trustworthy systems managing certificates for electronic signatures - Part 1:
System Security Requirements and CWA 14167-2 (March 2002): security
requirements for trustworthy systems managing certificates for electronic
signatures - Part 2: cryptographic module for CSP signing operations -
Protection Profile (MCSO-PP) and a list of standards in compliance with the
requirements in Annex III, i.e., CWA 14169 (March 2002): secure
signature-creation devices.
Furthermore, the Commission
Decision 2000/709 was issued, which lays down the minimum criteria to be taken
into account by Member States when designating bodies in accordance with
Article 3(4) of Directive 1999/93/EC, that is, when a national body is designated
as responsible for the conformity assessment of signature-creation-devices.
A report on the operation of
the Directive 1999/93 was issued in 2006.[2]
The conclusions of this report concentrated on the legal aspect and the market
effect of the Directive. Regarding the former, it is acknowledged that the
directive introduced legal certainty with respect to the general admissibility
of electronic signatures: the need for the legal recognition of electronic
signatures has been met by the transposition of the EU-Directive into the
legislation of the EU-Member States. As far as the market effect of
e-signatures is concerned, this has been relatively low. In particular, it was
found that the use of qualified electronic signatures had been much less than
expected and the market was not very well developed. The main reason for the
slow take-off of the market is that service providers had little incentive to
develop multi-application electronic signature and preferred to offer solutions
for their own services. The banking sector and e-government were the sectors
where e-signatures were mostly used.
Consequently, extensive
consultations on a review of the e-signatures directive took place, and also,
on the initiative of the EU Commission, a number of studies were conducted in
relation to electronic identification, authentication, signature and related
trust services (eIAS). It was made clear that a large majority of stakeholders
agreed on the need to review the current framework to fill the gaps left by the
directive. It was concluded that this would better respond to challenges posed
by the rapid development of new technologies (particularly online and mobile
access) and by increased globalisation, while maintaining the technological
neutrality of the legal framework.
Critics also highlight the
fact that the e-Signatures Directive mistakenly combines identification and
authentication with signing, while those should be treated separately.[3] And also, the combining of PKI technology and
the legal status of signatures seems frustrating.
As a result, the
e-Signatures Directive was replaced with the Regulation
910/2014 on electronic identification and trust services for electronic
transactions in the internal market (eIDAS
Regulation), adopted on 23 July 2014. The eIDAS Regulation shall
apply from 1 July 2016, with the exception of certain provisions which
will apply in different stages.
The eIDAS Regulation creates
a European internal market for electronic identification and electronic trust
services, including:
· electronic
signatures; the rules related to the legal effect of e-signatures are provided
for, as well as the requirements for qualified signature certificates, for
qualified e-signature creation devices etc.
· Time stamping,
i.e. the date and time on an electronic document which proves that the document
existed at a point-in-time and that it has not changed since then;
· Electronic seal,
i.e. the electronic equivalent of a seal or stamp which is applied on a
document to guarantee its origin and integrity;
· Electronic
delivery, i.e. a service that, to a certain extent, is the equivalent in the
digital world of registered mail in the physical world;
· Legal
admissibility of electronic documents to ensure their authenticity and
integrity;
· Website
authentication, i.e. trusted information on a website (e.g. a certificate)
which allows users to verify the authenticity of the website and its link to
the entity/person owning the website.
The Regulation obliges
public bodies to accept cross-border identification/authentication services
that are provided under a scheme that has been properly notified to the
European Commission. Thus, it ensures that people and businesses can use their
own national electronic identification schemes (eIDs) to access public services
in the EU countries where eIDs are available.
It also creates a European
internal market for electronic trust services in that it guarantees that they
will operate across borders and have the same legal status as traditional paper
based processes.
EU Member States should
establish supervisory bodies that will supervise certification service
providers, but also trust service and qualified trust service providers. The
conditions for the supervision of those providers are laid down in the
provisions of the Regulation.
The EU adopt measures for the implementation of the Regulation:
Commission Implementing Decision (EU) 2015/1505 of 8 September 2015 laying down technical specifications and formats relating to trusted lists pursuant to Article 22(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance)
Commission Implementing Decision (EU) 2015/1506 of 8 September 2015 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies pursuant to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance)
Commission Implementing Regulation (EU) 2015/1501 of 8 September 2015 on the interoperability framework pursuant to Article 12(8) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance)
Commission Implementing Regulation (EU) 2015/1502 of 8 September 2015 on setting out minimum technical specifications and procedures for assurance levels for electronic identification means pursuant to Article 8(3) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance)
Commission Implementing Regulation (EU) 2015/806 of 22 May 2015 laying down specifications relating to the form of the EU trust mark for qualified trust services (Text with EEA relevance)
Commission Implementing Decision (EU) 2015/296 of 24 February 2015 establishing procedural arrangements for cooperation between Member States on electronic identification pursuant to Article 12(7) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market Text with EEA relevance
[1]. OJ EC L 13 of 19 Jan. 2000,
online available at: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31999L0093&from=EN
[2] COM(2006) 120 final, online available at: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52006DC0120&from=EN
[3] See M. Voulon, “European
Union introduces new legal framework for identity management”, online
available at: http://www.idnext.eu/en/home/european-union-introduces-new-legal-framework-for-identity-management/
Τρίτη 22 Σεπτεμβρίου 2015
Το δικαίωμα της διανομής στο κοινό περιλαμβάνει και την προσφορά προστατευόμενων έργων, ακόμα και όταν δεν καταλήγει σε πώληση
Μια ενδιαφέρουσα απόφαση εξέδωσε το ΔικΕΕ στην υπόθεση C‑516/13, Dimensione Direct Sales Srl, Michele Labianca κατά Knoll International SpA, στις 13-5-2015 που αφορούσε το ζήτημα αν η διαφήμιση προστατευόμενων έργων εμπίπτει στο δικαίωμα της διανομής στο κοινό, υπό την έννοια του άρθρου 4 της οδηγίας 2001/29.
Τα πραγματικά περιστατικά της υπόθεσης αυτής είχαν ως εξής:
Η Knoll ανήκει στον όμιλο Knoll του οποίου η μητρική εταιρία, η Knoll Inc., έχει έδρα στην Πενσυλβανία (Ηνωμένες Πολιτείες). Ο όμιλος αυτός κατασκευάζει και πωλεί σε ολόκληρο τον κόσμο έπιπλα αξίας. Η Dimensione είναι εταιρία περιορισμένης ευθύνης διαχειριστής της οποίας είναι ο M. Labianca. Διανέμει στην Ευρώπη με απευθείας πώληση έπιπλα σχεδιασμένα από δημιουργούς και προτείνει προς πώληση έπιπλα στον διαδικτυακό της τόπο. Κατά τα έτη 2005 και 2006, η Dimensione διαφήμισε την πώληση επίπλων που αντιστοιχούν σε προστατευόμενες δημιουργίες στον διαδικτυακό της τόπο, ο οποίος είναι διαθέσιμος στη γερμανική γλώσσα, σε διάφορες γερμανικές εφημερίδες και περιοδικά καθώς και σε διαφημιστικό φυλλάδιο το οποίο ανέφερε: «Αγοράστε τα έπιπλά σας στην Ιταλία και πληρώστε μόνο κατά την ανάληψη ή κατά την παράδοση από εξουσιοδοτημένο για την είσπραξη μεταφορέα (υπηρεσία παρεχόμενη κατόπιν αιτήσεώς σας)». Εκτιμώντας ότι τα προτεινόμενα από την Dimensione προς πώληση έπιπλα ήσαν απομιμήσεις ή παρομοιώσεις προστατευόμενων δημιουργιών, η Knoll ενήγαγε την Dimensione και τον M. Labianca ενώπιον του Landgericht Hamburg (περιφερειακού δικαστηρίου του Αμβούργου) ζητώντας να τους απαγορευθεί να προσφέρουν προς πώληση τα έπιπλα αυτά στη Γερμανία. Προς στήριξη της αγωγής της, η Knoll ισχυρίστηκε ότι τα εν λόγω έπιπλα προστατεύονται από το δικαίωμα του δημιουργού ως έργα εφαρμοσμένης τέχνης. Το γερμανικό Ακυρωτικό (Bundesgerichtshof) επισήμανε ότι η ευδοκίμηση του εν λόγω ενδίκου μέσου εξαρτάται από την ερμηνεία του άρθρου 4, παράγραφος 1, της οδηγίας 2001/29 και ιδίως από το αν το δικαίωμα διανομής που προβλέπει η διάταξη αυτή περιλαμβάνει το δικαίωμα προσφοράς προς πώληση στο κοινό του πρωτοτύπου ή αντιγράφου ενός προστατευόμενου έργου.
Συνακόλουθα, το Γερμανικό Ακυρωτικό υπέβαλε στο Δικαστήριο τα ακόλουθα ερωτήματα:
1) Περιλαμβάνει το δικαίωμα διανομής, κατά το άρθρο 4, παράγραφος 1, της οδηγίας 2001/29, το δικαίωμα προσφοράς, προς πώληση στο κοινό, του πρωτοτύπου ή αντιγράφου ενός έργου;
Σε περίπτωση καταφατικής απαντήσεως στο πρώτο ερώτημα:
2) Περιλαμβάνει το δικαίωμα προσφοράς, προς πώληση στο κοινό, του πρωτοτύπου ή αντιγράφου ενός έργου μόνο προτάσεις για τη σύναψη συμβάσεως ή και διαφημιστικές πράξεις;
3) Υπάρχει προσβολή του δικαιώματος διανομής αν η προσφορά δεν κατέληξε στην απόκτηση του πρωτοτύπου ή αντιγράφου ενός έργου;»
Το Δικαστήριο απάντησε θετικά σε όλα τα ερωτήματα. Ειδικότερα, δέχθηκε ότι μπορεί να συντρέχει προσβολή του αποκλειστικού δικαιώματος διανομής, προβλεπόμενου στο άρθρο 4, παράγραφος 1, της οδηγίας 2001/29, όταν έμπορος, ο οποίος δεν είναι κάτοχος δικαιώματος του δημιουργού, πωλεί προστατευόμενα έργα ή αντίγραφά τους, μέσω του διαδικτυακού του τόπου, με ταχυδρομικές διαφημίσεις ή με δημοσιεύσεις στον Τύπο, σε καταναλωτές εγκατεστημένους στο έδαφος κράτους μέλους εντός του οποίου τα εν λόγω έργα προστατεύονται για να τους παροτρύνει να τα αποκτήσουν (σκέψη αρ. 31). Από το συμπέρασμα αυτό προκύπτει ότι, για να διαπιστωθεί προσβολή του δικαιώματος διανομής, δεν ασκεί επιρροή το γεγονός ότι τη διαφήμιση αυτή δεν επακολούθησε μεταβίβαση της κυριότητας του προστατευόμενου έργου ή αντιγράφου του στον αποκτώντα (σκ. αρ. 32).
Το Δικαστήριο απέκλινε από την προηγούμενη νομολογία του και συγκεκριμένα, έκρινε διαφορετικά από ό,τι στην απόφαση Peek & Cloppenburg (C‑456/06, EU:C:2008:232, σκέψεις 33, 36 και 41), η οποία αφορούσε τη δυνατότητα χρήσεως των αντιγράφων προστατευόμενου έργου, ότι η έννοια της διανομής στο κοινό προστατευόμενου έργου ή αντιγράφου του, κατά το άρθρο 4 παρ. 1 της οδηγίας 2001/29, συνεπάγεται μεταβίβαση της κυριότητας του αντικειμένου αυτού, μπορεί εντούτοις να διαπιστωθεί προσβολή του δικαιώματος διανομής εφόσον προσφέρεται, μέσω στοχευμένης διαφημίσεως, σε καταναλωτές εγκατεστημένους στο έδαφος κράτους μέλους εντός του οποίου το έργο αυτό προστατεύεται, η απόκτηση της κυριότητας του πρωτοτύπου ή αντιγράφου του. Σϋμφωνα με το Δικαστήριο, η ερμηνεία αυτή είναι σύμφωνη με τους σκοπούς της εν λόγω οδηγίας, κατά τις οποίες η εναρμόνιση του δικαιώματος του δημιουργού πρέπει να βασίζεται σ’ ένα υψηλό επίπεδο προστασίας, οι δημιουργοί πρέπει να λαμβάνουν εύλογη αμοιβή για τη χρήση των έργων τους και το σύστημα προστασίας του δικαιώματος του δημιουργού πρέπει να είναι αποτελεσματικό και αυστηρό (βλ. απόφαση Peek & Cloppenburg, C‑456/06, EU:C:2008:232, σκέψη 37).
Κατ' ακολουθία, το ΔικΕΕ έκρινε ότι το άρθρο 4 παρ. 1 της οδηγίας 2001/29 έχει την έννοια ότι παρέχει σε κάτοχο αποκλειστικού δικαιώματος διανομής προστατευόμενου έργου τη δυνατότητα να απαγορεύει την προσφορά πωλήσεως ή στοχευμένη διαφήμιση αφορώσα το πρωτότυπο ή αντίγραφο του έργου αυτού, ακόμα και όταν δεν αποδεικνύεται ότι η εν λόγω διαφήμιση κατέληξε στην απόκτηση του προστατευόμενου έργου από αγοραστή της Ένωσης, καθόσον η διαφήμιση αυτή παροτρύνει τους καταναλωτές κράτους μέλους, εντός του οποίου το έργο αυτό προστατεύεται από το δικαίωμα του δημιουργού, να το αποκτήσουν.
Το συμπέρασμα από την απόφαση αυτή του ΔικΕΕ είναι τα όρια του δικαιώματος διανομής είναι ευρεία και φτάνουν να εκτείνονται και σε πράξεις που καλύπτονταν μέχρι πρότινος από το δικαίωμα επιγραμμικής διάθεσης (άρθρο 3 της οδηγίας 2001/29).
Βλ. σχετικά: Distribution right encompasses advertisement for sale of copyright works, says the CJEU
Πέμπτη 10 Σεπτεμβρίου 2015
The Legal framework for E-Commerce in the EU
Ioannis Iglezakis
Associate Professor, Aristotle University, Faculty of law
Important Aspects of the EU acquis on E-Commerce
The E-Commerce
Directive (Directive 2000/31/EC), adopted in 20001,
sets up a legal framework for electronic commerce in the European Union, which
aims at providing legal certainty for business and consumers. It establishes
harmonized rules on issues such as the transparency and information
requirements for online service providers, commercial communications, electronic
contracts and limitations of liability of intermediary service providers.
This Directive applies to information
society services, e.g., any
service normally provided for remuneration, at a distance, by electronic means
and at the individual request of a recipient of a service. Examples of such
services include online information services (such as online newspapers),
online selling of products and services (books, e-books, financial services and
travel services), online advertising, professional services (lawyers, doctors,
estate agents), entertainment services and basic intermediary services (access
to the Internet and transmission and hosting of information). These services
include also services provided free of charge to the recipient and funded, for
example, by advertising or sponsorship; this is the case of social networking
sites, such as Facebook, as well as news sites, etc.
An important principle introduced in the
Directive is the Internal Market
clause (Article 3 (1)), which
provides that information society services are subject to the law of the Member
State in which the service provider is established. This is complemented by the
non-discrimination principle (Article 3 (2)), according to which the Member
State in which the information society service is received cannot restrict
incoming services. In addition, the Directive enhances administrative
cooperation between the Member States and the role of self-regulation.
The E-Commerce Directive is supplemented by the
E-Signatures Directive (Directive
1999/93), which lays down the criteria that form the basis for legal
recognition of electronic signatures by focusing on certification services.
These encompass the following:
· common
obligations for certification service providers in order to secure transborder
recognition of signatures and certificates throughout the EU;
· common rules on
liability to help build confidence among users, who rely on the certificates,
and among service providers;
· cooperative
mechanisms to facilitate transborder recognition of signatures and certificates
with third countries.
This Directive was replaced with the Regulation 910/2014 on electronic
identification and trust services for electronic transactions in the internal
market (eIDAS Regulation) adopted
on 23 July 2014. It shall apply from 1 July 2016, with the exception of certain
provisions which will apply in different stages.
The eIDAS Regulation creates a European
internal market for electronic identification and electronic trust services,
which includes electronic signatures, electronic seals, time stamp, and
electronic delivery service and website authentication.
Other EU legislation, which is relevant, is:
· The E-Money Directive (2009/110/EC). The
Directive focuses on modernizing EU rules on electronic money, especially
bringing the regime for electronic money institutions, into line with the
requirements for payment institutions in the Payment Services Directive.
· Directive
2010/45/EU amending Directive 2006/112/EC on the common system of value added tax as regards the
rules on invoicing - This
Directive sets out new VAT rules as regards e-invoicing and removes the
obstacles to the uptake of e-invoicing by creating equal treatment between
paper and e-invoices, while also ensuring that no additional requirements are
imposed on paper invoices. According to the new Article 233 of the Directive,
businesses will be free to send and receive e-invoices providing they maintain
"business controls which create a reliable audit trail between an invoice
and a supply of goods or services" in the same way as is currently done for paper invoices.
· The Information
Society Directive (2001/29/EC on copyright in the information society) - This Directive aims at the
harmonization of certain aspects of copyright and related rights in the
information society, in order to adapt legislation on copyright and related
rights to reflect technological developments in the era of Internet.
· The E-Privacy
Directive (2002/58 as amended by Directive 2009/136) regulating electronic
communications - This Directive
mainly concerns the processing of personal data relating to the delivery of
communications services. It includes provisions on security of electronic
services, confidentiality of communications, unsolicited communications
(spamming), Cookies, etc.
· The Consumer Rights Directive (Directive
2011/83) - This Directive aims at
achieving a real business-to-consumer (B2C) internal market, striking the right
balance between a high level of consumer protection and
the competitiveness of enterprises. It includes, inter alia, provisions on
distance contracts, which apply to e-commerce. The Directive lays down information requirements for
distance contracts, including information about the functionality and
interoperability of digital content. It regulates the right of withdrawal,
including a standard withdrawal form that must be provided by traders and may
be used by consumers to notify the withdrawal from the contract, etc.
It is also notable that in the Digital Single Market Strategy for
Europe, presented by the European Commission in 6.5.20152,
e-commerce is amongst the top priorities of the European Union. In the
Communication it is mentioned that:
“A Digital Single
Market is one in which the free movement of goods, persons, services and
capital is ensured and where individuals and businesses can seamlessly access
and exercise online activities under conditions of fair competition, and a high
level of consumer and personal data protection, irrespective of their
nationality or place of residence. Achieving a Digital Single Market will
ensure that Europe maintains its position as a world leader in the digital
economy, helping European companies to grow globally.”
Ioannis Iglezakis
Associate Professor, Aristotle University, Faculty of law
The E-Commerce Directive (Directive 2000/31/EC), adopted in 20001, sets up a legal framework for electronic commerce in the European Union, which aims at providing legal certainty for business and consumers. It establishes harmonized rules on issues such as the transparency and information requirements for online service providers, commercial communications, electronic contracts and limitations of liability of intermediary service providers.
The EU Commission issued its first report on the
implementation of the Directive in 2003. In this report, several issues are
addressed. These include the following:
1. Internal Market
2. Establishment and
information requirements
3. Commercial
communications
4. Regulated
professions
5. Electronic
contracting
6. Liability of
internet intermediaries
7. Notice and take
down procedures
8. Codes of conduct
and out-of-court dispute settlement
9. National
e-commerce contact points
10.International issues
The Commission's report concludes that the Internal
Market objectives of the Directive have been met and that it has provided a
sound legal framework for information society services in the Internal Market.
The Directive has also led to modernization of existing national legislation,
for example in contract law, to ensure the full validity of online
transactions. In the press release for this report it is mentioned that a
revision of the Directive would be premature. Instead, it is stated that the
Commission will focus on ensuring that the Directive is correctly applied and
on collecting feedback and practical experience from business and consumers
alike.
The EU has commissioned two studies
regarding the application of the E-Commerce Directive, one on the economic
impact of this Directive3 and another on the liability of
Internet intermediaries in 20074.
The first study provides some estimates of the effect
of the Electronic Commerce Directive. Three provisions are highlighted as being
particularly important.
First, it is found
that the harmonized provisions on limited liability have significantly improved
the framework conditions for intermediary service providers. This in turn has
reduced their risks and costs of conducting business. The limited liability
provisions state that the primary suppliers and not the intermediary providers
acting as mere conduits, caches, or hosts of information are liable for online
content. Neither can a conduit of information be automatically held liable for
linking to a website providing information of an illegal nature.
Second, the harmonized
provision allowing for concluding contracts electronically has reduced firm
costs. Prior to the Directive it was uncertain in most Member States whether or
not a contract concluded by electronic means, an e-contract, carried the same
legal status as an off-line contract. After transposition of the Directive,
firms have certainty that an e-contract carries the same legal status as an
off-line contract. E-contracts have not only reduced firm costs because they
are more efficiently handled than offline contracts. For many information
society service providers business processes are carried out online, which
means that an offline contract is a particular imposition on their very
business model reducing firm productivity beyond what may be the case for more
traditional firms.
Third, it is stressed
out that the country of origin principle has reduced legal heterogeneity across
Member States in the areas covered by the Directive. This has reduced search
costs for firms as the need for keeping up to date with foreign legislation has
been reduced.
The second study attaches great importance to notice and take-down procedures.
The e-commerce Directive provides in Art. 14 for an exemption of liability in
case the service provider does not have actual knowledge of illegal activity or
information; however, there is a diverging practice concerning the
implementation of this requirement in national laws of EU member states as
regards the assessment of actual knowledge. While some member states require a
formal procedure and an official notification by authorities or a court
decision, others rely on a ‘notice and take down’ procedures or a common
notification.
The study sees the ‘notice and take
down’ procedures as a potential solution in this regard. In particular, to
balance the competing interests, two extremes should be excluded: mere reliance
upon official notification by authorities on the one hand and assuming actual
simple notification on the other. A focus on official notification may easily
lead to a de facto exemption from liability of providers
even if they are aware of illicit activities going on. Simple notification, on
the other hand, would invite anyone to inform providers of content or
activities, regardless of the reliability, of the quality and of the
correctness of the notification. Thus, there is a high risk of abuse. It is,
therefore, suggested that a potential solution could be the adoption of a
modified notice and take-down-procedure combined with a counter-notice and
put-back option.
Under such a system, it would be up to the
right holder to notify the provider about the infringement. Having received the
notification, the provider would be required to act expeditiously in
provisionally withdrawing the content and informing the customer about the
notification. In order, however, to avoid any liability these procedures should
be supported by legal provisions to ensure that the provider does not incur any
liability or responsibility as a result of sending a notification to its
customers. The customer should make the choice whether he should send the
provider a counter-notice. After receiving a counter-notice, the provider would
be obliged to put the content again online. If the provider does not receive an
answer from the right holder indicating that he will file an action against the
client, the provider is obliged to put the content again online. If, on the
other hand, the right holder files an action against the client, the provider
is obliged to take down the content until the final decision of the court. To
avoid any abuse of this procedure, it is suggested that rapid preliminary
review proceedings are introduced.
Furthermore, the notification could follow
certain rules, e.g., require the name the other details of the person tendering
a notice and identifying specifically the incriminating content. Providers
could be obliged to publish corresponding templates on their websites. An
exception to such schemes should be applied where the public interest is
concerned, i.e., where the illegality of some activities or content is easily
assessed.
Establishment of Internet Service
Providers (ISPs)
Article 4(1) of the E-Commerce Directive prohibits EU
Member States from making the taking up and pursuit of the activity of an
information society service provider subject to prior authorization (or any
other requirement having equivalent effect). As a result, no authorization
scheme has been introduced in the EU Member States with the exception of
general authorization, e.g. for pharmacies, etc.
The Implementation Report of 2003
indicates that those EU Member States which had considered introducing such
schemes in relation to all or some information society services refrained from
doing so and in some cases abolished existing authorization requirements. This
has ensured that establishing as an information society service provider in a
Member State is easy and not subject to bureaucratic
hurdles.
In the absence of controls by state
authorities, transparency and information requirements are laid down in Article
5 of the E-Commerce. It is notable that these provisions are complemented by
the provisions of the Consumer Rights Directive (2011/83/EU), which provides
extensive information requirements in Article 6 and in other provisions.
Monitoring of ISPs
Furthermore, the supervision of providers of
e-commerce services can be seen as a restriction of freedom of entrepreneurship
that can be justified by general, non-economic considerations, such as public
security, public policy, etc. In the EU, this is recognized in the Article 36
TFEU, which allows Member States to take measures having an effect equivalent
to quantitative restrictions when these are justified by general, non-economic
considerations (e.g. public morality, public policy or public security).
However, such exceptions to the general principle must be interpreted strictly,
and national measures cannot constitute a means of arbitrary discrimination or
disguised restriction on trade between Member States. And also, the measures
must have a direct effect on the public interest to be protected, and must not
go beyond the necessary level, that is, they should respect the principle of
proportionality.
One such measure could be the registration
of companies which use the Internet to sell goods and/or services, with state
authorities. In Greece, for example, the Law on consumer protection (law No
2251/1994) included previously a provision on the obligation of suppliers which
conclude distance contracts to register in a special register of the Ministry of Development. This
registration was a necessary prerequisite for the authorization of the required
tax books and records by the competent public financial authority and was
proved with a certification issued by the competent department of the Ministry
of Development. The Minister of Development had the power to refuse
registration, due to significant reasons, or proceed, apart from imposing
penalties, to the temporary or permanent erasure of the supplier from the
register, if the stipulations of this law have been violated by the supplier.
Nevertheless, this provision was amended
with Law No 4242 of 2014, which abolished such obligation and introduced the
sole obligation of suppliers of goods and services that conclude distance
contracts to register with the General Electronic Commercial Registry
(G.E.MI.).5 Due to the fact
that all commercial entities (natural and legal persons, alike) are required to
register with GEMI, any commercial entity selling goods or services at a
distance are under such obligation, anyway. So, this is not specific for
e-commerce agents.
Thus, if there is a general system of
registration of commercial entities, there is no need to introduce a specific
system for the registration of those who engage in sales over the Internet.
As regards the protection of the online
consumers, far more important than an authorization regime for ISPs is to allow
consumer to report complaints about online transactions, and seek relief. To
make complaint handling more efficient, online platforms are being built. On
international level, one could mention www.econsumer.gov, a
portal to report complaints, which is an initiative of the International
Consumer Protection and Enforcement Network (ICPEN). In the EU, the Regulation
No 524/2013 on online dispute resolution (ODR) provides for a European ODR
platform for the out-of-court resolution of disputes between consumers and
traders online. The regulation applies only to contractual obligations stemming
from online sales or service contracts between a consumer resident in the Union
and a trader established in the Union. The Regulation shall apply from 9
January 2016; thus, the online platform is not yet operational.
Another system of registration exists with
regard to personal data. Article 18 of the Data Protection Directive (Directive
95/46/EC) provides for the obligation to notify the data supervisory authority.
This is deemed as a bureaucratic requirement, which will have to be abolished
in the EU, once the Draft Regulation on Data Protection is enacted6.
In more particular, Article 28 of the Draft Regulation introduces the
obligation for controllers and processors to maintain documentation of the
processing operations under their responsibility, instead of a general
notification to the supervisory authority required by Articles 18(1) and 19 of
the Data Protection Directive. The reason for this amendment of the EU law is
that the obligation of notification produces administrative and financial
burdens, whereas it did not in all cases contribute to improving the protection
of personal data. According to the preamble of the Draft regulation, such
indiscriminate general notification obligation should be abolished, and
replaced by effective procedures and mechanism which focus instead on those
processing operations which are likely to present specific risks to the rights
and freedoms of data subjects by virtue of their nature, their scope or their
purposes.7
The E-Commerce Directive provides in
Article 19 for the cooperation between Member States and the appointment of
national contact points. The aim of establishing these contact points is to
ensure that consumers and business have access to general information on e-commerce
issues relevant to the application of the Directive and details of authorities
and other bodies providing further information and assistance. A list of these
contact points and contact details are available on the e-commerce website of
the Internal Market Directorate General.8 Administrative cooperation between
Member States can also be facilitated through the use of the Internet Market
Information System (IMI system)9,
which is planned to extend its ambit to e-commerce; an extension is also
planned as regards the Consumer Protection Cooperation network (CPC)10.11
The CPC network annually identifies common
enforcement priorities and carries out specific activities, for example, Sweeps,
i.e. systematic checks carried out simultaneously in different Member
States to investigate breaches of consumer protection law in
the particular on-line sector. The 2013 sweeps targeted websites offering
travel services. In 2013-2014 the
CPC network, launched a new coordinated enforcement activity resulting in a
common enforcement approach on the issue of in-app purchases.12 It is notable that the Member States
together with the CPC reached a common position as regards online games.13
Dealing with Illegal content on the
Internet
The E-Commerce Directive establish the principle that
Internet intermediary service providers should not be liable for the content
that they transmit, store or host, as long as they act in a strictly passive manner.
However, when illegal content is found, so e.g., terrorism/child pornography or
content violating copyright, intermediaries should take action to remove it,
once they are notified of its existence. This entails certain problems, since
the disabling of access and the removal of illegal content can be slow and
complicate, whereas it is also possible that content which is legal is taken
down erroneously.
It should be noted that it is not easy to
define the limits on what Internet intermediaries can do with the content they
transmit, store or host in order not to lose the exemption from liability
established in the E-Commerce Directive.
An enhancement of Internet providers’
liability for hosting information is signaled by the decisions of the European Court of Human Rights (ECHR)
in the Delfi AS decision (no.64569/09). In this case,
the Estonian courts had found that Delfi AS, a news portal in Estonia, should
have prevented defamatory comments from being published in the portal’s
comments section, even though it had taken down the offensive comments as soon
as it had been notified about them. Delfi AS appealed before the ECHR, but the
Court with two decisions held that the national courts’ findings were a
justified and proportionate restriction on Delfi’s right to freedom of
expression. This would mean that web editors could be forced to remove
defamatory comments as soon as they appear, rather than wait for 'take-down'
requests as they do now. In the author’s view, this ruling only affects the
legal regime of online editors and cannot be applied to other categories of
online providers.
To deal with the issue of battling against
illegal content on the Internet, it seems necessary to introduce rules that
will provide for procedures for removing illegal content while avoiding legal
content to be deleted, in order to respect the right to freedom of expression
and information, as well as the economic freedom and entrepreneurial activity.
Such rules are characterized as ‘notice-and-take-down’ procedures, which were
discussed above.
Cooperation with state authorities
ISPs and in particular, access and host providers may
need to cooperate with state authorities and provide information regarding
users of their services and/or block Internet content. Such measures, however,
may infringe upon fundamental rights and in particular, the right to freedom of
information, the right to economic freedom and the right to data protection as
regards personal data of users of ISPs’ services.
The European Court of Justice (ECJ) dealt already with such issues. In
particular, in the case C-275/06
(Promusicae) it considered the
relationship between the protection of intellectual property rights and data
protection. In that case, Promusicae, a non-profit-making organisation of
producers and publishers of musical and audiovisual recordings, brought an
action against Telefónica, which operates inter alia in the field of the
provision of Internet access services. The purpose of the action was to obtain
the disclosure of personal data relating to use of the internet by means of
connections provided by Telefónica with a view to bringing civil judicial
proceedings against users who, via the KaZaA file exchange programme, were
allegedly improperly accessing phonograms in which members of Promusicae hold
the exploitation rights. The Spanish court referred to the ECJ a question on
the compatibility between the various EU provisions applicable and the Spanish
law on, inter alia, information society services which provided that the
personal data of internet users must be retained for twelve months and should
be used, if necessary, solely in the context of criminal judicial proceedings.
The ECJ held that it is necessary to
reconcile the requirements of the protection of different fundamental rights in
the case, namely the right to respect for private life on the one hand and the
right to the protection of personal data and an effective remedy on the other
hand. The Court gave the referring court the task of weighing up the rights in
this specific case and reconciling those conflicting rights, on the basis of
the provisions contained in Directive 2002/58/EC, as well as in Directives
2000/31/EC, 2001/29/EC and 2004/48/EC, which concern information society
services, the harmonisation of copyright and the enforcement of intellectual
property rights respectively.
The ruling of the European Court in the
case of Promusicae v. Telefonica stated that EU Member States are not under an
obligation to impose an obligation on ISPs to disclose their subscribers’
personal data in civil copyright cases under their national law, but they are
not precluded from so doing. If they choose to include such an obligation in
national law, this law should be proportionate and find a fair balance between
the right to respect for privacy and the right to property. The need to protect
the privacy of users of electronic communication services is thereby expressly
recognized. Thus, a Member State may introduce procedures that provide for
effective enforcement of copyright, but these provisions must respect the data
protection rights of individuals.
Similarly, in the case C-557/07 (LSG-Gesellschaft zur Wahrnehmung von
Leistungsschutzrechten GmbH v Tele2 Telecommunication GmbH LSG), the
Court of Justice held that EU law does not preclude Member States from imposing
an obligation to disclose personal data relating to Internet traffic to private
third parties, to enable them to bring civil proceedings for copyright
infringements, and also that access providers are ‘intermediaries’ within the
meaning of Articles 5(1)(a) and 8(3) of Directive 2001/29.
Furthermore, in the case C-314/12 (UPC Telekabel), the ECJ
found that an ISP may be ordered to block its customers’ access to a
copyright-infringing website, after an injunction is filed by a right-holder.
However, such an injunction and its enforcement must ensure a fair balance
between the fundamental rights concerned. In particular, the Court held that,
copyrights and related rights primarily enter into conflict with the freedom to
conduct a business, which economic agents enjoy, and with the freedom of
information of internet users. Where several fundamental rights are at issue,
Member States must ensure that they rely on an interpretation of EU law and
their national law which allows a fair balance to be struck between those
fundamental rights. With regard, more specifically, to the ISP’s freedom to
conduct a business, the Court considered that an injunction does not seem to
infringe the very substance of that right, given that, first, it leaves its
addressee to determine the specific measures to be taken in order to achieve the
result sought, with the result that he can choose to put in place measures
which are best adapted to the resources and abilities available to him and
which are compatible with the other obligations and challenges which he will
encounter in the exercise of his activity, and that, secondly, it allows him to
avoid liability by proving that he has taken all reasonable measures.
Consequently, the Court held that the
fundamental rights concerned do not preclude such an injunction, on two
conditions: (i) that the measures taken by the ISP do not unnecessarily deprive
users of the possibility of lawfully accessing the information available and
(ii) that those measures have the effect of preventing unauthorized access to
the protected subject-matter or, at least, of making it difficult to achieve
and of seriously discouraging users from accessing the subject-matter that has
been made available to them in breach of the intellectual property right. The
Court stated that Internet users and also, indeed, the ISP must be able to
assert their rights before the court. It is a matter for the national
authorities and courts to check whether those conditions are satisfied.
The jurisprudence of the ECJ in the above
cases should be taken into account also where the actions of state authorities
conflict with fundamental rights.
VAT on e-commerce services
In the EU of the 28 Member states, having to deal with
many different national systems represents a real obstacle for companies trying
to trade cross-border both on and offline. Since 1 January 2015, the
"place of supply" rules have entered into force, i.e. Regulation No
1042/2013 amending Regulation No 282/2011 as regards the place of supply of
services14.
Accordingly, VAT on all telecommunications, broadcasting and electronic
services, is levied where the customer is based, rather than where the supplier
is located. In parallel, an electronic registration and payment system has been
implemented in the EU to reduce the costs and administrative burdens for
businesses concerned, which should be extended to tangible goods ordered online
both within and outside the EU. Instead of having to declare and pay VAT to
each individual Member State where their customers are based, businesses would
be able to make a single declaration and payment in their own Member State.
Regarding the online ordering of goods
from a third country, there is a small consignment import exemption allowing
shipment free of VAT to EU private customers, which is beneficial to suppliers,
as it gives them a competitive advantage over EU suppliers and market
distortions have already been signalled in various Member States. According to
the EU Communication on the Digital Single Market Strategy, such an exception
would no longer be needed if VAT were to be collected through a single and
simplified electronic registration and payment mechanism.
FOOTNOTES:
2 OJ L 178,
17/7/2000, pp. 1-16, online available at: http://ec.europa.eu/priorities/digital-single-market/docs/dsm-communication_en.pdf
3 EU Commission, Study on the
Economic Impact of the Electronic Commerce Directive, 7 September 2007, http://ec.europa.eu/internal_market/e-commerce/docs/study/ecd/%20final%20report_070907.pdf
4 Study on the
Liability of Internet Intermediaries, November 12th, 2007,http://ec.europa.eu/internal_market/e-commerce/docs/study/liability/final_report_en.pdf
7 See Draft
Regulation, nr. 70.
11 See Communication
of 11.1.2012, pp. 5, 7.
14 See, e.g., http://www2.deloitte.com/global/en/pages/tax/articles/eu-2015-place-of-supply-changes-overview-of-new-rules.html
Εγγραφή σε:
Αναρτήσεις (Atom)