Information Technology Law, Electronic Commerce, Illegal Use of the Internet & Acceptable Usage Policies for Internet and Email-the Essentials

Information technology law covers a very diverse range of topics for businesses and consumers alike in Ireland.

It ranges from data protection to electronic commerce to illegal use of the internet to acceptable usage policies for employees’ use of the internet and email in the workplace.

This article attempts to provide an overview of these areas but do bear in mind that it can only be a brief overview.

However, whether you are a business or consumer or employee hopefully it will point up areas of potential breach of rights and/or obligations so that you can avoid them or seek redress where appropriate.

Electronic Commerce

The Electronic Commerce Regulations 2003

These regulations implement an EU directive which covers the whole area of electronic commerce and the provision of services and goods online.

A key feature is that once a provider of these goods or services is established in a member state of the EU he is entitled to provide his goods/services into any other member state. Nevertheless in Ireland our common law rules regarding the formation of contracts will continue to apply.

Country of origin principle

This states that providers of goods/services will only have to comply with the rules of the country in which those service providers are established.

Information before contract

One of the principle effects of the Regulations is the list of information which must be provided by businesses operating online. This list includes

• The name of the business

• The address where established

• Details of the business including email

• Details of how people can elect not to receive unsolicited commercial communications

• The trade register applicable to the business, if the business is registered on a trade register

• Any supervisory/regulatory authority governing the industry

• Vat no. of business

• Prices must be shown clearly and unambiguously

Internet law has a huge impact on internet marketing and the various laws surrounding how we communicate by email and other electronic forms in our marketing efforts.

Rules re emails/direct marketing

All commercial communication should be clearly identified as such

1. The sender should be clearly identified
2. Details about how the recipient can register their choice re unsolicited communication should be provided
3. Promotional offers should be clearly identifiable as such
4. Competitions and/or games should have their rules of participation clearly accessible

Internet law also requires that other information and the steps taken to communicate are done within certain boundaries….

Other information required re electronic contracts

• The steps needed to be taken to conclude the contract

• The means for correcting input errors before placing the order

• Whether the concluded contract will be filed by the service provider

• However this does not apply when the contracts are concluded exclusively by email.

Procedures to be followed when contracting online with consumers

When the order is placed by the consumer the supplier should acknowledge it’s receipt without delay by electronic means.

The order and acknowledgment are deemed to have been received when the party to whom it is addressed is able to access it. It is not a defence to refuse to open email when you know it contains acceptance of an offer for example.

European Communities (distance contracts) 2001

This is of enormous significance for any business which provides goods/services by means of distance communication which includes selling on the internet, digital tv, mail order, telephone, tv, radio and newspapers and magazines.

This legislation provides most significantly for a cooling off period allowing the consumer the opportunity to cancel the contract.

These regulations do not apply to

• Auctions

• Vending machines

• Contracts in connection with property.

The distance communication must be the only method of communication with the consumer for these regulations to apply-if a face to face meeting was involved then the regulations do not apply.

A contract will not be enforceable against the consumer unless all of the information outlined above in the Electronic Commerce Regulations 2003 is provided.

In addition details must be provided to the consumer of

• The main characteristics of the goods/services

• Price

• Delivery costs if any

• Arrangements for payment, delivery

• The right of cancellation

• The period for which the price remains valid.

A distance contract will not be enforceable against a consumer unless the consumer has been provided with a written confirmation of the information outlined above.

Written confirmation must be provided during the performance of the contract.

Cooling off period

The consumer has a right to a cooling off period of 7 days during which he can cancel without giving a reason.

If the confirmation obligations have not been complied with then the cooling off period is extended by up to 3 months.

However the consumer’s right to cancel does not apply..

• For services if performance has already commenced with the consumer’s agreement

• Goods/services which are subject to change in the financial market

• For perishable or customised goods

• For newpapers, magazines and periodicals

• For audio or video recordings or computer software which was unsealed

If the consumer exercises his right to cancel during the cooling off period then he is entitled to a reimbursement even if the condition of the product is perfect. This is unique in consumer legislation.

The supplier must execute performance of the contract within 30 days and inertia selling is prohibited.

Inertia selling is a demand for an unsolicited product or service.

A person who fails to comply with these regulations will be guilty of an offence and can be fined up to €3,000

These regulations are obviously of enormous importance to internet sellers and must also be read in conjunction with other consumer protection legislation which is covered in this website including sale of goods and supply of services legislation, misleading advertising legislation, unfair contracts and defective products legislation.

Liability of Internet Service Providers

Internet law also lays down rules in respect of internet service providers.

An ISP is not liable for the information it transmits where it is merely acting as a conduit for such information (But the ISP must be passive in this regard)

ISPs are also excluded from liability regarding hosting of websites when the information is provided by third parties. However the ISP will not be excluded from liability when they know that the information being hosted concerns unlawful activities.

ISPs are also exempt from being sued re breach of copyright where they cache information which is copyrighted.

Defamation

The Electronic Commerce Act 2000 makes it clear that the normal rules of defamation apply to information transmitted online and published on websites. However they may have a defence if they are unaware that the material published is defamatory; once on notice of the defamation though they will have no defence.

For this reason it is prudent for website owners to utilise well drafted limitation and exclusion of liability clauses and incorporate them into their standard terms and conditions.

Child pornography

The main act dealing with this issue is The Child Trafficking and Pornography Act, 1998 (amended in 2004).

This act is very broad and wide ranging and even covers ‘depictions of children’ with no need to prove that the images are actually children.

For this reason website owners must make provisions in their terms and conditions to ensure that contributors to blogs, chat rooms etc are aware of this and should be forced to scroll down through the terms and conditions and signal acceptance before being allowed to post comments, material etc.

Illegal use of the internet

1) Hacking-difficult to prosecute but The Criminal Damage Act 1991 makes provision for this.

2) The Criminal Damage Act 1991 covers damage to property and property includes data; damage can include altering, corrupting and erasing data.

3) It also covers the offence of threatening to damage property so even an unsuccessful hacker can be charged under this section.

4) Another section covers the situation where a person has in their possession the means to hack-again they may be charged under this section even though they have caused no damage to data.

5) The act also includes an offence of unauthorised access and this offence relates only to computer crime.

The act also provides very extensive powers to search and arrest under this legislation.

The Criminal Justice (Theft and Fraud Offences) Act 2001 can also be used to prosecute as it provides that it is an offence to use a computer to make a gain or cause a loss to another. This is an example of our ordinary legislation being amended to accommodate the reality of internet law in the 20th century.

Harvesting

This is the operation of collecting email addresses for the purposes of spamming. This clearly is in breach of the Data Protection act 1988 and 2003.

If the data harvested is not personal data it is conceivable that the harvesting may be an offence under the Criminal Damage Act, 1991.

Other offences which may occur include Framing, trade mark infringements when using meta tags, linking to other sites which may breach copyright of the site to which you link. If in doubt consult your solicitor.

Electronic Commerce Act, 2000

This law will not apply to the sale of land or wills which must still be evidenced in writing. This act makes a distinction between electronic signatures and advanced electronic signatures.

This act also recognises that electronic communications, signatures and contracts cannot be denied legal effect simply because they are in this form. However the parties must consent to the information being provided in electronic form for it to have full legal recognition.

Electronic signature

This can include your name typed at the end of an email or a scanned version of a handwritten signature. Generally this type of signature has the same effect as a hand written signature.

Advanced electronic signature

This is uniquely linked to the signatory, created by means under the sole control of the signatory and linked to the data in such a way that any subsequent change of the data is detectable.

Managing employess access to email and internet

Internet law also plays a role in how we manage our employee’s access to internet and email. And there is a tension between internet law and a person’s human rights, it has been held in the UK.

Employment law

You as an employer can face difficulties when it comes to the use of the internet and email by your employees. A range of problems can arise such as

1) employees abusing companies email for personal gain
2) emailing confidential information out of the organisation
3) employees viewing unsuitable content and making unauthorised use of the company’s computer system.

You as an employer can face a tough balancing act between allowing employees reasonable access to email and internet and inappropriate use. emails sent by employees can often cause offence and possibly result in legal action against you by the recipient or offended person.

The commercial reality for you as an employer is that you can not afford to ban employees use completely and it can be useful and efficient to let employees do their personal banking online for example.

The Employment Equality Act defines sexual harassment very widely and because an employer is liable for acts done by it’s employees in the course of their work it can create difficulties for you as an employer and perhaps legal action by an aggrieved party if your employees send emails which sexually harass or bully.

There is also the possibility of a recipient of an email receiving an email that he considers blasphemous.
This too is covered under the Employment Equality legislation and could be considered to be discrimination.

Acceptable Usage Policy

For these reasons you need to have an acceptable usage policy for your employees when it comes to their use of the internet and email.

If you accept that the reality of the situation nowadays is that you will not prevent your employees use of the internet then your Acceptable Usage Policy should cover issues such as to what extent email usage can take place for private purposes…..

• Can you as an employer access and intercept and review all messages which are sent and received on the computer system?

• Is internet surfing prohibited?

• Are outgoing emails on behalf of the company vetted be senior staff?

Because that email could bind your company contractually.

• Have you a policy for the opening of external emails?….Because they can contain harmful viruses which can threaten your computer system.

• Have you advised your staff about the possibility of breaching somebody elses copyright by retransmitting or copying their documents or software?

• Are your employees informed that the downloading of obscene or pornographic material can be a criminal offence?

• Will your acceptable usage policy set out the procedures and penalties for breach of your policy?

• If you decide to monitor employees usage is it justifiable and not excessive?

Because if it is over the top you could be held in breach of your employee’s human rights as happened in a 2007 case Copland v United Kingdom.
In this case the European Court of Human Rights held that a college had violated an employee’s human rights by the way in which it monitored her use of the telephone.

It has been held by the courts that phone calls from business premises have rights of privacy.

The important point about your acceptable usage policy is that you have the consent of your employees.

In Ireland the Data protection commissioner is of the view that it is necessary to get the express(in writing) consent of your employees if you wish to monitor their emails.

It is worth remembering that your company’s electronically stored information can be used in evidence in legal proceedings.

And remember that just because you have deleted the files or emails does not actually mean that they do not exist…..Because they can be dragged back up from your computer by computer experts.

You need to accept that without an acceptable usage policy and a prior written warning it is unlikely that you can dismiss an employee for unauthorised usage of your computer.

But a possible exception to this general rule is the use of the computer to download pornography…….especially Child porn.
The Child Trafficking and Pornography Act 1998 contains such severe penalties that if you as an employer are aware that this is happening you should refer the matter to the Gardai.

Conclusion

You should consider drawing up an acceptable usage policy for your employees.

The balancing of your rights as an employer with the employees rights as human beings needs to be carried out by a suitably qualified legal professional.

Related topics that may also concern you include data protection law in Ireland and having an acceptable usage policy for employees’ use of the internet and email .

You might also be interested in

• the Facebook traveler case
• domain name law and disputes.

Learn more about small business law in Ireland here.