MICHAEL GEIST
Thursday, May 18, 2000
Given the global nature of the Internet, cyberlaw developments worldwide can have a big impact on us in Canada. Although Canadian coverage of Internet and e-commerce law tends to focus on events in North America, the European Union has been home to noteworthy legal developments in recent months that will affect how Canadian businesses operate on-line.
The best-known EU e-commerce policy initiative is the Data Privacy directive. In effect since 1998, the directive includes a controversial provision prohibiting the transfer of private data between an EU member state and a third country that does not employ adequate privacy protections.
This provision effectively exports EU privacy law around the world as countries scramble to meet the adequacy standard and avoid potentially damaging disputes over data transfers. In fact, Canada's new e-commerce privacy law is perceived by many to be a direct response to the EU directive.
Canadian officials are confident its passage will ensure that Canada does not become a target of European data privacy officials.
The United States has remained steadfast in its opposition to the EU approach. It has instead opted for a negotiated solution known as a "safe harbour" that attempts to address European concerns, but maintain the U.S. self-regulatory approach to privacy.
Following months of contentious negotiations, the parties recently arrived at an agreement that will ensure U.S. companies don't face data transfer restrictions as long as they establish certain privacy protections. Although the agreement has faced some severe criticism from both privacy advocates and business interests, the EU is expected to approve the deal at the end of this month.
A more recent, but equally important, policy initiative -- the EU Directive on Electronic Commerce -- was quietly approved by the European Parliament on May 3, but received scant attention in the North American press.
One of the world's most ambitious e-commerce legal initiatives, it aims to enhance e-commerce throughout Europe by addressing a wide range of concerns, including Internet service provider (ISP) liability, spam, on-line contracting, and copyright issues.
ISP liability has become a particularly pressing issue in Europe in recent months in light of court decisions in Britain and Germany that suggest ISPs may be held liable for content hosted on their systems. The directive addresses this issue by exempting ISPs from liability, provided the ISP functions strictly as a conduit by not initiating or altering the transmission in question.
Unlike Canada, which last year concluded that specific legislation targeting spam was unnecessary, the directive adopts new measures to deal with the problem of e-mail boxes clogged with unwanted commercial messages. EU members will now be required to ensure that all spam messages are clearly identified as such in the subject header and that opt-out registers are maintained and respected.
On-line contracting is also addressed in the new EU directive. Relying on an international standard, the directive says all EU member states must ensure that their legal systems allow contracts to be concluded on-line by giving consumers access to contractual terms and conditions.
In light of the copyright battles between the movie and music industries and dot-com upstarts such as iCraveTV and Napster, the issue of intellectual property rights in the on-line environment has become particularly heated lately. This directive also addresses several of these issues by making it clear that ISPs have no obligation to monitor the activity on their systems and have the right to make temporary copies on their systems (stored in the so-called cache), to speed up delivery of Internet content.
Notwithstanding the broad scope of this latest directive, the EU has pledged even more activity by year-end. Comprehensive directives on digital copyright protection, electronic money and the sale of on-line financial services are currently in the works.
The European approach -- developing a comprehensive strategy for emerging cyberlaw issues -- is in stark contrast to the self-regulatory model espoused by the U.S.
Canada finds itself straddling the fence, with new privacy and e-commerce laws either gradually being enacted or slowly working their way through legislatures across the country.
Since several of the issues addressed by the European initiatives have yet to come before Canadian policy makers, we may find ourselves looking to the European model with increasing frequency.
At a minimum, Canadian e-businesses searching for global markets will need to familiarize themselves with this new legal framework, since it could very well emerge as the international standard in the near future.
Michael Geist is a law professor at the University of Ottawa Faculty of Law specializing in Internet and e-commerce law. He can be reached at mgeist@uottawa.ca and on the Web at http://www.lawbytes.com.
