Implementation of E-Commerce Directive 2000/31
Printed in Euromoney - Telecoms, Media & Technology Finance Review 2004
According to a recent survey published in the Italian financial daily Il Sole 24 Ore, while practically all Italian businesses possess an internet connection, only about ten percent actually use the internet as an instrument for sales of products and services. While the reasons for this may vary, one important factor is certainly the general perception that the internet is an unregulated and unsecured medium. This sense of a lack of adequate security for the on-line transmission of personal data and, more importantly, credit card details leads the Italian consumer to approach e-commerce with a certain amount of scepticism.
On 28 March 2003, the Italian Parliament passed Legislative Decree n. 70 (“D.Lgs. 70/2003” or “Decree”) implementing European Directive 2000/31 concerning information society services, in particular e-commerce. With this Decree, the Italian Government proposes to “encourage the development of a knowledge based economy and the modernisation of markets through new types of commerce.” One of the principle goals of the Decree is to provide transparent procedures for the negotiation and conclusion of on-line contracts in order to increase consumer confidence by guaranteeing security, reliability of on-line communications, the integrity of documents and a rapid system of extrajudicial resolution of disputes.
In general terms, D.Lgs. 70/2003 implements the language of Directive 2000/31 almost verbatim, with a few minor changes. In practice, D.Lgs. 70/2003 merely adds additional rules to an already complex series of Italian commercial norms without introducing any significant novelty to the field of e-commerce. This has led to quite a bit of criticism on the part of Italian legal commentators, as well as creating additional confusion concerning the possible liabilities of service providers.
Overview of D.Lgs. 70/2003
Article 1 sets out the scope of the Decree as the promotion of the free movement of information society services, including e-commerce, followed by a series of exceptions to its application:
Under article 3, the Decree implements the concept of “country of origin” into Italian law for the purposes of information society services. Specifically, article 3.2 reads: “pursuant to article 2, letter h, this provision cannot limit the free circulation of services by the information society coming from a provider who is established in another member State.” Unfortunately, this concept runs into an immediate hurdle.
According to the definitions contained in article 2, letter c, an established service provider is defined as a “service provider who effectively pursues an economic activity using a fixed establishment for an indefinite period. The presence and use of the technical means and technologies required to provide the service do not, in themselves, constitute an establishment of the provider.” As such, is a UK service provider who opens a server farm in Italy to manage and clear e-commerce transactions established in Italy or the UK? Depending on how this turns out, presumably by a court decision, the service provider will be subject to either Italian or UK law concerning the “coordinated field” requirements set forth in article 2, letter h, which include:
Apart from the above difficulty in interpretation, article 4 of the Decree adds a list of further exceptions to the country of origin principle. These include:
Authorisation for Providers
Article 6 of the Decree provides that pursuit of the activity of an information society service provider may not be made subject to prior authorisation or any other requirement having equivalent effect.
This article has created some controversy among Italian commentators. In particular, the prohibition of prior authorisations would seem to directly conflict with Italian law on distance contracts or sales by correspondence under Legislative Decree n. 114/98, which requires prior communication to the public authorities. In fact, it is rather difficult to understand why telemarketing or mail catalogue sales require prior authorisation, but placing the same catalogue on the internet would not.
The solution to this may be found in paragraph 2 of article 6, which states: “Paragraph 1 shall be without prejudice to authorisation schemes which are not specifically and exclusively targeted at information society services.” Although some commentators believe that the Decree may have an abrogating effect on previous requirements in relation to e-commerce, a more probable interpretation is that paragraph 2 above will leave such prior authorisation schemes in place, since they are not specifically and exclusively targeted at e-commerce. In other words, a service provider will more likely than not need some sort of authorisation to conduct e-commerce in Italy, regardless of the apparent prohibition of such contained in article 6.
Information Requirements for Service Providers
Article 7 of the Decree provides that, in addition to other information requirements for specific goods and services, the service provider shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, the following information:
In essence, the above list can be broken down into two basic concepts. First, in addition to the various items listed, the service provider must also comply with the information requirements for “specific goods and services”, which simply means all other general disclosure and publication requirements of Italian commercial law. Second, this information must be readily accessible, in a direct and permanent manner.
The Decree does, however, add two additional requirements not found in the Directive. These concern an obligation to update the information and the registration of editorial publications. This latter requirement was made necessary by Law 62/2001 concerning norms for publishing and editorial activities, according to which all web sites that contained information or news would have been required to register as journalistic publications.
In order to achieve the goals of increasing consumer confidence, the validity and enforceability of on-line contracts is fundamental. This is dealt with in articles 12 and 13 of the Decree. Although the Decree generated much initial anticipation that the issue of on-line contracts would finally be clarified, in reality the Decree fails to offer much that can truly be considered new. In fact, electronic contracts as well as digital signatures have been recognised as legally valid for a number of years in Italian legislation. While the Decree does provide useful guidelines concerning certain procedures for on-line contracts, the substantive issues relative to formation and enforceability are left to the pre-existing norms contained in the Italian Civil Code.
Turning to the language of the Decree, article 12 states that, in addition to other information requirements for specific goods and services, as well as distance contracts legislation, the service provider shall, except when otherwise agreed by parties who are not consumers, provide the following information clearly, comprehensibly and unambiguously and prior to the order being placed by the recipient of the service:
Norms relative to the conclusion of contracts shall also apply to cases in which the recipient of a good or service of an information society places an order through electronic means. Unless otherwise agreed between parties other than consumers, the provider shall, without undue delay and by electronic means, acknowledge the receipt of the recipient’s order indicating the general and specific conditions applicable to the contract, information on the goods and services provided, pricing details, payment means, right of withdrawals, costs of delivery and applicable taxes. The order and the acknowledgement of receipt are deemed to be received when the parties to whom they are addressed are able to access them.
The exclusion of contracts between parties who are not consumers effectively focuses the objective of these articles on B2C transactions, leaving B2B agreements to be regulated by general commercial law. In addition, the above rules will not apply to contracts concluded exclusively by exchange of electronic mail or by equivalent individual communications, although the reason for this exemption is unclear.
Advertising and Spam
General commercial advertisements must contain information clearly identifying them as such. Specifically, in addition to other information requirements for specific goods and services, commercial communications which are part of, or constitute, an information society service shall from the first delivery contain the following in a clear and unequivocal manner:
Concerning spam, article 9 of the Decree requires the service provider to clearly and unequivocally identify unsolicited commercial e-mail and provide the means for the recipient of the message to elect not to receive future communications. The burden of proof in this case is placed on the service provider. As such, the Decree appears to endorse the “opt out” method for privacy purposes, which apparently contradicts prior Italian legislation on data privacy that clearly provides for an “opt in” procedure.
In addition, the Italian legislature has recently implemented EU Directive 58/2002 concerning data privacy. The implementing legislation, Legislative Decree 196/2003, provides that the use of automated calling systems without human intervention, including e-mail, for the purposes of direct marketing is allowed with the consent of the recipient. Such consent to send materials to an e-mail address has to be made in the context of a sale of a product or service, i.e., the recipient must be given the opportunity to deny consent at the moment his e-mail address is collected. Resolution of the apparent conflict between the various norms will be left to the Italian Privacy Guarantor, which has recently ruled that the fact that an e-mail address is published on a website doe not imply consent to receive unsolicited commercial messages.
Having reviewed the basic contents of the E-Commerce Decree, we return to the original scope proposed for this legislation, i.e., to expand e-commerce by increasing consumer confidence in the security and reliability of on-line transactions. Only time will tell whether or not this goal has been achieved, but, in the opinion of the authors, the Decree is unlikely to have a significant impact on e-commerce in Italy. In fact, considering the number of often conflicting norms in this field, of which the Decree only adds to the confusion, a comprehensive review and integration of the various rules into a single text governing on-line transactions is still needed.