E-commerce regulation: a tangled web

The internet promised a revolution in retailing. ‘One-click’ shopping was heralded as the ultimate in ease and comfort for savvy shoppers. While this remains largely true, increasingly the online retailing experience is characterised by a myriad of terms and conditions (T&Cs), privacy policies, order confirmation e-mails and delivery status notifications that need to be either accepted or responded to when concluding an online transaction. Compliance with regulatory obligations is driving most of these processes and this article sets out a summary of what those primary regulatory obligations are. It will also briefly consider whether a creative implementation of future regulatory requirements by the Irish legislature could be used as a tool to promote Ireland as an intellectual property and e-commerce hub.

Primary Legislation

In addition to domestic consumer rights legislation, EU-based internet retailers need to ensure that their websites and T&Cs comply with three main pieces of legislation:

  1. the Distance Selling Regulations;
  2. the E-Commerce Directive; and
  3. the Unfair Commercial Practices Directive.

Distance Selling Regulations

The EC (Protection of Consumers in Respect of Contracts Made by Means of Distance Communication) Regulations 2001 (the 2001 Regulations) came into effect in Ireland on 15 May 2001. The 2001 Regulations apply to most forms of distance contracts and the main provisions applicable to internet retailers are as follows.

Prior information

To ensure that an internet retailer can enforce it’s T&Cs against a consumer, certain information must be supplied to the consumer before the contract is concluded (this is normally achieved by way of a pop-up, splash page or e-mail). This prior information includes, but is not limited to:

  1. the identity and address of the supplier;
  2. the price and delivery costs, including all taxes;
  3. the existence of a right of cancellation;
  4. the period for which the offer or the price remains valid; and
  5. where appropriate, the minimum duration of the contract.

Written confirmation

In addition, unless the consumer receives confirmation in writing, or in some other accessible durable medium, of the prior information outlined above, the distance contract will not be enforceable against a consumer.

Right of cancellation

The 2001 Regulations introduced a seven-day ‘cooling off’ period for consumers. A consumer has seven working days in which to cancel the distance contract without cause and the only cost payable is the direct cost of returning the goods. This right does not apply to services or goods that are immediately performed or consumed. The T&Cs should expressly provide that the notice of cancellation must be in writing and that the consumer must actually return the goods if it is exercising its cooling off rights, as neither of these points are covered by the 2001 Regulations.

If the consumer is not informed of this cooling off right, the cooling off period is extended by up to three months.

E-Commerce Directive

Directive 2001/31/EC (the E-Commerce Directive) was transposed into Irish law by the EC (Directive 2001/31/EC) Regulations 2003 (SI No 68 of 2003).

Prior information requirements

The main impact of the E-Commerce Directive was that it imposed further prior information requirements (the most important of which are outlined below) over and above those set out in the Distance Selling Regulations.

Businesses operating online must provide the following information to users of their websites in a manner that is ‘easily, directly and permanently accessible’:

  1. name, geographic address and contact details (including a contact e-mail address);
  2. how the user can register its choice in relation to direct marketing;
  3. where the provider is registered in a public register, is subject to an authorisation scheme or is a member of a regulated profession, relevant details should be provided to visitors to the website;
  4. VAT number, if applicable;
  5. details of the technical steps followed to conclude the contract online; and
  6. the manner in which errors can be identified and corrected prior to placing orders.

The E-Commerce Directive also requires that the applicable T&Cs must be made available to customers in a way that can be stored and reproduced.

Unfair Commercial Practices Directive

The EU Unfair Commercial Practices Directive (Directive 2005/28/EC) of 11 May 2005 was implemented in Ireland by the Consumer Protection Act (CPA) 2007. CPA 2007 has entered fully into force, with the exception of ss48-49 dealing with surcharges on certain payment methods.

This legislation introduces a range of measures to encourage compliance with consumer law through self regulation and various enforcement mechanisms that are available to the National Consumer Agency.

CPA 2007 deals with a range of commercial practices, which will be deemed to be unfair if they satisfy the following criteria:

  1. they are contrary to the requirements of professional diligence;
  2. they are likely to impair consumer choice; and
  3. the practices cause the average consumer to make a decision that they would not otherwise have made.

Under CPA 2007 there are three distinct types of unfair commercial practice, namely misleading, aggressive and prohibited practices.

Regulatory Enforcement

Why the need to refocus on the regulatory obligations? A recent study by the European Commission of websites selling electronic goods has found that more than half of the websites studied failed to comply with the consumer protection laws outlined in this article. The main issues arising from the study were:

  • consumers were not told of the seven-day cooling off period;
  • failure to provide full contact details of the service or goods provider;
  • failure to provide full information on the legal right to a refund, replacement or repair of a faulty product; and
  • failure to provide full details of the costs of the product, including delivery and tax costs.

Given that the issue is now making waves at Commission level, it is likely that domestic authorities will start to pay closer attention to the websites of companies located in their jurisdictions, and will seek to sanction and censure any companies whose websites or T&Cs are non compliant. Website operators should take the time to review their websites and T&Cs with their advisers to ensure that they adhere to the consumer legislation outlined above.

Opportunities for Ireland

Much of the legislation discussed has been introduced to ensure that existing consumer protection laws extend to online transactions and also to provide purchasers with effective remedies against online retailers that are located in jurisdictions far removed from the purchaser. While consumer protection will always remain a social priority, a balance needs to be struck against the increasingly complex regulatory regime faced by online retailers (particularly those based in the EU).

Traditionally, a favourable tax regime was one of the most important factors in deciding which jurisdiction to establish a technology business. However, it is likely that internet companies will now consider the relevant regulatory regime as equally important. It is a stated objective of the Irish government to develop a ‘smart economy’, and attract new internet and digital businesses to Ireland. The government should remember that any steps to create a favourable regulatory regime in Ireland for e-commerce, either by way of domestic initiatives or the sympathetic implementation of directives, could help to give Ireland a competitive advantage in attracting internet businesses and creating the smart economy that is strived for.