The final form E-commerce Regulations are very similar to the draft Regulations, which themselves were very similar to the EU’s original E-commerce Directive. The Directive introduced a “country of origin” principle on which country’s laws should be followed by businesses, certain new information requirements for web sites, rules on commercial e-mail and rules on liability for hosting, caching or transmitting content or communications.
However, there are some changes in the final Regulations which were laid before Parliament on 31st July. Mostly, these clarify perceived ambiguities in the draft Regulations.
The final Regulations include a new paragraph which clarifies that, subject to certain exceptions:
"…any requirement which falls within the co-ordinated field shall apply to the provision of an information society service by a service provider established in the United Kingdom irrespective of whether that information society service is provided in the United Kingdom or another member State."
The draft Regulations intended the same effect – but the ISPA and others argued that the wording was ambiguous.
The draft Regulations explicitly provided that they neither established additional rules on private international law (i.e. the part of UK law that deals with cases having a foreign element, such as where a contract is made in a foreign country or one or more of the parties is not resident in the UK) nor dealt with the jurisdiction of courts.
The Government stated that the effect of this was that UK courts would continue to follow the requirements of the Private International Law (Miscellaneous Provisions) Act 1995 but that the application of the law dictated by them would be subject to a restrictions test in accordance with the internal market provisions of the Regulations.
The ISPA and others argued that preserving private international law, albeit in modified form, was inconsistent with the intent of the Directive to establish country of origin regulation of information society services and that, as a consequence, the Regulations would fail to provide the legal certainty needed by UK-established service providers to trade and be competitive in Europe.
The Government has removed the provision on private international law accordingly.
The E-Commerce Directive requires the UK to ensure that information society services provided by service providers established in the UK comply with the national provisions applicable here irrespective of where in the European Economic Area the service is being provided.
The ISPA points out that draft Regulations made it explicit that UK enforcement authorities would have to apply UK provisions to UK service providers, even when the recipient was elsewhere in the EEA, and left it implicit that this required UK service providers to comply with UK provisions in the first place.
During the consultation period, some argued that the requirement for UK service providers to comply with UK provisions should be clearly stated. The Government accepts that this would represent a more transparent implementation of the Directive’s requirements and has recast the Regulations accordingly.
However, because of the need to extend the scope of recipients for whose benefit UK enforcement authorities must act, the Regulations also retain the existing wording to this effect.
The draft Regulations set out the conditions upon which an ISP avoids liability for damages for caching information, in order to protect ISPs from responsibility for users’ material over which they have little control.
The final Regulations still mean that ISPs will not be liable for damages, but they add the words, “or for any other pecuniary remedy or for any criminal sanction”.
The same change has been made to liability for hosting material, together with a new wording to make a condition of avoiding liability contingent upon a claim of damages actually having been made.
The draft Regulations provided that each provision most relevant to ISPs on avoiding liability for hosting, caching etc. would act as a defence to criminal proceedings. However, there is a new condition which shifts a burden of proof to the prosecution: where evidence is given by an ISP to show compliance with the relevant conditions set out in the Regulations, the court or jury shall accept that the defence is satisfied unless the prosecution proves beyond reasonable doubt that it is not.
An entirely new clause in the final Regulations provides that, in determining whether an ISP has “actual knowledge” for the purposes of meeting the conditions for avoiding liability for illegal material, “a court shall take into account all matters which appear to it in the particular circumstances to be relevant and, among other things, shall have regard to:
(a) whether [the ISP] has received a notice [to its e-mail address or other contact details, details which must be provided on its web site]; and
(b) the extent to which any notice includes -
(i) the full name and address of the sender of the notice;
(ii) details of the location of the information in question; and
(iii) details of the unlawful nature of the activity or information in question.”