Legal aspects of the
Digital Single Market
Current framework,
barriers and developments
Martine Wubben LLM MA
Bart W. Schermer PhD LLM
Deniece Teterissa
Legal aspects of the
Digital Single Market
Current framework,
barriers and developments
January 2012
is essay was commissioned by the Ministry of Economic Affairs, Agriculture and
Innovation of the Netherlands. e essay does not, however, express the Ministry's official
views. e views expressed and all conclusions drawn are those of the authors.
Martine Wubben LLM MA
Bart W. Schermer PhD LLM
Deniece Teterissa
Considerati
Postbus 76949
1070 KE Amsterdam
the Netherlands
www.considerati.com
2
Management Summary
ICT in general and the Internet in
particular have opened new possibilities
for cross-border commerce. While ecommerce has grown spectacularly over
the past decades, Europe is still a patchwork of national online markets. As a
result, the consumption of goods and
services as well as commercial and
cultural content, is in large parts still
limited to national markets. In part, this
can be attributed to legal barriers.
in the light of new services and technologies seems necessary.
Online contracts and consumer law
In the area of contract law and consumer
protection, legal barriers mainly flow
forth from the fact that national law still
pre-dominantly governs contract law, and
that European harmonisation of consumer protection law is based on minimum
harmonisation. In 2011, two Directives
(97/7/EC and 85/577/EC) were updated
and integrated into a single Consumer
Rights Directive (2011/83/EU).
is essay explores the current legal
framework for e-commerce in Europe.
Five topics that are of key importance for
trust in cross-border e-commerce are
discussed. ey are:
Furthermore, a Proposal for a Regulation
on Common European Sales Law was
introduced. is is an optional instrument, however. e question remains
whether the trader and the consumer will
choose to apply the optional instrument.
1) General e-commerce legislation
2) Online contracts and consumer law
3) (Online) dispute resolution
4) Personal data protection
5) Electronic signatures
(Online) dispute resolution
A lack of harmonisation of the current
legal framework governing the out-ofcourt settlement of disputes has led to a
fragmented ADR and ODR landscape.
While more than 750 different ADR
schemes currently operate in Europe,
their success is mainly limited to a
national context. Fragmentation has led
to a lack of awareness and difficulties for
consumers and businesses to choose the
appropriate system for their cross-border
disputes. While the harmonisation of
rules for ADR via a new Directive and the
creation of a new ODR system via a
Regulation will strengthen the uptake
out-of-court settlement of disputes, the
fact that legislation governing contracts
For each of these topics, existing legal
barriers for consumers and retailers are
identified. Finally, the latest legal
developments are described.
General e-commerce legislation
e e-Commerce Directive is the foundation of e-commerce legislation in
Europe. While stakeholders recognise the
importance of the Directive for e-commerce in Europe, they do signal issues
when it comes the application of the
Directive. In particular, the fragmentation resulting from diverging national
implementations is troublesome. Furthermore, clarification of the rules on the
liability of intermediary service providers
3
and civil procedures still vary across
Europe presents difficulties for further
uptake of ADR and ODR.
to the vagueness in the current legal
framework, questions about liability,
limited interoperability, complexity and
costs associated with the use of electronic
signatures. It is necessary that any new
legislation remains technology neutral,
strives to avoid acting as a barrier or a
slowing factor in developing new or
improving existing solutions and focuses
on services that are likely to be used in
cross-border scenarios where mutual legal
recognition and clear legal effect presents
a certain added value. Practical guidance
based on good standards in addition to
legislation is also necessary to ensure that
the rules of the internal market can be
applied correctly and homogeneously.
Supervision and certification of certification service providers should be
harmonised in the EU.
Personal data protection
Trust in the fairness, legitimacy and
security of data processing is of vital
importance for the success of (crossborder) e-commerce. Although the introduction of a uniform, harmonised European system in 1995 has strengthened
the internal market and provided higher
levels of protection for European citizens,
the Directive is not flawless. Differences
between national implementations of the
Data Protection Directive have led to
rising compliance costs and
administrative burdens for data
controllers, hampering cross-border
trade. is problem is magnified by
different approaches to enforcement by
national Data Protection Authorities.
In all the topics we see that the legal
barriers identified primarily arise from
the fact that the legal framework in
Europe is still a patchwork of national
laws and regulations. Divergences exist
not only in areas which have not been
regulated by EU law, but also in areas
which have been partially harmonised at
the EU level on the basis of minimum
harmonisation. is has left room for
different national approaches to legislation. Differing legal regimes and
interpretations of supervisory bodies
throughout Europe further raise the costs
of compliance for retailers and undermine
the trust of consumers in cross-border ecommerce.
Furthermore, limited awareness about the
rights and obligations under the Data
Protection Directive undermines consumer trust. To truly harmonise data
protection in Europe, a new proposal for a
General Data Protection Regulation will
be released. e draft of this proposal
shows an ambitious framework for the
future of data protection of Europe.
However, given the far-reaching
implications for data controllers, the draft
was met with quite some criticism.
Electronic signatures
e uptake of electronic signatures as a
means of trust in cross-border e-commerce has been limited. is is mainly due
4
Table of contents
1. Introduction ...................................................................................................7
1.
2.
3.
4.
Problem statement ................................................................................................7
Research goal .........................................................................................................8
Methodology ..........................................................................................................8
Overview................................................................................................................9
2. General e-commerce legislation.....................................................................11
1.
2.
3.
4.
Current legal framework ......................................................................................11
Barriers ................................................................................................................12
Developments ......................................................................................................13
Interim conclusions ..............................................................................................15
3. Online contracts and consumer protection ....................................................17
1.
2.
3.
4.
Current legal framework ......................................................................................17
Barriers ................................................................................................................19
Developments ......................................................................................................20
Interim conclusions ..............................................................................................22
4. (Online) dispute resolution ...........................................................................24
1.
2.
3.
4.
Current legal framework ......................................................................................24
Barriers ................................................................................................................25
Developments ......................................................................................................27
Interim conclusions ..............................................................................................27
5. Data protection.............................................................................................29
1.
2.
3.
4.
Current legal framework ......................................................................................29
Barriers ................................................................................................................31
Developments ......................................................................................................33
Interim conclusions ..............................................................................................35
6. Electronic signatures ....................................................................................37
1.
2.
3.
4.
Current legal framework ......................................................................................37
Barriers ................................................................................................................38
Developments ......................................................................................................40
Interim conclusions ..............................................................................................41
7. Conclusions...................................................................................................42
5
6
1 Introduction
e EU Single Market, the common area of
the 27 EU Member States where goods,
services, capital and persons can move
freely, forms the core of the European
Union. Between 1992 and 2006 the Single
Market generated 2.75 million jobs and
2.15% of extra growth for the European
economy.1
investments).3 e Internet in particular
has allowed businesses, governments and
consumers to communicate and interact
faster, cheaper and more efficient.
e Internet has also allowed for new
forms of e-business and e-commerce,
enabling consumers to access goods and
services from all over Europe. e Internet
eco-nomy creates 2.6 jobs for every ‘offline’ job lost and the gains brought by lower
online prices and a wider choice of available
products and services are estimated at EUR
11.7 billion, equivalent to 0.12 % of
European GDP.4
Currently, 21 million European companies
cater to 175 million jobs and supply 500
million consumers in the Single Market.2
As such, the Single Market is of great
impor-tance for the future prosperity and
welfare of all Europeans.
ICT has facilitated the growth and
integration of the Single Market. e ICT
sector itself is directly responsible for 5%
of European GDP, with a market value of
€660 billion annually.
1.1 Problem statement
While e-commerce has grown spectacularly
over the past decades, Europe is still a
patchwork of national online markets. As a
result, the consumption of goods and
services as well as commercial and cultural
content is still predominantly limited to
national markets. e volume of crossborder e-commerce transactions lags far
Furthermore, it contributes significantly to
overall productivity growth (20% directly
from the ICT sector and 30% from ICT
1
Barnier, M. (2006), A Single Act of Togetherness, in: Public Service Review European Union: issue 22, p. 30.
2
European Commission, DG Internal Market and Services (2010), Your Digital Market? Single Market Act for a
highly competitive social market economy, Luxembourg: Publications Office of the European Union, p. 6.
3
Communication from the European Commission to the European Parliament, the Council, the European
Economic and Social Committee and the Committee of the Regions, A Digital Agenda for Europe, Brussels,
COM(2010) 245, 19 May 2010 (Digital Agenda for Europe), p. 4.
4
Commission Staff Working Paper, Online services, including e-commerce, in the Single Market, Accompanying the
document: Communication from the Commission to the European Parliament, the Council, e European
Economic and Social Committee and the Committee of the Regions, A coherent framework to boost confidence in
the Digital Single Market of e-commerce and other online services.
7
behind the e-commerce volumes within
national markets.
legal framework also facilitates new market
opportunities for new types of content.9
As part of the Digital Agenda, the European
Commission aims to have 20% of European
consumer buying online cross-border by
2015.5 Stimulating the growth of a ‘Digital
Single Market’ means removing the
barriers that currently exist. ese barriers
are technical, cultural, and legal in nature.
In this essay we will focus on the legal
barriers.
e twofold problem statement for this
essay is thus formulated as follows:
What legal obstacles do retailers and consumers experience when it comes to cross-border
e-commerce?
How are these obstacles addressed in
the current legal framework and/or proposals
for changes to the legal framework for
e-commerce?
An important barrier for the further
development of cross-border e-commerce is
a lack of harmonisation in the legal framework for e-commerce.6 Divergences exist
not only in areas which have not been
regulated by EU law (e.g. general contract
law), but also in areas which have been
partially harmonised at Union level on the
basis of minimum harmonisation (e.g.
consumer protection law).7
1.2 Research goal
e goal of this essay is to give an overview
of the current legal framework for crossborder e-commerce in Europe, describe
regulatory developments, and outline the
legal obstacles retailers and consumers face
when it comes to cross-border e-commerce.
As such, this essay will fuel the discussion
on what regulatory and legislative steps
need to be taken to further stimulate the
(Digital) Single Market in Europe and reach
the ambitious goals set in the Digital
Agenda.
is has left room for different national
approaches to consumer protection
legislation. Differing legal regimes and
interpretations of supervisory bodies
throughout Europe raise the costs of
compliance for retailers and undermine the
trust of consumers in cross-border e-commerce.8
is essay focuses on business-to-consumer
(B2C) cross-border commerce. To a lesser
extent the consumer-to-consumer (C2C)
market is taken into account.
Apart from an effective and efficient legal
framework for current forms of crossborder e-commerce, we should also look
towards the future and ensure that the
5
1.3 Methodology
is essay is descriptive in nature and gives
a ‘state of play’ based on desk research and
Commission Staff Working Paper, Digital Agenda Scoreboard SEC (2011) 708.
6
For instance: 31% of retailers think a more harmonised regulatory environment would boost their cross-border
sales.
7
Green Paper from the Commission on policy options for progress towards a European Contract Law for consumers and
businesses, Brussels, 1.7.2010 COM(2010) 348 final.
8
A small poll we did under Dutch online retailers as part of this essay showed that 14 out of 19 retailers (73%)
felt that the fragmented legal framework in Europe dissuaded them from doing cross-border e-commerce.
9
Kroes, N. (2011), e Digital Agenda: Europe's key driver of growth and innovation, Speech/11/629.
8
interviews with relevant stakeholders. e
stakeholders include Dutch representatives
of consumers (Consumentenbond), retailers (uiswinkel.org), the online market
places (Overleg online handelsplaatsen),
supervisory authorities (Consumentenautoriteit), and a public-private partnership aimed at stimulating e-commerce
(ECP-EPN).10
1.4 Overview
is essay explores the current legal framework for e-commerce in Europe. Five topics
that are of key importance for trust in
cross-border e-commerce will be discussed.
ey are:
1) General e-commerce legislation
2) Online contracts and consumer law
3) (Online) dispute resolution
4) Personal data protection
5) Electronic signatures
For each of these topics, an overview of the
current legal framework and relevant
regulatory developments is given. Subsequently, we explore the obstacles online
retailers and consumers experience in
relation to these topics.
10
e statements in this paper do not necessarily reflect the opinions of the individual stakeholders.
9
10
2 General e-commerce legislation
Directive 2000/31/EU of the European
Parliament and of the Council of 8 June
2000 on certain legal aspects of information society services, in particular
electronic commerce, in the Internal
Market (the e-Commerce Directive) is the
foundation of the European legal
framework for e-commerce. e internal
market clause in particular, which states
that the Member States may not restrict
the freedom to provide information-society
services from another Member State, is the
cornerstone of the Digital Single Market.11
In this chapter we address several of the
key provisions of the e-Commerce
Directive.
Article 5 of the e-Commerce Directive
prescribes general information requirements for information society providers. It
states that information society service
providers have the duty to give clear and
easily accessible information about their
identify and contact details, including email address, as well as information about
trade registries.
Article 6 and 7 deal with commercial communications, such as online marketing.
Commercial communications should, on
top of other EU information requirements,
be clearly identifiable as such, as well as the
identity of the sender. Article 7 addresses
the issue of unsolicited commercial
communication.
2.1 Current legal framework
e e-Commerce Directive covers different
legal aspects of the information society in
general and e-commerce in particular. e
Directive covers topics like applicable law,
information requirements for information
society services, online commercial
commu-nication, (treatment of) online
contracts, and the liability of
intermediaries such as Internet service
providers (ISPs).
Article 9 prohibits Member States to create
obstacles for the use of electronic contracts
and/or provisions in national law that
result in contracts being deprived of legal
effectiveness and validity on account of
their having been made by electronic
means. Member States must also takes
measures to ensure that a service provider
acknowledges the receipt of the recipient's
order without undue delay and by electronic means in an accessible form, unless
agreed otherwise by business parties
(article 11). In addition to the aforementioned information obligations, article
10 of the e-Commerce Directive establishes
that, on top of other EU information
requirements, certain information about
the contract must be given by the
e e-commerce Directive determines that
the applicable law for information society
service providers is based on the country of
origin. is principle, set forth in article 3
of the e-Commerce Directive, stipulates
that Member States must ensure that the
(national) provisions of the Member State
on which territory the service provider is
established applies to the information
society services it provides.
11
Commission communication to the European Parliament, the Council, the Economic and Social Committee
and the Committee of the Regions, A coherent framework for building trust in the Digital. Single Market for ecommerce and online services, p. 5.
11
information society service prior to the
conclusion of the online order.
Limitations of the scope
Several barriers experienced by consumers
concerning online trade fall outside the
scope of the Directive, for example problems related to receiving and returning the
goods.14 In 2010, 16% of the EU consumers
engaged in cross-border trade experienced
a delay in the delivery of their order, and
5% said that their order had not been
delivered at all.15 Retailers also experience
barriers when it comes to receiving and
returning goods. Differences of postal
systems between EU Member States cause
a barrier for retailers to engage in crossborder commerce. ere is uncertainty
about the costs, time, tracking possibilities
and flexibility of delivering the goods.
Articles 12, 13 and 14 of the e-Commerce
Directive concern the conditions under
which certain types of intermediary service
providers are exempted from liability with
regards to the information they transmit,
cache or host upon the request of others.
2.2 Barriers
Although stakeholders throughout Europe
think the e-Commerce Directive is an
instrument that has promoted the development of information society services
in the EU, they do identify several issues
with the Directive.12
Fragmentation
Often mentioned as a specific obstacle to
the development of e-commerce is the fragmentation of EU law. Many respondents
considered the Internal Market clause
(article 3) to be absolutely essential for the
development of e-commerce within the EU,
but note that there is divergence in the
national implementation of the Directive
that hampers harmonisation nonetheless.
Some respondents called on the Commission to exercise more control over the
application of the Internal Market clause.13
Furthermore, the core principle of the eCommerce Directive is the country of
origin principle. However, contractual
obligations fall outside the scope of the
country of origin principle.16 In a study
from 2006, 43% of the interviewed firms
stated that cross-border sales would
increase if the country of origin principle
covered the contractual obligations.17
Transparency obligations
e e-Commerce Directive requires online
service providers to comply with several
transparency obligations. From the pers-
12
Summary of the results of the Public Consultation on the future of electronic commerce in the Internal Market
and the implementation of the Directive on electronic commerce (2000/31/EC).
13
Summary of the results of the Public Consultation on the future of electronic commerce in the Internal Market
and the implementation of the Directive on electronic commerce (2000/31/EC).
14
Copenhagen Economics, “Study on the Economic impact of the Electronic Commerce Directive, final report
September 2007, page 29.
15
Flash Barometer 299, ‘Consumer attitudes towards cross-border trade and consumer protection, Analytical
report September 2010, p. 47.
16
Article 3 (3) and Annex, Directive 2000/31/EU.
17
Flash Eurobarometer, ‘Business Attitudes Towards Cross Border Sales’, 2006.
12
pective of the retailer, these transparency
obligations have mainly led to increased
compliance costs, while they have provided
only limited protection from the
perspective of the consumer. It is suggested
that the e-Commerce's transparency obligations require further refinement, and may
even have become superfluous.18
models. Although articles 12, 13, and 14
are considered technology neutral, they are
obviuously fashioned around the classic
models of ISPs. Uncertainty regarding the
liability of new Internet services such as
search engines, online marketplaces, social
media and cloud computing services
hampers the roll out of these services in
Europe.21
ISP liability
e diverging interpretations of the
Articles 12, 13 and 14 by both the legislators and the courts at the national level,
have led to a fragmented framework on ISP
liability. is has mainly to do with the
wording of the articles. First of all, it seems
unclear what has to be classified as ‘mere
conduit’, ‘caching’ and ‘hosting’.
Finally, there is consensus in favour of
harmonisation of notice-and-takedown
procedures and clarity on the rules for
filtering and blocking of Internet traffic.
e absence of a pan-European notice-andtakedown regime leads to legal uncertainty
for online intermediaries and practical
difficulties for rights holders to take down
illegal content.22 e same goes for filtering
and blocking. While there is no prior obligation for ISPs to monitor Internet traffic
there is an increasing pressure on ISPs to
take an active role in online enforcement.
is has led to blockades of sites like the
Pirate Bay in countries such as Italy and
Finland, but a ban on blockades in for
instance Germany.
Secondly, there are difficulties concerning
the interpretation of ‘actual knowledge’ in
the exemption from liability of ‘hosting
service providers’.19 To assume ‘actual
knowledge’ some Member States require a
formal procedure and official notification
by authorities, while other Member States
let the courts determine when an ISP has
actual knowledge.20 In part, this fragmentation of the regime for ISP liability is the
result of new and changing business
2.3 Developments
e Commission recognises that there are
problems with the current e-Commerce
18
DLA Piper, ‘EU study on the legal analysis of a Single Market for the Information Society, New rules for a new
age?’ November 2009, Executive summary, p. 3.
19
Article 14 (1)(a), Directive 2000/31/EU.
20
Study on the liability of internet intermediaries, November 2007, p. 14.
21
DLA Piper, ‘EU study on the legal analysis of a Single Market for the Information Society, New rules for a new
age?’, November 2009, Executive summary, p. 3.
22
DLA Piper, ‘EU study on the legal analysis of a Single Market for the Information Society, New rules for a new
age?’, November 2009, Executive summary, p. 3-4.
13
Directive. erefore it has announced the
evaluation of the impact of the e-Commerce Directive as point nine in its planned
actions for the Digital Single Market within
the Digital Agenda for Europe.23 Electronic
commerce is also selected as the fifth most
important action point in preparation of
the EU Single Market Act.24
internal market clause regarding consumer
contracts should be maintained. It finds
that the rules on unsolicited commercial
communications should be technology
neutral and apply to all communication
technologies. e provisions on ISPs
liability provide a balanced framework that
clarifies the obligations of service providers
and protects the interests of rights holders
and should therefore be maintained.
However, new Internet services should be
included in the scope of the liability provisions of the e-commerce Directive. On the
other hand the application of technical
measures, such as filtering, to prevent
infringements on intellectual property
rights should be rejected.26
e European Parliament, in reaction to
the proposed e-Commerce revisions
announced in the Digital Agenda, calls for a
study on harmonised rules within the EU
to promote a common market in cloud
com-puting and e-commerce. It takes the
view that the Directives constituting the
legal framework for the information
society appear out of date due to the
increased complexity of the online
environment, the introduction of new
technologies and the fact that EU citizens’
data are increasingly processed outside of
the EU.25
EMOTA, the European Mail Order and eCommerce Trade Association, signals issues
with the internal market clause of the
Directive. EMOTA argues that there are
still national protectionist tendencies that
hamper the uptake of e-commerce. EMOTA
specifically notes that the ‘reserved area’
component of the European Postal Directive, VAT exemptions and prohibitive
authorization and licensing procedures can
distort the marketplace and discourage new
players from entering a market. According
BEUC, the European Consumers' Organisation, is opposed to any revision of the eCommerce Directive and, instead, calls for
a clarification of some of its provisions with
the aim of enhancing legal certainty. BEUC
takes the view that the exception to the
23
Planned actions for the Digital Single Market (pillar I) of the Digital Agenda for Europe, via http://
ec.europa.eu/information_society/newsroom/cf/fiche-dae.cfm.
24
Commission Staff Working Paper, Overview of responses to the public consultation on the Communication
‘Towards a Single Market Act’, Accompanying document to the Communication from the Commission to the
Council, the European Parliament, the European Economic and Social Committee and the Committee of e
Regions, A Single Market Act: Twelve levers to boost growth and strengthen confidence "Working together to
create new growth", {COM(2011) 206 final} Brussels, 13.4.2011 SEC(2011) 467 final.
25
A new Digital Agenda for Europe: 2015.eu, European Parliament resolution of 5 May 2010 on a new Digital
Agenda for Europe: 2015.eu, P7_TA(2010)0133, May 2010, 35-39.
26
Public Consultation On e Future Of Electronic Commerce In e Internal Market And e Implementation
Of e Directive On Electronic Commerce (2000/31/EC) BEUC Response.
14
to EMOTA different laws on credit makes
and piracy (e.g. music file-sharing) are also
legal barriers to the further uptake of
online services.27
ssion’s first action point is to ensure that
the E-Commerce Directive is correctly
applied by improving administrative
cooperation with the Member States.30
With regard to commercial communications, respondents to the Commission
consultation on the e-Commerce Directive
noted several problems. First, the lack of
adequate enforcement of the rules on
unsolicited commercial communications.
2.4 Interim conclusions
e e-Commerce Directive provides the
foundation of e-commerce legislation in
Europe. While stakeholders recognise the
importance of the Directive for ecommerce in Europe, they do signal issues
when it comes the application of the
Directive. e fragmentation resulting
from diverging national implementations is
particularly troublesome. Furthermore, the
rules on intermediary service provider
liability need clarification. Although they
do not need a complete overhaul,
clarification in the light of new services and
technologies does seem necessary.
Second, the divergence in the application of
the EU legal framework in different
Member States, such as different definitions of ‘electronic mail’. Mentioned as a
third obstacle, is the lack of clarification
about the application of EU rules to new
technologies, for instance on Bluetooth
marketing and in relation to social
networks.28
With regard to intermediary liability, the
majority of respondents argued that a
revision of the e-Commerce Directive’s
liability regime is unnecessary. e existing
rules, however, do require clarification. A
vast majority is in favour of developing a
harmonised EU notice-and- takedown
procedure.29
Based on the results of the consultation,
the Commission adopted an e-Commerce
Communication in January of 2012. e
Communication contains sixteen actions
aimed at doubling the volume of ecommerce in Europe by 2015. e Commi27
EMOTA Response to the public consultation on the future of electronic commerce in the internal market and
the implementation of the Directive on Electronic Commerce
(2000/31/EC).
28
Summary of the results of the Public Consultation on the future of electronic commerce in the Internal Market
and the implementation of the Directive on electronic commerce (2000/31/EC).
29
Summary of the results of the Public Consultation on the future of electronic commerce in the Internal Market
and the implementation of the Directive on electronic commerce (2000/31/EC).
30
European Commission, Commission Communication To e European Parliament, e Council, e Economic
And Social Committee And e Committee Of e Regions, A coherent framework for building trust in the
Digital Single Market for e-commerce and online services, {SEC(2011) 1640} {SEC(2011) 1641}, COM(2011) 942.
15
16
3 Online contracts and consumer protection
e 493 million consumers in the EU
generate about half of the EU’s wealth, and
therefore are central to the success of the
Single Market.31 New technologies give
consumers new options for purchasing
goods and services without physical presence in a store. As more and more consumers are engaged in so-called ‘distance
sales’ the rules governing these contracts
and the protection of consumer rights
become increasingly important.
these Directives provide the core of the
legal framework for consumer protection in
Europe (‘the consumer acquis’).33 Also
relevant in this respect is the Unfair
Commercial Practices Directive (2005/29/
EC).34
e Distance Selling Directive lays down
detailed provisions with respect to a
distance contract between a supplier and a
consumer. e Directive’s main purpose is
to provide protection to consumers
entering into distance contracts. A distance
contract is:
3.1 Current legal framework
Consumer protection law and the rules for
distance sales (e.g., mail order, e-commerce) are enshrined in national law.
Furthermore, there are three different
Directives that cover the relation between
consumer protection and distance sales at
the EU level. ey are: Directive 97/7/EC
(Distance Selling Directive), Directive
93/13/EEC (Unfair Contract Terms Directive), and Directive 1999/44/EC (Sale of
Consumer Goods and Guarantee Directive).32 Together with a fourth Directive,
the Doorstep Selling Directive (85/577/EC)
“any contract concerning goods or services
concluded between a supplier and a consumer
under an organized distance sales or serviceprovision scheme run by the supplier, who, for
the purpose of the contract, makes exclusive
use of one or more means of distance
communi-cation up to and including the
moment at which the contract is concluded”.35
One of the most important provisions for
the consumer is the right to withdrawal.36
31
Communication from the European Commission to the European Parliament, the Council, the European
Economic and Social Committee and the Committee of the Regions, on the enforcement of the consumer acquis,
Brussels, 2.7.2009 COM(2009) 330 final, p. 2.
32
Directive 97/7/EC of the European Parliament and of the Council of 20 May 1997 on the protection of
consumers in respect of distance contracts; Council Directive 93/13/EEC of 5 April 1993 on unfair terms in
consumer contracts; Directive 1999/44/EC of the European Parliament and of the Council of 25 May 1999 on
certain aspects of the sale of consumer goods and associated guarantees.
33
Council Directive 85/577/EEC of 20 December 1985 to protect the consumer in respect of contracts
negotiated away from business premises. We shall not discuss the Doorstep Selling Directive any further, as it is
not relevant to the issue of cross-border e-commerce.
34
Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair
business-to-consumer commercial practices in the internal market and amending Council Directive 84/450/EEC,
Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation
(EC) No 2006/2004 of the European Parliament and of the Council.
35
Article 2, paragraph 1, Directive 97/7/EC.
36
Article 6, Directive 97/7/EC.
17
is means the consumer has a period of at
least seven working days in which it is
allowed to withdraw from the contract
without penalty and without giving any
reason (cooling-off period). Furthermore,
the Distance Selling Directive imposes rules
on the distance seller, for instance the
obligation to inform the consumer about
certain conditions of the contract. e
supplier must provide the consumer
written information on the conditions and
procedures for exercising the right of
withdrawal in due time prior to the
conclusion of any distance contract. In
addition, the consumer shall be provided
with information regarding the main
characteristics of the goods or services and
the arrangements for payment, delivery or
performance of the contract.37 e period
for exercise of withdrawal starts when the
consumer receives the ordered goods, or in
case of a service agreement, with the
conclusion of the contract.
Directive 99/44/EC (the Sale of Consumer
Goods and Guarantees Directive) regards
certain aspects of the sale of consumer
goods and associated guarantees. e
purpose of the Directive is to ensure a
uniform minimum level of consumer protection in the context of the European
internal market, by offering guarantees to
consumers. An important provision is the
obligation of the seller to deliver goods to
the consumers, which are in conformity
with the contract of the sale. e seller
shall be held liable where the lack of
conformity becomes apparent within two
years as from delivery of the goods.39 e
consumer must inform the seller of the lack
of conformity within a period of two
months from the date on which he
detected such lack of conformity.40
Furthermore, any contrac-tual term or
agreement concluded with the seller before
the lack of conformity is brought to the
seller's attention, which directly or
indirectly waives or restricts the rights
resulting from this Directive, shall not be
binding on the consumer.41
A contract generally includes the terms and
conditions of the sale. In most cases the
consumer cannot negotiate these terms
and conditions. erefore, Directive 93/13/
EEC (the Unfair Contract Terms Directive)
aims to protect the consumer against
unfair terms, which might be included in
the contract between the consumer and the
supplier. With respect to this Directive, one
of the most important provisions is the
obligation that terms are drafted in plain
and intelligible language. Where there is
doubt about the meaning of a term, the
interpretation most favourable to the
consumer shall prevail (the contra
proferentem rule).38
37
Article 4, Directive 97/7/EC.
38
Article 5, Directive 93/13/EEC.
39
Article 5, (1), Directive 99/44/EC.
40
Article 5, (2), Directive 99/44/EC.
41
Article 7, (1), Directive 99/44/EC.
It is relevant to note is that all three
Directives discussed above are based on
minimum harmonisation, which means
Member States can maintain more
stringent provisions than mentioned in the
Directives. In other words, the actual level
of protection consumers enjoy may differ
from Member State to Member State.
Directive 2005/29/EC of 11 May 2005
concerning unfair business-to-consumer
commercial practices in the internal market
18
(the Unfair Commercial Practices Directive)
is based on maximum harmonisation and
provides a general framework for protecting the economic interests of consumers
who conclude commercial transactions
with traders by defining the unfair
commercial practices that are prohibited
EU.
Germany has a 14 day cooling-off period.42
erefore, it is often unclear to consumers
what their right are, which is important for
consumer confidence in the cross-border
market. However, consumers are always
entitled to the European minimum and in
many cases the consumer rights of the
consumer’s country of origin apply.
erefore, the newly adopted Directive on
Consumer Rights fully harmonises parts of
the consumer acquis. For distance selling
contracts the cooling off period will become
14 days in all Member States.
Unfair commercial practices are those that
do not comply with the principle of
professional diligence or may influence
consumers’ transactional decisions. Annex
1 to the Directive sets out a so-called blacklist of "commercial practices that are, in all
circumstances, considered unfair". ese
unfair commercial practices are divided
into 'misleading commercial practices' and
'aggressive commercial practices.
e legal status of digital goods
Directive 99/44/EC (the Sale of Consumer
Goods and Guarantees Directive) concerns
‘tangible goods’.43 However, nowadays
consumers also purchase intangible, digital
products on Internet. In that case there are
contracts with respect to the purchase
‘digital content’, which is content produced
and supplied in digital form, such as
3.2 Barriers
In the area of consumer protection retailers
and consumers experience the following
legal barriers to cross-border e-commerce.
computer programs, videos, music and
applications. In order to apply this
Directive and Directive 97/7/EC to the
purchase of digital content, digital content
has to fall within the scope of the definition
of a ‘good’ or ‘service’. Besides, the hybrid
character of digital content seems to add to
the uncertainty and difficulty on defining
digital content.44 e purchase of digital
content can encompass both a physical
copy of the software, an online update
service, and a real-time (re-mote) software
Fragmentation
e fact that the legal framework governing distance sales and consumer contracts
is based on minimum harmonisation, has
led to different implementations of the
Directives and different levels of protection
for the consumer within Europe in practice.
For instance, the Directive prescribes a
‘cooling-off period’ with a minimum of 7
working days. e Netherlands provides a 7
working days cooling-off period, while
42
Article 7:46d Dutch Civil Code; Article §355(1) Bürgerliches Gezetsbuch.
43
Article 2, (2), (b) Directive 99/44/EC.
44
Cseres, K. J., Guibault L., Helberger, N., Loos, M. B. M., Mak, C., Pessers, L., Van der Sloot, B., Tigner, R.
(2011), Comparative analysis, Law & Economics analysis, assessment and development of recommendations for possible
future rules on digital content contracts.
19
ser-vice.45 erefore, digital content can be
considered both a service and a good. us,
what rules apply to the purchase of ‘digital
content’ is not clear yet.
uncertainty for businesses and a lack of
consumer confidence in the internal
market. Surveys show the differences in
contract law as one of the main obstacles in
cross-border trade.47 Already in 2001, the
Commission launched her Communication
on European Contract Law, which aims to
address the issue of fragmentation of EU
contract law.
Enforcement and redress
While EU consumer protection law
provides a high level of protection, it must
be enforced effectively to actually help
consumers. In the area of enforcement
there are significant challenges. First of all,
effective enforcement by supervisory
authorities is hampered by the fragmentation of consumer protection law. Crossborder enforcement calls for agreement on
the principles determining the applicable
law and the reconciliation of differing
administrative capacities and enforcement
traditions in Member States.46 Secondly,
there are jurisdictional boundaries that
limit the effectiveness of the supervisory
authorities.
e Common European Sales Law
e most recent development regarding
European Contract Law is ‘e Proposal for
a Regulation on Common European Sales
Law’, launched by the European Parliament
and Council on October 11, 2011.48 is
Regulation is partly a reaction on the
published ‘Green paper on policy options
for progress towards a European contract
law for consumers and businesses’ of the
Commission launched in 2001.49 e
overall objective of the proposal is “to
improve the establishment and the functioning of the internal market by facilitating the expansion of cross-border trade
for business and cross- border purchases
for consumers”.50 us, the focus is on B-C
transactions.51
Apart from the enforcement of consumer
protection law by supervisory authorities,
consumers themselves can also seek
redress. However, seeking redress through
the courts is costly and difficult for
consumers (see chapter 4).
Furthermore, the purchase of ‘digital
content’ is completely implemented in the
Regulation. e terms 'goods' and 'digital
content' are often used simultaneously, so
3.3 Developments
e differences in national legislation
regarding contract law can lead to legal
45
Cseres, K. J., Guibault L., Helberger, N., Loos, M. B. M., Mak, C., Pessers, L., Van der Sloot, B., Tigner, R.
(2011), Comparative analysis, Law & Economics analysis, assessment and development of recommendations for possible
future rules on digital content contracts, p. 14.
46
Communication from the European Commission to the European Parliament, the Council, the European
Economic and Social Committee and the Committee of the Regions, on the enforcement of the consumer acquis,
Brussels, 2.7.2009 COM(2009) 330 final, p. 4.
47
Eurobarometer 321 of 2011, European Contract Law in consumer transactions, 2011.
48
COM(2011) 635 final, Proposal for a Regulation on Common European Sales Law, 11 October 2011.
49
COM(2010) 348 final, Green paper on policy options for progress towards a European contract law for consumers
and businesses, Brussels July 1 2010.
50
COM(2011) 635 final, p. 4.
51
Recital 21, COM (2011)635 final.
20
most provisions apply to goods as well as to
digital content.
meaning Member States must stay as close
to the Directive as possible in their
national implementation.53 Full harmonisation will lead to more clarity and
protection for the consumer.
e purpose of the proposed Regulation is
to introduce into the laws of the Member
States an alternative sales law regime,
which contracting parties can choose as the
law governing their relationship. is
means that the Common European Sales
Law will exist alongside the existing
national rules of the Member State
regarding contract law. Also, the Common
European Sales Law is only applicable law
in those cases where parties explicitly agree
on this, which means it is an optional
instrument.
e Directive prescribes that Member
States all have the same right of withdrawal
term of 14 days, instead of the ‘minimum
of 7 working days’ as prescribed by the
Distance Selling Directive.54 Furthermore,
the trader has to provide the consumer
with more comprehensive and detailed
infor-mation before the consumer is bound
by distance and off-premises contracts. If
the trader has not provided the consumer
with the information on the right of
withdrawal, the withdrawal period shall be
extended to 12 months.55 e Directive
also provides a withdrawal form to give
more clarity on how the right to withdraw
can be exercised.
Modernisation and harmonisation of the
consumer acquis
e Directives regarding the protection of
the consumer with respect to contract law
only entail minimum harmonisation.52
Minimum harmonisation can lead to
different implementations and thus to
different national regulation on consumer
protection.
Another important aspect in adopting the
Directive was the protection of the
consumer who purchases ‘digital content’.
e Directive explicitly states contracts for
the supply of digital content also fall within
the scope of the Directive. Digital content
is defined as “data which are produced and
supplied in digital form”.56 Furthermore, if
digital content is supplied on a tangible
medium, such as a CD or DVD, it should
not be considered as digital content.57 is
means that in case a consumer purchases
digital content, which is supplied on a
Directive 2011/83/EU (the Consumer
Rights Directive) was adopted on October
10 2011. Member States have two years to
implement the Directive from the date of
publication. is Directive will replace
Directive 85/577/EC (the Doorstep Selling
Directive) and Directive 97/7/EC (the
Distance Selling Directive). It is based on
the principle of full harmonisation,
52
See for example: Directive 93/13/EC, Directive 85/577/EC, Directive 99/44/EEC, Directive 97/7/EC, Directive,
Directive 90/314/EEC, Directive 94/47/EC and Directive 98/6/EC.
53
Article 4, Directive 2011/83/EU.
54
Article 9,(1), Directive 2011/83/EU; Article 6,(1), Directive 97/7/EU.
55
Article 10, (1), Directive 2011/83/EU.
56
Article 2, (11), Directive 2011/83/EU.
57
Recital 19, Directive 2011/83/EU.
21
tangible medium, he/she has the right of
withdrawal, starting from the day of the
conclusion of the contract.58 Also, the
trader has to provide the consumer with
information before the conclusion of the
contract, such as “any relevant interoperability of digital content with hardware
and software that the trader is aware of or
can reasonably be expected to have been
aware of”.59
legal obligations is unlikely to elect to use it
unless they feel it provides them with some
additional benefit over and above existing
law.60 In addition, critics say that for the
optional instrument to work effectively, it
is necessary the trader and the consumer
have the ability to compare their national
law with the Common European Sales
Law.61 e question remains whether or
not the trader and the consumer will
choose for the optional instrument and the
European internal market can actually be
improved.
3.4 Interim conclusions
e Proposal for the Regulation on
Common European Sales Law is an
optional instrument. As this proposal has
only been published a few months ago,
there has not been much feedback on the
proposal just yet. However, some critics say
the optional instrument does not add
enough value to the contract process for
traders, to want to adopt it and use it as an
alternative to the legal system that they
know and trust. Furthermore, the
consumer who does not understand the
58
Article 9, (2) (c) Directive 2011/83/EU.
59
Article 6, (1) (s) Directive 2011/83/EU.
Although the new Consumer Rights
Directive provides harmonisation on
consumer rights with respect to contract
law, it does not impose any further set of
rules relating to guarantees or ‘unfair
terms’.62 As such, fragmentation of national rules on consumer protection will likely
remain to exist.
60
Euro Commerce (2011), EuroCommerce Response to the European Commission consultation on the
“Feasibility Study” carried out by the Expert Group on European Contract Law for stakeholders and legal
practitioners.
61
EMOTA (2011), EMOTA Response to the public consultation on the Green Paper on policy options for
progress towards a European Contract Law for consumers and businesses COM (2010) 348 final, page 2.
62
SEC (2011) 1641, Commission staff working paper, Online services, including e-commerce, in the Single
market.
22
23
4 (Online) dispute resolution
In 2010, approximately 20% of European
consumers encountered problems when
buying goods and services in the internal
market. It is estimated that about 56% of
these complaints flow forth from e-commerce transactions.63 e losses incurred by
European consumers as a result of these
problems are estimated at 0.4% of the EU
GDP.64
To mitigate this problem alternative forms
of dispute resolution (ADR) have been
developed. Forms of alternative dispute
resolution (ADR) include: complaints assistance, non-binding evaluation, mock-trials,
mediation and arbitration.65
Apart from alternative dispute resolution
the so-called ‘small claims’ procedures are
also relevant for the further development
of cross-border dispute resolution. Small
claims procedures are a middle ground
between formal litigation and ADR procedures. While a form of formal litigation, the
small claims process is cheaper, faster and
less formal than traditional formal
litigation and therefore more accessible.
Despite a generally high level of consumer
protection guaranteed by legislation,
problems encountered by consumers are
often left unresolved. e reason for this is
that it is often difficult for consumers to
exercise their rights. A lack of knowledge
about their rights and a language barrier
play an important role in this regard, but
also the fact that legal proceedings are
often expensive and/or time consuming
play a prominent role. In many cases the
costs and time involved in legal proceedings
actually outweigh the loss a consumer
incurs as a result of a problem with an
online transaction. is undermines the
trust in (cross-border) e-commerce, since
consumers feel they do not have access to
effective remedies.
63
4.1 Current legal framework
e current legal framework for alternative
dispute resolution (ADR) and online
dispute resolution (ODR), is still primarily
governed by the national law of member
states. As such, there is no common legal
framework for ADR and ODR in the EU,
rather the efforts of the EU have focussed
on promoting the use of ADR and ODR.
e European Consumer Centres’ Network (ECC-net) 2010 Annual Report.
64
Proposal for a Directive of the European Parliament and the Council, on alternative dispute resolution for
consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on
consumer ADR, COM/2011/0793 final - 2011/0373 (COD), Explanatory Memorandum.
65
Hörnle, J. (2002), Online Dispute Resolution in Business to Consumer E-commerce Transactions', in: e
Journal of Information, Law and Technology (JILT) 2002(2).
24
Article 17 of the e-Commerce Directive
requires member states not to hamper outof-court settlement of disputes through
national law, but does not provide a legal
framework harmonising the use of ADR
and ODR. e Commission has also adopted two Recommendations on ADR in 1998
and 2001.66 While these Recommendations
do set out quality criteria for ADR entities,
they have no binding legal force.
Specifically to stimulate the use of
mediation, a Directive on certain aspects of
mediation in civil and commercial matters
was adopted in 2008.67 e Directive
establishes common rules in the Community on a number of key aspects of civil
procedure and provides the necessary tools
for the courts of the Member States to
actively promote the use of mediation,
without making mediation compulsory or
subject to specific sanctions.68
Apart from the legal framework for ADR
and ODR there is also a framework for
small claims procedures. e European
small claims procedure applies in crossborder litigation to civil and commercial
matters where the claim does not exceed
2,000 euro.69
Finally, in the area of formal litigation the
EU has also taken steps to improve access
to the courts in cross-border disputes, for
instance by adopting a Council Directive
establishing minimum common rules rela-
ting to legal aid for cross border disputes.70
4.2 Barriers
Even though both retailers and consumers
who have used ADR schemes are positive
about the costs, speed, flexibility and userfriendliness, ADR is not yet used extensively in cross-border dispute resolution.
Several legal barriers that hamper the
further uptake can be identified.
Awareness
Although not a legal barrier per se, from the
consumer perspective a lack of aware-ness
on the existence of ADR and ODR
mechanisms is perhaps the most important
reason for not using them in cross-border
disputes. In 2010, only 5% of European
consumers took their case to an ADR entity
and only 9% of businesses report ever
having used ADR.71 Because there is no
common and harmonised legal framework
for ADR and ODR, raising awareness on
ADR schemes effectively has proven to be
difficult.
To raise awareness and facilitate the use of
ADR and ODR schemes, the ECC-net was
established. Although the ECC-Net plays an
important role in helping consumers to find
the relevant ADR entity, most con-sumers
are unaware of its existence.72 Moreover,
the CPC Network (a network of national
66
Commission Recommendation 98/257/EC on the principles applicable to the bodies responsible for the outof-court settlement of consumer disputes, OJ 115, 17.4.1998; and Commission Recommendation 2001/310/EC
on the principles for out-of-court bodies involved in the consensual resolution of consumer disputes, OJ 109,
19.4.2001.
67
Directive 2008/52/EC Of e European Parliament And Of e Council of 21 May 2008
on certain aspects of mediation in civil and commercial matters.
68
Background Document Workshop On Alternative Dispute Resolution For Consumers In e European Union,
Vienna -‐ 23 February 2006.
69
Regulation (EC) No 861/2007 of the European Parliament and of the Council of 11 July 2007 establishing a
European small claims procedure.
70
Council Directive 2002/8/EC of 27 January 2003 to improve access to justice in cross-border disputes by
establishing minimum common rules relating to legal aid for such disputes.
71 EuroBarometer
300, p. 76.
72 www.ecc-net.eu..
25
enforcement authorities) is also not used to
its full potential.
be clear which ADR entity is competent for
a given case. Furthermore, if ADR is to be
successful, cross-border differences in the
levels of consumer protection from country
to country (and thus from ADR entity to
ADR entity) will mean legal uncertainty and
rising costs of compliance for retailers.
From the perspective of the consumer, one
level of consumer protection within the EU
is also preferable, as a uniform level of
protection means there are no ADR entities
that offer less protection than that of other
ADR entities or the local court of the
consumer.
Fragmentation
If and when consumers are aware of the
existence of ADR and ODR as alternatives
for traditional formal litigation, they are
often unable to find or select the
appropriate entity. Because there is no
common, harmonised legal framework for
ADR and ODR in Europe, the ADR and
ODR landscape has become highly fragmented. Currently, there are over 750 ADR
entities in Europe, all governed by different
national legal regimes. Many of these ADR
and ODR schemes are only competent in
specific business sectors, only cover a
specific territory and/or only apply to a
specific group of goods or services. is
fragmentation has generated complexity,
which has had an adverse impact on the
efficiency of ADR and dissuades consumers
and businesses from using them.
Enforceability
e fact that many ADR and ODR schemes
are not binding in nature is a barrier, particularly from the consumer perspective.
When a retailer does not comply with the
verdict of the ADR entity, the consumer
still faces the prospect of litigation. is
may lead to the idea that ADR/ODR is a
waste of time and effort. erefore, to
counterbalance the weaker position of the
consumer, Consumer organisation BEUC
argues that an ADR scheme should be
voluntary for consumers, but binding for
businesses.73
Trust
Whereas the 1998 and 2001 Recommendations on ADR set out general criteria for
ADR entities to meet, the lack of a
harmonised, enforceable legislation on the
requirements for ADR entities means that
it is difficult for both consumers and retailers to establish whether an ADR entity is
competent and whether it meets the
standards of quality, impartiality and
fairness. Any doubts about the quality
criteria that ADR entities meet will undermine trust in ADR.
Flexibility
Flexibility, speed and efficiency are the
greatest benefits of ADR. A possible barrier
for the use of ADR and ODR systems is that
they will become less flexible if there are
too many legal requirements. It is therefore
essential to find a balance between legal
certainty and flexibility. In particular
businesses argue that ADR/ODR systems
should be as flexible as possible and not
mandated through EU law.74
Applicable law and harmonisation
A prerequisite for the successful operation
of a pan-European ADR system from the
perspective of the retailers is that it must
73
Alternative Dispute Resolution, European Commission’s Consultation, BEUC response , 15 March 2011.
74
Alternative Dispute Resolution, European Commission’s Consultation, EMOTA response, 15 March 2011.
26
4.3 Developments
One of the actions under the Digital
Agenda for Europe is the creation of an
improved framework for ADR and ODR.
Under its proposal for a consumer programme for 2014-2020 the Commission
aims to strengthen the use of ADR and
ODR through amongst others, funding and
awareness campaigns.75 To strengthen and
harmonise the legal framework for ADR
and ODR, the Commission has proposed a
Directive on ADR and a Regulation on ODR
on 29 November 2011.76 e goal of the
Commission is to tackle the issue of fragmentation and ensure that EU consumers
can solve their problems without going to
court, regardless of the kind of product or
service that the contractual dispute is about
and regardless of where they bought it in
the Single Market. For consumers shopping
online from another EU country, the Commission wants to create an EU-wide single
online platform, which will allow to solve
contractual disputes entirely online within
30 days.
for resolving on-line the disputes concerning purchases made online in another EUcountry. is single European point of
entry will automatically send the consumer’s complaint to the competent national
ADR entity and facilitate the resolution of a
dispute within 30 days.
Both the Directive and the Regulation are
set for adoption in late 2012. Member
States will have 18 months to implement
the ADR Directive. is means that ADR
options should be available everywhere in
the EU in the second half of 2014. e
single EU-wide platform for online dispute
resolution will become fully operational six
months after that deadline (i.e., in early
2015), as its operation requires the setting
up and upgrading of out-of-court entities
where needed.
4.4 Interim conclusions
A lack of harmonisation of the current legal
framework governing the out-of-court
settlement of disputes has led to a
fragmented ADR and ODR landscape.
Although more than 750 different ADR
schemes currently operate in Europe, their
success is mainly limited to a national
context. Fragmentation has led to a lack of
awareness and difficulties for consumers
and businesses to choose the appropriate
system for their cross-border disputes.
Despite the harmonisation of rules for ADR
via a new Directive and the creation of a
new ODR system via a Regulation will
strengthen the uptake out-of-court settlement of disputes, the fact that legislation
governing contracts and civil procedure still
diverge across Europe presents difficulties
for further uptake of ADR and ODR.
e ADR Directive aims to ensure that
quality out-of-court entities exist to deal
with any contractual dispute between a
consumer and a business. Under the proposal, ADR entities will have to meet
certain quality criteria (i.e., they have to be
well-qualified, impartial, transparent,
effective and fair), businesses will have to
inform customers about the ADR entity
which can deal with a potential contractual
dispute with them, and ADR entities will
resolve the disputes within 90 days.
e Regulation on ODR will create a EUwide online platform providing consumers
and businesses with a single point of entry
75
Proposal for a Regulation of the European Parliament and the of the Council, on a consumer programme
2014-2020, Brussels, 9.11.2011 COM(2011) 707 final.
76
Proposal for a Directive of the European Parliament and the of the Council, on alternative dispute resolution
for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on
consumer ADR); and a Proposal for a Regulation of the European Parliament and of the Council on online
dispute resolution for consumer disputes (Regulation on consumer ODR).
27
28
5 Data protection
e processing and the protection of
personal data form a key aspect of the legal
framework for cross border e-commerce. A
legitimate, secure, safe and free flow of
personal data in the private and public
sector both within and between Member
States increases trust in cross border ecommerce and stimulates economic activity
on the Digital Internal Market.
collected for specified, explicit and
legitimate purposes and not further
processed in a way incompatible with those
purposes (article 6b). e Directive also
determines that personal data has to be
adequate, relevant and not excessive in
relation to the purposes for which they are
collected or processed (article 6c), as well as
accurate and kept up to date, erased or
rectified where necessary (article 6d). All
data should be kept in a form that permits
identification of data subjects for no longer
than necessary (article 6e). Furthermore,
the Data Protection Directive demands
that personal data may only be processed if
the data subject has unambiguously given
his consent or if data processing is
necessary for a selected number of grounds
(article 7).
5.1 Current legal framework
e cornerstone of European data
protection legislation is Directive 95/46/EC
(Data Protection Directive). However,
several provisions in other directives also
deal with data protection and informational privacy. Relevant for the topic of
cross-border e-commerce are direct marketing and data breaches.
Personal data protection
e Data Protection Directive applies to
almost all forms of online retail in the EU,
because of the nature of any online
transaction: the retailer needs a certain
amount of personal data to deliver the
order, to send the invoice, to have contact
with the consumer, to process the
payment, or even before a transaction: so
that visi-tor’s to his web shop can register
for a personal account.
Besides principles safeguarding data quality
and legitimate processing, the Data
Protection Directive also requires the
controller to inform the data subject about
his identity, the way personal data is
handled (article 10), for instance in a
‘privacy policy’ and his rights to object to
processing of his personal data (article 12).
In addition, the controller is obliged to
implement appropriate technical and
organisational measures to protect
personal data (article 13) and to notify the
national supervisory authority about his
data processing (article 18).
e Data Protection Directive determines
that all data, directly or indirectly
identifying a natural person, is personal
data. e Directive establishes several
obligations on the ‘controller’ of personal
data. A controller for instance has the duty
to ensure that personal data is processed in
a proper and careful manner (article 5) as
well as fairly and lawfully (article 6a). In
addition, personal data must only be
Article 28 of the Data Protection Directive
establishes that every Member State shall
have at least one independent, national
supervisory authority that is responsible
for monitoring the application of the
Directive. Article 29 of the Data Protection
Directive sets up a Working Party (the so-
29
called article 29 WP). e Article 29
Working Party has an advisory status and
acts independently and has the liberty to
determine if draft Community codes and
amendments or extensions to existing
Community codes are in accordance with
national provisions adopted pursuant to
the Directive. Besides the Article 29 WP,
the Commission has also established two
other EU bodies. Regulation (EC) No
45/2001 of the European Parliament and
of the Council of 18 December 2000
establishes the European Data Protection
Supervisor (EDPS). EDPS is an independent
supervisory authority that monitors the
application of the data protection principles following from the Data Protection
Directive to all processing operations
carried out by EU bodies and institutions.
objection from the consumer”.77 e eCommerce Directive also contains a provision that regulates the use of personal data
for direct marketing purposes: Member
States must “take measures to ensure
that service providers undertaking unsolicited commercial communications by
electronic mail consult regularly and
respect the opt-out registers in which
natural persons not wishing to receive such
commercial communications can register
themselves”.78
e most relevant provision for direct
marketing, however, is found in the ePrivacy Directive’s provision on unsolicited
communications. It requires that the use of
e-mail for direct marketing is only allowed
when subscribers have given their prior
consent (opt-in).79 Also of importance is
the addition in article 13.2 that
determines, in short, that when a business
has received the email address of a
customer in the context of the sale of a
product or service, that business may
(re)use this email address for direct
marketing of its own similar products or
services, provided that customers are
clearly and distinctly given the opportunity
to object (opt-out).
Direct marketing
Directive 2002/58/EC of the European
Parliament and of the Council of 12 July
2002 concerning the processing of personal
data and the protection of privacy in the
electronic communications sector (the ePrivacy Directive), together with Directive
2000/31/EC of the European Parliament
and of the Council of 8 June 2000 on
certain legal aspects of information society
services (e-Commerce Directive’) and Directive 97/7/EC of the European Parliament
and of the Council of 20 May 1997 on the
protection of consumers in respect of
distance contracts (the Distance Selling
Directive) regulates the use of personal
data for direct marketing purposes.
Data breach notification
Directive 2009/136/EC of the European
Parliament and of the Council of 25
November 2009 amending Directive
2002/22/EC, Directive 2002/58/EC and
Regulation (EC) No 2006/2004 (Citizens
Rights Directive) provides a structure for
notifying the competent authorities and
individuals concerned in case of a breach of
security leading to the accidental or
e Distance Selling Directive determines
that techniques of distance communication
“may be used only where there is no clear
77
Article 10, paragraph 2, Directive 97/7/EC.
78
Article 7, paragraph 2, Directive 2000/31/EC.
79
Article, paragraph 1, Directive 2002/58/EC.
30
unlawful processing of personal data (a
personal data breach).80
5.2 Barriers
Although the Data Protection Directive was
drawn up in a time when the use of
personal data and the possibilities for
automatic processing of personal data were
far more limited than in today’s Internet
society, few Member States or interest
groups explicitly advocate a fundamental
change to the structure of the Directive.83
Having said that, there are significant
difficulties with the Data Protection
Directive that in practice have led to
barriers for both businesses and
consumers. Member States like for
instance Austria, Sweden, Finland and the
UK have raised questions with regards to
the provisions on applicable law, sensitive
data, the right of access, notification and
data transfers to third countries.84
Furthermore, stakeholders from the
private sector (retailers and consumers)
have raised issues with Data protection
legislation in Europe.
In short, the data breach notification
ensures that providers of publicly available
electronic commu-nications services shall,
without undue delay, notify a personal data
breach to its competent national authority.
When the breach is likely to adversely
affect the personal data or privacy of the
subscriber or individual, the provider shall
also notify the subscriber or individual
without undue delay.81
e Commission emphasises that, although
the notification requirements are limited to
security breaches that occur in the
electronic communications sector, the
interest of users in being notified is not
limited to the electronic communications
sector. erefore, explicit mandatory notification requirements should become
applicable to all sectors at Community level
as a matter of priority.82
Fragmentation
When it comes to the cross-border flows of
personal data, the main point of criticism is
that due to differences between the
implementation in different Member
States, data protection legislation has
become highly fragmented.85 Particularly
businesses complain that disparities
prevent multinational organisations from
developing pan-European policies on data
protection. It is noted that divergences may
also occur from correct implementation by
Profiling
A topic that has gained significance over
the past years is the issue of profiling. In
particular the use of cookies for
‘behavioural targeting’ has become a hot
issue. Directive 2009/136/EC updates the
rules on the use of cookies and other
methods to track and monitor users for
commercial purposes. Under the Directive,
the use of cookies requires the consent of
the user.
80
Article 2, paragraph 1, Directive 2009/136/EC.
81
Article 2, paragraph 4, Directive 2009/136/EC.
82
Recital 59, Directive 2009/136/EC.
83
EMOTA, EMOTA’s Response to the European Commission’s public consultation on the legal framework for the
fundamental right to protection of personal data, December 2009; and First report on the implementation of the
Data Protection Directive” (COM (2003) 265).
84
First report on the implementation of the Data Protection Directive” (COM (2003) 265).
85
EMOTA, EMOTA’s Response to the European Commission’s public consultation on the legal framework for the
fundamental right to protection of personal data, December 2009; Report from the Commission of 15 May 2003
[COM(2003) 265 final, First report on the implementation of the Data Protection Directive (95/46/EC).
31
a Member State but result from a different
choice of direction within the margin of
appreciation allowed by the Directive. e
national differences in the approach to data
protection stand in the way of a flexible
and simplified regulatory system and are
therefore of concern (for example the differences in the notification requirements).
Articles 10 and 11, on the provision of
information to data subjects were found to
show a number of divergences as a result of
incorrect implementation.
tasks of which enforcement actions had ‘a
rather low priority’. Data Protection
Authorities in many Member States report
to be concerned about their lack of
resources. ey also mention a low level of
compliance by data controllers. ey argue
that data controllers are reluctant to
undertake changes to comply with complex
and burdensome rules, when the risks of
getting caught seem low. e apparently
low level of knowledge with data subjects of
their rights also does not help compliance.88
Enforcement
Apart from differences in the actual
implementation of the Directive in
national law, differences in enforcement
within the Member States are also an issue.
Within the current legal framework, the
national Data Protection authorities cooperate with each other and coordinate
within the Article 29 Working Party, but
still have a lot of room to interpret the
(national implementations) of the Data
Protection Directive.86 In practice, this
leads to diverging interpretations of the
law and approaches to enforcement.
Applicable law
e most criticised provision is article 4
regarding the applicability of national law.
Many stakeholders, particularly from the
perspective of business argue for a ‘country
of origin’ rule. is would allow multinational organisations to operate with one
set of rules across the EU.89 While the
article 29 Working Party has published an
Opinion on Applicable law that provides
guidance, in practice questions concerning
applicable law still form a barrier to crossborder trade.
ere is also criticism on the enforcement
of the Data Protection Directive. Significant shortcomings in the application and
the enforcement of existing rules at
national level are noted.87 Enforcement
efforts are under-resourced and data
protection authorities have a wide range of
Vagueness
Because of the technology neutral approach
of the Data Protection Directive, there is an
inherent ‘vagueness’ in the provisions of
the Data Protection Directive. While this
has allowed the Data Protection Directive
to stand the test of time, it has also led to
86
Report from the Commission of 15 May 2003 [COM(2003) 265 final, First report on the implementation of
the Data Protection Directive (95/46/EC).
87
EMOTA, ‘EMOTA’s Response to the European Commission’s public consultation on the legal framework for
the fundamental right to protection of personal data’, December 2009.
88
Report from the Commission of 15 May 2003 [COM(2003) 265 final, First report on the implementation of
the Data Protection Directive (95/46/EC).
89
Report from the Commission of 15 May 2003 [COM(2003) 265 final, First report on the implementation of
the Data Protection Directive (95/46/EC).
32
legal uncertainty, in particular for data
control-lers. Examples include the
interpretation of the notion of ‘personal
data’ and what constitutes ‘consent’,
particularly in online scenarios.90
policies has increased, a majority of EU
citizens are still very much concerned
about data protection issues, particularly as
to whether organi-sations that held their
personal data handled this data
appropriately.92
Administrative burdens & compliance costs
Since the Data Protection Directive sets
forth rules on privacy for data controllers,
there are compliance costs and administrative burdens involved. ese costs rise
significantly when data controllers operate
in different EU member States.91 In
particular requirements such as registering
data processing activities in national
registries place a burden on data controllers.
Also, the vast majority of citizens have low
levels of awareness on data protection,
such as data subject rights, special legal
protection for sensitive data and the
existence of national data protection
authorities. Many European Internet users
feel uneasy about the use of their personal
data on the Internet and are concerned
about any provisions that would allow
authorities to relax data protection laws.93
Recent reports show that individuals still
demand more and better personal data
protection and continue to feel an
increasing loss of control over their
personal data.94
Apart from the general rules on data
protection, many online retailers also fear
that with the introduction of stricter rules
on the use of cookies, compliance costs will
rise further.
5.3 Developments
Privacy and data protection are the topic of
a lively public debate within the EU. e
European Parliament for instance, has
repeatedly called for strengthening
individuals’ rights, further advancing the
internal market dimension and ensuring
better enforcement of data protection rules
and strengthening the global dimension of
data protection.95
Awareness
Albeit not so much a legal obstacle, it
should be noted that, although the Data
Protection Directive aims to deliver a high
level of protection, most individuals
actually consider the level of protection a
minimum and a vast majority of
individuals believe there is insufficient
awareness on data protection. Even though
confidence in organisations’ data privacy
90
Article 29 Working Party, Opinion 4/2007 on the concept of personal data (WP136); and Article 29 Working
Party, Opinion 15/2011 on the definition of consent (WP187).
91
Rambøll Management (2005), Economic Evaluation of the Data Protection Directive 95/46/EC, Final Report, May
2005, p. 7.
92
Data Protection in the European Union, Citizens’ perceptions, Analytical Report, the Gallup Organisation, 2008.
93
Data Protection in the European Union, Citizens’ perceptions, Analytical Report, the Gallup Organisation, 2008.
94
European Commission, Summary of replies to the public consultation about the future legal framework for
protecting personal data, Brussels, 4 November 2010.
95
Report on a comprehensive approach on personal data protection in the European Union (2011/2025(INI),
Committee on Civil Liberties, Justice and Home Affairs, Rapporteur: Axel Voss, 22 June 2011.
33
General Data Protection Regulation
e most recent development with regard
to the legal framework for personal data
protection is a new proposal for a General
Data Protection Regulation.96 e new
regulation will be important for crossborder e-commerce, because it brings a new
level of harmonisation into the legal
framework for the processing of personal
data, as well as a stronger focus and
safeguards for the rights of data subjects.
Protection Board is to harmonise enforcement efforts throughout the EU.
Because of the major changes to the
current legal framework, a draft version of
the proposal was met with quite some criticism.97
Data breach notification
e Citizens’ Rights Directive introduced a
data breach notification for providers of
public communications network services.
Although some Member States are still
implementing the Citizens' Rights Directive’s data breach notification into national
law, there are examples of countries that
have already implemented data breach
notification systems into national law.
e proposal for a General Data Protection
Regulation aims to strengthen the legal
position of the consumer by broadening
the scope for personal data and definition
of the data controller and changing the way
data subjects give consent.
While the General Data Protection
Regulation will retain the logic and
structure of the Data Protection Directive
it is nevertheless a significant overhaul of
the current legal framework. It introduces,
amongst other things: the notion of
‘privacy by default’, the requirement of
prior consent for all direct marketing
purposes, the so-called ‘right to be
forgotten’ and the right to data portability.
Furthermore, the accountability of the data
controller is significantly enhanced, and
new and severe sanctions, remedies and
liabilities are introduced.
For instance, Germany implemented an
obligation to issue a data breach notification in the Federal Data Protection Act in
September 2009. e law applies to bank
and credit card data, telecommunications
data and data collected online, data related
to criminal offences and other particularly
sensitive data. In Spain, data controllers
have to draw up a security policy that
amongst others contains a provision
related to a procedure of notification and a
register in case of incidents that effect
personal data. e United Kingdom’s
Information Commissioners Office (ICO)
has issued a guideline on notification of
data security breaches.
e structure for enforcement will also be
changed. e Data Protection Regulation
aims to strengthen the position of the
national supervisory authority (the Data
Protection Authority) and introduces a new
entity: the EU Data Protection Board. One
of the primary roles of the EU Data
Although there is no general data breach
notification obligation as of yet, the ICO
does advise to report data breaches. e
Irish DPA holds a Code Of Practice that
includes provisions regarding the notifi-
96
Proposal for a Regulation of the European Parliament and of the Council, on the protection of individuals with
regard to the processing of personal data and on the free movement of such data (General Data Protection
Regulation), COM(2012) 11/4 Draft.
97
Out-Law (2012), EU data protection Regulation may not be finalised until March, January 13th 2012 (via:
http://www.out-law.com/en/articles/2012/january-/eu-data-protection-regulation-may-not-be-finalised-untilmarch-/).
34
cation of data subject in case of a breach.
Finally, the Netherlands has a concept data
breach bill under consultation. e bill
would expand the scope of the data breach
notification obligation to all data controllers.
levels of protection for European citizens,
the Directive it is not without its problems.
Differences between national implementations of the Data Protection Directive
lead to rising compliance costs and
administrative burdens for data controllers, hampering cross-border trade.
To create a uniform system for data breach
notification, the draft General Data
Protection Regulation also includes a data
breach notification obligation for all data
controllers.
is problem is magnified by different
approaches to enforcement by national
Data Protection Authorities. Furthermore,
limited awareness about the rights and
obligations under the Data Protection
Directive undermines consumer trust.
5.4 Interim conclusions
Personal data processing is an integral and
essential part of (cross-border) ecommerce. erefore trust in the fairness,
legitimacy and security of data processing
is of vital importance for the success of
(cross-border) e-commerce. While the
introduc-tion of a uniform, harmonised
European system in 1995 has strengthened
the internal market and provided higher
To truly harmonise data protection in
Europe, a new proposal for a General Data
Protection Regulation has been released
recently. is proposal shows an ambitious
framework for the future of data
protection of Europe. However given the
far-reaching implications for data controllers, an earlier draft was met with quite
some criticism.
35
36
6 Electronic signatures
Secure, reliable, user friendly and interoperable electronic signatures and identification an authentication measures are
necessary for the further development of
cross-border e-commerce within the European Digital Single Market. Although
e-identification and e-authentication mechanisms are already widely used in the
governmental and banking sector (for
instance, the use of tokens for online
banking), their use in other economic
sectors is still in its infancy. e electronic
signature is hardly used in electronic
commerce.
creation device (a so called ‘qualified electronic signature’). It also defines the
requirements for certification-service-providers issuing qualified certificates. e
main provisions of the Directive are set out
in article 5. Paragraph 1 under a stipulates
that a qualified electronic signature
satisfies the legal requirements of a
signature in relation to data in electronic
form in the same manner as a handwritten
signature satisfies those requirements in
relation to paper-based data. Article 5
paragraphs 1 under b and 2 provide that
electronic signatures are admissible as
evidence in legal proceedings.
6.1 Current legal framework
Directive 1999/93/EC of the European
Parliament and of the Council of 13
December 1999 on a Community framework for electronic signatures (the Electronic Signature Directive) establishes a
(minimum) harmonised legal framework
for the recognition of electronic signatures
and for certain certification services. e
Directive entered in to force on 19 January
2000 and its provisions had to be
implemented into national law by Member
States by January 1 2004. e Electronic
Signature Directive aims to strike a balance
between consumer and business needs.
Following the Electronic Signature Directive the European Commission has adopted
several directives and decisions, such as
Commission Decision 2000/709/EC that
sets out the criteria that Member States
should take into account when designating
national bodies to evaluate the conformity
of secure signature-creation devices.
Commission Decision 2003/511/ EC
provides the references of three generally
recognised standards for electronic signature products that presume compliance
with the qualified electronic signature.
Directive 2006/123/ EC of the European
Parliament and of the Council of 12
December 2006 on services in the internal
market (the Services Directive, also known
as the Bolkestein Directive) aims to establish a single market for services within EU.
e Electronic Signature Directive defines
three types of electronic signatures; the
(basic) electronic signature, the advanced
electronic signature and the advanced
electronic signature based on a qualified
certificate created by a secure-signature-
37
Official European standardisation bodies
such as the European Telecommunications
Standards Institute (ETSI) and the European Committee for Standardisation (CEN)
have adopted guidelines and standardisation documents (a CEN Work-shop
Agreement is called a CWA), such as for
signature creation,98 verification of electronic signatures,99 signature format100 and
signature policies.101
wording, which in turn leads to divergences
in national law and/or divergences in the
practical application of the rules. Most of
the barriers are related to areas in which
the Directive has apparently left a margin
of appreciation and where diverging
implementations have caused market disruptions.102
Also seen as significant obstacles are the
heterogeneous approach to security
requirements, the unclear terminology in
the Electronic Signatures Directive and
heterogeneous terminology in national
legislations, insufficient harmonisation of
profiles of qualified certificates and the lack
of an EU list of signature equipment
formally recognised as ‘secure signature
6.2 Barriers
Since the Electronic Signatures Directive
entered into force, several aspects have
been identified as problematic.
Divergences and legal uncertainty
Most problems can be attributed to
(mis)interpretation of the Directive’s
98
CWA 14170 and CWA 14172-4.
99
CWA 14171 and CWA 14172-4.
100
ETSI TS 101 903, ETSI TS 101 733, ETSI TS 102 904 and ETSI TS 102 734.
101
ETSI TS 102 038, ETSI TR 102 041, ETSI TS 102 045 and ETSI TS 102 272.
102
Study for the European Commission, DG Information Society, ‘e legal and market aspects of electronic
signatures, Legal and market aspects of the application of Directive 1999/93/EC and practical applications of
electronic signatures in the Member States, the EEA, the Candidate and the Accession countries’, Final Report,
September 2003.
38
creation devices’. e divergent interpretations of what is meant by the ‘sole
control’ of the signatory (article 2.2) and
the missing of legal provisions on signature
verification and validation are also deemed
problematic.103 e technical demands that
electronic signatures have to meet should
be clear and the same in all Member States.
larger interoperability challenge than
technical and operational business
issues.106 e electronic signature is perceived as expensive and complex to use.
Liability
An issue that also has a significant impact
on cross-border interoperability of electronic signatures is the undefined legal
status of signature validation, the liabilities
of validation service providers and heterogeneous financial liability for qualified
certificate issuance.107 is leads to legal
uncertainty, especially in cases of transactions requiring the exchanges of documents and when claims need to be
certified.108
Recognition, interoperability and
standardisation
e mutual recognition and cross-border
interoperability of e-signatures are seen as
o b s t a c l e s .104 T h e l a c k o f p r e c i s e
requirements and standards within the
Directive leads to different interpretations
in Member States, resulting in
incompatible applications and interoperability problems.105 Specific interoperability or security aspects should be
taken into consideration to advance the
usage of electronic signatures, identification and authentication through mobile
devices. It is suggested that standardisation
problems and legal barriers (including
liability rules) are currently perceived as a
Supervision
Some impact on the cross-border interoperability of electronic signatures is
assigned to the heterogeneous status and
roles of the national security certification
bodies (art. 3.4), lack of a common
approach to the supervision of providers
issuing qualified certificates to the public
(art. 3.2) and ambiguities between super-
103
European Commission, Information Society and Media Directorate-General, Public consultation on electronic
identification, authentication and signatures in the European digital single market, Overview of responses,
Brussels, Ares 2011 – 951235, Augsust 2011; Report from the Commission to the European Parliament and the
Council - Report on the operation of Directive 1999/93/EC on a Community framework for electronic
signatures, COM/2006/0120, final; Study on the standardisation aspects of eSignature, A Study for the
European Commission (DG Information Society and Media), by SEALED, DLA Piper and Across
communications, Final Report, November 2011; Study on Cross-Border Interoperability of eSignatures
(CROBIES), Head Document, A report to the European Commission from SEALED, time.lex and Siemens, Final
Report, July 2010.
104
Report from the Commission to the European Parliament and the Council - Report on the operation of
Directive 1999/93/EC on a Community framework for electronic signatures, COM/2006/0120, final.
105
Study on the standardisation aspects of eSignature, A Study for the European Commission (DG Information
Society and Media), by SEALED, DLA Piper and Across communications, Final Report, November 2011.
106
European Commission, Information Society and Media Directorate-General, Public consultation on electronic
identification, authentication and signatures in the European digital single market, Overview of responses,
Brussels, Ares 2011 – 951235, Augsust 2011; Study on Cross-Border Interoperability of eSignatures (CROBIES),
Head Document, A report to the European Commission from SEALED, time.lex and Siemens, Final Report, July
2010.
107
European Commission, Information Society and Media Directorate-General, Public consultation on electronic
identification, authentication and signatures in the European digital single market, Overview of responses,
Brussels, Ares 2011 – 951235, August 2011.
108
A Pan-European framework for electronic identification, authentication and signature, 2011.
39
vision and accreditation (art. 3.2 and
2.13).109
a central list of links to the national list,
Decision 2009/767/EC was updated in
2010 to facilitate the automated use of
trusted lists and to further enhance trust in
them and ETSI has updated its standard on
trusted lists (TS102 231) in 2009. A study
into the mutual recognition of e-signatures
for e-government applications in Europe
has been concluded. Research into the
feasibility of a European federated esignature validation service has been
carried out. e study finds that a
European system may be difficult to
implement and suggested that solving
validation issues require a revision of the esignature Direc-tive.
Costs and complexity
While costs and complexity are not by
definition a legal issue, the legal framework
cannot solve this problem. In particular the
costs and complexity associated with the
use of qualified electronic signatures
discourages retailers from using these
mechanisms. Oftentimes, cheaper and
easier methods for identification and
authentication (for instance federated
identification) suffice in the context of
cross-border e-commerce.
6.3 Developments
Since the introduction of the e-Signatures
Directive steps have been taken to better
facilitate the uptake of electronic signatures in Europe.
Other Action Plan points are still being
worked on. Decision 2003/511/EC, containing three generally recognised standards, is being updated by CEN. Also, the
Commission has mandated CEN and ETSI
in 2010 to rationalise e-signature
standards (due 2014). e Commission has
forward-ed the draft proposal for
implementation guidelines for e-signatures
to the European Standardisation
Organisations for consider-ation. A
Commission Decision on common
signature formats that aims to ensure that
Points of Single Contact will be able to
handle incoming signatures from other
Member States, is being negotiated.
Finally, a federated approach to validation
is currently being tested in the context of
the PEPPOL project.110
e Commission has adopted several
Decisions to clarify or give more
harmonisation to the legal framework
regarding electronic signatures. Commission Decision 2009/767/EC concerns the
use and acceptance of electronic signatures
through the points of single contact under
Article 8 of Directive 2006/123/EC and the
establishment, maintenance and publiccation of trusted lists (containing the
minimum information related to the
certification service providers issuing
qualified certificates) by Member States.
With its Action Plan on e-signatures and eidentification of 2008, the Commission
aimed to remove interoperability barriers
by increasing trust and user friendliness of
e-signatures and e-identification. Several of
the Action Plan’s points have currently
been fulfilled. e Commission has created
In the meantime the Commission
published its Digital Agenda for Europe in
2010. Listed as the ninth action is the
revision of the Electronic Signatures
Directive. e Commission, recognising
109
European Commission, Information Society and Media Directorate-General, Public consultation on electronic
identification, authentication and signatures in the European digital single market, Overview of responses,
Brussels, Ares 2011 – 951235, August 2011.
110
See: http://www.peppol.eu.
40
that electronic identity technologies and
authentication services are essential for all
kinds of online transactions, aims to
establish cooperation between EU Member
States to create electronic identity systems
that work at a European level. Commission
Decision 2011/130/EU establishes minimum requirements for the cross-border
processing of documents signed electronically by competent authorities under
Directive 2006/123/EC.
6.4 Interim conclusions
e success of electronic signatures as a
means for trust in cross-border ecommerce has been limited. is is mainly
due to the vagueness in the current legal
framework, limited interoperability costs
and complex-ity associated with the use of
electronic signatures.
It is found to be important that any new
legislation remains technology neutral,
strives to avoid acting as a barrier or a
slowing factor in developing new or improving existing solutions, and focuses on
services that are likely to be used in crossborder scenarios where mutual legal
recognition and clear legal effect generate a
certain added value. Practical guidance
based on good standards in addition to
legislation is also important to ensure that
the rules of the internal market can be
correctly and homogeneously applied.112
Finally, in its recently released Communication on the Digital Single Market, the
European Commission proposes new
legislation to ensure the mutual recognition of electronic identification and
authentication across Europe, as well a
revision of the Electronic Signatures
Directive.111
111
Commission staff working paper, ‘Online services, including e-commerce, in the Single Market’,
accompanying the document, ‘Communication from the Commission to the European Parliament, the Council,
the European Economic and Social Committee and the Committee of the Regions, ‘A coherent framework to
boost confidence in the Digital Single Market of e-commerce and other online services,’ {COM(2011) 942}
{SEC(2011) 1640}.
112
European Commission, Information Society and Media Directorate-General, Public consultation on electronic
identification, authentication and signatures in the European digital single market, Overview of responses,
Brussels, Ares 2011 – 951235, August 2011.
41
Conclusions
Retailers and consumers experience legal
difficulties when it comes to cross-border
e-commerce in areas such as the rules for
online contracting, consumer protection,
dispute resolution, data protection and
the use of e-signatures. Most of these
issues arise from the fact that the legal
frame-work in Europe is still a patchwork
of national laws and regulations.
Divergences exist not only in areas which
have not been regulated by EU law (e.g.
general contract law), but also in areas
which have been partially harmonised at
Union level on the basis of minimum
harmonisation (e.g. consumer protection
law). is has left room for different
national approaches to legislation.
Differing legal regimes and interpretations of supervisory bodies throughout
Europe further raise the costs of
compliance for retailers and undermine
the trust of consumers in cross-border ecommerce.
harmonisation or are drafted in the form
of a Regulation. Further harmonisation
will likely address many of the current
issues that act as barriers to the further
growth of cross-border e-commerce. ere
are, however, drawbacks to further
harmonisation. e fear, in particular
from the perspective of the consumer, is
that full harmonisation will trigger a ‘race
to the bottom’, possibly lowering
consumer protection standards in many
countries to meet the consensus point.
For SME’s a lack of harmonisation usually
means that they do not engage in crossborder e-commerce. Whereas large
companies and multinationals do engage
in cross-border e-commerce, the lack of
har-monisation means high costs of
compliance and administrative burdens.
Oftentimes these multinationals start up
localised operations, thereby avoiding the
burdens and pitfalls of cross-border trade.
To consumers, uncertainty about their
rights usually means that they prefer not
to buy goods or services across the border.
To improve the current situation, there
are different legislative proposals in the
works. What many of these proposals
share is that they aim for maximum
42
43
© Copyright 2026 Paperzz