House of Commons - Trade and Industry

Select Committee on Trade and Industry Tenth Report

VI NEW CHALLENGES

100. As well as generating new policy debates — on encryption, for instance — electronic commerce introduces new dimensions to many existing debates, including in relation to taxation, intellectual property rights and consumer protection. The issues raised by electronic commerce in each of these cases are not entirely original, but the speed with which transactions can be completed electronically, the scope for individual consumers to engage in such transactions, the potential anonymity of such transactions and the ease with which cross-border trade can be conducted on-line all serve to call into question the adequacy of existing arrangements. One consideration, above all others, is common to all of the issues discussed below. Electronic commerce is inherently global, implying that individual countries cannot legislate for their own taxation, intellectual property and other regimes independently of the rest of the world. As an example of this trend, Mr Reed of the Centre for Commercial Law Studies, Queen Mary and Westfield College, cited the UK's restrictions on the advertising of financial services which were now daily infringed by the websites of financial services firms established overseas.[259]Global discussions relating to electronic commerce have begun in a variety of fora to reflect the need for worldwide solutions; the results of failure to achieve international agreements, for instance in relation to data protection, have already manifested themselves. Electronic commerce is eroding national, and regional, boundaries in many different policy areas.

Taxation

101. The Government has set out four broad principles which it believes should be applied to the taxation of electronic commerce, namely that taxation should be:[260]

technology-neutral, so that the means by which a transaction is conducted does not influence the way in which it is taxed
certain and transparent
effective, so that double-taxation and unintended taxation are avoided and the risks of evasion minimised
efficient, in order that compliance costs are minimised.

Other Governments, most notably the US Administration, have evinced similar principles.[261]

102. In its written memorandum to us, the Government said that "there is no need for major changes to existing rules, or for the introduction of new taxes" to deal with electronic commerce in the short run but that changes to national and international tax rules might be needed thereafter.[262] The Chartered Institute of Taxation echoed these remarks, stating that "the present UK tax system will cope satisfactorily with electronic commerce...we do not think any new powers are required".[263] Witnesses from the business world tended to support the Government's principles and oppose new taxes on electronic commerce.[264] Inland Revenue and HM Customs and Excise have issued a joint paper outlining the potential tax implications of electronic commerce.[265] These include:

the treatment of services, including software, music and other "goods" capable of being downloaded from the internet, for VAT purposes, when sold to consumers over the internet[266]
whether payments made to download and make use of copyrighted material from the internet should be taxed as royalties, and how such taxation can be collected
the relevance of the concept of the place of permanent establishment for non-residents in relation to electronic commerce.[267]

103. We received some helpful memoranda on the practical problems posed to the tax authorities by electronic commerce,[268] including a useful exchange of correspondence between Derek Wyatt MP and Dawn Primarolo MP, Financial Secretary, HM Treasury.[269] Ms Primarolo's letter makes a number of important points:

although the taxation of goods ordered over the internet but delivered by traditional physical means might be complicated, such goods cannot normally escape taxation levied on goods bought off-line and, in the case of goods ordered over the internet from abroad, would often also be liable for customs duty
tax due on "goods" which are downloaded from the internet can be difficult to collect. In the case of such "goods" provided by firms outside of the EU and downloaded by persons not registered for VAT purposes, there is currently no practical means of collecting the tax due
Although "the internet makes it easier for residents of the UK to buy goods and services from overseas companies which do not have a presence in the UK sufficient to require them to pay corporation tax" UK firms might have increased opportunities to sell overseas and, thus, "there could be an overall increase in our tax revenues" resulting from increased electronic commerce.

104. The complications to national taxation rules resulting from electronic commerce might encourage some firms to exploit potential loopholes — for instance, by registering the permanent establishment of their websites or internet businesses in low-tax environments, such as the Channel Islands, or by attempting to avoid such registration altogether. Mr Wyatt's letter raised this possibility, by citing the example of a car ordered from a firm registered in the Cayman Islands.[270] Witnesses were generally sanguine about the possibility of the internet assisting wide-scale tax avoidance, although concerns have been expressed in relation to betting and gaming duties.[271] Mr Reed, of the Centre for Commercial Law Studies, Queen Mary and Westfield College, told us that "there is now a bookmaker operating out of Alderney offering UK citizens the opportunity to bet on horse races free of betting tax".[272] The Betting Office Licensees' Association sent us a memorandum outlining some of their concerns with regard to internet gambling.[273] We welcome the Government's indication that it will play an active role in the international efforts to safeguard national taxation revenues from a proliferation of low-tax or tax-free internet gambling facilities.

105. Mr Agar, Deputy Director General of the Confederation of British Industry told us that he was "fairly confident" that international agreement, at least between the US and EU, could be reached on a framework for dealing with tax issues.[274] The OECD is the main forum for negotiations on international tax issues and much work was done prior to the October 1998 Ottawa conference, when a two-year programme of future work was agreed.[275] Witnesses have identified the taxation of international sales of "goods" delivered over the internet to private consumers as the major impediment to agreement being reached.[276] Mr Reed described this issue as "a nightmare", from which he could not see an escape at present.[277] Problems with the levying of sales taxes on electronic transactions are particularly acute in federal countries, including the US, where differing local tax regimes may operate. The EU has begun consulting with businesses about the VAT treatment of electronic commerce.[278] APACS told us that one proposal was for VAT to be collected by credit card companies as payment transactions are processed, but this raised practical concerns, as well as questions of security and privacy which we discussed with the Data Protection Registrar.[279]

106. The world's major economies broadly agree on the principles which should underpin the taxation of electronic commerce. The US Internet Tax Freedom Act 1998, for instance, prevents new taxes on electronic commerce, such as a "bit" tax on the volume of information flowing over the internet, from being introduced for three years and established a federal commission to examine local and federal tax policies in the US.[280] We discussed the future work of the Commission during our recent visit to the US.[281] Rapid progress in reaching agreement on how the international tax system should be adjusted to take account of electronic commerce is unlikely, however. The issues are not only complicated but, especially in relation to sales taxes, solutions are hoped for rather than expected to be found. There is also a danger that the broad principles which it is agreed should underpin the taxation of electronic commerce might be undermined by compromises and agreements reached on issues which, although minor in themselves, have unintended and unwelcome cumulative effects. The slow pace of policy development might prove advantageous, in that it could ensure any agreement reached is not overtaken by technological developments or unforeseen consumer trends. We would welcome frequent updates from the UK tax authorities on progress made on reaching international agreements in this area.

Intellectual Property Rights

107. The CBI told us that "digital technologies and e-commerce, by their nature, threaten effective intellectual property rights (IPR)" and many witnesses stressed the need for the existing IPR regime to be adapted to cope with the on-line environment.[282] Intellectual property rights are essential components of an economy in which knowledge and information are used to generate wealth.[283] Copyright is the intellectual property right potentially most at risk from the development of digital and on-line technologies, because of the "ease with which material can be disseminated via the new networks (and used or copied)".[284] The Government told us that it would also be assessing the practical consequences of electronic commerce for other intellectual property rights, including patents and designs.[285]

108. The Computing Services and Software Association reminded us that digitisation, rather than the growth of electronic commerce, had made piracy and other IPR infringements much easier to accomplish.[286] It argued that, although the internet could be used to distribute pirate copies of software and music, electronic commerce could also have the opposite effect, for instance by making it easier to get hold of software from manufacturers.[287] The need for IPR protection to be updated to deal with the effects of digitisation has meant that, at the international level, much work has already been done. Two IPR treaties were agreed under the auspices of the World Intellectual Property Organisation in 1996 and further work there is continuing.[288] IPRs are also seen as a "strategic part of the comprehensive work programme on electronic commerce agreed at the second WTO ministerial council".[289]

109. The WIPO treaties have yet to be ratified by the UK, and will not be until the amended draft EU Directive on Copyright and Related Rights in the Information Society is agreed and transposed into national law, although the Government has indicated that the possibility of the amended draft Directive being implemented by 30 June 2000, as planned, is "an increasingly unrealistic goal".[290] The Government told us that "UK copyright law already provides a sound basis to meet the challenges of new technology" but that it broadly welcomed the clarification and European harmonisation offered by the amended draft Directive.[291] The Post Office, however, described the draft Directive as "controversial, as it would change existing copyright law unnecessarily, and would not make any provision for future flexibility".[292] Several points of controversy have been raised during consideration of the proposed directive and we received a number of memoranda about these, particularly including the status of incidental copies of web pages stored temporarily by internet service providers which it was feared might be held to infringe copyright.[293]

110. Another issue often raised with us, both during our inquiry and in the US, concerned the extent to which internet service providers should be held liable for material posted on the websites and newsgroups they hosted.[294] This issue is touched upon by the amended draft Copyright directive and the draft Legal Aspects of Electronic Commerce directive.[295] Several recent court cases have complicated matters, particularly in relation to whether or not service providers can be held responsible for IPR infringements.[296] Service providers have argued that their role is akin to telephone companies, which are not held liable for the messages they carry, whereas rights holders have insisted that internet firms should be treated in the same way as conventional publishers.[297] This is an extremely serious issue where legal clarity is urgently required — one US internet firm told us that it would pull out of the European markets if the directives were unduly biased towards rights holders. We welcome the Government's commitment to ensuring that a "fair balance is achieved between rights holders and users": once that has been achieved at European level it must be swiftly transposed into UK law in order to clarify the present legal position in several vital areas.

111. The Competitiveness White Paper included an IPR Action Plan which made reference to several initiatives which the Government would pursue in relation to electronic commerce.[298] These included "stronger protection for software-related inventions". The UK recently hosted "a major international conference on ways to protect computer software" which is expected to lead to a draft EU directive on the harmonisation of EU patent laws as they relate to software.[299] The Post Office emphasised the importance of this issue, arguing that "the difficulty of obtaining a patent in the UK for computer software deters inventors from seeking protection they would gain as a matter of course in the United States, and this leaves UK businesses at a competitive disadvantage."[300]Another aspect of the IPR Action Plan was a proposal to "introduce a worldwide system for electronic trading in IPR". This system would enable the Patent Office to "accept electronic filings and payments relating to international applications, prepared according to internationally agreed standards, and to forward applications and payments electronically to WIPO and the European Patent Office".[301]

INTERNET DOMAIN NAMES

112. Computers locate each other by means of unique Internet Protocol numbers, which may be long and not particularly memorable.[302] In order to assist users, Internet Protocol codes are converted into domain names — for instance, www.parliament.uk. These can allow internet users to link easily website addresses to physical organisations and facilitate passage around the internet by the use of bookmarks and intelligent guesswork.

113. The UK domain name system is run by a private firm — Nominet — with whom organisations must register to receive a UK website address (for instance, ending .uk). Until recently, the US system, which is responsible for the commercially attractive .com label amongst others, was operated by the US Government. This was a controversial arrangement, not least because of the complex, new trademark issues which have arisen in this area. There have recently been a number of cases involving organisations or individuals registering several internet domain names which have led to trademark infringement actions as well as genuine clashes between firms of the same name in different countries seeking to register the same domain name.[303]

114. The US Government issued a White Paper in June 1998 which set out proposals to transfer governance of the US internet domain system to a private firm. The European Union worked with the US Government to ensure that European interests were adequately represented in the new arrangement and, on 26 October 1998, the Board of Directors of the new body, the Internet Corporation for Assigned Names and Numbers, was appointed. We welcome the swift progress made in resolving tensions between the EU and US concerning the allocation of domain names.

Consumer Protection

115. Consumers must consider a number of issues when they purchase goods, particularly when transactions are not made face-to-face with the retailer.[304] In particular, consumers need to be confident that:

the goods they purchase match those described to them by the retailer
the retailer takes no more money from them than was agreed
any financial information imparted is secure from interception or from being passed on to third parties
the goods are safe and sound; and that if they are not they can be easily repaired or replaced
if ordered and paid for in advance, the goods will be delivered
if a dispute arises, the legal jurisdiction under which the transaction took place is clear and that access to redress is relatively easy.

116. In many respects, transactions which make use of a computer are no different from mail-order or telephone transactions. Existing consumer protection legislation has proved flexible in the face of challenges arising from such transactions, and new legislation has been introduced where thought necessary.[305] Electronic commerce transactions do pose some new challenges to existing consumer protection regimes, however, including:[306]

the increased possibility of fraud, for instance because of the ease with which internet sites can be established anonymously to sell fictional goods by order and then removed once it becomes obvious that the goods "sold" are not being delivered
the absence of a physical "real world" presence for some internet retail ventures, which can cause difficulties for consumers with complaints or requiring refunds or after-sales service
the difficulty of defining where a website is established for legal purposes and the ease with which cross-border transactions can take place, both of which can cause problems for consumers when disputes arise.

There are essentially two issues for the Government to address in relation to on-line consumer protection. First, how to protect the unwary from scams and rogue traders operating on the internet and, secondly, how to ensure that consumers can conduct transactions electronically in a clear and consistent legal environment, in which redress when things go wrong is as easy to obtain as it would be off-line.

117. In relation to the first issue, the Office of Fair Trading (OFT) told us that "dubious offers and scams will usually be accessible by anyone anywhere. Preventing such harmful practices raises various complex legal issues". The main problem is that rogue traders are likely to exploit the anonymity offered by the internet to the full, making it difficult to establish for sure the identity of the firm or individual responsible for a sharp practice. This problem is compounded by the possibility that the victim of the sharp practice may reside in a different country or even a different continent to the rogue trader.[307] International collaboration between regulatory authorities is essential to search out the perpetrators of scams and sharp practices. The OFT told us of the establishment of the International Marketing Supervision Network, which had undertaken two Internet Sweep Days to warn websites showing "dubious 'get rich quick' schemes and 'miracle' health claims that they needed to comply with the law".[308] Commendable though such activity is, we suspect that it catches only a small fraction of dishonest internet sites.

118. The second issue is being addressed primarily at EU level. The draft Legal Aspects of Electronic Commerce Directive aims to define the legal jurisdiction which will apply to electronic commerce transactions; when an electronic commerce transaction takes place; the place of establishment of internet businesses; and how effective redress can be secured.[309] The draft Directive has been broadly welcomed by UK businesses and consumer groups.[310] One significant controversy has concerned the question of which law applies in cross-border electronic transactions — the law of the consumer's home country, or that of the vendor's. The draft Directive envisages the vendor's domestic law applying to such transactions — the 'country of origin' principle — something many business organisations favoured.[311] The Consumers in Europe Group told us that this was contrary to the provisions of the OECD draft guidelines for electronic commerce and of the EU Council of Ministers Resolution on the Consumer Dimension of the Information Society. It argued that application of the 'country of origin' principle would force consumers "to rely on unfamiliar practices, or to make choices based not on the goods or services they are buying, but on the legal systems they are about to buy into".[312] Mr Reed of the Centre for Commercial Law Studies, Queen Mary and Westfield College, thought that the 'country of origin' principle might not be enforceable in UK courts.[313] Fears have also been raised that firms might seek to establish internet operations in the EU states offering the least stringent consumer protection standards if the 'country of origin' principle were introduced, and that states might compete to drop their consumer protection standards in order to attract businesses.[314]

119. DTI pointed out, in their response to the consultation exercise on the draft Directive, that if the 'country of origin' principle did not apply to electronic commerce transactions then firms would need to be aware of the legal provisions relevant to each member state of the EU.[315] Instead, if the Directive is agreed, then the burden will lie on consumers to understand the relevant law in each member state. Electronic commerce transactions, although often carried out in a consumer's home or work place, might have the same legal status as transactions made abroad, for instance when a consumer is on holiday, as a result of the implementation of the draft EU Legal Aspects of Electronic Commerce Directive. It is vital that, when buying on the internet, consumers are made fully aware of the jurisdiction under which the transaction is taking place. The development of a single EU electronic commerce market is likely to increase pressure for the harmonisation of consumer protection legislation. Such harmonisation must not involve any reduction in the level of protection currently offered to consumers by UK legislation.

120. Once it is established which law applies to transactions, consumers can face difficulties in obtaining effective redress. Application of the country of origin principle raises the unpalatable prospect for consumers of launching potentially costly legal actions in distant, foreign courts, using unfamiliar procedures. The National Consumer Council argued that "it is unrealistic to expect individual consumers to use resolution procedures in another country, possibly in a different language and based on an unfamiliar legal system".[316] The issue is further complicated by the existence of the Brussels and Lugano Conventions which are designed "to regulate civil and commercial disputes of a private nature between two parties in different states and to provide rules for the enforcement of judgements". These are under review and it has been suggested that they both should cover electronic contracts, possibly causing conflict with the provisions of the draft Directive.[317] It is not clear how these conventions, or the Rome Convention which establishes rules to determine which national laws should apply to contractual disputes, relate to the proposals made in the draft Electronic Commerce Directive.[318] The Directive places emphasis on voluntary arrangements to deal with redress, but these will clearly not be sufficient in every case.

121. The position with regard to consumer protection and redress is even less satisfactory when transactions take place between consumers in the UK and firms beyond the borders of the EU. The National Consumer Council said that "piecemeal initiatives" were being undertaken by OECD, the International Chambers of Commerce and others to draw up guidelines and codes of best practice relating to consumer protection in cross-border transactions, but these fall a long way short of formal procedures to protect consumers.[319] The NCC told us that "buyer beware" might be the most appropriate phrase to use in connection with electronic commerce, but this is hardly likely to encourage consumers to begin carrying out transactions on-line.[320]

122. The Government told us that "market solutions were developing which will go much of the way to giving consumers the confidence they need" including an "on-line digital hallmark" which was announced in the Competitiveness White Paper, and a recent Consumers Association initiative.[321] e centre^UK mentioned the increasing importance of codes of practice on websites.[322] The National Consumer Council stressed the importance of such self-regulatory initiatives. It told us that "there are very few instances where consumers actually seek legal redress in relation to...normal consumer transactions. The key thing for us is to get it right at the beginning, to make sure the best practice information is established. That might be best done with self regulation".[323] Consumers in Europe Group warned that self-regulation required procedures to handle cross-border disputes; the National Consumer Council argued that there was a need for "clearing houses at a national level", to pursue cross-border redress issues on behalf of consumers.[324] Whatever procedures are devised should be based on the principle that consumers are entitled to have timely and affordable access to mechanisms of redress when transactions go wrong.

123. Consumers are already, at least partly, protected from mistakes and mishaps when they purchase goods on the internet using a credit card. Under section 75 of the Consumer Credit Act 1974, credit card companies and traders jointly hold equal liability for claims in the event of errors, over and above an excess.[325] Several witnesses argued that the Act applied only to domestic transactions and needed to be explicitly extended to cover international transactions.[326] We asked DTI to clarify the legal position. We were told that "the impact of section 75 on overseas transactions is unclear and has not been clarified by the courts. We have no evidence that UK consumers are suffering any detriment at present and we have no plans to make any changes to the legislation".[327] It would appear that, although section 75 might not apply to overseas transactions, the credit card companies have voluntarily agreed to act as if it did and no case law exists to decide the issue. We recommend that, if any court was to decide that section 75 of the Consumer Credit Act 1974 did not apply to overseas transactions, then DTI speedily bring forward legislation to fill the gap.

124. International agreement is essential to deal both with sharp practices and the legal questions of consumer protection and redress arising from electronic commerce. Even at EU level, agreement on how to deal with these question has not been reached and the situation is confused. This may not yet have hindered the development of electronic commerce, which has, so far, been focused mostly on relatively simple goods, such as books and CDs, which might rarely give rise to disputes between buyer and vendor. Electronic trade in more complex products is more likely to be deterred by uncertainties as to what protection exists for consumers when things go wrong. At the very least, consumers need to know what rights they have when they engage in on-line trade, and how those rights can be exercised. We would expect DTI's forthcoming consumer White Paper to deal with these issues.

Trade Policy

125. The Second Ministerial Council of the World Trade Organisation (WTO), at Geneva in May 1998, called for the initiation of a work programme to examine all trade related issues connected to electronic commerce.[328] Such a work programme was adopted in September 1998.[329] It included an examination of the treatment of electronic commerce in the General Agreement on Tariffs and Services, the General Agreement on Tariffs and Trade, the Agreement on Trade Related Aspects of Intellectual Property Rights and related agreements, as well as development aspects of electronic commerce. Final reports on each of these issues are due to be submitted to the WTO's General Council by 30 July 1999.[330]

126. The Government told us that "it is not yet clear as to whether there is a case for developing a discrete set of WTO rules on e-commerce" and that there was "a reasonably close approach between the EU and the US on most of the issues".[331] One issue does divide the EU and US: whether or not certain "goods" delivered over the internet, particularly those with similarities to physical goods — such as text which could be converted into a book — should be treated as services, and therefore subject to the General Agreement on Tariffs and Services, or treated similarly to physical goods.[332] Neutrality between trade carried out on-line and off-line should be the key principle underpinning any future consideration of the relationship between electronic commerce and international trade rules.

DUTY

127. The WTO's 1998 Ministerial Council also resolved that electronic transmissions should not be subject to customs duties. As a consequence, music downloaded from an internet site based overseas can be purchased duty-free, while the same music recorded on a compact disc or other device and sent physically would probably incur duty.[333] This offends against one of the principles relating to the taxation of electronic commerce, namely that taxation rules should apply equally to on-line as to off-line commerce.[334] As with sales taxes, such as VAT, the difficulty with applying customs duties to electronic transactions lies in their collection: data messages do not stop at national borders in order for duty to be levied. The next WTO Ministerial Council, at Seattle in November 1999, will review the application of customs duties to electronic transactions; we have heard no arguments to suggest that the 1998 resolution should be changed or that, if it were, customs duties on electronic transactions could be levied successfully.[335]

128. Customs duties are levied on goods ordered electronically, but delivered physically. The imposition of such duties, and the time taken for goods to pass through customs procedures, can have a significant impact on customers' perceptions of the benefits of electronic commerce. Overseas goods may appear to be cheaper than those sold domestically when shown on a website, but once customs duties and potentially unpredictable cross-border delays are taken into account the advantages of purchasing over the internet may seem rather limited.[336] HM Customs & Excise have provided a useful on-line guide to how much duty and VAT would be due on importations of a range of consumer goods.[337] The Government told us that "electronic commerce will generate a large increase in small volume importation by consumers and small and medium sized enterprises of goods ordered electronically from overseas suppliers".[338] Such an increase may exacerbate cross-border delays, and also provide incentives for some countries to alter their customs rules in order to raise more revenue from trade generated by electronic commerce. During our visit to the US we were told that the customs authorities there were now showing more interest in the import and export of small packages due to the growth of internet retail. The potential benefits to consumers of buying cheaper goods from overseas using the internet might be lost if the duties levied and procedures followed by customs authorities fail to facilitate small cross-border transactions.

129. The Government stated in its written evidence that electronic commerce can "provide a major contribution to rationalising and simplifying trade procedures worldwide for conventional shipments" which will benefit the UK and other industrialised countries, as well as generating "particular gains for developing countries".[339] e centre^UK told us that "UK competitiveness requires further simplification and streamlining of trade procedures, especially customs procedures".[340] Within the UK, the Government cited the example of new procedures for applications for strategic export licenses, with which we dealt in our last Report on electronic commerce.[341] Internationally, the EU is pressing for trade facilitation issues to be included "prominently" in the next round of WTO trade negotiations.[342] We received details of several trade facilitation initiatives.[343] We would support the inclusion of trade facilitation procedures on the agenda of the next round of multilateral trade negotiations.

DEVELOPMENT

130. We have highlighted the potentially beneficial effects of electronic commerce on rural and remote areas of the UK and socially disadvantaged groups.[344] In both cases, traditional disadvantages — for example of location and mobility — can be overcome because electronic commerce may permit complex transactions to be undertaken without the parties involved needing to meet, and because the internet can make available a vast range of information to anyone with an appropriate telephone connection. These potential benefits of electronic commerce may also be applicable to developing economies. The primary constraint on the take-up of electronic commerce in developing countries at present is limited telecommunications infrastructure. This constraint could be overcome at a stroke by the advent of affordable mobile and satellite communications capable of facilitating internet connection, perhaps only a few years away.[345] Although the potential impact of electronic commerce on developing countries is part of the current WTO work programme, there is little work being done on this subject in other fora.[346] We recommend that the Department for International Development consider the contribution the UK can make to ensuring that developing countries benefit from the opportunities offered by electronic commerce.

Privacy

131. Electronic commerce is introducing new ways in which personal data can be communicated and collected. Electronic mail provides a new means by which people can be contacted; visits to websites can be monitored, and visitors' data collected, by software known as "cookies"; websites can deny access to visitors who have not previously registered their personal details with the firms that maintain them; similar registration procedures are often necessary before transactions can be conducted on-line; and personal information can be made available on newsgroups.[347] The Data Protection Registrar told us that "although the application of the technologies involved in e-commerce are new the data protection issues which arise are not".[348] The provisions of the Data Protection Acts 1984 and 1998 apply to the processing of personal data on-line as much as off-line.[349] Users should be clearly notified of what personal data is being collected from them and what might be done with that information; under the provisions of the 1998 Act, which is not yet in force,[350] data processors will need to demonstrate that they have legitimate grounds for collecting personal information.[351]

132. As the Data Protection Registrar pointed out in her written memorandum, "the nature of electronic commerce makes it easier for organisations collecting information via websites to provide effective notifications to the individual" about their data collection practices. Many websites contain privacy statements or automatically notify users that information is being collected, and for what purpose. The Data Protection Registrar has supported the OECD in the development of guidelines for organisations designing privacy policies and statements.[352] The infringement of data protection regulations can be difficult to detect, however, not least because of the ease with which data can be collected surreptitiously on-line.[353] Technology can work both for and against the protection of individuals' privacy in relation to electronic commerce. Some internet browsers can automatically detect and disable surreptitious data collection when individuals visit websites, although this might not stop such data collection occurring by other means. On the other hand, we heard of two recent cases of computer hardware and software being produced with unique serial numbers which might effectively prevent their users from remaining anonymous when engaged in electronic commerce.[354]

133. Privacy is a sensitive issue with consumers, particularly with those new to computer technology and electronic commerce. The Data Protection Registrar indicated that consumers would be deterred from undertaking electronic transactions if they were unsure of who had access to their data and how it might be used.[355] Privacy is closely related to security, the issue consistently identified by consumers and small and medium sized enterprise as their biggest concern about electronic commerce and use of the internet.[356] In our first Report on electronic commerce we dealt at length with the implications for law enforcement agencies and others of the increasing availability and use of encryption technology.[357] We heard the views of the Data Protection Registrar on the interaction between the security and privacy debates and were also informed of the efforts of Cyber-Rights and Cyber-Liberties (UK) to ensure that internet service providers establish privacy policies to govern their dealings with the law enforcement agencies.[358]

134. There is a delicate balance to be drawn between the need to protect the security of on-line transactions, including the privacy of the personal information communicated, and to allow law enforcement agencies access to data which might be valuable evidence in criminal prosecutions. In our last Report we indicated that the Government's encryption policy had tended to favour law enforcement interests at the expense of the security and privacy of on-line transactions. Although the Data Protection Registrar contributed to the debate of the Government's encryption policy proposals, we received the impression that she had been somewhat overlooked by DTI while those proposals had been discussed within Government.[359] We believe that the Data Protection Registrar has a vital role to play in ensuring that consumers understand what their rights are in relation to data protection,[360] and in monitoring market, policy and technological developments to warn and advise of changes which might encourage data protection infringements. We recommend that the Registrar make use of her powers to report to Parliament where necessary to draw attention to such developments. The Registrar's expertise on data protection issues should be exploited to the full by the Government while it is considering its policy proposals. As information increasingly becomes a key generator of economic growth and prosperity, the Data Protection Registrar's role will become ever more important. The Government must ensure that the Registrar has all the resources she requires to deal with the challenges she faces.[361]

GLOBAL DATA PROTECTION

135. While data protection standards are defined by statute in Europe, self-regulation and voluntary codes of conduct protect privacy on-line in the United States. Progress in introducing robust self-regulatory mechanisms has been slow, leading to a dispute between the US and the EU over cross-border information flows.[362] Principle 8 of the Data Protection Act 1998, which will implement the EU Data Protection Directive of 1995, "restricts the transfer of personal data to countries and territories outside the European Economic Area unless the third country can provide adequate safeguards for the data". The Act covers material placed on the internet but does not prevent information flows "with the consent of the consumer" or where necessary for the performance of a contract. The extent to which a safeguard is adequate will depend on "the circumstances in a particular case, such as the final destination of the data or whether or not the data is sensitive". The Data Protection Registrar told us that this provision "should mean that consumers are able to maintain some control over the final destination of their data". [363]

136. The Management Consultancies Association warned us that the new European data protection regime could cause uncertainties about the transfer of information abroad which might "constitute a major entry barrier particularly for small and medium sized enterprises wishing to enter the e-commerce market either in the UK or the rest of the EC". The Association also criticised the cumbersome nature of the procedures firms would be required to use in order to ensure that transfers abroad were legal.[364] The Data Protection Registrar challenged this interpretation of the implications of the legislation. She argued that any problems encountered by firms could be "readily solved by clearly telling individuals what will happen to their data and obtaining their agreement." This can be done on-line and we were told of initiatives underway to establish easy ways of publishing privacy statements on websites. The Registrar said that she would issue guidance on this issue shortly.[365] The European Commission has sought to reach an arrangement with the US Department of Commerce to reduce uncertainty about the circumstances in which data transfers to the US might infringe EU legislation, by the formulation of guidelines to US organisations — the Safe Harbor principles. These are likely to be finalised in the autumn.[366] The Data Protection Registrar warned that the Safe Harbor principles might not be able to guarantee that all data flows from the EU to the US meet EU data protection standards and that this would be something "we are going to have to keep an eye on".[367]

137. The fear of files of personal information being secretly collated on computer databases around the world, and then being used by Governments and big businesses, often lies at the heart of that suspicion and distrust of computerisation which exists. The Data Protection Registrar, and her European colleagues, are rightly concerned with combatting that fear by preventing firms abusing the personal information they receive from consumers. Protection of consumers' data, like the protection of their health and legal rights, must be vigorously defended by Government. Infringements of data protection standards cannot be excused by doubtful arguments that such standards are too expensive or complicated to defend.

259 Q263; Ev, p99 section 4; and Ev, p244 section 2 Back

260 Net Benefit, DTI, Oct 98, URN 98/895, p17; and Ev, p197 paragraph 4.19; we deal with the issue of customs duty in paragraphs 127-9 Back

261 Ev, p53 annex 1 paragraph A1.2 and Independent, 27 Feb 98, p11 but see Ev, p221 paragraph 30 on US plans for a digital stamp tax Back

262 Ev, p197 paragraph 4.21 Back

263 Ev, p270 Back

264 Ev, p27 paragraph 13, p110 section 8, p282, p304 question 1 Back

265 Electronic Commerce: UK Tax Policy, Inland Revenue and HM Customs and Excise, 6 Oct 98; an overview of the issues has also been provided by C. Anne Fairpo, The Tax Journal, 9 Nov 98 Back

266 There is an emerging consensus that, as far as their tax treatment is concerned, "goods" delivered over the internet should be regarded as services; see paragraph 126 for the debate concerning how such "goods"such be classified for trade purposes Back

267 See Ev, p268, p275 paragraph 3.10, p282 Back

268 For instance from the Chartered Institute of Taxation, Ev, pp267-70 and the British Bankers' Association pp274-5, section 3 Back

269 Ev, pp299-300 Back

270 Ev, p299 Back