Select Committee on European Union Fourteenth Report


251. The Part should be read in the context of the detail provided by Part 4, The e-commerce environment, and Part 5, What Governments are doing currently".

Security of e-commerce transactions via websites

252. Individual customers will only buy on the Internet if they are confident that their unseen purchases are of good quality,[98] their financial transactions are secure,[99] their personal data will be kept private[100] and they will be able to get redress in case of unsatisfactory performance.[101] There are a number of regulatory factors that are holding back consumers' confidence. These include uncertainty as to the law applicable to contracts concluded on the Internet (the "choice of law" question) and uncertainty as to the courts having jurisdiction in the event of a dispute (the "choice of forum" question). All EU Member States are parties to two Conventions (the Rome and Brussels Conventions) establishing uniform rules for determining the law applicable to contracts and the appropriate jurisdiction.[102] Both Conventions contain special rules on consumer contracts which enable consumers to rely on their local judicial systems and contract laws. There has been a lively debate, stimulated by the introduction of the e-Commerce Directive, as to whether rules designed for the "offline" world should continue to apply to the "online" world of electronic contracts.

253. The consumer provisions of the Brussels Convention enable consumers who have been targeted by means of a "specific invitation" or by advertising to sue on the resultant contract in their home State. The supplier of the goods or services may only sue in the consumer's home State (ie Country of Reception (CR)). The Commission has proposed converting the Brussels Convention into a Community Regulation based on Article 65 of the EC Treaty. This provision, introduced by the Amsterdam Treaty, envisages measures to promote "the compatibility of the rules applicable in the Member States concerning the conflict of laws and of jurisdiction". The proposed Regulation would make clear that the consumer provisions of the Brussels Convention also apply to e-commerce transactions, an approach advocated by the Commission Directorates responsible for consumer protection and justice and home affairs.

254. The e-Commerce Directive is based on the "country of origin" (CO) principle. This enables the providers of Information Society services to trade freely throughout the EU provided they comply with the law of the Member State in which they are established. This approach was strongly supported by Commissioner Liikanen's Chef de Cabinet, the majority of United Kingdom MEPs the Sub-Committee met and by many other witnesses. The principal advantage is that e-commerce businesses will not (except in some areas defined in the Directive) have to familiarise themselves with the different rules of law of the countries to which they are selling. But we understand that the Directive will have no effect on the application of the Brussels and Rome Convention provisions on consumer contracts. So, for example, in the event of a dispute arising from a contract concluded electronically, the consumer purchaser will still be entitled to commence legal proceedings in his or her own jurisdiction. In reality, few consumers are likely to do so given the potential costs involved, especially if the dispute concerns a relatively low-value transaction.

255. One option being considered to build consumer confidence in e-commerce transactions is the development of Alternative Dispute Resolution (ADR) procedures. The idea would be to provide consumers and businesses with swifter and cheaper means for resolving disputes without recourse to court proceedings. The e-Commerce Directive requires Member States to ensure that out-of-court schemes for the settlement of consumer disputes are available. But such schemes would not prevent the parties involved form resorting to legal action if necessary. We recognise that consumer confidence is an essential ingredient if e-commerce is to flourish. We also acknowledge that the risk for business of being sued in different jurisdictions might discourage small traders from advertising and selling their goods or services via the medium of the Internet. We believe that, at this early stages in the development of e-commerce transactions, the approach adopted in the e-Commerce Directive is the right one. The out-of-court settlement of disputes should be encouraged and we recommend that the EU continue to establish its ADR scheme as a matter of urgency and endeavour to adhere to its target date of October 2000. But an ultimate safeguard is needed where friendly solutions can not be reached. In such cases consumers need an assurance that, in the event of legal action, their own local courts will have jurisdiction.

256. Some organisations argued in favour of an e-commerce ombudsman system to provide another layer of redress for customers and industry, a national arbiter. They go on to suggest the appointment of an e-ombudsman in each Member State and an overall, co-ordinating EU ombudsman.[103] The Swedish government suggested a similar system.[104] We recommend that the Government consider appointing an e-ombudsman for the United Kingdom. We recommend that the EU consider the Swedish proposal for an EU "e-ombudsman".

257. One piece of evidence[105] summarised three major issues for website security: protecting consumers' personal data, denying access to those who should not be permitted access and authenticating the identity of those conducting transactions.

258. We recommend that the EU promote the establishment a voluntary international standard in website security, a standard which carries the same weight as other similar international standards such as ISO9000.


259. The Internet provides new and different opportunities for illegal activities which fall into the following general classes.

  • Fraud directed at B2C consumers. Many issues in this area have already been covered in the previous section of this Part. Most witnesses agree that this is largely an area where self-regulation can make a major contribution to the prevention of fraud. For example, ISPs or trademark associations can throw out rogue traders.[107] It is less of an issue where companies with strong brand names are concerned.
  • Fraud directed at B2C vendors by consumers. One simple answer to this is to require credit card companies to do more online checking of consumers.[108] This issue was covered in an earlier recommendation proposing that the EU and the United Kingdom Government should encourage credit card companies to take on wider responsibilities.
  • Misuse of consumers' personal data. The Data Protection Directive covers this and protection has potentially been extended to US vendors via the so-called "Safe Harbors" scheme.[109] In the US there has been an increasing concern over privacy: previously it was not an issue.[110] Problems in the US are because regulation rests at state not federal level.[111] "Cookies" (tiny data files that can be deposited on users' computers when they visit websites. They provide information which helps companies to track the activities and interests of visitors to their websites) may breach data protection law and some prosecutions are pending.
  • Misuse of Intellectual Property Rights (IPR). This has been highlighted as a major issue.[112] The Copyright Directive has come into being but evidence has suggested that it might not work as expected, changing the balance of power too much in the favour of content providers.[113]
  • Illegal activities which are not specifically related to e-commerce but which use the Internet as a channel. Money laundering and the sale of illegal substances are examples. The RIP (Regulation of Investigatory Powers) Bill currently before Parliament is the means chosen by the United Kingdom government to combat these activities. (See paragraph 263)
  • Harmful content eg pornography. Various organisations have been set up to monitor the availability of this sort of material on the Internet.[114] They have built up valuable expertise. US witnesses pointed out that while the Internet has created problems it has also provided solutions: the recovery rate of missing and exploited children is now much improved.[115]
  • Hacking and denial of service. This has been a problem much in the news during the conduct of the Inquiry, for example with the "I Love You" bug. However, witnesses from ISP companies were strongly of the opinion that they were able to protect themselves and their customers adequately.[116] The US government has set up a private sector group to consider what needs to be done.[117]
  • We recommend that the United Kingdom Government take advantage of the expertise which exists in certain independent monitoring organisations to address the issue of harmful content. However, we also recommend that the Government takes steps to ensure that such organisations conform to the principles of good regulation as laid down by the Cabinet Office's Better Regulation Task Force.
  • We recommend that the United Kingdom Government should lead co-ordinated action, similar to that which the US government has already begun, involving close liaison with industry, against hacking and denial of service attacks.

260. Some witnesses believed that enforcement rather than legislation is the main problem.[118] Although existing laws can be applied to the Internet they were not intended for the extensive cross-border trading that is now taking place. Resorting to the law could be a slow and difficult process.

261. A further problem was revealed in evidence from the UK police body entrusted with combating Internet-based crime.[119] Little is known about the extent of Internet-based crime because no statistics are collected. This can be explained partly by the fact that it is difficult to distinguish Internet-based crime from ordinary crime. Barclaycard, for example, do not distinguish between the two. However, ACPO stated that the reason statistics were not collected was that Internet-based crime was not part of the priorities set by Government for the Police Service. ACPO also pointed out the more positive fact that Internet technology can help to solve crime. The technology makes it possible to trace back "up the pipe" to identify perpetrators. The witnesses pointed to the Dutch Police as being experts in this field.

262. We recommend that in the United Kingdom all police forces develop their capabilities for countering Internet-based crime and develop a close association with industry in order to take advantage of emerging technology. We recommend that the United Kingdom Government consider how to collect and analyse statistics relating to the perpetration of Internet-based crime.

The Regulation of Investigatory Powers (RIP) Bill

263. The perception of industry[120] and US observers[121] is that this legislation adversely affects the way e-commerce is conducted in the UK.

264. Opposition to the draft Bill is based mainly on five charges:

  • it is not technology neutral and will therefore be ineffectual;
  • it imposes extra costs on ISPs;
  • it is widely perceived as illiberal and therefore damaging to the prospects for e-commerce in the UK;
  • it offers comfort to the guilty and works against the principle of the presumption of innocence; and
  • it is untimely.

265. The Regulation of Investigatory Powers Bill, as originally drafted, requires some, but not all, ISPs to fit equipment to their servers which would permit passive surveillance by the law enforcement agencies. It also empowers these authorities to demand encryption keys under certain specific circumstances. The Bill has been heavily amended in Parliament but still encounters strong opposition from industry and civil liberties lobbies.

266. Failure to surrender encryption keys carries the threat of two years' imprisonment. People guilty of more serious crimes could plead to this lesser charge and receive a shorter sentence. Concern had been expressed about shifting the onus of proof onto those genuinely unable to locate encryption keys. It had been suggested that this would reverse the customary principle of the presumption of innocence. The Government has added safeguards; these have now been accepted.

267. Rapid changes in technology are a feature of the Internet. The demand that businesses surrender encryption keys will promote technologies which build new cryptographic systems where the keys are demonstrably destroyed after a single use.

268. The Government is offering to share costs for the installing and operating of surveillance equipment.[122]

269. Opponents have questioned the need for this Bill at this time.[123] It might have been better to move in concert with other major e-commerce countries. The Government points, however, to the Netherlands Telecommunications Act, 1998, and the Resolution on the Lawful Interception of Telecommunications adopted by EU Member States on 17 January 1995. This contains an annex setting out the "Requirements" of law enforcement agencies.[124]

270. Clearly, there is a justifiable need for legislation to counter serious crime and terrorism over the Internet. On balance, however, we have found that the continuing adverse perception of the Bill has weakened the impression that Government understands and supports the e-commerce-based sector and has threatened the Prime Minister's objective of making "the UK the best environment in the world for e-commerce". This highlights the need to proceed with careful consideration of all aspects of legislation impacting upon industry, especially in a rapidly changing technological environment. Wider and earlier consultation would have been helpful in this case. A more patient development of an agreed international approach to common legislation might have been helpful in the longer run.

Digital divide

271. Concern has been expressed by a variety of witnesses that e-commerce will create a digital divide between rich and poor, educated and uneducated, able-bodied and disabled people and old and young.[125] However, the evidence has been varied and, sometimes, conflicting. One witness[126] predicted a digital divide of massive proportions. Some US witnesses reported counter-intuitive outcomes where present have-nots had adapted well to e-commerce and improved their social and economic situations.[127] New US analysis[128] demonstrates that access was "almost exclusively income-related": the findings were that there was an 80 per cent take-up amongst people with incomes of over $75,000. "The divide looks more like a lag".

272. So, although most witnesses are predicting a digital divide, there is uncertainty as to its exact nature. Both the EU and the United Kingdom Government are committed to universal access and the avoidance of a digital divide but it is not clear how this is to be achieved and by which technologies. Digital television seems to have great potential for creating genuinely wide access yet its development has been slow.

273. We recommend that the EU and the United Kingdom Government consider how universal access can be met and by which technologies. In particular we recommend that they consider the following questions with regard to Internet access via digital television:

  • Why is it taking so long to become available?
  • Why is it so difficult for a consumer to gain this access?
  • Why is it so costly?
  • How can it be rolled out as quickly as possible?
  • How can it be extended to those who are, at present, excluded?

274. We recommend that both the EU and the United Kingdom Government should monitor, on a continuous basis, the impact of e-commerce on the digital divide in order to be able to respond quickly and flexibly to the needs for policy adjustments if and when they arise.

275. We recommend that the United Kingdom Government should ensure that privileges associated with Internet usage apply equally to all sections of society. For example, the right to transfer mobile telephone numbers should extend to pay-as-you-go subscribers.

276. The witness for DIEL,[129] representing disabled people, was confident that there was a good economic case for developers of Internet equipment and services to design-in the requirements of disabled people from the outset. However, he was concerned that the speed of e-commerce development might result in such niche markets being bypassed. He was also concerned that automated telephone access systems should always include an option of access to a human being. Citing the impact of the Disability Discrimination Act, DIEL take the view that legislation is important and that the United Kingdom Government should refuse to trade electronically with companies that do not subscribe to laid down e-commerce provisions for disabled people. It is not just a question of ensuring that disabled and elderly people are not disadvantaged by e-commerce. New technologies can positively help in creating a level playing field for these groups, reducing the barriers they face.

277. We recommend that both the EU and the United Kingdom Government should encourage the adoption of and adherence to the principles of good design practice for disabled people by the manufacturers of Internet equipment.

278. A particular problem may relate to young people from deprived areas who, upon leaving school, no longer have access to the Internet.

279. We recommend that the United Kingdom Government should identify the needs for continued training and personal e-commerce development after school, especially for those who do not immediately secure a job or take a job which does not involve e-commerce. They should then work with other groups, such as the private sector, schools and voluntary groups, to ensure that appropriate training is made available.

280. The digital divide also seems to be gender based. Evidence to the Sub-Committee has shown a disparity between male and female use of the Internet.

281. We recommend that the United Kingdom Government consider working with women's groups, such as the National Women's Commission, to achieve balanced usage of the Internet.


282. Tax has been identified as a major issue—the major issue according to some witnesses[130]—but it is currently surrounded by great uncertainty. This arises mainly because taxation has traditionally been determined by geography but this basis is less tenable for e-commerce. The problems relate principally to B2C although there are some technical issues for B2B. Some of the issues are:

  • There is no requirement to pay tax on digitised products.[131]
  • VAT is not paid on goods imported from outside the EU. E-commerce makes it easy for companies to locate their websites outside the EU and therefore avoid their customers having to pay VAT. At the time of writing EU legislation is being enacted to force e-businesses operating from outside the EU to register within the EU for VAT payment.
  • Within the EU VAT rates differ from country to country within agreed bands. This raises the possibility that companies will register in or relocate to the country with the lowest rate, currently Luxembourg. Or, countries might compete to offer the lowest rate.

The situation is also unresolved in the US where Sales Tax is not collected over the Internet. This is not a major issue whilst e-commerce is at relatively low levels but it is likely to become a major issue in the future.[132] US witnesses recognised that a wholly new approach to taxation may be necessary. Various solutions have been suggested including a form of VAT and general taxation[133] For the United Kingdom it has already become clear that tax revenues have been lost as a substantial amount of betting activity has moved offshore.

283. The United Kingdom should recognise the difference which e-commerce can make to taxes on goods and services. We note that the work currently being undertaken by Inland Revenue on this issue is, as monitored by the E-Envoy,[134] "on track". So far as the application of VAT to e-commerce is concerned, we recommend that the Government reflect carefully on the implications of the Communication from the Commission to the Council and European Parliament for a "Strategy to improve the operation of the VAT system within the context of the Internal Market".

284. The ability of e-businesses to move location suggests that international tax treaties will become a priority.[135]

285. We recommend that the United Kingdom Government should press OECD to achieve an internationally agreed implementation of the framework for the taxation of e-commerce agreed at the 1998 Ottawa Ministerial Conference.

286. However, it is also possible for technology to solve the problem that it has created. Technology is available with the potential to monitor trading and deduct tax instantaneously.[136]

287. We recommend that the United Kingdom Government should explore the development of technologies which can replace bureaucracy in the collection of e-commerce related tax.


288. IR35 is a tax regulation which was introduced to counter a situation in which in some companies employees were re-designated as self-employed sub-contractors even though the nature of their work had not changed. Unfortunately, the regulation affects the genuinely self-employed entrepreneur too. e-Commerce depends to an increasing extent on skilled and creative practitioners. There is already a shortfall in the numbers of such people, both in Europe and in the United States. Nations are competing to attract and to hold these skilled people. The Government's imposition of IR35, which strikes directly at the self-employed IT specialist, lowers the attractiveness of the United Kingdom as a market for such skills.

289. We recommend that the Government keep under review the operation of IR35 so as not to impede the development of new e-commerce companies.

98   Consumers in Europe Group (CEG), p 423. Back

99   Adhocracy Consulting Ltd (UK & AUS) and DIT Solutions (UK) Ltd, p 388. Back

100   National Consumer Council (NCC), p 490. Back

101   Many witnesses stressed the need for this. See Part 8, Regulation, for more details.  Back

102   The Rome Convention on the law applicable to contractual obligations 1980, implemented in the United Kingdom by the Contracts (Applicable Law) Act 1990, and the Brussels Convention on jurisdiction and the enforcement of judgments in civil and commercial matters 1968, implemented in the United Kingdom by the Civil Jurisdiction and Judgments Act 1982. Back

103   Barclays, p 230 Back

104   Ministry of Industry, Employment and Communications, Stockholm, Sweden, p 482. Back

105   Check Point Software Technologies Ltd, pp 408-411. Back

106   "Cybercrime" is a new word which loosely covers illegal activity on the Internet. This includes traditional, offline illegal activity which uses the Internet as well as illegal activity which arises from the medium. Back

107   Much evidence supported this view including First Tuesday (p 20) and Freeserve plc (Q 530). AOL in the US, however, stated that they had shifted their position slightly in the direction of regulation (Appendix 5). Back

108   Digital Exchange, p 441. Back

109   There has been an agreement between the EU and the US, not fully ratified at the time of writing, that websites verified (by whatever means) as being "safe" in the US will be deemed safe in the EU, and vice versa. (Dr Robert Shapiro, Under Secretary for Economic Affairs, US Department of Commerce, "Information Technology, the Internet, and Influence on the World Economy", speech at the 593rd Wilton Park conference 'e-Commerce Governance', 21-23 February 2000.) Back

110   ibidBack

111   European Informatics Market (EURIM), Q 292. Back

112   Clifford Chance Limited Liability Partnership, p 94. Back

113   Freeserve, Q 557. Back

114   Internet Watch Foundation (IWF), p 461. Back

115   The Honorable Donald Upson, Appendix 5. Back

116   AOL, BT and Mr Bob Litan, Appendix 5. Back

117   Andy Pincus, General Counsel, US Department Of Commerce, Appendix 5. Back

118   AOL, Q 146; European Informatics Market (EURIM), Q 291; and ICL, Q 142. Back

119   Association of Chief Police Officers (ACPO) Computer Crime Working Group, Q 425. Back

120   Mr Charles Clarke MP, Q 1373. Back

121   See Esther Dyson, on, at time of publication, and Lord Lucas, HL Deb vol. 614, no. 113, col. 953. Back

122   Mr Charles Clarke MP, Q 1373. Back

123   Lord Cope of Berkeley, HL Deb vol. 614, no. 113, col. 956. Back

124   See also Mr Charles Clarke MP, Q 1384. Back

125   OFTEL Advisory Committee on Telecommunications for Disabled and Elderly People (DIEL), p 84; Post Office p 501; Royal National Institute for the Blind (RNIB), p 513; Telecommunications Managers Association (TMA), p 522; and Trades Union Congress (TUC), p 526. Back

126   Professor Ian Angell, Q 2. Back

127   Dr Robert Shapiro, Under Secretary for Economic Affairs, US Department of Commerce, "Information Technology, the Internet, and Influence on the World Economy", speech at the 593rd Wilton Park conference 'e-Commerce Governance', 21-23 February 2000. Back

128   ibid and Appendix 5. Back

129   OFTEL Advisory Committee on Telecommunications for Disabled and Elderly People (DIEL), Q 330. Back

130   World Internet Forum (WiF), Q 459. Back

131   Clifford Chance Limited Liability Partnership, Q 381. Back

132   Dr Robert Shapiro, Under Secretary for Economic Affairs, US Department of Commerce, "Information Technology, the Internet, and Influence on the World Economy", speech at the 593rd Wilton Park conference 'e-Commerce Governance', 21-23 February 2000. Back

133   Dr Michael I Shamos, Q 696. Back

134, at time of publication Back

135   Dr Michael I Shamos, Q 701. Back

136   Dr Michael I Shamos, Q 697. Back

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2000