University of New South WalesFaculty of Law - Information Technology Law


C y b e r s p a c e - l a w


Electronic Commerce: Legal and Consumer Issues

Chris Connolly

Director, Electronic Money Information Centre

This paper was presented at the CyberLaw Conference
(Business Law Education Centre), Hilton Hotel Sydney, on 1 April 1998


Electronic Money Information Centre (EMIC)

EMIC is a new consumer organisation, which undertakes research and advocacy in relation to smart cards, electronic commerce and Internet banking from the consumers' perspective. EMIC is an initiative of the National Consumer Trust Fund.

GPO Box 846
Sydney NSW 2001
tel (02) 9262 4237
fax (02) 9262 4151
emic@socialchange.net.au
http://policynet.socialchange.net.au

This paper is a public document and may be reproduced, in whole or in part, with appropriate attribution.


  • 1 Introduction
  • 2 Consumer Confidence
  • 3 Financial system regulation and electronic commerce
  • Case Study 1: Regulation of Internet investment advice and prospectuses.
  • Case Study 2: Smart Cards
  • Appendices
  • Some useful references
  • Some useful sites

  • 1 Introduction

    The development of electronic commerce poses a number of legal and consumer challenges. In Australia, we are seeing a convergence of new technologies and the deregulation of the financial sector. At a time of great change consumers need to be protected, and the law is struggling to keep up.

    Industry and Government recognise that legal protection for consumers who use electronic commerce will assist in the development of consumer confidence in this new way of doing business.

    This paper examines the legal and consumer issues raised by electronic commerce, and summarises the responses that have been proposed.

    This paper provides an overview of a number of emerging, generic, technologically neutral consumer protection principles that could form the basis for the legal protection of consumers who participate in electronic commerce. Seven different sets of 'principles' are summarised in this paper, to display the emergence of a possible core set of consumer protection principles in this field.

    The paper also includes two broad case studies.

    1.1 Is electronic commerce taking place?

    There are numerous forms of electronic commerce both on the Internet, (including virtual shopping, stock-broking, banking, retail transactions and investment advice), and in "real life" (mainly through smart card developments).

    A number of surveys have been conducted which show that electronic commerce began slowly on the Internet, but is now accelerating rapidly. A good site for information on electronic commerce surveys is the cyberatlas emoney site at:

    http://www.cyberatlas.com/emoney.html

    A fairly conservative estimate of the growth in one aspect of electronic commerce was made by Forrester Research. They expected Internet retail transactions to grow from $US518 million in 1996 to $US6.6 billion in the Year 2000.

    By far the greatest segment of retail transactions is the purchase of computer related products - either by direct download or mail order.

    Smart cards, on the other hand, are already prevalent in Europe and parts of Asia. Although their use for pure electronic commerce is limited at this stage, the platform is in place for the convergence of smart card and Internet commerce technology to provide seamless electronic commerce.

    1.2 Internet transaction systems

    There are about 65 current systems available for making simple transactions on the Internet. They range from the sophisticated digital coin systems to variations on the good old credit card. There is even one cheque based system (called 'the cheque is in the net').

    Many of the payment systems are described at Roger Clarke's electronic commerce page: http://www.anu.edu.au/people/Roger.Clarke/EC/

    My own page has a few useful documents and links on electronic commerce consumer issues at:

    http://policynet.socialchange.net.au

    1.3 Consumer Issues

    Major consumer issues raised by Internet transaction systems include:

    These issues are best explored through the case studies and the seven summaries of sets of consumer protection principles in the appendices below.

    1.4 Legal Issues

    There are also a number of pure legal issues, including:

    The Treasury's Corporate Law Economic Reform Program (CLERP), especially paper No. 6 "Cutting cybertape - building business".

    http://www.treasury.gov.au

    2 Consumer Confidence

    One sure-fire indicator that businesses are struggling to win consumer confidence in electronic commerce is the emergence of 'guarantees' as a lure to customers at some electronic commerce sites.

    First Virtual, for example are one of the largest providers of electronic transaction systems on the Internet. In April 1997 they began offering a security guarantee to all their customers. In a way this is 'buying' consumer confidence when it does not otherwise exist, and perhaps this is a realistic business assessment of the nature of electronic commerce.

    Another approach has been taken by the TRUSTe consortium. The TRUSTe logo appears on sites which offer electronic commerce facilities that meet minimum privacy and security standards set by the Electronic Frontiers Foundation and CommerceNet. The logo, similar to a National Heart Foundation 'tick' for healthy foods, may one day be recognised as a symbol of safety on the Internet.

    http://www.truste.org/

    A survey carried out by Boston Consulting Group (BCG) confirms that privacy and security fears do inhibit the take-up of electronic commerce on the Internet.

    BCG surveyed 9,300 Internet users. 70% said they were more concerned about privacy online than off-line. 41% of respondents simply left a site if they were asked to provide registration information. Another 27% provided false information to protect their privacy.

    The survey concluded that as much as 6 billion US dollars would be lost between now and the Year 2000 in potential electronic commerce revenue if privacy concerns were not addressed.

    In a similar vein, the European Commission has published a voluntary guideline to "boost consumer confidence in electronic payment instruments", including both smart cards and emoney. (see Appendix B)

    3 Financial system regulation and electronic commerce

    It is not only financial systems technology that is undergoing massive change. In Australia, the entire financial services industry is the subject of regulatory overhaul following the completion of the Wallis Inquiry.

    The Terms of Reference for the Financial System Inquiry (the Wallis Inquiry) included the provision that the inquiry would 'identify the factors likely to drive further change, including technological advances'., Thus new technology, and in particular electronic commerce, became an integral part of the review.

    The final report of the Wallis Inquiry offers a mixed bag for consumer protection issues which arise from new technology financial services and products.

    There are some recommendations which will benefit consumers, especially those with a complaint. An outline of the specific recommendations dealing with electronic commerce follows:

    Recommendation 2

    The Corporations and Financial Services Commission (CFSC) should have comprehensive responsibilitiesincluding:

    "monitoring financial innovation and technological developments in the provision of financial products and services and determining appropriate regulatory responses"; and "approving and overseeing codes of conduct for new payments technologies"

    The CFSC is essentially the ASC with a few extra powers and functions tacked on. This recommendation appears to suggest that the CFSC will now have a role in 'determining' the appropriate regulatory response to the introduction of new technology financial services and products. There is little clear instruction on how the CFSC should perform this task.

    Note: The Treasurer Peter Costello has recently decided to change the name of this new regulator from the Corporations and Financial Services Commission (CFSC) to the Australian Securities and Investments Commission (ASIC). Alan Cameron, the current Chairman of the Australian Securities Commission has been announced as the new Chairman of the ASIC.

    Recommendation 25

    A central gateway for dispute resolution should be established.

    This is a positive improvement for consumers who have a complaint about a financial product or service - especially a new technology or 'convergent' product or service. Consumer representatives should attempt to be involved in the development of the consumer gateway, to ensure that it does not become a consumer 'hurdle' (through cost, delay, inconvenience etc.)

    Recommendation 28

    The CFSC should monitor new technologies.

    "The CFSC should ensure that industry initiatives for consumer protection in relation to new technologies develop in a coordinated way"

    In many ways this could be an improvement on what the consumer movement was seeking in submissions. The consumer movement had called for a 'National Technology Council' or similar body which would co-ordinate the regulation of new technologies. Industry had also supported the establishment of such a body.

    This would have necessitated the creation of yet another new body, with disparate interests, so maybe this is a better approach. However, it remains to be seen whether this recommendation is interpreted as the coordination only of industry 'initiatives', rather than industry regulation.

    Recommendation 91

    Legislation should be amended to allow for electronic commerce.

    (The recommendation wording discusses netting, digital signatures, electronic delivery of notices, PKAF, evidence etc.)

    It is expected that this recommendation will be implemented through the work of the Attorney Generals' Electronic Commerce Expert Group and the Treasury's Corporate Law Economic Reform program (CLERP).

    The relevant CLERP paper is No. 6 "Cutting cybertape - building business".

    http://www.treasury.gov.au

    Recommendation 92

    Australia should adopt international standards for electronic commerce.

    There are currently no international standards for electronic commerce, although one is presently being discussed at the International standards Organisation. There is also work being undertaken at the international level by the UN and the OECD.

    Recommendation 93

    International harmonisation of law enforcement and consumer protection should be pursued (esp. for electronic commerce).

    Recommendation 94

    Regulators should coordinate on technology.

    "the regulators should be proactive in assessing the impact of technological developments"

    The consumer movement was the first to argue that regulators should be proactive, so this is a win. The Reserve Bank is still arguing that regulation of new technology should be on a wait and see approach - also known as the 'after the accident' approach. It will be interesting to see whether or not the regulators change their culture in the post-Wallis era.

    The majority of the Wallis recommendations have been accepted by the Government. The first round of legislation to implement the reforms was released fro comment on 26 March 1996, including:

    * Australian Prudential Regulation Authority Bill 1998

    * Financial Sector (Shareholdings) Bill 1998

    * Levy Imposition Bills 1998

    * Financial Sector Reform (Amendments and Transitional Provisions) Bill 1998

    * Payment Systems (Regulation) Bill 1998

    Further details of the legislative program are available at:

    http://www.treasury.gov.au/Publications/GovResponseFSI/

    Case Study 1: Regulation of Internet investment advice and prospectuses.

    In Australia the current regulator of investment advice and prospectuses is the Australian Securities Commission. They have shown a willingness to become involved in the regulation of those products and services on the Internet.

    However, the ASC has a dual role - it sees itself as more than just a consumer protection regulator. Chairman Alan Cameron at a conference in 1997 said:

    "On the one hand, our role is to promote investor confidence in the integrity of the market and its institutions through our regulatory activities, including enforcement of the Corporations Law. On the other hand, the ASC must facilitate business by encouraging innovation and providing useful services to the market. If the ASC's function was solely to regulate and enforce according to the Corporations Law, it would hinder, rather than add value to business. This is as true in the electronic context as in every other aspect".

    The ASC, and other similar regulators overseas, are only now beginning to receive complaints related to electronic commerce on the Internet.

    The Australian Competition and Consumer Commission (ACCC) also investigates Internet investment scams.

    Some relevant cases and complaints are:

    * The author of a site which offers summary information about companies listed on the Australian Stock Exchange was required to obtain a licence issued by the ASC.

    * The ASC received undertakings from companies involved in 'ostrich farm' schemes to cease promotion of the schemes on the Internet, where earlier promotions had appeared to breach the Corporations Law.

    * The ASC arranged for a registered prospectus to be removed from the Internet after it was determined that potential investors were able to view only certain parts of the prospectus they were interested in.

    * In the United States 37 sites offering investment advice were taken off the web after a 'sweep' by the US Federal Trade Commission and State regulators.

    * The ACCC took steps to remove certain Australian sites promoting pyramid style investment schemes in contravention of Section 61 of the Trade Practices Act.

    * The ASC (working with the Reserve Bank of Australia) took steps to remove a site described as an Internet Bank which did not hold an Australian banking licence.

    Case Study 2: Smart Cards

    Although invented and patented in 1975, it is only in recent years that smart card technology has become widely prevalent. It is useful to examine the consumer issues posed by smart cards, as they are indicative of the issues likely to be posed by other electronic commerce instruments.

    Terms and Conditions

    Unfortunately, due to the absence of other regulatory controls, much emphasis has to be placed on the individual terms and conditions issued by the smart card promoters and the individual banks involved. The various terms and conditions on offer vary greatly, but are uniformly poor in the area of protecting consumers from liability for card related losses in cases of fraud etc.

    Dispute Resolution

    Smart card transactions will not necessarily involve a bank or supervised financial institution. The 1997 Financial Systems Inquiry (The Wallis Inquiry) recommended that non-banks could issue stored value cards, although they should be subject to some light regulation `to ensure the safety and integrity of the payments system' (Recommendation 72). Disputes may arise between consumers and smart card promoters or between consumers and merchants and service providers. An important issue to address will be the various liabilities of participants in each transaction.

    Consumer Choice

    Choice of payment methods will continue to be an important consumer issue. There is some talk that a combination of new technology payment systems may eventually lead to the "cashless society". Singapore, for example, has indicated that it aims to become a cashless society early next century.

    Costs and Fees

    Banks, card issuers and card promoters have proposed a number of different types of fee structures for smart card systems. It is unclear at this stage who exactly will control fee policy. In the Mastercard trial in Canberra, for example, all three banks issuing Mastercard smart cards charged different fees. Proposed fees for stored value cards have included:

    1) Issue fees

    2) Renewal fees

    3) Transaction fees

    4) Reload fees

    5) Monthly fees

    Apart from fees, there will be a number of additional costs borne by consumers as smart card systems are implemented. No interest will be paid on the funds stored on the smart card. This is despite the fact that the chip is capable of calculating and adding interest without any additional administrative or staffing requirements. The issuers will also benefit from reduced cash handling costs and reduced costs from theft.

    Liability

    Many of the liability questions raised by smart cards are similar to the liability questions raised by EFTPOS cards - for example, disputes about "phantom" transactions.

    However, there may be an additional risk that banks will argue that, because smart cards are so secure, it should be presumed that a card holder must have been negligent if a "phantom" transaction takes place.

    The EFT Code of Conduct limits liability to $50 in situation where it is unclear whether the card-holder had been negligent. No such provision currently applies to smart cards. The terms and conditions of various smart card systems on trial in Australia all offer different levels of protection from liability in different circumstances.

    Note: There has been a recent review of the EFT Code of Conduct by Treasury and the ACCC: http://www.accc.gov.au

    Redemption of Card Value

    It will be important for smart card users to be able to quickly and simply redeem the value stored on smart cards for cash. Cash may be needed in a number of emergency circumstances (such as paying for food, clothes, medicines, rent, lending family members money etc.) where payment by smart card is unavailable.

    A number of smart card promoters have issued terms and conditions in their trials which prevent a card holder redeeming their stored value for cash. This is an unacceptable position. The money belongs to the consumer. The only other time where a person's money is "locked up" in this way is where they decide to place their money in a term deposit bearing substantial interest.

    Anonymity

    In any payment system which is designed to replace cash in low value transactions, anonymity will be an important issue. Many people believe that as the computer age has advanced, their control over their personal privacy has decreased. The anonymity offered by cash has been one of the last bastions of personal privacy.

    Stored value cards are fundamentally different from cash in that not all smart cards guarantee that transactions can be completed anonymously. The level of anonymity depends on the type of stored value card being offered. At the present time there are five types of stored value cards:

    1. Anonymous disposable cards with a set amount of electronic value, similar to Telstra phone cards. When the value on the card is spent they will be thrown away (or perhaps collected).

    2. Anonymous reloadable cards which can be topped up at banks or EFTPOS outlets. These cards do not carry name or address details. However if customers top the card up electronically from their bank or credit card accounts, a link will be made between the card and the identity of the card-holder.

    3. Personalised reloadable cards which carry identifying details - perhaps even a photograph or biometric identifier (such as an iris scan, voice recognition scan or thumbprint).

    4. Multi-function cards which have stored value, debit, credit and/or other functions all on the one card. In the near future they are likely to be hybrid magnetic stripe/smart cards, but in the future all the functions may be on the chip. They are not anonymous.

    5. Mondex type cards which are "semi-anonymous" in that a link can be made between the card and the identity of the card-holder only at each reload stage, and for the most recent ten transactions.

    A major concern at this early stage of smart card development is that customers may be misled into believing that the cards being promoted as "anonymous reloadable" cards are truly anonymous. This is not the case, and a number of industry analysts have acknowledged that no reloadable card can actually be called anonymous . Nevertheless, the promotional material still refers to such cards as anonymous.

    Collection of Information

    Smart card systems will be capable of collecting, storing and processing much greater volumes of personal information than any previous payment systems.

    With personalised cards, personal details will be collected at the time individuals apply for their cards. People have become used to providing personal details to banks when applying for credit cards, but are less accepting of supplying personal details to use a product which simply stores their own money. Phone cards and weekly bus tickets are good examples.

    Smart cards will generate records of the date, time and location of all transactions. When they were first introduced most smart card promoters focused on the ability of the cards to create detailed customer profiles for business use as a major selling point to the banks.

    Criticism from privacy advocates has resulted in this aspect of smart card technology no longer being highlighted in most smart card promotional material. However, without any legal regulation of the use of transaction information, the banks and card promoters may choose to create detailed customer profiles at any stage.

    See the Best Practice Guidelines (Appendix D) and the Code of Conduct (Appendix E) for the consumer and industry response to these issues.

    Appendices

    Appendix A The NACCA Principles

    A set of 'consumer protection in electronic commerce' draft principles have been prepared by the National Advisory Council on Consumer Affairs

    http://www.dist.gov.au/consumer/eleccomm/draft/index.html

    The National Advisory Council on Consumer Affairs is a policy advisory body to the Federal Minister for Customs and Consumer Affairs. The Council advises the Minister on significant and emerging consumer issues.

    By developing the principles, the Council wants to assist in the development of good online practice by business and inform consumers on what they can expect in the area of electronic commerce. The Council hopes to contribute to the further development of the electronic marketplace in Australia The Council also expects that the principles will help promote cooperative arrangements internationally.

    Principle No.1 Protection

    Consumers using electronic commerce are entitled to the same protection as provided by the laws and practices that apply to existing forms of commerce.

    Principle No.2 Identification

    Consumers must be able to clearly establish the identity and location of businesses they deal with.

    Principle No.3 Information

    Consumers must be provided with clear and comprehensive information before and after any purchase of goods and services offered.

    Principle No.4 Plain Language

    Sellers must state contract terms in clear simple language.

    Principle No.5 Confirmation

    Sellers should ensure they receive confirmed consent from consumers for a purchase of goods and services.

    Principle No.6 Payment

    Consumers are entitled to receive clear information about the types of payments which will be accepted.

    Principle No. 7 Complaints Procedure

    Consumers are entitled to have their complaints and enquiries dealt with fairly and effectively.

    Principle No. 8 Dispute Resolution

    Sellers should provide information to consumers about affordable and effective dispute resolution arrangements, where they are available.

    Principle No. 9 Privacy

    Sellers must respect customer privacy.

    Principle No.10 Code Compliance

    Industry code administration bodies must closely monitor the application and effectiveness of their codes and be able to correct any deficiencies which are identified.

    Principle No. 11 Confidence

    Each code operating body should strive to maintain and promote consumer confidence in the global marketplace.

    Principle No. 12 Regulation

    Governments should actively develop their consumer protection responsibilities.

    Appendix B European Commission Principles


    Background

    Background

    The European Commission has published guidelines (30 July 1997) on "Boosting consumer confidence in electronic payment instruments". The guidelines are voluntary, although compliance is encouraged by the imposition of a deadline (31 December 1998) after which the Commission may choose to give the guidelines the force of law if they are not widely in use.

    Similar guidelines were published relating to credit cards and debit cards in the mid 1980s, and are generally complied with in European member states.

    The guidelines apply to all transfers of funds effected by electronic payment instruments (except those between financial institutions) and also to the withdrawal of cash and reloading of stored value instruments.

    Summary of key principles

    * Clear terms and conditions must be issued prior to the delivery of the electronic payment instrument.

    * Information on fees charges and interest rates must be supplied.

    * Receipts must be issued OR the consumer must have the means of viewing a record of at least the last five transactions.

    * Terms and conditions may only be altered after the provision of one month's notice.

    * The consumer is only liable for the loss of the first 150 ECU if they have reported the electronic payment instrument lost or stolen except where they have acted with "extreme negligence".

    * Where the electronic payment instrument is defective the issuer is liable for any loss.

    * Member States are "invited to ensure that there are adequate and effective means for the settlement of disputes between a holder and an issuer".

    Appendix C Australian Taxation Office Electronic Commerce Report

    Background

    The Australian Taxation Office has an ongoing Electronic Commerce Project. A discussion paper and background consultants' reports are available at:

    http://www.ato.gov/ecp/

    The discussion paper lists a large number of 'findings' and then makes 'recommendations. The most relevant of these are listed below:

    Findings

    * Electronic commerce is still emerging, the emergence is rapid and needs to be constantly monitored.

    * The lack of a legal infrastructure, until it is resolved, is likely to be an impediment to electronic commerce.

    * Electronic payment systems are of fundamental importance to the efficiency of Internet markets.

    * Electronic commerce will increase the numbers of businesses engaged in international trade and reduce the average transaction size.

    * Website costs may be low, but successful commercial websites may require considerable investment.

    * It is likely that with maturity, the Internet will become dominated by large corporations.

    * The short term impact of electronic commerce may adversely impact some Australian businesses but this trend could be reversed in the longer term.

    * Some electronic payment systems have significant evasion potential.

    * The application of the existing jurisdictional rules is doubtful.

    * Broad based international cooperation will be required to administer domestic tax laws in relation to electronic commerce.

    * Taxpayer identity is less certain in the electronic commerce environment.

    * Encryption presents difficulties, but is inevitable.

    Recommendations

    * The ATO should establish policies associated with e-commerce in cooperation with other relevant federal government agencies.

    * The ATO should be sensitive to the effect of regulation on electronic commerce.

    * The ATO should continue to measure the risks to the tax system from electronic commerce.

    * The ATO should seek to have ACN numbers displayed on commercial websites.

    * Webshops (commercial Internet sites) should be licensed.

    * Organisations that operate or host webshops should be licensed.

    * AUSTRAC should be requested to review the definition of "cash dealer" under the Financial Transactions Reports Act.

    * The ATO should seek to have access to credit card and electronic payment system records held outside of Australia.

    * The ATO should have a watching brief over the post Wallis banking and financial sector and provide input into any proposed regulation of the sector.

    * The ATO should liaise with the Reserve Bank to require reporting of amounts on issue for various electronic cash systems.

    * The ATO should seek regulatory neutrality between physical cash and electronic cash.

    * The ATO should seek a $100 to $500 limit on certain cash-like electronic payment systems.

    * The ATO should convene a forum to discuss electronic payment systems with interested agencies.

    Appendix D Best Practice Guidelines for Stored Value Cards

    Background

    A group of privacy and consumer advocates who first met through the Smart Card Advisory Network (SCAN) have developed a set of "Best Practice Guidelines for Stored Value Card Systems". They are intended to promote awareness of consumer issues amongst banks, financial institutions and smart card promoters.

    They have been circulated widely for comment, and have received a positive response. A number of organisations have formally endorsed the guidelines:

    * Australian Privacy Foundation

    * Australian Consumers Association

    * Consumer Credit Legal Centre (NSW) Inc.

    * ACT Consumer Affairs

    * Consumer Credit Legal Service (WA) Inc.

    * CARE (ACT) Inc.

    * Australian Privacy Charter Council

    * Consumers' Federation of Australia

    The guidelines are not intended to provide a complete solution to the various policy issues raised by smart cards and work is continuing on other fronts to improve consumer education and protection in this field. Nevertheless it is hoped the guidelines will be used as the starting point for improved terms and conditions for each stored value card trial and roll out.

    Consumers are encouraged to use the best practice guidelines to make their own assessment of the new smart card products on offer. They can be used as a benchmark for complaints to the smart card companies and the banks. Although the guidelines are not binding, it is often through consumer complaints that real improvements in consumer protection are achieved.

    Best practice guidelines

    The intention is to provide an environment in which the individual consumer:

    1. Has a choice as to whether to use a stored value card or other means of payment;

    2. Is enabled to make an informed choice on what type and/or brand of stored value card to use;

    3. Can change easily between schemes;

    4. Has current and comparable information on the costs, fees and charges of each stored value card scheme;

    5. Does not become liable for large losses in the event of loss or theft of a stored value card;

    6. Does not incur any liability due to system failure;

    7. Does not incur any liability due to fraud or misuse by an agent or employee of any party involved in system provision or by any other person or body, providing the consumer did not knowingly contribute to the fraud or misuse;

    8. Has access to an equitable disputes resolution procedure, including access to an external, independent dispute resolution procedure where necessary;

    9. Has adequate protection regarding the collection, storage, use and disclosure of personal information; and

    10. Is supplied with terms and conditions which are comprehensive, easy to read and available in appropriate community languages.

    Appendix E Smart Card Code of Conduct

    Background

    The Smart Card Industry Code of Conduct has been prepared by the Asia Pacific Smart Card Forum - the industry peak body based in Canberra.

    The Code is intended to provide an appropriately regulated background in which industry could operate and grow. It was proposed after extensive consultation with consumer groups, Government Departments and the Australian Competition and Consumer Commission.

    The Code is set out as an `umbrella code' - with specific technical codes on banking, transport, telecommunications and community applications to follow as required.

    The Code serves three functions. The first is to provide a Code for members of the Smart Card Forum where no industry specific code is developed. The second is to provide minimum standards which must be observed in industry specific codes. The third is to provide the basis upon which Code Subscribers can use a `compliance logo'.

    The Code also establishes a Code Advisory Committee consisting of members of the Board of the Forum and nominees of consumer and privacy organisations. This Advisory Committee will review draft industry specific codes, monitor the operation of the Principal Code (including complaints), and advise on changes to the Code.

    The Forum describes the Code as a `first step'. The Forum acknowledges that the current version of the Code may not be able to adequately cater for all situations or satisfy all interests. However, the operation of the Code will be reviewed by the Advisory Committee and will be amended as and when the need arises. It is anticipated that as technology becomes more widespread and the industry matures, the Code will develop in accordance with established benchmarks, including those for dispute resolution schemes where appropriate.

    Copies of the Code are available from:

    Deborah Stanley

    Asia Pacific Smart Card Forum

    GPO Box 1966

    Canberra ACT 2601

    Tel (02) 6247 4655

    Fax (02) 6247 9840

    Summary of Code Provisions

    1. Application and Administration

    The Code binds all members of the Smart Card Forum and other people or organisations who agree to observe the Code. The Board of the Smart Card Forum can amend the Code.

    2. Code Advisory Committee

    The Code Advisory Committee consists of an independent chair, three directors of the Smart Card Forum, and three nominees of consumer, privacy, advocacy or regulatory organisations.

    3. Complying Industry Codes

    Complying Industry Codes may be approved by the Board if they are consistent with the Principal Code and provide equal or greater protection for Cardholders.

    4. Privacy

    The privacy provisions of the Principal Code set out the principles to be followed in relation to the collection and use of personal Information.

    5. Security, Use and Disclosure

    The provisions require Personal Information to be kept secure, to only be used for the purposes for which it is obtained (or with permission) and to only be disclosed to Associated Service Providers who have a need to know and who agree to abide by the privacy provisions of the Code.

    6. Access and Correction

    Cardholders may request access to Personal Information relating to them, and require correction of that information.

    7. Terms and Conditions

    A Card Principal must provide the terms and conditions on which a card is supplied. These must contain certain specified provisions, including the amount of fees and the notice periods for changing terms and conditions.

    8. Organisational Responsibility

    Code Subscribers are required to ensure staff are aware of the provisions of the Code.

    9. Dispute Resolution and Sanctions

    The Code establishes a Sanctions Committee which may reprimand, suspend or expel a Code Subscriber. It may also require a Code Subscriber to take specific remedial action.

    Appendix F United States principles for electronic commerce

    The US Government released a set of guiding principles for the promotion of electronic commerce in mid 1997.

    1. The private sector should lead.

    The Internet should develop as a market driven arena not a regulated industry. Even where collective action is necessary, governments should encourage industry self-regulation and private sector leadership where possible.

    2. Governments should avoid undue restrictions on electronic commerce.

    In general, parties should be able to enter into legitimate agreements to buy and sell products and services across the Internet with minimal government involvement or intervention. Governments should refrain from imposing new and unnecessary regulations, bureaucratic procedures or new taxes and tariffs on commercial activities that take place via the Internet.

    3. Where government involvement is needed, its aim should be to support and enforce a predictable minimalist, consistent and simple legal environment for commerce.

    Where government intervention is necessary, its role should be to ensure competition, protect intellectual property and privacy, prevent fraud, foster transparency and facilitate dispute resolution, not to regulate.

    4. Governments should recognise the unique qualities of the Internet.

    The genius and explosive success of the Internet can be attributed in part to its decentralised nature and to its tradition of bottom-up governance. We should not assume that the regulatory frameworks established over the past 60 years for telecommunication, radio and television fit the Internet. Existing laws and regulations that may hinder electronic commerce should be reviewed and revised or eliminated to reflect the needs of the new electronic age.

    5. Electronic commerce on the Internet should be facilitated on a global basis.

    The Internet is a global marketplace. The legal framework supporting commercial transactions should be consistent and predictable regardless of the jurisdiction in which a particular buyer and seller reside.

    Key areas where international efforts are needed to preserve the Internet as a non-regulatory medium:

    * customs and taxation electronic payment systems

    * `uniform commercial code' for commerce conducted over the Internet

    * intellectual property protection

    * privacy

    * security

    * telecommunications infrastructure and interoperability

    * content

    * technical standards

    Appendix G Internet Industry Code of Practice

    Background

    The Australian Internet Association has released a new draft of their proposed Industry Code of Practice. While it concentrates on a number of content issues, there are also some provisions which will be relevant to electronic commerce.

    Key sections

    7. General conduct of all code subscribers

    1. When first entering into a transaction with a user Code Subscribers will:

    a. provide to each user:

    * the name of their trading entity.

    * the physical location of their office.

    * a contact telephone number.

    b. provide particulars to each user of:

    * the nature and characteristics of the service or product which the Code Subscriber intends to provide.

    * the method by which the user will be charged.

    * if practicable, the likely total cost of the proposed product or service.

    2. Code Subscribers will deal with each user promptly and fairly.

    3. Code Subscribers will not:

    a. inaccurately represent the benefits of their product or service.

    b. engage in conduct which is misleading or deceptive.

    c. engage in conduct that is in all the circumstances unconscionable.

    d. knowingly exploit lack of knowledge of users regarding the Internet or the products or services to be provided.

    5. Code Subscribers will report to the Administrative Council and the relevant authorities any service available on the Internet from within Australia which they consider is:

    a. fraudulent.

    b. misleading or deceptive and likely to cause loss or damage to third parties.

    c. illegal.

    8. Secrecy obligations

    1. Code Subscribers will:

    a. keep confidential the business records and personal information relating to each user.

    b. take adequate steps to ensure the confidentiality of business records and personal information.

    c. not sell or exchange the business records or personal information of a user other than to another Code Subscriber as part of the sale of the Code Subscriber's business as a going concern.

    2. Clause 8.1 does not prevent disclosure of information with the express or implied consent of the user or as required by law.

    9. Data collection and use

    1. Code Subscribers will collect data relating to a user only:

    a. which is relevant and necessary for the provision of the service that the Code Subscriber is engaged to provide, or

    b. for other legitimate purposes made known to the user prior to the time the data is collected.

    2. Code Subscribers will use collected data relating to a user only for:

    a. the Code Subscriber's own marketing, billing and other purposes necessary for the provision of the service, or

    b. legitimate purposes made known to the user prior to the time the data is collected, or

    c. other purposes with the consent of the user.

    3. Code Subscribers will take reasonable steps, having regard to the nature of the data, to ensure that data collected in relation to a user:

    a. to the extent that it comprises business records or personal information can be checked by a user.

    b. is accurate, and if necessary, kept up to date.

    c. if inaccurate, is erased or rectified.

    4. In this part of the Code references to the collection of data include collection of data by active request or inquiry and collection of data by passive recording of actions or activity.

    11. Conduct of vendors

    1. Code Subscriber Vendors will, before a sale or agreement to sell is concluded on the Internet, advise the user:

    a. if, according to guidelines published by the Administrative Council, the method of payment chosen by the user is not considered secure.

    b. the refund policy applicable to the sale.

    c. of the law which applies to the sale.

    2. In relation to sales of physical products on the Internet, Code Subscriber Vendors will:

    a. make the following information available to the user, before a sale or agreement to sell is concluded:

    * the costs which the user will incur as a result of the purchase including delivery costs.

    * of any specification or characteristic of the product which might reasonably be expected to be relevant to the user's decision to buy the product if that specification or characteristic is materially different from the specification or characteristic that a reasonable user might assume the product to have having regard to the information supplied by the Code Subscriber Vendor on the Internet.

    * the time within which the product will be delivered to the user.

    b. advise the user if, for any reason delivery of the product is delayed for more than 10 days from the delivery date stated by the Vendor at the time of the sale.

    c. offer the user cancellation of the order and a refund if, for any reason, delivery of the product is delayed and, due to the delay, will not be delivered until more than 28 days from the delivery date stated by the Vendor at the time of the sale.

    3. In relation to sale of software on the Internet to be delivered using the Internet, Code Subscriber Vendors will make available to the user, before a sale or agreement to sell is concluded:

    a. the terms of the software licence agreement.

    b. a specification of the size of the program and the operating system and equipment required to run it efficiently.

    4. In relation to sale of content on the Internet to be delivered using the Internet, Code Subscriber Vendors will advise the user, before a sale or agreement to sell is concluded:

    a. particulars of the content that will be provided including:

    * an accurate description, synopsis or sample

    * its form (written, illustrated, video, animated, etc)

    * the size of the file containing the content.

    b. any restrictions that will apply to the user's right to use the content that is downloaded.

    c. the operating system and equipment required to view the content.

    Some useful references

    AUSTRAC, Report of the Electronic Commerce Task Force to the Commonwealth Law Enforcement Board, November 1996, Sydney.

    Australian Commission for the Future, Smart Cards and the Future of Your Money, August 1996, Melbourne.

    Bain, Donna, Smart Cards: Implications for Privacy - Report of the Office of the Privacy Commissioner, 1995, Sydney.

    CIRCIT, Study of the Law of Internet Commercial Transactions, 1997, Melbourne.

    CIRCIT, Trust and Electronic Money, June 1997, Melbourne.

    Clarke, Roger, Chip-Based Payment Schemes, September 1996, Canberra.

    Connolly, Chris, Smart Cards: Big Brother's Little Helpers - Report No. 66 of the Privacy Committee of NSW, August 1995, Sydney.

    http://policynet.socialchange.net.au

    Consumer Affairs Queensland, Smart Cards - What Do You Think?, March 1997, Brisbane.

    Federal Bureau of Consumer Affairs, A Cashless Society?, July 1995, Canberra.

    http://www.dist.gov.au/consumer/

    Federal Bureau of Consumer Affairs, Untangling the Web, March 1997, Canberra.

    http://www.dist.gov.au/consumer/

    Furche A, & Wrightson G, Computer Money, 1996, Heidelberg.

    Mastercard International, Privacy and Payments, 1996, Sydney.

    Tyree, Alan, Digital Cash, 1997, Sydney.

    Some useful sites

    Mondex

    http://www.mondex.com/

    Home page of the British smart card promoter.

    Visa

    http://www.visa.com/

    The full range of Visa news and products.

    Digicash home page

    http://www.digicash.com

    An outstanding Internet payment system site.

    EFF Privacy/Online Commerce Archive

    http://www.eff.org/pub/Privacy/Digital_money/

    For serious research.

    Smart Card Resource Centre

    http://www.smart-card.com/

    A good US resource site.

    Policy Network

    http://www.policynetsocialchange.net.au

    Covers smart card and electronic commerce consumer issues.

    Roger Clarke's Home Page

    http://www.anu.edu.au/people/Roger.Clarke/

    Good coverage of electronic commerce policy issues.