Mind those net banana skins

Quentin Archer of Lovell White Durrant warns that those seeking to expand on to the internet may find unexpected barriers blocking their way.

The advent of e-commerce has required all sectors of industry to look closely at their products and services in order to determine whether they can be negotiated, sold or provided on-line. The insurance industry has been more alive to the advantages of e-commerce than many other areas of business, but those providing insurance services are faced with laws that inhibit the growth of some aspects of electronic trade while failing to prevent unwelcome developments elsewhere.

One example of a legal barrier to expansion is the law of copyright, which enables content owners to object to the unauthorised use of their text, images or data. Another, rather more insidious, is the rapid growth in the number of patents being granted in the United States in respect of methods of conducting on-line business. The inventor of the World Wide Web, Tim Berners-Lee, has been a trenchant critic of this development, although there are signs nonetheless that Europe may follow suit.

For some years there has been concern that the world's legal systems are not well adapted for the advent of electronic commerce. Can electronic communications really have the same legal validity as pen and ink? Would they be given the same evidential weight? Is regulation of new service providers required?

This concern has given rise to a race to legislate, each state or country vying with each other in an attempt to prove that it was better adapted for e-commerce. Of course, a facility that is truly international will not benefit greatly from changes solely in national legislation. Nonetheless, parliaments press on, the UK included.

The Electronic Communications Bill was presented to Parliament at the beginning of the present session, on November 18. It was one of the key bills referred to in the Queen's Speech, although significantly shorter (and less contentious) than the previous version that had been circulated for comment. The intention of the bill is to build confidence in electronic commerce by providing for:
- a statutory approvals scheme for businesses and other organisations providing cryptography services, such as electronic signature services and confidentiality services
- the legal recognition of electronic signatures
- the removal of obstacles in other legislation to the use of electronic communication and storage in place of paper.

Provisions in an earlier draft that would have allowed law enforcement agencies to obtain keys to encrypted data have been dropped, although they may reappear in another bill at some stage.

For such a loudly trumpeted legal provision, paving the way for the Government's declared intention to make the UK the best place for e-commerce by 2002, the bill is rather a disappointment. It does not deal with the mysteries of electronic contract formation, with the liability of service providers for content or cacheing or with the myriad tax issues that were highlighted by the Government in a paper rather quaintly entitled e-commerce@its.best.co.uk, issued in the early autumn. The bill is not likely, by itself, to lessen any fears the insurance industry might have about electronic trade.

The UK debate is only one of several that are currently taking place, notably at European Union level. The European Commission has adopted a "Proposal for a European Parliament and Council Directive on certain legal aspects of electronic commerce in the Internal Market" on which political agreement has just been reached, although the directive has not yet been formally issued.

One of the most difficult legal aspects of international e-commerce is the question of applicable law and jurisdiction. This is especially relevant in the world of insurance. For example, imagine a situation in which a US broker's representative visits a prospective customer in France and then transmits a proposal form to a UK insurer's server hosted in Jersey. The server is pre-programmed to accept proposals that fall within specified criteria. Which law governs any resulting contract of insurance? Whose courts have jurisdiction in the event of a dispute over a claim? Which countries have the power to regulate the activities of the participants in a transaction such as this?

These questions are only partially answered by the draft directive. The draft provides that the providers of "information society" services must comply with the laws of their place of establishment and are therefore not required to observe the national legislation of every country in the European Union. The place of establishment will be the place where a provider pursues an economic activity through a fixed establishment, irrespective of where the web sites or servers are situated or where the operator may have a mailbox. Member states of the European Union may not restrict the freedom to provide information society services from another member state, nor (subject to various exceptions) can they discriminate against those who provide information society services by requiring that special authorisation schemes should be applied to them that are not applied to the same services provided by other, usually more traditional means.

However, service providers can be required to make available to customers and competent authorities certain information about themselves, such as their name, address, professional authorisation, VAT number, trade register number and so on. This information should be easily accessible while a relevant service is being provided. Prices, too, must be indicated clearly and unambiguously.

The directive says nothing about applicable law and jurisdiction, however, and its provisions would not prevent any member state from discriminating against services that originated outside the European Union. The directive does contain some provisions regarding electronic contracts, but has shied away from a comprehensive code that would clarify when and where such contracts are deemed to be concluded.

Because services over the internet can be accessed anywhere, and thus might be subject to any of the world's numerous jurisdictions, it is prudent when offering insurance business on the web to identify clearly on the site in question the countries to which the offer is directed. The prospective customer would be invited to specify the country where he is located and to confirm that he is normally resident there. If the rules of that country are known to the service provider and are acceptable, then the transaction can proceed. If not, then the program on the server should prohibit the customer from going further.

Obviously, customers can lie, but most jurisdictions would probably accept that this should not be the responsibility of the service provider.

But what about the person offering general insurance business from an unregulated jurisdiction who is not so scrupulous and who will take business from anyone? The basic design of the internet means that attempts to block transmissions from particular sites located beyond the coercive powers of regulated jurisdictions are likely to prove futile. While there has been much talk about international regulation of the internet there is also huge pressure (particularly from the US) for self-regulation; effective international regulation of the financial services markets is a long way off.

National regulators can do little, particularly when (as in the UK) self-regulation is preferred to statutory regulation. Until this cancerous growth amidst the flowering of e-commerce has been eradicated, the hapless consumer will still be advised to tread a wary path along the electronic superhighway.