Republic puts `spam' burden on consumer

The Government's implementation of the EU's ECommerce Directive is likely to make the State the only European nation to place…

The Government's implementation of the EU's ECommerce Directive is likely to make the State the only European nation to place the burden of opting out of receiving junk e-mail on the consumer.

Most other European countries intend to approach the directive's sections on data privacy, direct marketing and `spam' - unsolicited e-mail advertising - by requiring companies to gain an individual's permission first. The approach, known as the "opt-in" approach, is widely supported by privacy and consumer advocates. But in the Republic, companies would be allowed to send spam unless a consumer indicates it is not wanted.

The approach is intended to create a pro-business environment supportive of e-commerce, according to the Department of Enterprise, Trade and Employment, which is drawing up the Act that will implement the directive.

But the approach is likely to come into conflict with privacy protections in the EU's 1998 Data Protection Directive, according to Mr Conor Mullany, a senior associate specialising in e-commerce law with solicitors LK Shields. The 1998 directive is also about to be incorporated into Irish law.

READ MORE

As it stands, only 29 per cent of Irish companies say they are complying with existing data protection law - which already applies to online gathering of data, said Mr Mullany - and 49 per cent do not have any policies in place to even attempt compliance. The figures came from a survey of Irish companies by Rits IT Consultants.

The issues were some of the many complexities of existing and incoming e-commerce and data protection legislation explored at three days of conferences in Dublin this week. The conferences were led by law firm Matheson Ormsby Prentice and designed to inform companies of their obligations under the new laws.

As one speaker pointed out, the tangle of legislation is not made any clearer by the fact that the State's existing E-Commerce Act, passed last July, is primarily an implementation of the EU's Electronic Signatures Directive. Thus, the EU Directive on E-Commerce can't be called the E-Commerce Act, and the Irish implementation does not yet have a name.

Some elements of the EU ECommerce Directive are contained in the Irish Act but key sections, such as those dealing with the liability of Internet service providers, the regulation of spam and direct marketing, and the functions of extra-judicial bodies, were set aside until now.

With incoming data protection legislation, employers have to be careful even about giving references for employees, if the reference is seen as inaccurate, said UCD law professor and consultant with law firm Arthur Cox, Mr Robert Clark. Companies could be subject to legal action too if they are holding notes on a candidate's job interview on a computer, if that information is seen to have been misused later.

And if a company has data it has used to market products to existing customers, then uses that list for a new purpose, the company is violating incoming privacy legislation, cautioned Mr Don McAleese, partner with Matheson Ormsby Prentice and head of its information technology unit.

Speakers from Government, various organisations and legal firms also addressed the issues of e-commerce taxation, legal contracts, digital signatures and encryption, e-business liability, new requirements for holding manual records and electronic storage of documents, and compliance problems for companies sending data to a third country.

Karlin Lillington

Karlin Lillington

Karlin Lillington, a contributor to The Irish Times, writes about technology