Features

net:wars - DTI needs to read its own guidelines on e-commerce

Tony Blair keeps talking about how important ecommerce is to the future of Britain, but you have to think the DTI doesn't share his enthusiasm as much as it might.

Just over a month ago, the DTI launched a consultation on the draft regulations to implement the EU ecommerce directive. You've got until May 2 to comment on the draft

Why do I doubt the DTI's enthusiasm for a sector it says is worth £57 billion in the UK? Well, it seems that the UK was supposed to have its regulations fully in place by January 17. That would be last January 17. So we're a bit behind. It's not as if the DTI didn't know it was coming – the EU directive was passed in June 2000, and of course had been in the works long before then. It didn't get around to holding a consultation on what the regulations should be like until last August. Oh, well, at least it's better than the various drafts of what eventually became the Regulation of Investigatory Powers Act: - they've allowed eight weeks for the consultation. With the RIP Act, somehow all the consultation periods were less than a month long, and were announced at awkward moments, like right before an election.

This is a petty complaint, though. The bigger issue is that the draft regulations failed to address a number of problems pointed out in the original consultation. What have they been doing since August? Demon Internet's policy expert, Clive Feather, points out that technical problems relating to ISP liability under English law have not been corrected in the draft. Under established case law, and ISP must observe notice and takedown procedures; but under the directive an ISP could be sued if the material is taken down in the middle of an ecommerce transaction.

This is not to say that a good bit of the draft isn't welcome. You would think you wouldn't need a law to tell companies that they need to put the address and phone number of their headquarters on their Web sites, but a surprising number seem to operate under the terror that if they tell the Web where they are they will be relentlessly telephoned by endless waves of complaining geeks. There's a particularly fine version of this in which the PR contacts are completely deleted from all press releases posted to the Web, making it impossible to follow up or request an interview.

It also shouldn't be necessary to say that a company should clearly state terms and conditions relating to pricing, delivery, discounts, competitions, and operate a policy that makes it easy to avoid being pestered with marketing email, which are also covered in the draft ... but apparently it is necessary. Five weeks ago I ordered three items from House of Bath online; it was only after placing the order that the site put up a note that said in passing, "Delivery may take up to 28 days." I'm still waiting for the third item. A shower curtain. Very difficult to put in all those grommets by hand, you know.

In addition, the draft includes rules regarding how to create electronic contracts with consumers, so that the steps a consumer must follow are clear and unambiguous. This also makes sense. Common sense. Like telling people in advance what to do if they have a problem, and having valid postmaster and webmaster email addresses so the rest of the net can contact them if someone's defaced their site. Yet it's amazing how poor many of the British ecommerce sites are at this sort of thing – they simply fail to imagine what a customer needs. You'd think they've never been shopping themselves. Even some well-respected old names, like Maplin have trouble: the company has yet to respond to my complaint nearly two months ago about a shadow charge from its Web site that appeared on my credit card bill.

The problem is that the EU ecommerce directive (keyword 2000/31/EC if anyone wants to wade through the EU's impossibly difficult-to-navigate sites to find it) isn't just intended to streamline electronic relations between consumers and Britain's nation of surly shopkeepers. It is also intended to resolve such pesky, long-running issues as ISP liability, and that's where the DTI seems to have failed to listen to the points raised in the consultation it began in August 2001.

OK, all regulations are written in confusing language, we know that. But in a transaction that involves an electronic retailer, a consumer, and two ISPs (one for each end), who is the "recipient of a service"? In articles 17 and 18, an ISP that is a "mere conduit" is not liable for the content of a transaction as long as it doesn't modify any of that content and also follows notice-and-take down rules that require it to remove the material. But supposing the ISP gets notified and removes material that interrupts a transaction in progress? Under article 15 it could possibly get sued.

The DTI needs to reread its own consultation summary.