Electronic Commerce Law

Thailand August September 2006

Module 6: An International Perspective 
Alan Davidson

Return to Main Page 

World Trade Organisation (WTO) 

UNICITRAL-The United Nations Commission on International Trade Law 

The General Agreement on Tariffs and Trade (GATT) 

The Organisation for Economic Cooperation and Development (OECD) 

The Asia Pacific Economic Cooperation (APEC) 

International Chamber of Commerce (ICC) 

The Free Trade Agreement of the Americas (FTAA) 

International Telecommunication Union 

International Organisation for Standardisation  (ISO) 

National Policies and Approaches in relation to Electronic Commerce and the Internet 

USA  Singapore  China  European Union  Japan  Australia  Canada  International Chamber of Commerce ICC 

Taxation  Right to Collect Taxes Internet Taxation Taxation Methods  USA Australia  New Zealand  The United Nations  Cause and Effect 

ICC Model Clauses For Use In Contracts Involving Transborder Data Flows 

List of International Organisations 
 Introduction
The methods and means of trading are constantly changing.  Traders must meet the needs and demands of ever developing communities, product demand and consumerism.  The advancement of technology means that commercial parties must make adjustment for the fresh modes of communication, transport and industry practices.  At the same time banking practices are becoming more sophisticated.  Documents no longer have to be physically delivered and written documentation is diminishing.  International trade has the additional problems of dealing with distances, varying modes of shipping, packaging, containers and time. 

Electronic Commerce is by its nature international.  The laws of one Nation State impact on many others.  The degree of impact will vary according to the respective place and importance in the world of international trade. 

Electronic Commerce 

Electronic Commerce refers to all commercial transactions based on the electronic processing and transmission of data, including text sound and image.  Advantages include the ease of access, anonymous browsing of products, greater choice, and the convenience of shopping from home.  However, the disadvantages include the possibility of an invasion of privacy and security during an electronic transaction. 

Electronic commerce by its nature does not recognise borders and it raises questions regarding security of transactions, standards, protection of intellectual property, taxation, trade law, privacy and many other issues. 

Technology allows others to intercept, collate and use the data for direct marketing, such as to determine internet browsing patterns.  When a purchase decision is made on-line the consumer is obliged to provide sensitive information, such as an address for delivery and details of payment.  Additionally, users can also be the victims of ‘spamming’, the equivalent of junk mail. 

Security is of paramount importance in the e-commerce world.  Public Key cryptology, two keys involves a public and a private key. A digital signature or certificate can be attached to electronic transmissions to authenticate the identity of the sender of the message. 

Consumer and privacy issues are being addressed in a number of international organisations including APEC, the United Nations and the OECD. The United Nations Commission on International Trade Law (UNCITRAL) has developed a Model Law for consumer protection in an electronic environment.  Its purpose is remove legal obstacles to e-commerce and to create a more secure legal environment. 

Australia's APEC discussion paper for conference held in Malaysia in 1998 states that while recognising the benefits of relying as much as possible on competitive market-based solutions, the government has a role to play, by encouraging e-commerce’s uptake, promoting confidence in its use and providing the infrastructure necessary to do business electronically where this is beyond the means of any single commercial entity. However, it cautions that the government must resist the temptation to over-regulate.  (APEC Discussion Paper by Australian in Malaysia (1998)) For an overview  on APEC browse http://www.dfat.gov.au/apec/apec_overview.html References: http://www.dfat.gov.au/apec/http://www.dfat.gov.au/publications/paperless/index.html

The aim of the Model Law on Electronic Commerce is to provide national legislatures with a template of internationally acceptable rules to remove legal obstacles and create a more secure legal environment for electronic commerce. The Model Law is intended to facilitate the use of electronic communication and storage of information, such as electronic data interchange and electronic mail. It provides standards to assess the legal value of electronic messages and legal rules for electronic commerce in specific areas such as carriage of goods. 

The UNCITRAL Model Law has gained increasing international acceptance. It informs the discussion of electronic commerce laws in international fora and in the domestic consideration of such laws by many countries. The UNCITRAL Model Law has been the basis for electronic commerce legislation in Singapore and in the US State of Illinois and proposed legislation in Colombia. Federal uniform law on electronic commerce is proposed in Canada and in the United States. The US has also enacted the Government Paperwork Elimination Act (1998 Senate Bill 2107) which adopts some elements of the Model Law.  (http://www.law.gov.au/ecommerce/) 

International Legal Framework for Electronic Commerce 

UNCITRAL Model Law for Electronic Commerce  http://www.uncitral.org/english/texts/electcom/ml-ec.htm  6 (Requirement of Writing)  7 (Signature)  8 (Original Copy)  9 (Admissibility and evidential weight of data messages)  10 (Retention of data messages)  11(Formation and validity of contracts)  12 (Recognition by parties of data messages)  13( Attribution of data messages)  14(Acknowledgement of receipt)  15 (Time and place of dispatch and receipt of data messages) 

 World Trade Organisation (WTO)

http://www.wto.org/english/tratop_e/ecom_e/ecom_e.htm

WTO has acted as a government of governments in trade related aspects.  GATT has been amended and updated into the new WTO Agreements and it lives along side of GATS (General Agreement on Trade in Services) and TRIPS (Trade Related Aspects of Intellectual Property Rights). 

In March 1998, the WTO released "Electronic Commerce and the Role of the WTO".  This paper considered the benefits to international trade from the use of the internet and electronic forms of communication.  The paper asserts that the internet, as an instrument for international trade will fall under the WTO’s General Agreement on Trade in Services (GATS).  The stated goal of the WTO is not to create a set of new rules to govern the electronic marketplace, rather to use existing frameworks already in place. Agreements such as the GATS, Trade Related Aspects of Intellectual Property Rights (TRIPS) and Agreement on Telecommunications Services are WTO agreements that already deal with Electronic Commerce issues.  NAFTA and other regional agreements are based on the WTO principles. 

The Interim Report On Electronic Commerce, produced by the WTO Council For Trade In Services, 17 March 1999 and the Work Program On Electronic Commerce, Interim Report To The General Council, Council for Trade in Services, March 31, 1999 reports: 

The electronic delivery of services falls within the scope of the GATS, since the Agreement applies to all services regardless of the means by which they are delivered,… Measures affecting the electronic delivery of services are measures affecting trade in services and would therefore the covered by GATS obligations.   All GATS provisions, whether relating to general obligations (e.g., MFN, transparency, domestic regulation, competition, payments and transfers, etc.) or specific commitments (market access, national treatment or additional commitments) are applicable to the supply of services through electronic means.  …There is still a need to clarify whether certain products delivered electronically might be classified as goods, and therefore subject to GATT disciplines, rather than as services.

The WTO’s procedure underscores the rule of law, and it makes the trading system more secure and predictable. It is clearly structured, with flexible timetables set for completing a case. First rulings are made by a panel. Appeals based on points of law are possible. All final rulings or decisions are made by the WTO’s full membership. No single country can block these.

The WTO and Electronic Commerce

The World Trade Organisation (“WTO”) has treated the advent of electronic commerce from the perspective of modifying existing trade frameworks, rather than creating a new distinct framework or set of rules for its regulation. 

Hence a work programme on electronic commerce adopted by the General Council on 25 September 1998 essentially referred all trade related issues relating to global e-commerce to its existing subsidiary Councils for Trade in Services, Trade in Goods, Trade Related Aspects of Intellectual Property Rights (“TRIPS”), and Committee for Trade & Development. 

The broad policy issues identified by the General Council comprised the need for a legal and regulatory framework for internet transactions, security and privacy, taxation implications, access, trade facilitation, regulation of content on the internet, and intellectual property rights.

At a more specific level each Council was required to examine and report on the treatment of electronic commerce in existing legal frameworks (such as the General Agreement on Trade & Tariffs - GATT).  The reports were delivered to the Ministerial Conference at Doha Qatar in 2001 which endorsed the work done to date, and made further recommendations for reporting to the Ministerial Conference in Cancun Mexico in September 2003.

To give an example, the work required of the TRIPS Council in 1998 included issues arising from electronic commerce and the protection and enforcement of copyright and related rights, the protection and enforcement of trademarks, and new technologies and access to technology. 

That Council’s progress report in December 2000 suggested that because of the novelties and complexities involved further study was necessary including co-operative resource sharing with organisations such as WIPO. Issues identified as specific to IP included what constitutes infringement of IPRs on the internet, implications of the WIPO domain name process in relation to trademarks, the use of patents on the net, and challenges to the enforcement of IPRs.  More “cross-sectoral” issues included jurisdiction, governing law, and electronic contracts.

At the conclusion of this process, the “end-game” is a modification of the existing WTO agreements to incorporate electronic commerce implications on trade.  This shall hopefully enhance the administration of WTO agreements and the resolution of trade disputes by the WTO, to reflect the reality of electronic commerce in international trade.

http://www.wto.org
 
The General Agreement on Tariffs and Trade (GATT)

http://www.wto.org/english/tratop_e/gatt_e/gatt_e.htm

GATT is a multilateral treaty that aims to promote trade among its members. Originally signed by 23 countries in 1947, the Uruguay round of the GATT now has 134 contracting parties composed of both developing and developed states. The first GATT treaty was entered into force on a temporary basis in 1948. It was expected to be superseded by the International Trade Organizations (ITO Havana Charter 1948). The ITO failed to find support when the US Senate did not ratify the treaty in 1953. The principles of ‘non-discrimination’ and ‘transparency’ are central to GATT, which was taken in part from the Havana Charter. 

A feature of GATT is the Most Favored Nation clause, (“MFN”) which provides that a party a giving a trade advantage to one country is required to give that same advantage to all contracting parties.  Nation States are attempting to remove trade barriers.  Developing countries have taken a protectionist position, but this is diminishing.  For Electronic Commerce, commentators have expressed the hope that nations will create regulations together to avoid the delays and problems associated with the implementation of the GATT principles. 

The General Agreement on Tariffs and Trade (GATT) covers international trade in goods. The workings of the GATT agreement are the responsibility of the Council for Trade in Goods (Goods Council) which is made up of representatives from all WTO member countries. The current chairperson is Ambassador Alfredo CHIARADIA (Argentina). The Goods Council has 11 committees dealing with specific subjects (such as agriculture, market access, subsidies, anti-dumping measures and so on). Again, these committees consist of all member countries. Also reporting to the Goods Council are the Textiles Monitoring Body, a working party on state trading enterprises, and the Information Technology Agreement (ITA) Committee.

GATS Ranging from architecture to voice-mail telecommunications and to space transport, services are the largest and most dynamic component of both developed and developing country economies. Important in their own right, they also serve as crucial inputs into the production of most goods. Their inclusion in the Uruguay Round of trade negotiations led to the General Agreement on Trade in Services (GATS). Since January 2000, they have become the subject of multilateral trade negotiations.

UNICITRAL-The United Nations Commission on International Trade Law

The objective of UNCITRAL is to promote harmonisation and unification of international trade law.  Membership is broad includes not only Nation States but also organisations involved in economic and commercial development.  UNCITRAL drafted the United Nations Contract for the International Sale of Goods and the UNICITRAL Model Laws on International Commercial Arbitration.  In 1996 UNCITRAL released its Model Law on Electronic Commerce. 

The General Assembly of the UN expressed its belief by resolution that the adoption of the Model Law on Electronic Commerce by the Commission will assist all States significantly in enhancing their legislation governing the use of alternatives to paper-based methods of communication and storage of information and in formulating such legislation where none currently exists.  It noted that an increasing number of transactions in international trade are carried out by means of electronic data interchange and other means of communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information.  Ultimately the General Assembly recommended: 

that all States give favourable consideration to the Model Law when they enact or revise their laws, in view of the need for uniformity of the law applicable to alternatives to paper-based methods of communication and storage of information; and

that all efforts be made to ensure that the Model Law, together with the Guide, become generally known and available. 

Singapore and  the state of Illinois were early to embrace the Model Law.   The legislation has been under serious consideration in a number of other countries.  The International Chamber of Commerce (ICC) has recommended that most governments should implement the law. 

The objectives of the Model Law are broad.   In preparing the Model Law UNCITRAL was mindful that the Model Law would be a more effective tool for States modernising their legislation if background and explanatory information would be provided to executive branches of Governments and legislators to assist them in using the Model Law. The Commission was also aware of the likelihood that the Model Law would be used in a number of States with limited familiarity with the type of communication techniques considered in the Model Law. 

The use of modern means of communication such as electronic mail and electronic data interchange (EDI) for the conduct of international trade transactions has been increasing and is expected to develop further as technical supports such as information highways and the internet become more widely accessible. However, the communication of legally significant information in the form of paperless messages may be hindered by legal obstacles to the use of such messages, or by uncertainty as to their legal effect or validity. The purpose of the Model Law is to offer national legislators a set of internationally acceptable rules as to how a number of such legal obstacles may be removed, and how a more secure legal environment may be created for what has become known as "electronic commerce". The principles expressed in the Model Law are also intended to be of use to individual users of electronic commerce in the drafting of some of the contractual solutions that might be needed to overcome the legal obstacles to the increased use of electronic commerce. 

The Model Law may also help to remedy disadvantages that stem from the fact that inadequate legislation at the national level creates obstacles to international trade, a significant amount of which is linked to the use of modern communication techniques. Disparities among, and uncertainty about, national legal regimes governing the use of such communication techniques may contribute to limiting the extent to which businesses may access international markets. 

Furthermore, at an international level, the Model Law may be useful in certain cases as a tool for interpreting existing international conventions and other international instruments that create legal obstacles to the use of electronic commerce, for example by prescribing that certain documents or contractual clauses be made in written form. As between those States parties to such international instruments, the adoption of the Model Law as a rule of interpretation might provide the means to recognise the use of electronic commerce and obviate the need to negotiate a protocol to the international instrument involved. 

The objectives of the Model Law, which include enabling or facilitating the use of electronic commerce and providing equal treatment to users of paper-based documentation and to users of computer-based information, are essential for fostering economy and efficiency in international trade. By incorporating the procedures prescribed in the Model Law in its national legislation for those situations where parties opt to use electronic means of communication, an enacting State would create a media-neutral environment. 

UNCITRAL Model Law on Electronic Commerce (1996) (as at 16 April 2004)

Legislation implementing provisions of the Model Law has been adopted in Australia (1999), Colombia* (1999), Dominican Republic* (2002), Ecuador* (2002), France (2000), India* (2000), Ireland (2000), Jordan (2001), Mauritius (2000), Mexico (2000), New Zealand (2002), Pakistan (2002), Panama* (2001), Philippines (2000), Republic of Korea (1999), Singapore (1998), Slovenia (2000), South Africa* (2002), Thailand (2002) and Venezuela (2001).

The Model Law has also been adopted in the Bailiwick of Guernsey (2000), the Bailiwick of Jersey (2000) and the Isle of Man (2000), all Crown Dependencies of the United Kingdom of Great Britain and Northern Ireland; in Bermuda (1999), Cayman Islands (2000), and the Turks and Caicos Islands (2000), overseas territories of the United Kingdom of Great Britain and Northern Ireland; and in the Hong Kong Special Administrative Region of China (2000).

Uniform legislation influenced by the Model Law and the principles on which it is based has been prepared in the United States (Uniform Electronic Transactions Act, adopted in 1999 by the National Conference of Commissioners on Uniform State Law) and enacted by the States of Alabama (2001), Arizona (2000), Arkansas (2001), California (1999), Colorado (2002), Connecticut (2002), Delaware (2000), Florida (2000), Hawaii (2000), Idaho (2000), Indiana (2000), Iowa (2000), Kansas (2000), Kentucky (2000), Louisiana (2001), Maine (2000), Maryland (2000), Massachusetts (2003), Michigan (2000), Minnesota (2000), Mississippi (2001), Missouri (2003), Montana (2001), Nebraska (2000), Nevada (2001), New Hampshire (2001), New Jersey (2000), New Mexico (2001), North Carolina (2000), North Dakota (2001), Ohio (2000), Oklahoma (2000), Oregon (2001), Pennsylvania (1999), Rhode Island (2000), South Dakota (2000), Tennessee (2001), Texas (2001), Utah (2000), Vermont (2003), Virginia (2000), West Virginia (2001), Wyoming (2001) and the District of Columbia (2001). The State of Illinois had already enacted the Model Law in 1998.  (44 States)

Uniform legislation influenced by the Model Law and the principles on which it is based has also been prepared in Canada (Uniform Electronic Commerce Act, adopted in 1999 by the Uniform Law Conference of Canada) and enacted in a number of Provinces and Territories, including British Columbia (2001), Manitoba (2000), New Brunswick (2001), Newfoundland and Labrador (2001), Nova Scotia (2000), Ontario (2001), Prince Edward Island (2001), Saskatchewan (2000) and Yukon (2000). Legislation influenced by the Model Law and the principles on which it is based has also been adopted in the Province of Quebec (2001).
_____
* Except for the provisions on certification and electronic signatures.

Proposed Model Law on Electronic Contracting

http://ods-dds-ny.un.org/doc/UNDOC/LTD/V04/541/06/PDF/V0454106.pdf

Draft preamble on the use of electronic communications in international contracts

The States Parties to this Convention

Reaffirming their belief that international trade on the basis of equality and mutual benefit is an important element in promoting friendly relations among States,

Noting that the increased use of electronic communication improves the efficiency of commercial activities, enhances trade connections and allows new access opportunities for previously remote parties and markets, thus playing a fundamental role in promoting trade and economic development, both domestically and internationally,

Considering that problems created by uncertainty as to the legal value of the use of electronic communications in international contracts constitute an obstacle to international trade,

Convinced that the adoption of uniform rules to remove obstacles to the use of electronic communications would enhance legal certainty and commercial predictability for international contracts and may help States gain access to modern trade routes,

Being of the opinion that uniform rules should respect the freedom of parties to choose appropriate media and technologies, taking account of their interchangeability, to the extent that the means chosen by the parties comply with the purpose of the relevant rules of law,

Desiring to provide a common solution for legal obstacles to the use of electronic communications, including obstacles that might result from the operation of existing international trade law instruments, in a manner acceptable to States with different legal, social and economic systems...

The Organisation for Economic Cooperation and Development (OECD)

The OECD comprises 29 member countries.  Its purpose is to provide a forum to discuss matters of mutual interest and seek solutions to be applied within each member's own national context. The 29 member states of the OECD are: Australia, Austria, Belgium, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Japan, Korea, Luxembourg, Mexico, The Netherlands, New Zealand, Norway, Poland, Portugal, Spain, Sweden, Switzerland, Turkey, United Kingdom and United States of America. 

Electronic commerce features in the OECD’s vision for economic growth and improved social conditions.  Electronic commerce is inherently transborder.  In an attempt to address the Electronic commerce issues on an international level members met in October 1998.  The conference included Ministers and high-level officials from all OECD countries, 12 non-member countries, 12 international organisations, and representatives from business, trade unions, consumer groups and other non-governmental organisations. The non-member states invited to attend the Conference were: Argentina, Brazil, Chile, China, Hong Kong, Israel, Malaysia, Russia, Singapore, The Slovak Republic, South Africa, Chinese Taipei.  The theme was “A Borderless World - Realizing the Potential of Global Electronic Commerce”. 
According to the Report on the OECD Ministerial Conference, the agenda for discussion included the following. Building trust for users and consumers 

The use of technology and the implementation of policy designed to protect privacy and collection of personal data and incorporate appropriate redress mechanisms for misuse of the above.

The building and use of secure encryption programs in the public and private sectors.

Full and fair disclosure of essential information, advertisements, complaints handling, dispute resolution, and other relevant issues in consumer protection.

Consumers and business people are looking to governments to ensure that the rules in the virtual world are equivalent, transparent, and as predictable to those in the physical world as close as possible. As the leading international organisation in taxation, the OECD was given the mandate, in close working arrangements with other organizations, business and non-member countries to develop a taxation framework applicable to e-Commerce.

Enhancing the information infrastructure for electronic commerce

Creating universal and affordable access which depends upon appropriate telecommunication policies and regulatory frameworks.

Use has to be widespread which links citizens of the world

This requires an understanding of the needs of business and citizens in both developing and developed countries.

The OECD Action Plan for Electronic Commerce;

The Report on International and Regional Bodies: Activities and Initiatives in Electronic Commerce; and

The Global Action Plan for Electronic Commerce prepared by Business with Recommendations for Governments. 

The outcomes from the Ministerial Conference include Ministerial Declarations.  Such Declarations "establish baseline principles and goals", and provide guidance for the work of the OECD’s.  http://www.ottawaoecdconference.org/english/information/outcomes.html
The Declaration on Protection of Privacy on Global Networks Privacy was reaffirmed as a fundamental right.  The Declarations recognises the importance of the 1980 OECD Privacy Guidelines.  These guidelines have provided many Nations States with the foundation for protecting privacy and for the formation of appropriate laws. The Declaration explicates encouragement for businesses to adopt policies and technical solutions in line with the privacy guidelines. 

The Declaration on Consumer Protection in the Context of Electronic Commerce This Declaration underscores importance transparency of electronic commerce and the constituent transactions for the protection of consumers. 

The Declaration on Authentication for Electronic Commerce  This Declaration recognises the varying approaches taken by Nation States in relation to the formation of technology policy and media specific requirements.  The declaration espouses that no discrimination should occur against authentication approaches. 

A joint declaration on taxation and electronic commerce stressed the importance of the following. 

A taxation framework for electronic commerce and the administrative arrangement to support that framework.

The benefits for the administration of taxation through electronic commerce by simplifying the tax system and enhancing tax payer service.

Adequate information reporting mechanisms.

Taxation neutrality between conventional commerce and electronic commerce.

Input from other non OECD members and the private sector.

Similar transactions should be taxed in the same way.

Minimisation of administrative costs as well as compliance costs.

Transparency for taxpayers of what is to be taxed, how it is to be taxed and when it is to be taxed.

Minimisation of the potential for tax evasion and avoidance.

? Structural tax changes for a fair sharing of the tax base between countries.

OECD countries have set up a task force to marshal the efforts of government, business and civil society in the most comprehensive, strategic and inclusive response to date to the problems posed by unsolicited e-mail messages, or spam

The Asia Pacific Economic Cooperation (APEC) http://www.apecsec.org.sg

Asia-Pacific Economic Cooperation, or APEC, is the premier forum for facilitating economic growth, cooperation, trade and investment in the Asia-Pacific region.

APEC is the only inter governmental grouping in the world operating on the basis of non-binding commitments, open dialogue and equal respect for the views of all participants. Unlike the WTO or other multilateral trade bodies, APEC has no treaty obligations required of its participants. Decisions made within APEC are reached by consensus and commitments are undertaken on a voluntary basis.

APEC has 21 members - referred to as "Member Economies" - which account for more than a third of the world's population (2.6 billion people), approximately 60% of world GDP (US$19, 254 billion) and about 47% of world trade. It also proudly represents the most economically dynamic region in the world having generated nearly 70% of global economic growth in its first 10 years.

APEC's 21 Member Economies are Australia; Brunei Darussalam; Canada; Chile; People's Republic of China; Hong Kong, China; Indonesia; Japan; Republic of Korea; Malaysia; Mexico; New Zealand; Papua New Guinea; Peru; The Republic of the Philippines; The Russian Federation; Singapore; Chinese Taipei; Thailand; United States of America; Viet Nam.

Purpose and Goals
APEC was established in 1989 to further enhance economic growth and prosperity for the region and to strengthen the Asia-Pacific community.

Since its inception, APEC has worked to reduce tariffs and other trade barriers across the Asia-Pacific region, creating efficient domestic economies and dramatically increasing exports. Key to achieving APEC's vision are what are referred to as the 'Bogor Goals' of free and open trade and investment in the Asia-Pacific by 2010 for industrialised economies and 2020 for developing economies. These goals were adopted by Leaders at their 1994 meeting in Bogor, Indonesia.

Learn more about the Bogor Goals in the 1994 Leaders' Declaration.

Free and open trade and investment helps economies to grow, creates jobs and provides greater opportunities for international trade and investment. In contrast, protectionism keeps prices high and fosters inefficiencies in certain industries. Free and open trade helps to lower the costs of production and thus reduces the prices of goods and services - a direct benefit to all.

APEC also works to create an environment for the safe and efficient movement of goods, services and people across borders in the region through policy alignment and economic and technical cooperation.
 

Electronic Commerce Steering Group

The Electronic Commerce Steering Group (ECSG) was created to provide a coordinating role for APEC e-commerce activities, based on the principles set out in the 1998 APEC Blueprint for Action on Electronic Commerce. The ECSG is committed to promoting and facilitating the development and use of electronic commerce by creating legal, regulatory and policy environments in the APEC region that are predictable, transparent and consistent. In addition, the ECSG is working to promote mechanisms to increase trust and confidence of participants in electronic commerce in order to encourage greater use of the Internet to perform transactions. Finally, the ECSG is using IT and electronic commerce methods to facilitate trade transactions among economies.

The ECSG meets twice a year and also conducts its business intersessionally.

Latest Developments
The ECSG's program to maximise the benefits of e-commerce for business in the APEC region includes work on data privacy, consumer protection, cyber-security, paperless trading, trade facilitation and spam. Economies have also approved a revised structure for the group and agreed to increase cooperation with the Organisation for Economic Cooperation and Development (OECD) and the Global Business Dialogue on Electronic Commerce (GBDe). Information on upcoming meetings and workshops can be found at www.export.gov/apececommerce.

Paperless Trading
Sixteen economies have now prepared Paperless Trading Individual Action Plans. These outline the steps APEC economies are taking to meet APEC's target to reduce or eliminate the requirement for paper documents needed for customs and other cross-border trade administration and other documents and messages relevant to international sea, air and land transport, that is, "Paperless Trading" (for trade in goods), where possible, by 2005 for developed and 2010 for developing economies, or as soon as possible thereafter. Find out more at www.apec-iap.org. Pathfinder initiatives on electronic sanitary and phytosanitary certificates and electronic certificates of origin have been agreed by members.

At its 9th Meeting in Santiago, Chile, in February 2004, the ECSG agreed to establish a subgroup to manage the paperless trading work within APEC and approved the establishment of the APEC Public-Private Partnership Dialogue on Paperless Trading to assist in the further development of the APEC Paperless Trading Agenda. The ECSG will hold the APEC Symposium on ebXML for Internet Paperless Trading and Collaborative e-Business in Thailand in July 2004.

Consumer Protection
The ECSG is building consumer trust in e-commerce by helping to protect consumers from fraudulent and deceptive practices when buying goods and services on-line. Work is underway to help economies implement APEC's Voluntary Consumer Protection Guidelines for the On-line Environment which were approved by Ministers in October 2002. These cover international cooperation, education and awareness, private sector leadership, on-line advertising and marketing and the resolution of consumer disputes. An Internet Investigatory Training Workshop for Law Enforcement Personnel will be held in Singapore in August 2004.

Data Privacy
The challenge for economies in addressing the issue of data privacy is protecting the personal information of consumers while also facilitating trans-border data flows. In order to foster the development of compatible approaches to data privacy in the region, in 2002 the ECSG undertook a mapping exercise of APEC economies' approaches to data privacy. In February 2003 the ECSG established a Data Privacy Subgroup to develop a set of privacy principles and implementation mechanisms, to continue the exchange of information on developments related to data privacy within individual economies and to encourage public awareness by identifying and sharing best practices on data privacy protection.

At the 9th ECSG Meeting, the Subgroup tabled Version 9 of the consultation draft of the APEC Privacy Framework for ECSG members' consideration and agreed to begin consultations with economies' stakeholders on the APEC Privacy Principles and to work on the final part of the Framework on Implementation Mechanisms. The APEC Privacy Framework is expected to be finalised at the 10th ECSG Meeting, as encouraged by APEC Senior Officials. A seminar on Data Privacy Implementation Mechanisms was held in Santiago, Chile in February 2004.

SPAM
The ECSG agreed to undertake specific activities on spam as part of its 2004 work agenda. This will include the development and of a survey on the laws of APEC economies, and the spam-related self-regulatory and educational efforts undertaken by economies.

Cyber Security
The ECSG held a forum in August 2003 to address cyber security issues at the individual firm level.

The ECSG's 2002 Stocktake of E-commerce Activities is a business-friendly inventory of the electronic commerce activities currently being undertaken by APEC fora.

The business/private sector has been an active participant in all ECSG meetings. In addition, an APEC E-Commerce Business Alliance was established in 2001, and the Global Business Dialogue on Electronic Commerce was granted Guest Status in 2003.
 

Report of APEC Ministers Responsible for Trade
Khon Kaen, Thailand, on June 1-3, 2003.

APEC pathfinder economies have agreed, related to e-commerce, as follow: 

• To steps to anchor APEC’s digital trade policy objectives as their own and will work collaboratively with the others. 
• To build appropriate capacity to support e-commerce. 
• To identify areas that are critical to e-commerce and make offer in the WTO service negotiation in this area. 
• To make progress in adopting and implementing the  WTO  Basic Reference Paper. 
• To collaborate in area in which TRIPS implementation and enforcement to demonstrate concrete progress to full compliance. 
• To make progress to ratify and fully enforcement of relevant WIPO treaties. 
• To report their measures/mechanism to make sure that governmental bodies use only legal software. 
• To share information identifying any ways in which the internet or e-commerce is being used to facilitate trade in infringing or counterfeit goods and work collectively in the IPEG and individually to ensure that their regulatory and enforcement systems are equipped to address such problem effectively. 
• To report their progress they are making to participate in ITA. 
• To identify IT products in which they would be interested in an elimination of tariffs. 
• To report on their submission of annual trade and tariff data to WTO or to APEC as appropriate. 
• For the future work, to ascertain any new areas crucial to digital economy in which work should be undertaken. 

On 1 April 2003 in Kuala Lumpur, Malaysia the APEC Telecommunications Information Working Group released a report to guide governments in developing appropriate laws to enable the identification and authentication of individuals and computers in relation to electronic transactions.

The report provides a roadmap to assist governments in avoiding obstacles that will ultimately deny a government's economy of the benefits of electronic commerce.

International Chamber of Commerce (ICC)

The ICC is a Paris based organisation that promotes interactive trade and investment and the market economic system worldwide. It makes rules that govern the conduct of   business across borders and provides essential services, foremost among them being the ICC International Court of Arbitration. It has members from 63 national committees and 7000 member companies and associations from over 130 countries. Its function is to present views to the various governments and coordinates with its members to address current issues including electronic commerce. Some of the proposed guides and model laws put forth by the ICC are the GUIDEC (General Usage for International Digitally Ensured Commerce), the ICC Model Clause for Use in Contracts Involving Transborder Data Flows. On 6 November 1997 the ICC issued GUIDEC, a set of guidelines for ensuring trustworthy digital transactions over the Internet.  The guidelines establish procedures for what is termed "ensuring" messages to certify transactions so that the uncertainties of dealing with a partner who appears only as an electronic impulse on the Internet can be overcome. GUIDEC governs the use of public key cryptography for digital signatures and the role of a trusted third party - called a certifier - in establishing that holders of public keys are who they purport to be.  ICC has indicated that they will be updated as digital technology develops. 

The Free Trade Agreement of the Americas (FTAA)

FTAA as formed the Joint Government - Private Sector Committee Of Experts On Electronic Commerce to make recommendations to ministers on how to increase and broaden the benefits of electronic commerce.   The recommendations include how electronic commerce should be dealt with in the context of the FTAA negotiations. The committee has developed working guidelines. 

International Telecommunication Union 

The International Telecommunication Union (ITU) is an intergovernmental organisation, within which public and private sectors co-operate for the development of telecommunications. The ITU adopts international regulations and treaties governing all terrestrial and space uses of the frequency spectrum within which countries adopt their national legislation. It also develops standards to facilitate the interconnection of telecommunication systems on a world-wide scale regardless of the type of technology used. The ITU also fosters the expansion of telecommunications services and infrastructure in developing countries by recommending medium-term policies and strategies to national administrations. 

See: http://www.itu.int/ITU-D/e-strategy/e-legislation/

One of the goals of the International Telecommunications Union is to “Promote a favourable legal environment for e-services/applications”

“E-services/applications require an appropriate legal and policy environment to address, in particular, data privacy, prevention of cybercrime, security, ethical issues, electronic signatures, certification authorities and electronic contracts to create confidence, protect the rights of parties and encourage the use of e-services/applications. Activities need to be undertaken to assist developing countries in specific areas related to the legal framework for e-services/applications by taking into account activities of the Regulatory Reform Programme and closely collaborating in relevant domains so as to avoid overlaps and ensure an efficient use of resources.”

Through workshops and meetings, ITU provided assistance to legislators of ASETA Member States on aspects of their national legislation that would need to be harmonized to facilitate the development of services based on digital certification, e-signature, e-commerce and the protection of consumer rights for e-transactions.” 
Also see: http://www.itu.int/ITU-D/e-strategy/ecdc/pressarticles/
 

International Organisation for Standardisation  (ISO)

The International Organisation for Standardisation (ISO) is a world-wide federation of national standard bodies. Its mission is to promote the development of standardisation with the view to facilitate the international exchange of goods and services, and to develop co-operation in the sphere of intellectual, scientific, technological and economic activity. The ISO covers all standardisation fields except electrical and electronic engineering, which is the responsibility of IEC. A joint ISO/IEC committee (JTC 1) carries out the work in the information technology field. The technical work of ISO is decentralised. There are over 2,700 technical committees, subcommittees and working groups. In these committees, representatives of industry, research institutes, government authorities, consumer bodies and international organisations from around the world come together to resolve problems of global standardisation. 
National Policies and Approaches in relation to Electronic Commerce and the Internet

USA
In July 1997 President Clinton stated: “…the United States will work through the World Trade Organization to turn the Internet into a free-trade zone within the next 12 months…. We will advocate as we seek to establish basic rules for international electronic commerce with new regulations and no new discriminatory taxes”. 

The President released "A Framework for Global Electronic Commerce". 

This document is the Clinton's Administration’s strategy for fostering increased business and consumer confidence in the use of electronic networks for commerce.  Beforehand industry, consumer groups and the Internet community were consulted.  Five principles to guide government support for the evolution of electronic commerce and listed.  Additionally the paper makes recommendations about nine areas where international efforts are needed to preserve the Internet as a non-regulatory environment. 

The five principles are: 

The private sector should lead. The Internet should be market driven and industry self-regulated.

Governments should avoid undue restrictions, involvement or intervention on electronic commerce.

Where government needs to play a role, it should be to ensure competition, protect intellectual property and privacy, prevent fraud, foster transparency and facilitate dispute resolution.

Government should recognize the unique quality of the Internet, i.e., bottom up governance, which will not fit in with the regulatory structure set up for telecommunications, radio and television.

The Internet is global and the legal framework should be consistent in all jurisdictions.

Taxes and tariffs: it should be declared a tariff free environment due to its true global medium. No new taxes should be applied. A uniform approach to existing taxes should occur across jurisdictions.

Electronic Payments System: as the technology is rapidly changing, do not enact inflexible regulations and in the near term monitor each experiment.

Uniform Commercial Code for Electronic Commerce: it is good to have predictable and widely acceptable legal principles supporting commercial transactions. An international uniform code should encourage governmental recognition of electronic contracts, acceptance of electronic signatures and other authentication procedures; and promote dispute settlement.

Intellectual Property Protection: for commerce to work, sellers must know that their intellectual property will not be stolen. Buyers must know they are getting authentic products. WIPO treaty for copyright protection should be ratified. The Administration will work only to resolve conflicts that arise from different national treatments of trademarks as they relate to the Internet. It may be possible to have a self-regulated body dealing with conflict of trademarks and domain names.

Privacy: this is essential if people are to be comfortable using the Internet. Data should not be collected unless consumers know how it will be used and have a choice on its use. Consumers should have redress for improper use or disclosure of personal information. The Administration supports private sector initiatives to self regulate and the government will work with industry and privacy advocates addressing concerns.

Security: the Global Information Infrastructure (GII) must be secure and reliable. The Administration will work with industry to create a proper encryption environment.

Telecommunications infrastructure and information technology: the United States will work internationally to remove barriers to competition, choice, lower prices and improved service. 

Content: Administration encourages industry self-regulation and will encourage development of user friendly filtering and blocking technology.

Technical Standards: the marketplace, not governments, should determine technical standards for interoperability on the Internet. 

This internet site provides a comprehensive summary of electronic commerce and digital signature legislation. 

The National Conference of Commissions on Uniform State Law (NCCULS) drafted the Uniform Electronic Transactions Act which is in line with the general principles set out in the UNICITRAL Model Law.  The purpose of the US draft is to modify general contract law as is necessary or desirable and to support transactions utilising existing and future electronic or computerised technologies. 

The US Internet Tax Freedom Act gives moratorium on levying internet access tax. The Bill prohibited for three years, state and local taxes on Internet access and multiple or discriminatory taxes on electronic commerce. The Act also directed the President to go to work with other countries to make the internet a global tariff free zone. 
Singapore
Singapore has enacted the 1999 Singapore Electronic Transactions (Certification Authority) Regulations, the Singapore Security Guidelines For Certification Authorities and the 1998 Singapore Electronic Transactions Act making it one of the first complete on-line countries. Singapore has a goal of being a trusted hub of E-Commerce for both the domestic and international markets. It has a mechanism and has implemented licensing of certification authorities and is creating a national public key infrastructure. The Singapore Electronic Transactions Act past June 1998 provides a framework for the legal definition of electronic signatures, digital signatures and electronic records. It was drawn from UNICITRAL Model Law, and others. 

Singapore national telecommunication company have scanned more than 200,000 computers of its internet customers without their knowledge as part of a plan to ward off hackers. 

Singapore Electronic Transactions Act 1998 Introduced 13 April 1998 Passed 29 June 1998 

Coverage Digital and Electronic Signatures, Electronic Records, Electronic Commerce. 

Applicability Public and Private electronic communications, Electronic Commerce 

Definition of Electronic Signature An electronic signature is defined as "any letters, characters, numbers or other symbols in digital form attached to or logically associated with an electronic record, and executed or adopted with the intention of authenticating or approving the electronic record. 

Definition of a Secure Electronic Signature A secure electronic signature is one created through the application of a prescribed security procedure agreed to by the parties which allows for verification that at the time of signing, the signature was:  (1) unique to the person using it,  (2) capable of identifying the person,  (3) under the sole control of the person using it, and  (4) linked to the record signed in such a way that if the record is altered, the signature is invalidated. 

Effect Given to an Electronic Signature The Act provides that when the law "requires a signature, or provides for certain consequences if a document is not signed, [a]n electronic signature satisfies that rule of law."  However, electronic signatures are not valid for use in wills, negotiable instruments, trusts, transactions involving immoveable or real property interests, or documents of title.  Government agencies may require an electronic signature for filings with the agency. 

Definition of Digital Signature A digital signature is defined as "an electronic signature consisting of a transformation of an electronic record using an asymmetric cryptosystem and a hash function such that a person having the initial untransformed electronic record and the signer's public key can accurately determine:  (a) whether the transformation was created using the private key that corresponds to the signer's public key; and  (b) whether the initial electronic record has been altered since the transformation was made." 

Definition of a Secure Digital Signature A digital signature is treated as a secure electronic signature if it  (a) was "created during the operational period of a valid certificate and is validated by reference to the public key listed in such certificate;" and  (b) is considered trustworthy by virtue of its issuance by a licensed certification authority, foreign certification authority recognized by Singapore, a government ministry or other entity approved by the government, or because the parties expressly agreed to the security procedure followed. 

Effect Given to a Digital Signature A digital signature shall be treated as a secure electronic signature if it meets the criteria for a secure digital signature (see above).  Government agencies may require a digital signature for filings with the agency. 

Certification Authority Certfication Authorities are to be regulated by an appointed Controller of Certification Authorities, who will be responsible for licensing, certifying, monitoring and overseeing certification activities.  Licensing will be voluntary, but certificates issued by licensed CAs will be entitled to greater presumptions of validity and limitations on liability.  Closed networks may use unlicensed CAs if they choose. 

Liability Rules The Act provides for licensed CAs to specify recommended reliance limits in issuing certificates to subscribers, and may recommend different limits for different certificates.  If a licensed CA conforms to the requirements of the Act, they shall not be liable for any loss caused by reliance on a false or forged digital signature, and shall not be liable for any amounts in excess of the recommended reliance limit. 

Precis The Singapore Electronic Transactions Actl provides a framework for the legal recognition and usage of  electronic signatures, digital signatures, and electronic records.  Passage of the Act is one of the main recommendations of the  Electronic Commerce Policy Committee, which issued its recommendations in April, 1998, available at  http://www.ec.gov.sg.  Among the stated purposes of the Act are the goals to facilitate electronic commerce, facilitate  electronic filing of documents with government agencies, minimize fraud and forgery in electronic records and to promote the  use of electronic signatures to give authenticity to electronically transmitted documents.   The Act draws from the UNCITRAL  Model Law on Electronic Commerce, the Illinois Electronic Commerce Security Act, and the Utah Digital Signature Act,  among others. 

The Singapore Electronic Transactions Act 1998 (ETA) aims to deal with the legal issues necessary to provide a secure, pro-business environment for electronic commerce in Singapore.  It is technologically neutral and aims to support all secure electronic records and signatures. 

A licensed Certification Authority (CA) is permitted to perform a face-to-face verification of an individual before issuing digital certificates.  This process is to confirm the existence of all parties involved in an electronic transaction. Secure electronic signatures help to ensure that electronic transactions cannot be disputed.  The Act provides legal recognition to these electronic signatures.  These measures aim to protect all parties involved in an electronic transaction. 

Government departments and statutory boards can accept electronic filing and issue electronic documents without having to amend their respective Acts. The ETA permits government departments and statutory boards to specify additional requirements for the retention of electronic records under their purview. 

The basic elements of contract formation (offer, acceptance, intention to enter into legal relations and consideration) are addressed in the ETA.  Rules of Private International Law such as Conflict of Laws principles are applicable in Cyberspace.  The treatment the use of digital signatures in the ETA, especially against a backdrop of cross-border cross-certification arrangements, help resolve some these jurisdictional issues. The Singapore Government has expressed its resolve to "continually work out practical, and predictable arrangements (e.g. bilateral agreements)" to address such issues as borderless nature of Cyberspace and the relative difficulty in finding geographical reference points for cross-border transactions. 

The role of a Controller of Certification Authorities (CCA) is to provide certainty and transparency for electronic transactions in Singapore.  There needs to be an assurance that Certification Authority (CA) responsibilities are met and that these services are made available with the highest integrity and service standards in place. The establishment of a CCA by NCB seeks to deliver that assurance. 

Salient Features of the Electronic Transactions Act 1998 (Singapore)

Introduction 

1.  The advent of e-commerce and the use of the digital medium as an alternative to the physical, have created some novel legal issues where there are no clear answers. In the physical world today, there are requirements for documents to be in writing and for hand-written signatures. Such requirements need to be translated into the electronic realm. For communication and transactions occurring over a faceless network, there is a need for reliable methods to authenticate a person's identity and to ensure the integrity of the electronically transmitted documents. The Electronic Transactions Act aims to address these important issues and to create the legal framework for e-commerce transactions in Singapore. 

2.  In drafting the Electronic Transactions Act, the following guiding principles were      adopted: 

a.  The need to conform to international standards and international models in order to be integrated with the global e-commerce framework; 

b.  The need to avoid over regulation; 

c.  The need to be flexible and technologically neutral to adapt quickly to a fluid global environment; and 

d.  The need for transparency and predictability in our laws. 

3.  Broadly, the Act seeks to do the following: 

a.  Enact a Commercial Code to support e-commerce transactions; 

b.  Provide for a Public Key Infrastructure; 

c.  Enable Electronic Applications and Licenses for the Public Sector; and 

d.  Clarify Network Service Providers' liability for third party content. 

These four objectives will be described below. 

Commercial Code for E-Commerce Transactions 

4.  To clearly define the rights and obligations of transacting parties, a commercial code to support e-commerce transactions is needed. The first objective of the Act is thus to set out a commercial code that combines the best features of international models. The Act contains provisions dealing with how a contract can be formed electronically by addressing issues of time and place of sending and receipt of electronic messages. The Act also provides legal status on the use of electronic records and signatures and their secure counterparts. 

Public Key Infrastructure 

5.  Singapore has been developing a public key infrastructure to facilitate the use of digital signatures. Under this infrastructure, the Certification Authority, or CA, certifies that a given public key is associated with a given individual. A CA may perform a face-to-face verification of the individual before such a certification is given, in the form of a digital certificate. This certificate can subsequently be used to confirm the public key of an individual, and verify the signature that is generated by the individual. Netrust is the first CA in Singapore to issue keys for digital signatures. 

6.  The CA, being in a position of trust, needs to be subject to some standards and controls, so that there will be public confidence in the services it offers. A voluntary licensing scheme is proposed in the Act. Only licensed and approved CAs will enjoy the benefits of the Act for signatures generated from the certificates issued. The exception to this is where parties agree to be bound by signatures created by a commercially reasonable procedure. 

7.  The Act provides for the appointment of a Controller of CAs. The Controller will, amongst other duties, license, certify, monitor and oversee the activities of CAs. The setting up of the administrative structure for the Controller will be the responsibility of the National Computer Board, under the IT Security Office. 

Electronic Applications and Licences for the Public Sector 

8.  To promote a culture of use of the electronic medium in the public sector, the Act will contain an omnibus provision for Government departments and statutory boards to be able to accept electronic filing without having to amend their respective Acts. It also allows public bodies to issue permits and licences electronically. It is an "opt-in" provision, so that those agencies that are not yet ready to go "paperless" are not compelled to do so. However, the Government is committed to making available counter services in the electronic medium as far as possible and where it is cost effective. 

9.  A related amendment is also made to the Interpretation Act to allow regulations on the manner and method of electronic filing and issuance to be made by these public bodies under their respective Acts. The amendments to the definition of "Gazette" and "Government Gazette" in the Interpretation Act is to enable the Government to publish the Gazette electronically on the Internet, in addition to the hard copies printed by the Government Printers. The Government will take advantage of Internet technology to enable the Gazette to be published electronically on a daily basis instead of only once a week. 

Network Providers' Liability 

10.  It is essential for the growth of a national information infrastructure that the exposure of network service providers to the risks of liabilities for third party content be managed. For example, an Internet Service Provider (ISP) should not be held liable for objectionable contents or defamatory statements on the thousands of web sites that are accessed daily, and over which the ISP has no control. 

11.  The Act provides that a network service provider is not subject to criminal or civil liability for third party material for which the provider merely provides access. Where network service providers engage in activities which are indistinguishable from those of common carriers such as telephone companies and post offices, they should be given the assurance that they will be treated in the same way in respect of such activities. The clause, however, will not affect the obligations of a network service provider under any licensing or other regulatory regime established under the law, e.g. Singapore Broadcasting Authority's class licenses. It will also not affect any obligation founded on contract or any obligation imposed under any written law or by a court to remove, block or deny access to any material. Network service providers will of course continue to be liable for their own content, or third party content that they adopt or approve of. 

Conclusion 

12.  This Act sets the basic legislative framework for e-commerce and electronic transactions. It removes existing legal impediments and instils confidence in businesses and individuals to engage in e-commerce. This Act will bring Singapore to the forefront of international e-commerce developments and will help us achieve our vision of turning Singapore into an international e-commerce hub. 

Extracted from http://www.cca.gov.sg/eta/salientframe.html

Singapore Electronic Transactions - (Certification Authority) Regulations 1999 Final February 10, 1999 

1. The National Computer Board (NCB) today released the Electronic Transactions (Certification Authority) Regulations for  the licensing of certification authorities (CAs) in Singapore. The Regulations set a new benchmark for the integrity and security  of the services offered by CAs, thus giving electronic commerce (e-commerce) security a boost. 

3.  The Chief Executive of the NCB has been appointed as the Controller of Certification Authorities. The Controller will  regulate, license and oversee the activities of CAs in Singapore. The NCB will be the regulatory agency for CAs in  Singapore. 

4.  The Regulations lay down the administrative framework for licensing by the Controller of CAs. They also stipulate the  criteria for a CA in Singapore to be licensed, and the continuing operational requirements for the CA once a licence has been  obtained. The criteria that CAs will be evaluated against include their financial standing, operational policies and procedures,  and track record. 

 Benefits of Licensing 5.  A system of licensing will ensure compliance by CAs to an established set of stringent standards and control, and instill  public confidence in the services offered by CAs. In return, the digital signatures created by licensed CAs will be legally  recognised under the law. A licensed CA will enjoy the benefits of evidentiary presumption for digital signatures generated  from the certificates it issues. With such presumption, the party relying on the signature merely has to show that the signature  has been correctly verified, and the onus is on the other party disputing the signature to prove otherwise. 

6.  A licensed CA will also enjoy limitations in liability as prescribed in the Electronic Transactions Act (ETA).  The CA will  not be liable for any loss caused by reliance on a false or forged digital signature of a subscriber so long as the CA has  complied with the requirements under the Act and the Regulations. In the event that a licensed CA failed to observe some of  its obligations, the CA will only be liable up to the reliance limit specified in the certificate. 

7.  Mr Stephen Yeo, Chief Executive, NCB, said: "The licensing scheme that we have put in place is in some ways different  from those regulatory regimes that we are familiar with. This scheme is a voluntary one, and is more akin to an ISO-type certification scheme, in that only CAs that meet high integrity and operational standards will qualify for the license. This will enable the public to use the services of a licensed CA with confidence. We strongly encourage industry players that desire the benefits of the ETA to apply to be licensed. 

 Licensing Scheme 8.  Applications are now open for CAs to be licensed. To apply for a license, applicants have to pay an application fee of S$5,000 to cover the processing costs. Once approval for a license has been given, an annual licensing fee of S$1,000 will be levied. Licenses with a one-year validity period will be issued initially.  As the industry matures and the CA builds up a track record, licenses for a longer period can be issued. 

 Cross Certification 9.  Licensing is only the first step in promoting the use of certification authorities. Efforts are currently underway to facilitate the recognition of certificates from other countries. For example, in June 1998, Singapore and Canada announced the first cross-certification of the countries' public key infrastructures to mutually recognise each other's digital certificates and certification authorities. These initiatives will bring Singapore one step closer to harmonising cross-border e-commerce laws and policies, and give businesses greater confidence to engage in electronic transactions with overseas partners. 

 National Public Key Infrastructure Advisory Committee (NPAC) 10.  The NCB also announced plans for the formation of a national advisory committee on CAs. This committee, called the National Public Key Infrastructure (PKI) Advisory Committee or NPAC, will be chaired by the Controller and will comprise industry consultants, leading PKI technology providers and CA operators. The committee will identify, deliberate and advise the Controller on national PKI policy issues and matters of cross certification and international interoperation. This will enable the Controller to review, fine-tune the Regulations and respond quickly to international developments in this area, given the dynamic nature of the environment. 

 Conclusion 11. The Electronic Transactions Act and its Regulations aim to provide a legal framework that will establish trusted CA services in Singapore, serving both the domestic and international markets. In the long term, they provide the foundation to establish Singapore as a trusted hub for e-commerce, providing a wide range of security products and services. 

12.  For more information on the Electronic Transactions (Certification Authority) Regulations, please visit the Controller of Certification Authorities web site at <http://www.cca.gov.sg> 

Singapore Security Guidelines for Certification Authorities  February 10, 1999. 

Introduction 1. The security guidelines establish the security criteria for the management, systems and operations of certification authorities (CAs). The guidelines are aimed at protecting the integrity, confidentiality and availability of certification services, data and systems. 

2. CAs that intend to be licensed by the Controller of Certification Authorities (CCA) are required to comply with the mandatory criteria stated in the security guidelines. The guidelines supplement the provisions in the Electronic Transactions Act and its Regulations. 

Overview of Guidelines  3. The guidelines address the security criteria for the following certificate management functions performed by the CA:  a.  identification and authentication of registration, suspension and revocation requests; b.  generation, issuance, suspension and revocation of certificates; and c.  publication and archival of certificates and their suspension or revocation information. 

4. The main topics covered in the security guidelines are:  a.  overall management and obligations of a CA;  b.  certificate management; c.  key management; d.  systems and operations; and e.  application integration. 

Overall Management and Obligations of a CA 5.  As the CA performs a trusted role where digital certificates derive legitimacy, the CA must be managed with high levels of integrity and security. 

6.  The CA must disclose adequate information to its subscribers and relying parties on the assurance level(s) of the certificates that it issues and the limitations of its liabilities. This is to enable the users to make informed choices on the types of certificates that meet their usage requirements. 

7.  Security and risk management controls must be instituted to ensure that security policies and safeguards are in place. Such controls include personnel security and incident handling measures to prevent fraud and security breaches. 

Certificate Management  8.  To ensure the integrity of its digital certificates, the CA must implement appropriate security controls in the certificate management processes, i.e. certificate registration, generation, issuance, publication, renewal, suspension, revocation and archival. 

9.  The CA must enforce an adequate authentication method to verify the identity of the applicant of a digital certificate. The identity authentication method shall commensurate with the level of assurance accorded to the certificate. 

10.  The CA must implement suspension and revocation procedures to suspend or revoke certificates once such requests have been verified to be valid.  Suspension and revocation information must be published within the time interval specified in the Certificate Practice Statement (CPS) of the CA. 

11.  The CA must ensure the continued accessibility and availability of its certificate repository to its user community, i.e. its subscribers and relying parties. 

12.  The CA must maintain a secure archive of its subscribers' certificates and registration information for the minimum period stipulated in the Regulations to facilitate verification of digital signatures after the certificates have expired. 

Key Management  13.  The cryptographic keys provide the basis for the functions of the digital certificates, e.g. authentication and digital signature. Hence the keys must be adequately secured at each phase of their life cycle, i.e. key generation, distribution, storage, usage, backup, archival and destruction. 

14.  As the cryptographic components of the CA systems are highly sensitive and critical, the components must be subjected to an independent expert review to ensure their integrity and assurance. 

15.  The CA must establish procedures to immediately revoke the affected subscribers' certificates in the event of a compromise of its own digital signature private key. 

16.  Adequate backup measures must be implemented to ensure the continued availability of cryptographic keys in the event of loss or corruption of the keys. 

Systems and Operations  17.  Access and integrity controls must be implemented for the CA systems that store and process the subscribers' information and certificates. 

18.  Physical security measures must be put in place to protect the CA systems and related assets from physical security threats. 

19.  Controls to monitor the CA operations must be implemented and audit logs must be reviewed regularly to detect any anomaly in the system and network activities. 

Application Integration  20.  In enabling applications to use digital certificates, the integration of the cryptographic and certificate functions must be secure to protect the confidentiality of the users' private keys and ensure integrity of the digital signatures generated. 

21.  The applications must enable relying parties to verify the authenticity and validity of certificates and digital signatures. 

Conclusion  22.  CAs play a vital role in facilitating secure electronic transactions as they provide the infrastructure for transacting parties in an electronic environment to authenticate each other's identities and ensure non-repudiation of electronic transactions through the use of digital signatures. 

23.  The security guidelines are tailored for the CA systems and operations to facilitate the provision of secure CA services. Users will have added confidence and assurance in using the services of CAs that comply with the guidelines. 

China

China has demonstrated its virtual xenophobic approach to the control of its boarders.  In relation to the internet China has put in place tight controls. The Computer Information Network and Internet Security, Protection and Management Regulations were approved by the State Council on 11 December 1997 and promulgated by the Ministry of Public Security on 30 December 1997. The regulations require establishments that uses computer information networks or the internet within China to register with the Ministry of Public Security.  Such bodies must provide secure, protected and managed networks to carry out technical measures of network security and protection, and to provide security education and training. 

The regulations include the provision: 

In order to strengthen the security and the protection of computer information networks and of the Internet, and to preserve the social order and social stability, these regulations have been established. The Ministry of Public Securities shall protect the public security of computer information networks and the Internet as well as protect the legal rights of Internet service providing units and individuals as well as the public interest. 

The internet may not be used to harm national security, disclose state secrets, harm the interest of the state or society or of a group, the legal rights of citizens or to take part in criminal activities.  Specified classes of information are not to be replicated, retrieved or transmitted.  This includes: overthrowing the government, harming national unification, hatred and discrimination, sexually suggestive material, gambling, violence and murder. The penalties for breach are severe. 

To import or export encryption programs a person must obtain a licence through the Ministry of Foreign Trade and Economic Cooperation.  Such licences are difficult to obtain. Hong Kong maintains separate laws for economic and trade matters including export and import controls. 

According to Shanghai Deputy, Zhang Lainsheng the insecurity of information has become the leading problem plaguing the rising e-business in China, even though the popularisation in coastal cities makes e-business possible. 

Japan

The Japanese Ministry of Trade and Industry issued a paper “Towards the Age of Digital Economy, For Rapid Progress in Japanese Economy and World Economic Growth in the Twenty First Century”. 

The paper outlines the Japanese government's approach to electronic commerce. 

Professor Tsuneo Matsumoto has evaluated the approaches taken by the Japanese government in relation to electronic commerce.   Generally the government has opted for a self regulation approach.  The Japanese government has set up committees and working groups with 240 major companies.  The issues raised include consumer rights, privacy and electronic payment systems. 

The Electronic Commerce Promotion Council Guidelines for Consumer Transactions emulate the ICC Internet Guidelines Relating to Advertising and Marketing on the Internet. 

European Union

The e-Commerce Directive, which entered into force on 17 January 2002, establishes that contracts concluded by electronic means are recognized as such, and legal barriers to their conclusion are removed, complementing the e-signatures Directive. In addition, a new regulation on jurisdiction and the enforcement of judgments in civil and commercial matters gives European Union consumers the right to sue foreign Internet providers of goods and services in the consumers’ local court rather than in the foreign jurisdiction.

Australia

The Electronic Transaction Act 1999 (Cth) became law on 9 December 1999.  The Act is based on the UNCITRAL Model Law.  However its application is severely limited because Australia is a federation.  The federal parliament is limited by the Australian Constitution to the extent to which it may legislate for commerce and business generally.  The Australian States have been involved in discussions to pass parallel legislation, however, the matter appears to receive a low priority. 

Australian law is ill-equipped to deal with contracts and transactions in cyberspace. Legislation contains many provisions requiring a person to provide information in writing, to sign a document, to produce a document or to retain information or a document. For validity, certain contracts must be in writing while writing must evidence others. 

Uncertainty exists over the application of such laws when electronic equivalents are used. Some requirements simply reject electronic equivalents. The Federal government set up the Electronic Commerce Expert Group which recommended that the government "enact comprehensive framework electronic commerce legislation, by which all other laws in Australia will be interpreted". 

The result is the Electronic Transactions Act 1999 (Cth).  http://scaleplus.law.gov.au/html/pasteact/3/3328/top.htm

The Act is part of the government's "strategic framework for the development of the information economy in Australia". The Government says the Act is part of a commitment to ensuring that Australians enjoy the social and economic benefits offered by the growth the information economy. 

The government has adopted a light-handed regulatory regime for the use of electronic communications in transactions. The Act proposes to remove existing legal impediments which may prevent the use of electronic communications to satisfy obligations under Commonwealth law. 

The Act is based on the United Nations Commission on International Trade Law (UNCITRAL) model law on electronic commerce of 1996, with some modifications. 

Media and technology neutrality  The Act implements principles of media neutrality, also known as functional equivalence, which means that paper-based commerce and electronic commerce should be treated equally by the law; and technology  neutrality, which means the law should not discriminate between forms of technology. 

Accordingly the Act establishes the basic rule that a transaction is not invalid because it took place by means of an electronic communication. 

Objects  To provide a regulatory framework that: 

recognises the importance of the information economy to the future economic and social prosperity of Australia; 

facilitates the use of electronic transactions; 

promotes business and community confidence in the use of electronic transactions; and 

enables business and the community to use electronic communications in their dealings with government. 

Implementation 

Until July 1, 2001 the Act applies to any law of the Commonwealth specified in the regulations. After July 1, 2001, the Act applies to all Commonwealth laws except those specifically exempted. 

Due to constitutional restrictions a national uniform law can only be achieved with both State and Commonwealth legislation. This uniform national scheme approach is the preferred option of the Electronic Commerce Expert Group and of the Federal Government. The states and territories have given in principle support to the national uniform legislative scheme because such a scheme will promote confidence in the business community. 

Electronic transactions not invalid 

Under the Act, where current legislation provides that a document or act must be in writing, the document or act will not be invalid if it is electronic. of course, the electronic transaction must comply with all other legal requirements, such as for wills and deeds. 

Additionally, 'in writing' means the information required or permitted to be in writing may he generated electronically provided it was "reasonable to expect" at the time the information was given that the information would be "readily accessible so as to be useable for subsequent reference". 

Documents may be produced electronically or recorded and retained electronically provided: 

there is a reliable means of assuring the "maintenance of the integrity" of the document; and 

it was "reasonable to expect” at the time of the communication that the document would be “readily accessible so as to be useable for subsequent reference" or the relevant parties consented. 

Electronic communication means a communication of information in the form of: data, text or images through guided or unguided electromagnetic energy; or speech through guided or unguided electromagnetic energy, where the speech is processed at destination by an automated voice recognition system. 

Signatures 

The requirement for a signature may be met by the use of "a method" to "identify the person and indicate the person's approval of the information communicated" provided the method is appropriate for the purposes for which the information was communicated. Presumably, the courts will treat the application of such digital signatures as an intention to execute and be bound. 

The approach deliberately makes no mention of current technologies as does, for example, Singapore's legislation where mention is made of public key cryptology. Clearly, the legislation has public key technology in mind, but business should err on the side of caution rather than test the application of these provisions. 

Deemed time and place of dispatch and receipt of electronic communications 

The dispatch of the electronic communication is deemed to occur when it enters the first information system, typically meaning the sender's internet service provider (ISP). 

If the addressee has designated an information system for the purpose of receiving electronic communications, then, unless otherwise agreed, the time of receipt of the electronic communication is the time when the electronic communication enters that information system.  However, if the addressee has not designated such an information system then, unless otherwise agreed, the time of receipt of the electronic communication is the time when the electronic communication comes to the attention of the recipient.  It is unclear whether "to the attention" means when the addressee receives the message "you have new mail" or when the contents have been read. The courts should prefer the former meaning, otherwise a recipient could avoid unwelcome messages by deleting those from a particular sender. 

Attribution of electronic communications 

The purported originator of the electronic communication is bound by that communication only if the communication was sent by the purported originator or with the authority of the purported originator. This provision may be excluded in advance by the parties to promote certainty The respective parties should then maintain personal security or risk the consequences of unauthorised use. 

Federal Attorney-General's e-commerce page  <http://law.gov.au/ecommerce/ > 

The impact of the legislation will be broad, extending beyond internet transactions. Careful consideration will need to be given to transactions to be exempted when the second stage commences in July 2001. The states and territories should resist unique divergences in an attempt to maintain national uniformity, stability and certainty. 

Canada

"Canada’s international strategy is based on the recognition that e-commerce is essentially global and that Canadian industry and government should work together to influence global policy.  Bill C-54 was introduced on October 1, 1998. It was introduced to protect personal information in the private sector, creating an electronic alternative for doing business with the Federal Government and clarified how the courts assessed the reliability of electronic records used as evidence. This legislation is recreating in cyberspace the same expectations of trust, confidence, and reliability that now exists in everyday commerce..."  For a good survey of electronic commerce in Canada with valuable links, see: http://www.e-com.ic.gc.ca/english 

International Chamber of Commerce (ICC)

The ICC promotes interactive trade and investment and the market economic system worldwide.  Its function is to present views to the various governments and coordinates with its members to address current issues including electronic commerce.  The General Usage for International Digitally Ensured Commerce is a general framework for “ensuring” and “certification” of digital messages, based upon existing civil and common law treatment of the subject as well as pertinent international principles. The system proposed by GUIDEC is the appointment of trustworthy third parties (Certifiers) who will issue certificates which receiving parties can rely upon verifying that the ensuring party has the ability to contract and bind either himself or is an authorized representative. The ICC has also issued revised guidelines for advertising and marketing on the Internet.  See: http://www.iccwbo.org

Taxation

The kind of transactions that can be carried on over the internet include: 

transactions involving physical goods (for example Amazon.com);

transactions involving non electronic services (law, accounting, consulting);

transactions involving electronic services (Yahoo, software design);

transaction involving information (Newspapers, Lexis, pornography);

financial transactions (internet banking, internet gambling);

Jurisdictional concepts based on physical geography such as the residence of the taxpayer who receives the income, the source with which the income has the closest connection, the situs of the property that gives rise to the income and the taxpayers permanent establishment or nationality/citizenship may require modifications to fit the world of electronic commerce.

The same applies to characterization of income as services rendered vs. goods sold, and of business profits vs. royalties, particularly in digital sales. 

A taxpayer’s Internet identity does not necessarily provide evidence about that taxpayer’s true residency status.

Taxpayers can conduct a substantial business with a transient and insubstantial presence.

GST and VAT rules governing international services are amplified for electronic commerce services.

It is impossible to know the geographical points at which billions of Internet transactions began or ended. Attempts to tax intangible electronic commerce might lead to double taxation, and multiple reporting issues.

As an increasing amount of Internet traffic is transmitted by satellite-based technology and wireless transmissions, jurisdiction claims of States through whose Either transactions pass loses meaning.

The value of transactions can be relatively small as the volume increases thereby making the current methods of enforcement inefficient.

Intermediaries such as distributors and retailers are being reduced and they have played an important roll re tax administration and compliance.

Electronic payment methods and privacy protection may lead to tracing problems.

A taxation framework for electronic commerce and the administrative arrangement to support that framework.

The benefits for the administration of taxation through electronic commerce by simplifying the tax system and enhancing tax payer service.

Adequate information reporting mechanisms.

 Taxation neutrality between conventional commerce and electronic commerce.

Input from other non OECD members and the private sector.

Similar transactions should be taxed in the same way.

Minimisation of administrative costs as well as compliance costs.

Transparency for taxpayers of what is to be taxed, how it is to be taxed and when it is to be taxed.

Minimisation of the potential for tax evasion and avoidance.

Structural tax changes for a fair sharing of the tax base between countries.

This discussion will identify the taxation methods available in taxing the Internet that have been proposed by various official, international bodies. The focus will then shift to a case analysis of action taken by several countries thus far including studies of the US, New Zealand and Australia. 

Taxation Methods 

There are two broad methods of taxing the Internet that have been proposed. 

The first is a tax on the transfer of items sold on the Internet. This will amount to a sales tax on items sold using e-commerce. The changing tax system to a goods and services based tax (GST) in Australia is a good example of this. 

The second relates to the taxation of actual Internet use. This can occur in a few ways, but the most effective method would be to charge fees for e-mail and Internet use by means of an extra charge imposed by the telephone companies. Rumours have also emerged that the US Postal Service had suggested imposing a levy on e-mails as the use of ordinary mail services, or “snail mail” as it is colloquially known as, has severely suffered since the advent of the Internet. 

The Internet was created in the US, and any likely tax impositions will probably originate from there. There has been significant Congressional debate about Internet taxation but as the law stands today, the Internet Tax Freedom Act effects a Moratorium introduced by President Bill Clinton. The Act effectively suspends the power of any US State or other government office from imposing the payment of taxation on Internet services and sales until the 21st of October 2001. 

The aim of the legislation is to encourage the increasing use of the Internet and also to stimulate demand in the e-commerce market. The ban was placed on all taxes to the Internet to enable the Government to receive clear information and to, as Virginian Governor James Gilmore puts it, “think through, in a mature way, what’s good public policy with respect to taxation on the Internet.” Accordingly, it can be argued that the Act is simply a stalling period while information is gathered to determine how best to implement a tax on the Internet. It seems it is only a question of “when” and not “if” an Internet tax is going to be imposed. 

To this end, a Committee has been set up constituted by government officials, senators, members of leading computing companies and representatives of trade and commerce boards, in an effort to produce a report before October 2000. The report will recommend to the US Government the appropriate course of action to be taken after the ban on taxation dissolves. 

There is significant debate within the Committee and press statements released thus far, has the members divided in their views. On the one hand, pro tax activists believe that whilst the Internet flourishes, the resources of other essential services are being diverted. An example, as already alluded to, is the financial sufferings of the US Postal Service. The average US citizen using the Internet receives ten e-mails per day. The loss of revenue is supposedly crippling the postal service, and taxing the Internet would be one answer to saving the dying service. Other complaints have been received from businesses in competition with Internet based commercial sites. Competitors of Amazon.com (who are a retail book mega-store) have the disadvantage of having to pay taxes and costs of establishing “bricks and mortar” retail stores. By not taxing the Internet e-commerce sites, it is suggested that these traditional stores will be severely disadvantaged. 

Advocates for the banning of Internet taxes believe that keeping the Internet free from levies will result in a significant improvement in competition which will lead to greater economic efficiency. Why should the Internet be taxed to support inefficient commercial vehicles when the most cost effective resource is available at the click of a button? 

The debate will continue for many months leading up to the report which is due out late next year. The government must clearly weigh up the options of promoting either the efficiency of the Internet and e-commerce or focus on the protection of disadvantaged, often cumbersome markets. 

With the potential for taxation dollars from the Internet virtually as limitless as the Internet itself, it seems unlikely that the net will remain free for too much longer. 

Australia 

In Australia, the Federal government has introduced a GST package that will commence on the 1 July, 2000.  This tax will broadly incorporate items and services sold electronically over the Internet. Whilst the GST is not strictly limited to an Internet based tax, it’s effect will be the regulation and control of payments made over the Internet within Australia’s jurisdiction. 

However, in policing the new tax, the Government has already identified several problems the Australian Tax Office is likely to encounter. These problems include: 

an inability to identify transactions. The authorities will be virtually powerless in identifying transactions made where they have occurred between Australian consumers and overseas suppliers or where a credit card number has been used from an overseas purchaser; 

the encryption of the transaction. Encryption of information is becoming more and more powerful and decrypting sale transaction information will be virtually impossible by the Australian Taxation Office (ATO); 

collecting the tax from millions of end users instead of a small number of intermediaries. The significant costs in administering the tax will be a substantial problem for the ATO; and 

difficulties in determining where a product is produced or consumed. The anonymity of the Internet makes paper trails very hard to follow. It is therefore, very difficult to determine the physical location of a supplier and a consumer. 

New Zealand 

From the 1 August 1999, New Zealand’s Telecom has imposed restrictions on Internet Service Providers (ISPs) by requiring them to change their dial up numbers to an 0867 prefix. Telecom’s reason for this was to provide a more stable network that could be closely monitored to enable optimal performance for Internet users. To ensure compliance with the changes, Telecom have imposed a 2 cent per minute charge on any user dialling from a number other than one with an 0867 pre-fix. Accordingly, if an average user makes use of the Internet for 40 hours in a month, then $48 will be added to their monthly phone bill. 

The ISP though, in changing its dial up code number will incur significant costs, which are likely to be passed on to its consumers. These costs include the wastage of connection manuals, of start-up CD’s already printed and the significant increase in calls to help-desks as consumers will require assistance in changing their dial up codes. As the costs are likely to be absorbed by consumers, the end user will be taxed whether they use an 0867 prefix or not. 

Whilst most ISPs have been forced to change their dial up number, a strong number of ISPs have rebelled against the seemingly mandatory change by offering to reimburse customers who use ordinary dial up numbers. However, with the New Zealand government supporting Telecom’s changes, it seems any resistance offered by ISPs will be futile. 

Whilst the tax imposed by Telecom will probably not directly affect any user, as most ISPs have since changed prefixes, the company’s actions have shown that taxation can be imposed on the Internet and that the government has strong potential power in regulating ISPs and effectively, Internet use. 

The United Nations 

The United Nations has also had significant input in declaring a need for Internet taxation. A human development report recommended the tax to aid in the development of underdeveloped nations in accessing the network. 

The report proposes a tax of the equivalent of one US cent per 100 e-mails sent. The report continues by stating that if this tax had been in established in 1996, then 70 billion US dollars would have been raised. 

There has been much criticism of the report, in that it will place shackles on the Internet, which is still enjoying exponential growth rates. One representative of a free enterprise organisation believes that money is better spent in developing facilities in underdeveloped nations. Microsoft for example has opened facilities in South Africa, Kenya and the Ivory Coast. 

Whilst some pressure has been exerted by the UN report, again the most likely of origins for an Internet tax will come from the US after the three year ban has been lifted. 

Cause and Effect

When the holding period in the US lapses, then it is highly probable that the US government will impose some form of Internet taxation in an attempt to grasp a solid handful of this highly lucrative, untapped resource. Despite there being significant argument within the Committee set up to debate the future of Internet taxation, the lure of the potential tax income should prove too great for the US government to ignore. 

Taxation in other areas of the world would soon follow if action is taken in the US. Undoubtably, there would be an unprecedented backlash by the millions of Internet users against such action, and the conflicts that would surely flow from such a decision may sway the government’s opinion. For the moment however, the Internet will continue to grow at its amazing rates, and electronic commercially driven sites will flourish and prosper under a world wide regime content to ignore the taxable opportunities for the moment. 
 ICC Model Clauses For Use In Contracts Involving Transborder Data Flows
Parties wishing to incorporate the Clauses into their contracts may do so by inserting the following sentence, or a similar one, into their written agreements: "The parties hereto agree that the ICC Model Clauses For Use In Contracts Involving Transborder Data Flows, Publication No.___ (1998), are hereby incorporated by reference in this agreement as if fully set out herein." 

Definitions

For the purposes of these clauses (the "Clauses"), the following terms shall have the following meanings: 

"The Authority" means the relevant data protection authority in the territory in which the Data Exporter is established; 

"Data Controller" means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; 

"Data Exporter" shall mean the party identified elsewhere in this contract which transfers such personal data to a the country where the Data Importer is situated; 

"Data Importer" shall mean the party to this contract as identified elsewhere herein in this contract which receives personal data from the Data Exporter for processing in accordance with the terms of this contract; 

"Data Processor" means a natural or legal person, public authority, agency or any other body which processes data on behalf of the Data Controller; 

"Personal Data" or "personal data" shall mean any information relating to an identified or identifiable natural person and the personal data the subject of these Clauses is described in Schedule [ ]] [Appendix][Annex][A] to this contract; 

"Data Subject" is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity; 

"Processing" or "processing" shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. 

"Sensitive Data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life. 

1. Warranties of the Data Exporter. 

The Data Exporter warrants that: 

a. The Personal Data to be exported have been collected and processed in accordance with notice, consent or other requirements of all relevant laws of the country in which the Data Exporter is established; 

b. Where applicable, it is registered with the Authority and, where required, has provided notice that it exports personal data and/or has received any licence or consent necessary to do so lawfully in the country in which it is established; and 

c. Its processing of the personal data, as notified by the Data Exporter to the Data Importer, will not violate any current law or regulation of the country where the Data Exporter is established. 

2. Undertakings of the Data Exporter and Disputes with Data Subjects or Data Protection Authorities. 

a. The Data Exporter will take such actions as are necessary to ensure it has fulfilled, and will continue to fulfill the warranties set out in Clause 1. 

b. The Data Exporter will promptly respond to enquiries from the Authority about the use of the relevant personal data and to any Data Subject’s enquiry concerning use of his or her personal data, (including whether the same has been exported by it) and provide the enquirer with the name of the Data Importer and the individual responsible at the Data Importer who will be informed of the enquiry and who will respond to inquiries from its national authorities. 

c. The Data Exporter confirms that, on request by the Data Importer, the Data Exporter will supply a copy of the current laws in relation to the data protection applicable in the country where the Data Exporter is established. It also undertakes to notify the Data Importer as soon as possible of any changes to the said applicable laws. 

d. In the event of a dispute between the Data Exporter or the Data Importer and a Data Subject or the Authority concerning the Data Importer’s processing of personal data, which dispute is not amicably resolved, the Data Exporter agrees to use reasonable efforts to defend the lawfulness of the Data Importer’s processing of the Data Subject’s personal data through available means of dispute resolution between Data Controllers and Data Subjects, or between Data Controllers and the Authority, as applicable, provided for in the country where the Data Exporter is established. The Data Importer agrees to abide by the decision of the Authority (or other authority or tribunal having jurisdiction of the dispute) with respect to such processing as finally affirmed by the judicial authority to which appeal of such decision may be made, as if it were party to the proceedings. The Data Importer hereby authorizes the Data Exporter to settle any such dispute without recourse to completion of all such formal dispute resolution formalities pursuant to advice of counsel reasonably acceptable to the Data Exporter that such settlement is warranted and reasonable in the circumstances. The Data Importer shall execute and deliver to the Data Exporter any further documents or instruments necessary under the laws of any relevant jurisdiction to give effect to the foregoing. 

e. The Data Exporter shall notify to Data Importer, prior to export of any personal data to the Data Importer, the purposes for the use of such data. 

3. Warranties of the Data Importer. 

The Data Importer warrants that it has: 

a. full legal authority in the country where the personal data will be processed to receive, store and process such data, to use it for the purpose(s) for which it has been collected by the Data Exporter, as set out herein, and to give warranties and fulfill the undertakings set out in this Clause 3; 

b. in place appropriate technical and organizational measures against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and adequate security programs and procedures to ensure that unauthorized persons will not have access to the data processing equipment used to process the exported personal data, and that any persons it authorizes to have access to the personal data will respect and maintain the confidentiality and security of the personal data; and 

c. security programs and procedures under 3(b) above, which reflect the level of damage that might be suffered by the Data Subject as a result of unauthorized access and disclosure and which specifically address the nature of Sensitive Data, where necessary. 

4. Undertakings of the Data Importer. 

The Data Importer undertakes to: 

a. do such actions as are necessary to ensure it has fulfilled, and will continue to fulfill, the warranties set out in Section 3; 

b. process the personal data in accordance with the laws of the country in which the Data Exporter is established; c. provide the Data Subject the same rights of access, correction, blocking, suppression or deletion available to such individual in the country in which the Data Exporter is established; 

d. not use the personal data for a purpose not compatible with that notified to it under 2(e) above, or as may otherwise be authorized by the Authority or the laws or any relevant regulatory body in the country in which the Data Exporter is established; 

e. use the personal data solely for its own use and not disclose or transfer the personal data to a third party or a third country without the prior consent of the Data Exporter and such consent will not be given unless the Data Exporter is satisfied with all the terms of such disclosure or transfer and that the personal data will receive an adequate level of security after such disclosure or transfer; 

f. appoint, and identify to the Data Exporter and to the Authority, an individual within its organization authorized to respond to enquiries from the Authority or a Data Subject concerning its processing of his or her personal data. The Data Importer will deal with all enquiries relating to the personal data promptly, including those from the Data Exporter and the Authority, and in any event within any time frame stipulated by applicable laws in the country in which the Data Exporter is established; 

g. submit its data processing facilities, data files and documentation needed for processing to auditing and/or certification by the Data Exporter (or other duly qualified auditors of inspection authorities not reasonably objected to by the Data Importer and approved by the Data Exporter to ascertain compliance with the warranties and undertakings in these Clauses); 

h. comply with any changes in applicable laws notified to it by the Data Exporter. In the event it is unable to do so, it shall forthwith notify the Data Exporter and the Data Exporter shall be entitled to terminate this agreement, unless the parties have agreed or forthwith agree to take such steps as shall enable Data Importer to so comply; and 

i. notify the Data Exporter of any provisions in its local law, or of any changes in that law, which does or could affect the Data Importer's ability to perform its obligations under these Clauses. 

5. Dispute Resolution. Disputes between Data Importer and Data Exporter In the event of a dispute between the Data Importer and the Data Exporter concerning any alleged breach of any provision of these Clauses, such dispute shall be finally settled under the Rules of Arbitration of the International Chamber of Commerce by one or more arbitrators appointed in accordance with the said rules. 

6. Indemnities The Data Exporter and the Data Importer will indemnify each other and hold each other harmless from any cost, charge, damages, expense or loss resulting from its breach of any of the provisions of these Clauses. 

7. Termination In the event that: 

a. the Data Importer gives notice to the Data Exporter under Clause 4(h) above; 

b. the Data Importer is in breach of any warranties or undertakings given by it under these Clauses; 

c. the Authority or other tribunal or court in the country in which the Data Exporter is established rules that there has been a breach of any relevant laws in that jurisdiction by virtue of the Data Importer's processing of the personal data, the Data Exporter, without prejudice to any other rights which it may have against the Data Importer, shall be entitled to terminate these Clauses forthwith. 

In the event of termination of these Clauses, the Data Importer must return all personal data and all copies of the personal data, the subject of these Clauses to the Data Exporter forthwith or, at the Data Exporter's choice, will destroy all copies of the same and certify to the Data Exporter that it has done so, unless the Data Importer is prevented by its national law or local regulator from destroying or returning all or part of such data, in which event the data will be kept confidential and will not be processed for any purpose. 

The Data Importer irrevocably agrees with the Data Exporter that, if so requested by the Data Exporter or the Authority, it will allow the Data Exporter or the Authority access to its establishment to verify that this has been done or will allow access for this purpose by any duly authorized representative of the Data Exporter. 

8. Data Processors 

Where the Data Importer is a Data Processor and the Data Exporter is in the EEA, the following shall apply: 

a. the Data Processor will observe the obligations of a Data Controller under the Directive in respect of the Personal Data being processed by it; and 

b. the Data Processor shall act only on the instructions of the Data Exporter. 

9. Governing Law The laws which shall govern these Clauses shall be the laws of the country in which the Data Exporter is established. 
 

 List of International Organisations 
Bank for International Settlements (BIS) http://www.bis.org/about/index.htm

The main tasks of the Bank for International Settlements are to promote the co-operation of central banks  and to provide additional facilities for international financial operations. The BIS is an important forum for international monetary and financial co-operation between central bankers and, increasingly, other regulators and supervisors. A key aim of this co-operation is to foster international monetary and financial stability. The BIS provides secretariat support for a number of key groups such as the Basle Committee on Banking Supervision and the Committee on Payment and Settlement Systems and host the secretariat for the International Association of Insurance Supervisors. It is also a centre for economic research, particularly on monetary and financial issues. At the same time the BIS is a bank, but one whose depositors are limited to central banks and international financial institutions; a significant portion of the world’s foreign exchange reserves are held on deposit with the BIS. 

International Electrotechnical Commission (IEC) http://www.iec.ch

The International Electrotechnical Commission (IEC) is the world organisation that prepares and publishes international standards for all electrical, electronic and related technologies. The membership consists of more than 50 participating countries, including the world's major trading nations and a growing number of industrialising countries. The IEC’s mission is to promote international co-operation on all questions of electrotechnical standardisation and related matters, such as the assessment of conformity to standards, in the fields of electricity, electronics and related technologies. The IEC charter embraces all electrotechnologies including electronics, magnetics and electromagnetics, electroaccoustics, telecommunication, and energy production and distribution, as well as associated general disciplines such as terminology and symbols, measurement and performance, dependability, design and development, and safety and the environment. 

International Labour Organisation (ILO) http://www.ilo.org

The ILO is a specialised agency of the United Nations founded in 1919 and built on the constitutional principle that universal and lasting peace can be established only if it is based on social justice. The ILO provides the international institutional framework for the formulation of international policies and programs to promote basic human rights, improve working and living conditions and enhance employment opportunities. This involves the creation of international labour standards backed by a unique system to supervise their application; an extensive program of international technical co-operation and training, education, research and publishing activities. The ILO is unique among world organisations in that employers' and workers' representatives - the “social partners” of the economy - have an equal voice with those of governments in shaping its policies and programs. The International Labour Conference meets annually. It provides an international forum for discussion of world labour and social problems and sets minimum international labour standards and broad policies of the Organisation. Every two years the Conference adopts the ILO's biennial work program and budget which is financed by member States.  Between Conferences, the work of the ILO is guided by the Governing Body, comprising 28 government members and 14 worker and 14 employer members. The International Labour Office in Geneva is the Organisation's secretariat, operational headquarters, research centre and publishing house. Administration and management are decentralised in regional, area and branch offices in more than 40 countries. The ILO's general role in electronic commerce is to analyse and monitor the impact of information and communication technologies (ICT), including it's use in electronic commerce, on employment (loss and creation of jobs), enterprise development, work organisation, working time arrangements, working conditions and industrial relations. In this context, key issues for ILO policy development are telework, protection of workers' personal data and protection of the rights of categories of workers particularly affected by ICT, as well the role of ICT in globalisation and restructuring of national economies and the opportunities or restrictions created in terms of access and participation in the emerging world economy. 

International Organisation for Standardisation (ISO) http://www.iso.ch

The International Organisation for Standardisation (ISO) is a world-wide federation of national standard bodies. Its mission is to promote the development of standardisation with the view to facilitate the international exchange of goods and services, and to develop co-operation in the sphere of intellectual, scientific, technological and economic activity. The ISO covers all standardisation fields except electrical and electronic engineering, which is the responsibility of IEC. The work in the information technology field is carried out by a joint ISO/IEC committee (JTC 1). The technical work of ISO is decentralised. There are over 2,700 technical committees, subcommittees and working groups. In these committees, representatives of industry, research institutes, government authorities, consumer bodies and international organisations from around the world come together to resolve problems of global standardisation 

International Telecommunication Union (ITU)

http://www.itu.org

The International Telecommunication Union (ITU) is an intergovernmental organisation, within which public and private sectors co-operate for the development of telecommunications. The ITU adopts international regulations and treaties governing all terrestrial and space uses of the frequency spectrum within which countries adopt their national legislation. It also develops standards to facilitate the interconnection of telecommunication systems on a world-wide scale regardless of the type of technology used. The ITU also fosters the expansion of telecommunications services and infrastructure in developing countries by recommending medium-term policies and strategies to national administrations. 

United Nations Commission on International Trade Law (UNCITRAL ) http://www.un.or.at/uncitral/

The United Nations Commission on International Trade Law (UNCITRAL) was established by the United Nations General Assembly in 1966. The Commission is regarded as the core legal body of the United Nations system in the field of international trade law and the main vehicle by which the United Nations can play a more active role in reducing and removing obstacles to the flow of trade. The general mandate of the Commission is to further the progressive harmonisation and unification of international trade law and to remove unnecessary obstacles to international trade caused by inadequacies and divergence in national legislation affecting trade. The Commission has carried out work in eight different areas of trade law including: international sale of goods and related transactions; international transport of goods; international payments (Legal Guide on Electronic Fund Transfers, Model Law on International Credit Transfers); international commercial arbitration and Electronic Commerce (Model Law). To develop the preparatory work on topics within the Commission’s program areas, UNCITRAL established three Working Groups currently named the Working Group on International Contract Practices, the Working Group on Insolvency Law and the Working Group on Electronic Commerce. 

United Nations Centre for Facilitation of Procedures and Practices for Administration, Commerce and Transport (UN/CEFACT) http://www.unicc.org/

The scope of the United Nations Economic Commission for Europe (UN/ECE)'s activities in Trade Facilitation is global and to meet the requirements of these wider responsibilities the work was restructured in 1997 into a Centre for Facilitation of Procedures and Practices in Administration, Commerce and Transport (CEFACT). This new organisation enables participants from all over the world to participate, on an equal footing, to improve business processes and to ensure the effective transfer of trade information. CEFACT provides a forum for institutional co-operation in formulating and recommending international trade facilitation strategies and for reconciling official governmental and commercial requirements. The Centre will not only extend global participation in its work but also encourage a thorough approach to the technical and policy areas of trade facilitation. The participation of many private-sector associations in CEFACT's work at the policy level, and of hundreds of private-sector technical experts in CEFACT working groups, is a unique feature of the Centre which is forging new co-operative relationships between private business and public organisations. The new Centre's vision is “Simple transparent, effective processes for global commerce” and it is dedicated to facilitating international transactions through the development of recommendations and tools that simplify and harmonise information flows. Its ultimate objective being to improve the ability of business, trade and administrative organisations to exchange product and relevant services effectively, thus contributing to the growth of global commerce. 

United Nations Conference on Trade and Development (UNCTAD) http://www.unctad.orghttp://www-partners.unctad.ch/

UNCTAD was established in 1964 and is the principle organ of the United Nations General Assembly in the field of trade and development. The main goals of UNCTAD are to maximise the trade, investment and development opportunities of developing countries, and to help them face the challenges arising from globalisation and integrate into the world economy. In 1992, UNCTAD launched its Trade Efficiency Initiative. The main objective of the initiative is to facilitate the integration and participation of developing countries and SMEs in international trade. This objective is pursued by simplifying and harmonising trade procedures world-wide and providing traders or potential traders with access to information networks and better business practices. A key component of the Trade Efficiency Initiative is the Trade Point Program. The program facilitates access to the latest information and telecommunication technologies by making them available to trade operators in developing countries and to SMEs. The overall objective is to reduce the risk of exclusion and increase the overall participation in international trade. 

United Nations Educational, Scientific and Cultural Organisation (UNESCO) http://www.unesco.org

The United Nations Educational, Scientific and Cultural Organisation's (UNESCO) constitution was adopted by the London Conference in November 1945, and entered into effect in November 1946. The Organisation's main objective is to contribute to peace and security in the world by promoting collaboration among nations through education, science, culture and communication in order to further universal respect for: justice; the rule of law, and human rights. UNESCO’s member states have established an intersectoral project on the information society, foreseen in the approved Programme and Budget for 1998-1999. An observatory will also be set up within this project to collect and disseminate data on the major ethical and legal issues related to cyberspace, in particular, questions of access and preservation of digital information, adaptation of copyright legislations and fair use practices, freedom of expression, protection of privacy and violence. At the 29th Session of the General Conference (October-November 1997), Member States have adopted the Resolution 29C/36 inviting the Director-General to prepare a report on a set of principles and guidelines - education, scientific and cultural - applicable to cyberspace. A recommendation on universal access to cyberspace and multilingualism should also be drafted and both instruments will be submitted to the 30th Session of the General Conference in 1999. 

Universal Postal Union (UPU) http://postinfo.upu.org

The Universal Postal Union (UPU) was founded in 1874 and was brought into relationship with the United Nations in 1948. The UPU unites member countries into a single postal territory and fixes international postal rates. As a Specialised Agency of the United Nations, the UPU aims to organise and improve postal service throughout the world and to ensure international collaboration in this area. Among the principles governing its operation as set forth in the Universal Postal Convention and the General Regulations, two of the most important were the formation of a single territory by all signatory nations for the purposes of postal communication and uniformity of postal rates and units of weight. 

The World Bank http://www.worldbank.orghttp://www.worldbank.org/infodev

The International Bank for Reconstruction and Development, frequently called the "World Bank" was established in 1944 at the United Nations Monetary and Financial Conference. The World Bank's goal is to reduce poverty and improve living standards by promoting sustainable growth and investment in people. The Bank provides loans, technical assistance and policy guidance to developing country members to achieve this objective. 

The Bank Group comprises of five organisations: the International Bank for Reconstruction and Development (IBRD); the International Development Association (IDA); the International Finance Corporation (IFC); the Multilateral Investment Guarantee Agency (MIGA); and the International Centre for Settlement of Investment Disputes (ICSID). These agencies raise most of their money on the world’s financial markets through selling public or private bonds and other debt securities to pension funds, insurance companies, corporations and other banks, and individuals around the world. 

The Information for Development Program (infoDev) is a global program managed by the World Bank which assists developing countries and economies in transition take advantage of the opportunities the information revolution offers for accelerating social and economic development—providing a framework for initiating a range of new development ideas to be field-tested. Projects are selected for financing which: promote market-based solutions to development problems; improve education and health; reduce poverty and exclusion of low-income countries and social groups; promote the protection of the environment; and increase the efficiency, accountability and transparency of governments. 

The World Bank, a specialised agency of the United Nations, provides development assistance to poor people and countries.  This development assistance includes education programs, providing services including electricity and water and fighting health crises including AIDS and tuberculosis.

The World Bank is governed by a Board of Governors and the Bank employs at least 10,000 people including economnists, teachers financial experts and engineers as well as many others. 

One of the major projects of the World Bank is the Millenium Development Goals focussing on school enrolments, child mortality, maternal health, disease, and access to water.  This project is due to be completed by 2015.
 

World Customs Organisation (WCO) http://www.wcoomd.org

The World Customs Organisation (WCO) is an independent intergovernmental body with world-wide membership whose mission is to enhance the effectiveness and efficiency of customs administration for the facilitation of international trade. To fulfil its objectives the WCO establishes, maintains, supports and promotes international instruments for the harmonisation and uniform application of simplified and effective customs systems and procedures governing the movement of commodities, people and conveyances across customs frontiers. The WCO reinforces Members’ efforts to secure (through control and enforcement) compliance with national legislation to maximise the effectiveness of Members’ co-operation with each other and with international agencies to combat Customs offences. It also assists Members in their efforts to meet the challenges of adapting to changing circumstances, by promoting communication and co-operation among Members and with other international organisations, and by fostering human resource development, improvement in the management and working methods of customs administration, and the sharing of best practices. 

World Intellectual Property Organisation (WIPO) http://www.wipo.org

The World Intellectual Property Organisation (WIPO) is an intergovernmental organisation responsible for the promotion of the protection of intellectual property throughout the world. WIPO administers over 16 multilateral treaties dealing with the legal and administrative aspects of intellectual property. WIPO’s work involves the development of new international treaties dealing with intellectual property and an extensive program of co-operation for development under which technical assistance is extended to developing countries. The Organisation's work also involves the provision of services directed to the private sector under international arrangements which provide for simplified and cost-effective means of obtaining international protection for patents, trademarks and industrial designs. The Organisation also offers dispute-resolution services for private parties involved in international disputes concerning intellectual property. The fees generated by WIPO in the provision of services to the private sector account for about 88% of the Organisation's budget. 

World Trade Organisation (WTO) http://www.wto.org

The World Trade Organisation (WTO), is an international body which deals with the rules of trade between nations. WTO agreements provide the legal ground-rules for international commerce. The agreements are binding contracts which are signed by the bulk of the world’s trading nations to keep their trade policies within agreed limits. Although the agreements are negotiated and signed by governments, the goal is to help producers of goods and services, exporters and importers conduct their business. The WTO agreements deal with trade in goods, services and intellectual property. It outlines the principles for liberalisation, and the permitted exceptions. WTO agreements include individual countries’ commitments to lower customs tariffs and other trade barriers, and commitments to open (and keep open) service markets. It also set procedures for settling disputes and requires governments to make their trade policies transparent.

In some past examninations (particularly at undergraduate level) I have posed the following question in various forms, selecting various organisations. 

From the following list of  international organisations, select two (2).  Discuss and compare the approach taken by the organisations in relation to policies on electronic commerce and the regulation of electronic commerce.

· World Trade Organisation (WTO)  · The Organisation for Economic Cooperation and Development (OECD)  · The Asia Pacific Economic Cooperation (APEC)  · International Chamber of Commerce (ICC)