Tombaky - Fotolia

Directors face e-laws overload

David Bicknel explains why IT directors are struggling to stay on top of e-commerce legislation from Westminster and Brussels

Last year, a string of users banded together to "persuade" the government that the decryption measures included in the Electronic Communications Bill were bad news. The government duly took out the offending section and incorporated it into the Regulation of Interceptory Procedures (RIP) Act. Now the protests are starting all over again.

But the RIP Bill is just one of many laws that are cluttering the agenda of e-commerce-focused IT directors.

For example, earlier this month, Margaret Smith, e-commerce director of insurance company Legal & General, chaired a conference on the implications of the review of financial services law - which is critical to the company's planned e-commerce and e-business offerings.

There is also the 1 March update to the UK's data protection laws to consider.

In addition to all this activity at Westminster, there is European legislation too. And in many cases, it goes further, covering much of the detail missed by the UK laws.

The UK Electronic Communications Bill, for example, promotes the use of digital signatures, but the European law on digital signatures specifies their detailed use, and covers issues such as liability.

Only this week, as the debate over the RIP Bill got under way, the European Parliament in Strasbourg set out to discuss a convention on "providing mutual assistance in criminal matters between member states of the European Union".

Nothing too much in that at first sight. Yet the convention is due to include a section on the interception of communications, and follows earlier allegations that the US used its "Echelon" intelligence system to spy on European companies and pass information to their US rivals.

Meanwhile, as national data protection legislation takes effect here, Europe is in dispute with the USA over the approach to privacy.

US negotiators are due to sit down with their European counterparts in Brussels in the next couple of weeks for the latest battle in the 15-month "data war".

The US propose a solution to the dispute, dubbed "safe harbour". This compromise between the US "self-regulatory" approach and Europe's emphasis on privacy legislation looks set to be rejected.

The privacy debate has already led to a degree of self-help by on-the-ball security and privacy specialists - such as Nick Mansfield at Shell Services International and Clare Wardle at the Post Office, both members of the ICX user group. Indeed, the creation of the ICX code, covering the transfer of data between Europe and the US has even galvanised the Organisation for Economic Co-operation and Development to take an interest.

And there is even more European legislation to be aware of. Mindful that Europe is too far behind the US in its adoption of e-commerce, the European Commission plans to push through a whole stream of new directives that could have implications for UK e-commerce and IT directors.

According to law firms Dibb Lupton Allsop, these include:

  • The Rome regulation covering non-contractual liability.

  • The Brussels regulation covering jurisdiction of laws for would-be e-commerce users.

  • A draft directive on distance-selling.

  • An e-commerce directive.

  • A Green Paper on Euro- financial services

  • A directive on electronic money

  • Deregulation of telecoms carriers and tariffs

  • Plans to tax Internet-based products and services in a similar way to "offline" sales.

All this means that keeping a weather eye on Brussels has become at least as important as knowing what is going on in Westminster.

For example, has anyone examined closely what the distance-selling, financial services, and electronic money directives might mean for the customers of UK companies cranking up their e-commerce operations? If not, maybe they should.

Regulation of Investigatory Powers Bill

The RIP bill aims to bring the law on Web-tapping into line with that of telephone tapping, and to update both in the light of technology advances such as e-mail and pagers.

The bill is being rushed through Parliament to allow the UK to sign the European Convention on Human Rights this year.

It contains two provisions that have caused concern among IT users:

  • ISPs are obliged to provide Web-tapping facilities to the security services with the government making an "appropriate contribution" to costs.

  • It is compulsory to surrender the key to an encrypted electronic message, with those who refuse possibly facing jail, and the burden of proof on any defendant who claims they have lost the key.

Westminster watchers expect the RIP Bill to be debated in the next month.

More e-security news

Read more on Business applications