Select Committee on European Union Minutes of Evidence


Examination of Witness (Questions 1080 - 1099)

WEDNESDAY 7 JUNE 2000

MS ANNE-MARIE ROUCHAUD, MR CHRIS JONES AND MR MICHAEL WILDERSPIN

  1080. Are you aware of that? I am sure you are.
  (Mr Wilderspin) We are pretty well aware of it.

  1081. You said there was another point you wanted to make?
  (Mr Wilderspin) Yes, there was just one point which I did not perhaps make. Another of the arguments which was put forward by industry was this question of possibly harming competitivity in relation to the United States. We have made a study of the rules in the United States. The intellectual process is somewhat different. The rule which is contained in this new Article 15 corresponds very much to the approach in the United States. The basic approach of the Brussels Convention in our regulation is that a defendant is sued in the country where they are resident, subject to certain exceptions, including protective heads of jurisdictions for consumers. Whereas in America the basic approach is that all states are free to define their own jurisdictional rules subject to the due process clause in the Constitution which requires what are called "minimum contacts". So the jurisprudence in the United States suggests that doing business via a website which is accessible and available for making contracts in another state can found jurisdiction in that state where the consumer, or business for that matter, is resident. So the long and short of it is that Article 15 does correspond pretty much to what is called the Zippo Continuum test. There should not be any harming of competitivity.
  (Mr Wilderspin) I am Michael Wilderspin and I work in Justice and Home Affairs also.

Lord Paul

  1082. If I can come to the question of abuse on the internet. It is coming in all sorts of forms, hacking of websites and servers, distribution of things, look at the damage caused by the Love Bug, each of these activities has a potential to reduce the confidence of the consumer of e-commerce. How will the EU address these concerns? Is it a criminal offence in all EU States to spread viruses? Are the penalties in all EU States sufficient to deter this?
  (Ms Rouchaud) I think in your question there are two aspects, one which is the more general one and one which is more focused on criminal law. Your question could be addressed via this civil aspect of justice. I think that the Brussels Regulation to a certain extent can help in giving some jurisdictional rules for damages so we have an article which deals with that. Even the question of applicable law can be useful for dealing with this question and maybe Michael Wilderspin can say a word about this question of applicable law to e-commerce delict because he is working especially on this issue. Maybe Mr Jones can answer more on the criminal side. Michael, do you want to say something about applicable law?
  (Mr Wilderspin) Yes. As my colleague has said, the Brussels Convention at present and the Regulation in future does have a specific head of jurisdiction which allows actions to be brought in the place where damage is suffered in the case of a cross-border delict or tort. If there is transmission say of defamatory material in one country and it is received or broadcast in another country this comes under jurisdiction in the country where the material is received. This can provide some form of deterrent. As a complement to the Brussels Regulation work is going on at present on an instrument on applicable law, that is to say the law which will be applied by the court which has international jurisdiction in the case of cross border delicts and torts. Obviously this has received a certain amount of topicality in the context of electronic commerce and modern means of communication. It is extremely important to get a balance between providing sufficient safeguards in case of abuse and infringement of protected interests but, on the other hand, not discouraging use of electronic commerce by stigmatising in one country actions which may be perfectly lawful in the country where they are actually committed. The Commission at present is planning to bring out a Green Paper, which I hope will be adopted fairly shortly, the purpose of which will actually be to consult with interested parties. It will pose a number of questions—some general and some specifically related to the question of e-commerce—in which this particular problem will obviously feature fairly heavily. Things are at a fairly embryonic stage at present. A certain amount of discussion did go on on this initiative, which is called Rome II in fact, amongst the Member States but now it is a first pillar matter the Commission is taking over and starting from scratch again, partly to avoid any criticism that there has not been proper consultation there.

Chairman

  1083. I do not know if you are conversant with what is happening with the Regulation of Investigatory Powers Bill in the United Kingdom?
  (Mr Jones) Reasonably well. Shall I deal with this?

  1084. It is all within the same parameter here. We saw the Minister, at least I was part of the group which saw the Minister two days ago, and he was being closely questioned from a whole variety of standpoints. At the one end we have people representing, for example, the interests of the RSPCC that represents children saying it is not tough enough but conceivably you could have paedophiles who under this new law, if it becomes law, could be sentenced for up to two years, whereas if separately they have been identified as a paedophile breaking other criminal acts they could be imprisoned for much longer periods. They are saying that the law is not tough enough. On the other hand, we have a great outcry both from the industry about the imposition that it may put on business, extra burdens on them that may discourage the growth of e-commerce business in the United Kingdom and so on, and they want it watering down. For all the reasons that you will understand relating to terrorism and all the rest of it the Government are maintaining that they need to have access. What happens in the rest of Europe if people have regulations as tough as this? The view that is being put around is that except for Russia nobody has anything quite so tough as what they are proposing to put in place. They emphatically deny that is not the case but they say that a lot of people still have open minds in Europe on what they want to do and it is quite conceivable that what happens in the United Kingdom may be seen as a bit of a leader for other countries to go down similar routes. Could you comment on that? Do you think that is the case?
  (Mr Jones) Can I just clarify exactly where your concerns lie because the Bill covers both interception and encryption. You are talking about the power to require someone to give up their encryption key, is that correct?

  1085. That is it, yes. I was linking it with the Green Paper to see whether you are starting to move into this area and whether you are starting to touch it.
  (Mr Wilderspin) I will come back to this.
  (Mr Jones) As far as the position in other Member States is concerned, I think in law enforcement communities in other Member States there is a lot of concern about encryption. I think it is fair to say that quite a few Member States still have yet to decide what they are going to do about the problem of encryption. The Bill, as I understand it, does not impose a key escrow requirement, which was the big issue that used to mean that you had law enforcement on one side and industry on the other. That seems to have settled down now in Europe and most people tend to recognise that the key escrow requirement is no longer an appropriate way to solve this problem. In terms of the Commission's position, it is fair to say that we have yet to consider in detail whether there is a need for the criminal law provisions that the United Kingdom has introduced on encryption specifically. More generally, if I could just go back to the previous question, question five, there you are talking about criminal offences in Member States to spread viruses. The Communication will look at this issue and I think it is fair to say that there are quite wide differences between Member States in the way in which they have criminalised offences such as hacking and sending viruses. The penalties do differ quite considerably. We are looking at this issue at the moment and the Cybercrime Convention in the Council of Europe will address this issue partly, but I think the Commission believes that within the EU we can go a bit deeper in approximating laws in this area and that is something we will be considering over the next few months. Going back to your question about encryption, you asked whether these powers conflict with the Telecommunications Data Protection Directive, is that 97/66?

  1086. Yes.
  (Mr Jones) I am not sure how a power to require someone to give up a key would conflict with that because the Directive is obviously on First Pillar matters and does contain fairly broad exemptions for public security, investigation of crime, etc. Obviously there is a need when Member States are introducing legislation such as this for there to be proportionality. I think the Commission would be concerned if there were going to be substantive burdens on industry as a result of this. I am not aware of any representations the Commission has on this particular issue from industry although I should say that it is DG INFSO that would have the main interest in looking at that.

  1087. Who?
  (Mr Jones) DG INFSO, the Information Society Directorate-General, would have the main interest on looking at the impact of this type of legislation. It will be interesting to see what the outcome is of the UK Bill. I think in the US they are just about to introduce legislation which will tackle cybercrime, and perhaps the encryption issue to a certain extent as well. I am not aware of any other Member States that have introduced specific legislation on encryption.

  1088. Their approach is quite a different approach. They are saying "no way do you get into this but the FBI can do what they want. Here is the money, you can do what you want but we do not know publicly what you are doing". At least the British Government is arguing. I have to be careful because there are a lot of contrary views on this side about it. At least they are arguing and there is a degree of openness about it.
  (Mr Jones) Yes.

  1089. It is transparency.
  (Mr Jones) Is industry concerned that they are going to have to store these keys or simply that they are going to be burdened with requests?

  1090. There is a whole range of concerns. One was that technologically there would be a burden on them. The Government is now meeting that, they are involved in discussions with major providers about footing some of the costs. I think the other side of it is they feel there could be an exodus of the people who say "we do not want to be troubled with this, we will go and operate our businesses overseas, find ourselves a nice Caribbean island or something like that where we will not be similarly constrained". There are also some fine points about tipping off, that you are not allowed to tip off an enquiry being initiated and people could find themselves being liable to prosecution by clients where either directly or indirectly they have given leads that have led to enquiries. There could be claims made against them for having information from clients which has been released to agencies. There is a whole range of issues there.
  (Mr Jones) My understanding is one of the main concerns was actually the requirement for internet service providers to have an interception capability. That was where industry was particularly concerned about the burden put on them. Is it now true that the Government is going to bear most of those costs.

  1091. They were assuring us a couple of days ago that it is all still for negotiation and that the major providers, as we understood it, were now feeling much happier about it, although publicly they would not be prepared to say that. What smaller ISPs, who perhaps may not be so involved in this, or not involved at all with negotiations, will feel about it, the new entrepreneurs, may be quite different.
  (Mr Jones) That is why I think the Commission will watch what happens with interest. Obviously if representations are made from industry it will probably be the DG Information Society that will take the lead in considering whether there is a single market dimension to it.

  1092. You going to pick this up as well, Mr Wilderspin. I am sorry this is a bit wide ranging.
  (Mr Wilderspin) Not at all. I think what would be dealt with in the Green Paper is only really peripherally relevant to this particular question. What is envisaged in the Green Paper is not to harmonise the Member States' substantive law but simply to clarify which national law should be applied in the case of a cross-border civil dispute. It is certainly not e-commerce specific. The growth of e-commerce is obviously adding a practical interest. These technical questions which are dealt with in this particular UK Act are not relevant to this particular question. I do not know if you want me to go into any further detail. It would perhaps be unduly burdensome given the peripheral interest, but I am quite happy to if you would like me to.

  Chairman: I think we have got some more questions yet but maybe if we have some time left at the end.

Lord Faulkner of Worcester

  1093. It is related to this. Who is responsible for material on the ISPs? The States are saying that the ISPs are not liable for the material they carry, the messages which they pass on. The United Kingdom courts have ruled in one case, that of Demon, that that ISP is responsible. I think a French court has ruled that Yahoo should censor material before it is made available in France. It seems there will be a variety of practices followed which will be a bit confusing and which could lead to everybody flocking to the United States where there are no restrictions. Could you comment and say if anything can be done about it?
  (Ms Rouchaud) My colleagues may have something to say. The Directive on Electronic Commerce is ready to be adopted and Article 14 is dealing with this question. It is providing that the providers are not liable for the information, they are just transferring from the origin to the final addressee under certain conditions. If you look at Article 14, it is clear that a provider who has not been aware of the illicit aspect of the activity of the information, they cannot be made liable for the quality of the information he just transfers because he cannot control all the information which is going through his computers. So I think that when the Directive is in force and has been transposed into the Member States, the situation in the EU with Demon and Yahoo should not occur any more except if Yahoo or Demon know that information is illicit and so on and so forth. The basic rule, the absence of liability on Internet Service Provider, I think my colleagues from DG MARKT know much more about that and I think you are going to meet them this afternoon. As far as we know Article 14 is making the situation in Europe the same as it is in the US according to your evidence. The risk you have been quoting of having most internal transactions by US service providers is maybe not such a big risk.
  (Mr Wilderspin) Yes, that is certainly my understanding.

Chairman

  1094. If I may just bring up the question of Article 15, Recital 13.
  (Ms Rouchaud) Yes.

  1095. Which is the question of an activity directed to that State. This is causing considerable concern because companies feel that by simply exposing themselves on the Web they are exposing themselves to multiple liability. How do you see this being addressed, by a definition of direction?
  (Ms Rouchaud) First, to be sued in a court by a consumer means that there was a contract. Having contracted with a consumer located in State A, a provider in State B has exposed himself to be sued in State A. Secondly, we know that this idea of activity "directed to" the state of domicile of the consumer has been a little bit controversial and has raised some problems. That is why Commissioner Vitorino has said at the DG JHA Council in March that we are ready to reconsider not the substance as such but the drafting of Article 15 to make it clear that if you have a website which is available in State A and a consumer living in State A goes and makes a contract in State B during his holidays or whenever and comes back to State A and sues the firm in his domicile, Article 15 will not be applicable. To sum up, what is not covered—in the Commission's view—is the case where a consumer is going abroad, buys goods and comes back home and wants to sue at home. In that case Article 15 will not apply. That is something which is clear. If you have a website which is available in all Member States, and if you accept to make a contract with a consumer in State B, C or D, you expose yourself to be sued in the State of domicile of the consumer[3].

  1096. *

  1097. *

Viscount Brookeborough

  1098. Would the destination of the delivery have any bearing at all? If you were on holiday somewhere else and you ordered it on the website but you order it to be delivered—and they agree to deliver it—to either your home country or your next destination, would that have any effect?
  (Mr Wilderspin) It is not relevant as regards the application of Article 15 which has focused really purely on the notion of directing activity and where the contract is made.

  1099. And when the communication took place.
  (Mr Wilderspin) Yes. But it can be relevant with regard to another special head of jurisdiction which is Article 5(1), which is of general application and not restricted to consumers, which allows the plaintiff the option of suing in the country where goods were delivered, or should have been delivered, in the case where there was a breach of contract. There, in that particular case, the focus is on where the goods were delivered or should have been delivered according to the contract. This is across the board, it is not just available for consumers, it is also available in business to business contracts.


3   QQ 1096 and 1097 contain answers given in confidence and have been deleted. Back


 
previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2000