Target Country Guidelines
Marketing Methods
Marketing Aimed at Minors
Gathering of Personal Data
Website Security, Internet Payments and Customer Services
Rules for Electronic Consumer Trade
In October 2002 the Nordic consumer ombudsmen agreed on the position statement on e-commerce and marketing on the Internet, which summarizes certain rules that should be complied with in electronic transactions with consumers. The revised position statement replaces the 1999 position of the Nordic ombudsmen, and also applies to corresponding communication systems, such as mobile communication.
The position statement supplements the national legislation of each Nordic country, and is essentially a recommendation. However, the rules enhance consumer protection by providing interpretation guidelines on what constitutes good practice in e-commerce and electronic marketing. Further, some of the provisions of the statement are directly derived from mandatory legislation.
The position statement covers issues such as electronic marketing and marketing aimed at children. In addition, it provides rules on personal data gathering, concluding electronic agreements and making payments via the Internet, and sets out certain liability and security issues.
Pursuant to the principle of the country of origin set out in the E-commerce Directive (2000/31/EC), businesses involved in e-commerce are obliged to comply with the legislation of their country of establishment. However, subject to certain requirements the Nordic ombudsmen may intervene in marketing actions originating in another state and directed at the respective country's market, provided that the intervention is necessary for consumer protection.
In this respect, the position statement outlines the following factors to be taken into consideration when deciding whether marketing is directed at a particular Nordic country's market:
- languages, currencies and other national characteristics used in the marketing;
- the extent to which the operations are otherwise marketed in the relevant market;
- the extent to which there is a connection between the internet marketing and other marketing activities in the market in question; or
- the extent to which the trader in question allows contracting with consumers from the relevant Nordic country.
Pursuant to existing legislation, the position statement requires that marketing be clearly and unambiguously identifiable as such. Thus, a marketing email must identify itself as such prior to opening. The position statement also provides that marketing must not limit internet use (ie, by requiring a high data capacity to display the advertising). In addition, marketing should not be improperly intrusive, for example by altering computer settings or affecting the work in progress on a consumer's computer. The number of times marketing messages are sent to individual users should be limited. Marketing should also not interrupt editorial material or other informative website content.
The position statement acknowledges certain discrepancies between the legislations of the Nordic countries with respect to the type of consent required for electronic marketing. For instance, in Finland active consent is required prior to advertising via email (and corresponding communications systems). According to the position statement, active consent must consist of a consumer's positive act - that is, the check box identifying consent should not be pre-filled, and a consumer must personally fill it.
With respect to marketing directed at children and young people, the position statement points out that businesses should take into account the level of maturity of the target group, and refrain from exploiting the natural innocence of minors. In addition, traders must not urge minors to buy goods or conclude agreements via the Internet, or send direct advertising to children or encourage them to provide information about themselves, their family or friends. Further, the statement prohibits businesses from offering rewards to minors in return for the provision of personal information, or use investigations, competitions or similar methods to gather personal information from children.
The statement recommends that businesses that direct marketing at children and young people, or which have a broad appeal to them, must not use hyperlinks to sites containing material not intended for minors. Businesses should also establish routines for reviewing their sites in order to remove material which is inappropriate for minors or otherwise non-compliant with legislation.
According to the position statement, businesses gathering personal data through their website must have a privacy policy placed on their sites which may be easily located and readily understood. Consumers must also be informed which personal data is necessary to conclude the agreement and which information is optional. The position statement also requires that consumer consent to use the collected personal data for direct marketing should be an active consent.
Further, the statement provides that the submission of personal data should not be a condition of entry into websites. With regard to minors, the statement points out that personal data may, as a general rule, only be gathered from adults and should not be gathered from minors who have no capacity to conclude contracts. If this is done prior consent from parents must be obtained, for example, by sending a parent's signature to the company by post or electronically via a parent's email provided that such consent may be verified (eg, by phone, email, fax or letter).
Website Security, Internet Payments and Customer Services
According to the position statement, customer details and order information should be protected by encryption or in a way that ensures that the data is not openly accessible to unauthorized persons via the Internet. If such protection is not available, the consumer should be clearly informed about it. The statement requires that the transfer of payment card details or other payment system codes via the Internet, as well as the storage of payment information, must be strictly encrypted.
The position statement also contains certain requirements regarding the provision of customer services (eg, that businesses assure that consumers are able to contact customer services easily, rapidly and effectively and without added expense). According to the position statement, online contact should not be the only customer contact service, and consumers should have the option to contact the customer service of the business by, for example, telephone. Further, consumers should be allowed to submit complaints or exercise the cooling-off right as easily as to order a product.
Rules for Electronic Consumer Trade
Another recommendation concerning e-commerce has recently been published. The new rules for electronic consumer trade prepared by the Finnish Direct Marketing Association and the Federation of Commerce and Trade came into force on December 1 2002. The purpose of the recommendation is to provide information and directions for traders on different aspects of consumer-targeted e-commerce, such as marketing practices, handling of personal data and rules relating to concluding an agreement.
For further information on this topic please contact Rainer Hilli or Jenni Kyntölä at Roschier Holmberg, Attorneys Ltd by telephone (+358 20 506 6000) or by fax (+358 20 506 6100) or by email ([email protected] or [email protected]).