Liability of Internet Intermediaries
E-commerce
Encryption
Computer Crimes
Satellite Systems
In November 2002 a working draft Law on Digital Economy prepared by the Raffarin government was published. The draft aims to implement the E-commerce Directive (2000/31/EC) into French law. It replaces the draft Law on the Information Society presented to Parliament by the Jospin government in 2000. Although most of the provisions of the working draft track the language of the 2000 draft, there are some important differences between these two documents.
The working draft has been sent to various regulatory authorities for their opinion. It is expected that it will be presented to Parliament in early 2003 and enacted in the first half of 2003. While the draft is a working document only and could undergo modifications before it becomes law, it will be of primary interest to e-commerce operators in France, as it will impact significantly on their activities.
Liability of Internet Intermediaries
Mere conduit providers
The working draft provides that, as concerns the "activity of transmission of content in a communications network or of provision of access to a communication network", the provider shall have no liability for such content, provided that it "does not initiate the transmission, does not select the receiver of the transmission and does not select or modify the transmitted content".
Therefore, the text of the working draft is closer to the language of the E-commerce Directive than was the 2000 draft. Most significantly, the working draft refers to the activity of transmission of content or provision of network access as opposed to the persons engaged in such activity and provides for conditions of exemption from liability similar to those of the E-commerce Directive.
Caching providers
The working draft provides that, as concerns the "activity of automatic, intermediate and temporary storage of transmitted content made for the sole purpose of making more efficient its onward transmission", the provider will not be liable for such content.
The exemption of liability applies as long as the provider
"does not modify the content, complies with conditions on access to it and with habitual rules regarding its updating, does not interfere with the lawful and habitual use of technology used to obtain data."
Further, the provider must:
"act promptly to remove the stored content or disable access to it as soon as it becomes effectively aware of the fact that the initially transmitted content was removed from the network, the fact that access to the initially transmitted content was disabled or the fact that judicial authorities ordered the removal of the initially transmitted content from the network or disabling of access to it."
In this respect, the working draft tracks the language of the E-commerce Directive more closely than the 2000 draft.
Hosting service providers
Although the working draft moved from a reference to the persons engaged in an activity to a reference to activity with respect to mere conduit and caching providers, it maintains the reference to the persons engaged in an activity with respect to hosting service providers. These are defined as:
"individuals or legal entities providing, for free or for a consideration, a direct and permanent storage to place at the disposal of the public signs, texts, pictures, sounds or messages of all kinds accessible by on-line public communication services."
One could argue that this continued insistence on 'persons' means that the legislator only intends to protect traditional web hosting companies (such as Geocities or Multimania) as opposed to multi-activity internet intermediaries which provide hosting among other types of services.
The working draft would replace a broad exemption of hosting service providers from liability for the hosted content that exists under the Law of August 1 2000 (presently hosting service providers are civilly or criminally liable for the content hosted by them "only if, upon notification by a judicial authority, they have not promptly taken the necessary steps to prevent access to this content") by two sets of circumstances under which hosting service providers are exempted, respectively, from civil and criminal liability.
It provides that hosting service providers will not be civilly liable for the hosted content if (i) "they did not have actual knowledge of illegal activity or information or were not aware of facts or circumstances from which the illegal information or activity is apparent" or (ii) "upon obtaining such knowledge or awareness, they acted promptly to remove such information or disable access to it".
Hosting service providers would be exempted from criminal liability if (i) "they did not have actual knowledge of illegal activity or information", or (ii) "upon obtaining such knowledge, they have acted promptly to remove such information or disable access to it". Although in this respect the working draft is in contrast with the 2000 draft (which aligned the criminal liability of hosting service providers with general criminal law principles) the outcome would appear to be essentially the same.
In line with the E-commerce Directive, the working draft provides that neither internet access providers nor hosting service providers have an obligation to "monitor the information that they transfer or store or...to actively search facts or circumstances revealing illegal activities". Like the 2000 draft, the working draft neither establishes a formal notice and takedown procedure, nor exempts the hosting service provider from liability for erroneously removing legal content that it had considered in good faith to be illicit.
The working draft would maintain the distinction between technical intermediaries not making any changes to the information transmitted or stored by them (which are subject to special limitations of liability) and technical intermediaries modifying the information transmitted or stored by them in any manner (which are subject to the general rules on publisher's liability - for more information please see the Overview).
The working draft also contains rules on choice of law, advertisements sent by email and electronic contracts.
Choice of law
As regards choice of law, the working draft limits the instances where the choice of an EU member state law in a distance contract concluded with a French consumer would be disregarded in favour of French law. Specifically, it authorizes the parties to have the contract governed by the law of the EU member state where the person offering or ensuring goods or services, at a distance and in electronic form, is established, provided that the application of foreign law will not "deprive a consumer having his usual residence in [France] from the protection afforded to him by the mandatory provisions of French law relating to contractual obligations".
Provisions relating to contractual obligations are defined as "provisions applicable to the essential elements of the contract, including those specifying the consumer's rights, which have a determining influence on the decision to enter into a contract".
Marketing by email
The working draft establishes the opt-in system for the processing of data relating to physical persons or legal entities for direct marketing purposes where advertisements are made to the relevant person by email (ie, it requires a prior consent of the recipient to receive such messages).
The only exception applies to unsolicited commercial communications sent by persons who have obtained email addresses directly from the recipients in the context of the sale of a product or a service, provided that (i) such commercial communications are limited to similar products or services, and (ii) recipients "are clearly and distinctly given the opportunity to object, free of charge and in an easy manner," to such use of their email addresses both when they are initially collected and when each message is sent to them.
Sending by email of commercial communications dissimulating the identity of the person on whose behalf the message is sent, or of commercial communications not "clearly and unambiguously identified as such as of the moment of their receipt by the recipient" is prohibited.
Electronic contracts
The working draft expressly recognizes the validity of contracts concluded in electronic form by stating that where writing is required to validify a legal act, such writing may be established and stored in electronic form (except for certain acts such as personal sureties, nuptial agreements or wills - for more information, please see the Overview). If such writing is required to be hand-signed by the contracting party, the latter may use an electronic signature if the conditions of such use "ensure that the notice may only originate from him".
The working draft states that those who offer, by electronic means, to supply products or services must provide the applicable general and specific terms and conditions "in a manner permitting their preservation and reproduction", and lists categories of information required to be provided to the offeree similar to those specified in the 2000 draft (for more information please see the Overview).
Unlike the 2000 draft, the working draft requires that certain categories of information (eg, the provider's name, company's registration number and registered address) be provided not only on the home page of the site, but also on every web page seen by the customer from the moment the transaction is commenced. This requirement extends to all providers participating in the transaction between the offeror and customer.
Further, it provides that the offeror is bound by the offer as long as the offer is accessible electronically, and that a contract offered electronically is concluded when the offeree, after having entered data necessary for his order and obtaining the confirmation of the order by the offeror, confirms his acceptance. The working draft requires that such confirmation be sent 'promptly'.
The working draft reproduces almost word-for-word the provisions on encryption proposed in the 2000 draft. In particular, it significantly liberalizes the supply of encryption products. As with the current regime, the use of all encryption products is free. The supply, import and export of encryption products are also free if they are limited to authentication or control of data integrity. The new regime would submit the supply in France and importation into France of other encryption products - those that encrypt content - to a prior declaration regime, regardless of the strength of the encryption algorithm.
The declaring party would be required to maintain at the disposal of the prime minister's office a description of the technical characteristics of the products. The provision of encryption services would be subject to a prior declaration, the conditions of which are to be set by decree. The only acts that would continue to be subject to prior authorization would be the transfer (including to another EU member state) or exportation out of France of an encryption product that is not limited to authentication and data integrity functions. Future decrees would provide for exceptions to the prior declaration and prior authorization regimes for categories of encryption products or services that the prime minister's office believes are not sensitive.
This liberalization of the use and supply of encryption products and services is accompanied by a significant reinforcement of the government's means to obtain the technical information necessary to decipher encrypted messages when necessary and of the sanctions in the event of violation.
The working draft significantly reinforces criminal sanctions applicable in the event of the use of encryption products for the preparation or perpetration of a criminal offence, or facilitation thereof, as well as in the event of criminal interferences with automated data processing systems. It further amends the Criminal Procedure Code to extend the notion of 'documents' to electronic data.
Finally, the working draft specifies the procedure governing the assignment of satellite systems frequencies (comprising application for assignment, grounds for refusal, obligations of the licence holder, grounds for withdrawal of the licence). These provisions will be supplemented by special governmental decrees.
For further information on this topic please contact Bradley L Joslove at Franklin by telephone (+33 1 45 02 79 00) or by fax (+33 1 45 02 79 01) or by email ([email protected]).