Law and Regulatory Requirements Relating to Internet business retailing Introduction
We have been asked to advise Alfred with regard to three claims that have been made against his company Alfsoft Ltd, which is a software development and production business, in respect of its business activities. Two of these potential claims arise from the sale of software programs through his Internet website and the third claim relates to a issue regarding the legal usage of the businesses registered domain name.
Issues relating to sale of products
Alfredâ€™s company sells software through his Internet website. This software can either be purchased online and downloaded direct from the site, or ordered online and sent out to the consumer in the form of a DVD to the buyers home address. Brian, who lives outside of the UK, but within the EU, has purchased the software using the download option and Cassy, who resides in the UK, has purchased it using the DVD despatch method. Upon installing the software to their own machines, both Brian and Cassy have experienced virus problems as a result of loading the software onto their computers and are now claiming compensation from Alfredâ€™s company for the damage that has arisen as a result of this virus. Brianâ€™s claim is for business interruption amounting to Â£10,000 and Cassyâ€™s is claiming Â£100 cost that she incurred in have to take her computer to be repaired. Electronic Commerce Legislation
To evaluate Alfredâ€™s liability relating to these claims, it is necessary to understand the legislation that covers these issues. The UK has implemented the EU directive 2000/31/EC of the European Parliament by the enactment of the Electronic Commerce (EC Directive) Regulations (2002). The provisions of this act relate specifically to the performance of e-commerce and the conditions under which this should be conducted, together with the protection that is afforded to the consumer. Although this act assumes that the laws of the UK relate to a UK based e-commerce business in certain areas, it does not preclude a person from another member state from taking action according to the laws of their own state. However, in this case the person would have to request those who have jurisdiction to encourage the UK legal authorities to take action on their behalf (Office of Fair Trading 2007). In addition to this legislation, Alfredâ€™s business activities would also be conducted under the Consumer Protection (Distance Selling) Regulations 2000 (see Electronic Commerce (EC Directive) regulation 10), and the law of contract and the common law duties of negligence (Rustad and Daftary 2003, p.437). The first point in the two cases in question relates to the disclaimer. Firstly, disclaimers have to be conspicuous and without any â€œexpress or implied warrantiesâ€ and should be placed in a position that they need to be read and agreed to before a consumer commences to view or download information (Rustad and Daftary 2003, p.163). Secondly, it needs to make it clear that the web-site owner utilises the site and facilities at their own risk (Rustad and Daftary 2003, p.556). Thirdly, the site does not necessarily need to explain the facility of downloading or printing information (Campbell and Woodley 2003, p.54), although most sites will contain this information. Regulation 6 and 7 of the Act (2002) covers this point. However, the e-commerce business has certain responsibilities in respect of security. This relates to a number of factors. For example, there is the security of information that is collected from the consumer, which needs to be protected by the selling business. In addition, and more relevant to the case being reviewed, is the security issue relating to the protection of the information that the site contains and threats that may occur, for which the relevant security apparatus should be in place, which should also be updated as required to ensure that the business is secure at all times (Rustad and Daftary 2003, p.142 and p.177). Website security needs to be maintained at the highest level available at all times. All e-commerce business has a duty to protect its consumers and a company that outdated security, or security which is inadequate for the task required, such as the downloading of software could find themselves guilty of negligence and have a liability for any damage that may result from the activity of a â€œhackerâ€ or from any virus that is transmitted with the download (Rustad and Daftary 2003, p.437 and p.505; and Spindler 2002, p.88). For example, in the case of Pegler Ltd v Wang (UK) Ltd
where a computer failed, the defendants would found to be liable for damages in respect of that failure and damages were assessed, although no formal records had been kept, in respect of the interruption to the plaintiffs business. Once an incidence of negligence has occurred the consumer can claim against the business and does not have to identify a particular person for responsibility for that negligence (Carroll and Others v Fearon and Others) One of the crucial aspects for the grounds for successful negligence is there sufficient evidence to enable an action. For example, should the defendant have been aware of the potential for the damage to be caused and did they take reasonable precautions to avoid this. In the case of Swain v Puri
it was held that such knowledge should have been available, and that the turning of a blind eye to it was no defence. The events that took place between Alfred and the two consumers identified within this case would also fall within the Sale and Supply of Goods Act (1994). This act provides the consumer with certain rights that would not normally be available to them under the normal rules of contract law, and is intended to provide for a more rapid solution to issues that arrive. The act outlines the duties and responsibilities for both parties. One of the key aspects of this act is the implied terms and conditions and of these it is the implied conditions that are the most important. Of particular relevance to the case being studied is section 14(2), which states that the goods must conform to: - (a)fitness for all the purposes for which goods of the kind in question are commonly supplied, (b)appearance and finish, (c)freedom from minor defects, (d)safety, and (e)durability. This means that the goods must not only fit for the purpose for which they were intended, but must also be safe and free from any defects. In the case of Rogers and Another v Parish (Scarborough) Ltd and Another 1987 it was held that the goods sold, because of its defects, whilst usable were not of a satisfactory quality under the terms of the act. In section 53(a) this act also provides for the consumer to be able to claim damages that can be justifiably have arisen as a result of that breach. These implied conditions do not necessarily have to be written into the terms as they are reliant upon what the courts would determine as â€œwhat a reasonable person would expectâ€ from the performance of the act of buying the goods. Breach of Duty of care
In addition, under common law, both parties who enter into a contract owe a duty of care to the other. In the case of the Sale and Supply of Goods Act (1994), this means that the seller would owe a duty of care to the buyer and visa-versa. If one party claims there is a breach of that duty, for example the buyer, they have to prove such a breach has taken place, using a number of criteria. The first of these is â€œproximity.â€ It has to be proven that the person who committed the breach is required to have reasonably thought about the consequences that an act of breach would cause, and how it would affect those who suffered from it. In particular, that person has to consider the fact that those who would be most directly and immediately affected by any breach were due a duty of care. In other words, a duty of care was owed to the person who was immediately affected by the damage. The basis for this rule was laid out in the legal case of Donoghue v Stevenson (1932) AC 562, by Lord Atkin (Hodgson and Lewthwaite, 2004, p.118). Foreseeability is another criterion upon which breach of duty of care is judged. In other words could the breach and the damage seen have perceived to be likely to occur? In determining this issue, the courts will again evaluate the level of foreseeing the possibility on the grounds of what would have been reasonably expected. However, what is excluded when approaching this area, as was found in the case of Roe v Minister of Health (1954) 2 AER 131 (Hodgson and Lewthwaite, 2004, p.82), was any action where the determination of forseeability can only be confirmed by the benefit of hindsight. Safety and security also impacts upon duty of care. In this respect one has to consider the practicality of assessing the risk and measuring that against the precautions that have or should have been taken to reduce the risk as far as possible. The case of Daniel Wilson v Governor of Sacred Heart Roman Catholic Primary School (1997) EWCA Civ 2644
refers to this issue. Although this case deals with a physical personal risk, the same rules apply to risks from damaged goods. To enable success for a claim under the breach of duty of care rules, the person making the claim has to have suffered an actual damage. It is highly unlikely that the claim will be found in their favour if there is no actual damage.
In the case of Brian and Cassy, a contract for the purchase of the software goods from Alfredâ€™s company would have been formed at the moment that they both indicated, by pressing the â€œI acceptâ€ option on the terms and conditions, and making their payments, that they wished to purchase the product at the agreed price and, in the case of Brian, commencing the download to his own system, and with Cassy, the acceptance of the DVD and transferring the information to her computer (Spindler 2002, p.319). From that instance, these contracts would have been subject to the various legislations and regulations that have been outlined in previous sections. The conclusion is that there are several issues to be addressed. Firstly, from the information relating to the case it is apparent that the software was vulnerable to the particular virus that infected the consumerâ€™s computers. Therefore, under the sale and supply of goods Act (1994) there is the potential for a valid claim from both parties. The key issue here is whether Alfredâ€™s company should have foreseen this virus infection. It would be our contention that due to the fact that both of these transactions were originally undertaken online, which is renowned for the incidences of viruses, it is reasonable to suggest that such an infection was always a possibility. However, the question of the level and appropriateness of the website security arises. If it was out of date or not sufficient for the task, then the potential for the claim is strengthened. (Rustad and Daftary 2003, p.437 and p.505; and Spindler 2002, p.88). If the website was operating an adequate security system, which was regularly updated, then in may have been reasonable to assume that the software was protected. Furthermore, despite the fact that the terms and conditions that Brian and Cassy accepted contained a disclaimer, there are implied terms that would be incumbent upon the business. For example, it would have been reasonable for the buyers to rely upon the belief that the software would have been free from all known viruses. In the case of Cassy, who received her software package through the post on a DVD, it is concluded that this consumer has a valid claim, which she could pursue through the UK courts. The reasoning for this is that, with the constant threat of virus infection surrounding software, she could have reasonably expected that the DVD and its contents would have been screened for viruses prior to being dispatched. The fact that it was still infected when it was transferred to her computer suggests that insufficient care was taken by Alfredâ€™s company in minimising the potential threat from this source being transmitted to Cassyâ€™s machine. In conclusion, particularly in terms of low the amount of the claim, it would be advisable to settle this case. With regard to Brian, the two significant differences are that he downloaded the software direct from the Internet and that he resides in a member state of the EU outside of the UK. In the first part of this, one has to consider whether Brian himself had a duty to endeavour to reduce the risk of damage. As with Alfred, it could be argued that Brian would have been aware of the potential threat from viruses that occur on the Internet and, particularly, that these threats often materialise through the transmission of data from one machine to another. Therefore, it would have been reasonable to assume that there would have been a level of protection from threat on Brianâ€™s own computer that would have been capable to detecting the infection on the software, which would have rejected the download. In this case it is advised that liability, although it still exists for Alfred, may be reduced as a result of Brianâ€™s own lack of security.
Use of domain name
Alfred has incorporated his business under the name of Alfsoft Ltd., and also registered the name â€œAlfsoftâ€ as a UK trademark for computer software. In addition, the domain name alfsoft.com has also been registered. All of these actions were undertaken in 2006. However, an international US competitor, Alpha-software LLC, had previously registered the trademark Alphasoft and the domain name alphasoft.com in 2001. This company is demanding that Alfsoft Ltd transfer the domain name of alfsoft.com to them on the grounds that it so similar to their own that it could be confused. They are threatening legal action as provided for by UDRP
policy introduced in 1999 by ICANN
unless Alfred accedes to their request. A domain name is an extension of a businesses promotional activity, particular in respect of e-commerce Rustad and Daftary (2003, p.82) and website use. In addition to enabling the business to promote to customers within their own national territory, for example within the UK by registering a domain name with the extension, .co.uk, a business can seek international marketing expansion by registering a domain name with the extension .com. All domain names are registered with an Internet provider, who charges a fee for maintaining the domain name on the Internet. As part of the registration, acceptances of the UDRG policy are now automatically incorporated within the agreement. Historically, there have long been problems with domain names. The majority of this arose from the fact that Internet users would, as Carl and Joynson (2002) explain: -
- Register domain names for famous brands, such as MacDonalds.com and then charge the land-based trademark holder a significant amount to buy it from them. This is known as Cybersquatting.
- Register a name that is so alike to a well-known brand as provide unfair advantage to the person holding the similar brand (known as passing off), or that could lead to confusion for those searching the Internet.
- Register an abusive name, which was normally performed in cases where a person or persons had reason, real or imagined, to want to attack the brand holder.
In was in an effort to address these issues that the ICANN was formed and the UDRP (1999) policy was were introduced. This policy provide for the resolution of disputes that arise in respect of domain names and set down prescribed methods of approach to be used in such instances (Campbell and Woodley 2003, p.128). Under the terms of these policies a certain number of â€œdispute resolution providersâ€ who have been approved by ICANN will deal with the dispute. As can be seen from table 1 below, as of 2002 there were four such providers, the World Intellectual Protection Organisation, National Arbitration Forum, eResolution and CPR Institute for Dispute Resolution, although others, including the Asian Domain Name Dispute Resolution Centre, which has three offices, have since joined this list. The first proceeding under this policy commenced in December 1999 and, as can be seen from the list of providers, in the two years following that date there were over four thousand cases lodged, which are spread across the various dispute resolution providers. Table 1 Dispute resolution providers
The most important section of the UDRG policy, and the one that is relevant to the case in question, is number four
. This outlines the incidences, which may lead to a dispute and potential claim as follows: - â€œ4 (a) Applicable Disputes (i) your domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and (ii) you have no rights or legitimate interests in respect of the domain name; and (iii) your domain name has been registered and is being used in bad faith.â€ Section 4 (b) further clarifies the term â€œbad faithâ€ and it is part (iv) of this section that Alpha-Software LLC is relying upon as evidence to support their threatened claim against Alfred and his company, which makes the following statement: - (iv) â€œby using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your web site or other on-line location, by creating a likelihood of confusion with the complainant's mark as to the source, sponsorship, affiliation, or endorsement of your web site or location or of a product or service on your web site or location.â€ To ascertain the validity of Alpha-softwareâ€™s claim, the two key elements are a) whether the registration was intentional and b) whether confusion is likely to arise. To assist in this deliberation four decisions of cases conducted through the dispute resolution providers have been studied.
- Facetime â€“ Case No: NAF FA0092048
In this case both the complainant and the respondent were in the business of website software solutions. The complainant, Facetime Communications Inc., registered their domain name in1999 and were awaiting a US trademark decision on their application for facetime.com. The respondent, Live Persons Inc registered facetime.com in January 2000, with the purpose of selling it on. The finding was that the respondent must transfer the domain to the complainant, as their use contravened all three aspects of UDRG section 4 (b).
- Easyjet Ltd â€“ Case No: D 2000-0024
In this case easyjet already owned the domain easyjet.com. However they complained that the respondentâ€™s registration of easyjet.net was identical and should be transferred. Their complaint was upheld, which set a precedent that the dot extension was irrelevant when deciding a case.
- Camco Inc v Pawnbrokers super-store â€“ Case number
In this case the complainant had registered Asuperpawn [email protected]
The respondent had registered superpawn.com. The complainant claimed the similarity was confusing and requested transfer. However the claim was denied. The grounds for this denial was that a) the complainant had failed to evidence that the respondent was using the name in bad faith, b) there was no evidence to support direct competition, and c) there was no evidence to attract users by confusion.
- Venus Swimwear Inc v The GBC â€“ Case Number NAF FA0094234
The complainant had registered the trademark Venus Swimwear and the two domains venusswimwear.com and venusswimwear.org. The respondent registered the domain venusswimwear.net. It was claimed that the respondent registered the name to sell later at a profit or to dilute the name of Venus Swimwear. However, the respondent successfully argued that they were using the domain for a specific trading purpose. The claim was denied as the complaint had not proved all aspects of UDRG clause 4 (b), particularly parts (ii) and (iii). Two points can be specifically identified from these cases. The first is that the pre-existence of a trademark does not necessarily mean that a transfer would be granted. The second is that, in order to succeed, a claim must evidence that the respondentsâ€™ default relates to all clauses in UDRG 4 (b). However, a point of caution should be noted. Of the cases identified in table 1, the majority have been found in favour of the complainant. Conclusion
In respect of the complaint threatened against Alfsoft Ltd by Alpha-Software LLC, from the evidence that has been reviewed the registration undertaken by Alfred appears to have been taken for the purpose of conducting sales of his companyâ€™s software. Whilst there may be a similarity in the pronunciation of the name, it is our conclusion that there is insufficient evidence to support a claim that Alfredâ€™s company had no legitimate interest in using the name, nor that there was any intention to use it in bad faith. Therefore, it is suggested that the likelihood is than any such claim by the complainant would fail. Bibliography
Adams, Alix (2006). Law for Business Students. Pearson Education.
Edition Hodgson, John and Lewthwaite (2004) Tort Law Textbook. Oxford University Press,
UK. Rev Edition. Marsh, S.B and Soulsby, J. (2002). Business Law. Nelson Thornes Ltd,
Edition. McKendrick, (2005) Contract Law: Text, Cases, and Materials. Oxford University Press,
UK Uniform Domain Name Dispute Resolution Policy (1999). ICANN.
Retrieved 23 April 2007 from http://www.icann.org/udrp/udrp-policy-24oct99.htm
WIPO Arbitration and Mediation Centre (2004). Collection of WIPO UDRP Domain Name Panel Decisions. Kluwer Law International.
The Hague, Netherlands. Rustad. Michael L and Daftary, Cyrus (2003). E-Business Legal Handbook. Aspen Law and Business.
New York, US. Spindler, Gerals and Borner, Fritiof (). E-commerce Law in Europe and the USA. Springer-Verlag.
Berlin, Germany. Campbell, Dennis and Woodley, Susan (eds.) (2003). E-commerce: Law and Jurisdiction. Kluwer Law International.
The Haque, Netherlands. Carl, Tom and Joynson, Taylor (2002). United Kindom: Trade Mark Owners: 19 Cybersquatters: 1. Managing Intellectual Property.
Retrieved 23 April 2007 from http://www.managingip.com/?Page=10&PUBID=34&ISS=12550&SID=471754&TYPE=20
The Electronic Commerce (EC Directive) Regulations (2002). Retrieved 22 April 2007 from http://www.opsi.gov.uk/si/si2002/20022013.htm
Office of Fair Trading (2007). E-commerce regulations â€“ What do they do. Retrieved 22 April 2007 from http://www.crw.gov.uk/Other+legislation/E-Commerce/E-Commerce+Regulations+-+what+do+they+do.htm
Sale of Goods Act (1994). Retrieved 22 April 2007 from http://www.opsi.gov.uk/acts/acts1994/Ukpga_19940035_en_1.htm
Pegler Ltd v Wang (UK) Ltd  EWHC Technology 137; 1997 TCC No. 219 
Swain v Puri  PIQR 442 
Retrieved 22 December 2006 from http://www.bailii.org/cgi-bin/markup.cgi?doc=/ew/cases/EWCA/Civ/1997/2644.html&query=Sacred+Heart&method=all 
Uniform Domain Name Dispute Resolution Policy 
Internet Corporation for Assigned Names and Numbers 
Mandatory Administrative Proceedings.  http://www.arbforum.com/domains/decisions/92048.htm  http://www.wipo.int/amc/en/domains/decisions/html/2000/d2000-0024.html  http://www.arbforum.com/domains/decisions/94189.htm  http://www.arbforum.com/domains/decisions/94234.htm