Marketing has been covered by statutory requirements and codes of practice for some years. However, using the internet and other forms of e-marketing requires marketers to be aware of additional laws and regulations that might not have affected offline marketing. These include: the implications of the international accessibility of the internet for advertising and marketing and intellectual property; data protection and privacy; electronic commerce; and good practice in website accessibility.
Cross-border advertising and marketing
The usual UK marketing and advertising rules apply as much to the internet as to offline activities. However, the inherent cross-border nature of the internet creates special problems. If a website is available in another country, does that fact alone mean that the website proprietor has to comply with the laws of that country? If not, how far does a website have to be targeted at a particular country to trigger its local laws? What about a promotional email sent across borders to another country? These issues have posed particular problems in the publishing field, where controversial subject matter that is legal in one country may offend against legislation reflecting the particular political, religious or cultural concerns of the authorities in another country.
There is no easy answer to these questions. Within the European Economic Area some progress has been made, under the Electronic Commerce Directive, towards establishing a 'country of origin' regime in which an online business established in one Member State can market goods and services online to another member state without fear of infringing the laws of the destination Member State. However, the Directive (which is in the final stages of implementation around Europe) at best only goes part-way towards achieving a country-of-origin regime, so a web marketer still has to be concerned about the laws of other Member States. For instance, the Directive contains derogations from the country of origin principle for contractual obligations in consumer contracts, a wide variety of intellectual property rights, and the permissibility of unsolicited commercial email. All these and others are left to the national law of each Member State.
Outside Europe, there has been no progress towards creation of an international country of origin regime.
Advertising and marketing: UK rules
In the UK the Advertising Standards Authority (ASA) applies the British codes of advertising and sales promotion to advertisements on the internet. The ASA regards internet advertising as including:
- paid-for online space, including banner and pop-up advertisements
- all sales promotion online
- commercial emails
The ASA does not regard general product and service information on home pages as falling within its remit.
Advertisers who wish publicly to promote their support for the codes can join the Admark scheme.
In the case of an advertiser based outside the UK, the ASA may refer the complaint to an equivalent body in the foreign jurisdiction in question, for instance via the European Advertising Standards Alliance.
Online advertisements, like offline advertisements, are subject to the Control of Misleading Advertisements Regulations 1988. These regulations prohibit misleading advertising and place restrictions on comparative advertising. The Director-General of Fair Trading has power, in practice exercised in serious cases and as a last resort, to apply to court for an injunction against an advertiser to prevent it from repeating the advertisement, publishing other advertisements likely to convey a similar impression, or from making the same claims or comparisons about other products or services. The 1988 regulations implement Europe-wide legislation on misleading and comparative advertising. The recently introduced 'Stop Now' powers, which apply to this legislation, allow enforcement authorities in other European countries to take action in the UK courts on behalf of non-UK consumers, and vice versa. This may prove to be especially significant for cross-border Internet advertising.
Where websites are operated by licensed broadcasters, the Independent Television Commission may take the view that aspects of these websites, especially those associated with television programmes, are within its jurisdiction.
If web marketing and promotional campaigns involve the use of premium rate telephone calls, then the codes of practice of ICSTIS (the Independent Committee for the Supervision of Standards of Telephone Information Services) must be considered.
As well as the usual offline advertising and marketing rules, there are relatively new rules that specifically apply online. If goods or services are offered on a website, then the Consumer Protection (Distance Selling) Regulations 2000, which apply to distance selling generally, will be relevant. These impose requirements to give consumers, before they buy, specified clear information about the goods or services offered, delivery arrangements and payment, the supplier's details and the consumer's right to cancel. They also require confirmation (in writing or other durable medium) to be given to the consumer after making a purchase and provide the consumer with a cooling-off period of seven working days (or longer if the confirmation obligations are not complied with) within which the consumer may cancel the contract. Some specified goods and services are completely excluded from the regulations. Some others, including newspapers, periodicals and magazines, are excepted from the right to cancel.
Even if goods or services are not offered for sale on the site, the forthcoming regulations implementing the Electronic Commerce Directive will impose information provision requirements on anyone providing an online service normally provided for remuneration. The required information includes matters such as the name of the service provider, a geographic address at which the service provider is established, the service provider's email address and various other details.
The Electronic Commerce Directive also requires that any commercial communication which constitutes or forms part of an 'information society service' must:
- be clearly identifiable as a commercial communication
- clearly identify the person on whose behalf the commercial communication is made
- clearly identify as such any promotional offer and ensure that any conditions which must be met to qualify for it are easily accessible and presented clearly and unambiguously
- clearly identify as such any promotional competition or game and ensure that any conditions for participation are easily accessible and presented clearly and unambiguously
Exactly which online services constitute an 'information society service' under the Directive will only become clear in time. As a working rule of thumb, it is likely to cover most online commercial activity.
As to unsolicited commercial communications, the Electronic Commerce Directive requires a service provider to ensure that any unsolicited commercial communication sent by him by email (where that is permitted by law) is clearly and unambiguously identifiable as such as soon as it is received.
Since even within Europe the legality of unsolicited email is a matter for each country's law, anyone planning to embark on an international email campaign should check the laws of the relevant destination countries.
Greater attention than before is being paid to the accessibility of websites to disabled people. There is increasing focus on the potential applicability of the Disability Discrimination Act 1995, which may require a degree of accessibility to be built into a website, and the desirability of complying with accessibility standards such as those promulgated by the Royal National Institute for the Blind and W3C (the World Wide Web Consortium).
It is important when operating online both to protect your own intellectual property and to ensure that you do not infringe that of third parties.
It is good practice to incorporate copyright, database right and trade mark notices on your own website, in order to make clear what use can and cannot be made of the material contained on the site.
As for the intellectual property of others, it is especially important when using content (such as sample chapters) licensed from authors and third parties to ensure that the licence covers worldwide online use. Care should be taken, paying due regard to cross-border aspects, to minimise the risks of infringing the patent, copyright, database rights or trade mark rights of third parties.
The implications of creating hypertext links to third party websites should be carefully considered, especially if the intention is to 'deep link' to pages within the target website. That may invite litigation if the linking threatens the business model, revenues or reputation of the target website.
Three main aspects of data protection have to be considered:
- acquisition of personal data for subsequent use
- publication of personal data
- the holding of personal data
All of these count as 'processing' under the Data Protection Act 1998.
Personal data is broadly defined under the 1998 Act, covering a very wide range of information about identifiable living individuals. Someone who processes personal data has to comply with the eight data protection principles set out in the 1998 Act. According to the Act, and guidelines to its interpretation published on the Information Commissioner's website, the principles are that:
- data must be processed in a fair and legal way
- data must be obtained only for specified purposes and must not be further processed in ways that are incompatible with the original purpose
- data must be adequate, relevant and not excessive
- data must be accurate and must be kept up-to-date where necessary
- data must not be kept longer than necessary
- data must be processed in accordance with the data subject's rights under the 1998 Act
- data must be secure
- data must not be transferred to countries outside the EEA unless the country concerned provides adequate protection for the rights of data subjects in relation to personal data processing
In particular, in relation to e-marketing, this means that personal data acquired from users of the website must be fairly and lawfully obtained. This normally requires obtaining the consent of the user to any non-obvious use of their personal details. Especially strict consent requirements apply to ‘sensitive data’, which includes information about health, ethnic or racial origin, religious or political beliefs, and details of criminal offences and proceedings.
If a website makes available to the public any personal data about individuals, then that is likely to fall within the 1998 Act.
To the extent that a company holds personal data, for instance on the database that drives the website, it will need to consider matters such as:
- the length of time for which the data is held
- the security of the system within which it is held, which should have measures in place to prevent unauthorised or unlawful access and to prevent accidental loss, destruction or damage of data
- the need if necessary to comply with subject access requests (i.e. requests by individuals for information about data that you hold about them)
Even in countries in which unsolicited email is permitted, that is not a licence to email all and sundry. In most instances, it will be a contravention of the 1998 Act for acquired personal data (such as an email address) to be used for the purpose of sending unsolicited emails if the recipient was not informed about this and offered an opportunity to object when he disclosed the personal data.
The rules about unsolicited electronic communications and cookies may change when a new European directive on communications data protection is finalised. Generally, it is important to keep abreast of the evolving interpretation of data protection law by the Information Commissioner, as expressed in codes of practice and other guidelines.
In addition to complying with the legislation already outlined, selling online involves careful consideration of the contract formation, credit card checking and order fulfillment processes. These considerations are best built into the website at the start. It is difficult and expensive to retrofit legal compliance onto an existing order processing system.
Many of the issues are practical. For instance, how do you check that you can deliver the items before an automated order acceptance is sent out? How do you avoid the risk of accepting orders where a wrong price has been posted on the website?
There are increasing compliance issues with online selling. The regulations implementing the Electronic Commerce Directive will set out specific requirements for the placing and acknowledgment of online orders, and will require detailed information about the contract process to be made available to the user, together with specific means of correcting input errors.
(c) VNU Business Media Inc 2002.
This article is an extract from Book Marketing on the Internet, published by Bookseller Publications. To order a copy of the full report visit The Bookseller or telephone +44 (0)20 7420 6083.
Sources of further information
Advertising industry self-regulation
Advertising Standards Authority - www.asa.org.uk
Admark - www.admark.org.uk
European Advertising Standards Alliance - www.casa-alliance.org
Consumer protection, distance selling regulations, ‘Stop Now’ orders
Office of Fair Trading - www.oft.gov.uk
Distance selling regulations, Electronic Commerce Directive, ‘Stop Now’ orders
Department of Trade and Industry - www.dti.gov.uk
The Information Commissioner - www.dataprotection.gov.uk
Independent Television Commission - www.itc.gov.uk
Premium rate telephone services
ICSTIS - www.icstis.org.uk
Royal National Institute for the Blind - www.rnib.org.uk
World Wide Web Consortium - www.w3c.org