After much waiting, the Electronic Communications and Transactions Bill (‘the Bill’) was tabled in Parliament on 27 February 2002.
The Bill (and eventually the Act of Parliament which will result from the Bill) has implications for, and applies across the commercial spectrum, to any entity that communicates and transacts electronically, to all companies who have intranets and Web pages, to businesses who use electronic agents such as 'robots' to conclude agreements, to any entity which collects and stores personal data in any form and, to all providers of information system services (which includes ISPs, facility managers and companies who render outsourcing services).
Tammy Bortz: director, Werksmans
Objects of the bill
The objects of the Bill include giving legal certainty to electronic communications and transactions where previously much uncertainty prevailed, to develop a safe, secure and effective environment for the consumer and business to conduct and rely on electronic transactions and to afford better protection to the consumer and to promote online transactions in South Africa.
* Electronic communications are given legal status.
* The Bill clarifies the long asked question of where and when is an electronic transaction concluded.
* The legal requirement that a document or information must be 'in writing' is now satisfied even if the document or information is in an electronic format, but for this to apply, the document or information must also be accessible in a manner usable for subsequent reference.
* Legal recognition is given to electronic signatures.
* Data messages are now admissible as evidence in a court of law and must be given due evidential weight.
* Where a law requires information to be retained, that requirement is now met even if such information is retained electronically, yet this is subject to certain provisos, such as that the data message must be retained in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received.
* If any law previously required a signature, statement or document to be notarised, verified, or made under oath (such as an affidavit) such requirement is now satisfied if an advanced electronic signature of the person (eg notary public) authorised to notarise or verify the relevant signature, statement or document is attached to the data message.
* The Bill introduces the concept of an 'automated transaction' which is an electronic transaction conducted or performed by means of data messages in which the conduct or data messages of one or both parties are not reviewed by a natural person.
Various legal protections have been provided for the consumer and many obligations have been imposed on suppliers who elect (or are obliged in certain circumstances) to transact electronically, such as:
* Any supplier offering goods/services for sale/hire electronically must make certain information available to consumers in writing on the website where such goods or services are offered. Such information includes full details of the supplier, a sufficient description of the goods/services so that a potential purchaser can make an informed decision about a potential purchase and the price of the goods/services. Further, the Bill mandates that the supplier must give the customer an opportunity to withdraw from the transaction before placing a final offer. Failure to comply with the aforesaid entitles the consumer to lawfully cancel a transaction.
* Emphasis is placed on security in that if a supplier fails to utilise a sufficiently secure payment system, it will be liable for any damage suffered by the purchaser as a result thereof.
* Apart from certain specified electronic transactions such as auctions, investment services, insurance, banking services and dealing in securities, a 'cooling off' period of seven days after the date of receipt of goods/conclusion of any agreement for services must be provided for by the supplier during which period a buyer may lawfully cancel a transaction without reason and without incurring any penalty;
* A supplier must execute an order within 30 days from the day after the receipt of the order, unless the parties agree otherwise. Where the supplier fails to meet this deadline, the consumer is entitled to cancel the agreement on seven days' written notice. The Bill provides that these consumer protections will apply irrespective of the legal system applicable to the agreement in question. Therefore, even foreign suppliers will be required to comply with these requirements.
* Senders of spam (unsolicited mail) must make certain provisions in their e-mails so as not to fall foul of the provisions of the Bill, such as giving the recipient of the spam the option to cancel his or her subscription to the mailing list.
* If a consumer believes that the consumer protection provisions of the Bill have not been complied with, it may lodge a complaint with the Consumer Affairs Committee.
* Any person who electronically requests, collects, collates, processes or stores personal information of individuals (defined as a 'data controller' for the purposes of the Bill) has the election as to whether it subscribes to the protection of personal information provisions of the Bill. Insofar as a data controller does subscribe to such provisions, a consumer is then given the comfort that his/her personal data collected and stored by the data controller as a result of electronic transactions will be protected. The Bill further sets out the steps to be taken by data controllers as to how to collect and thereafter handle personal information.
* The Bill envisages that the Minister of Communications is entitled to classify certain classes of information to be critical data and to establish procedures to be followed in the identification of critical databases. The implications of this include that the Minister is entitled to prohibit access to and transfer of critical data (which could arguably prevent a company from transferring a material asset of its business) and prescribe minimum standards for the methods to be used in the storage and archiving of such critical data, which could have cost implications for the holder of the critical data.
* Rights of service providers are protected as the Bill limits their liability. The Bill recognises that as service providers are merely conduits for the transmission of information or merely provide facilities for information systems, they cannot be held liable for amongst other things, providing access to or operating facilities for information systems or transmission of data messages. This limitation is subject to certain exceptions.
* Lastly, the Bill has made all forms of unlawful access to, interception of or interference with data and computer related fraud and forgery a criminal offence punishable by imprisonment or a fine.
Implications for business
* All persons and companies who currently conduct business electronically or intend to conduct business electronically must ensure that all their agreements and documentation comply with the Bill and where applicable (and allowed), ensure that certain provision of the Bill are 'contracted out of'.
* All online/Web site terms and conditions will need to be reviewed so as to ensure they embody the provisions of the Bill.
* Suppliers must ensure their legal agreements comply with the consumer protection provisions of the Bill, including where applicable making provision for the prescribed 'cooling-off' period.
* Any company/entity which requests, collects, collates, processes or stores personal data and who subscribes to the privacy provisions of the Bill must amend their legal terms and conditions to comply with such provisions and state what happens if such provisions are breached. Although data controllers may elect not to comply with such provisions, it is inevitable that such provisions will either become mandatory in the near future (or will become mandatory as a result of consumer pressure) and businesses should prepare for this now.
* All businesses need to educate their staff on the implications of the Bill.
* All privacy, IT security, e-mail and Internet usage and document retention policies must be updated alternatively if you do not have these policies in place, now is a good time to do this.
* Organisations, which render hosting services, will need to appoint agents to receive notifications of infringements.
* Although the new e-commerce legislation is still in a draft form and will only become law once it has been promulgated by Parliament, commercial firms must begin to familiarise themselves with the provisions of the Bill and start preparing for the inevitable changes that the new legislation will bring about.