Buys Attorneys and Trust Online concluded a six-week survey to determine how ready South African e-commerce websites are in terms of compliance with the provisions of the Electronic Communications and Transactions Act (ECT Act) and the King II Report on Corporate Governance.
The B2C e-Commerce Readiness Survey was conducted by examining the websites and legal notices of 607 South African websites. Buys and Trust Online examined legal notices, privacy policies, terms and conditions of use, disclaimers and security policies. The 607 websites were surveyed via the six most popular B2C shopping portals, Web directories and search engines: All the sites examined had .za domain names.
A staggering 47,3% (287 websites) of the surveyed sites had no legal notices at all! The absence of legal notices poses serious risks of liability to both consumers and the owners of a website. These include financial and reputation harm. Of the e-commerce portals examined, 100% of the sites on iAfrica's shopping portal and 63% of the sites in World Online's shopping portal did not have any legal notices.
Only 15% of all the sites examined had privacy policies accessible from the website's home page. E-commerce portals with the highest rate of privacy policies per merchant were IOL with 55% and Ananzi with 36%. None of the sites in the iAfrica shopping portal had any privacy notices.
Only 7,1% of all sites examined had 'terms and conditions of use' available from the website's home page.
Only 3,8% of all the sites examined limited their possible legal liability through disclaimers. The portal with the highest rate of disclaimers per merchant is Ananzi with a very low 9,1%. Most of the disclaimers were, however, copied from US sites. This is very dangerous as South African law differs from e-commerce law in other countries. Also, most of the disclaimers stated that the Web site owners will not carry any risk or liability for damages to consumers - such a statement is illegal in terms of the ECT Bill as website owners must carry the risk for payment system failures (as detailed in section 43(6) of the ECT Bill).
Only 3,8% of all the websites examined had security policies. The King II Report on Corporate Governance makes company boards responsible for IT and website security.
Only 10,9% of all the sites examined had all the essential legal notices. However, most of these legal notices were insufficient for compliance with the ECT Bill.
The shopping portals with the highest readiness rates per merchant were IOL with 37,9% and M-Web with 25%. The portals with the lowest readiness rates are iAfrica and Ananzi with 0% of the merchant sites even remotely compliant.
Of the 44 Internet service providers examined, 47,7% did not have any legal notices on their home pages. Only 13,6% of the ISPs had privacy notices. Only the M-Web home page had all the required legal notices.
The only website in the survey that was 100% compliant with the ECT Bill and the South African common law was www.kalahari.net
, an online store in the Naspers group of companies.
South African websites are not ready to be compliant with the provisions of the ECT Bill. From telephonic interviews with some of the e-commerce merchants it became apparent that:
Merchants in e-commerce portals are under the false impression that their service provider or hosting company is responsible for compliance with the ECT Bill. This is as good as arguing that the lessor of a building is liable for legal compliance of the lessee's shop in a brick-and-mortar shopping mall! Internet service providers only provide hosting, space in their online 'shopping malls' and access to payment gateways. Merchants are responsible for compliance with the ECT Bill as it is they who would be liable for damages or risks. The hosting and merchant agreements of some ISPs were also examined and all of them state that the ISP will not be liable for any legal damages incurred by the merchant.
Many sites copy terms and conditions, privacy notices and security policies from other sites. This is extremely risky as these documents should be personalised and customised for every specific site, depending on the goods and services offered by the merchant.
A large number of merchants confirmed that they did not know about the ECT Bill or the steps they should take to be compliant.
Site owners will have to instruct in-house legal counsel or lawyers to draft compliant legal terms. A quick survey of IT/e-commerce law firms revealed that prices for these documents range from R2000 to R8500.
Website owners and e-businesses are encouraged to use the eRisk Assessment Tool to determine compliance with this new law, it is online, free and fast - visit www.erat.co.za
How does the ECT Bill affect websites
The sections of the ECT Bill that have direct impact on websites are:
* Section 23 (time and place of communications, dispatch and receipt).
* Section 24 (attribution of data messages to originator).
* Section 26 (acknowledgement of receipt of data messages).
* Chapter 7 (consumer protection).
In terms of Chapter 7 of the ECT Bill a visitor to a B2C e-commerce site has six rights:
(1) the right to full disclosure by the website of at least 18 pieces of information;
(2) the right to review, correct and withdraw from any transaction;
(3) the right to a safe and secure payment system;
(4) the right to return certain goods or services within seven days from receipt thereof;
(5) the right not to be spammed; and
(6) the right to receive purchased goods within 30 days.
Merchant websites that do not afford consumers with these rights may have transactions terminated or face legal action in consumer courts.
* Chapter 8 (protection of consumer privacy).
Although some of the rights afforded by the ECT Bill require small technical changes to a website, most could be granted by placing complete 'terms and conditions' on a website and requiring consumers to click on an 'I agree' button before concluding any transaction (as detailed by section 13(5)(b) of the ECT Bill).