Electronic Communications In International Trade

Published Date: 02 Nov 2017

Introduction

In current years we have seen a considerable advance in electronic commerce and regarded as the key to the growth of digital economy worldwide. As a results security of business transactions happen to be very important.

With the nature of internet acting as an open network as well as the globalization of the market economy create legal concerns regarding security and electronic verification during transaction over the internet as the results consumers and businesses are unwilling to be engaged in e-transaction since the current legal structure do not offer assurance for a reliable online commerce. Consequently the security process of e-transactions has to be addressed globally and not only on national level.

The essay will explain the current method of e-transactions especially the e-signature based on initiatives taken place globally and set up a trustworthy atmosphere for e-transaction and see whether there is a need and necessary for common National Law in digital signatures.

Digital & Electronic Signature (Different expressions for the similar concept, benefits and advantages)

Electronic signatures can be defined as any electronic process signifying an approval to terms, and/or a document, presented in electronic format. [1] Actually there are three technique of electronic verification or authentication which normally used for e-signatures, the first one being the knowledge and awareness of either a certain code, password and so forth, second the use of biometric system which recognize the unique physical character of each individual it might be voice, finger prints, blood pressure records & strokes and lastly but not least the ownership of smart card.

While a digital signature usually regarded as a widely used and the most advanced form of e-signature system which uses encryption system. The main principle of encryption system is that two different keys, one known as public and the other private normally used so as to generate a digital signature, encode the data, authenticate and then decode the data as well. i.e. the sender of electronic document can sign by using his/her private key that should be reserved secret and the signature should only be confirmed with the public key of the sender which is obtainable to the public. The process of creating and verifying digital signature provides important functions for legal purposes due to the fact that the asymmetric cryptography or public-key cryptography use a pair of keys to encrypt and decrypt a message so that it arrives securely. [2] This ensures securities and confidentiality of message in an open Internet network system.

Actually there are two techniques of encryption used in the e-signature, one being the symmetrical key which is base on single secret key (without public key) known from the sender and from the recipient. Once somebody else holds the secret key, then he might be able to decipher the communications and the other as explained above known as asymmetrical keys which have public keys.

Digital signature as well provides verification of the signer identity and identifies who involved in the transaction as results it is difficult to be forged unless the signer misplaced her/his private key. It is further protects the data so the recipient would be confident that comparing the two message digests has not changed the message. [3] 

Being confident two terminologies don’t cover similar meaning, the preference selection of which of them to be utilized is full of relevant consequences. If one legislation selects the term e-signature, the principle of technological neutrality in that regulation does not allow the description of a specific technology and therefore it is less detailed but does not need continuous updating. On the other hand, when the term digital signature is used, there is a more detailed regulation, that has a need of continuous updating. [4] 

E-signatures offer better reliability, transparency and security in e-transactions by play down the risk of dealing with frauds or individual who try to escape accountability by declaring to have been impersonated. Generally digital signatures can assure the integrity of message by stop illegal access to data, become aware of any message interfere and withdrawing the danger of forged claims that data was distorted after it was sent. For that reason the system of open network can be indebted with well-organized of data interchanges, safe information as well as cost-effective which are the necessary gears on consumers’ data protection and privacy.

Initiatives on International approaches toward digital signature legislation

It is important to understand the necessity of adopting the legislation law with similar principles worldwide and not just inside USA and European Union Countries only, but furthermore all countries globally. Since e-commerce transactions are regularly done from one country to another, it is simple to realize the significance of adopting National law so as to speed up the technology and reduce risk for consumers.

This movement of harmonization can largely be performed by international agreements, conventions and organizations. They are the basics that might trim down the variation of legislations in different countries. A big task can however be played by the legislations of the European Union and the United States of America with rules that might guide the future movement of the legislators.

In EU, the call for an action in the direction of an international harmonization is articulated by section 23 of the 1999/93/EC directive on a Community framework for e-signatures which says The development of international e-commerce requires cross-border preparations linking third countries; in order to ensure interoperability at a global level, agreements on multilateral rules with third countries on mutual recognition of certification services could be beneficial. [5] 

Furthermore, in article seven (7) subsections 1 of the1999/93/EC, emphasis more on the rules in relate to international harmonization. It states that In order to organize cross-border services in developing countries with legal recognition, Commission should provide suggestions so as to attain effective achievement of international agreement appropriate in certification of services.

While in USA, the Electronic-Sign Act, Title III also play part in the promotion of e-commerce and use of digital signature globally as it can been seen in section 301 and principles of managing the use of e-signatures in Transactions globally where by secretary of Commerce shall promote and use, on an international basis of e-signatures according to the principles elaborated in paragraph two and in the manner consistent with section 101 of this Act, further more the secretary shall obtain all measures needed in a reliable way with such principles to get rid of, the utmost extent achievable, the obstruction to business in e-signatures for intention of smoothing the progress of the interstate and International commerce. In general, the following were the principles specified in that particular paragraph, remove paper based obstacles to e-transactions and adopt principals from UNCITRAL Model law, establish appropriate authentication technologies, allow opportunity to prove in court that their transactions and authentication approaches are legal and get a nondiscriminatory way to e-signatures and authentication techniques from other authority of jurisdiction as well.

In evaluating similarities between the EU and the United States of America regulation, it should be noted section 301 is the base that motivated all regulations in the area of international harmonization. In reality the UNCITRAL and the EU regulation have follow the direction of the USA legislation. Thus, the two articles are similar, going both in the direction of the international harmonization.

Conclusion

Since e-commerce transactions are regularly done from one country to another, it is simple to realize the significance of adopting National law on digital signatures so as to speed up the technology and reduce risk for consumers

(ii) The 2005 United Nations Convention on Electronic Communications in International Trade

Introduction and Historical Background

The 2005 UN Convention on the Electronic Communications also known as Electronic Communications Convention (ECC) was adopted by UN General Assembly on 23rd of November 2005. The Convention intends to smooth the use of e-communications in international trade contract (CUECIC)

The main objective was to set up standard regulations anticipated to eliminate obstacles to the use of e-communications in international contracts, together with obstruction that might result from the operational process of current international trade law mechanism, with the aim of improving legal firmness as well as commercial predictability. Generally the treat depends on the UNCITRAL Model Law on e-Commerce in short MLEC, which comprises an electronic commerce flagship scheme from a year 1995.

UNCITRAL has been a key model since 1980s by establishing standard legislative rules for the use of e-communications in international trade. In 1996, the first outcome was the implementation of the Model Law on E-Commerce (MLEC), the second efforts was in 2001 when the (MLES) which is the UNCITRAL Model Law on E-Signatures was adopted. Although, were some issues which were not clearly elaborated. For example model laws might be endorsed with variations in the range of different jurisdictions also it was believed that setting up a core of common provisions might raise standardization as result predictability in international trade law. Also it was regarded that part of the MLEC & MLES provisions could be possibly old-fashioned and complemented.

According to the above observation, the Electronic Communications Convention establish other different guiding principle objectives, first it eliminate obstacles found from other international trade law agreements, secondly it provide a standard law of electronic communications resulting to a advanced level of standardization, revise and update MLEC & MLES provisions. Last but not least it enables core legislation on electronic communications to all States that have insufficient or no provisions at all.

Critical comments of the convention

As we have seen above, general objective of ECC is to provide practical and convenient solution for all matters connected to the use of electronic ways of communication in relation with international standards.

There certain formal requirements contained in broadly adopted international trade law agreements like the 1958 New York Convention and the UN Convention on Contracts for the International Sale of Goods (CISG) could create obstacles to the extensive use of e-communications. In addition, the ECC serves extra function by smoothing the progress of the use of e-communications in international trade. So, the Convention is anticipated to reinforce the harmonization of the rules concerning e-commerce and encourage uniformity in the domestic ratification of UNCITRAL model laws involving to e- commerce, it also keep update and balance various provisions of model laws in regard to current practice. Moreover, the Convention might possibly provide suitable provisions on e-commerce with up to date, uniform and standard legislation especially to the countries that are still not members of the convention.

The Convection does not anticipated to set up standardized rules for substantive contractual terms which are not specifically connected to the use of e-communications. But, a strict separation has been put into consideration among related technology and substantive concerns in the context of e-commerce which is constantly not feasible. As a result the convention has a few substantive set of rules which extend a little bit beyond so as to guarantee the effectiveness of electronic communications perspective.

According to Article 1, the convention applies to all e-communications exchanged between parties located in two different states when at least one part has its place of business in a contracting state. [6] Also it might well apply by virtue according to the parties' choice as well. The ECC as explained in Art.2 does not apply to related contract for family or individual. On the other hand, unlike the consequent exclusion in section 2(a) of CISG, the exclusion of these transactions under the ECC is one, in the sense that it wouldn’t apply to contract entered into for personal reason even if the intention of the contract is not clear to the other party and it does not apply to some of financial transactions, negotiable instruments, and documents of title, are not included in the scope of the Convention.

Furthermore the ECC (Art.9) reiterates the standards rules found in Art. 8, 7 and 6 of the UNCITRAL Model Law on e-commerce concerning the condition for setting functional uniformity among e-communications and physical paper credentials, handwritten signatures and electronic authentication methods. The ECC unlike the Model Law doesn’t involved in record retention as it was believed that subject was much associated to rules of evidence and administrative requirements in the formation of contract.

In addition, the Convention set up the standards that communications cannot be denied legal validity only on the basis that they were formulated in electronic form (Art. 8). particularly, given the creation of automated electronic message systems, the ECC authorize for the implementation of contracts with such systems, and when there is no individual examine and review the person actions carried out by them (Art. 12). It further make clear that the suggestion to conclude a contract made through electronic way and not addressed to the precise parties results to an invitation to deal, rather than an offer whose acceptance binds the offering party, in line with the corresponding provision of the CISG (Art. 11), Moreover, the Convention establishes remedies in case of input errors by natural persons entering information into automated message systems (Art. 14). [7] 

The convention also pays attention to domestic law as well as private international law. The International transactions can be settled on by the selection of law of the country whose court is requested to make a decision of the dispute. Therefore, if the regulations of private international law of the particular State need application of the regulation of a Contracting State to the decision of the dispute, the Convention will use law of that particular Country, irrespective of the location of court. Furthermore, States might as well regard adopting the terms of Convention at the level of domestic. As a matter of fact, this decision helps to smooth standardization, economizing on legislative resources and increase faith in commercial and business transactions.

Conclusion

As explained above, the major objective of the Electronic Communications Convention was to set up standard regulations anticipated to eliminate obstacles to the use of e-communications in international trade contracts.

SECTION THREE

Data Protection Legislation

Would e-commerce developments be stimulated or hindered if Tanzania was to adopt data protection legislation based upon Directive 95/46/EC?

Introduction

The development of information and Communication Technology has brought huge impact on the protection of data. The use of internet technology has brought great development especially in electronic business-related services. Although on the other hand has brought great risk due to several attacks from the time it happens to be a public resource. On October 2000, Michael Vatis, the director of the US National Infrastructure Protection Center (NIPC) was quoted by BBC saying that the threat of crime using the internet was real and growing and therefore calls for strict legal actions globally. [8] A lot of concerns regarding the widespread misuse of internet and computers call for National and International legislative involvement. The fact that there is no uniformity of legal approach within the world as a result keeps on causing problems. For example in US and most of the Countries chooses Sectoral Data protection approach where by European Countries prefer Omnibus approach. Major difference of these approaches being the level of enforcement. The European model is based on the idea that there should be dedicated enforcement agencies, ready and able to act to secure the interests of individuals. This notion marks a major point of divergence from the approach adopted in US which designed to put individual in the centre of action, let him have a large voice in decisions. The Europeans take a paternalistic approach choosing to vest enforcement in bureaucracy. [9] In actual sense both structures comprises element of legitimacy.

The impact of e-commerce in Tanzania

The growth of ICT technology development has brought major changes in the world and offers a lot especially to group of people, single individual as well as institutions and organizations although on the other end if misused resulting to substantial financial suffering and hence might decelerate the growth economy. It has affected the traditional way of doing business, the Traditional means of market advertisement, ordering goods and services and has completely changed the style on which legal contract are prepared. [10] As an example, most of the local Travel agencies have been affected as a result of on line booking Technologies make it easy for airlines and Accommodation bookings been done straight to the esteemed clients. [11] 

Ant-competitive and restrictive practices such as price fixing, abuse of dominant positions and misuse of market power can occur easily under e-commerce and all consumers performing electronic business in the country are normally at higher risk compared to consumers doing business under physical world. [12] 

Tanzania as the case study faces a lot of challenges due to the fact that it doesn’t have a clear and understandable legal model to protect consumers’ rights against electronic business and other related matters.

According to Tanzania civil procedure, every credentials which are required in the filling system have to be in writing, signed and original. The law does not allow electronic filing or electronic documents.

This revolution impose legal challenges not only in Tanzania but generally worldwide especially on the data Protection and development of e-commerce Transactions.

The emerging and development of Data Protection Regime

The concept of data protection started around 1970 with the introduction and development of ICT Technology and globalization processes within the world. With this technology, a lot of activities arises which require computer applications and communications across National or international borders. As an example, during this period larger Car production industries started to use this technology whereby assembly plants coming from different companies in different countries were the one of the major catalyst for Computer systems applications. With these rapid developments, international resolution was necessary so as to resolve the interest of individual privacy with commercial interests. [13] 

The first and earliest data protection statute was adopted in Germany in 1970, followed by Sweden Data Protection Act adopted in 1973, US adopted in 1974 whereas France adopted in 1978 (Privacy International, 2007).

The subject of protecting personal information (Privacy) has created various reactions from different organizations within the world. A variety of global and international agencies have been energetic in the region of privacy and protection of person data with the council of Europe and organization for economic Cooperation and development (OECD) being the prominent organization at the earlier stages. OECD introduced the guiding principles that governing privacy protection in relation to digital information, transboarder data flows of Personal Data and general policy implications as well. [14] The special significance of the OECD principles lies in the fact that the US is a member of the organization and for that matter – contrary to the European Union convention and the EU directive, the OECD directives might be understood as the common denominator between US and European Union. [15] 

One year later, in 1981, the COE (Council of Europe) or Conventional 108 in other words set up a conventional for Protection of individuals in relate to Automatic Processing of Person Data. The Council of Europe (COE) emphasis data should be obtained lawfully, processed accurately, and to only be collected for a specific purpose and not for any other, and to only be retained for an agreed period of time [16] . Article number eight of the COE set up the right of access and modification of data for a concerned individual and needs special protection for sensitive natural information like political association, religion, racial or ethnic origin, Trade union membership etc as defined in article number 6 of the conventional

In 1985, additional declaration regarding transboarder data flows was accepted by OECD. The statement says the flow of data and digital information are significant importance in technological advancement and therefore require global dimension.

These conventional aimed to attain both objectives, which is to protect the interests of Consumer in relate to data protection as well as allow trans-border data flow.

Variety of rules and proposals during a period of 1970s comprised comparable principles on which they created a set of fair information Practices (FIPs) however there was a variation in terms of details. Fair Information Practices (FIPs) described Personal data as information which relate to a recognized individual and respectively data should be obtained and processed fairly and lawfully, a general requirement that is then translated into principles. [17] Furthermore, United Nation (UN) in 1990s released guiding principle relating to Computerized Data Files which echo the Fair Information Practices (FIPs) of legally and fairness in processing personal data, specification, accuracy etc.

Asian Pacific Economical Cooperation (APEC) is other aspect which play great role in providing satisfactory data protection so as to empower person self-confidence necessary to contribute in e-industries which needs big amount of data transfer. In the period of earlier 1990s, the European Union decides to take action and the outcome was the formation of General Data Protection Directives.

The European Data Protection Directives

Due to the rapid adjustment of technology development with computerized and digitization of information innovation, it was important for European Union to introduce the Directives on which they will deal with, guide and synchronization of data protection legislation.

The Union initiates General Directive 95/46/EC together with other Directives like 2002/58/EC (Directive on privacy and electronic communication) dealing with the processing of personal data and protection of privacy in electronic area. 2002/58/EC directive plays a great role especially in controlling data connection for police inspection purposes, sending of unsolicited email, the use of cookies as well as the inclusion of personal data in community directories.

As matter of fact, various ideologies described in the Convention 108 were reviewed and reinforced as well as additional of new laws were introduced and compiled in the mentioned new Directives. Some examples of principals which were reviewed are data preservation and access. (Banisar and Davies, 2000)

Generally 95/46/EC Directive aims to protect the right and freedom of individuals in relate to the processing of individual data by laying down guidelines determining when this processing is lawful. In reality personal data has to be of good quality, processed fairly and lawfully as well.

As it can be noted from Directive 95/46/EC on article 29 and 28 Non dependent managerial authorities were set up by member states so as to manage and supervise processing situation and interfere on behalf of the individuals

Although it may be taken as an example of good working model, Tanzania as a case study needs to review with care a number of features before it adopts data protection legislation based upon Directive 95/46/EC

Main strengths and weaknesses of the 95/46/EC Directive

Article 1 of the directive clearly explain the main objective of the directive which aimed to improve the individual’s right to privacy in relate to processing of individual data and to enable the free exchange of personal data between the Member States. We ought to ask ourselves whether this main objective was achieved.

Furthermore, it is essential to regards the broader international context. One of the major challenges well-known is that person or individual data is gradually progressed in an international level. This means the regulatory structure adopted by the Member States on the other hand should propose efficient protections to non-European Countries as well.

One of the major key of the Directive is the pressure it has brought in structuring and organizing the debate surrounding data protection. Whereas the guideline from organization for economic Cooperation and development (OECD) were extremely powerful in shaping this debate, the 95/46/EC directive may well be recognized in originating lawfully binding regulations which in turn results into successful law within the Member States. Therefore, 95/46/EC directive is well respected internationally with its principles taken up as a benchmark for excellent data protection practices.

The Directive as well ensured that broadly similar legal rules for critical aspects of personal data processing are in place throughout the EU including the concept of personal data, requirements for legitimacy, data quality and security, data subjects’ rights and the possibility of enforcing these rules. [18] It has also improve and fostering broad awareness of privacy

Due to the growth of community awareness and importance of efficient Data protection with the speed of information development, The Government of UK task the office of Information Commissioner (ICO) to perform a study and re-examine the weaknesses and strength of 95/46/EC directive and come up with the proposal on how can be improved. The research was conducted under RAND. It was concluded the 95/46/EC directives has to be reviewed so as to suite the speed of technological development globally since the present law has a got various shortcomings and must to be immediately addressed. According to Botterman et al, 2009_11 the directive as it is now can not be sufficient in the long run due to fact that the technology brings the world together.

The following are some of the weaknesses found after the research. The connection between the idea of personal data and actual threat/risk is not properly defined, financial information not regarded as a sensitive issue. Personal data should be categorized correctly and appropriate. It was revealed the privacy policies is not realistic and its procedure not consistent with little coordination of member states and the role of the concerned Authorities. It was also observed that the regulation regarding export and transferring of data especially in the developing countries are not clearly defined and outdated.

This can be also be witnessed by Mr. Richard Thomas, the former Information Commissioner when he said in may 2009, that the 95/46/EC directive is actually out of old-fashioned and out of date and hence request for modern approaches to regulation mean that laws must concentrate on the real risks that people face in the modern world, must avoid unnecessary burdens and must work well in practice. [19] 

Modern approach actually signifies that regulation should focus on the actual risks which individual’s faces in the modern world and should ignore burdens which are really not necessary. [20] Mr. Thomas believes massive technological advances, global trade and the need for personal information to cross international borders all mean the law has to evolve. [21] 

As a conclusion remarks, RAND come up with an alternative proposed regulatory framework emphasizing improved enforcement so as to support the proposed principles. Identification of the requirement expectation in terms of data Protection of individuals is necessary, and then afterward the process of defining Personal data Protection principles takes place. The principles should comprise of legality, confidentiality, reason for restriction, transparency, security, and accountability.

A number of European Union Members like UK, Sweden and Austria proposed some modification to 95/46/EC directives of which some of them were already proposed by RAND Europe.

Conclusions

With the important amendments raised in recent period, Tanzania can adopt data protection legislation based upon Directive 95/46/EC. Even though it should be very cautiously since there are number of features in the directive which hindered or slowed down economic development, particularly in the developing countries like Tanzania.