About ILPFTo Join ILPFWorking Groups and PublicationsMember ResourcesEventsHome

  Upcoming Events
  Archived Events

Jurisdiction II: Global Networks/Local Rules

September 11-12, 2000
San Francisco, CA

Electronic Commerce: Is Industry Self-Regulation A Viable Model?

Denis Henry
Vice-President - Regulatory Law
Bell Canada

Table of Contents

  1. Introduction
  2. What is "Self-Regulation"?
    1. General
    2. Canadian Examples of Self-Regulation
  3. Why Adopt Self-Regulation?
  4. Where and When Should Self-Regulation Be Adopted in Relation to the Internet/E-Commerce?
    1. General
    2. Content
    3. Privacy
    4. Consumer Protection
    5. Alternative Dispute Resolution
  5. Where Do We Go From Here?

1. Introduction

The notion of self-regulation is neither new nor revolutionary. Throughout history, industry has developed its own standards, rules, and practices through a variety of organizations to lower costs, avoid and resolve conflicts, and ultimately to create consumer confidence. The nature and rapid evolution of the Internet and e-commerce, however, has provoked new debate about the respective roles of government, industry, and users in the internet economy and created heightened interest in the concept of self-regulation. This paper will attempt to examine what is meant by the term "self-regulation", the forms it can take in practice, and its suitability for the Internet and e-commerce specifically.

2. What Is "Self-Regulation"?

(a) General

Generally, in market economies, market forces are seen as the primary means to govern commercial conduct and government intervention or regulation is seen as necessary only when market forces are considered inadequate to deal with a particular issue or circumstance. If regulation is a form of control, imposed unilaterally by government on industry in order to influence or dictate the latter's conduct in the marketplace, then perhaps self-regulation simply means self-imposed control. Indeed, in its purest form, self-regulation is just that - the introduction of and adherence to a set of broad behavioural guidelines without the assistance or interference of a third party, most notably the government. In reality, however, matters are not so straightforward and the term self-regulation is used to refer to many different things. This often makes dialogue on the subject confusing.

There is no unifying global theory of self-regulation generally, much less in relation to the Internet and e-commerce specifically. Indeed, the very notion of self-regulation raises a number of questions, all of which might be answered differently depending on the specific context and circumstances. For example, who is the "self" referred to in the term? What type of conduct is covered? What means are employed to "regulate" the conduct? Is there a degree of participation by government?

The answers to these questions are: it depends. Various models have been employed in various situations, all of which have been referred to as self-regulation. Although the "self" in self-regulatory models is usually taken to refer to industry players, in my view it can and in some cases should refer to the customer as well. Customer empowerment tools can be an important component of self-regulatory schemes (as will be seen in some of the examples discussed later). A self-regulatory model may even include some form of government participation ranging from a consultative role on a self-regulatory body to a more prescriptive role in adopting and enforcing industry developed standards. In my view, self-regulation can be viewed as a continuum ranging, at one end, from "pure" self-regulation with no government involvement to, at the other end, a model involving government and industry, each in some essential role.

To the extent that government involves itself, for example, in providing a framework to enforce standards or codes of behaviour developed by industry, the result may be a form of self-regulation which has recently been referred to in some international circles as "co-regulation". The Transatlantic Consumer Dialogue (TACD) recently defined co-regulation as "self-regulation operating within a legislative framework so that there is a legal back up available to consumers where a voluntary scheme fails."1 The communications regulator in the U.K. (Oftel), on the other hand, has recently used the term in a different manner. In its July 2000 report "Communications Regulation in the U.K.", Oftel refers to co-regulation as a scheme "where the industry works with other stakeholders, in particular groups representing consumers".2 In the final analysis, the term co-regulation, even when used to refer to government-backed schemes, may not be particularly illuminating as there can be varying degrees of government involvement in various schemes. The term appears to be rather elastic, meaning different things in different contexts.

(b) Canadian Examples of Self-Regulation

Perhaps an understanding of self-regulation is aided by examining its practical application in various specific contexts. In Canada, there are many examples of commercial conduct that is governed or at least influenced by self-regulatory bodies having no statutory mandate. I will confine my description to some of those that affect the communications industry in particular, either because they are sector-specific in nature or because they capture more general business conduct.

A very rudimentary model with which we are all familiar is that of the Better Business Bureaus which have been around for many years. The Better Business Bureaus are supported by local member businesses. Although not organized to develop industry-specific standards or codes of conduct, the Better Business Bureau members agree to abide by uniform standards of membership (e.g., respond to complaints forwarded by the Bureau, adhere to Better Business Bureau standards of advertising and selling, comply with Bureau arbitration programs in which the member agrees to participate). The Bureaus assist consumers in choosing which businesses to deal with by maintaining files on member companies and providing reports containing a variety of data ranging from the length of time the company has been in business to consumer complaint patterns about the company, enforcement actions against the company by government agencies, and the company's commitment to a dispute resolution program. In addition to promoting voluntary self-regulation of ethical business practices, the Better Business Bureaus also provide national dispute resolution services. All of this activity influences the behaviour of both customers nd businesses and can be viewed as a form of self-regulation.

A more targeted self-regulatory body with no statutory mandate is "Advertising Standards Canada" (formerly the Canadian Advertising Foundation). ASC's objective is to create and maintain community confidence in advertising. ASC develops and administers an industry code of behaviour known as the Canadian Code of Advertising Standards. The Code sets the criteria for acceptable advertising and forms the basis upon which advertising is evaluated in response to consumer or trade complaints. Its standards relate to accuracy and clarity, price claims, comparative advertising, testimonials, advertising to children, and taste. The Code is not intended to replace the various laws that regulate advertising in Canada but rather has as its primary purpose the expression of Canadian standards intended to result in responsible but effective advertising.

Consumer complaints regarding alleged breaches of the Code submitted to the ASC are referred to and adjudicated by Consumer Response Councils. Trade disputes (as opposed to consumer complaints) are separately administered under ASC's trade dispute procedure and are adjudicated by a trade dispute panel. Both the complainant and the advertiser are entitled to appeal a decision of Council or a trade dispute panel. If it is determined that the advertising in question violates the Code, the advertiser is requested to withdraw or amend the ad. If the advertiser does not comply, the media involved are notified and generally do not exhibit the advertising in that form. ASC periodically publishes reports on all consumer complaints.

The administration of the Code and complaints by Advertising Standards Canada is an example of a self-regulatory mechanism that operates without statutory mandate and in parallel with other laws and regulations applicable to advertising. It provides an alternative means of addressing behaviour that may or may not be otherwise covered by existing laws or regulations.

Another example of a form of self-regulation is the Cable Television Standards Foundation, an independent organization established by the Canadian Cable Television Industry to administer standards, codes and guidelines relating to customer service. It is worth noting that this mechanism was created in an essentially monopoly environment where customers could not rely on market forces to govern customer service standards. The Cable Television Standards Foundation consists of two distinct bodies, the Foundation and the Cable Television Standards Council. The Foundation's role is to provide a basic structure and facilitate cable industry membership for the purposes of the Council. The Foundation appoints the Council to administer the CCTA standards and adjudicate disputes between the public and member cable companies who agree to abide by the practices and procedures of the Council. The Council is empowered to review and reach decisions on alleged non-compliance of cable television companies with the standards and guidelines. Decisions of the Council are made available to the public and non-compliance can result in revocation of membership to the Cable Television Standards Foundation.

While the Cable Television Standards Foundation and Council develop customer service standards outside any specific legislative framework, the standards have a status somewhat beyond those of other "pure" self-regulatory regimes. Specifically, the development of the standards has been influenced by the industry regulator and licensing authority, the Canadian Radio-television and Telecommunications Commission (CRTC). For example, in 1993, the Commission requested the cable industry to amend its customer service standards to address certain specific matters. In fact, after Commission review, the Commission not only accepted the proposed amendments but also stated that "it expects cable licensees to take all appropriate steps to ensure that their practices conform to the revised standards ",3 thus giving the standards what may be regarded as a degree of regulatory prescription.

Another example of a self-regulatory model within a framework of government regulation is found in the Canadian broadcasting industry. In the mid 1980s, the CRTC began a comprehensive examination of its broadcasting regulations, one of the objectives of which was to determine which existing regulations could be appropriately replaced by industry self-regulation. At the conclusion of the process, the Commission established a set of guidelines that broadcasters would have to follow in setting up a self-regulatory regime in a given area that would replace direct regulation by the Commission.4

In this regard, two specific areas in which the Commission has accepted this industry-developed self-regulatory approach are Gender Portrayal and Violence. In September of 1988, the CRTC formally accepted the "Sex-Role Portrayal Code in Radio and Television Programming" that had been developed by the broadcasting industry through its association the Canadian Association of Broadcasters (CAB). Concurrently, the CRTC accepted the CAB's proposal for the establishment of the Canadian Broadcasting Standards Council which, among other responsibilities, would administer the Code and adjudicate complaints. Similarly, with respect to violence, the Commission approved the CAB's "Voluntary Code Regarding Violence in Television Programming" in 1993.

Initially, the Commission required compliance with these Codes as a condition of licence. However, with the satisfactory administration of the Codes by the CBSC, the Commission has stated that it would be prepared to suspend any condition of licence requiring compliance with the Codes for broadcasters who are members in good standing of the Canadian Broadcasting Standards Council. At the same time, the Commission has gone on to state that "by sanctioning industry self-regulation , it is not relinquishing its responsibility or authority in this area" and that "according to its usual practice the CRTC will monitor closely the resolution of complaints and reminds the public that any interested party not satisfied with a Council decision may ask the CRTC to examine the complaint".5

It can be seen from the above that the CBSC is an example of a self-regulatory mechanism in circumstances where an industry specific regulator has authority but has chosen to accept and rely on industry-developed codes and an industry-administered complaints mechanism. While the regulator has retained authority and has not abandoned the field, in practice its activity on this front is minimal. As with the Cable Television Standards Council, this model may be regarded by some as an example of a "co-regulatory" approach. Again, as is the case with the Cable Television Standards Council, whatever it may be labeled, in practice it is self-regulation.

Another self-regulatory body that has been created in the telecommunications industry is the "Ombudsman for Telecommunications Services". The Ombudsman was created by a number of new entrant long distance competitors to administer a Code of Ethics developed by the industry. The Code reflects fair marketing and business practices and is partly based on rules and agreements that were approved by the CRTC. The Ombudsman provides consumers and small businesses with an opportunity to resolve complaints before an independent party in the areas of slamming, sales practices, advertising and promotion, billing practices, deposits, termination of service, and confidentiality of customer information. If the complaint is not resolved by the Ombudsman with the company in question, it becomes a dispute that the Ombudsman can mediate, dismiss, or uphold. If the complaint is upheld, the company will be required to comply with the Ombudsman's ruling, failing which the company is removed from the program and is no longer able to use the Ombudsman program logo in its sales literature.

Another example that may be regarded as a self-regulatory model, although more towards the "government-regulated" end of the spectrum, is that employed in Canadian telecommunications and broadcast distribution through the Canadian Interconnection Steering Committee (CISC). In order to resolve the myriad of technical issues arising in relation to the introduction of competition in telecommunications, the CRTC established the CISC as a means of allowing industry players to attempt to resolve issues under the supervision of the Commission. The CISC consists of industry and consumer representatives as well as CRTC staff members. The bulk of issues addressed by CISC have resulted in consensus reports. Ultimately these reports must be approved or modified by the Commission and, from time to time, the Commission is called upon to adjudicate those issues on which there has been industry disagreement. Nevertheless, the operation of the CISC is an example of industry cooperation and a form of self--regulation that stands in stark contrast to the often contentious and litigious manner in which the U.S., for example, has dealt with similar matters.

The above examples are by no means exhaustive. There are a multitude of self-regulatory regimes in place that govern a variety of behavior. However, these examples are indicative of the types of approaches that can be adopted and serve to remind us how prevalent self-regulatory approaches already are in the traditional world. The extent to which similar approaches may be suitable or adaptable to the Internet and e-commerce will be examined in a subsequent section.

3. Why Adopt Self-Regulation?

It seems to me that the motivation for developing and implementing self-regulatory schemes is generally quite similar to the rationale for regulatory schemes. While the nature and type of self-regulatory models vary widely, there is one remarkable consistency among them and that is their professed objective of resolving conflict and ultimately increasing consumer confidence and trust in the business activity in question. Why then and in what circumstances should self-regulatory models be implemented? In order to answer this question, it is perhaps necessary to step back and ask an even more elementary question: is any form of regulation or governance (whether self-regulatory in nature or by government intervention) necessary?

In the case of the Internet and e-commerce, while opinions vary widely on the precise solutions and on the appropriateness of government intervention, there appears to be growing agreement that, in order to encourage the development of e-commerce and increase consumer trust and confidence, some mechanisms are appropriate to govern Internet activities, at least in some specific areas. In my view, self-regulation may well provide appropriate solutions for various of these activities. The international borderless nature of the Internet coupled with the fast pace of technological change means that any governing mechanisms must be flexible and capable of operating across jurisdictions. Businesses operate across borders; governments do not. Moreover, the nascent state of electronic commerce has heightened the risks associated with premature or unnecessary government regulation.

These factors led the Internet Law and Policy Forum (ILPF)6 in its submission at the Ministerial Conference of the Organization for Economic Cooperation and Development (OECD) held in Ottawa in October 1998 to suggest to governments a framework within which to evaluate any proposals for further regulation of the Internet. Specifically, the ILPF proposed that, before any regulation is adopted, it should be demonstrated that:

  1. "the rule is necessary and alternative means (such as self-regulation) are not available or desirable,
  2. the rule is capable of achieving the desired goal in light of changing technology, and
  3. li>the rule is the minimum constraint with the least effect on global communications and commerce".7

Similarly, in its Global Action Plan for Electronic Commerce, the Alliance for Global Business recommended that governments adopt the following policy principles for global electronic commerce:

  1. "The development of electronic commerce should be led primarily by the private sector in response to market forces.
  2. Participation in electronic commerce should be pursued through an open and fair competitive market.
  3. Government intervention, when required, should promote a stable, international legal environment, allow a fair allocation of scarce resources and protect public interest. Such intervention should be no more than is essential and should be clear, transparent, objective, non-discriminatory, proportional, flexible, and technologically neutral.
  4. Mechanisms for private sector input and involvement in policy making should be promoted and widely used in all countries and international fora.
  5. Electronic commerce is global by nature. Government policies that affect it should be internationally co-ordinated and compatible and should facilitate interoperability within an international, voluntary and consensus-based environment for standards setting.
  6. Transactions conducted using electronic commerce should receive neutral tax treatment in comparison to transactions using non-electronic means. Taxation of electronic commerce should be consistent with established, internationally accepted practices, and administered in the least burdensome manner.
  7. Regulation of the underlying telecommunications infrastructure, when necessary, should enable actors to compete, globally, in an open and fair market. As competition develops, regulation should be phased out and there should be a greater reliance on competition law.
  8. The protection of users, in particular with regard to privacy, confidentiality, anonymity and content control should be pursued through policies driven by choice, individual empowerment, industry-led solutions. It will be in accordance with applicable laws.
  9. Business should make available to consumers and, where appropriate, business users the means to exercise choice with respect to privacy, confidentiality, content control and, under appropriate circumstances, anonymity.
  10. A high level of trust in the Global Information Infrastructure-Global Information Society (GII-GIS) should be pursued by mutual agreement, education, further technological innovations to enhance security and reliability, adoption of adequate dispute resolution mechanisms, and private sector self-regulation."8

In the debate regarding the viability of self-regulatory models, it has been argued by some that self-regulation will actually encourage governments to regulate either prematurely or unnecessarily and should therefore be avoided. I do not share these fears. In my view, a properly constructed self-regulatory model should increase consumer trust and confidence and, at the same time, go a long way towards persuading governments that government regulation is neither necessary nor appropriate, or at least can be minimized. In some cases, such as can be seen from the Broadcast Standards Council example described above, industry self-regulation can actually replace government regulation. While it is true, in that example, that the Commission retained full authority to adjudicate complaints regarding contraventions of the Codes, this is more of academic interest than of practical effect. For all intents and purposes, the administration of the codes and disputes related thereto was off-loaded from the Commission to a self-regulatory body.

Having said this, it must be acknowledged that, in some cases, it is possible the introduction of a self-regulatory model may provoke governments into action. But even then, the result will likely be better for the industry than if the industry had not acted. For example, to the extent industry develops a viable standard or code, this can positively influence any government legislation or regulation and perhaps lead to a "lighter-handed" or more flexible form of legislation or regulation than might otherwise be the case. The passage of the Personal Information Protection and Electronic Documents Act (Bill C-6)9 is perhaps a case in point. In my view, the development by industry of the Canadian Standards Association (CSA) privacy standard had a positive impact in influencing the government's approach to legislation in this area. The result is a piece of legislation that is flexible (e.g., it prescribes high level privacy principles which can then be tailored by industry to specific circumstances) and far less intrusive and prescriptive, for example, than other possible legislative approaches.

For all of these reasons, it seems to me that many aspects of the Internet and e-commerce are prime candidates for self-regulatory approaches. Indeed, given the borderless nature of the Internet, such approaches may be the only practical ones.

4. Where and When Should Self-Regulation Be Adopted in Relation to the Internet/E-commerce?

(a) General

When viewed on an international basis, there is already a substantial degree of direct government regulation of the Internet. Indeed, there are examples of direct regulation by various governments in many areas, including telecommunications and access to the Internet, export of software such as encryption products, authentication and digital signatures, privacy directives/legislation, limitations on services that may be delivered through the global network, intellectual property protection, and controls over content. In many of these cases, direct regulation may indeed be an appropriate response to specific areas of Internet activity.

In my view, however, there are certain areas of Internet activity for which some form of self-regulatory or at least "co-regulatory" approach is not only appropriate but perhaps the most viable approach. Specifically, these areas are: content, privacy, consumer protection, and dispute resolution.

(b) Content

There are three broad alternative approaches for society to deal with objectionable content on-line. The most restrictive and oppressive solution is tight government control of material available on-line where the government itself blocks Internet content.

A second approach is that of Internet specific legislation which makes certain material illegal or restricted and requires privately owned and operated Internet content hosts and ISPs to take action to prevent objectionable material from being distributed on-line. The Australian model is illustrative of this approach. It has captured considerable international attention and provoked lively debate, both inside and outside Australia. In Australia, the Broadcasting Services Amendment (On-line Services) Act 1999 establishes a complaints-based regime under which the Australian Broadcasting Authority has the power to investigate complaints from the public about prohibited or potentially prohibited content. There are two standards for prohibited content depending on whether the content is hosted within Australia or outside Australia. Internet content hosted within Australia is prohibited content if the content has been classified RC (Refused Classification) or X by a Classification Board, or if the content has been classified R and access to the content is not subject to a restricted access system. Internet content hosted outside Australia is prohibited content if it has been classified RC or X; R rated content is not prohibited and does not need to be subject to a restricted access system.

The legislation also requires that Internet content hosts and Internet Service Providers (ISPs) take reasonable steps to develop industry codes which deal with procedures to ensure that on-line accounts are not provided to children without parental consent, give parents information and procedures to supervise access to Internet content, inform producers of content about their legal responsibilities, tell customers about their rights to make complaints and provide information on customer filtering technologies and services. The Act also provides for the development by ISPs of codes on the steps to take to block access to overseas prohibited content and to provide client filtering technologies.

In response to this legislation, the national industry body for the Internet in Australia, the Internet Industry Association, developed industry codes of practice dealing with the regulation of offensive and illegal material on the Internet. These codes were developed by the industry in negotiation with the government, which has now approved the codes. As a result, the codes provide an alternative to the default provisions of the Broadcasting Services Act amendments which would have required ISPs in Australia to block content from overseas; instead, the approved plan requires ISPs to provide end-users with both information and content filtering tools or optional filter services which users can then use to control access to content.

The above scheme has been described by the Australians as a "co-regulatory" approach intended merely to replicate in the Internet world the types of content regulation that apply in Australia to other media such as broadcasting. It has been criticized, however, by its opponents as being an impractical and ill-advised attempt to regulate the Internet. For example, it has been suggested that schemes requiring ISPs to block certain material on-line are largely ineffective because they are easily bypassed by technology and that such an approach will inhibit the development of the Internet economy in Australia. It is also argued that the law will drive certain Australian content providers offshore, thus increasing the cost to acquire and reproduce that content. This, it is argued, increases the cost of access for everyone, as ISPs must pay longer haulage costs to foreign carriers. This also disadvantages those carriers who do not own the physical infrastructure and who will now have increased capacity lead time risk (i.e., they will have to make advance provisioning for the expected increase in traffic flows). Opponents of the legislation also argue that there is no groundswell of community concern about offensive material on-line that would justify such an intrusive approach by government. Apparently a number of surveys have indicated ambivalence towards Internet content regulation of the kind proposed by the Act.10

A variation of the second approach is a proposal put forth by Lawrence Lessig regarding the zoning of minors from material deemed harmful to minors in cyberspace11. In Lessig's view, the "aim of policy making in cyberspace must be to consider the interaction between law and technology, and to recommend regulation only for that part of a policy problem that will not take care of itself."12 Noting that free speech is threatened by both bad law and by bad code (i.e. "censorware" technologies), Lessig's proposal would see web sites being required by law to adopt a "harmful to minors label" developed by a regulatory agency in consultation with Internet standards bodies. In his view, there is a need "to identify good law that might avoid bad code."13

The third general approach for dealing with objectionable content is an approach which relies more on laws of general application and self-regulatory approaches. In Canada, for example, the CRTC has examined this issue in its New Media proceeding which culminated in the issuance of the CRTC's Report on New Media dated May 17, 1999 (Broadcasting Public Notice CRTC 1999-84 and Telecom Public Notice CRTC 99-14). In that Report, the Commission acknowledged the expressions of concern about offensive and potentially illegal content on the Internet. The Commission noted, however, that ISPs and their industry associations, in conjunction with government agencies and other organizations, have made efforts to develop codes of conduct to help combat the distribution of offensive material. The Commission noted that effective content filtering computer software is available and that education and awareness were an important element in dealing with this issue. The Commission went on to state that, in its view, more could be done for example, by establishing complaint lines and industry ombudsmen and developing international co-operation with law enforcement agencies. The Commission also acknowledged the views of the majority of parties to the proceeding that generally applicable Canadian laws, coupled with self-regulatory initiatives, rather than the Broadcasting Act, are more appropriate means for dealing with offensive material in New Media. The Commission also found that the vast majority of such content is beyond the regulatory jurisdiction of the Broadcasting Act in any event.

In my view, the Commission got it right on this topic. However, well intentioned they may be (and leaving aside any philosophical debate about freedom of speech), approaches such as that adopted in Australia have the potential to prove impractical, ineffective and costly. In my view, education and customer empowerment hold the most promise for dealing with this contentious issue.

With respect to customer education, two initiatives bear mentioning here. One of the largest educational sites in Canada is that of the Media Awareness Network (MNet). The Media Awareness Network is a not for profit organization devoted to providing information about media industries in Canada and sponsored by a number of Canadian communications companies and government departments. Its mission is to be a leader in providing educational approaches to emerging Internet-related issues and to promote and support media education in Canadian schools, homes and communities through its award-winning Internet site.14 It provides information, teaching resources, community programs and discussion forums on a wide range of media topics from a uniquely Canadian perspective. It covers news reporting, the media's influences on behaviour and choices, the protection of personal privacy, on-line marketing directed at children, authentication of on-line information and tools for parents regarding on-line safety and offensive and the inappropriate content.

Another important educational tool soon to be launched is the new child protection portion of a revamped web site provided by the Canadian Association of Internet Providers (CAIP). The site is being designed with the purpose of providing some of the basic information that ISPs are regularly asked to supply, such as how to filter harmful or offensive content. It will also include valuable content created by the Media Awareness Network, and a discussion forum created by LiveWires Design on key topics (e.g., Hate on the Net). All content will be linked from a single window. Through links, users will be able to obtain, in either French or English, a basic Internet primer on each of the Net resources; information about Net tools (blocking and filtering software, rating systems, directories, portals); seminars for teachers, educators and librarians on key issues arising from Internet use including how to validate information posted on-line and some of the strategies used by on-line marketers; privacy tips; safe shopping tips; consumer dos and don'ts; and approaches for families and educators to deal with on-line abuse (fraud, scams, harassment, predators, junk e-mailers, offensive content). There will also be links to some other sites that provide information about technology tools.

The CAIP site has been created with considerable outreach and testing with parents, teachers and child experts. Rather than discouraging users from enjoyment of the Internet, the approach is to provide the tools to surf and transact as an informed user, acting wisely.

In addition to customer education and awareness efforts, industry can play a key role in addressing the content issue through other self-regulatory initiatives. A case in point is the work currently being undertaken by the Internet Content Rating Association (ICRA). Formed in May of 1999, ICRA was created to develop an internationally acceptable on-line content rating system. Backed by some of the worlds best known Internet and communications companies, ICRA's founding members include AOL, Bell Canada, The Bertelsmann Foundation, British Telecom, Cable and Wireless, Deutsche Telekom On-line Service, IBM, and the Internet Watch Foundation. Its mission is to enable the development, implementation, management and promotion of usable, affordable labeling and filtering systems that provide Internet users world-wide with the choice to filter their access to Internet content. It particularly emphasizes the empowerment of parents and caregivers to select content available to young children. As an indication of the importance with which this project is viewed, the European Union has recently committed the sum of 1M euros to assist ICRA in the development of this system.

Originally, ICRA's intention was to base global web site content ratings on the system established by the Recreational Software Advisory Council on the Internet (RSACi), the rating mechanism that is already embedded in the ubiquitous web browsers Microsoft Internet Explorer and Netscape Navigator. The RSACi rating system was originally developed for video games and currently has four categories (nudity, sex, language and violence) and a number of rating levels within each rating category. ICRA intends to make a number of improvements that would greatly expand and enhance the existing RSACi categories and rating levels. For example, the categories could be expanded to include topics such as hate. Also, context variables may be added to distinguish appropriate from inappropriate content based on the context in which it is portrayed (e.g., nudity in a medical context versus a pornographic context).

In addition to the current RSACi ratings, ICRA intends to incorporate a wide variety of filtering templates created by third parties. For example, users could choose to receive content that had been screened by a trusted third party organization. In addition, ICRA intends to provide a capability for users to overlay lists of specific prohibited or permitted sites. It also intends that its system will operate in a number of the major languages of the world.

Under the ICRA model, filtering software is intended to be made available to users at no charge. Filtering software can also be programmed to block access to unrated sites. Web sites will voluntarily rate their sites according to the ICRA rating system and will be entitled to exhibit the rating and ICRA logo. Sites will be subject to audit by ICRA to ensure compliance with the rating scheme.

The ICRA project is an ambitious one that has never been attempted before. Until now, all rating and classification schemes have applied within individual countries based on their cultures and norms. ICRA is attempting to develop an internationally accepted rating and filtering scheme on a medium which continues to develop, change and reinvent itself. The ICRA initiative constitutes a self-regulatory scheme that is intended to address global concerns related to offensive content while at the same time protecting free speech and avoiding some of the pitfalls of more restrictive, interventionist models.

In my view, the ICRA initiative is an encouraging example of the types of self-regulatory initiatives that can be undertaken when industry puts its mind to the task. This initiative holds much more promise than the alternative of a multitude of inconsistent and ineffective laws. It is precisely the kind of initiative referred to by the Commission in its New Media Report when it discussed the promise of self-regulatory initiatives and encouraged the Internet industry to continue their work in developing standards and procedures for dealing with offensive content.

The value of all of these various customer education and empowerment tools as a means of dealing with offensive content is highlighted in recent research published by the United Kingdom's Independent Television Commission.15 The study was commissioned to discover what Internet users and potential users expect in terms of regulation of the Internet and focussed on consumer reaction to online risks such as fraud and offensive and rascist content. Interestingly, the ITC study found that, the more users learned about the Internet and the tools that were available to them as various controlling mechanisms, the less inclined they were to accept regulation of the Internet by a third party. Over the course of the study, participants were given the time and opportunity to learn about how the Internet operates and discuss the issues. By asking the same questions at the beginning and end of the event, the researchers were able to determine how much people's views changed once they had more information about the subject and whether new concerns arose or early worries were dispelled.

Although initially, only one in seven participants thought that users should regulate themselves, by the end of the study, more than half held this view. And this shift in attitude was particularly reflected in views about the protection of children. At the beginning of the study, there was support for some form of external control but by the end of the study, people came to the view that what is needed is software to help parents supervise their children within the family environment.

While this research is admittedly limited, its results are interesting and lend support to the conclusion that Internet users favor informed self-regulation and value the work of organizations aimed at promoting such tools.

(c) Privacy

While privacy continues to be a major concern regarding the Internet and the development of e-commerce, there has emerged no single international approach to addressing this concern. While there is broad agreement internationally on the appropriate guidelines for the protection of privacy,16 a wide variety of approaches to implementing these principles have emerged internationally. At one end of the spectrum is the approach adopted by the European countries which have opted for a comprehensive regulatory regime with a very detailed, rigid, all-encompassing set of privacy provisions that would apply to all organizations in all industries. In October 1998, the EU Directive on Data Protection came into effect. 17 This Directive requires the EU member states to pass national laws that meet minimum standards for the protection of personal information and to address issues of enforcement and redress. The Directive also affects data flows outside of Europe by prescribing that the transfer of personal information to third countries can occur only if such countries provide an "adequate" level of privacy protection.

At the other end of the spectrum is the approach adopted by the U.S. that favors reliance primarily on market forces. The U.S. does not have a single, comprehensive privacy law for the private sector nor does it have an agency charged with administering any such law. The U.S. approach has traditionally been more selective, regulating the private sector fairly strictly in certain areas (e.g., video rental records, protection of children's privacy on-line) but not legislating at all in others18.

Because the U.S. relies largely on sectoral and self-regulatory approaches to privacy rather than legislative ones, many U.S. organizations have been uncertain about the impact of the EU adequacy requirement for the transfer of personal information from EU countries to the U.S. To that end, in the fall of 1998, the U.S Department of Commerce proposed a "safe harbor" for U.S. companies that choose to adhere to certain privacy principles. At the end of July of this year, the European Commission adopted the US proposal determining that the US safe harbor provides adequate protection for personal data transferred from the EU.19

The safe harbor principles are intended to guide U.S. companies that are seeking to comply with the EU Directive "adequacy" requirement. Organizations within the safe harbor would be viewed as providing adequate privacy protection and data transfers from the EU could continue. Companies can come into the safe harbor by self certifying that they adhere to the principles - the decision to enter the safe harbor being entirely voluntary. Organizations may qualify for the safe harbor in different ways (e.g. by joining a self regulatory privacy program that adheres to the safe harbor principles or by developing their own self regulatory privacy policies that conform to the principles). Of particular interest is the fact that, where the organization relies in whole or in part on self regulation, its failure to comply with such self regulation must also be actionable under section 5 of the Federal Trade Commission Act prohibiting unfair and deceptive acts or another law or regulation prohibiting such acts.

Even though participation in the safe harbor is voluntary, once a company decides to join, the safe harbor rules are binding and compliance with the rules is backed up by the law enforcement powers of the Federal Trade Commission and of the US Department of Transportation (for airlines).

In recognition of this rather innovative approach, both sides have agreed to review adherence to the safe harbor in the middle of 2001.

The European and U.S. approaches to privacy stand in stark contrast to each other. On the one hand, the European approach is a very "regulatory" approach with an all encompassing and detailed legislative framework applying uniformly to all sectors. The U.S. approach, on the other hand, relies largely on market forces with self-regulation as an option for organizations wishing to qualify for the safe harbor in order to satisfy the EU requirements.

The Canadian approach reflected in the Personal Information Protection and Electronic Documents Act (which was passed on April 4, 2000, and will come into force January 1, 2001)20 reflects neither of these extremes. This Act is based on the Canadian Standards Association Model Code for the Protection of Personal Information (the CSA code) which in turn is based on the OECD privacy guidelines.

The CSA code has been adopted as a national standard by the Standards Council of Canada. Its ten principles represent a cohesive set of fair information practices that reflect and balance the concerns of all parties and are technologically neutral. The CSA code is supported by both consumer groups and the business community.

By enshrining the CSA code in legislation, the Canadian approach to protecting personal information recognizes that, in the sensitive area of privacy, consumers desire assurances beyond reliance on market forces alone. Two provinces in Canada, namely British Columbia and Ontario, also have expressed their intention to base future private sector privacy legislation on the CSA code.

By adopting a legislative approach, the Canadian approach admittedly cannot be characterized as one of pure self-regulation. On the other hand, the concept of self-regulation is far from absent in the Canadian approach. First of all, the development of the CSA standard itself was a self-regulatory initiative - one which no doubt influenced and shaped the ultimate approach adopted by the government in the legislation. Secondly, the approach adopted in the Act, in contrast to the all-encompassing, rigid nature of the European approach, reflects a more flexible legislative approach. For example, it enshrines high-level privacy principles while avoiding unnecessary and costly regulation and providing necessary flexibility to tailor specific privacy practices to the unique circumstances of specific industry sectors. This approach strikes the appropriate balance between the consumer's desire for privacy and the legitimate needs of business to collect and use customer information, while at the same time it is intended to meet the "adequacy" requirements of the EU directive.

(d) Consumer Protection

One of the major impediments to the growth of e-commerce is consumer concern about the security of their on-line transactions, the trustworthiness of vendors, the fitness and suitability of goods ordered from a distance, the ability to resolve disputes with distant vendors - in other words, all of the traditional consumer protection concerns which become magnified, at least in the eyes of the consumer, in an on-line world. Thus it is essential for the growth of e-commerce that these issues be addressed in a manner satisfactory to consumers.

At the same time, however, the tremendous potential of global electronic commerce would be dampened considerably if a patchwork quilt of new, inconsistent national rules were to emerge. Any such regulations would be difficult to enforce and most on-line merchants, particularly the smaller ones, would find it impossible to comply with the different, often conflicting national rules that would result.

The continuing focus of lawyers and governments on the jurisdiction issue (i.e., trying to determine which law applies and which court is competent to hear the case) does not go far enough to provide the kinds of practical solutions that consumers need. Indeed, at a recent meeting of the ILPF that I attended, a member of the European parliament acknowledged that the EU Proposal to mandate the law of the consumer's country in consumer transactions should be regarded as a last resort mechanism and that industry initiatives and on-line alternative dispute resolution mechanisms hold the most promise for practical solutions.

To address consumer protection issues, there are a number of important self-regulatory initiatives underway, both nationally and internationally. Such initiatives should particularly benefit small and medium enterprises that do not benefit from the same degree of consumer trust and brand recognition as large well-known retailers. Before describing these, however, it is perhaps useful to examine how some individual on-line businesses and their customers have implemented what amount to forms of self-regulation tailored to their specific businesses. The on-line auction business, eBay, is a case in point. Perhaps no on-line commercial activity creates more consumer apprehension than the very idea of on-line auctions with numerous anonymous bidders and sellers unknown to each other and physically separated by great distances.

In order to address such concerns, it was eBay users themselves who developed a solution. In message board postings to the founder of eBay, users suggested that the company set up a system for buyers and sellers to rate each other. This suggestion was implemented and resulted in the Feedback Forum, a type of peer reviewed credit reporting system. In the Forum, buyers and sellers rate each other and comment on the results of their business together. In addition to the feedback forum, eBay instituted message boards as a way of encouraging users to answer each other's questions.

These tools proved to be the missing link in eBay's business plan and resulted in the eBay community finally taking off. Essentially, eBay has become a market that relies on identity and reputation for risk management. Some preliminary research suggests that users are willing to pay up to 30% more in certain markets for items sold by someone with a high feedback rating.21

Despite these programs, as eBay's success grew, it nevertheless became a target of consumer scrutiny and worry about fraud. To further address this issue, eBay introduced a comprehensive trust and safety program whereby it granted buyers free insurance for purchases up to $200, less a $25 deductible. Sellers were also given an opportunity to pay $5 and have their identity verified by a credit rating agency and eBay introduced tougher policies against unworthy bidders. eBay also introduced an escrow service which, for a fee, will hold payment from the buyer until shipment is received. eBay also made available to its users an on-line dispute resolution mechanism offered by a third party.

While this form of customer empowerment and self-regulatory initiative is admittedly far from bullet-proof and is obviously tailored to very specific circumstances, it is nevertheless illustrative of the types of innovative and imaginative solutions that can go a long way towards addressing consumer concerns in an on-line environment. In the case of eBay, these efforts transformed what some would have predicted to be a recipe for failure (i.e., a huge anonymous market where people never meet in person with no formal clearing) to a highly successful marketplace with over a half million transactions per week.

Quite apart from specific efforts of specific businesses regarding consumer protection matters, there are a number of co-operative and collective actions underway that have as their objective the development and implementation of self-regulatory models and codes of conduct. On the international stage, the Global Business Dialogue on Electronic Commerce22 (GBDe) is working diligently to encourage the development of self-regulatory models dealing with a number of issues, most notably consumer protection and alternative dispute resolution (ADR). The GBDe consists of some 70 CEOs representing the world's leading Internet and e-commerce companies.

The GBDe provides a forum for business leadership on Internet issues. It aims to encourage a market driven environment for the future development of global e-commerce and recognizes the need to engage governments and international organizations in a coordinated dialogue to resolve many of the policy issues the Internet raises.

In September 1999, the GBDe issued its first recommendations to government on a wide range of policy issues critical to the development of global electronic commerce. These range from the protection of personal information collected over the Internet to eliminating trade barriers to electronic commerce. The GBDe CEOs have made a personal commitment to work together to develop new, self-regulatory approaches to deal with many of these issues. Consumer protection on the Internet has been a particular focus of the GBDe's efforts this year.

The GBDe is urging governments to avoid simply adapting traditional models of domestic consumer protection law and regulation to the on-line environment. Instead, the GBDe has developed voluntary guidelines for on-line business conduct that could be implemented by companies worldwide. The guidelines, among other things, guarantee basic protections from false or misleading advertising, protect the security and privacy of on-line transactions and ensure access to effective complaints handling procedures. The GDBe also believes that if on-line consumers cannot resolve a problem with a merchant, they should be able to take their complaint to an impartial, independent party, such as an on-line mediation service, for dispute settlement as an alternative to legal action.

In Canada, a Working Group on Consumer Protection comprising major business associations, consumer groups and federal and provincial government representatives developed and published in 1999 the Canadian Principles for Consumer Protection in Electronic Commerce.23 The objective of these principles is to guide and influence the behaviour of on-line merchants so as to ensure that consumers will enjoy equivalent protection in electronic commerce as they do in other forms of commerce. Among other things the principles set out the information merchants should make available to consumers about themselves and the goods and services offered for sale, specify the need for effective web site security and privacy protection based on the CSA model privacy code and assure access for consumers to fair and effective means of resolving problems with their electronic transactions.

In developing these principles, the Working Group has recognized that the electronic marketplace requires new approaches. Specifically, the document acknowledges the need for a policy framework that includes a blend of voluntary and regulatory approaches and one that is consistent with directions in consumer protection established by international bodies, such as the Organization for Economic Cooperation and Development (OECD).

While the Canadian consumer protection principles were being developed, a closely related self-regulatory initiative was being pursued by Canadian business through the Canadian e-Business Roundtable.24 This is a private sector-led group of Canadian CEOs that is developing strategies for accelerating Canada's participation in the global Internet economy. The Roundtable has recommended the establishment of an internationally recognized Canadian "trustmark", or seal of approval, that would appear on the web sites of companies that comply with voluntary consumer protection guidelines.

The E-Business Roundtable has since joined forces with the Working Group on Consumer Protection to develop a program that will approve trustmark or seal programs that satisfy the Canadian Consumer Protection Principles for Electronic Commerce, rather than create a new seal program and accredit individual sites. A similar initiative, TrustUK25, has been developed in the United Kingdom. The GBDe has developed voluntary guidelines for businesses or other organizations developing e-commerce trustmark programs and codes of conduct and for the merchants that they certify26. Similarly, the European Commission recently has sought comment on a set of principles that would guide the establishment of such codes of conduct27.

Among the objectives of the Canadian "seal-of-seals" program, like the European and GBDe initiative, are:

  • to reduce the confusion caused to consumers by the many seal programs already in the market place, each of which may offer different standards of protection;
  • to help merchants identify reliable seal programs;
  • to identify and brand merchants as reputable, for domestic and foreign consumers alike.

The program will identify existing and future seal programs that guarantee a basic level of consumer protection in terms of on-line business practices, based on the Canadian principles and OECD guidelines; privacy protection, based on the CSA model privacy code; and complaints handling procedures, including recourse to neutral, independent alternative dispute resolution (ADR) that adheres to certain established principles. Monitoring compliance by merchants and ensuring objective enforcement is essential to building consumer trust in such programs. An independent accreditation committee will approve the use of the seal, ensure ongoing compliance by merchants, review complaints and, as required, impose sanctions on a seal program that does not deliver what it promises.

The program will not compete with existing seal programs, but rather will establish a "benchmark" for determining which voluntary seal programs meet or exceed the accreditation criteria set by the program. It will build on and could assist the work of programs that already exist or are in development, such as the WebTrust seal, which has been developed by accounting professionals in the US and Canada, the Better Business Bureau Online privacy and reliability seals and similar programs in Europe and Asia.

A longer term objective of the Canadian program is to develop a more formal, voluntary national standard for consumer protection for e-commerce. Based on the experiece gained in setting up and operating the seal of seals program, a standards committee involving business, consumer representatives and government will begin developing criteria, possibly in the form of a model code, that could be used to accredit both seal programs and individual merchants. This work, together with similar initiatives in several other countries, eventually could be used to develop an international voluntary standard that would help ensure comparable levels of protection for on-line consumers across national jurisdictions.

All of these initiatives recognize a common interest by government, business and consumer groups in finding new approaches that will ensure consumer protection in the on-line environment. For governments in the OECD and business within the GBDe, the focus has been on the need to ensure consistent approaches across national borders. In Canada, the E-Business Roundtable has stressed the importance of consumer confidence for accelerating the growth of e-commerce, while consumer groups and governments are anxious to ensure that consumers continue to have the same protections they now enjoy in the off-line world.

A consensus would seem to be developing that the best - and perhaps only - means of achieving all of these objectives will be a flexible approach, based on a self-regulatory model with input from industry, government and public interest groups. Nevertheless, some governments and consumer groups remain tempted to regulate in this area, citing, for example, the fear that consumers will be confused by the development of competing trustmark programs, some of which may be more reliable than others. Such concerns are not unfounded. It is for this reason that BCE and other Canadian businesses have led the effort in Canada to develop a seal of seals program and are working in the GBDe to develop guidelines that will ensure greater transparency and comparable levels of protection among competing trustmark programs.

At present only a few trustmark programs are being used and are widely known. Such programs can play an essential role in building consumer trust in e-commerce and governments should encourage and support their development. Minimum requirements for such programs must be allowed to evolve as needs and technology changes. As a result, it would be a mistake, or at best premature, for governments to seek to regulate national or international trustmark programs or require compulsory accreditation. Competition should be encouraged among programs to promote innovation, to respond to differing consumer and business requirements and ultimately enhance consumer confidence and trust.

(e) Alternative Dispute Resolution

With parties doing business at a distance in an environment where jurisdictional issues are unclear at best and where speed is critical, traditional legal recourse to the courts is becoming less practical or desirable, particularly for consumer transactions. As a result, ADR, and in particular on-line ADR, is becoming increasingly popular in the on-line world. Some have even speculated that it may become the primary means of dispute resolution, rather than the "alternative" means, in the on-line world.

Much as there is no single approach to self-regulation, ADR is not a single approach to dispute resolution. There are a variety of methods and systems currently available in the on-line world and more are sure to be developed (e.g. eResolution28 and NovaForum29 are two recent Canadian ADR services that have emerged). Professor Ethan Katsh30 has described twelve current on-line ADR efforts and summarizes their differences in approach and purpose.31 The approaches vary from being non-profit in nature to highly commercial initiatives. Some automate dispute resolution completely with no human intervention (i.e., blind bidding) while others employ technology as a tool to assist in the use of traditional ADR techniques. Some are focussed on particular dispute areas while others are more general in nature. They are all early attempts at on-line ADR techniques that are certain to be refined and expanded in the future.

Likely the most known form of on-line ADR is the process established by the Internet Corporation for Assigned Names and Numbers (ICANN) at the end of 1999 to resolve disputes over domain names32. All registrars in the .com, .net, and .org top-level domains follow the Uniform Domain-Name Dispute-Resolution Policy (often referred to as the "UDRP"). Under the policy, disputes arising from allegedly abusive registrations of domain names (for example, cybersquatting) may be addressed by expedited administrative proceedings that the holder of trademark rights initiates by filing a complaint with an approved dispute-resolution service provider. Even though decisions under the UDRP are subject to challenge by court action, the ICANN process has disposed of approximately 1000 of 1500 complaints received since its launch less than a year ago.

There are other means of resolving disputes in an on-line world as well. In the case of on-line auction sites, the rules of the marketplace themselves (as described earlier in the discussion surrounding eBay) create incentives for the parties themselves to resolve their disputes. This has been characterized by one set of commentators as "eBay law".33

Another form of dispute resolution which may not be widely known to consumers is typically provided by credit card companies. When a consumer makes a purchase on the Internet with some credit cards, he or she is often also purchasing a sophisticated private law and dispute resolution mechanism. A series of contracts exist between cardholder, card issuer, merchant bank and merchants that include operating resolution and dispute resolution mechanisms. If a dispute arises on various issues (ranging from fraud, overcharging, product defects, or misdescription) the bank serves as an intermediary dispute resolution mechanism which typically seeks input from both the consumer and the merchant and, if the consumer's case is made, "charges back" the merchant (i.e., debits the merchant and credits the consumer). This mechanism appears to work in practice since the credit card company has an incentive to instill consumer trust and the merchant has an incentive to co-operate in order to be able to continue to take advantage of the credit card payment system.

In my view, it makes sense for on-line vendors to provide access to or participate in an on-line dispute resolution process. When buyers and sellers are doing business in cyberspace, it is a logical extension to extend this same medium to the dispute resolution process. Indeed, it appears that there is a significant customer appetite to take advantage of such processes. On-line dispute resolution processes are actually being employed to resolve sizable numbers of disputes. In a pilot project conducted by Katsh, Rifkin and Gaitenby, about three quarters of respondents were willing to participate in their on-line mediation process.34 As the authors point out:

" in the absence of the sovereign that can usually compel submission to a legal process, it is possible to take advantage of the context of the particular marketplace and the rules for participating in the marketplace. The disputants' relationship to this marketplace can often serve as a substitute for the coercive power of the state."35

As commercial cyberspace becomes larger and more active, it is likely that demand for on-line ADR services will grow. Such services can also be expected to continue to evolve and improve by using increasingly sophisticated technological tools and maximizing the power of technology.

The GBDe, like most business groups, is committed to the use of ADR for on-line consumer disputes. It has developed a set of voluntary recommendations for ADR service providers that will encourage such systems offer to consumers a fair, transparent, timely and affordable means to settle disputes and to obtain redress.36 Governments should also ensure that national policies encourage the further development of ADR systems. However, at this stage in the development of ADR systems, governments should not seek to be prejudge the direction that such systems should take. Governments should avoid, in particular, favouring public over privately-developed systems or imposing mandatory accreditation systems or guidelines, which will distort competition between national and international systems. To encourage innovation and consumer choice, achieving a sustainable level of competition among competing national and international ADR providers must be a priority.

5. Where Do We Go From Here?

There is no single, all encompassing solution to dealing with the myriad of issues raised by the Internet and e-commerce. While the emphasis of this paper has been on self-regulatory efforts, government initiatives on various fronts remain an important component. For example, international efforts aimed at harmonizing national laws and approaches to consumer protection issues are worthy of continued pursuit. International treaties may be one possible outcome; alternatively, nations can incorporate into their domestic laws model laws and policies developed by international organizations such as UNCITRAL and the OECD. International efforts, by their nature, however, are likely to have a longer term horizon. In the meantime, there are also various issues which can and should be dealt with in national laws independently of international efforts. For example, laws aimed at recognition of digital signatures or protection of intellectual property rights in an on-line world are appropriate and necessary responses to facilitate the growth of e-commerce.

As this paper has attempted to demonstrate, self-regulatory initiatives can also be an important piece of the puzzle. Such initiatives can take various forms in various situations. Some situations are particularly suited to self-regulation while others may be less suited.

It seems to me that the self-regulatory model tends to work best when market incentives and the objectives of self-regulation coincide. Thus, for example, content initiatives such as those being pursued by ICRA hold much promise because, in large measure, content providers have the incentive to rate their sites so that users can find them (e.g., and not be blocked because the site is unrated) and so as not to attract the type of viewer that is offended by the type of content offered by that provider. Similarly, in the area of consumer protection, most businesses have an incentive to instill trust in consumers, maintain their reputation and deal with disputes in a speedy and cost-effective manner. Moreover, the borderless nature of the Internet and the jurisdictional problems encountered with traditional legal mechanisms suggest that self-regulation in the areas of content and consumer protection may be the most practical solutions.

It should also be remembered that government and self-regulation can often work together. Thus, for example, an effective regulatory scheme for consumer protection might have governments aggressively regulating fraudulent on-line vendors who are not susceptible to standard market incentives, while encouraging self-regulatory initiatives to govern the majority of players who have market incentives to establish trustworthy reputations among consumers.

The issue of privacy presents somewhat different challenges and warrants a slightly different approach. Perhaps because there is not a good matching of incentives, or perhaps because certain businesses miscalculated the public's views on this topic, it would appear that consumers have become increasingly suspicious about relying solely on self-regulation in this area. Recent highly publicized examples of plans of certain businesses for the use of personal information gathered over the Internet have attracted much debate and very recently prompted the American business publication, Business Week, to call for federal privacy legislation in the U.S.37 Fortunately, in Canada, I believe we have chosen the right approach - one which enshrines in legislation broad privacy principles but is flexible enough to accommodate sector specific codes or practices developed by business to take into account particular circumstances.

In dealing with the issues raised by e-commerce and the Internet, business has both a unique opportunity and a tremendous challenge. Consumers may be skeptical about the efficacy of some forms of self-regulation and particularly enforcement. If business does not act to deal with issues relating to matters such as objectionable content, consumer protection and dispute resolution, consumers will not develop the trust and confidence needed for the potential of the Internet economy to be realized. On the other hand, if business embarks on these efforts and they either fail or are not honoured, the harm to consumer confidence could be even greater. Despite these risks, in my view the opportunity must be seized. In developing self-regulatory schemes, particular emphasis must be placed on enforcement measures. Some of the efforts described in this paper outline how this issue can be dealt with in a self-regulatory model. With concerted effort in this front, I suspect and hope that many of the fears about the efficacy of self-regulation will prove to be more theoretical in nature than of practical concern. Admittedly, at this time, the jury is still out.

As to the fears of some businesses that self-regulation may encourage governments to regulate pre-maturely or unnecessarily, in my view these fears are unfounded. In fact, self-regulatory efforts should have the opposite effect. If industry does not pursue such initiatives, there will be increasing pressure on governments to act and the result will be much more costly and cumbersome than the alternative of self-regulation.

Governments, for their part, must also be cautious and selective in their approaches to national and international solutions. Although the current environment in the on-line world is often bemoaned for its jurisdictional uncertainty, there is a danger that the alternative to uncertainty in the short term could be bad rules rather than good rules (as a U.S. Commerce Department official recently pointed out at an international conference on jurisdiction).38 Governments should continue to support and encourage self-regulatory initiatives, as Industry Canada and the CRTC have. The input of both governments and consumer groups should also be actively sought by industry groups attempting to develop self-regulatory mechanisms, as has been the case with the Canadian Working Group on consumer protection.

Of course, all of these self-regulatory mechanisms raise legal issues of their own. For example, what liability is attracted for breach of a code of conduct? What liability is attracted to the certifying authority for inappropriate refusal to certify a seal program or a business? How will these seal programs be enforced across jurisdictional boundaries? These issues will have to be addressed in due course; however, I do not anticipate that they will raise any obstacles that cannot be overcome with the resolve to do so.


  1. Developing a Code of Practice for Electronic Traders (Doc Ecom-21-00) 06 July 2000 - http://www.tacd.org/ecommercef.html#codeprac

  2. Communications Regulation in the UK, A paper by the Director General of Telecommunications, Office of Telecommunications, July 2000 - http://www.oftel.gov.uk/about/whit0700.htm

  3. Cable Television Customer Service Standards, Public Notice CRTC 1994-54 - http://www.crtc.gc.ca/archive/Notices/1994/PB94-54.htm

  4. Guidelines for Developing Industry-administered Standards, Public Notice CRTC 1988-13 - http://www.crtc.gc.ca/archive/Notices/1988/PB88-13.htm

  5. Voluntary Code Regarding Violence in Television Programming, Public Notice CRTC 1993-149 - http://www.crtc.gc.ca/archive/Notices/1993/PB93-149.htm

  6. The ILPF is an international organization dedicated to promoting the global growth of e-commerce through a better understanding of the legal and policy issues associated with the Internet - http://www.ilpf.org

  7. Observations on the state of self-regulation of the Internet, ILPF, October 1998 - http://www.ilpf.org/selfreg/whitepaper.htm

  8. A Global Action Plan for Electronic Commerce - Prepared by Business with Recommendations for Governments, Alliance for Global Business, 2nd edition, October 1999, pages 7 and 8 -http://www.iccwbo.org/home/menu_electronic_commerce.asp

  9. http://www.parl.gc.ca/36/2/parlbus/chambus/house/bills/government/C-6/C-6_4/C-6_cover-E.html

  10. See Ian G. McGill, Internet Content Regulation, Intermedia, October 1999/Vol. 27/No. 5.

  11. Memorandum dated 6 August 2000, from Lawrence Lessig to the US COPA Commission regarding Proposed legislation to zone minors from material deemed harmful to minors.

  12. Id. at 10.

  13. Id. at 11.

  14. http://www.media-awareness.ca

  15. Independent Television Commission, Internet Regulation: The Way Forward?, January 2000 - http://www.itc.org.uk/news/news_releases/show_release.asp?article_id=365

  16. See the 1980 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, recently reaffirmed in October 1998 by the governments of the OECD member countries attending the Ottawa Ministerial Conference - http://www.oecd.org/dsti/sti/it/secur/index.htm

  17. Directive 95/46/EC - http://europa.eu.int/eur-lex/en/lif/dat/1995/en_395L0046.html

  18. Recently, the CEO of Hewlett-Packard has stated that some form of legislation is needed to help answer the growing concerns over Internet privacy claiming that "there is a role for legislation that sets a minimum set of requirements to create a foundation that is minimally acceptable". HP's Fiorina backs Net regulation, ZDNN, Aspen, Colorado, 23 August 2000 (www.zdnet.com/zdnn).

  19. See Commission Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the Safe Harbor Privacy Principles and related Frequently Asked Questions issued by the US Department of Commerce http://europa.eu.int/comm/internal_market/en/media/dataprot/news

  20. http://www.parl.gc.ca/36/2/parlbus/chambus/house/bills/government/C-6/C-6_4/C-6_cover-E.html

  21. Meg Muscles eBay Uptown, Fortune Magazine, New York, 5 July 1999.

  22. http://www.gbde.org

  23. Principles of Consumer Protection for Electronic Commerce - A Canadian Framework published by Industry Canada, November 1999 - http://strategis.ic.gc.ca/SSG/ca01185e.html

  24. See Fast Forward: Accelerating Canada's Leadership in the Internet Economy: the Report of the Canadian E-Business Opportunities Roundtable prepared by the Boston Consulting Group (Canada) January 2000 - http://strategis.ic.gc.ca/pics/mt/roundt.pdf

  25. See http://trustuk.uk.org

  26. See http://gbde.org

  27. See Principles for e-commerce codes of conduct - http://econfidence.jrc.it

  28. www.eresolution.ca

  29. www.novaforum.com

  30. Ethan Katsh is professor of Legal Studies and co-director of the Centre for Information Technology and Dispute Resolution, University of Massachusetts.

  31. Ethan Katsh, The New Frontier: Online ADR Becoming a Global Priority, Dispute Resolution magazine (American Bar Association) Winter, 2000, pages 6 to 8.

  32. www.icann.org

  33. E-commerce, E-dispute, and E-dispute Resolution: In the Shadow of "eBay Law"by Ethan Katsh, Janet Rifkin, and Alan Gaitenby in an article available at http://www.disputes.net/cyberweek2000/ohiostate/katsh.htm

  34. Ibid.

  35. Id. at 16.

  36. See http://www.gbde.org

  37. It's Time for Rules in Wonderland, Business Week, 20 March 2000, page 82.

  38. ILPF conference Jurisdiction: Building Confidence in a Borderless Medium; Montreal, July 1999 - http://www.ilpf.org/confer/confer99.htm


About ILPF | To Join ILPF | Working Groups & Publications
Member Resources | Events | Home