Internet Law and Policy Forum

Upcoming Events
Archived Events

A Borderless World: Realizing the Potential for Global Electronic Commerce

Observations on the State of Self-Regulation of the Internet

Prepared for The Ministerial Conference of The Organisation for Economic Cooperation and Development ("OECD") A Borderless World: Realising the Potential for Global Electronic Commerce
Ottawa, Canada
October 7-9, 1998

Prepared by ⁽¹⁾
Albert Gidari
Executive Director, ILPF
6363, route Transcanadienne, suite 205
Saint-Laurent, Quebec H4T 1Z9
1.514.744.0408
malenfant@ilpf.org
http://www.ilpf.org

Partner, Perkins Coie LLP
1201 Third Avenue, 40th Floor
Seattle, Washington 98101
1.206.583.8688
gidaa@perkinscoie.com
http://www.perkinscoie.com

EXECUTIVE SUMMARY OF THE INTERNET LAW AND POLICY FORUM OBSERVATIONS ON THE STATE OF SELF-REGULATION ON THE INTERNET

The Internet Law and Policy Forum ("ILPF")⁽²⁾ is an international, nongovernmental organization dedicated to fostering the growth of electronic commerce and the Internet. ILPF provides a neutral and objective venue for research and development of solutions to the legal and policy issues surrounding Internet commerce and communications. ILPF is pleased to participate in the Ministerial Conference of the Organisation for Economic Cooperation and Development (the "OECD") and to share ILPF's observations on the state of self-regulation on the Internet.

A. Background of ILPF Self-Regulation Initiative

ILPF entered the debate over the efficacy of industry self-regulation in January 1998 when it approved a multiphase project to examine this issue.⁽³⁾ In the first phase of the project, ILPF compiled and analyzed a wealth of primary and secondary materials regarding Internet governance, resulting in the creation of the Bibliography of Internet Self-Regulation.⁽⁴⁾ The Bibliography was a path-breaking exercise that continues today with regular updates of the survey and analysis of the resulting trends.⁽⁵⁾ The Bibliography disclosed that, while there seemed to be broad consensus that self-regulation of the Internet was critical to its future growth, there was little consensus about the term's meaning or how to achieve or implement a self-regulatory regime.

The second phase of the project involved an examination of the various methods of self-regulation and an assessment of their effectiveness. ILPF will publish the results of its findings upon completion of the project in December 1998. Based on work to date in its self-regulatory initiative, ILPF is able to make several preliminary observations on the state of self-regulation on the Internet and the surrounding debate.

The self-regulation discussion takes place at a time when the growth of electronic commerce and the Internet is unprecedented and highly dynamic with new innovations, applications and services coming almost daily. The OECD announced this Ministerial conference with the acknowledgment that the emergence of electronic commerce is so profound that it is creating a "new economic order, changing the ways people participate in society as citizens, consumers, workers and entrepreneurs.⁽⁶⁾ " Private sector participants in the OECD conference agree, stating in similar terms that "[t]he emergence of global networks has already begun profoundly to influence the way individuals interact with each other, businesses conduct their affairs, and governments provide services to their citizens."⁽⁷⁾

Governments and industry have embraced the proposition that the private sector should lead the development of electronic commerce with government action only where necessary to support a predictable legal environment.⁽⁸⁾ The debate between industry and governments today regards how to address social dislocations and anomalies that occur in times of such rapid change without sacrificing the promise of electronic commerce. Self-regulation instead of direct government intervention has become widely accepted as the appropriate policy direction.

B. Building Trust for Users and Consumers Through Self-Regulation

The OECD has identified "building trust for users and consumers" as a primary factor in the future growth and sustainability of electronic commerce. In its Global Action Plan, industry agrees and urges that the "protection of users, in particular with regard to privacy, confidentiality, anonymity and content control should be pursued through policies driven by choice, individual empowerment, industry-led solutions, and should be in accordance with law where applicable."⁽⁹⁾

1. Individual Empowerment

When governments speak of self-regulation, the "self" to which they refer generally is the business sector alone. This conception of self-regulation places too much of the burden on industry to solve the legal and policy issues raised by electronic commerce and fails to recognize individual users of Internet services and participants in electronic commerce as independent Internet stakeholders and possible administrators in a larger self-regulatory regime.

Individual empowerment is one of the dramatic possibilities of the Internet. There is no bound to the amount of information available to individual consumers of Internet services today, ranging from cost-effective means and modes of access to the Internet to the nature and kind of business practices in use for electronic commerce. Indeed, individual choice is celebrated in the very nature of the Internet where an individual self-determines what sites to visit, what content to view, and whether to do so anonymously or with the necessary identification to complete a transaction.

In response to strong consumer demands, technological tools have been and are being developed to protect privacy, permit secure electronic transactions, and protect against inadvertent exposure to undesired content. In addition, technological complexity is giving way to pre-set preferences; information glut and disorganization are being replaced by third-party services that organize, rate or filter according to user instructions. Virtual communities of like-minded individuals form and re-form in an ever-expanding web of information-sharing connections. Businesses, ever alert to consumer preferences, respond to these demands by adopting practices and providing services that meet the needs and desires of their customers. Any other course would be disadvantageous on the Internet.

To be sure, not all individuals have or will achieve complete control over all aspects of electronic transactions. Individual empowerment, however, is a capable regulatory tool that governments must recognize when considering the need for and nature of any direct regulation. Governments should ask first whether and to what extent self-help and self-organization can address the perceived problem.

2. Scope of Industry Self-Regulatory Efforts

In those cases where governments consider industry as the "self" in self-regulation with the responsibility to develop the desired solutions, government standards for measuring the success and effectiveness of self-regulatory outcomes have been unreasonable. In the discussion to date, governments have failed to recognize that the Internet industry is not monolithic and that there is no single "industry" that speaks for the whole of the Internet. Self-regulatory solutions are more appropriately developed on a sector-by-sector basis, on a timetable that fits the needs of that industry sector, and with due recognition and balancing of the extent of the perceived problem (risk of harm) against the risk of regulatory intervention (risk of diminished benefits).

Governments have threatened, both overtly and implicitly, to directly regulate electronic commerce if industry fails to deliver some omnibus self-regulatory solution in the immediate future. ILPF rejects this false sense of urgency. No one can seriously argue that the Internet suffers from some systemic dysfunction that can only be cured through government direct regulation or an immediate change in business behavior or practices. The vast majority of businesses are responsible Internet participants. While there are genuine concerns that need to be and are in fact being addressed, the actions of the 80 million or more Internet users and consumers give lie to the "big scare" and have embraced the cornucopia that is the Internet.

Moreover, the history of self-regulatory initiatives proves that snapshot solutions are ineffective. Instead, the basic premise of self-regulation is continuous improvement to meet the needs of the particular business in the most efficient manner (with "needs" encompassing company growth and consumer demand as well as the prevention and detection of unlawful or liability-producing conduct). For example, third-party or internal audits are proven self-regulatory tools. Successful audits build on prior audit results and become management tools for future improved performance. The process is iterative and repetitive, resulting in best practices that often are adopted or emulated by others in the same industry to remain competitive.

Similarly, adaptive management in a dynamic environment permits agile business responses to unforeseen or unexpected circumstances. Given the rapidly changing environment for electronic commerce driven by an unprecedented rate of technological change, adaptive management recognizes that prescriptive rules are obsolete before they even take hold. This mode of self-regulation works extremely well in those cases where governments delegate to industry the manner of compliance with high-level objectives. It also ensures technological neutrality and avoids technology lock-in.

Industry association codes of conduct establish normative rules of behavior that become standards for performance. Industry association codes of conduct and standards ensure a level playing field for all members but cannot guarantee that bad actors or free riders will not seek to gain a competitive advantage by failing to conform to the requirements. Companies that attempt to avoid the law or that adopt an industry code and then fail to follow it may face enforcement actions under state consumer protection laws for unfair or deceptive practices -- a remedy for consumer protection violations widely recognized in most jurisdictions. These bad actors also are likely to face the sanction of the Internet community.

More than in any other industry, Internet-centric companies have come to depend on standards to ensure interoperability and ubiquitous adoption of technology. Standards are a self-regulatory mechanism. Standards, like all self-regulatory initiatives, are voluntary and consensus-based. They reflect the marketplace, are technology-neutral and provide both forward and backward compatibility (unlike most direct regulation). Standards are not limited to technical requirements and have been used to develop quality assurance models, management procedures and model agreements. Standards are "enforced" through auditing and reporting (and in the case of public companies, disclosure when findings raise possible material issues for investors). Standards become "living documents" by virtue of revisions and new releases that build on past experience.

Despite the urgency seen by some governments, it is not possible to construct a self-regulatory framework from these tools overnight. Governments themselves should understand this because it takes much longer to develop the international consensus needed for codification of even basic international norms such as human rights protection or to achieve trade liberalization. Notwithstanding, the Global Action Plan and other private sector-led, international efforts such as the TransAtlantic Business Dialogue and the ILPF's international working group on electronic authentication demonstrate the ability of industry to be more agile and responsive to concerns than governments in the first instance. These modes of private sector communication and cooperation should be encouraged by governments and looked to as the primary source of policy input when examining the nature of any electronic commerce issue.

Governments must also temper their expectations because self-regulation is a voluntary mechanism; it cannot command 100% compliance nor can it fully enforce its norms against bad actors or free riders. Indeed, no one can dispute that the borderless, open, distributed nature of the Internet ensures that governments themselves cannot command 100% compliance with any law. Industry should not be put to a higher standard. (This is not to say that there are no consequences for failing to adhere to a code of conduct or for breach of contract as noted above. The Internet itself is a global clearinghouse for information about those that break the rules and individuals have recourse to the legal regimes of their countries to remedy conduct that would be illegal or actionable whether or not it takes place on-line or electronically.) And governments must appreciate that industry cooperation in some areas may be limited by competition law concerns. Thus, self-regulation is not a 100% solution, but then neither is direct regulation.

In the commercial context, freedom of contract is the penultimate self-regulatory mechanism. Parties should be free to agree to the form of validation or authentication needed to enable the transaction. Governments should take steps to remove existing legal and regulatory barriers to such recognition and forbear from enacting new regulations. Freedom of contract principles in the first instance can address dispute resolution, liability, and jurisdiction questions.

3. Direct Regulation and the Role of Governments

Despite the wealth of opportunity for self-regulatory solutions to be applied, ILPF observes that, so far, governments have chosen to address changes brought about by the emergence of electronic commerce through direct regulation.⁽¹⁰⁾ Notwithstanding the self-regulation rhetoric, governments have not exhibited regulatory forbearance in practice. Indeed, as the Bibliography discloses, government-initiated regulation of the Internet is the norm in almost every country, and self-regulation, if it is a policy goal, remains largely relegated to academic discussion or industry response to and comment on government or intergovernmental initiatives.

Indeed, the regulatory marketplace seems to be dominated by direct regulation in many areas, including telecommunications and access to the Internet, export of software such as encryption products, privacy directives, and limitations on services that may be delivered through the global network. There is no "regulation free zone" on the Internet, and all areas of concern raised by governments in the Ministerial conference and elsewhere are the subject today of direct regulation, regulatory initiatives or interagency discussions on how to proceed with regulation.

ILPF observes that before governments regulate further, they should demonstrate that (a) the rule is necessary and alternative means (such as self-regulation) are not available or desirable, (b) the rule is capable of achieving the desired goal in light of changing technology, and (c) the rule is the minimum constraint with the least effect on global communications and commerce. In other words, there should not be regulation for regulation's sake. Where it has regulated already, governments should review the need for such rules in light of the above considerations.

To be sure, government always will have a role in protecting consumers and businesses from fraud, ensuring that legitimate law enforcement objectives are met, and enforcing individual and property rights. But electronic commerce is global in nature. Governments must recognize the need for coordinated and compatible action. Unilateral government action adds to uncertainty in the marketplace for businesses and consumers alike.

No one nation can have a veto over electronic commerce and any one nation that chooses to so act will be isolated from the benefits of the Internet. Moreover, extraterritorial application of one nation's laws presents a significant threat to the growth of electronic commerce. Mutual recognition of the regulatory regimes of every nation is one action that governments can take immediately to facilitate electronic commerce.

C. Concluding Observations

The Bibliography discloses that, just as there is no consistent international framework for direct regulation of electronic commerce, there is no unifying, global theory of self-regulation. In some countries, the very concept of self-regulation is without a lexicon. Other countries such as Japan have recently embraced the concept.⁽¹¹⁾ Still other nations, such as the United States or the Netherlands, have a long tradition of deferring to self-regulation in certain industries. Governments should begin a dialogue on the efficacy of self-regulation to determine where it may be adapted to electronic commerce. Mechanisms for private sector stakeholder input and involvement in these efforts are important to achieving consensus on the path forward.

The current debate between industry and governments regarding the proper balance between self-regulation and direct regulation is informed through such actions as the OECD Ministerial Conference. There is room for more discussion, but the promise of electronic commerce will never be realized if governments occupy the regulatory field with prescriptive rules that, at best, will be made obsolete by the next innovation.

These preliminary observations will continue to be tested by ILPF during the course of its self-regulation initiative. ILPF welcomes comments during this process.

1 The ILPF self-regulation initiative is being assisted by Karol

Brown, Student, University of Washington School of Law.

2 http://www.ilpf.org

3 http://www.ilpf.org/events/selfreg/announce.htm

4 http://www.ilpf.org/events/selfreg/bib4_18.htm

5 The Bibliography is the creation of Matthew J. McCloskey in

cooperation with ILPF members. Comments on the Bibliography can be

submitted by email to malenfant@ilpf.org or self-reg@ilpf.org

6 http://www.ottawaoecdconference.org/english/homepage.html

7 A Global Action Plan for Electronic Commerce prepared by Business

with Recommendations for Governments at 6 ["Global Action Plan"].

8 See A Framework For Global Electronic Commerce (U.S.),