The media supplement of The Guardian newspaper recently ran an interesting piece about online copyright.
They reported that stock photography suppliers are prosecuting websites that use images without permission.
This type of criminality stems not from meanness but from ignorance. The simple truth is that many designers think the web is one giant, free image library.
The campaign by copyright holders to stamp out this 'copy-n-paste' culture is highlighting just how uninformed website managers are about the law and how it applies to the internet. This is quite worrying, given how the web is now being scrutinised so carefully.
For example, ordinary businesses and private individuals are beginning to paying a lot more attention to what happens online than heretofore. This is reflected in the courts, where cases arising from internet disputes are now common. Such cases encompass all types of activity, both criminal (e.g. fraud) and civil (e.g. libel, defamation).
The upshot is that any organisation with a website must do its utmost to keep abreast of the legislation that affects its online operations.
Yet, as The Guardian's investigation shows, many companies are very poor at this.
Where to start?
Part of the problem is that it is hard to know where to start. A lot of firms can't afford to hire a lawyer to review their web activities. As a result, they rely on common sense to avoid acting in an unlawful manner.
This may be fine for websites that are small in scale, but what about one that relies on financial transactions or that hosts a forum in which the public can post messages? The risks here are much greater than for a simple brochureware site and so a far better understanding of legal constraints is required.
A catalogue of web legislation
For my own part, I have identified a catalogue of core legislation that affects the activities of website management in Ireland. The most prominent of these are listed below.
For anyone not based in Ireland, I suggest that the same themes be used as a starting point. Most market-based, democratic societies will have some form of matching legislation to that in operation here. As noted, these generally encompass:
- Privacy and Personal Security
- Copyright Protection
- Press Freedom
- Libel and Defamation
- Hatred and Incitement
- Adult and Obscene Material
- Online Gambling
- Website Accessibility
- Official Languages
However, if your website operates in a country with a more restrictive regime, other categories of legislation may apply. The penalties for infringement may also be more severe. A number of firms have found this out to their cost, as illustrated in the famous Yahoo! Nazi-auctions case in France some years ago.
A list of laws affecting website management in Ireland
The law as it applies to internet operations can be categorised into several groups. These are:
- Privacy and Security
- Copyright Protection
- Press Freedom
- Online Gambling
- Website Accessibility
- Official Languages
A necessary disclaimer: This content is not intended to take the place of professional legal advice. For example, this list is not comprehensive and your activities may be subject to regulations not referred to here. Commentary is provided for the purposes of discussion only and should not be interpreted as any form of advice or opinion.
1. Privacy and Security
Data Protection Act, 1988, Data Protection (Amendment), Act 2003 and GDPR regulations
These acts are concerned with data held in record management systems, e.g. databases, file systems, etc. Such information is often collected via web-forms (e.g. when registering with a site) and from website analytics tools. These acts create duties in the following areas of website management:
- Privacy: You should made sure all email based newsletters are permission-based. Also make sure that you publish a privacy statement indicating how your company upholds its legislative responsibilities. The Data Protection Commissioner recommends that a link to the privacy statement be placed in the prominent area of the masthead on your website. GDPR now adds many more responsibilities for online privacy and data protection.
- Security: Where sensitive visitor details are collected via the web, e.g. credit card numbers, appropriate protection should be employed. This usually involves 128 bit encryption via SSL.
Criminal Damage Act, 1991
In terms of this act, 'damage' can encompasses things like viruses, spyware and adware that are hosted on your website and that have the potential to corrupt a visitor's computer. If this occurs, you could be held liable costs. To prevent this, you need to pay attention to the following area of website management:
- Security: Ensure your site does not contain content that may pose a threat to visitors' computers, e.g. implement strong anti-virus and other malware protections. You may also wish to periodically audit content on your site to ensure no unknown files are present.
Criminal Justice (Theft and Fraud Offences) Act, 2001
This act seeks to prevent the dishonest use of Information Technology. That is, a website should not be created for the purpose of a deceitful gain, e.g. by the dissemination of deliberately incorrect information. To ensure compliance, you should pay particular attention to the following activity:
- Content: Ensure all you content is honest, accurate and has been fact-checked before publishing. The best means for doing this is to implement a thorough publishing and review process.
Non-Fatal Offences Against the Person Act, 1997
This legislation encompassed messages that may cause a nuisance to private individuals. This has a similar impact to the Data Protection Acts above.
Disclosure Rules with Respect to Company Particulars
Statutory Instrument Number 49, 2007
From 1st April 2007, every Irish-registered limited liability company must publish certain formal information about itself on its public website (and in its emails). Among the details specified are its formal legal name and registration number. Full details can be found on the website of the Office of the Director of Corporate Enforcement. (Note - unlimited and private ownership companies do not seem to be affected.)
This Statutory Instrument is intended to provide consumers with basic information on the firms with which they are dealing, perhaps as a means of enhancing trust. Thankfully, it has a relatively minor impact on the activities of website management:
- Content: Ensure the information referred to the Statutory Instrument are reproduced on your website, e.g. as an adjunct to an existing 'About Us' page.
2. Copyright Protection
The Copyright and Related Rights Act, 2000 & The Copyright and Related Rights Act (Amendment), 2004
As discussed on the previous page, these are probably the widely abused of all laws on the internet. Just think of the millions of music files, videos and images that are downloaded from the web without permission each day. The purpose of the copyright acts is to protect the creators of such works from unlicensed reproduction. This has implications for the following areas of development:
- Design & Content: You must ensure that all the images, content and code you use are your own property. Alternatively, make sure you obtain the permission of copyright holders before reproducing anything. (Note, the Creative Commons initiative offers an interesting perspective on how copyright maybe managed more freely.)
3a. Press Freedom: Libel and Defamation
This area is defined mainly in terms of case law and the constitution. Indeed, Búnreacht na hÉireann (article 40) gives special mention to the right of the individual to his/her good name. On the other hand, journalists often claim that such protections go too far and prevent them from publishing material that may be in the public interest. This may soon be exacerbated if a planned new Privacy Bill is passed as currently drafted.
The impact on website management of libel and defamation is as follows:
- Content: Do not published anything that you could not stand over in court. Instigate a careful editorial process to ensure nothing libellous is published. This is particularly relevant to websites that facilitate public features such as discussion forums or Wikis. The best thing is to review content before publishing or audit it periodically in order to remove suspect messages. (Remember, press controls in some countries may be much more lax than in Ireland, e.g. USA, or much tighter, e.g. China.)
3b. Press Freedom: Hatred and Incitement
Prohibition Of Incitement To Hatred Act, 1989
This acts makes it an offence for a person to publish material that is threatening, abusive or insulting and is intended or is likely to stir up hatred. The impact on website management is:
- Content: As with libel law, the best protection is to instigate a careful editorial process.
3c. Press Freedom: Adult and Obscene Material
Censorship of Publications Act, 1967
Since the 1990s, substantially more freedom has been granted to publishers to circulate adult material. However, difficulties in interpretation remain and there is little case law to go on. According to Wikipedia although such material is legal in Ireland, "it is not allowed to depict any acts which are illegal in the state" (read more on Wikipedia). The impact on website management procedures of this act is as follows:
- Content: Review content to ensure no material that may be considered indecent is published. Again, this is particularly important on sites that allow contributory publishing, e.g. Wikis.
Child Trafficking and Pornography Act, 1998 & Child Trafficking and Pornography Act (Amendment), 2004
The scope of these acts needs no discussion.
A veritable bounty of legislation governs what is and is not allowed for online trading. The most important of these include:
Electronic Commerce Act, 2000 & Electronic Commerce Regulations, 2003
This act provides for the recognition of e-signatures, e-contracts or e-documents.
Sale of Goods and Supply of Services Acts, 1893 to 1980
This act stipulates that goods must be of a certain quality and fit for the purpose for which they are intended.
Liability for Defective Products Act, 1991
This act applies to defective products bought by consumers which subsequently cause injury.
Unfair Terms in Consumer Contracts Regulations, 1995 & 2000
These regulations apply to contract terms with consumers which have not been individually negotiated, e.g. the terms and conditions on a website.
The Distance Learning Directive (Directive 97/7)
This directive aims to protects consumers in respect of contracts between different member states.
EC (Misleading Advertising) Regulations, 1988
This regulation seeks to prevent the publication of misleading advertisements.
EC (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations, 2003. (S.I. No. 535 of 2003)
This applies to the rights you have to use a person's private data.
Distance Marketing of Consumer Financial Services Regulations, 2004 (2002/65/EC)
Together all these eCommerce regulations impact on the following areas of site management:
- Security & Privacy: Organisations that conduct business online must know that such trading carries the same legal obligations as off-line dealings. As such, do not do anything that you would be unwilling to replicate in a bricks-and-mortar store.
- Content: Instigate a thorough editorial process to ensure your site does not make misleading statements or insincere promises.
(Note, even if the terms and conditions of your website state that all disputes will be resolved in Irish courts, there may be laws in countries to which the goods and services are sold that carry extra provisions. Also, remember that online tax liabilities are dealt with in the annual Finance Acts and by international agreement.)
5. Online Gambling
Betting Act, 1931 / Gaming and Lotteries Act, 1956 / Gaming and Lotteries Act, 1970 / Gaming and Lotteries Act, 1979
I am no expert in online gambling, so I cannot comment much on this area. My understanding is that a licence is required before a gambling website may be opened in Ireland. I do not know whether this also applies to websites hosted abroad that serve the Irish market.
If you intend to start a betting site aimed at the US market, you should subsequently avoid going there on holiday. Online gambling is illegal in many states and those who operate such sites are liable to be arrested upon arrival. This has happened to a number of operators recently.
6. Website Accessibility
Disability Act, 2005
This acts stipulates in unambiguous terms that all public websites (civil service and semi-state) must be accessible to persons with disabilities who use assistive technologies. This has a clear impact on the following elements of website management:
- Design, Development & Maintenance: This act creates a duty to ensure public websites are accessible up to the standard of WCAG 1.0 Level-AA.
Equal Status Act, 2000 & Employment Equality Act, 1998
The purpose of these acts is to ensure that no-one is discriminated against because of personal circumstances, e.g. race, religion, disability. These have a similar impact to the Disability Act:
- Design, Development & Maintenance: The interpretation of these acts is ongoing, so no conclusions can yet be drawn. A possible outcome is that the courts could decide that they create a duty for all businesses to ensure their websites and intranets are accessible to people with disabilities. This has occurred in several other jurisdictions, most famously in Australia.
7. Official Languages
Official Languages Act, 2003/ Acht na dTeangacha Oifigiúla, 2003
This act places a duty on the state (civil service and semi-state) to provide public services in the Irish language. Similar to accessibility, this act has big implications for the following areas of website development:
- Design, Content & Maintenance: If you manage a website owned by a public body, you will be asked by Roinn na Gaeltachta to prepare a scheme that indicates how you intend to make it bilingual. The focus of the act is on services aimed at the general public, not at business. The outline implementation process is to seek submissions from the public, balance these against your own interpretation of the act and then make a proposal to the minister. He or she will either approve the proposal or request amendments, until agreement is reached.
Sources of legislation
For the purpose of information, sources for the above regulations include:
- Legislation enacted by the Oireachtas, i.e. the Dáil and Séanad.
- Directives issued by the European Commission
- Statutory Instruments issued by government ministers
- International agreements
- Case law
Find out how to integrate legal constraints into a set of general development guidelines in this article about Website Standards.
If you know any of any significant legislation I have missed or if I have badly misinterpreted the law, please let me know.