THE AUSTRALIAN GUIDELINES FOR ELECTRONIC COMMERCE

The Australian Guidelines for Electronic Commerce provide guidance to businesses on how to deal with consumers when engaged in business-to-consumer (B2C) electronic commerce.

The guidelines update and replace the Australian E-commerce Best Practice Model, which was released by the Australian Government in May 2000. but do not have the force of law:

Fair business practices

Businesses should adopt fair business practices when engaging in B2C electronic commerce. In particular, the Trade Practices Act 1974, the Australian Securities and Investments Commission Act 2001 (in relation to financial services) and state and territory fair trading legislation require that businesses:

•    not engage in conduct that is misleading or deceptive or is likely to mislead or deceive;

•    not make false or misleading representations about the goods or services they supply;

•    not harass or coerce consumers either when seeking to sell goods and services or when seeking to obtain payment;

•    not engage in unconscionable conduct, including ensuring that contractual terms are reasonably necessary to protect the supplier’s legitimate interests;

•    make sure that the goods supplied correspond with the description of the goods;

•    ensure that the goods supplied are of merchantable quality and fit for any purpose made known to the supplier by the consumer; and

•    ensure that services supplied are rendered with due care and skill and are reasonably fit for any purpose made known to the supplier by the consumer.

Accessibility

Businesses should ensure that the electronic delivery of goods or services can be achieved without specialised software or hardware, unless the requirement for such specialised software or hardware is made clear to the consumer beforehand.

Disability access

In accordance with the Disability Discrimination Act 1992, businesses have to make reasonable adjustment in the provision of goods and services to ensure that they are accessible to people with a disability.

Advertising and marketing

Businesses should:

•    make sure advertising material is clearly identifiable and can be distinguished from other content, such as editorial comment, terms and conditions and independent product reviews;

•    make sure the business is identifiable from the advertising; and

•    be able to back up their advertising or marketing claims.

Businesses must comply with the terms of the Spam Act 2003 (the Spam Act), which prohibits the sending of unsolicited commercial electronic messages and applies to messages sent by email, SMS, MMS, or IM. It also provides guidelines for sending legitimate commercial electronic messages.

The three main requirements of the Spam Act apply to commercial electronic  messages. Commercial electronic messages:

•    must only be sent with the addressee’s consent — consent may be expressly given by the recipient, or under certain restricted circumstances it may be inferred from the conduct or business relationships of the recipient;

•    must include information to identify the sender — the message must contain accurate information about the person or organisation that authorised the sending of the message; and

•    must include an unsubscribe facility — the functional unsubscribe facility must  allow the recipient to opt out of receiving messages from that source in the future.

The requirements created by the Spam Act apply to electronic messages that have an ‘Australian link’. This means the legislation applies to:

(a) messages that originate or are commissioned in Australia being sent to any destination; and

(b) messages that originate or are commissioned overseas being sent to an address accessed in Australia.

Engaging with minors

Businesses should take special care in advertising or marketing that is targeted at children. Since children (under the age of 16 years) may not have the legal capacity to enter into a binding contract, it is important that businesses implement procedures for verifying the age of parties to any transaction.

As a general principle, before a business requests personal information from a consumer, the business should:

•    take reasonable steps to establish that the consumer is 16 years of age or older; and

•    seek the consent of the child’s parent or guardian where they believe the consumer to be under 16 years of age.

Information — identification of the business

Businesses should provide consumers with accurate and easily accessible information that allows:

•    identification of the business involved in a particular transaction;

•    prompt, easy and effective communication with the business regarding any electronic transaction; and

•    service of legal documents.

This information should include:

(a) name under which the business trades;

(b) the physical address of the business and its registration address;

(c) the business’s email address, telephone number and other contact information;

(d) any relevant statutory registration or licence numbers, including the business’s Australian Business Number and/or Australian Company Number; and

(d) contact details and an easy method of identifying the membership of and accessing the relevant codes of practice of any relevant self-regulatory scheme, business association, dispute resolution organisation or other certification body. This could be satisfied by displaying the logo of the industry association and providing an Internet link to the association’s website.

Information — contractual

Businesses engaged in electronic commerce should provide enough information  about the terms, conditions and costs of a transaction to enable consumers to make informed decisions.

This information should be clear, accurate and easily accessible. It should be provided in a way that gives consumers an adequate opportunity for review before entering into the transaction and that allows consumers to retain a copy of the information.

Businesses should provide all information they are required to provide either by law or by any relevant code of practice to which the business subscribes. Where there is a legislative or other mandatory regime for disclosing contractual information, compliance with that regime is sufficient to address the Guidelines.

All information referring to costs should indicate the applicable currency, including guidance on how to get information on exchange rates, or a link to a site where such information may be found.

Information about terms and conditions should be clearly identified and distinguished from advertising material.

Businesses should give consumers a clear and complete text of the transaction’s terms and conditions. The consumer should be able to access and retain a record of that information, for example, by printing or electronic record.

The information should include a prominently displayed single-figure total minimum price for the product or service. All compulsory charges such as delivery, postage and handling charges should be included in this price. This does not preclude a business itemising the total costs to the consumer collected by the business.

Where the total cost of a transaction cannot be worked out in advance, the information should include a statement that the total cost cannot be provided and a description of the method to be used to calculate it, including any recurrent costs and the methods used to calculate those costs.

Where applicable, the information provided to consumers should also include:

•    notice of any optional ongoing costs, fees and charges and methods of notification for changes to those costs, fees and charges;

•    if limited, the period for which the offer is valid, including time zone information where relevant;

•    any restrictions, limitations or conditions of purchase, such as geographic limitations or parental/guardian approval requirements for minors;

•    details of payment options;

•    terms of delivery;

•    mandatory safety and health care warnings that a consumer would get at any physical point of sale;

•    conditions about termination, return, exchange, cancellation and refunds;

•    details about any cooling-off period or right of withdrawal;

•    any conditions about contract renewal or extension;

•    details of any explicit warranty provisions; and

•    details of any after-sales service.

Conclusion of contract

Where appropriate, prior to the conclusion of the contract, businesses should give consumers the opportunity to let them know the purpose for which they require the product or service or the result they wish to achieve.

Businesses should put in place procedures that let consumers:

•    review and accept or reject the terms and conditions of the contract;

•    identify and correct any errors; and

•    confirm and accept or reject the offer.

Consumers should be able to retain a record of any order, transaction confirmation, or acceptance of any offer they make.

Businesses should promptly acknowledge receipt of any order, confirmation or acceptance received.

Privacy

Businesses should respect consumers’ privacy when dealing with personal information and should provide consumers with clear and easily accessible information about the way they handle personal information.

Many businesses must, as a minimum, comply with the National Privacy Principles (NPPs) set out in Schedule 3 to the Privacy Act 1988 (the Privacy Act).

The NPPs regulate the way many private sector organizations collect, use, disclose and secure personal information.

The NPPs give consumers the right to know what information a business holds about them and a right to correct that information if it is incorrect, out of date or incomplete. A business must take reasonable steps to make consumers aware that it is collecting personal information and the purpose of collection.

The NPPs also contain certain restrictions on what a business can do with personal information, including in relation to: the use of government identifiers; the transfer of information overseas; and the collection of sensitive information.

Although the Privacy Act does not apply to small businesses, a small business may want to take advantage of the benefits that can flow from complying with the legislation. The benefits could include increased consumer confidence and trust in its operations. The Privacy Act provides a mechanism to allow an organisation that is a small business to opt in to the Privacy Act.

Payment

Businesses should provide to consumers payment mechanisms that are reliable, easy to use and offer security that is appropriate for the transaction.

Businesses should ensure that consumers have access to information on:

•    available payment methods;

•    the security of those payment methods in clear, simple language, so as to help consumers judge the risk in relying on those methods;

•    how best to use those methods;

•    how to cancel regular payments under those methods; and

•    any costs applicable to those payment methods.

Businesses should review the payment mechanisms they provide periodically to ensure they continue to offer a reliable, accessible and secure service.

Security and authentication

Businesses should:

•    make sure consumers have access to information about the security and authentication mechanisms the business uses in clear, simple language which helps consumers assess the risk in relying on those systems;

•    provide security appropriate for protecting consumers’ personal and payment information;

•    provide security appropriate for identification and authentication mechanisms to be used by consumers;

•    discourage consumers from giving confidential information in a way that is considered insecure;

•    update their security and authentication mechanisms over time to make sure the security offered is maintained at an appropriate level; and

•    not attempt to contract out of their responsibility for losses arising from the misuse or failure of authentication mechanisms.

Internal complaint-handling

Businesses should set up internal procedures to handle consumer complaints:

•    within a reasonable time;

•    in a reasonable way;

•    free of charge to the consumer; and

•    without prejudicing the rights of the consumer to seek legal redress.

Businesses should provide consumers with clear and easily accessible information about complaints-handling procedures including any that may form part of an industry code of conduct to which the trader is a signatory.

If a consumer is not satisfied with the outcome of the complaints-handling mechanism, the business should provide the consumer with information about any external dispute resolution bodies to which it subscribes or any relevant government body, such as a Fair Trading Agency or the Federal Privacy Commissioner (in the case of privacy complaints).

External dispute resolution

Businesses should provide consumers with clear and easily accessible information on any independent customer dispute resolution mechanism to which the business subscribes.

This independent method of dispute resolution should be:

•    accessible;

•    independent;

•    fair;

•    accountable;

•    efficient;

•    effective; and

•    without prejudice to judicial redress.

Applicable law and forum

Where a business specifies an applicable law or jurisdiction to govern any contractual disputes or a jurisdiction or forum where disputes must be determined, it should clearly and conspicuously state that information at the earliest possible stage of the consumer’s interaction with the business.

A business located in Australia that enters into a contract with a consumer whom the business believes is resident in Australia — for instance, because of the consumer’s address — should spell out which Australian jurisdiction’s law is the governing law of that contract. It should also make clear that any contractual disputes will be heard by Australian courts and tribunals.