140 likes | 156 Views
E-Commerce: The e-Consumer and the attacks against the personal data. Nomikou Eirini Attorney at Law, Piraeus Bar Association Master Degree in Web Law. introduction. Private Life Protected by legal texts such as:
E N D
E-Commerce: The e-Consumer and the attacks against the personal data Nomikou Eirini Attorney at Law, Piraeus Bar Association Master Degree in Web Law
introduction • Private Life Protected by legal texts such as: • the European Convention for the Protection of Human Rights and Fundamental Freedoms • the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data • Directive 95/46 of the EU • Difficulty of protection and adaptation of legislation to the new technological and social changes that threaten private life.
The attacks against consumer during the different contract phases I. During the precontractual phase • Usurpation of Identity • Phishing • Pharming • Spoofing • Cookies • Email marketing and spamming • Insufficient information on behalf of the person in charge of the data processing
II. During the contractual and post- contractual phase a. On line Authentication b. Abusive terms c. Transfer of the data of consumer to third countries d. The particular case of credit cards
During the precontractual phase Usurpation of identity: the act of taking the control of the virtual identity of a person, by stealing the password and the means of identification Phishing: “Technique of fraud aiming at obtaining confidential information, such as passwords or numbers of credit cards, by means of messages or sites usurping the identity of financial institutions or trade companies”
Pharming: a technique of usurpation of identity that consists of an act of hacking the domain name system. • Spoofing: a technique that consists in pirating IP addresses of a machine, in order to have free access to it. • Legal Texts: • United States: “Identity Theft Penalty Enhancement Act” • Greece: Fraudulent collection of personal data (Law 2472/1997)
Cookies • Use of cookies: i. collection of information concerning the interests of consumers one-to-one marketing, spamming ii. Control of the effectiveness of the design of a site and the marketing used by the site. • Legal Texts: • directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector • Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data
Email marketing and spamming • Necessity of preliminary consent of the consumer on the system called “opt in”. • Legitimate collection of information conforming to the directive 95/46/EU, within the framework of the sale of a product or supply of services. • Information of consumer about the right to opposition (opt out rule) • Legal Texts: • directive 2002/58/CE • Greece: article 11 of the Law 3471/2006
Insufficient information on behalf of the person in charge of the data processing - Lack of information about the service/product provider. • Article 5 of the Directive 2000/31/EC ('Directive on electronic commerce'), provides the minimum of information that the provider is obliged to render.
ii. During the contractual and post-contractual phase • a. On line Authentication • Creation of client’s account acceleration of purchase • Dangers for private life: • collection of information concerning consumers’ preferences • Collection of credits cards’ numbers • use of email adresses for marketing purposes • account thefts
b. Abusive terms - Article 2 of the Law 2251/1994: “abusive are the terms that have as a result the perturbation of balance of rights and obligations of the contracting parties and finally the damage of the consumer”. • Guidelines given by the jurisprudence of each country. • Important contribution of the Commission of abusive clauses in France.
c. Transfer of the data of consumer to third countries • Towards countries which did not transpose the directive 95/46, the framework of the European Free Trade Association (EFTA) or for which there is not the Decision of the Commission related to the observation of the adequate character of the data protection in third countries. • Out of the “Safe Harbor” • Legal Texts: articles 25&26 of the directive 95/46
d. The particular case of credit cards • Attacks related to: - Identification of the card or the user - Authentification of the transaction- Traceability - Information exchange between banks • SWIFT CASE
CONCLUSION • The universalization of trade requires the universalization of safety at the same time. • Necessity for the consumer to trust e-commerce • International collaboration • More information of the consumer about the dangers • Quick adaptation of the legal texts to current circumstances