Legal Issues Affecting Global E-Commerce in the United States, Europe and Latin America

Legal Issues Affecting Global E-Commerce in the United States, Europe and Latin America


Perhaps one of the greatest reasons to be excited about e-commerce is that it allows companies to offer their goods and services on a worldwide basis, without borders.

However, differences among national laws affecting e-commerce may require companies to vary their operations from country to country, thus creating obstacles to borderless business.

Kenneth Slade of Hale and Dorr LLP, along with Thomas Jansen of the German law firm of Oppenhoff & Raedler and Maria Paula Bonifacini of the Argentine law firm of Allende & Brea, recently made a presentation on this topic. They identified eight issues which often affect companies engaging in global e-commerce, and discussed how the laws of the United States, the European Union and Latin America addressed these issues. They also suggested strategies for global e-commerce companies to deal with differences between these laws.

The eight issues are:

  • domain name registration;
  • enforceability of click-and-accept agreements;
  • privacy;
  • spam;
  • linking issues: deep linking, spidering and web crawling;
  • business method patents;
  • cross-border jurisdiction issues; and
  • Internet service provider liability (for an update on some very recent developments affecting this particular issue, see our December 5, 2000 Internet Alert).

For further discussion of European Union privacy law, please see our earlier June 24, 1999 and April 18, 2000 Internet Alerts.

Recent Developments in Latin American Privacy Laws

Until recently, Latin American countries generally did not have specific legislation regulating the collection or use of personally-identifiable information on the Internet. However, the relative lack of legislation in this area has begun to change in Latin America. Some countries in the region have recently enacted specific data privacy legislation, and others are actively engaged in the preparation of such legislation.

Chile become the first Latin American country to enact a data protection law. The Act No. 19628, and titled "Law for the protection of Private Life," came into force in October 1999.

Argentina enacted its Habeas Data Act, in November 2000.

On June 7, 2000, the Mexican E-commerce Act, took effect. That law amends the Mexican Consumer Protection Act, creating a new chapter titled: "Rights of Consumers in electronic transactions and transactions by any other means."

In Brazil, a data privacy bill has been pending in the Senate since 1996. Brazil's 1990 Code of Consumer Protection and Defense already regulates personal and consumer data stored in files, registries and databases.

In Peru, a Data Protection Bill was introduced in Parliament in October 1999 but has not yet come to a vote.

The scope of most Latin American data privacy legislation to date (both enacted and proposed) resembles the European Union's Directive on Data Protection (the "EU Privacy Directive"), discussed in our June 24, 1999 Internet Alert. In both the Argentine and Chilean laws, as well as in the proposed bills in Brazil and Peru, the data subject is granted a number of rights similar to those recognized in the EU Privacy Directive.

Both the Argentine legislation and the proposed Brazilian bill have strictly followed the EU Privacy Directive in prohibiting the transfer of personal data to countries, such as the United States, whose laws and legislation do not provide an adequate level of protection. For U.S. companies to continue exchanging data with Argentine and Brazilian companies, safe harbor principles may need to be developed, similar to those recently negotiated between the United States and the European Union, as was discussed at our April 18, 2000 Internet Alert.

Latin American privacy legislation has clearly been drafted to follow the EU Privacy Directive very closely. This will probably lead to a fair amount of harmonization among the data privacy legislation of different Latin American countries. It will also facilitate data flows between Latin American countries, and between Latin America and the European Union, as each will consider the other's laws to represent an adequate level of protection. U.S. companies, however, will likely face issues with respect to data flows and privacy rights in Latin America quite similar to those which they are already tackling in the European Union.