IDP2014 (XI). e-commerce and consumer protection

Notes from the 10th Internet, Law and Politics Congress: A decade of transformations, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 3-4 July 2014. More notes on this event: idp2014.

Chairs: Miquel Peguera. Senior Lecturer, School of Law and Political Science (UOC).

Electronic contracts with customers. Transposition to the Spanish regulation of the Directive 2011/83/UE of the European Parliament and Council
María Dolores Palacios González. Profesora Titular de Derecho Civil de la Universidad de Oviedo.

The modification of the Spanish RDL 1/2007 de 16 de noviembre, by the new Law 3/2014 de 27 de marzo with the aim to transpose the Directive 2011/83/UE on electronic contracts with customers has changed many of the conditions in the procedures of a contract such as the right to inform the customer, their right to cancel the contract, and the duties of the seller to deliver.

Though the aim of the Directive is the harmonization of the digital market, it does not seem that there will be an increase in contracting through the Internet, neither at the national nor at the international levels. We believe that this still depends more on sociological or psychological factors rather than on the regulatory framework.

Competitiveness, privacy and customer protection as pillars of the European common digital market.
Ramon Miralles, Coordinador de Auditoria y Seguridad de la Información. Autoridad Catalana de Protección de Datos.

If Europe needed a unique market, it was time to act and to have a roadmap. That was the idea behind the Digital Agenda for Europe.

Privacy and, especially, trust in the system were top priorities.

One of the problems of Europe is that it reacts very slowly.

It seems that the new trends in e-commerce will be determined by privacy and trust. Data protection, consumer protection and competition could be the core policies in e-commerce in Europe.

News in the right to information of the customer in electronic contracts
María Arias Pou. Directora de ARIAS POU Abogados TIC. Coordinadora de la Comisión de Menores de APEP. Profesora de Derecho de las Nuevas Tecnologías de la Universidad Europea de Madrid.

The new Directive on the rights of the customers implies some changes in the right to information of the customer in electronic contracts. Changes that, at their time, change again along the whole process of transposition to the Spanish regulatory framework.

The problem is that the regulation that applies is disperse, with three scenarios: a contract with a customer, at a distance, online. This mess actually challenges the principle of ‘minimum information’, which becomes worse when it has to be accessed through mobile devices during the process of informing the customer.

Breach of information duties in the B2C e-commerce. A comparative study of English and Spanish law
Zofia Bednarz. PhD candidate, Law Faculty, University of Málaga, Spain.

Electronic commerce plays nowadays a crucially important role in both professional and private activity of European consumers and businesses. The precontractual information duties are one of the factors that distinguish online contract formation between businesses and consumers from other ways of selling goods and services. The rules that apply to the e-commerce in the scope of the European internal market originate in two different legal systems, that is in the European law and in the national law. The aim of this study is to analyse and compare remedies available to consumers in the case of breach of information duties by the trader. The traditional contract law of Spain and England offers various remedies for not providing the other party with the due information. The interest in comparing those legal systems lies in the possible high number of cross-boarder transactions and the different nature of common and continental law. Even though the European legislation imposes numerous information duties, usually the remedies available for breach of those duties are left to the Member States’ internal law, and therefore the analysis of the remedies available in the internal national law results necessary. The remedies that will be analysed and compared in this study are, under English law, misrepresentation, fraudulent, negligent or innocent, mistake, breach of statutory duty and breach of contract, and in what refers to Spanish law, remedies for vices of consent, for culpa in contrahendo, and for breach of contract.

Internet of things and protection of the customer oriented to machine-to-machine processes
Jose Manuel Pérez Marzabal. Abogado. Consultor UOC.

How do we protect customers in the so-called Internet of Things? Is our regulatory framework prepared for the Internet of Things?

The Internet of Things will challenge matters of privacy, or (technological and personal) security. An imbalance in how we solve these challenges may incur in power imbalances. There is a growing risk of firms can take advantage of some procedures to abuse the customer.

The Internet of Things presents three main scenarios of added value: sensors, apps and cloud computing services. Depending on where business happens, regulation will necessarily have to adopt.

We need codes of behaviour and governance for application platforms.


10th Internet, Law and Politics Conference (2014)

IDP2013 (X): Privacy (II)

Notes from the 9th Internet, Law and Politics Congress: Big Data: Challenges and Opportunities, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 25-26 June 2013. More notes on this event: idp2013.

Moderadora: Mònica Vilasau. Lecturer, School of Law and Political Science (UOC).

The use of Big Data to generate behaviours
Ramon Miralles, Coordinator of Auditing and Security of Information. Catalan Data Protection Authority

Service providers are often accused of lack of clear information, lack of specific usage of the data they are collecting, etc. Besides — or added to — this lack of clarity, data is increasingly becoming a source of wealth, and thus leads to changes of relationships of power and new behaviours.

A detailed analysis of big data, can it induce to changes in behaviour? e.g. the Obama team found that women aged 35-50 y.o. usually had many photos of George Clooney on Facebook. After realizing that, there was a sensible increase of the number of public appearances of Barack Obama besides George Clooney and the number of photos that they shared… and which of course were distributed on social networking sites.

But are there behaviours which there is a consensus that they are bad (xenophobia, racism) and which could/should be fought with the use of big data? Is there still room for free will? Should we change our regulatory framework to adapt it to these new realities/policies? Would it be, on the other hand, fair or legitimate?

Or maybe the terms of use could include new clauses (premium clauses?) in which the service provider would inform the user of the usage of their personal data?

Automated Journalism: Artificial Intelligence Transforms Data into Stories — When data protection principles and privacy protect the right to express opinions freely and to receive accurate information
Cédric Goblet. Lawyer at the Brussels Bar

Can a robot replace a journalist? Narrative Science’s Quill is able to write human-readable articles or pieces of news after a collection of specific data. A robot implies loss of all editorial autonomy, no verification of the sources, lack of analysis of the information with a critical eye and independence, or the mistaken belief that a machine will be neutral and objective. It is very likely that machine-made pieces of news will result in a tendency towards infotainment and fostering an echo chamber effect.

Big Data: A Challenge for Data Protection
Philipp E. Fischer, Ph.D. candidate (IN3 Research Institute, UOC Barcelona), LL.M. in intellectual property law (Queen Mary University of London / TU Dresden); Ricardo Morte Ferrer, Lawyer (Abogado), Master of Laws (UOC). Tutor for law studies (Grado en Derecho) at the UOC. Legal adviser for the TClouds Project at the ULD, Kiel

One of the main challenges in data protection is the high asymmetries in the relationships of power between service providers and end users: there may be no alternative to that service, there may be not all the information in the terms of service, there may even not be the whole information in these terms of service, etc.

The right to data protection in the public administration
Rosa Cernada Badía, Investigadora de la Universidad de Valencia

In the administration of Justice, communications usually publish data from the citizens. Before a law of public information reutilization and another law protecting personal data, it is obvious that a conflict arises.

But not only a technical or legal solution is needed, but also a political commitment that settles interoperability, responsibilities, allocation of resources to manage information and data, etc.


9th Internet, Law and Politics Conference (2013)

6th Internet, Law and Politics Conference (III). Key Legal Aspects for Putting your Business in the Cloud

Notes from the 6th Internet, Law and Politics Conference: Cloud Computing: Law and Politics in the Cloud, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on July 7th and 8th, 2010. More notes on this event: idp2010.

Round Table: Key Legal Aspects for Putting your Business in the Cloud
Chairs: Miquel Peguera

Controlling the provider
Xavier Ribas, Landwell Global.

If you cannot see the video please visit <a href=""></a>

Increasing trend to outsource services at the enterprise, including some belonging to the core business. With cloud computing, even risk management is shared with or outsourced to a third party.

But, are you then losing control and even putting your firm in the hands of your providers? You lose control of the confidence chain, control of data, of the quality of service, of the available preventive measures, of reputation risk management (and there actually is an increase of risk of reputation loss), control of secondary and non-consented outsourcing, international data transfer, etc.

How to solve this? How to regain control over these issues? Possible clauses:

  • Confidentiality, security obligations, quality standards.
  • Auditing, provider controls.
  • Liability, insurances.

An obligations map should be drawn and agreed upon, including what happens once the relationship ends (e.g. what will happen to data in a blog once the service is discontinued?).

Manel Martínez Ribas, ID-LawPartners.

If you cannot see the video please visit <a href=""></a>

What is the difference amongst open source and open cloud? Is there any open source cloud?

The four freedoms of free software, do they still apply in cloud applications or services? More indeed: free software developers using cloud services, will they find their free code closed? This gives birth to new licenses where cloud service providers are able to use specific software, let it to the end user as software as a service (SaaS)… thus allowing for copyleft on one end and a sort of closeness on the other end.

Open cloud computing allows, as it happens with free software, to make modifications.

Fabrizio Capobianco: reasons to care about open cloud computing in the mobile arena:

  • It is already a big issue.
  • It is a necessity.
  • It should be interoperable
  • It normally depends of closed devices.

The Open Cloud Manifesto pretends to settle the debate and reach some agreement (equilibrium?) on how to respect the free software freedoms in cloud computing.


  • Avoid lock in.
  • Use standards.
  • Go on with initiatives according to the needs of the customer.
  • Teamwork and network.

It seems that cloud computing will be the main entry point for institutions to (at last) use free software massively. Same with software providers, that will shift from proprietary software to free software.

Legal aspects to take your enterprise to the cloud
Ramon Miralles, Coordinator of Information Security and Auditing, Catalan Data Protection Agency.

If you cannot see the video please visit <a href=""></a>

It really does not matter to read or not the terms of reference of cloud services: their providers will change them unilaterally and many without notice. So…

The problem is neither (only) that we do not know where our data are, but nor we know where our data pass through, because they constantly change paths.

A Cloud computing solution: self-service, broad access in the Net, full of resources, fast and easy, measurable and supervised. A solution which might be the end of corporate computing.

As said, one of the big problems is not only that data are elsewhere, but that they circulate across borders and jurisdictions. The European Directive, in this sense, looks more at what is happening, rather than trying to typify each and every procedure that takes place on the Internet. It nevertheless needs some updating as cloud computing has really challenged web usage as we knew it.

Information self-determination: the right to control one’s own data, to know who has our data, what is done with them, etc. Information self-determination is at stake with cloud computing.

IDC Enterprise Panel (august 2008) states the following challenges/issues of cloud computing: security, performance, availability, hard to integrate with in-house IT, not enough ability to customize, doubts about cost, bring-back in-house might be difficult, not enough major suppliers, etc.

Main challenges of Cloud Computing:

  • Decrease of control over information and services.
  • Data treatment and processing.
  • International movement of data.
  • Applicable law.


If you cannot see the video please visit <a href=""></a>

Q: The Catalan Government is to move its education community to Google Applications. How are citizen rights guaranteed? Miralles: The problem can “easily” be solved by signing a contract. The problem is usually not as much as in privacy, but in transparency and availability of information by the user, to recover their information, etc.

Ramon Miralles: it makes no sense the distinction whether it is a human or a machine who processes the information, as this only creates legal defencelessness and insecurity. Indeed, it is in the core of data processing that it is automatized. So, we have to look at the essence of the data processing process, at what will be the end use, rather than at the how.

Manel Martínez: we have to differentiate between consented usage (contextual adds after reading your e-mail, as you agreed to that by accepting the terms of reference) and non-consented usage of data. Ramon Miralles: right, but the problem comes when the conditions are change unilaterally and, even if you are made aware of this, you are locked in and have really hard times migrating your data in a service you’re having difficulties to leave.

Q: how do we measure the cost of loss of reputation because a third party service failed? Xavier Ribas: this is very difficult to measure. It might be not very difficult to measure the non-returning customers, but it is definitely difficult to know how many new/potential customers will not use our services/products for the very first time after a reputation crisis has been suffered.

Jordi Vilanova: should not the WTO coordinate cloud computing services (in a legal and economic sense)? Miralles: it is clear that the traditional instruments to regulate economic activities (national and international regulation, contracts, etc.) might not perfectly fit in such activities as cloud computing. So, yes, WTO or another platform might be used to update regulation and procedures to brand new activities.

See also


6th Internet, Law and Politics Conference (2010)