• forIndividuals
  • forBusiness
  • forCommunity
search
About usFact sheetsPrimary legislationWhat's new?
DictionaryTeachingContact usSite mapLinks
click to go home


Our Fact Sheets provide a detailed account of 29 areas of law as they apply to the Internet

Fact Sheets



IIA releases draft Cybercrime Code of Practice in July 2003

E-Commerce

Best practice model

1. Best Practice Model (BPM)

The publication Building Consumer Sovereignty in Electronic Commerce: A Best Practice Model for Business (at http://www.ecommerce.treasury.gov.au) (BPM) provides guidance to business and gives consumers information on what business should do when dealing with consumers over the Internet.

The BPM has been developed for traders located in Australia dealing with both Australian and overseas consumers. Traders located outside Australia who are dealing with Australian consumers are also encouraged to adopt this Best Practice Model.

The BPM complies with the general principle of functional equivalence. Consumers protection online should be no less than their protection in the offline environment. The BPM addresses areas where the special characteristics of the online environment (eg distance between the business and the consumer; the speed transactions can be completed online; the need for authentication; and information collection practices) necessitate business practices different to those in the offline world.

The BPM applies to business-to-consumer (B2C) electronic commerce. Businesses are encouraged to adopt the BPM when engaging in business-to-business (B2B) electronic commerce. The BPM does not apply to transactions between individuals both acting in a non-business capacity.

The BPM does not replace consumer protection laws or codes of conduct. Complying with the BPM does not exempt a business from compliance with obligations under such laws or codes. Where an inconsistency arises, the law has precedence over the BPM.

The obligations of businesses under the BPM are set out below.

2. Adopt fair business practices when engaging in B2C electronic commerce.

The Trade Practices Act 1974 (Cth), the Australian Securities and Investments Commission Act 1989 (Cth) (in relation to financial services) and State and Territory Fair Trading legislation require business to:

(a) not engage in conduct that is misleading or deceptive or is likely to mislead or deceive;

(b) not make false or misleading representations about the goods or services they supply;

(c) not engage in unconscionable conduct;

(d) make sure that the goods supplied correspond with the description of the goods;

(e) ensure that the goods supplied are of merchantable quality and fit for any purpose made known to the supplier by the consumer; and

(f) ensure that services supplied:

* will be rendered with due care and skill;
* be reasonably fit for any purpose specified; and
* achieve any result which the consumer makes known.

3. Accessibility

Business should ensure the electronic delivery of goods or services can be achieved without specialised software or hardware unless the requirement for such specialised software or hardware is made clear to the consumer beforehand.

4. Disability Access

Business should make reasonable adjustment in the provision of goods and services to ensure they are accessible to people with disabilities.(1)

5. Advertising and Marketing

Businesses should:

(a) make sure advertising material is clearly identifiable and can be distinguished from other content such as editorial comment, terms and conditions and independent product reviews;

(b) make sure the business is identifiable from the advertising; and

(c) be able to back up their advertising or marketing claims.

For commercial email, businesses should:

(a) not send commercial email except:

* to people with whom they have an existing relationship; or
* to people who have already said they want to receive commercial email; and

(b) have simple procedures so consumers can let them know they do not want to receive commercial email.

6. Engaging with Minors

Business should take special care in advertising or marketing that is targeted to children. This is because children may not understand the information with which they are presented.

When interacting with children, business should get consent from the child’s parent or guardian.

Before a business requests personal information from a consumer:

(a) the business should take reasonable steps to establish whether the consumer is under 16 years; and

(b) unless the business thinks the consumer is over 16 years, it should get the consent of the parent of the consumer.

7. Information - Identification of the Business

Business should provide consumers with accurate, and easily accessible information that allows:

(a) identification of the business involved in a particular transaction;

(b) prompt, easy and effective communication with the business regarding any electronic transaction; and

(c) service of legal documents.

Information provided should include the following:

* the name under which the business trades;

* the physical address of the business and its registration address;

* email address, telephone and other contact information;

* any relevant statutory registration or licence numbers, including the Australian Business Number or the Australian Company Number; and

* contact details, an easy method of identifying the membership of and accessing the relevant codes of practice of any relevant self-regulatory scheme, business association, dispute resolution organisation or other certification body. This could be by displaying the logo of the industry association and giving an internet link to the association’s website.

8. Information - Contractual

Business should provide enough information about the terms, conditions and costs of a transaction to enable consumers to make informed decisions.

This information should be clear, accurate and easily accessible. It should be provided in a way that gives consumers an adequate opportunity for review before entering into the transaction and to retain a record of the transaction.

Business should provide all information online which they are required to provide offline either by law or by any relevant code of practice to which they subscribe.

All information referring to costs should indicate the applicable currency, including guidance on how to get information on exchange rates, or a link to a site where such information may be found.

Information about terms and conditions should be clearly identified and distinguished from advertising material.

Where applicable, the information should include the following:

(a) an itemisation of total costs to the consumer collected by the business or where the total cost of a transaction cannot be worked out in advance, a statement that a total cost cannot be provided and a description of the method that will be used to calculate it, including any recurrent costs and the methods used to calculate them;

(b) notice about the existence of other costs that are not collected by the business. This may include delivery, postage, handling and insurance and where it would be reasonably known to the business, taxes and duties;

(c) notice of ongoing costs, fees and charges and methods of notification for changes to those costs, fees and charges;

(d) if limited, the period for which the offer is valid, including time zone information where relevant;

(e) any restrictions, limitations or conditions of purchase, such as geographic limitations or parental/guardian approval requirements for minors;

(f) details of payments options;

(g) terms of delivery;

(h) mandatory safety and health care warnings that a consumer would get at any physical point of sale;

(i) conditions about termination, return, exchange, cancellation and refunds;

(j) details about any cooling-off period or right of withdrawal;

(k) any conditions about contract renewal or extension;

(l) details of any explicit warranty provisions; and

(m) details of any after-sales service.

9. Conclusion of Contract

Where appropriate, prior to the conclusion of the contract, business should give consumers the opportunity to let them know the purpose for which they require the product or service or the result they wish to achieve.

Business should put in place procedures that let consumers:

(a) review and accept or reject the terms and conditions of the contract;

(b) identify and correct any errors; and

(c) confirm and accept or reject the offer.

Business should promptly acknowledge receipt of the order.

10. Privacy

Business should comply with the benchmark standards for handling personal information set out in the Privacy Commissioner’s National Principles for the Fair Handling of Personal Information, available at www.privacy.gov.au .

The National Principles set out standards in relation to:

(a) collection of personal information;

(b) use and disclosure of personal information;

(c) data quality;

(d) data security;

(e) openness about management of personal information;

(f) access and correction;

(g) use of identifiers;

(h) anonymity when entering transactions;

(i) onward transfers of personal information; and

(j) highly sensitive personal information.

Business should provide consumers with clear and easily accessible information online about the way they handle personal information.

11. Payment

Business should provide to consumers payment mechanisms that are easy to use and offer security that is appropriate for the transaction. The payment mechanism should also be appropriate to the method of payment and the confidentiality of payment mechanism information provided.

Businesses should ensure that consumers have access to information on:

(a) ways of making payments;

(b) the security of those payment methods in clear, simple language. This will help consumers judge the risk in relying on those methods; and

(c) how to best use those methods.

Business should update the payment mechanisms to make sure security is maintained at an appropriate level.

12. Security and Authentication

Business should:

(a) make sure consumers have access to information about the security and authentication mechanisms the business uses in clear, simple language which helps consumers assess the risk in relying on those systems;

(b) provide security appropriate for protecting consumers’ personal and payment information;

(c) provide security appropriate for identification and authentication mechanisms to be used by consumers;

(d) discourage consumers from giving confidential information in a way that is considered insecure;

(e) update their security and authentication mechanisms over time to make sure the security offered is maintained, at an appropriate level; and

(f) not try to contract out of their responsibility for losses arising from the misuse or failure of authentication mechanisms.

13. Internal Complaint Handling

Set up internal procedures to handle consumer complaints:

(a) within a reasonable time;

(b) in a reasonable way;

(c) free of charge to the consumer; and

(d) without prejudicing the rights of the consumer to seek legal redress.

Business should provide consumers with clear and easily accessible information about complaints handling procedures.

If a consumer is unhappy with the outcome of the complaint handling mechanism, the business should provide the consumer with information about any external dispute resolution bodies, to which it subscribes, or any relevant government body, such as a Fair Trading Agency (see www.fairtrading.nsw.gov.au).

14. External Dispute Resolution

Business should provide consumers with clear and easily accessible information on any independent customer dispute resolution mechanism to which the business subscribes.

This independent method of dispute resolution should be accessible, independent, fair, accountable, efficient, effective and without prejudice to judicial redress.

15. Applicable Law and Forum

Where a business specifies an applicable law or jurisdiction to govern any contractual disputes or a jurisdiction or forum where disputes must be determined, it should clearly and conspicuously state that information at the earliest possible stage of the consumers interaction with the business.

A business located in Australia that enters into a contract with a consumer whom the business believes is resident in Australia (for example, because of the consumer’s address) should spell out which Australian jurisdiction’s law is the governing law of that contract. It should also make clear that any contractual disputes will be heard by Australian courts and tribunals.

Other relevant Articles on this site:
Website development agreement
Spamming
Customer information privacy
Security

Other relevant Fact Sheets:
Consumer Protection
Corporations and Securities Law
Disability Discrimination
Misleading and Deceptive Conduct
Online Content Regulation
Online Contracts
Privacy
Secure Electronic Transactions
Trade Marks, Domain Names and Passing Off

End Notes
1. Disability Discrimination Act 1992

"Internet is so big, so powerful and pointless that for some people it is a complete substitute for life", Andrew Brown
forBusiness/