The ECT Act: Your Guide to the Law, Part 3
By Lance Michalson
This guide is a summary of the Electronic Communications and Transactions Act 2002 as published in Bill form and does not necessarily express the views of Michalsons Attorneys or Government.
Part 3 – Synopsis of the Act (continued)
Chapter VII: Consumer Protection
Vendors must provide consumers with a minimum set of information, including the price of the product or service, contact details and the right to withdraw from an electronic transaction before its completion. Consumers are also entitled, under certain circumstances, to a “cooling off” period within which they may cancel certain types of transactions concluded electronically without incurring any penalty. Consumers also have the right not to be bound to unsolicited communications (spam) offering goods or services. The Bill also seeks to place the responsibility on businesses trading on-line to make use of sufficiently secure payment systems.
Chapter VIII: Personal Information and Privacy Protection
This Chapter establishes a voluntary regime for protection of personal information. Personal information includes any information capable of identifying an individual. Collectors of personal information (data collectors) may subscribe to a set of universally accepted data protection principles. It is envisaged that consumers will prefer to deal with only those data collectors that have subscribed to the recorded data protection principles. The sanction for breach of these provisions is left to the parties themselves to agree on. Subscription to these principles is voluntary due to the fact that the South African Law Commission is currently developing specific data
protection or privacy legislation which is expected to be enacted within 24 months.
Chapter IX: Protection of Critical Data
In terms of its definition, critical data is information which, if compromised, may pose a risk to the national security of the Republic or to the economic or social well being of its citizens. The Minister may prescribe matters relating to the registration of critical
databases and require certain procedures and technological methods to be used in their storage and archiving.
Chapter X: Domain Name Authority and Administration
A section 21 company will be established, or an existing one approved, to manage the domain name space of the Republic. Its membership and governance structures must be representative of the general South African society, Government and other stakeholders. The objects, powers and functions of the Authority are provided for in the Bill. Provision is also made for disputes involving domain names to be settled by means of alternative dispute resolution methods. The Minister is empowered to formulate national policy on the .za domain name space.
Chapter XI Limitation of Liability of Service Providers
Chapter XI deals with the limitation of the liability of service providers or so-called “intermediaries” and creates a safe harbour for service providers who are currently exposed to a wide variety of potential liability by virtue of merely fulfilling their basic
technical functions. The service providers may seek to limit their liability where they have acted as mere conduits for the transmission of data messages. In each situation the Bill seeks to provide for specific requirements that the actions of the service providers must meet before the clause may be invoked to limit his or her liability.
Chapter XII: Cyber Inspectors
Chapter XII of the Bill seeks to provide for the Department of Communications to appoint cyber inspectors. The cyber inspectors may monitor Internet websites in the public domain and investigate whether cryptography service providers and authentication service providers comply with the relevant provisions. The inspectors are granted powers of search and seizure, subject to obtaining a warrant. Inspectors can also assist the police or other investigative bodies, on request.
Chapter XIII – Cyber Crime
Chapter XIII of the Bill seeks to make the first statutory provisions on cyber crime in South African jurisprudence. The Bill seeks to introduce statutory criminal offences relating to information systems and includes:
(a) unauthorised access to date;
(b) interception of or interference with data;
(c) computer-related extortion;
(d) fraud; and
Any person aiding or abetting another in the performance of any of these crimes will be guilty as an accessory. The Bill seeks to prescribe the penalties for those convicted of offences.
Lance Michalson of Michalsons Attorneys was a member of the team responsible for drafting the Act on the instructions of the Department of Communications. He can be contacted on mailto:firstname.lastname@example.org or by phone on 021 438 6323