Library of Parliament Research Publications

Current Publications: Science and technology

Federal and Provincial Initiatives to Facilitate Electronic Commerce

Andrew Kitching, International Affairs, Trade and Finance Division
Revised 5 November 2008

In Brief † No. PRB 08-61-E PDF PDF 48 kB, 3 pages

Legal Impediments to Electronic Commerce
Federal Initiatives
Provincial Initiatives
Consumer Protection and Privacy Concerns
Conclusion
Internet Links
Notes

Legal Impediments to Electronic Commerce

Since the mid-1990s, the use of electronic communication over the Internet has increased exponentially. In Canada, the federal and provincial governments have taken steps to recognize the use of electronic communications in commerce by removing legal obstacles to it. This involves treating paper-based documents and electronic documents as functionally equivalent, and ensuring that electronic communications will not be discriminated against or denied legal effect simply because they are in electronic form.

Despite the enactment of federal and provincial legislation in this area, however, many legal and policy issues remain. First, as online commerce has evolved, consumer protection issues, such as electronic authentication, have come to the fore. Second, privacy concerns continue to present policy dilemmas for those engaged in electronic commerce. Both of these issues have been addressed through ad hoc guidelines, as relevant legislation has not been updated to account for new technological developments.

Federal Initiatives

At the federal level, the Personal Information Protection and Electronic Documents Act (PIPEDA)(1) implements measures to create functional equivalency between electronic and paper documents. Part 2 of the Act provides for “the use of electronic alternatives ... where federal laws contemplate the use of paper to record or communicate information or transactions.” Among other things, the Act provides for:

making payments to the federal government in electronic form;
submitting information to the federal government in electronic form;
using electronic documents to satisfy a requirement under federal law for a document to be in writing;
providing electronic documents when an original document is required; and
using electronic signatures.

In some situations, the Act requires the use of a “secure electronic signature” – an electronic signature resulting from the application of a prescribed technology or process. Before a technology or process can be prescribed, it must be proved that:

the electronic signature is unique to the person using it;
the person whose electronic signature is on the document has control of the use of the technology to attach the signature;
the technology can be used to identify the person using the electronic signature; and
the electronic signature can be linked to an electronic document to determine if the document has been changed after the electronic signature was attached to it.

In addition, the Act:

provides that notices and acts published electronically by the Queen’s Printer have the same legal authority as notices and acts published in paper form; and
gives official status to the electronic version of revisions of the statutes and regulations of Canada as well as the consolidated version of the statutes and regulations.

Finally, PIPEDA regulates how private-sector organizations collect, use and disclose personal information in the course of doing business.

Provincial Initiatives

In 1999 the Uniform Law Conference of Canada published a model law, the Uniform Electronic Commerce Act, to facilitate electronic commerce at the provincial level. Since that time, all provinces and territories, with the exception of the Northwest Territories, have enacted legislation based on the Act.

The legislation contains a series of “functional equivalency” rules that set out the conditions that must be met for an electronic communication to satisfy a legal requirement for written communication. Overarching these rules is the principle that an electronic document will not be denied legal effect and enforceability simply because it is in electronic form. When information or a document must be in writing, the electronic equivalent is acceptable if it is accessible so as to be usable for subsequent reference. Where there is a legal requirement to provide information or a document to a person in writing, an electronic document will satisfy the requirement if it is accessible and capable of being retained by the person to whom it is provided.

The provision of original documents is dealt with under the legislation. A legal requirement stipulating that an original document must be provided, retained or examined will be satisfied by providing an electronic document if the integrity of the information has been maintained.

The legislation also covers the retention of documents and provision of copies. Where a document has to be retained for a period of time, an electronic version can be retained if it is accurate and available to the same extent as the original document and for the same length of time. Where multiple copies of a document must be provided, a single electronic version will be acceptable.

Contracts can be formed through electronic means when certain established rules have been followed. These rules:

allow a contract to be formed by using electronic communication;
allow a valid contract to be made by way of electronic communication, even when automated at one or both ends of the transaction;
permit a transaction entered into between an individual and an electronic agent (computer program) to be cancelled if a material mistake is made, if there is no opportunity to prevent or correct the mistake, if the individual notifies the other party of the mistake, and if the individual returns or destroys any consideration received under the contract and does not benefit from receiving the consideration; and
determine when electronic messages are deemed to have been sent and presumed to have been received.

Under the legislation, electronic signatures satisfy a legal requirement for a signed document.

Consumer Protection and Privacy Concerns

While PIPEDA and corresponding provincial statutes are meant to provide the basis for online commerce, the means of electronic authentication used today by financial institutions and online retailers largely supersede the requirement of electronic signatures to complete certain transactions set out in PIPEDA and provincial legislation. Current authentication processes include the use of username and password systems, credit and debit cards, personal identification numbers (PINs) and biometrics. Industry Canada attempted to fill the security gaps that exist in the absence of an updated PIPEDA by formulating principles on electronic authentication in 2004, but these guidelines have not been revised since their inception and are voluntary.(2)

In the meantime, authentication procedures have been the subject of some discussion. In 2008, the Public Interest Advocacy Centre (PIAC) published a report on authentication procedures in electronic commerce.(3) The report included the results of a survey, which concluded that consumers are increasingly wary of security and privacy threats associated with electronic commerce. The report cited identity theft and “phishing” as problems that contribute to a lack of confidence in the system and threaten the growth of online retail and banking transactions.(4)

PIAC suggested that federal and provincial governments should be playing a greater role in protecting consumers, and recommended stricter regulations governing authentication, such as instituting standards and protocols to match the risk levels of the transaction that is being entered into. PIAC also recommended amendments to the law to provide that, as between the online retailer or bank and the consumer, the consumer should not face any liability for losses due to fraud and hacking. PIAC’s report called for more consumer education about authentication, along with requirements that banks and retailers disclose problems with authentication systems.

The PIAC report suggested that federal legislation provide for oversight of authentication systems by amending the Bank Act(5) to institute audits of financial institutions by the Office of the Superintendent of Financial Institutions of Canada, for example. A corresponding audit system would be instituted at the provincial level to oversee retail authentication systems.

To protect privacy online, the PIAC report recommended that the authentication principles include direct references to privacy standards in PIPEDA. In addition, PIAC stated that consumers should be given a choice about how their privacy is protected, by deciding, for example, what personal information can be used to authenticate the online transaction. The Privacy Commissioner of Canada has also expressed concern about authentication procedures, and has released guidelines designed to help businesses to identify and authenticate customers consistent with fair information practices in PIPEDA.(6)

Conclusion

New legal initiatives are currently needed to update authentication procedures and better protect Canadian consumers engaging in electronic commerce. The PIAC report, which focussed on online banking transactions, recommended that reform could take place through amendments to the Bank Act. However, it would also be possible to produce more comprehensive reforms through changes to the electronic signature provisions of PIPEDA itself or through amendments to the regulations. Such changes could reconcile existing provisions on electronic signatures with authentication systems. In the process, legal standards that would provide additional consumer and privacy protection could be applied to these systems.

Internet Links

Canada. Personal Information Protection and Electronic Documents Act, Chapter 5. Statutes of Canada. 2000.

British Columbia. Bill 32-2000, Electronic Transactions Act. First reading, 5 July 2000.

Manitoba. The Electronic Commerce and Information Act, Chapter E55, Continuing Consolidation of the Statutes of Manitoba.

Nova Scotia. Electronic Commerce Act, Chapter 26, Nova Scotia Statutes, 2000.

Ontario. The E-Commerce Act, 2000. Chapter 17, Statutes of Ontario 2000.

Quebec. Bill-161, An Act to establish a legal framework for information technology. First reading, 14 November 2000.

Saskatchewan. The Electronic Information and Documents Act, 2000. pdf PDF(116 kB, 16 pages)

Yukon. Electronic Commerce Act. pdf PDF (398 kB, 14 pages)

Notes

* The original version of this document was prepared by Margaret Smith, formerly of the Library of Parliament.

† Papers in the Library of Parliament’s In Brief series are short briefings on current issues. At times, they may serve as overviews, referring readers to more substantive sources published on the same topic. They are prepared by the Parliamentary Information and Research Service, which carries out research for and provides information and analysis to parliamentarians and Senate and House of Commons committees and parliamentary associations in an objective, impartial manner. [ Return to text ]

S.C. 2000, c. 5. PIPEDA contains a number of provisions meant to facilitate economic commerce, but also sets rules for the use of personal information in the course of commercial activity in Canada.
Industry Canada, Principles for Electronic Authentication: A Canadian Framework, May 2004.
Public Interest Advocacy Centre, Are You Sure You Want to Continue? Consumer Authentication at the Crossroads, September 2008.
Ibid. Phishing refers to fraudulent attempts to acquire personal information such as usernames, passwords and credit card numbers by masquerading as a trustworthy entity in an email or other electronic communication.
S.C. 1991, c. 46.
Office of the Privacy Commissioner of Canada, Guidelines for Identification and Authentication, October 2006.

[ Top of Page ]