| |
My name is Barbara
Wellbery. I am a partner of Morrison
& Foerster and I practice in the firm's Washington, D.C. office. Before joining the firm in December, 2000, I
served in the Career Senior Executive Service in the Department of Commerce for
six and a half years, first as Chief Counsel for the National Telecommunications
and Information Administration and then as Counselor for Electronic Commerce to
the Under Secretary for International Trade.
I have six years of experience in developing both domestic and
international privacy policy. I also
participated in the White House Working Group on Electronic Commerce from its
inception until I left the Government.
I also have extensive experience in formulating policy on other key
electronic commerce issues, such as jurisdiction and consumer protection. I have represented the U.S. Government in
bilateral negotiations with the European Commission on the safe harbor privacy
accord and in a variety of other bilateral and international negotiations
including the Organization for Economic Cooperation and Development, and the
Asia Pacific Economic Cooperation.
Since leaving the
Government, I have advised U.S. multinational companies on privacy issues and
on other international issues arising in the electronic commerce context. I have also been extensively involved in
meetings on The Preliminary Draft Convention on Jurisdiction and Foreign
Judgments in Civil and Commercial Matters adopted by the Special Commission of
the Hague Conference on Private International Law Hague Convention (the “Hague
Convention”). I am pleased to have the
opportunity to appear before you today to discuss impediments to digital trade
and specifically the Hague Convention and the safe harbor privacy accord.
Introduction
The Internet is a
decentralized, borderless, global medium that presents unique opportunities and
challenges for both governments and businesses around the world. As a global marketplace for both commerce
and ideas, it can empower citizens, democratize societies, and spur business
development by providing access to a worldwide network of customers. These same attributes place a premium on a
flexible legal framework that is consistent domestically and internationally,
since actions taken by one government have the ability to affect the whole of
the Internet. Achieving such a legal
framework is a long-term process that requires continuing dialogue and
diplomacy rather than confrontation, identifying common ground despite
divergent interests, and building bridges instead of insisting on one way as
the right way. It also requires that
all private sector stakeholders be given a place at the “table” and included in
the process or any resulting framework may well prove unworkable.
The safe harbor
accord is often hailed for demonstrating that such an approach can work. In that instance, as discussed further
below, governments worked together to find common ground. They took a constructive, problem solving
approach, despite very different national privacy regimes, involved the private
sector extensively, and were able to bridge their differences. It
remains to be seen whether the negotiations on the Hague Convention will
take a similarly constructive approach and yield similarly constructive
results.
The Hague Convention
This hearing on
the Hague Convention is particularly timely as the first diplomatic convention
in over 18 months is scheduled to take place next month, from June 6
through June 20. The U.S. provided
the original impetus for the Hague Convention, proposing it in 1992. The driving factor was the U.S. perception
that U.S. courts typically enforce foreign judgments, while foreign courts
often do not enforce U.S. judgments.
The Hague Convention would provide international rules on jurisdiction
and recognition and enforcement of foreign judgments. It concerns two aspects of jurisdiction over a foreign person or
company: (i) personal jurisdiction
(can the foreign defendant be sued in this court?); and (ii) enforcement
(will a court in the defendant’s home country recognize and enforce the court’s
decision?). As a formal matter, the
Hague Convention does not address choice of law. As a practical matter, however, if a court does exercise
jurisdiction, there is a strong likelihood that it will often find that its own
law is the applicable law, because each forum applies its own conflicts of law
rules. This often leads a court to
apply its own law.
The current
official draft of the Hague Convention, which was adopted in October 1999, has
met with significant opposition in the U.S. from a variety of private sector
quarters, sometimes for conflicting reasons.
A great deal of the opposition stems from the very different approaches
to jurisdiction taken by common law and civil law countries and the fact that
the 1999 preliminary draft borrows heavily from the civil law approach to
jurisdiction. At the core of the
electronic commerce community’s concerns is the question of when it is proper
to assert jurisdiction over companies engaged in Internet activities. Electronic commerce providers fear that the
jurisdictional rules contained in the Hague Convention, which would make web
site operators and Internet service providers more vulnerable to lawsuits
around the world, would stymie the development of electronic commerce. The more formalistic approach to
jurisdiction taken in civil law countries heightens this risk.
U.S. courts focus
on issues of due process -- fairness to the defendant as well as to the
plaintiff -- and determine jurisdiction on a case by case basis. There are few rigid rules for determining
jurisdiction in the U.S. It cannot be
said, for example, that a consumer can always sue in his home
jurisdiction. Instead, courts generally
look to whether a defendant has purposefully directed, or targeted, its
activities or performed some act, purposefully availing itself of the privilege
of conducting business in the forum. If
so, courts conclude that the defendant has thereby invoked the benefits and
protections of the forum’s laws, has minimum contacts with the jurisdiction,
and could reasonably have anticipated being haled into the forum. The same general approach is used to
determine jurisdiction for contract actions and tort actions, as well as for
actions brought by consumers against businesses.
The approach to
jurisdiction in civil law countries is usually far more formalistic than the
U.S. approach. For contract actions, a
plaintiff can sue in the forum where the goods or services are provided unless
one party to the contract is a consumer.
In those cases, the consumer can sue where he resides if the defendant
solicited business through advertising (such as a web site) and the consumer
took steps to conclude the contract in that jurisdiction. For tort actions, plaintiffs may sue where
the harmful act or omission occurred or where the injury arose. In each instance, if the relevant criteria
are met, courts may not deny jurisdiction on the grounds that it would be
unfair to the defendant. Although
conventional wisdom holds that the civil law approach to jurisdiction provides
certainty at the expense of justice, and the common law tradition provides
justice at the expense of certainty, in many, but not all contexts, they lead
to the same result.
Electronic
commerce creates challenges for both civil and common law approaches to
jurisdiction since both depend on the geographic locations of the parties and
relevant events. The Internet, however,
makes it difficult if not impossible to know for example where parties are
located, whether one is a consumer, where the contract was negotiated, and in
the case of intangible goods and services, the physical location to which they
are transmitted. U.S. courts have begun to develop approaches to jurisdiction
in the context of the Internet, but
U.S. law on these issues continues to evolve. And, although the Hague Convention applies
to electronic commerce transactions and Internet service providers, it was
drafted without attention to the particular jurisdictional issues raised by
electronic commerce, and thus without recognition of the significant problems
it poses for the Internet and electronic commerce.
I will focus on
two problems the Hague Convention creates for electronic commerce and Internet
service providers, which are particularly critical. First, the Hague Convention would lead to
increased vulnerability to tort suits for Internet service providers. (See Article
10 of the Hague Convention.) It would
permit suits for all kinds of torts, including copyright infringement, privacy,
defamation, and in other countries, hate speech, to be brought wherever the act
or omission occurred or where the injury arose. This jurisdictional rule would allow a company with a web site to
be sued, for example, for copyright infringement anywhere its web site could be
accessed; an Internet service provider could be sued wherever it makes the
copyrighted work available. And yet in
both instances, the company may have had no contact at all with the
jurisdiction in which the suit is brought.
The Hague
Convention would also allow copyright owners to avoid the limitations on
liability that were negotiated with U.S. service providers under the Digital
Millennium Copyright Act, by bringing suit against the service provider for
copyright infringement in countries that have no laws limiting service provider
liability. Although as noted above,
technically the choice of applicable law is independent of the choice of forum,
in fact the choice of a particular forum often leads to application of that
forum's laws. In addition, where the
service provider had no assets in the country in which suit was originally
brought, under the Hague Convention copyright owners would be entitled to
enforcement in the U.S. or any other signatory country to the Hague Convention
where the service provider has assets.
The Hague
Convention compounds the problem created by the torts provision by establishing
that courts may also exercise jurisdiction to order provisional measures, such
as temporary restraining orders and preliminary injunctions. While the Hague Convention also limits the
effect of such provisional measures to the territory of the state in which the
issuing court is located, that limitation may well prove meaningless on the
Internet. An injunction ordering
removal of material from a web site, at least at this time, cannot be limited
geographically: a temporary injunction
entered by a foreign court against a U.S. company would have to be enforced by
a U.S. court, despite the fact that the injunction exceeded in scope or failed
to meet the criteria established by Section 512(j) of the Digital Millennium
Copyright Act of 1998. Again, this would
seem to undermine the carefully balanced approach struck by the Act.
The torts
provision could also encourage other countries to emulate a troubling trend
begun by the Yahoo France decision, in which a French court exerted
jurisdiction and imposed penalties against Yahoo, U.S. because the Yahoo web
site was accessible to users in France.
The site’s content was considered illegal in France but legal in the
U.S. under the First Amendment. Other
foreign courts have followed suit.
Recently, two courts in France and Germany held that web site publishers
who published material residing on servers outside of those countries were
nevertheless guilty of defamation and hate speech in Germany and France merely
because the material was accessible in those countries. While surely U.S. courts would refuse to
enforce such judgments on First Amendment grounds, the Hague Convention would
nonetheless compound the problem. By
requiring that those judgments be enforced in other countries where U.S.
companies have assets, U.S. First Amendment principles could more easily be
avoided. The result could be that the
Internet is reduced to the lowest common denominator, where web sites avoid any
but the safest content for fear of offending someone and being haled into
court.
The second
critical problem the Hague Convention creates is that it would subject
web-based companies to suits arising out of consumer contracts anywhere in the
world. It would allow a consumer to sue
in his home jurisdiction so long as the defendant has directed his activities
to that state (through advertising) and the consumer has taken steps necessary
for the conclusion of the activity in that State. The Hague Convention also limits enforcement
of choice of court clauses so that they may be enforced only when they are
entered into after the dispute has arisen or they allow the consumer to bring
proceedings in another court. The
effect would be that a business would be vulnerable to suit anywhere in the
world that its web site is accessible.
And, because of the close connection between choice of forum and choice
of law, companies doing business on the web would not only have to anticipate
being haled into court around the world but also being subjected to different
and sometimes conflicting consumer protection laws around the world. The result certainly would be that companies
would be reluctant to offer their goods and services over the Internet for fear
of being sued anywhere in the world and subjected to the laws of more than 170
countries.
If, as noted
above, U.S. courts already enforce foreign judgments, why would the Hague
Convention be so problematic? The
reasons are fourfold. First, the
statement ‑‑ that U.S. courts typically enforce foreign judgments ‑‑
oversimplifies the current U.S. legal situation. Foreign judgments are presumptively enforceable by U.S. courts,
but that general rule is subject to certain exceptions. For example, it is well established that
U.S. courts also examine, when raised by defendants, claims that a foreign court
lacked personal jurisdiction.
Particularly where the jurisdiction is not a common law jurisdiction,
courts will apply U.S. standards of minimum contacts in determining if
jurisdiction was proper. Yet, the Hague
Convention would require U.S. courts to enforce foreign judgments so long as
they satisfy the requisite jurisdictional tests established by the Hague
Convention even where sufficient contacts do not exist. Second, as noted above, efforts by U.S.
courts to adapt the minimum contacts doctrine to the world of electronic
commerce are still ongoing.
Incorporating current jurisdictional rules in the Hague Convention at
this time would freeze them in place prematurely since it is not yet clear that
they have fully evolved or that they work effectively in the electronic
commerce context.
Third, although it
can be said that U.S. courts normally enforce foreign judgments, U.S. courts
have not enforced foreign judgments arising out of the kinds of cases that
arise in the electronic commerce context.
For example, the foreign copyright cases that have been enforced have
all involved situations where the defendant also clearly had minimum contacts
with the jurisdiction in which the original suit was brought. But under the Hague Convention, U.S. courts
would have to enforce foreign judgments where, for example, an Internet service
provider had no contacts with the jurisdiction where the suit had been brought
except that a work it had transmitted could be accessed there.
Similarly,
business to consumer transactions across borders were rare before the
Internet. There are therefore few if
any cases of foreign judgments being enforced by U.S. courts where they result
from suits brought by consumers in their home court against defendants with no
contacts in that jurisdiction. Finally,
the principle that U.S. courts will enforce foreign judgments does not appear
to be well recognized outside the U.S. and relatively few plaintiffs try to
enforce foreign judgments here. That
obviously would change if the Hague Convention were finalized and the U.S. were
a party.
Given the many
problems raised by the Hague Convention, it may be tempting to advocate that
the U.S. Government absent itself from the Hague Convention. Nevertheless, based on my first hand
experience in working on behalf of the U.S. Government in international fora on
a variety of electronic commerce issues, I believe U.S. interests will be
better served for a variety of reasons if the U.S. Government remains part of
the Hague Convention process. Efforts
on the Hague Convention will likely continue with or without the U.S.
Government. Continued participation by
the U.S. Government will allow it to influence the Hague Convention, while
disengaging will not. Nor can the U.S.
avoid the effects of the Hague Convention entirely if it does come into
effect. At a minimum, even if the U.S.
is not a signatory to the Hague Convention, foreign judgments against U.S.
companies will be enforceable in other countries that are signatories to the
Hague Convention.
U.S. Government
efforts to address the criticisms leveled against the Hague Convention by the
U.S. private sector provide a further illustration of why it is beneficial for
the U.S. Government to remain engaged in the process. First, the U.S. Government succeeded in slowing down the process
and was able to secure postponement of the diplomatic conference, originally
scheduled for last year, to this June.
The U.S. Government also takes a unique approach in consulting
extensively with all aspects of the private sector, which is particularly
important in the e‑commerce context, where technology and market applications
evolve so quickly. It was also able to
persuade other delegations to hold several informal “stocktaking” meetings and
to advocate successfully including private sector experts from the electronic
commerce, intellectual property, consumer, and trial lawyer communities in
these meetings and in focusing attention on the problems the Hague Convention
raises for electronic commerce. Absent
U.S. Government involvement, private sector representatives would not have been
included in these meetings. These
meetings produced new, informal drafts that attempt to address the concerns
discussed above. (The status of these
drafts is still entirely unclear; it is not known whether they or the
preliminary draft adopted in 1999 will form the basis for discussion at the
June diplomatic conference, nor do they resolve many of the concerns raised by
the electronic commerce community.)
And, the U.S. Government continues to press to ensure that both formal
and informal meetings are open to private sector participants.
Therefore, in my
view the better approach is for the U.S. Government to remain involved in the
Hague Convention negotiating process and to continue to urge participating
countries to take a constructive problem solving approach to the issues that
succeeds in bridging the differences in jurisdictional approaches rather than
relying so heavily on one particular legal tradition.
Safe Harbor Privacy Accord
Privacy provides
another prime example of an issue that requires countries to find common
ground. Enormous amounts of information
are now used on a global basis. Many
multinational companies ship all their human resources data to one location for
record keeping, benefits, and payroll purposes. Credit card companies do the same with bankcard information for
billing purposes. Credit and insurance
markets increasingly operate on a global basis and require the transfer of
information about individuals across borders to evaluate their creditworthiness
or insurance risks. The inherently
global nature of the Internet further complicates the matter. Citizens of one country may easily visit web
sites in other countries, transferring personal information across borders as
they visit. But laws, which generally
are limited by nations’ borders, have little effect in a medium without
borders. These problems are exacerbated
when nation that have longstanding differences on how to protect privacy adopt
very different approaches to dealing with these issues, as do the United States
and the European Union (EU).
Traditionally, the U.S. has relied on self-regulation and limited
sector-specific legislation to protect privacy while EU countries, which view
privacy as a fundamental right, have adopted broad, highly regulatory
legislation that applies the same rules to all industry sectors.
Given these
longstanding differences, many U.S. companies were concerned when the European
Union adopted the Directive on Data Protection, which requires that Member
States enact laws prohibiting the transfer of personal data to countries
outside the European Union that fail to ensure an adequate level of privacy
protection. U.S. companies feared that
interruptions in data flows would result in the suspension of businesses. Such across-the-board interruptions could
affect billions of dollars in trade each year and interfere with the
multinational companies’ ability to pay and manage their employees as well as
with the routine activities carried out by investment bankers, accountants, and
pharmaceutical and travel companies.
Just the threat of action by European authorities left U.S. companies
with a great deal of uncertainty, while alternative, ad hoc approaches
available to satisfy the Directive’s “adequacy” standard threatened to be
expensive and time consuming and thus suitable for larger companies only.
In March 1998,
against the backdrop of these different privacy approaches and the serious
consequences that could flow from them, the United States and the EU took up
the difficult challenge posed by their different approaches to privacy. The goal of the United States Government was
to create easier, more streamlined option(s) for U.S. companies transferring
personal information from the EU to the U.S., particularly small and medium
sized companies, and to ensure the continued flow of data across borders. The EU’s goal was to ensure its citizens a
high level of privacy protection. From
the start, both sides agreed to adopt both sets of goals. In recognition that any interruptions in
transborder data transfers could have a serious impact on commerce, the EU and
the U.S. began with an acceptance of their differences and developed ways to bridge
those differences. Initial steps focused
on identifying common ground in their different approaches on which to build a
solution.
This approach led
to the “safe harbor” privacy accord.
The safe harbor builds on the U.S. self-regulatory approach to privacy
and more closely reflects the U.S. approach to privacy. U.S. companies may decide voluntarily if
they wish to adhere to the safe harbor framework. If they so decide, they will be judged “adequate,” and data flows
to them from Europe will continue. It
thus provides yet another option for U.S. companies to meet the requirements of
the EU Directive but in no way limits their choices if they wish to take
another approach for complying with the Directive.
The safe harbor
provides a number of important benefits to U.S. firms. Most importantly, it offers U.S. companies
that receive personal information from Europe predictability and continuity as
well as a more streamlined and less expensive means of complying with the
adequacy requirements of the Directive.
It creates a single privacy regime for U.S. companies transferring
personal information from the EU to the U.S. (since all 15 Member States are
bound by the safe harbor accord) and eliminates the need for prior approval to
begin data transfers to the U.S. or makes such approval automatic.
Importantly, the
safe harbor framework was developed by the U.S. Government in close
consultation with the U.S. private sector ‑‑ industry as well as privacy
advocates. We posted drafts of
documents for public comment fours times during the two-year negotiation and
held numerous meetings with consumer advocacy and industry groups to obtain
their views on the draft documents.
This input was invaluable in developing a workable framework for U.S.
companies, which as much as possible reflects actual business practices, yet at
the same time satisfies EU privacy requirements. The U.S. Government also needs to be engaged
in discussions with other governments as they develop privacy legislation.
Conclusion
If digital trade
is to reach its full potential, it will require a workable legal framework that
is consistent across borders. Achieving
such a framework is both a long term and difficult goal, not least because we
each start with the view that our own way is the right way. In addition, these ways are often deeply
entrenched as a result of centuries of differing legal traditions. It seems clear that this goal will be
achieved only if the U.S. Government and the U.S. private sector are deeply
engaged ‑‑ both in international fora and bilaterally ‑‑ in discussions
on the full range of issues that affect digital trade. It is also critical to achieving this goal
that the U.S. Government continue to urge other governments to agree to
inclusion of private sector participants in all international discussions,
including treaty negotiations. Finally,
all sides must be willing to work together to identify common ground and bridge
the differences in their approaches.
|
|
