Duke Law School shield Duke Law & Technology Review logo
TOPICS
eCommerce
CyberCrime
International
Media & Comm.
Patents & Tech.
Health & Biotech.
Copyrights & TM.
 
DLTR Home
About DLTR
Contact DLTR
Submissions
Staff
Duke Law

iBRIEF / International
Cite as 2001 Duke L. & Tech. Rev. 0023
7/5/2001

INTERNATIONAL LIABILITY IN CYBERSPACE

Activities in cyberspace often expose companies to "cybertorts", a species of tort particularly difficult to reconcile with standard insurance policies. The author explores some of the difficulties in obtaining coverage for cybertorts from traditional insurance policies, and makes recommendations for companies to reduce their cyberspace liability exposure.
I. Introduction

           

          With the recent advances in computer technology, many companies have become increasingly dependent on the Internet and other computer-related technologies to manage their businesses and sell their products.1 Many companies find that they need to operate in cyberspace to meet the demands of their customers and compete with their competitors. Whatever the reason, these new technologies implicate new risks and liabilities for businesses. Among these risks is the potential that activities in cyberspace may give rise to tort claims, often called "cybertorts."2 With the ubiquity of the Internet, even small U.S.-based companies with a minimal presence in cyberspace may find that their activities nonetheless expose them to liability in foreign jurisdictions with different standards of behavior.3 Furthermore, companies may find that their traditional insurance policies do not cover these cybertorts, especially when a lawsuit is brought outside the United States.

II. Types of Cybertorts

           

          Companies that do business in cyberspace should know that these activities subject them to a number of risks. While many of these liabilities arise out of a company's e-commerce business, even a company whose presence on the Internet is only a simple web site may have liability for certain cybertorts.4 The major risks to companies that do business in cyberspace include personal injury and advertising liability for illegal content on web sites or bulletin boards; errors and omissions liability for negligently designed computer programs, and intellectual property infringements.5 Generally, any information on the Internet that results in defamation, invasion of privacy, misappropriation of advertising ideas or other torts, can give rise to a lawsuit.           

          Liability may extend to more than just the author of the tortious information. Any one of several parties including the creator and owner of the web site, the owner of the server, or the online service provider, may face liability.6 Furthermore, if this information is accessible to Internet users worldwide, individuals may bring claims to courts in foreign countries. Which laws govern disputes and in which jurisdictions those laws will be applied depends more on what a company does in cyberspace than on its physical location.7           

          Different jurisdictions have different and conflicting standards concerning the right to advertise and the scope of commercial speech.8 The likelihood a U.S. company may accidentally break a foreign country's law is high.9 For example, a company may use comparative advertising on its web page only to discover that countries such as France and Germany prohibit this type of advertising.10 Likewise, a U.S.-based company may easily run afoul of different standards for treating electronic data about customers. The EU recently issued a Data Protection Directive11 that places significant restrictions on what countries outside the EU can do with data gathered from customers in e-commerce transactions as compared to the self-regulatory approach used in the United States.12 Any U.S. company that sells through a website to customers in the EU must register and obey the restrictions on the use of customer information or face fines and potential liability. This approach differs greatly from the (primarily) self-regulating approach in the United States.           

          The flipside of liability for cybertorts is the potential that a company will be a victim of a cybertort or a business loss relating to its activities in cyberspace. A typical situation involves a computer database that is lost or damaged by a virus or other attack that forces the company to suspend operations and lose money.13 In these situations, companies need the security of knowing that their valuable computer assets are insured and that the policy will reimburse the company when it cannot operate normally or provide the funds to continue without interruption.14 In such cases, the issue of whether the company's insurance policy covers its activities on the web is critical.

III. Insurance Coverage by Traditional Policies

           

          Most businesses carry the same basic types of insurance policies such as commercial general liability insurance ("CGL"), errors and omissions liability, and policies that cover the loss of business income as a result of suspension of operations.15 These policies, which were developed before the advent of the Internet, typically do not provide complete coverage for a company's cyberspace liabilities and losses.            

          Common CGL policies cover bodily or property damage and advertising or personal injury caused by the company's business-related activities.16 However, most insurance companies have argued that CGL insurance policies don't cover cybertorts. For example, even though most CGL policies cover property damage, insurers have taken the position that this damage must take place to tangible property.17 Therefore insurers refuse to reimburse companies for damage or loss of valuable computer files or databases.

          Likewise, there is no coverage for the misuse in cyberspace of customer names, e-mail addresses and purchasing preferences for commercial ends. Even though traditional CGL policies cover advertising injuries, insurance companies have required that there be a causal nexus between the misuse of information and the advertising. Additionally, CGL policies are unlikely to cover damages that arise from anonymous postings on a Website message board or even a commercially motivated smear campaign carried out by one company versus another. Insurers are likely to deny coverage unless the allegedly defamatory acts are clearly company advertising.           

          Even if a company has an insurance policy that covers its activities on the World Wide Web, there is a significant risk that it won't be covered outside the United States or Canada. Most CGL and other basic insurance policies don't give companies worldwide coverage.18 And, even if the policy does cover a company internationally, it typically won't cover the cost of defending a suit in a foreign country.19 Foreign suits often involve complex jurisdictional issues and are costly for a U.S. based company to defend.

Recommendations and Conclusion

           

          One of the appeals of e-commerce to businesses is that, from a website, they can sell to anyone anywhere. However, with this increased scope also comes increased risk that these activities will expose the company to litigation in foreign jurisdictions. In other words, a website that indicates a company is open for business for anyone, anywhere in the world also implies that the company is subject to the laws and regulations of every jurisdiction in the world. Unless the company can find a way to ensure that its site is only visible in the countries where it knows it can comply with all the local laws, it may have to defend itself against anyone, anywhere.            

          The necessity of operating in cyberspace combined with the new liabilities and risks associated with these efforts means that even small U.S.-based companies should evaluate carefully their current insurance coverage. Companies should evaluate their current activities in cyberspace and their dependence on that part of their businesses. Companies should question whether they could deal with a malfunction or computer virus that shuts down their websites and causes them to lose business. They should question their comfort defending themselves in a foreign court half-way around the world. One practitioner noted that, "being sued in another country is not a unique thing anymore, especially for businesses with a big Internet presence."20            

          The easiest way for a company to deal with these contingencies is to be sure that its insurance policy covers these risks. If not, the easiest way to expand coverage to cover international liabilities is to obtain an endorsement to the current CGL or other policy to cover international liability. However, this endorsement will not protect a company if its CGL or other basic policy is not found to cover cyberspace activities. A better solution may be for a company to obtain insurance specifically designed for Internet business. Many insurance companies are also now offering e-commerce insurance policies specifically designed to cover business activities in cyberspace.21 Insurers offer several different plans that can cover almost any activity on the Internet from the simple use of banner advertisements on homepages to liability for extensive e-commerce activities.

By: Matthew Crane


Footnotes

1. Morrissey, Diana Y., Does Insurance Coverage Extend to Cyberspace? Legal Updates, at http://www.faegre.com/articles/articles_363.asp(last visited July 3, 2001).

2. Communications Law in Transition Newsletter, at http://pcmlp.socleg.ox.ac.uk/transition/issue04/reviews.html(February 12, 2000).

3. http://lawyerstoinnovators.com/news/mediaarticles/insurance/html(last visited June 25, 2001).

4. Robert Bond, International Legal Issues of e-Commerce, Legal Updates, at http://www.faegre.com/articles/article_204.asp(last visited July 3, 2001).

5. Steve Lobel and Frederick Provorny, Insurance Coverage Increases to Keep Up with Internet Risks, Capital District Business Review, at http://albany.bcentral.com/albany/stories/2000/08/14/focus5.html(August 14, 2000).

6. Bond, supra note 4.

7. Id.

8. Gauntlett, David A. & John L. Maxin, "Tort Claims and Insurance in Cyberspace: Is Your Company Covered?" ACCA Docket, May 19, 2001.

9. Lobel and Provorny, supra note 5.

10. Id.

11. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, at http://europa.eu.int/eur-lex/en/lif/dat/1995/en_395L0046.html(last visited July 3, 2001).

12. Marie G. Aglion, The EU Data Protection Directive: If It's a DoorIndustry Has the Key, The Bureau of National Affairs, Inc., Electronic Comerce and Law Report, at http://www.perkinscoie.com/resource/ecomm/euprivacy.htm(April 28, 1999).

13. Gauntlett and Maxin, supra note 8.

14. Id.

15. Id.

16. Id.

17. Jones Day, "Internet Insurance: Old Problems in the New Economy," Cyberspace Lawyer, 5, February 2001

18. Supra note 3.

19. Id.

20. Id.

21. Paul A. Greenberg, AIG Unveils e-Commerce Insurance Plans, E-Commerce Times, http://www.ecommercetimes.com/perl/story/2259.html(January 18, 2000).

Search:
Related Sites:










 

 

:: TOP ::