Cisco iQ Web Site Magizine --- The URL for the site is www.cisco.com/go/iq.

Untangling the Global Web: How to Navigate the Maze of International Internet Regulations By D.F. Tweney

Companies whose Web presence touches multiple countries are subject to multiple laws. Local expertise and careful customization are key.

Article Summary: --For many companies, the Web has provided an excellent opportunity to market and sell to customers throughout the world. But that means being subject to the laws of any country where your company has a Web presence. That could affect, among other things, the images you can use on your site or the items that you sell to local customers. To make sure you get it right, you’ll want to rely on local experts who can help customize your site for local audiences. You’ll also want to be careful about protecting customers’ privacy and taking other simple precautions to stay within the law.

They don't call it the World Wide Web for nothing. You've no doubt heard—too many times—the canard that the Internet will break down national boundaries and usher in a new era of frictionless international commerce. Sadly, that view is about as dated as a 1998-era dot-com business plan.

The fact is, many countries (and especially those in the European Union) are creating new laws and regulations, some of which produce new challenges for businesses conducting global e-commerce. This situation presents a catch-22 for many companies. The Internet opens up a world full of potential customers—but also exposes your company to the laws of myriad nations.

Global Marketing
Doing business online can, in and of itself, th you into a thicket of international laws. Any commercial Web site available to the public is potentially accessible by individuals around the world. Since consumer protection laws usually apply in the jurisdiction where the buyer (not the seller) resides, that means your company could be subject to the laws of another nation the instant a consumer from that nation visits your site.

"Companies need to know that by marketing in other countries, they are making themselves subject to laws in those countries—and that means you can be sued in those countries," says Michael R. Overly, an attorney at Foley & Lardner in Los Angeles. "The bottom line is this: Is your firm prepared to be sued in courts around the world?"

For example, in November 2000, a French court ordered Yahoo to cease hosting auctions of Nazi memorabilia—or at least to exclude French citizens from those auctions. Although the auctions were hosted on Yahoo's U.S.-based servers, the fact that French citizens could buy these items violated French laws restricting the sale of objects that promote racial hatred. Yahoo recently asked a California court to rule on the applicability of the French decision, but the California court has not yet made a decision.

As a practical matter, unless your company has employees, real estate, or other assets in a particular country, it's unlikely that you need to worry about court decisions there. But for companies that already have multinational operations, the French court's decision is a troubling precedent.

Practical Precautions

"The mere act of putting up a commercial Web site will increase the likelihood of being sued," says law professor Jonathan Bick, author of 101 Things You Need to Know About Internet Law. However, he adds, "it will not necessarily increase the likelihood of losing such a suit," provided that you take reasonable precautions. Specifically, Bick recommends:
Do not send unsolicited commercial e-mail (spam), which is illegal in some countries.

When you include a hyperlink to an international site, make sure you have a linking agreement with that site. While most countries put no restrictions on hyperlinks, a few do—particularly if those links appear to indicate a business relationship that doesn't exist, or if the linked site may not welcome an association with the site linking to it.

If you use metatags on your Web pages, make sure they don't include trademarked terms or names, since many countries' laws prohibit such use, even in metatags.

Use private contracts with business partners in other countries to minimize the chances of misunderstandings and to reduce the risk of litigation.

Ultimately, companies doing business online need to exercise caution and educate themselves about the laws in other countries. But by following a few principles and making good-faith efforts to comply—particularly in your company's most critical overseas markets—you can probably stay out of hot water.

Seller Beware

Many potential problems can arise as a result of laws governing advertising in various countries. For example, in Saudi Arabia, the law prohibits showing a woman's bare midriff, while in Germany, advertisers cannot make explicit comparisons between different products, says Overly.

To avoid such problems, Overly recommends offering different versions of your Web site for each country. For example, FedEx has a multinational Web site that asks you what country you reside in when you first visit it. The site automatically adjusts its language, graphics, and content based on the country you specify, allowing FedEx to ensure that the content is appropriate (and legal) for each regional market.

Similarly, Cisco Systems encourages companies to adopt a Web site strategy of “one site, many views.” The new Cisco.com site, due to launch in early 2002, will exemplify this strategy. It will ensure that a consistent brand and company experience coexist with local content and flair. Navigation and architecture will be consistent across all languages, but users around the world will experience Cisco.com as a local site.

A host of companies offer Web site globalization and can help other companies create a FedEx-like multinational site. Such companies include globalization service providers such as Berlitz GlobalNet and Lionbridge Technologies, as well as software vendors such as GlobalSight, Idiom, and Uniscape.

Use Local Expertise

The key to making a global Web site work effectively, according to Boston-based research firm Aberdeen Group, is to control the site's technology and branding centrally, but let the content on each country's site be controlled locally. Local content managers and lawyers can then ensure that country-specific versions of your site conform to local customs, expectations, and laws.

That's how Otis Elevator does it. The company, which sells elevators and escalators in 220 countries, uses a combination of centralized Web technology and local expertise to offer 53 distinct localized sites in 26 languages. Local country offices manage their own sites, customizing content to reflect local language, customs, preferences, and laws, says J. Russell Mitchell, the manager of Otis.com. For example, building codes in Europe often specify smaller elevators hoisted by cables, while American building codes prefer larger, hydraulic elevators. The only way a multinational corporation like Otis can deal with that level of local regulation is to rely on the sales staff and local attorneys.

Smaller companies, of course, can't afford to hire a small army of international lawyers—but practically speaking, they probably don't need to. Overly recommends that Web site operators be informed about international legal issues in a general sense, but says they don't need to become experts in every country's laws. Instead, identify your most significant international markets, and conduct a more detailed legal assessment for those countries only.

Keep It Private

One big concern for e-business is the use of information about consumers. The European Union's Directive on Data Privacy mandates that its member countries adopt stringent consumer privacy protection laws. Not only are companies doing business in the EU prevented from exchanging consumer data without the consumer's consent, but the data cannot be transferred out of the EU (even to another office of the same company) unless the receiving country's privacy laws are up to the Directive on Data Privacy's standards.

"It certainly seems that the EU has sought to become the leader in regulating personal information and electronic transfers of that information," says Alan Charles Raul, a partner at Sidley Austin Brown & Wood, and head of the firm's cyberlaw practice in Washington, DC.

Although most non-European countries don't yet live up the EU's stringent data protection standards, corporations can continue to collect, process, and transfer consumer and other personal data provided they obtain the individuals’ consent, participate in the EU-approved “Safe Harbor,” or incorporate EU-approved contractual protections—or if the data is needed to carry out transactions on behalf of customers, employees, or other “data subjects.” (“Safe Harbor” is a privacy agreement between the United States and the European Union that was designed to make it easier for U.S. organizations to comply with European laws. The agreement was approved in July 2000.)

Also, says Raul, companies can take heart that the EU is stricter in setting laws than it is in enforcing them—at least so far. "The enforcers tend to take more reasonable approaches when working with the business they regulate, so good-faith efforts to comply may be sufficient to satisfy what, on paper, are really onerous standards," says Raul.