Bookmark Us


Tell a Friend

If you think that this page may be useful to someone you know let them know about it.
Solution Graphics
Particular Information That Should Be Provided To Consumer Purchasing Online
PDF  | Print |  E-mail

Particular information that should be provided to consumer purchasing online


What is noticeable in e-commerce is tendency to burden service providers with growing amount of information they are supposed to deliver on their webpages. Significant part of this information must be provided only in relations with consumers.

What I would like to cover in this chapter are obligations imposed by EC Polish law, I will refer though also to Recommendation of The OECD Council Concerning Guidelines For Consumer Protection In The Context Of Electronic Commerce which provides well balanced and thoughtful suggestions as to the minimum scope of such information. As every attempt of enumeration of such an extensive list requires some systematization I will divide information into four categories: information about the business, about the goods or services, about the transaction and finally other information.

Information about the business

OECD Recommendation

OECD guidelines require that businesses engaged in electronic commerce with consumers should provide accurate, clear and easily accessible information about themselves. As a minimum set it enumerates information that will identify the business (legal name, name under which the business trades, geographic address). It also suggest that businesses ought to provide information which will allow consumers prompt and effective communication with the business in form of email or other electronic means of contact – eventually telephone number and if it is applicable also an address for registration purposes and any relevant government registration or license numbers.

Such data must be sufficient not only to allow consumers to communicate with the business but also for the purpose of serving of legal procedure and location of the business and its principals by law enforcement and regulatory officials.

Also when a business publicises its membership in any relevant self-regulatory scheme, business association, dispute resolution organisation or other certification body, it should provide consumers with appropriate contact details and an easy method of verifying that membership and of accessing the relevant codes and practices of the certification body179.

In that context it may be worth mentioning that in many countries, the Guidelines served as a basis for governmental and private sector development of business-to-consumer codes of conduct, trustmark, and self-regulatory programmes. For example, in the United Kingdom, the government worked with the Electronic Business Alliance and Consumers Association to develop a non-profit organisation, TrustUK, to accredit codes of conduct for electronic commerce, which meet minimum standards and offer consumers good protection. Among the codes accredited to date is Webtrader, a program developed and administered by the consumers organisations of Belgium, France, Italy, the Netherlands, Portugal, Spain and the United Kingdom.180

Another valuable commitment of OECD towards consumer protection are practical examples of good and bad practices concerning relations with consumers. As a standard of clear and easily accessible information about a business this study gives a commercial website providing on its every page a link to information on the company including its legal name, which is also the name under which it trades, its principal geographic address where it accepts legal service of process, a telephone number, and an e-mail address for questions related to sales and service.

On the other hand as a bad practice it gives example of a website carrying a seal from a well-known and respected seal programme on every page; however without neither offering a link to seal programme’s site nor any information on this programme within the website itself.181

Information about the business in EC law

Communities’ law currently surpasses by far the minimal informational requirements presented by OECD guidelines. Three most important directives creating such obligations are: directive 97/7 (on distance contracts), 2000/31 (on e-commerce) and, 2002/65 (on distance marketing of financial services.

In the first place I will discuss directive 2000/31 which, as applying to all transactions concluded through a webpage, is the most universal of these three. It requires entrepreneur (service provider if to use directive’s language) to provide, easily, directly and permanently accessible to the recipients of the service, numerous information enumerated in article 5.1.

This information include as obligatory information: name, geographical address and, email address; also authorisation scheme, trade register and VAT identification number (if applicable). When service provider belongs to a regulated profession he must also provide professional body or similar institution with which he is registered, his professional title and reference to the applicable professional rules in the Member State of establishment with means to access them.

To almost every distance contract will also apply either: distance selling directive or directive on distance marketing of financial services. Directive 97/7 does not provide any requirements, exceeding these imposed by directive 2000/31 I will present here only directive 2002/65. In its article 3.1.(1) it is burdening suppliers, besides already mentioned duties, also with obligation to provide consumer in good time before he is bound by any distance contract with any geographical address relevant for the customer’s relations with the supplier as well as the identity of the representative of the supplier established in the consumer’s Member State of residence and the geographical address relevant for the customer’s relations with him. Finally in a specific situation when the consumer’s dealings are with any professional other than the supplier he must be informed about his identity, capacity and address.

Polish requirements

In Poland subject this issue is regulated by several acts. The most general in nature is act on business activity. To online sellers applies article 12 of this act which requires as a minimum disclosure of following information; entrepreneur’s name, its number in the trade register and geographical address.

Important provisions are contained also in the act on providing services by electronic means of 18 July 2002. It requires service provider to make available to service recipient clear, unambiguous and directly accessible through telecommunication system182 used by service recipient following information. Service provider’s electronic addresses, in case of a natural person she is obliged to provide her first name and surname and address, in case of a company its name and business office. If applicable service provider ought to supply also its number in the trade register as well as information about required license.

If every service provider were bound by article 12 of the act on business activity than provisions of article 5.2 of act on providing services by electronic means would add only one informational requirement – that of electronic address. Though I am strongly convinced that article 12 of the act on business activity does not apply to services unpaid by their recipients (this provision refers only to sale of goods or services) which are covered by the act of 18 July 2002.

It is worth noticing that the notion of electronic means of communication covers not only www and email address but also other forms of electronic communication like for example instant communicators183 or other electronic means of communication.

Moreover in a specific situation when a service provider being natural person belongs to a regulated profession she is supposed to provide also information on: any professional body or similar institution she belongs to, professional title she uses and State in which it has been granted, number in a register she is registered in, a reference to the applicable professional rules and the means to access them. Also if applicable she ought to provide information on her plenipotentiary his name, surname, address or company name and its business office address.

The third act regulating this issue is the act on the protection of some of consumers’ rights, which in article 9.1.1 contains obligation to provide its name, number in the trade register along with the information on the registering authority and geographical address. The proposed chapter 2a of this act will extend such obligation onto providers of financial services introducing in art. 16b.1.1-3 obligations identical to these in art. 3.1.1 of the Directive 2002/65.

The most important difference between requirements in EU directive and the act the protection of some of consumers’ rights is that while directive 2002/65 obliges entrepreneur to provide consumer with information before he is bind by a contract, Polish regulations oblige him to provide such information at the latest at the time entrepreneur invites consumer to conclusion of the contract. What in practice equals to obligation of placing them on his webpage. This approach applies not only to information on business nut also to all other categories of information.

Comparison of these data shows that Polish regulations are highly compatible with EC law and require almost the same data. Neither Polish nor Communities provision do not encompass all suggested in OECD recommendation. For example neither requires provision of telephone or fax number what in many situations could be of significant help to consumers. Also questionable is if current provisions are sufficient for the purpose of serving of legal procedure and location of the business and its principals by law enforcement and regulatory officials.

Information about the goods or services

OECD Guidelines

Accordingly to OECD recommendation businesses engaged in electronic commerce with consumers should provide accurate and easily accessible information describing the goods or services offered; sufficient to enable consumers to make an informed decision about whether to enter into the transaction and in a manner that makes it possible for consumers to maintain an adequate record of such information.184

The minimal technical requirements are not very high. By such easily accessible information enabling consumers to make informed decision is considered for instance online store providing three-dimensional pictures of all of its products allowing to rotate product so that all sides can be viewed with links next to the picture leading to information about warranty and safety as well as all information relating to the size, colour and energy requirements necessary to operate the product. However as sufficient is considered also an online clothing store providing static pictures completed by fabric specifications, colour, and full sizing charts.

On the other hand as insufficient is considered webpage presenting picture, safety information etc… but with omission of information that product requires for instance particular very expensive batteries. Summarizing – what matters is providing all the essential information even without taking full advantage of the latest technologies in terms of visual presentation.185

Information about the goods and services in EC law

Again I will start from presenting provisions of directive on e-commerce, though the only fact worth noticing is that it lacks any provisions on this matter. Such provisions are contained however in directives 97/7 and 2002/65 as well as in directives on timesharing and package travel.

Article 4.1.b of the distance selling directive requires from the seller, in good time prior to the conclusion of any distance contract, to provide purchaser with the main characteristics of the goods or services. Analogical provision may be found in article 3.1.(2).a of the directive on distance marketing of financial services which obliges to inform consumer in good time before he is bound by any distance contract with information concerning main characteristics of the financial service. What is uncertain is what should be understood by the term “main characteristics”, as court decisions hereon have not been yet rendered.

In case of directive 94/47 (on timesharing) list of obligatory information is more extensive – its Annex presenting minimal scope of a contract enumerates over a dozen of issues purchaser must be informed about, from the state of completion of the services rendering the immovable property fully operational to description of the common facilities, such as swimming pool, sauna, etc., to which the purchaser has or may have access, and, where appropriate, on what conditions.

Also directive 90/314 on package travel, package holidays and package tours in article contains some requirements concerning information on the service. Article 4 obliges the organizer and/or retailer to provide the consumer, in writing or any other appropriate form, with the following information in good time before the start of the journey with such information as the times and places of intermediate stops and transport connections as well as details of the place to be occupied by the traveller, e.g. cabin or berth on ship, sleeper compartment on train (article 4.1.(b).(i)).

Article 3 of this directive prescribes that the brochures of the organiser or retailer should indicate both the price and adequate information, in a legible, comprehensive and accurate manner. The wording of this article is not sufficiently clear as to whether a web site could regarded as a brochure? If so, the content of the website should include specific information, such as the destination and the means, characteristics and categories of transport used, the type of accommodation, the meal plan, the itinerary etc. This question certainly requires clarification and it is a pity that so far there is no ECJ’s judgment concerning this matter.

Information about the goods and services in Polish law

The act on providing services by electronic means of 18 July 2002 does not contain provisions on this subject what results from the fact that Legislator did not want to double provisions which are already contained in article 9.1.2) of the Act on protection of some of consumers’ rights and liability for defective products of 2 March 2000. This provision obliges seller to provide purchaser, not late than at the time of inviting him to conclusion of a contract, with information about essential qualities of the service or goods. Proposed article 2a of this act will extend such obligation also onto financial services, in article 16b.1.4&6 it requires not only information on essential qualities of the service but also the involved risk.

It would be a considerable omission not to mention here act on special terms of consumer sale of 27 July 2002. Article 3.1 of this act makes it obligatory for a seller (selling in Poland) to give consumer clear, understandable and not misleading information in Polish sufficient for correct and complete usage of sold consumer good. In particular ought to be given: name of the product, description of the producer or importer and county of origin, permissibility of a product on Polish market, etc….

What is not clear is whether this information must be presented on a webpage of an online store or it is enough to provide them at the time of delivery of product. While the first interpretation would be more compatible not only with OECD recommendation but also spirit of Communities’ law, than article 3.2 – saying that when a product is being sold in a unit package or in a set, information mentioned in article 3.1 must be either placed directly on a product or durably attached to it– may suggest the second interpretation. This interpretation is strengthen by the fact that, contrary to most of directives regulating consumer law, the act of 27 July 2002 does not mention a particular moment when this information must be given to a consumer. On the other hand authors in the introduction to draft act presented as a ratio legis of article 3 gave “creation of conditions allowing consumers to undertake optimal market decisions” this ambitious purpose absolutely cannot be realized without providing consumer with information before he concludes a contract what in case of sale by means of an interactive webpage (online store) means that this information must be accessible on a webpage. Also comparison with regulation contained in the act on protection of some of consumers’ rights suggests this answer.

Important provision concerning revealing information on qualities of goods may be found in article 10 of the act of the 5th July 2001 on prices. This article requires from an entrepreneur to divulge (while negotiating stipulated price or applying statutory one) in writing, also (if it is possible) in electronic form, in a way accessible for purchaser detailed description of goods (services) quality, in case of imported goods also their country of origin.

Act on timesharing requires from the entrepreneur that he provides to a person interested in concluding a contract written document (prospekt) providing numerous information (their catalogue is consistent with that contained in the directive on timesharing). Under article 2 it seems clear that a webpage of such entrepreneur (similarly like all advertisements and price lists) must provide information on how to obtain such a document. I’m convinced however that it would be enough to meet this obligation, if entrepreneur placed all the required information on his webpage instead of offering to deliver a paper version of such a document.

Act on tourist services solves the problem of consumer information slightly different from directive on package travel – and in my opinion its regulation are clearer in the context of online information. While article 3 of directive 90/314 establishes duty to include specific information in brochures of the organiser or retailer (as I have mentioned it is not sure whether this notion extends onto webpages), than article 12 of act on tourist services obliges organiser or retailer every time they make available to client written information to provide in a clear and understandable manner all of the extensive list of information enumerated in article 12.1. This article enumerates some examples of such written information (brochures, folders and catalogues) but it is clear that it is not a closed list and it covers also their webpages. This duty is even more important, due to the fact that when contract does not regulate these issues differently they become its element.

Information about the price


OECD guidelines bring up the issue of the price together with information about the transaction, however due to massive amount of provisions concerned and huge importance of the question I decided to sacrifice it a separate subchapter. Before beginning to present particular solutions I would like to mention one issue – namely currency. It is certainly important question but I strongly believe that nowadays with strong expansion of Euro the problem of currency in context of transactions within internal market will slowly decrease. While OECD guidelines expressly require that all information that refers to costs should indicate the applicable currency (Best Practices Examples suggest also as a help in making an informed choice by consumers linking websites to currency converters186) it should be remembered that in the scale of all the States belonging to the OECD the problem is much greater than within the European Union itself.

OECD guidelines

As I have already mentioned OECD guidelines discuss price (not payment as this is completely different matter) jointly with information about transaction, though by no means disregard the problem. OECD guidelines divide prices into two categories.

  • total costs collected and/or imposed by the business and;
  • other routinely applicable costs to the consumer that are not collected and/or imposed by the business.

While former ought to be clearly itemised to the consumer, than when it comes to the latter ones it is enough for the entrepreneur to mention to the consumer what costs he may expect without attempting to provide estimated amounts.187

The all issue becomes however much more clear in the context of aforementioned Best Practices Examples which explain that the rationale for not requesting that businesses provide information to consumers on costs that are not collected and/or imposed by the business was that it would be too burdensome and next to impossible to provide the specific cost information for each transaction. But as a very positive tendency is considered practice of providing more than a simple notice of the existence of such costs, and providing instead links to national and state authorities that provide specific relevant information on these costs.

Price in EC legislation

Until 18 March 2000 there were two general directives regulating consumer protection in the indication of prices: Council Directive 79/581/EEC of 19 June 1979 on consumer protection in the indication of the prices of foodstuffs and Council Directive 88/314/EEC of 7 June 1988 on consumer protection in the indication of the prices of non-food products. Both these directives have been repelled by article 9.2 of Directive 98/6/EC of the European Parliament and of the Council of 16 February 1998 on consumer protection in the indication of the prices of products offered to consumers.

This directive regulating issue of indicating prices of both foodstuffs and non-food products, bases on the principle that information for consumers on the prices of products offered to them must be precise, transparent and unambiguous. This postulate expressed in the recital 2 of directive’s preamble is confirmed later on in its article 4 saying that price must be unambiguous, easily identifiable and clearly legible.

Directive aims to achieve this principle primarily by imposing (article 3) on sellers obligation of indicating, for all products offered by traders to consumers, of both selling and unit prices188. As may be read in the preamble (6) the obligation to indicate the selling price and the unit price contributes substantially to improving consumer information, as this is the easiest way to enable consumers to evaluate and compare the price of products in an optimum manner and hence to make informed choices on the basis of simple comparisons.

It is not a rule without exceptions; important ones are stated in article 3 – first of all for products sold in bulk, only the unit price must be indicated. Member States may decide not to apply this obligation to products supplied in the course of the provision of a service as well as to sales by auction and sales of works of art and antiques.

Another important exception may be found in article 5 which allows Member States to waive the obligation to indicate the unit price of products for which such indication would not be useful because of the products’ nature or purpose or would be liable to create confusion. And finally, if the obligation to indicate the unit price were to constitute an excessive burden for certain small retail businesses, Member States (accordingly to article 6) may provide a transitional period until year 2009 waiving the aforementioned obligation in respect of such small retail businesses.

Additional regulations may be found in laws regulating webcontracting. The electronic commerce directive states in article 5 that prices are to be indicated clearly and unambiguously, and what is important in case of tangibles, must indicate whether they are inclusive of tax and delivery costs.

According to article 4 of the distance selling directive, the price should be provided including all taxes. It is not compulsory, however, that delivery costs are included in the price. Nevertheless where appropriate, information on the delivery costs should be given. Information on the costs of using the means of distance communication, where it is calculated other than at the basic rate should be provided as well.

Article 4 moreover states that the supplier should provide the consumer with information on the arrangements for delivery and performance and on the period for which the offer or the price remains valid.

More detailed regulations may be found in directive on distance marketing of financial services; article 3 of the draft financial services directive required only that the price, including all taxes, along with the period for which the price remains valid should be provided.

However article 3.2.b of the final version of this directive requires not only that prior to the conclusion of the contract consumer must be provided with the total price to be paid by the consumer to the supplier for the financial service, including all related fees, charges and expenses, and all taxes paid via the supplier or, when an exact price cannot be indicated, the basis for the calculation of the price enabling the consumer to verify it.

Subsequent points “c”,”d”, “e” and “g” require also that consumer is informed about special risks like dependence of the price from fluctuations in the financial markets, possibility that other taxes and/or costs may exist that are not paid via the supplier or imposed by him, any limitations of the period for which the information provided is valid, and finally if applicable – any specific additional cost for the consumer of using the means of distance communication.

Also directives on timesharing and package travels impose some additional obligations: the former require that the consumer is provided with information on the price to be paid to exercise the contractual right and an estimate of the amount for the use of common facilities and services. Provided must be also the basis for the calculation of the amount of charges.

The Latter in article 3 states that the price of the package should not contain any misleading information. Unfortunately it is not yet clear what is understood under the term “misleading information”.

Polish regulations on the indication of the price to the consumers

Currently there is one general act (already mentioned above act on prices) regulating this issue supplemented by one decree. This act regulates matter of both professional and consumer sales, as such it provides for rules less strict on the seller than acts belonging to the corps of consumer law. Its article 3.1 introduces a general rule that price must include VAT and other taxes – thereby it goes farther than for instance directive 2000/31 which requires only indication whether price is inclusive of tax and delivery costs (article 5). Article 12 of the act on prices requires that goods destined for retail ought to be marked with price.

This act is supplemented by one decree, which specifies some of its provisions, § 7.1 requires that seller advertising goods or services along with price, in e-commerce, demonstrates also a unit price (with the exeption – introduced by § 8.3 – of situation when unit price of goods equals their selling price) as well as any limitations of the period for which the information provided is valid.

§7.4 regulates matter of distance sales (not falling in the scope of article 12 of the act of 2 March 2000) – requiring from the seller, on purchaser’s request, to communicate him price with additional fees for delivery and connection; nonetheless even while the seller is not obliged to spontaneously revel all elements of the price at the time of invitation to negotiations, than all these information must be provided in an unambiguous way before conclusion of a contract.

Contrary to directive 2000/31 – act on providing services by electronic means does not contain any provisions on prices which found their place in enacted earlier Act on protection of some of consumers’ rights and liability for defective products. Its article 9 implements into the Polish law regulations contained in directives mentioned above; this article regulates issue of information on prices in distance contracts very similarly as directive 97/7. According to article 9 of the act of 2 March 2000, the price should be provided including all taxes. While it is not compulsory that delivery costs are included in the price still where appropriate, information on them should be given. Also, where it is calculated at other than the basic rate, information on the costs of using the means of distance communication should be provided as well. This problem is increasingly important due to the growing popularity of charging the payment to customer’s phone bill by means of short text messages (SMS), the price of such messages is much higher than of normal ones and is partly transferred by network operator to the service provider. Proposed article 16b.1.5 extends this obligation also onto financial services.

These rules are confirmed by article 2.1 of the act on special conditions of consumer sale, which obliges seller to make the selling price of consumer goods (along with their unit price) known to purchaser. The question of products sold in bulk, is solved here in the same way as in directive 98/6 – only the unit price must be indicated. Identical requirements apply to indication of prices in advertising.

Information on the transaction

General and requirements on the transaction suggested by OECD guidelines


Within the information on the transaction may be specified several categories of information – below I suggest a potential division:

  • Information on the procedure of concluding of the contract
  • Information on the right of cancellation.
  • Information on the applicability of general terms and conditions.
  • Information on complaint procedures.

Procedure of concluding of the contract

OECD guidelines do not sacrifice too much attention to the very procedure of contract conclusion. Rather surprisingly there are practically no information about consequent steps required for conclusion of a contract. The most important suggestions may be found in part IV relating to the confirmation process, where among other suggestions are those that consumer before concluding the purchase should be able to identify precisely the goods or services he wishes to purchase; identify and correct any errors or modify the order; express an informed and deliberate consent to the purchase; and retain a complete and accurate record of the transaction. He should also be able to cancel transaction before concluding the purchase.189

Other information

Guidelines prepared by the OECD contain few suggestions on this matter. Most of their requirements have already been discussed in the chapter on transparency so here I will present only specific categories of information which in the OECD Guidelines are considered vital for consumers. As a minimum information that should be provided to consumers are enumerated information on:

  • terms of delivery or performance;
  • terms, conditions, and methods of payment;
  • restrictions, limitations or conditions of purchase, such as parental/guardian approval requirements, geographic or time restrictions;
  • instructions for proper use including safety and health care warnings;
  • information relating to available after-sales service;
  • details of and conditions related to withdrawal, termination, return, exchange;
  • cancellation and/or refund policy information; and
  • available warranties and guarantees.

EC law

Information on the procedure of concluding of the contract

The only act containing provisions on the procedure of concluding a contract is directive on electronic commerce (articles 10 and 11). Article 10 presents some of the informational requirements. Except when otherwise agreed by parties who are not consumers, service provider is obliged to inform about the different technical steps to follow to conclude the contract and the technical means for identifying and correcting input errors prior to the placing of the order.

Article 11 provides some obligatory elements of such procedure. First service recipient have to visit provider’s webpage and fill the order. Before he places his order service provider must make available appropriate, effective and accessible technical means allowing him to identify and correct input errors, prior to the placing of the order.

Consequently once the recipient of the service places his order through technological means, the service provider has to acknowledge the receipt of the recipient’s order without undue delay and by electronic means. Both the order and the acknowledgement of receipt are deemed to be received when the parties to whom they are addressed are able to access them.

Right of withdrawal

More complex are regulations on the right of withdrawal. Directive on e-commerce does not mention if this (very important) right ought to be mentioned on a webpage. Luckily for consumers such requirement exists in other acts of consumer law.

First of all directive 97/7 in article 4 says that in good time prior to the conclusion of any distance contract, the consumer should be provided with information on the existence of a right of withdrawal, except in the cases referred to in Article 6.3.190

Directive 2002/65 introduces obligation to inform consumer prior to the conclusion of a distance contract about the existence or absence of a right of withdrawal in accordance with Article 6 and, where the right of withdrawal exists, its duration and the conditions for exercising it including the amount consumer may be required to pay if he exercises this right. This directive requires also that consumer is given practical instructions for exercising the right of withdrawal indicating, inter alia, the address to which the notification of a withdrawal should be sent.

Also directive on timesharing contains some provisions on this issue; its article 3.1 requires from the vendor to provide any person requesting information on the immovable property or properties with a document which provides information specified in the directive’s annex. Among these information (in point l) is information on the right to cancel or withdraw from the contract along with some more specific information on the potential cost of such withdrawal and its other terms (including indication of the person to whom any letter of cancellation or withdrawal should be sent).

As a final point it may be worth to remind that also, not applicable to webcontracting directive 85/577, as first act gave consumers the right of withdrawal – its article 4 obliges entrepreneurs that in case of transactions negotiated away from business premises to give consumers written notice of their right of cancellation.

Applicability of general terms and conditions

I would like to start again from provisions of directive 2000/31, its provisions make it mandatory for an entrepreneur to make available to the recipients contracts terms and general conditions. Moreover, he ought to perform this duty in a way allowing recipient to store and reproduce these information.

Such a clause is absent from directive 97/7 – but directive 2002/65 requires (in article 5) that in good time before consumer is bound by any distance contract or offer is informed about the contractual terms and conditions (such information must be provided on paper or another durable medium). Article 3 makes it compulsory to inform him of languages in which the contractual terms and conditions are supplied.

Also directive 99/93 on a Community framework for electronic signatures in Annex II, point (k) requires from certificate provider that, before entering into a contractual relationship with a person seeking a certificate, he informs a person seeking a certificate of the precise terms and conditions regarding the use of the certificate, including any limitations on its use.

Information on complaint procedures

Requirements concerning complaint procedures are present in three directives: 2000/31, 97/7 and 2002/65. Solution used in directive 2000/31 helps consumers only partially – service provider when dealing with consumer ought to indicate any relevant codes of conduct to which he subscribes and information on how those codes can be consulted electronically. If he indeed subscribes to such a code than most likely is that it contains anong others also provisions on complaint procedure, however still significant percent of service providers do not belong to any authorisation scheme consequently not falling within the scope of mentioned article 10.2. Nonetheless this provision should be treated as a step in good direction especially if to consider strong tendency belong service providers to join authorization schemes for the purpose of obtaining trustmarks as the latter considerably increase consumers’ confidence and increase amount of transactions.

Article 5 of the directive on the protection of consumers in respect of distance contracts shows more “practical” approach. It requires that at the latest at the time of delivery consumer is provided with geographical address of the place of business of the supplier to which the consumer may address any complaints.

Directive on distance marketing of financial services along with encouraging Member States to promote the setting up or development of adequate and effective out-of-court complaints and redress procedures for the settlement of consumer disputes (art.14); imposes upon supplier duty of providing information whether or not there is an out-of-court complaint and redress mechanism for the consumer that is party to the distance contract and, if so, the methods for having access to it (art. 3).

Finally it is worth mentioning that directive 99/93 in Annex II, point (k) requires from certification-service-providers, issuing qualified certificates, providing a person seeking a certificate before entering into a contractual relationship about the existence of a voluntary accreditation scheme and procedures for complaints and dispute settlement.

Information on the transaction in Polish law

Information on the procedure of concluding of the contract

In Polish law provisions designed especially to regulate conclusion of contract in distance consumer sales were practically nonexistent till recent entry in force of the Civil Code’s revisal introducing among other amendments provisions regulating electronic form of offer, invitation to negotiations, placing offers and other electronic means of contract’s conclusion (article 661). §2 of this article imposes upon an entrepreneur placing an offer by electronic means duty to inform, in unambiguous and understandable way, the other party about:

  1. all the particular technical actions necessary for the purpose of conclusion of a contract,
  2. legal consequences of confirming reception of an offer,
  3. the way entrepreneur records, preserves, secures and makes available to the other party contents of concluded contract,
  4. methods and technical means made accessible for the purpose of detection and correction of errors in entered data – which entrepreneur is bound to provide.

The question whether presentation of a product in an online store constitutes an offer or rather an invitation to negotiations is not as important here as in many other situation, because § 3 extends obligation of providing this information also on entrepreneurs inviting electronically the other party to negotiations or inviting to make an offer.

On the other hand article 8 of the act on providing services by electronic means requires only that service provider should prepare a set of general terms of providing services by electronic means (“Regulamin”) and that such term ought to describe among others: terms of concluding and withdrawing from contracts concerning provision of services by electronic means (8.3.3)).

Information on the right of cancellation

Act on protection of some of consumers’ rights and liability for defective products requires in article 9.1.6) that seller provides consumer, not later than at the time of offering him proposition of conclusion of contract, with information about right to withdraw he is entitled to – with indication of exceptions (which are exactly the same as in directive 97/7) mentioned in art. 10.3 of this act.

The proposed chapter 2a will extend this obligation by the article 16b.1.9 onto financial services – both the scope of duties and the list of exceptions are identical as in directive 2002/65.

Information on the applicability of general terms and conditions.

Obligation to provide such general terms and conditions may be interpreted from art. 661§2 of the Civil Code, art. 9.1 of the act on the protection of some of consumer rights, and most of all provisions of the Civil Code on standard contractual terms – art. 384 – art. 3853 of the Civil Code. However this issue has been discussed rather extensively above in the subchapter concerning standard contractual terms and it would be unprofitable to present this issue again.

Information on complaint procedures

First of all requirement of providing this information is contained in article 9.1.10 of the Act on protection of some of consumers’ rights and liability for defective products which makes it compulsory to inform consumers about how and where can he file a complaint. Proposed chapter 2a by art. 16b.1.13&14 extends these obligations onto financial services, additionally introducing obligation to provide information about possibilities of extrajudicial dispute resolution.

Another very important for online transactions act – act on providing services by electronic means, obliges service provider to prepare a set of general terms of providing services by electronic means (already mentioned “Regulamin”) – obligatory part of this “Regulamin” constitutes presentation of, available to customers, complaint procedure.

Article 661 §2.6 of the Civil Code requires from entrepreneurs placing an offer by electronic means duty to inform, in unambiguous and understandable way, the other party about any applicable ethical codes and their availability online. It is very unfortunate that introduced by article 10.2 of the directive on e-commerce obligation to present on the webpage codes of conduct has been implemented into the Polish law as presentation of ethical codes. As noticed P. Machnikowski, rules contained in such codes, if really presenting ethical norms will be identical with already present in art. 5 of the Civil Code principles of community life and as such will not bring any new value to the relationships between entrepreneur and consumer.191 I am convinced that “codes of conduct” mentioned in the directive on e-commerce should not be treated as a synonym of ethical codes.

These codes of conduct typically belong to voluntary associations, gathering entrepreneurs, which issue so called trustmarks. Placement of such a trustmark on entrepreneurs webpage assures consumer that he may expect service matching the standard quality promised by such an association. Moreover typically consumer may easily complain to the authorities of such association which usually offer some forms of extra-judicial dispute resolution allowing consumer to enforce entrepreneur’s compliance with rules set in the code of conduct of association he belongs to. Otherwise such an entrepreneur would face the risk of being excluded from the association and loose the right to use its trustmark what normally results in radical decrease of consumers’ confidence and consequently entrepreneur’s profit.

Article 13.4 of the act on special terms of consumer sales regulates information which must find their place in the guarantee. This article enumerates two obligatory categories of information: first concerns the guarantee itself – such a document must contain all the essential information necessary for the purpose of claiming ones rights like: name and address of the guarantor or his representative in Poland, time for which a guarantee is valid an its territorial scope.

Also compulsory is information that guarantee for a consumption goods does neither preclude nor limits the scope of consumer rights resulting of the discrepancy of goods with contract.

Furthermore act on electronic signature requires in article 14.2 from the certification-service-provider that before conclusion of contract he informs in writing or electronic form in clear and easily understood way about specific conditions of using such a certificate including the procedure of considering complaints and disputes.

The act on electronic means of payment of 12 September 2002 enumerates among other obligatory elements of contract concerning electronic means of payment: principles, course and deadlines for filing and considering complaints (article 3.2.10).

Finally it may be worth mentioning that already the act on counteracting monopolistic practices and protection of consumers’ interests of 24 February 1990 (Dz.U.1999.52.547) introduced in article 5.1.8 as an instance of monopolistic practice creating onerous to consumers conditions of asserting their rights. This act was derogated by the act on protecting competition and consumers (Dz.U.2000.122.1319) however this act upheld aforementioned provision in its article 8.1.7 numbering “creating onerous to consumers conditions of asserting their rights” among acts abusing dominant position of an entrepreneur.

Other information

In OECD guidelines

This last, very convenient for the author category of “other information” will present a brief presentation of the last groups of information – namely:

  • Information on the processing of personal data.
  • Information on the security policy of the opposite party.

Sometimes it is stressed that the consumer is not interested in technical details. It is in most cases true, nevertheless, security is an important aspect of electronic contracting. Not only electronic payment, but also privacy-sensitive data which need to be transmitted in order to conclude a contract, require the use of secure systems and consumers should be in a position to know the type of securities built in, or at least obtain information on the level of security.


When it comes to privacy the OECD Guidelines on Consumer protection in the Context of Electronic Commerce does not contain any suggested provisions on its own. In point VII of General Principles, it says that to provide appropriate and effective protection for consumers business-to-consumer electronic commerce should be conducted in accordance with the recognized privacy principles set out in Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (1980), and OECD Ministerial Declaration on the Protection of Privacy on Global Networks (1998).

In meantime the OECD prepared new – more up to date – guidelines sacrificed entirely to the problem of privacy online. In this study OECD strongly encourages the adoption of privacy policies and the online notification of these policies to users. To support adoption of privacy policies OECD Privacy Generator has been developed. Generetor is a tool designed to assist organizations in developing privacy policies and statements for display on their Web sites.192

The most important suggestions are that the most effective privacy protection online is likely to be delivered through a mix of regulatory and self-regulatory approaches blending legal, technical and educational solutions that suit the legal, cultural and societal context in which they operate.

When it comes to implementation of these guidelines at the national level, suggested is encouraging organisations with a presence online to: post their privacy policy online in a prominent place and to conduct regular audits of the accuracy and legal compliance of those policies.193


Question of security is mentioned only briefly, and only in the context of security of payment. In point V of General Principles one may read that: Consumers should be provided with easy-to-use, secure payment mechanisms and information on the level of security such mechanisms afford. This includes limitation of liability for unauthorized or fraudulent use of payment systems and chargeback mechanisms.



Directive 2000/31 does not regulate itself this issue; recital 14 of directive’s preamble refers to directives 95/46/EC on the protection of individuals with regard to the processing of personal data and Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, and assessing that this directives are fully applicable to information society services and therefore it is not necessary to cover this issue in Directive on electronic commerce. Article 7 contains some provisions concerning informational duties aiming at protection of privacy in respect of unsolicited commercial communications (colloquially called spam) albeit this exceeds the scope of this thesis and is certainly worth (and demanding) of a separate study.

Neither Directive 97/7 nor 2002/65 do not contain informational duties within the area of privacy what leaves only the question of the two aforementioned directives regulating issue of privacy protection: directive 95/46/EC and directive 2002/58/EC.194

Articles 10 and 11 of directive 95/46/EC enumerates information which must be offered in cases of collection and processing of personal data– the minimal list of such information consists of: the identity of the controller and (if applicable) also that of his representative, the purposes of the processing for which the data are intended and also information like the recipients or categories of recipients of the data, whether replies to the questions are obligatory or voluntary, as well as the possible consequences of failure to reply, and the existence of the right of access to and the right to rectify the data concerning him.

Directive 2002/58/EC while significantly extending informational duties concerning security (mentioned in the next paragraph) does not bring any dramatic changes within informational requirements towards users in respect of privacy. Below I will present some of provisions belonging to this category. In article 5.3 may be found requirement of providing subscriber or user195 with clear and comprehensive information about the purposes of the data processing, and is offered the right to refuse such processing by the data controller.

Article 6.4 requires that the service provider must inform the subscriber or user of the types of traffic data which are processed and of the duration of such processing. The last informational duty towards users is contained in article 12.1 which says that subscribers must be informed, free of charge and before this data are included in the directory, about: purpose of such a directory, and of any further usage possibilities based on search functions embedded in electronic versions of the directory.

What seems important to me is the fact that despite constant increase in importance ascribed to privacy, the obligation for the service provider to establish a privacy policy visible to the consumer, has not so far been addressed.


It would be an overstatement to say that provisions on informing consumers about security are absent from EU law. Such provisions exist in at least two acts – directive 1999/93/EC on a Community framework for electronic signatures of 13 December 1999 and mentioned above directive 2002/58.

Provisions in directive 1999/93 apply to the certification service providers issuing qualified certificates as described in the electronic signature directive. In annex II pertaining to the directive a list of requirements for issuing qualified certificates is attached among them concerning security issues however these obligations are not combined with any informational duties whatsoever.

When it comes to information on security – currently directive 2002/58 is the only one burdening service providers with any informational duties with respect to service recipients. Its article 4 requires from service providers that not only he must take appropriate technical and organisational measures to safeguard security of its services, but these measures should ensure an appropriate to the risk presented level of security.

In case of a particular risk of a breach of the security of the network, the provider must inform the subscribers whom such risk concerns about its scale, any possible remedies, and an indication of the likely costs involved.

These obligations are discussed wider in recital 20 of directive’s preamble. Among others it is stressed how important is for subscribers and users of such services to be fully informed by their service provider of the existing security risks which lie outside the scope of possible remedies by the service provider. Moreover service providers who offer publicly available electronic communication services over the Internet should inform users and subscribers of measures they can take to protect the security of their communications for instance by using specific types of software or encryption technologies.

What is important the provision of information about security risks to the subscriber should be free of charge except for any nominal costs which the subscriber may incur while receiving or collecting the information. As may be read in the same fragment of the preamble security is appraised in the light of Article 17 of Directive 95/46/EC.

This article provides for controller’s duty to implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or any other unlawful forms of processing. Security measures ought to be proportionate to both the risks represented by the processing and the nature of the data to be protected.

So such provisions are not completely nonexistent in EU law, on the other hand by no means could they be described as satisfactory. Most of all what is noticeable is tendency that consumer is to be taken care off – he is not seen as a partner what is typical for informational duties in another areas. Still none of the relevant EU directives oblige a service provider to give information concerning its security policy and only such holistic approach could provide consumers with sufficient level of protection – for instance because it would compel service providers to create such a policy.

Information on privacy and security in Poland


Rather surprisingly act on protection of some of consumer rights does not mention the question of privacy neither does the act on special terms of consumer sales. Consequently as the most important source of rules on consumer information in online shopping must be considered the act on providing services by electronic means.

I think that it would be an important omission not to mention here act of 29 August 1997 on protection of personal data. However it is much too important and complex to be described here, so in this subchapter I will present only provisions of acts applying especially to electronic commerce.

The act on providing services by electronic means is the most important among regulating this issue it is lex specialis to the act of 29 August 1997 on protection of personal data and is consistent with its provisions. In chapter 4 it contains numerous provisions on protection of service recipients’ privacy. According to article 20 Service provider processing personal data is obliged to provide service recipient with constant, easy access by means of telecommunication network used by service recipient, to current information on:

  • Possibility to use the service anonymously or using a nickname,
  • Provided by ISP technical measures preventing unauthorized third parties from obtaining access to personal data or their modification,
  • If service provider concludes a contract concerning entrustment of personal data he must revel subject whom service provider entrusts with such data.

Despite the fact that contrary to its draft version – the final act on providing services by electronic means does not provide such definitions it is still possible to distinguish three categories of personal data. These categories are constant data (dane stałe), operational data (dane eksploatacyjne) and billing data (dane rozliczeniowe).196

In article 18.1 are enumeratively listed constant data which may be processed by service provider for the purpose of conclusion, determination of contents and dissolution of a legal relationship. Enumerated are:

  • Names and surname of service recipient,
  • Permanent address
  • Address for correspondendence
  • Data necessary for verification of electronic signature
  • Electronic addresses of recipient.

Besides this information article 18.2 allows ISPs to collect information necessary for the purpose of legal action. Service providers, providing that they obtain recipients consent, may collect also other information (18.4).

This significantly influences ISP’s informational duties, because art. 22.1 allows service provider to refuse provision of service on the basis of customer’s refusal to provide information only when processing of required data is necessary to provide such a service. That is why so important is provision of article 18.3 that ISP distinguishes between information required on the bases of article 18.2 and 18.4. so that service recipient may easily find out whether revelation of a particular information is obligatory or not.

The question to which category particular data belongs is important also in the context of processing data after recipient uses a particular service. General rule here is that ISP may not process recipient’s personal data after he finished using a particular service. I would like to point out only two of exceptions to this rule – processed in such situation may be billing data or data necessary for other purposes (market researches and researches aimed at improvement of services) than billing if service recipient agrees to that.

That brings the question of agreement – article 4 of the act regulates this issue very strictly, such agreement: can be neither presumed nor construed from the other declaration of will. Moreover such agreement may be revoked at any time; service recipient must be able to prove such agreement for evidential purpose.

This results in increase of informational duties of service provider. Important differences between constant data and operational data197 is that while the former are provided by service recipient voluntarily, consciously and before the service is provided than operational data are being collected by service provider: at the time of service duration, without recipients conscience or at least without his active participation.198

Consequently while act on provision of services by electronic means does not introduce any obligation to inform service recipient on the operational data being subject of processing while the service is being provided the requirement of recipients consent (as understood in article 4) for processing such data after service provision requires from service that at least at that point he informs recipient about information which are to be processed and asks him if he agrees to farther processing of these data.

Of course such a consent may be given earlier – for instance at the time of contract conclusion although article the act of 18 July 2002 does not provide basis to construe obligation of obtaining agreement at this point (it should be remembered that processing operational data while the service is being provided does not require recipients consent).

Finally I would like to notice that act on providing services by electronic means covers also other issues connected with privacy like for instance question of commercial communication (especially in context of sending unsolicited commercial communications) however this problem exceeds frames of these thesis and requires a separate study.


It is really surprising but till very recently there were no Polish regulations that could be used in construing informational duties of an online seller in respect of security. This situation has currently changed due to entry in force of the act on providing services by electronic means, which in article 6 requires service provider to provide recipient with current information on risks connected with using of particular service.