Henry H. Perritt, Jr.
Dean and Professor of Law
Chicago-Kent College of Law
Illinois Institute of Technology
Interest in regulating electronic commerce on the Internet is giving rise to new hybrid structures of public and private international law.
The Internet differs from earlier information technologies in that it is inherently global and has remarkably low economic barriers to entry. Unlike earlier technologies in which sellers had to take special steps to extend their reach beyond local political boundaries, sellers with virtual stores on the Internet must take special steps to prevent buyers from anywhere in the world accessing their site. Unless they take such special steps, a Web server in Birmingham, Alabama is as visible in Bonn, Germany as it is in Birmingham. The low economic barriers to entry reflect the reality that one can set up a presence on the Internet with a $2,000 computer and a $19.00 per month connection to the Internet. This is far less than the hundreds of dollars per month required to rent a bricks and mortar storefront, the hundreds of thousands of dollars required to operate a printing press, and the millions required to operate a television transmitter. Realizing these economic facts, many more small enterprises set up shop on the Internet than in physical neighborhoods and shopping centers, and it is economic for them to engage in small-value transactions.
These special characteristics of the Internet puts stress on traditional nation-state-based regulatory approaches to protect privacy, to guard against exploitation of consumers, and to collect taxes. From the regulator’s perspective, small Internet vendors are hard to monitor, and when they operate outside the boundaries of a political jurisdiction, the regulators within that jurisdiction may not be able to enforce their decisions. At the same time, those participating in electronic commerce oppose having to figure out and to comply with detailed state-based regulations in nearly 200 national jurisdictions around the world, and fear being forced to litigate in tribunals of all those different jurisdictions.
Both regulator and commercial concerns can be addressed by a hybrid form of international regulation in which public law provides an umbrella or framework within which private self regulation and dispute resolution works out the details. For example, the public law framework may set certain minimum rights and duties that must be established by a private self regulatory regime. If a regime meets these conditions, and if an entity participates in such a regime and commits itself to complying with the private regulations, that entity enjoys a “safe harbor” from application of public law rules. The safe harbor is a kind of immunity conferred by public law.
In addition, public law provides back up enforcement machinery. If an entity, having committed itself to comply with the regulations of a private regulatory regime, does not comply, and if the regime’s own enforcement machinery is ineffective in punishing past noncompliance and deterring future noncompliance, a public official or the victim of noncompliance may proceed against the transgressor in a public tribunal.
Private regulatory regimes can take various forms within this hybrid structure. An intermediary such as a portal or a virtual shopping center may unilaterally develop rules that must be observed by independent entities participating in its service, also providing complaint and dispute resolution mechanisms for those injured by noncompliance. The ultimate penalty for noncompliance is to exclude an entity from further participation in the service.
Seal programs represent another approach. A private association offers a seal of approval to entities promising to comply with rules developed by the private association, and promising to afford complaint and dispute resolution mechanisms defined by the private association. An entity promising to comply may use the seal of good approval. If it subsequently fails to comply, permission to use the seal can be revoked. Moreover, noncompliance while using the seal can subject an entity to enforcement proceedings before public tribunals for engaging in deceptive trade practices.
Because the rules of private international law in most developed countries permit parties to a contract to choose the substantive law to be applied to their affairs and also permit designation of private tribunals to resolve contract-based disputes, the hybrid structure avoids many of the problems of transnational adjudicative jurisdiction, choice of law, and enforcement. The private regulatory regimes are essentially indifferent to whether a participant operates in one country or another.
Several examples of hybrid regulation are beginning to operate. In the United States, the Children’s Online Privacy Protection Act authorizes the Federal Trade Commission to regulate Web server practices that collect information from or about children. The statute provides a safe harbor to enterprises that comply with a private self regulatory regime approved by the FTC.
The Digital Millennium Copyright Act provides a safe harbor against liability for copyright infringement to entities that set up in advance a mechanism for receiving and resolving complaints that material on the Web site infringes copyright.
Millions of consumer complaints in the United States and around the world are resolved through credit card charge back mechanisms. Required by Federal Reserve Board Regulation Z in the United States, and extended by discretion into Europe, these charge back mechanisms entitle consumers to file complaints about merchant misconduct with the card issuer. Once such a complaint is filed, the consumer is relived of the obligation to pay the credit card charge appearing on his monthly statements. When a charge back occurs, the credit to the accused merchant’s bank account is reversed until the matter is resolved. Merchants have the burden to establish that promised goods or services were delivered or performed, in which case the charge and bank account credit is reinstated. This is not a safe harbor approach, but it is an example of public law providing a framework for a private dispute resolution regime.
Two other examples of hybrid regulation are explicitly international in character. Under proposals being considered by the European Commission and the United States Department of Commerce, a safe harbor under the European Data Privacy Protection System is available for entities participating in a qualifying privacy protection regime. The proposed agreement between the EC and the United States Government would immunize private regime participants from liability to interruption of their data flows under Article 25 of the EC Privacy Directive. Only those regimes meeting certain minimum requirements qualify for the safe harbor. If complaint and dispute resolution and enforcement mechanisms provided in a particular safe harbor regime prove ineffective, complainants may avail themselves of public law procedures before the Federal Trade Commission in the United States and before Data Protection Commissioners in Europe.
The final example relates to Internet domain name administration. Under a contractual framework established by the United States government, responsibility for assigning IP addresses and Internet domain names and for adjusting certain disputes relating to those domain names rests with a non-profit corporation with international balance on its board of directors. The Internet Corporation for Assigned Names and Numbers (“ICANN”) is promulgating rules for domain name registrars who wish to enjoy the privilege of establishing new top level domains and to assigning secondary domain names within those top level domains.
Hybrid regulatory regimes also can be envisioned to deal with the difficult problem of reconciling freedom of expression values enshrined in the First Amendment to the United States Constitution and Article 19 (1) of the International Covenant on Civil and Political Rights with the need to protect public order and morals against certain kinds of harmful content under various exceptions to the First Amendment and under Articles 19 (2) and 20 of the International Covenant. States could enact laws that immunize those originating or distributing content designated as harmful under local law (though perhaps not under the law in which the entity physically is located) if the entities comply with private zoning regimes. Such a zoning regime might require certain kinds of notices that the content may be offensive or harmful and technical mechanisms to exclude minors and perhaps even to exclude people from certain countries. Use of hybrid techniques in this area could cover hate speech, sexual material, and gambling.
Although the hybrid approaches described in this article offer many advantages, they also present some risks. First, the system may not work in practice. Private entities who today say they would prefer private to public regulation may be unable to agree to meaningful rules restricting their autonomy and they may be unwilling to adopt effective enforcement procedures for violation. At the very least, it probably will take credible threats of action by public agencies to induce private parties to agree with each other.
Second, private agreement on self regulatory regimes may run afoul of competition law. Especially when an entity is excluded from a desirable Internet location or self regulatory network it is likely to claim that such a “group boycott” violates national antitrust law. Such a claim will put ordinary courts in the position of deciding whether participation in a private self regulatory regime subjects the participants to antitrust liability.
Third, private governance regimes are not subject to the same accountability mechanisms as public regimes. Consumers and other interested persons or groups are unlikely to be afforded a role in developing and adopting the substantive regulations. Private complaint mechanisms are unlikely to have all of the attributes of public law enforcement and litigation systems, allowing public scrutiny of proceedings and affording all the elements of due process.
Fourth, nation states may be unable to agree on the terms of the public law umbrella, in which case a hybrid regime will not offer the promised benefits with respect to reducing uncertainty in transnational conflicts of law.
Finally, as Professor Lawrence Lessig has pointed out in his book, Code and Other Laws of Cyberspace, regulation by code, for example by technical means for protecting copyright against infringement or for excluding persons from “harmful” conduct, may actually present greater risks to personal freedom than direct substantive regulation by public institutions. This is so for several reasons. First, public law regulation leaves the choice whether to comply up to individuals in private entities. A person wishing to risk the penalties for noncompliance or wishing to test an arguable interpretation of a public law rule may do so, possibly being subject to a suit for injunction or for damages after the fact. Someone confronted with a rule embodied in code has no such choice. The rules embodied in a computer program reliably enforce their terms against everyone who uses the program. The user being subjected to and having his behavior limited by the rules may not even know that is happening. In other words, regulation through code is less transparent than regulation through public law. The lack of transparency, and the purely private nature of computer code development, denies the political process an opportunity to shape the rules. This lack of accountability diminishes the scope of operation of all polities.
During the months and years to come, much attention is likely to be devoted to the design, deployment, and evaluation of international hybrid regulation of the Internet. Legal practitioners have a special role to play as this transpires. Lawyers need knowledge of the law of international arbitration and of practices regarding private complaint resolution, competition law, and negotiation in order to be of real assistance in designing self regulatory regimes. Lawyers representing private participants in e-commerce before public regulatory agencies must be knowledgeable enough to be effective advocates for hybrid regulation. Lawyers and law professors much appreciate the various mechanisms of accountability in public law systems in order to evaluate the accountability of private regulatory systems, drawing upon several hundred years of scholarship on private international law.
 Title XIII, Omnibus Consolidated and Emergency Supplemental Appropriations
Act, 1999, Pub. L.105-277, 112 Stat. 2681 (October 21, 1998) reprinted at
144 Cong. Rec. H11240-42 (Oct. 19, 1998).
 See 64 Fed. Reg. 22750 (Apr. 27, 1999) (FTC notice of proposed rulemaking).
 Pub. L. 105-304, 112 Stat. 2861 (Oct. 28, 1998).
 17 U.S.C. § 512 (1999).
 12 C.F.R. § 226.3 (1999).
 Council Directive 95/46/EC of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, art. 32, 1995 O.J. (L 281) 31, 49 (requiring member states to adopt legislation conforming to terms of directive) [hereinafter European Privacy Directive].
 http://www.ita.doc.gov/td/ecom/FAQ11DisputeRes1199.ht (Department of Commerce FAQ, explaining complaint and dispute resolution requirements, including role of FTC).
 http://www.ntia.doc.gov/ntiahome/domainname/icann-memorandum.htm (memorandum of understanding between ICANN and U. S. Department of Commerce).