Area of Law: Internet and Cyber Law
Answer # 347
Contracts made onlineRegion: Ontario Answer # 347
Online contracts are normally created by having each party exchange emails or by having one party fill out an order form on a website. Online contracts may also be created by presenting the terms of the contract to a party and then asking that party to click on the words “I AGREE” or something similar. This is known as a “web-wrap” or “click-through” contract.
Most of the time contracts created online are not signed by both parties, but each party can print out a copy of the agreement. That said, some Internet businesses do allow secure and encrypted “digital” signatures to be exchanged between parties.
There are two specific concerns that arise when you enter into an online contract. First, is the contract legally binding, and second, who are you entering into an agreement with?
Legally binding online contracts
Even though most electronic agreements are not normally signed by both parties, they may still be legally binding contracts for most types of transactions. However, there are some special cases where an online contract will not be legally binding. For example, if a contract is for the sale of land, for a long-term lease, or for the co-signing of a loan, the contract must be made in writing and it must have original signatures. For other types of contracts where an original signature is not necessary to make an agreement legally binding, having a signed copy of the agreement will always be helpful in protecting your rights if a problem arises.
If you are unsure whether your type of agreement can be legally created online, you should contact a lawyer before you make the agreement, or you should create a traditional formal contract in writing with original signatures. A lawyer may also be helpful in structuring the online contracting process in a way that will ensure the best prospect of creating an enforceable contract.
Who are you entering into an agreement with?
When you create an online agreement it is important to know who you are contracting with and where they are located. Many people and companies online are agents for others. For example, you may think that you are making an agreement with someone located in Ontario, when you may in fact be buying something from a company located in Singapore. If you are entering into an agreement with someone outside Ontario, it is important to determine which laws will apply to the transaction. It is also helpful to specify in the contract which laws will apply in the event of a problem and which courts will be used to resolve any disputes.
In Canada, the question as to where electronic contracts are formed has not been determined. It is a similar situation to contracts formed via fax. The courts in Canada have generally held that fax-based contracts are formed when and where the offeror receives notice of acceptance.
Provincial e-commerce legislation
In terms of the formation and operation of an electronic contact, the Ontario Electronic Commerce Act states that:
“An offer, the acceptance of an offer or any other matter that is material to the formation or operation of a contract may be expressed,
(a) by means of electronic information or an electronic document; or
(b) by an act that is intended to result in electronic communication, such as,
(i) touching or clicking on an appropriate icon or other place on a computer screen, or
Under the Act:
- documents that are required to be in writing can be in electronic format as long as the document can be retained by another person (e.g. capable of being printed or downloaded)
- in most cases, electronic signatures are valid
- electronic documents must be provided to the consumer, not just made available for access on the vendor’s website
It is also important to take care in how payments are made or received. For most consumer purchases, a credit card will provide the most protection if the transaction goes sour. In some cases, particularly for large commercial purchases in foreign lands, you may wish to discuss secure payment options with your banker.
Protecting Personal Information
When doing business online, many organizations need to collect personal information (PI) about their customers for their legitimate business purposes. The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out rules to ensure that businesses advise their customers about the collection and use of PI. Organizations are also required to obtain your consent to collect PI. Once the PI is collected, organizations must manage the information in a way that safeguards the individual’s privacy to help ensure that the PI is not stolen or inadvertently disclosed to unauthorized people.
What is considered Personal Information under PIPEDA?
Personal information includes information such as a person’s date of birth, address, financial records and health records. Information that is used in commercial activities, such as a person’s name, business telephone number and email, would not be considered personal information. PIPEDA also applies to paper-based documents and other hard-copy and materials, (such as physical files and photographs), as well as online and e-commerce activities.
PIPEDA also protects personal information of a sensitive nature, such as health records, memberships in political or religious organizations, and information about a person’s sexual orientation.
Personal Information data protection agreements
Data protection agreements are used to protect PI about customers when organizations are sharing information. Data protection agreements are usually entered into when one organization outsources or sub-contracts part of their work to a third party organization. In doing so, the organization must often give the sub-contractor PI about its customers, so that the sub-contractor can compete the work.
The protection of the PI always remains the responsibility of the organization which collected the information. The PI can include information about individual customers, employees, or other individuals. The organization is responsible for ensuring that the PI is protected and handled in compliance with federal and provincial privacy laws.
It is important for an organization to take proper measures to protect PI before it transfers it to a third party service provider or sub-contractor. The organization can do such things as:
- review their written privacy policies,
- ask about their past practices with regard to PI and other sensitive information,
- request information about prior privacy complaints and data breaches, and
- enter into a data protection agreement, or include privacy provisions as part of the service agreement.
For more information refer to topic #344 Data Protection Agreements.
Although many contracts are now made on the Internet, before you enter into an important online contract, you should seek advice from a lawyer.
You now haveoptions: