Abstract
Croatia’s Electronic Signature Act (“ESA”) was enacted in 2002. The ESA is third-generation and provides for legal recognition of all types of E-signatures, but gives preferred status to the digital signature. The ESA provides for regulation of Certification Authorities (“CA”), who may voluntarily elect to become accredited if they are able to comply with stringent financial and technical requirements. The principal duties of CA’s are to: issue certificates to successful applicants; confirm the authenticity and integrity of E-signatures to relying third parties; maintain a repository of certificates which may be accessed by the public; and cancel a certificate if any information contained therein is discovered to be inaccurate. The ESA covers legal liability of CA’s and punitive measures which may be taken against them if they violate the ESA. The Electronic Document Act (“EDA”) was enacted in 2005. The EDA specifies how an E-document can be used to comply with a statutory requirement for production of a paper document or an original document. The EDA also creates a legal presumption of admissibility of evidence in electronic form, and contains rules pertinent to assumed time/place of transmission/receipt of an E-message. The EDA covers liability of Internet service providers and specifies several computer crimes. The Electronic Commerce Act (“ECA”) was enacted in 2003. The ECA provides for basic E-contract rules, basic regulation of E-commerce sellers, and basic consumer protections of E-commerce buyers. Although it was a satisfactory first-step, the ECA needs to be fine-tuned with the following modifications: (1) add E-contract attribution rules; (2) improve the E-contract acknowledgement-of-receipt rules; (3) add E-contract rules for carriage contracts; (4) strengthen the consumer protections of E-commerce buyers; (5) establish information technology courts for resolution of E-commerce disputes; (6) add cybersuite provisions; and (7) add explicit long-arm jurisdiction over foreign E-commerce sellers.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
U.S. Central Intelligence Agency (“CIA”), THE WORLD FACTBOOK, “Croatia,” 20 March 2008, p. 1; http://www.cia.gov/library/publications/the-world-factbook/print/hr.html.
Id. at 5–6.
Id. at 6.
Id. at 7.
Id. at 6.
Id. at 10.
Id. at 6, and note 79 infra.
Id. at 8.
Id. at 2 and 8.
See United States of America (1998).
Smedinghoff (1999).
European Union, E-SIGNATURES DIRECTIVE, note 80 infra, art. 2(1). Under Croatian law, an electronic signature is defined as “a set of data in electronic form which are associated or logically connected with other data in electronic form and which serve to identify the signatory and the authenticity of the signed electronic document.” ESA, note 140 infra, art. 2(1). An electronic document is defined in Croatia as “a complete set of data which is electronically generated, sent, received or stored on electronic, magnetic, optical or other media”. The content of an electronic document shall encompass all forms of written or other text, data, images and drawings, maps, sound, music, speech and computer databases. ESA, note 140 infra, art. 2(4).
Tang (1999).
Dessent (2002).
Stern (2001).
Id.
In the highly successful Hong Kong Identity Card, the two thumb prints are used as a biometric identifier. See Rina (2003).
Note 15 supra at 395–96; and CYBER-SIGN.
Id.
Pun et al. (2002).
Id. at 257.
Id. However, one of the experts in computer law and technology—Benjamin Wright—is a notable exception. Wright contends that biometrics is a more preferable authentication method in the case of the general public, although he concedes that digital signatures using PKI (covered infra) are preferable for complex financial deals carried out by sophisticated persons. In PKI, control of the person’s “private key” becomes all-important. The person must protect the private key; all of the “eggs” are placed in that one basket, and the person carries a great deal of responsibility and risk. With biometric methods, the member of the general public would be sharing the risk with other parties involved in the transaction, and the need to protect the “private key” is not so compelling. See Wright (2001).
Note 17 supra.
The Hong Kong E-commerce law typically defines a digital signature as follows: “an electronic signature of the signer generated by the transformation of the electronic record using an asymmetric cryptosystem and a hash function such that a person having the initial untransformed electronic record and the signer’s public key can determine: (a) whether the transformation was generated using the private key that corresponds to the signer’s public key; and (b) whether the initial electronic record has been altered since the transformation was generated.” Hong Kong Special Autonomous Region (2000).
Note 11 supra at 146.
Poggi (2000).
Fischer (2001).
Under Croatian law, the private key is considered to be part of the “electronic signature development data,” which is defined as “the unique data, such as the codes or the private encryption key which the signatory uses to generate the electronic signature.” ESA, Note 140 infra, art. 2(5).
American Bar Association (2001). Under Croatian law, the sender is the person signing the electronic document; that person is labeled a “signatory.” A signatory is defined as “a person who possesses the means to generate the electronic signature and to sign therewith, and who acts either on his or her own behalf or on behalf of the natural or legal person that he or she represents.” ESA, Note 140 infra, art. 2(3).
Under Croatian law, the public key is considered to be one of the “signature verification data,” defined as “data such as codes or public encryption keys which are used for the purpose of verifying electronic signatures.” ESA, Note 140 infra, art. 2(8).
Note 13 supra at 305.
Note 26 supra at 249.
Zaremba (2003).
Note 26 supra at 250.
Id.
Note 26 supra at 243.
Note 26 supra at 252.
Note 26 supra at 253.
Under Croatian law, a certificate is defined as a “confirmation in electronic form which links the data for authentication of the electronic signature with a specific person and confirms the identity of such person.” ESA, note 140 infra, art. 2(10).
Under Croatian law, a CA is defined as “a legal or natural person who issues certificates or provides other services pertaining to electronic signatures.” ESA, note 140 infra, art. 2(12). CA, the term used in Croatia and in this article, is used in most of the world’s jurisdictions with the exception of the European Union, which uses “certification service provider.” ESD, note 140 infra, art. 3.
Note 26 supra at 253.
Hogan (2000).
Froomkin (1996).
Note 43 supra at 425–426.
Note 11 supra at 149.
Note 11 supra at 150.
Note 43 supra at 426–427.
Osty and Pulcanio (1999).
Hallerman (1999).
State of Utah (1999).
Id.
Blythe (2008).
Note 27 supra at 234–237.
It is debatable as to whether technological-neutrality or technological-specificity is the correct road to take. See Roland (2001).
For concise coverage of American and British law, see Blythe (2005a).
Note 27 supra at 234–237.
United Nations (1996). See Blythe, Note 58 supra.
Republic of Singapore (1998). Although granting legal recognition to most types of electronic signatures, the Singapore statute implicitly makes a strong suggestion to users—in two ways—that they should use the digital signature because it is more reliable and more secure than the other types of electronic signatures: (1) digital signatures are given more respect under rules of evidence in a court of law than other forms of electronic signatures, and electronic documents signed with them carry a legal presumption of reliability and security—these presumptions are not given to other forms of electronic signatures; and (2) although all forms of electronic signatures are allowed to be used in Singapore, its electronic signature law established comprehensive rules for the licensing and regulation of Certification Authorities, whose critical role is to verify the of authenticity and integrity of electronic messages affixed to electronic signatures. Id. See Blythe (2007a).
Blythe (2007b).
Blythe (2007c).
Note 32 supra at 234–37.
Blythe (2007d).
Blythe (2007e).
Note 17 supra. See Blythe, Note 63 supra.
Before amending its original digital signature law, Hong Kong only recognized digital signatures and was therefore a member of the First Wave. After amendments were made, Hong Kong joined the Third Wave. See Blythe (2005b).
Blythe (2007f).
Blythe (2006b).
Blythe (2006c).
Blythe (2007g).
Blythe (2006d).
Blythe (2006e).
Blythe (2006f).
Blythe (2006g).
Wikipedia. “European Union—Member States”.
For general information about the European Union, see U.S. Central Intelligence Agency (“CIA”), THE WORLD FACTBOOK, “European Union,” 20 March 2008; https://www.cia.gov/library/publications/the-world-factbook/geos/ee.html.
European Union (1999).
ESD art. 1.
ESD preamble 17 and art. 1.
It is: “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication.” ESD art. 2(1).
It is an E-signature which complies with these requirements: “(a) it is uniquely linked to the signatory; (b) it is capable of identifying the signatory; (c) it is created using means that the signatory can maintain under his sole control; and (d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.” ESD art. 2(2).
It is: “an entity or a legal or natural person who issues certificates or provides other services related to electronic signatures.” ESD art. 2(11). “Other services” include: registration services; time-stamping services; directory services; computing services; and consultancy services pertinent to E-signatures. ESD preamble 9.
It is: “an electronic attestation which links signature-verification data to a person and confirms the identity of that person.” ESD art. 2(9). Furthermore, a “qualified” certificate is one which meets more stringent requirements and which has been issued by a CSP with greater qualifications. ESD art. 2(10).
ESD art. 5(1)(a).
ESD art. 5(1)(b).
ESD art. 5(2). Accordingly, even a simple, non-advanced E-signature (e.g., a signed E-mail) is admissible evidence in the European Union. See Arias (2007).
As previously mentioned in note 41, the Croatian ESA uses the term “certification authority” instead of certification service provider. However, a CA and a CSP perform equivalent duties.
ESD art. 3(1). However, a Member State may adopt a voluntary accreditation program in order to recognize those CSP’s with greater qualifications who are able to provide a higher standard of service. ESD art. 3(2). If adopted, such programs must be “objective, transparent, proportionate and non-discriminatory.” Id. The number of accredited CSP’s may not be limited. Id.
ESD preamble 12.
ESD art. 3(3). A qualified certificate must contain: designation of qualified status; name of CSP and State of creation; advanced E-signature of the CSP; name of subscriber (or pseudonym); a specific attribute of the subscriber, if essential to carry out the purpose of the certificate; a public key which corresponds to the private key; period of validity; identification number; and any limitations on purpose or value. ESD Annex I.
Those qualifications are: reliability; maintenance of a secure directory and revocation service; ability to record the date and hour of issuance and revocation of a certificate; ability to confirm the identity and any special attributes of the subscriber; employ personnel with sufficient knowledge, experience and skill; possess and use trustworthy and secure computer systems and products; ability to guard against forgery of certificates and compromise of security of signature creation data; possession of sufficient financial resources and liability insurance; ability to securely store certificate-related information for the required period of time; prevention of retention or copying of signature creation data; and ability to provide written information to the subscriber before entering into a contract with him. ESD Annex II.
A secure signature-creation device must utilize a technology and procedures which ensure: the data contained therein is reasonably secure and can be used only once; the data cannot be mathematically derived; the data can be protected by the subscriber from use by others; and the data will not be modified or given to the subscriber before the desired date of execution. ESD Annex III. Determination of the standards for these devices must be developed by “appropriate public or private bodies designated by Member States.” ESD art. 3(4). The standards developed in each Member State must be recogized in all Member States. Id.
Measures should be taken to ensure that: the data used to verify are the same as those displayed to the verifier; the E-signature is confirmed and that fact is indicated; the verifier can determine the contents of the data which is signed; there is a confirmation of the authenticity and validity of the certificate at the time the E-signature is verified; there is proper display of the verification and the subscriber’s name (or pseudonym, if any); and any changes to the data are detectable. ESD Annex IV. Member States are charged to work with the EU Commission to develop and use secure signature-verification devices. ESD art. 3(6).
ESD art. 4(1).
ESD art. 6(1). A CSP may also be liable for a relying third party’s damages caused by the CSP’s failure to give proper notice that a certificate has been revoked. ESD art. 6(2). However, a CSP may avoid liability if: he is able to prove he was not negligent; or the certificate’s express limitations on purpose or value of the transaction have not been complied with. ESD art. 6(1), 6(3) and 6(4).
ESD art. 8.
ESD art. 7(1). In order to promote legal recognition of E-signatures generated outside the EU, the EU Commission will make proposals for implementation of standards and international agreements pertinent to certification services. ESD art. 7(2). If the EU Community encounters problems with market access in non-EU nations, the EU Commission may make proposals for negotiation of comparable rights for EU Member States in those nations. ESD art. 7(3).
ESD art. 9. If a Member State has met these standards, it may presume it has complied with standards mentioned in ESD Annex II(f) and Annex III. ESD art. 3(5).
ESD art. 10. E-signature products in compliance with the ESD’s requirements must be allowed to circulate freely within the EU. ESD art. 4(2).
ESD art. 3(7). Any additional requirements must be “objective, transparenent, proportionate and non-discriminatory,” and must not be an impediment to “cross-border services for citizens.” Id.
ESD preamble 19.
ESD art. 11.
ESD art. 13(1).
ESD art. 12.
European Union (2000).
ECD art. 1(1).
ECD art. 1(2).
ECD preamble 11, 12, and 16; ECD art. 1(3)–(6).
These are defined as “services within the meaning of Article 1(2) of Directive 98/34/EC as amended by Directive 98/48/EC.” ECD art. 2(a).
A service provider is defined as “any natural or legal person providing an information society service.” ECD art. 2(b). However, the ECD distinguishes an ordinary service provider from an established service provider, defined as “a service provider who effectively pursues an economic activity using a fixed establishment for an indefinite period.” The mere possession of the technical ability and technology necessary for provision of the service do not constitute establishment. ECD art. 2(c).
This is defined as “any natural or legal person who, for professional ends or otherwise, uses an information society service, in particular for the purposes of seeking information or making it accessible.” ECD art. 2(d).
This is defined as “any natural person who is acting for purposes which are outside his or her trade, business or profession.” ECD art. 2(e).
ECD art. 2(h). The coordinated field encompasses: service providers’ qualification requirements which are a prerequisite to commencement of E-commerce activities; and rules regarding quality of service, E-contracts, advertising, and service providers’ liability. ECD art. 2(h)(i). However, the coordinated field does not include: requirements concerning specific types of goods; delivery of goods; and rules concerning services provided non-electronically. ECD art. 2(h)(ii).
ECD art. 3(1).
ECD art. 3(2). However, a Member State does have the right to restrict activities of other Member States’ service providers if this is necessary for: criminal law enforcement (especially laws pertinent to protection of minors, hate crimes, and protection of human dignity) maintenance of public health; national security and defense; and consumer protection (including investors). Before restriction is begun, the affected Member State must ask the other Member State (the one in which the service provider is established) to take action, and of its intention to restrict; if the other Member State refuses to take action, or takes inadequate action, the affected Member State may proceed with restriction, and the Commission must be informed. ECD art. 3(4). In an emergency, the affected Member State may restrict before giving notice to the other Member State and to the Commission, but they must be informed as soon as practicable of the action taken and the justification for it. ECD art. 3(5). Whereupon, the Commission will hold an inquiry as to the suitability of the affected Member State’s action; if found to be “incompatible with Community law,” the Commission will request the affected Member State from carrying out the restriction, or ending it expeditiously. ECD art. 3(6).
ECD preamble 10 and art. 3(3). Those situations are: copyright; neighbouring rights; rights referred to in Directive 87/54/EEC and Directive 96/9/EC; industrial property rights; electronic money as referenced in art. 8(1) of Directive 2000/46/EC; article 44(2) of Directive 85/611/EEC; art. 30 and Title IV of Directive 92/49/EEC; Title IV of Directive 92/96/EEC; art. 7 and 8 of Directive 88/357/EEC; art. 4 of Directive 90/619/EEC; the freedom of contracting parties to choose the controlling law; contract rights pertient to consumer contacts; the validity of contracts which create or transfer rights in real estate where those contracts must comply with the law of the Member State in which the real estate is located; and the issue of whether unsolicited E-mail advertising is permitted. ECD Annex.
ECD art. 4(1). However, this is inapplicable to authorization rules which: are applied to all businesses (including those not engaged in E-commerce activities); or are applied pursuant to Directive 97/13/EC (relating to licenses of telecommunications services). ECD art. 4(2).
ECD art. 5(1). The information is: name, address and contact information (including E-mail address) of service provider; name of trade register in which service provider is listed, and the trade register identification number (if applicable); the supervisory authority; professional license or designation, name of professional regulatory body, and reference to professional rules (if applicable); value-added-tax identification number (if applicable); and prices of services (and whether the price is inclusive of delivery expenses). ECD art. 5(1)–(2).
ECD art. 6. The information is: designation that it is a commercial message; identification of the sender; identification of any discounts, premiums or gifts that are available (and clear explanation of how to qualify for them); and promotional competitions or games that are available (and the conditions for participation in them). Id.
ECD art. 7. The advertisement: must be clearly identified as such; and must be capable of being opted-out of by the recipient (and the opt-out, if made, must be complied with by the service provider). Id.
ECD preamble 32; ECD art. 8(1). Professional organizations are encouraged to adopt an EU code of conduct concerning the types of information allowed to be conveyed electronically. ECD art. 8(2). These codes of conduct will be taken into account by the Commission as they draft further rules pertinent to EU E-commerce. ECD art. 8(3). The ECD applies in addition to other EU Directives relating to professions. ECD art. 8(4).
ECD preamble 34; ECD art. 9(1). However, a Member State may elect not to apply this provision to contracts concerning: creation or transfer of rights in real estate; a legal requirement for participation by the “courts, public authorities or professions exercising public authority;” granted suretyship, or “collateral securities furnished by persons acting for purposes outside their trade, business or profession;” or family law, or law of succession; ECD art. 9(2). If it elects not to apply the provision to one or more of those categories, it must so inform the Commission of the categories in question; furthermore, every 5 years the Member State must justify to the Commission why it is necessary to maintain those exceptions. ECD art. 9(3).
ECD art. 10(1). The types of information to be provided are: how to consummate an E-contract; filing of the E-contact by the seller and its accessibility by the customer; how to correct input errors before the order is placed; the languages available; and any codes of conduct the seller has subscribed to (and how to get access to an electronic copy of them). ECD art. 10(1)–(2). These requirements are inapplicable to contracts consummated entirely by E-mail or by “equivalent individual communications.” ECD art. 10(4). However, in all E-contracts, the seller must provide general contract terms and conditions to the buyer, and they must be capable of being stored and reproduced by him. ECD art. 10(3).
ECD art. 11(1). A customer must be informed how to identify and correct input errors before the order is placed. ECD art. 11(2). The aforementioned requirements are inapplicable if the contract is consummated entirely by E-mail or by “equivalent individual communications.” ECA art. 11(3). The order and acknowledgement of receipt are considered to have been received when they first become accessible. ECA art. 11(1).
ECD art. 12.
ECD art. 13.
ECD art. 14.
ECD preamble 40–48; ECD art. 15. However, if the intermediary acquires knowledge that the information is illegal or offensive, there is an obligation to remove or disable access to the information. ECD art. 13(1)(e) and 14(1)(b).
ECD preamble 49; ECD art. 16(1)(a) and 16(2).
ECD preamble 51; ECD art. 17(1). Procedural safeguards for consumers should be established. ECD preamble 53; ECD art. 17(2). Bodies in the Member States responsible for out-of-court settlement of disputes should keep the Commission informed of significant decisions made, and should also inform the Commission of any “other information on the practices, usages or customs relating to electronic commerce.” ECD art. 17(3).
ECD art. 18(1).
ECD art. 19(2). Member States should keep the Commission informed of any “significant or administrative judicial decisions” taken pertinent to implementation of the ECD, and the Commission should disseminate these to all Member States. ECD art. 19(5). Furthermore, Member States should cooperate with non-Member States in the development of compatible world E-commerce laws. ECD preamble 61.
ECD art. 22(1).
ECD art. 20. The sanctions must be “effective, proportionate and dissuasive.” Id.
ECD preamble 63.
ECD art. 20.
Republic of Croatia (2002).
ESA art. 7 and 36.
ESA art. 42–44.
The former is “a set of data in electronic form which are associated or logically connected with other data in electronic form and which serve to identify the signatory and the authenticity of the signed electronic document.” ESA art. 2(1) and 3. The latter is an E-signature “which fully guarantees the identity of the signatory and which complies with the requirements stipulated in Article 4” of the ESA. ESA art. 2(2). Article 4 mandates that an advanced E-signature: be linked to the subscriber and no one else; conclusively indicate the subscriber; be generated with a tool under the exclusive control of the subscriber; and have a relationship with the attached so that any subsequent modification of the data is detectable. An advanced E-signature must be created with an advanced E-signature development tool possessing the most stringent security attributes. ESA art. 8 and 9.
ESA art. 5. Ordinarily, an E-signature may not be contested merely because of its electronic form. However, there are exceptions; the following types of documents are mandated to be in paper form to be valid: real estate; probate; prenuptial agreements; encumberment of assets when a social welfare center must grant approval; living wills and ordinary wills; those requiring certification by a Notary Public; and others designated by another statute or regulations. ESA art. 6.
A CA is required to have personnel with sufficient expertise, a sophisticated computer system, and other qualifications. ESA art. 12 and 17. These requirements must be reported to the Minister, along with its standard operating procedures. ESA art. 15. It is not compulsory for a CA to be licensed. ESA art. 14. However, all CA’s must be “registered,” i.e., the Minister must be informed of the qualifications if a CA plans to open a business; if qualified, the Minister will list the CA in its Directory of Registered CA’s. ESA art. 16 and 21. Furthermore, if a CA desires accreditation by the Minister, it may apply for a license to be issued by the Minister verifying same; licensed CA’s are referred to as “Qualified” CA’s and are listed in the Minister’s Directory of Qualified CA’s. ESA art. 18 and 19. The Minister is empowered to conduct regular inspections of CA’s. ESA art. 37 and 38.
A certificate must contain specific types of information, including: the E-signature of the CA; the public key; and personal information of the subscriber. ESA art. 11.
ESA art. 10 and 24.
ESA art. 25–28.
The CA’s register of certificates should be shared with other CA’s. ESA art. 34.
ESA art. 29 and 32. CA’s must promptly revoke a certificate at the request of the subscriber, and for other reasons. ESA art. 30. Certificates and supporting documentation must be stored for at least ten years after the issuance date.
ESA art. 33.
ESA art. 35.
ESA art. 39–41. The first two may be punished with a fine in the range of 2,000–10,000 HRK, and the last may be punished with a fine in the range of 5,000–100,000 HRK. Id.
Republic of Croatia (2003). The statute is inapplicable to: data protection; taxation; Notaries Public; legal representation of a client in the court system; and to gambling. ECA art. 1(2). The ECA and other pertinent Croatian statutes apply to E-commerce firms located in Croatia, but are inapplicable to E-commerce firms located in other EU member states even if they intend to sell products via E-commerce in Croatia (except for transactions affecting copyright, E-money, real estate, insurance firms, consumer advertising, freedom of choice of law to govern a contract, and medical products. ECA art. 3 and 4.
ECA art. 5. A specific list of information must be supplied by the E-commerce seller during registration. ECA art. 6.
ECA art. 7 and 8.
ECA art. 2(6).
ECA art. 9(1)–(3). However, an E-contract cannot be used in these situations: prenuptial agreements; property agreements requiring authorization of a social welfare center; living wills and ordinary wills; donations; real estate transfers; Notaries Public; if another statute mandates the presence of a handwritten signature or certification of it; and surety agreements. ECA art. 9(4). A party’s E-signature must be in compliance with the ESA. ECA art. 11.
ECA art. 12. The E-contract generated must be capable of being printed, stored and retrieved by the buyer. ECA art. 13.
ECA art. 16–21. The limitations concern caching, provision of links and dissemination of other party’s materials over the internet. Id.
ECA art. 23. The normal punishment is a fine in the range of 1,000 to 100,000 HRK; however, repeated or serious violations must result in a court order prohibiting the E-commerce activity for a period of 3–6 months. Id.
Republic of Croatia (2005).
An E-document is defined as “the unambiguously connected integral set of data that have been electronically formed (prepared with the help of computers and other electronic devices), sent, received or stored on electronic, magnetic, optical or other medium, containing characteristics that determine the source (creator) and the authenticity of the contents and prove the integrity of contents in time,” and their contents “include all forms of text in writing, data, pictures and drawings, maps, sound, music, speech.” EDA art. 4(1). An E-document must be signed whenever it is transmitted and stored. EDA art. 15(2). The E-signature attached to an E-document must be an advanced E-signature as defined in the ESA. EDA art. 4(3).
EDA art. 1 and 3. If the private parties or the government has agreed to use E-documents, they have the same legal validity as paper documents if all security requirements have been complied with. EDA art. 2 and 5.
The computer system used with an E-document must use stringent security procedures. EDA art. 13(4).
EDA art. 6 and 19(1). An E-document has two parts: the contents (with recipient’s name) and the subscriber’s E-signature with date and hour of generation. EDA art. 7. The internal and external form of an E-document must also be proper. EDA art. 8.
EDA art. 20(1). However, appropriate security procedures must be in place to ensure that the document remains unaltered. EDA art. 20(2)-(3). Furthermore, the storage of the E-document may be entrusted to an agent if it uses appropriate security procedures. EDA art. 21–23.
EDA art. 9. Verification of a paper printout of an E-document is to be done by a public authority within his scope of statutory authority; in all other cases, such verification must be performed by a Notary Public. EDA art. 10(2). Verified paper copies of an E-document have the same legal validity as the E-document. EDA art. 11(1).
EDA art. 12(1). The amount of weight given the evidence depends on details pertinent to the E-document’s “preparation, storage, transfer, safekeeping, authenticity and lack of change…” EDA art. 12(2).
EDA art. 16.
EDA art. 17–18.
The maximum punishment is a fine of 60,000 HRK if the offense is committed on behalf of a legal entity. EDA art. 26(1). Additionally, a fine of 10,000 HRK or imprisonment for 15 days may be imposed upon a natural person responsible for the legal entity’s action. EDA art. 26(2).
The previous three crimes have a maximum punishment of 40,000 HRK if they are committed on behalf of a legal entity. EDA art. 27(1). Additionally, a fine of 5,000 HRK may be imposed upon a natural person responsible for the legal entity’s action. EDA art. 27(2).
The previous four crimes have a maximum punishment of 20,000 HRK if they are committed on behalf of a legal entity. EDA art. 28(1). Additionally, a fine of 3,000 HRK may be imposed upon a natural person responsible for the legal entity’s action. EDA art. 28(2).
Barbados (2001). See Blythe, Note 63 supra.
Colombia’s statute contains rules regarding these and other aspects of a carriage contract: (1) detailed description of the goods; (2) issuance of receipt; (3) confirmation of shipment; (4) notification of terms of the contract; (5) instructions to be conveyed to the transporter; (6) request of delivery of the goods; (7) authorization to deliver the goods; (7) buyer’s notification of loss or damage of goods during transit; (8) seller’s promise to deliver the goods to buyer or her agent; and (9) acquisition, waiver or transfer of rights in the agreement. In Colombia, E-documents may be used in the creation or implementation of carriage contracts, notwithstanding the fact that another statute may mandate the utilization of paper documents. This applies regardless of whether the statute creates a legal requirement, or provides for detrimental consequences if paper documents are not used. However, in order for E-documents to be used in the transfer of a right or obligation under a carriage contract, a “reliable method” must be employed to ensure the security and integrity of the message. Once data messages have begun to be used, paper documents are no longer valid. A party cannot revert to the use of paper documents until the other party has been informed that, henceforth, paper documents are to be used instead of data messages. Reversion to paper documents will not affect the rights of the parties which were created with E-documents. If a legal regulation exists in reference to paper documents relating to a carriage contract, that regulation will also be applied to a digital message used in lieu of paper documents. Republic of Colombia (1999).
Uniform Law Conference of Canada (1999).
Republic of Tunisia (2000). See Stephen E. Blythe, Note 76 supra.
Korea is one of the few nations that may offer better consumer protections than Tunisia. That country has enacted a separate statute specifically for E-commerce consumer protections—the E-Commerce Transactions Consumer Protection Act. See Republic of South Korea. Korean Legislation Research Institute, Act on the Consumer Protection in the Electronic Commerce Transactions (hereinafter “CPA”). Originally enacted by Law No. 6687 (30 March 2002), and amended by Act Nos. 7315 and 7344 of 31 December 2004 and 27 January 2005, respectively. Furthermore, the CPA recently underwent a major overhaul with substantial amendments in Act No. 7487 of 31 March 2005; these amendments became effective on 1 April 2006. For a thorough analysis of the CPA, see Stephen E. Blythe, Note 74 supra. Iran also provides good consumer protections, including a window of opportunity to withdraw from an E-transaction previously entered into; however, the window in Iran is only seven days, as opposed to Tunisia’s ten days. See Stephen E. Blythe, Note 70 supra.
Kingdom of Nepal (2005). See Stephen E. Blythe, Note 55 supra.
LOWTAX, p. 1.
The Republic of Tonga is an example of a nation that has claimed long-arm jurisdiction over E-commerce parties, and its statute may be used as a model. See Stephen E. Blythe, Note 77 supra.
References
American Bar Association. (2001). PKI assessment guidelines, V 0.30 at 301 (Public draft for comment no. 25); Retrieved from http://www.abanet.org/scitech/ec/isc/pagv30.pdf. Accessed 24 May 2008.
American Bar Association, Section of Science & Technology, Information Security Committee (1995, 1996). Electronic Commerce & Information Technology Division, Digital signature guidelines: Legal infrastructure for certification authorities and secure electronic commerce. ABA Net, p. 9; Retrieved from http://www.abanet.org/ftp/pub/scitech/ds-ms.doc. Accessed 24 May 2008.
Arias, M. L. (2007). Internet law—The EU law on electronic signatures and its recent report. IBLS Internet Law—News Portal, 3 December, p. 2; Retrieved http://www.ibls.com/internet_law_news_portal_view_prn.aspx?s=latestnews&id=1920. Accessed 10 February 2008.
Barbados. (2001). Electronic Transactions Act, CAP. 308B, 8 March, pp. s14–16; http://www.barbadosbusiness.gov.bb/miib/Legislation/Acts/investment_acts.cfm. Accessed 10 February 2008.
Berman, A. B. (2001). International divergence: the ‘keys’ to signing on the digital line—The cross-border recognition of electronic contracts and digital signatures. Syracuse Journal of International Law and Commerce, 28, 125, 143–144.
Blythe, S. E. (2005a). Digital signature law of the United Nations, European Union, United Kingdom and United States: Promotion of growth in E-commerce with enhanced security. Richmond Journal of Law and Technology, 11(2), 6. Retrieved from http://law.richmond.edu/jolt/v11i2/article6.pdf and available at Lexis-Nexis: http://www.lexisnexis.com.eproxy3.lib.hku.hk/us/lnacademic/results/docview/docview.do?risb=21_T3229558475&format=GNBFI&sort=RELEVANCE&startDocNo=1&resultsUrlKey=29_T3229558480&cisb=22_T3229558479&treeMax=true&treeWidth=0&csi=156342&docNo=7. Accessed 10 February 2008.
Blythe, S. E. (2005b). Electronic signature law and certification authority regulations of Hong Kong: Promoting E-commerce in the world’s ‘most wired’ city. North Carolina Journal of Law and Technology, 7(1). Retrieved from http://www.jolt.unc.edu/currentissue.htm and available at Lexis-Nexis: http://www.lexisnexis.com.eproxy3.lib.hku.hk/us/lnacademic/results/docview/docview.do?risb=21_T3229558475&format=GNBFI&sort=RELEVANCE&startDocNo=1&resultsUrlKey=29_T3229558480&cisb=22_T3229558479&treeMax=true&treeWidth=0&csi=241400&docNo=5. Accessed 10 February 2008.
Blythe, S. E. (2006a). A critique of India’s information technology act and recommendations for improvement. Syracuse Journal of International Law and Commerce, 34, 1; Available at Lexis-Nexis: http://www.lexisnexis.com.eproxy3.lib.hku.hk/us/lnacademic/results/docview/docview.do?risb=21_T3229558475&format=GNBFI&sort=RELEVANCE&startDocNo=1&resultsUrlKey=29_T3229558480&cisb=22_T3229558479&treeMax=true&treeWidth=0&csi=140728&docNo=3. Accessed 10 February 2008.
Blythe, S. E. (2006b). Tehran begins to digitize: Iran’s E-Commerce law as a hopeful bridge to the world. Sri Lanka Journal of International Law, 18.
Blythe, S. E. (2006c). Cyber-law of Japan: Promoting E-commerce security, increasing personal information confidentiality and controlling computer access. Journal of Internet Law, New York, NY, USA: Aspen Publishers, Inc.; Retrieved from http://www.accessmylibrary.com/coms2/summary_0286-17306641_ITM. Accessed 10 February 2008.
Blythe, S. E. (2006d). Pakistan goes digital: The electronic transactions ordinance as a facilitator of growth for E-commerce. Journal of Islamic State Practices in international Law, 2, 2. Retrieved from: http://electronicpublications.org/catalogue.php?id=46. Accessed 10 February 2008.
Blythe, S. E. (2006e). The tiger on the Peninsula is digitized: Korean E-commerce law as a driving force in the world’s most computer-savvy nation. Houston Journal oF International Law, 28(3), 573.
Blythe, S. E. (2006f). Taiwan’s Electronic Signature Act: Facilitating the E-commerce boom with enhanced security. In Proceedings of the Sixth Annual Hawaii International Conference on Business, Honolulu, Hawaii, USA, May 25–28. Retrieved from: http://www.hicbusiness.org/Proceedings_Bus.htm. Accessed 10 February 2008.
Blythe, S. E. (2006g). Computer law of Tunisia: Promoting secure E-commerce transactions with electronic signatures. Arab Law Journal, 20, 240–267. Retrieved from: http://www.ingentaconnect.com/content/brill/alq. Accessed 10 February 2008.
Blythe, S. E. (2006h). South pacific computer law: Promoting E-commerce in Vanuatu and fighting cyber-crime in Tonga. Journal of South Pacific Law, 10(1). Retrieved from: http://www.paclii.org/journals/fJSPL/vol10/2.shtml. Accessed 10 February 2008.
Blythe, S. E. (2007a). Singapore computer law: An international trend-setter with a moderate degree of technological neutrality. Ohio Northern University Law Review, 33(2), 525–562; Available at Lexis-Nexis: http://www.lexisnexis.com.eproxy3.lib.hku.hk/us/lnacademic/results/docview/docview.do?risb=21_T3229558475&format=GNBFI&sort=RELEVANCE&startDocNo=1&resultsUrlKey=29_T3229558480&cisb=22_T3229558479&treeMax=true&treeWidth=0&csi=140724&docNo=1. Accessed 10 February 2008.
Blythe, S. E. (2007b). Azerbaijan’s E-commerce statutes: Contributing to economic growth and globalization in the Caucasus Region. Columbia Journal of East European Law, 1(1), 44–75.
Blythe, S. E. (2007c). The Barbados Electronic Transactions Act: A comparison with the U.S. model statute. Caribbean Law Review, 16.
Blythe, S. E. (2007d). China’s new electronic signature law and certification authority regulations: A catalyst for dramatic future growth of E-commerce. Chicago-Kent Journal of Intellectual Property, 7, 1. Retrieved from http://jip.kentlaw.edu/currentissue.asp and at Lexis-Nexis: http://www.lexisnexis.com.eproxy3.lib.hku.hk/us/lnacademic/results/docview/docview.do?risb=21_T3229558475&format=GNBFI&sort=RELEVANCE&startDocNo=1&resultsUrlKey=29_T3229558480&cisb=22_T3229558479&treeMax=true&treeWidth=0&csi=221052&docNo=2. Accessed 10 February 2008.
Blythe, S. E. (2007e). The Dubai electronic transactions statute: A prototype for E-commerce law in the United Arab Emirates and the G.C.C. countries. Journal of Economics and Administrative Sciences, 23, 1; Retrieved from http://jeas.cbe.uaeu.ac.ae/. Accessed 10 February 2008.
Blythe, S. E. (2007f). Hungary’s Electronic Signature Act: Enhancing economic development with secure E-commerce transactions. Information and Communications Technology Law, 15(47); http://www.tandf.co.uk/journals/journal.asp?issn=1360-0834&linktype=5. Accessed 10 February 2008.
Blythe, S. E. (2007g). Lithuania’s electronic signature law: Providing more security in E-commerce transactions. Barry Law Review, 8, 23. Available at Lexis-Nexis: http://www.lexisnexis.com.eproxy3.lib.hku.hk/us/lnacademic/results/docview/docview.do?risb=21_T3229558475&format=GNBFI&sort=RELEVANCE&startDocNo=1&resultsUrlKey=29_T3229558480&cisb=22_T3229558479&treeMax=true&treeWidth=0&csi=254558&docNo=6. Accessed 10 February 2008.
Blythe, S. E. (2008). On top of the world, and wired: A critique of Nepal’s E-Commerce Law. Journal of High Technology Law, 8(2), forthcoming
Chung, R. C. Y. (2003). Hong Kong’s ‘smart’ identity card: Data privacy issues and implications for a post-September 11th America. Asian-Pacific Law and Policy Journal, 4, 442.
CYBER-SIGN. The legality of electronic signatures using cyber-sign is well established. Retrieved from http://www.cybersign.com/news_news.htm. Accessed 10 February 2008.
Dessent, M. (2002). Browse-Wraps, Click-Wraps and Cyberlaw: Our shrinking (Wrap) world. Thomas Jefferson Law Review, 25(1), 4.
European Union. (1999). Directive 1999/93/EC of the European Parliament and of the council of 13 December 1999 on a community framework for electronic signatures. Official Journal L, 013, 19/01/2000, pp. 12–20 (often referred to as “E-Signatures Directive”); Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31999L0093:EN:HTML. Accessed 10 February 2008.
European Union. (2000). Directive 2000/31/EC of the European Parliament and of the council of 8 June 2000 on certain legal aspects of information society services, in particular Electronic commerce. The Internal Market, Official Journal, 178, 17/07/2000, pp. 1–16 (often referred to as “E-Commerce Directive”); Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000L0031:EN:HTML. Accessed 10 February 2008.
Fischer, S. F. (2001). California saving Rosencrantz and Guildenstern in a virtual world? A comparative look at recent global electronic signature legislation. Association of American Law Schools 2001 Annual Meeting, Section on Law and Computers. Boston University Journal of Science and Technology Law, 7, 229, 233.
Froomkin, A. M. (1996). The essential role of trusted third parties in Electronic Commerce. Oregon Law Review, 75, 49, 58.
Hallerman, D. (1999). Will banks become E-commerce authorities? Bank Technology News, 12, June 1.
Hogan, T. C. (2000). Notes and comments—technology, “Now that the floodgates have been opened, why haven’t banks rushed into the certification authority business? North Carolina Banking Institute, 4, 417, 424–425.
LOWTAX. “Vanuatu E-commerce,” p. 1; http://www.lowtax.net/lowtax/html/jvaecom.html. Accessed 10 February 2008.
Kingdom of Nepal. (2005). Electronic transactions ordinance no. 32 of the year 2061 B.S. (2005 A.D.), s60–71. The original version, in Nepalese Language, is available at the website of the Nepal Telecommunications Authority: Retrieved from http://www.nta.gov.np/cyber_law.html. An official English version was released by the Nepal Ministry of Law, Justice and Parliamentary Affairs and was published in the Nepal Gazette on 18 March 2005: Retrieved from http://www.hlcit.gov.np/pdf/englishcyberlaw.pdf. Accessed 10 February 2008.
Maautamate, B. T. S. (Hon. Prime Minister) MP, Government of the Republic of Vanuatu (2000) The E-business act of 2000, The International Companies (E-Commerce Amendment) Act of 2000, the companies (E-Commerce amendment) Act of 2000: A plain english explanation, pp. 8–10; Retrieved from http://www.vanuatugovernment.gov.vu/government/library/Exp%20note%20ecommerce%20acts.doc. Accessed 10 February 2008.
Maurushat, A. (2005). Multi-lateral recognition of PKI certification authorities in the Asian region: Transborder data flow and information privacy issues. Hong Kong Law Journal, 35(3), 569.
United Nations. (1996). United Nations Commission on International Trade Law (“UNCITRAL”), Model law on electronic commerce with guide to enactment (“MLEC”), G.A. Res. 51/162, U.N. GAOR, 51st Sess., Supp. No. 49, at 336, U.N. Doc. A/51/49; Retrieved from http://www.uncitral.org/english/texts/electcom/ml-ecomm.htm. Accessed 10 February 2008.
Osty, M. J., & Pulcanio, M. J. (1999). The liability of certification authorities to relying third parties. John Marshall Journal of Computer and Information Law, 17, 961.
Poggi, C. T. (2000). Electronic commerce legislation: An analysis of European and American approaches to contract formation. Virginia Journal of International Law, 41, 224, 250–251.
Pun, K. H., Lucas Hui, K. P. Chow, W. W. Tsang, C. F. Chong, & Chan, H. W. (2002). Review of the electronic transactions ordinance: can the personal identification number replace the digital signature? Hong Kong Law Journal, 32, 241, 256.
Hong Kong Special Autonomous Region. (2000). Electronic Transactions Ordinance, Ord. No. 1 of 2000, s2.
Republic of Colombia. (1999). Law regulating data messages, electronic trade, digital signatures and certification entities (13 January), art. 26 and 27, Official Translation No. 7 by Maria del Pilar Mejia de Restrepo; Retrieved from http://www.qmw.ac.uk/~t16345/colombia_en_final.htm. Accessed 10 February 2008.
Republic of Croatia. (2002). Electronic Signature Act, 17 January; Retrieved from http://www.apiu.hr/docs/apiuEN/documents/84/Original.pdf. Accessed 10 February 2008.
Republic of Croatia. (2003). Electronic Commerce Act, 15 October; Retrieved from http://www.georges-chatillon.eu/IMG/rtf/2003_21_10_Loi_Commerce_electronique_Croatie.rtf. Accessed 10 February 2008.
Republic of Croatia. (2005). Electronic Document Act (“EDA”), 9 December; Retrieved from http://www.ehrvatska.hr/sdu/en/Zakonodavstvo/RH/categoryParagraph/07/document/eDocument_Act.pdf. Accessed 10 February 2008.
Republic of Singapore. (1998). Electronic Transactions Act (Cap. 88), 10 July; Retrieved from http://agcvldb4.agc.gov.sg/. Accessed 10 February 2008.
Republic of South Korea. (2002). Act on the consumer protection in the electronic commerce transactions. Statutes of The Republic of Korea, 13, pp. 481 to 485–430 (English translation by Korean Legislation Research Institute).
Republic of Tunisia. (2000). Electronic exchanges and electronic commerce law; http://www.bakernet.com.org. Accessed 10 February 2008.
Republic of Vanuatu. (2000). E-business ACT (Act no. 25 of 2000), Preamble; Retrieved from http://www.paclii.org/cgi-paclii/disp.pl/vu/legis/num%5fact/ea2000125.html. Accessed 10 February 2008.
Roland, S. E. (2001). The uniform electronic signatures in Global and National Commerce Act: Removing barriers to E-commerce or just replacing them with privacy and security issues? Suffolk University Law Review, 35, 625, 638–645.
Smedinghoff, T. J. (1999). Electronic contracts: An overview of law and legislation. 564 Practising Law Institute: Patents handbook series at 125, 162.
State of Utah. (1999). Utah code annotated 46–3–101 et seq.
Stern, J. E. (2001). Federal legislation: The electronic signatures in Global and National Commerce Act. Berkeley Technology Law Journal, 16, 391, 395 (2001).
Tang, D. K. Y., & Weinstein, C. G. (1999). Electronic contracting: American and international proposals for legal structures. In M. Chrisopher (Ed.), Regulation and deregulation: Policy and practice in the utilities and financial services industries. (pp. 321, 333). Oxford: Oxford University Press.
Uniform Law Conference of Canada, Uniform Electronic Commerce Act. (1999), ss24–ss25; Retrieved from http://www.ulcc.ca/en/us/index.cfm?sec=1&sub=1u1&print=1. Accessed 10 February 2008.
United States of America. (1998). Uniform Commercial Code ss 2–201 and 2–209.
United States of America. (2008). Central intelligence agency (“CIA”), The World Factbook, “Croatia,” 20 March 2008, p. 1; Retrieved from http://www.cia.gov/library/publications/the-world-factbook/print/hr.html. Accessed 10 February 2008.
Wright, B. (2001). Symposium: Cyber rights, protection, and markets: Article, ‘Eggs in baskets: Distributing the risks of electronic signatures’. West Los Angeles Law Review, 32, 215, 225–226.
Wikipedia. “European Union—Member States”; http://en.wikipedia.org/wiki/European_union. Accessed 10 February 2008.
Zaremba, J. (2003). International electronic transaction contracts between U.S. and E.U. companies and customers. Connecticut Journal of International Law, 18, 479, 512 (2003).
Author information
Authors and Affiliations
Corresponding author
Additional information
Stephen E. Blythe is a Professor of Law and Accounting, New York Institute of Technology, CERT Technology Park, Abu Dhabi, United Arab Emirates. Ph.D. Candidate (Int’l E-Commerce Law), The University of Hong Kong (China); Ph.D. (Business Administration), University of Arkansas, 1979; J.D. cum laude, Texas Southern University, 1986; LL.M. (Int’l Bus. Law) University of Houston, 1992; LL.M. (Info. Tech. Law) with distinction, University of Strathclyde (Scotland), 2005. Attorney at Law, Texas and Oklahoma; C.P.A., Texas. He practiced solo (employment-discrimination litigation) in Houston, Texas, was affiliated with the Cheek Law Firm (insurance-defense litigation) in Oklahoma City, and was a management consultant for the city of Haikou, China. Additionally, he has taught law, accounting, management, economics and international business at 15 universities located in the United States, Africa and the Middle East.
Rights and permissions
About this article
Cite this article
Blythe, S.E. Croatia’s computer laws: promotion of growth in E-commerce via greater cyber-security. Eur J Law Econ 26, 75–103 (2008). https://doi.org/10.1007/s10657-008-9053-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10657-008-9053-y