The Law Shop is now closed. Please click here to find out more.

Online Verification in E-commerce

The Electronic Signature Regulations deal with the legal recognition of electronic signatures and the processes under which they are verified, communicated or generated. 

The regulations also remove other parts of legislation that are obstacles to the use of electronic communication and storage.

The regulations are reasonably small-scale, however, and do not affect many areas. They primarily address the supervision and the liability of Certification Service Providers and parts of data protection.

Certification Service Providers

Certification Service Providers are businesses that issue certificates in support of electronic signatures. This certificate links signature verification data to an internet user and confirms the identity of that person. The Secretary of State reviews the activities of Certification Service Providers and makes a register of those that issue qualified certificates to the public under the regulations. Liability is laid on Certification Service Providers by the regulations to the extent that they guarantee or issue qualified certificates to the public. A Certification Service Provider is liable to anybody relying on the certificate for the accuracy of the information contained within the certificate at the time of issue, in these circumstances.

Personal data

UK Certification Service Providers have to abide by a rule concerning data protection that ensures that personal data may only be acquired directly from the data subject for the aim of maintaining or issuing the certificate. If acquired indirectly, then it will need the explicit permission of the data subject.

Under the regulations, the personal data must only be processed only if it is completely necessary for the maintenance and issuing of the certificate or if the data subject has explicitly agreed other aims than the aim for which consent has been issued.