Information Society Services Act (1), 14 April 2004.
§ 1. Purpose of Act
(1) This Act provides for the requirements for information society service providers, the organisation of supervision and liability for violation of this Act.
(2) The provisions of the Administrative Procedure Act (RT I 2001, 58, 354; 2002, 53, 336; 61, 375; 2003, 20, 117; 78, 527) shall apply to the administrative procedure prescribed in this Act, taking into consideration the specifications arising from this Act.
§ 2. Definitions
In this Act, the following definitions are used:
1) “Information society services” are services provided in the form of economic or professional activities at the direct request of a recipient of the services, without the parties being simultaneously present at the same location, and such services involve the processing, storage or transmission of information by electronic means intended for the digital processing and storage of data. Information society services must be entirely transmitted, conveyed and received by electronic means of communication. Services provided by means of fax or telephone call, and broadcasting within the meaning of the Broadcasting Act (RT I 1994, 42, 680; 66, 1145; 1995, 83, 1437; 97, 1664; 1996, 49, 953; 1997, 29, 448; 52, 834; 93, 1564; 1998, 2, 42 and 44; 1999, 16, 268; 25, 364; 59, 613; 2000, 25, 143; 35, 220; 102, 666; 2001, 53, 310; 2002, 3, 5; 21, 117; 53, 336; 57, 357; 61, 375; 63, 387; 2003, 4, 22; 83, 560; 88, 594) are not information society services.
2) “regulated professional activity” is any professional activity the pursuit of which requires professional qualifications determined by law.
§ 3. Application of law of state of place of business
(1) Information Society services provided through a place of business located in Estonia (hereinafter services) shall meet the requirements arising from Estonian law regardless of the Member State of the European Union or Member State of the European Economic Area in which the service is provided.
(2) The provision, in Estonia, of services belonging to the co-ordinated field through a place of business located in a Member State of the European Union or Member State of the European Economic Area are not subject to restriction, except in the case and to the extent justified for the protection of morality, public policy, national security, public health and consumer rights.
(3) The restrictions specified in subsection (2) of this section shall meet the following conditions:
1) a restriction shall be established against a specific information society service which prejudices the objectives referred to in subsection (2) of this section or which presents a serious risk of prejudice to those objectives;
2) a restriction shall be proportionate to its objective;
3) before establishing a restriction, a competent Estonian body has asked the state of the location of the place of business to establish a restriction, and the latter has not established the restriction, or the restriction is inadequate;
4) a competent Estonian body has notified the European Commission and the relevant Member State of its intention to establish a restriction;
5) in the case of urgency, derogation from the conditions stipulated in clause 4) of this subsection is permitted. In the case of urgency, the competent Estonian body shall notify the restriction in the shortest possible time to the European Commission and to the Member State, indicating the reasons for which it is considered that there is urgency;
6) clauses 3)–5) of this subsection shall not apply to court proceedings.
(4) The provisions of subsection (2) of this section shall not apply to:
1) the freedom of the parties to choose the law applicable to their contract;
2) contractual obligations concerning consumer contracts;
3) copyright and related rights;
4) protection of semi-conductors;
5) protection of databases;
6) protection of industrial property rights;
7) formal requirements of the law valid in respect of transactions with rights in immovables;
8) the permissibility of commercial communications by electronic mail;
9) advertising of investment funds;
10) the insurers’obligation to inform the competent body of the general and specific terms of obligatory insurance;
11) the insurers’right of establishment and freedom of provision of services;
12) non-life and life insurance contracts which cover risks existing in Member States of the European Union;
13) the activities, as public authorities, of notaries, bailiffs and other persons engaging in liberal professions in public law;
14) the representation of parties and of their interests in proceedings in court;
15) lotteries and gambling activities, including games of chance and betting transactions involving wagering a stake.
§ 4. Information to be submitted concerning service provider
(1) A service provider shall render directly and permanently accessible to the recipients of the service at least the following information:
1) the name of the service provider, its registry code and the name of the corresponding register, the service provider’s address and other contact details, including the electronic mail address;
2) its registration number if, for operation in the corresponding field of activity, registration in the register of economic activities is required by law, or its activity licence number;
3) if reference is made to the fee charged for the service, information on whether the fee includes taxes and delivery charges.
(2) In addition to the provisions of subsection (1) of this section, a service provider engaged in a regulated professional activity shall render directly and permanently accessible to the recipients of the service the following information;
1) the name of any professional body or similar institution with which the service provider is registered in connection with the provided service;
2) the professional title and the Member State where it has been granted;
3) a reference to the applicable professional rules in the Member State of the location of its place of business, and the means to access them.
§ 5. Commercial communications
(1) “Commercial communication” is any form of communication designed to promote, directly or indirectly, the goods, services or image of a service provider.
(2) A commercial communication shall comply with the following conditions:
1) the commercial communication shall be clearly identifiable as such;
2) the person on whose behalf the commercial communication is made shall be clearly identifiable;
3) promotional offers, such as discounts, premiums and gifts, promotional competitions and games, shall be clearly identifiable as such;
4) the conditions for participation in the promotional offers and commercial lotteries specified in clause 3) of this section shall be presented clearly.
(3) The following are not commercial communications:
1) information allowing direct access to the activity of a natural or legal person, in particular a domain name or an electronic-mail address;
2) communications relating to the image, goods or services of a service provider, compiled independently of the service provider.
§ 6. Transmission of commercial communications
(1) Service providers are permitted to transmit digital commercial communications to natural persons through a public data communication network only under the following conditions:
1) with the prior consent of the addressee,
2) if the addressee is informed, in a clear and unambiguous manner, of how to cancel the commercial communications in the future;
3) if the addressee is guaranteed the opportunity to realise the right to refuse the receipt of the commercial communication through the public data communication network.
(2) The service provider shall record the consent or refusal of an addressee specified in subsection (1) of this section.
(3) The obligation to prove the consent specified in clause (1) 1) of this section rests with the service provider.
(4) If an addressee refuses to receive digital commercial communications, the service provider is prohibited from transmitting such communications to the addressee.
§ 7. Contracts concluded through public data communication network
Contracts between service providers and recipients of their services through public data communication networks, where the parties are not simultaneously present, shall be concluded pursuant to the provisions of § 621 of the Law of Obligations Act (RT I 2001, 81, 487; 2002, 60, 374; 2003, 78, 523; 2004, 13, 86).
§ 8. Restricted liability upon mere transmission of information and provision of access to public data communications network
(1) Where a service is provided that consists of the mere transmission in a public data communication network of information provided by a recipient of the service, or the provision of access to a public data communication network, the service provider is not liable for the information transmitted, on condition that the provider:
1) does not initiate the transmission;
2) does not select the receiver of the transmission;
3) does not select or modify the information contained in the transmission.
(2) The acts of transmission and of provision of access in the meaning of subsection (1) of this section include the automatic, intermediate and transient storage of the information transmitted in so far as this takes place for the sole purpose of carrying out the transmission in the public data communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission.
§ 9. Restricted liability upon temporary storage of information in cache memory
Where a service is provided that consists of the transmission in a public data communication network of information provided by a recipient of the service, the service provider is not liable for the automatic, intermediate and temporary storage of that information, if the method of transmission concerned requires caching due to technical reasons and the caching is performed for the sole purpose of making more efficient the information's onward transmission to other recipients of the service upon their request, on condition that:
1) the provider does not modify the information;
2) the provider complies with conditions on access to the information;
3) the provider complies with rules regarding the updating of the information, specified in a manner widely recognised and used in the industry;
4) the provider does not interfere with the lawful use of technology, widely recognised and used by the industry, to obtain data on the use of the information;
5) the provider acts expeditiously to remove or to disable access to the information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of the transmission has been removed from the network, or access to it has been disabled, or that a court, the police or a state supervisory authority has ordered such removal.
§ 10. Restricted liability upon provision of information storage service
(1) Where a service is provided that consists of the storage of information provided by a recipient of the service, the service provider is not liable for the information stored at the request of a recipient of the service, on condition that:
1) the provider does not have actual knowledge of the contents of the information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent;
2) the provider, upon obtaining knowledge or awareness of the facts specified in clause 1) of this section, acts expeditiously to remove or to disable access to the information.
(2) Subsection (1) of this section shall not apply when the recipient of the service is acting under the authority or the control of the provider.
§ 11. No obligation to monitor
(1) A service provider specified in §§ 8–10 of this Act is not obligated to monitor information upon the mere transmission thereof or provision of access thereto, temporary storage thereof in cache memory or storage thereof at the request of the recipient of the service, nor is the service provider obligated to actively seek facts or circumstances indicating illegal activity.
(2) The provisions of subsection (1) of this section do not restrict the right of an official exercising supervision to request the disclosure of such information by a service provider.
(3) Service providers are required to promptly inform the competent supervisory authorities of alleged illegal activities undertaken or information provided by recipients of their services specified in §§ 8–10 of this Act, and to communicate to the competent authorities information enabling the identification of recipients of their service with whom they have storage agreements.
§ 12. Authorities exercising state supervision
Supervision over compliance with the requirements provided for in this Act for information that must be provided concerning service providers, for commercial communications and transmission thereof shall be exercised by the Communications Board and the Data Protection Inspectorate within the limits of their competence.
§ 13. Rights and obligations of officials exercising state supervision
(1) An official exercising state supervision has, within the limits of his or her competence, the right to:
1) check the compliance of service providers with the requirements provided for in this Act;
2) obtain information necessary for supervision from service providers;
3) issue precepts.
(2) An official exercising state supervision is required to:
1) provide, in the course of supervision activities, proof of his or her right to exercise supervision;
2) ensure the confidentiality of business and technical information obtained in the course of state supervision activities, unless otherwise provided by law.
§ 14. Precept of official exercising state supervision
(1) An official exercising state supervision shall:
1) call attention to the violation;
2) require termination of the offence;
3) demand that acts necessary for the lawful continuation of activities be performed.
(2) A precept shall set out:
1) the name and position of the person preparing the precept;
2) the date of preparation of the precept;
3) the name and address of the recipient of the precept;
4) the factual reasons for issue of the precept;
5) a clearly expressed request with reference to the relevant provisions of legislation;
6) the term for compliance with the precept;
7) amount of penalty payment to be imposed upon failure to comply with the precept;
8) the procedure for appealing against the precept.
(3) Upon failure to comply with a precept, an official exercising supervision may impose a penalty payment pursuant to the procedure provided for in the Substitutive Enforcement and Penalty Payment Act (RT I 2001, 50, 283; 94, 580). The maximum penalty payment shall be 10 000 kroons.
§ 15. Transmission of non-conforming information
(1) The provision of information society services which do not conform to the requirements provided for in this Act for information that must be provided concerning service providers, for commercial communications or transmission thereof is punishable by a fine of up to 300 fine units.
(2) The same act, if committed by a legal person, is punishable by a fine of up to 50 000 kroons.
§ 16. Proceedings
(1) The provisions of the General Part of the Penal Code (RT I 2001, 61, 364; 2002, 86, 504; 82, 480; 105, 612; 2003, 4, 22; 83, 557; 90, 601; 2004, 7, 40) and the Code of Misdemeanour Procedure (RT I 2002, 50, 313; 110, 654; 2003, 26, 156; 83, 557; 88, 590) shall apply to the misdemeanours provided for in § 15 of this Act.
(2) The following extra-judicial bodies shall conduct, within the limits of their competence, proceedings in matters of misdemeanours provided for in § 15 of this Act:
1) the Communications Board;
2) the Data Protection Inspectorate.
§ 17. Amendment of Technical Regulations and Standards Act
The Technical Regulations and Standards Act (RT I 1999, 29, 398; 2000, 29, 169; 78, 495; 2002, 32, 186; 99, 580; 2003, 88, 594; 2004, 2, 8) is amended as follows:
1) subsection 2 (6) is amended and worded as follows:
“(6) Information society services are the services provided for in clause 2 1) of the Information Society Services Act.”;
2) subsection 2 (7) is repealed.
§ 18. Entry into force of Act
This Act enters into force on 1 May 2004.
———————————————————————————————————————–
(1) This Act meets the requirements arising from Directive 2000/31/EC of the European Parliament and of the Council on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (OJ nº L, 178, 17.7.2000 p. 1).