Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2002 >  March 2002 >  Electronic Signature Regulations now in force in UK

Electronic Signature Regulations now in force in UK

OUT-LAW News, 11/03/2002

On 8th March 2002, new laws came into force in the UK implementing an EU Directive on electronic signatures which should have been incorporated in full into the laws of all Member States by July 2001.

The Electronic Signature Regulations have been made under the Electronic Communications Act of 2000 which implemented only part of the EU Directive before the deadline. The Regulations are now in force following a short consultation period on a draft version of them which ended on 12th February.

The Electronic Communications Act was passed in June 2000 and parts of it came into force the following month. The Act deals with the legal recognition of electronic signatures and the process under which they are verified, generated or communicated, and the removal of obstacles in other legislation to the use of electronic communication and storage in place of paper.

The Regulations are limited in scope, addressing only the supervision and liability of Certification Service Providers (CSPs) and certain issues of data protection.

CSPs are businesses that issue certificates in support of electronic signatures. The certificate links signature verification data to a person and confirms the identity of that person. Under the regulations, the Secretary of State is given the duty of reviewing CSP activities and setting up a register of those CSPs that issue qualified certificates (a certificate meeting certain criteria) to the public.

The Regulations also impose liability on CSPs to the extent that they either issue or guarantee qualified certificates to the public. In such circumstances, a CSP is liable to anybody relying on the certificate for, among other things, the accuracy of the information contained within the certificate at the time of issue.

CSPs established in the UK are now bound by a data protection rule which provides that personal data (such as an e-mail address) may only be obtained directly from the data subject for the purpose of issuing or maintaining the certificate or, if obtained indirectly, only with the explicit consent of the data subject. The personal data must only be processed insofar as it is absolutely necessary for the issuing and maintaining of the certificate or if the data subject has explicitly agreed other purposes than the purpose for which consent has been given.

 

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.