Abstract
Corporate social responsibility (CSR) has an impact on many areas of society, and it has recently been active in the digital space, a growing area of business activity. However, certain factors prevent it from firmly establishing itself in this area. One of these factors is the lack of user trust. Certain instruments have been created to address this issue, such as codes of conduct that seek to mitigate the causes of distrust by making significant improvements in the regulations and ethical standards applicable to business transactions. These instruments are the product of industry self-regulation and complement rather than substitute for effective legal regulations. In light of some European Community (EC) directives, European legislators are addressing certain issues in this area, especially unfair business practices.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
Introduction
In recent years, the business world has become aware of the need and benefits of having codes of conduct that express its position on a number of issues, including the workplace, finance, the environment, customer relationships, and dealing with suppliers. These written documents are openly available so that the public can observe how individual companies apply the best practices in certain areas of their operations.
The most common method for integrating ethics into the management practices of a company is the creation and formalization of various written documents into a statement of corporate ethics. There is a growing trend of establishing formal corporate ethics documents that function as a foundation for the development of corporate culture. The philosophical bases of these documents are human virtues, generally accepted social values, and universal ethical principles. In the academic and business worlds, the term “code of conduct” usually refers to documents that contain the principles or rules that guide a company’s ethical conduct (Melé et al. 2006).
An initiative for creating a code of conduct is part of what is known as corporate social responsibility (CSR), a term that has no universally accepted meaning.
Some say that CSR activities are nothing but a marketing strategy. This view contends that CSR activities seek to increase profitability by improving a company’s image (Griffin and Mahon 1997; Simpson and Kohers 2002). However, some empirical studies do not identify a positive relationship between CSR and profitability (Mcwilliams and Siegel 2000; Omran et al. 2002).
In our opinion, this view can be defended when there is no independent and impartial body that evaluates compliance with a code of conduct (when it is a code of conduct that was unilaterally created and applied by the company itself). Indeed, not all companies conduct audits to assess compliance with the code of conduct (with a robust ethical component) that they have voluntarily implemented.
A unilateral code of conduct—created and applied by a company with no monitoring body to verify compliance—can be viewed as a simple, unilateral declaration of will, largely conceived as a strategy for enhancing a company’s image. It is likely that the passage of time has led to slightly more sophistication in both the presentation and possibly even the practice of codes of conduct. To some extent, it is clear that these best practice documents are intended to improve the public image of the companies that implement them.
However, when a code of conduct created by a third party also has an impartial and independent monitoring body that a company voluntarily complies with, a positive view of this situation should be taken since it demonstrates the company’s transparency. A company can then have a broad scope and address all aspects of CSR or only one specific aspect. At this point, Internet self-regulation comes into play.
Internet self-regulation enables codes of conduct to be implemented in the digital field. These codes include articles containing the best legal and ethical practices in digital commerce, and they are managed by entities independent of the subscribing companies. They include all the current legislation pertinent to online business (consolidating such regulations into a single document), plus the additional benefits of ethical standards that offer more consumer protections than the law provides. The code of conduct will involve establishing certain guarantees that go beyond partially mandatory law. Therefore, contractual clauses that are more beneficial than the minimum legal regulations for the consumer and/or user are valid. The so-called partially mandatory rules (from German doctrine Halbzwingende Vorschriften) are applied, which are modifiable only for the benefit of the consumer but not vice versa.
The autonomy of will principle seems to be making solid inroads into the Internet and other converging technologies, and this principle has been revived by the business world to benefit potential consumers and/or users by providing new and promising customer acquisition channels. These scenarios are largely characterized by rapid changes in technology, followed by the requisite legal changes. The premature aging and subsequent abandonment of seemingly new structures are prevalent, as is the questioning of traditionally accepted truths, the legislative branch of government, and various territorial entities (such as autonomous areas or regions, nations, and in our case the European Union). This situation has been evolving for more than a decade, making a strong argument for a legal order in which self-regulation plays an important role that complements current legislation. This is particularly true for new technologies.
The self-regulation analyzed in this study requires an examination of certain issues regarding this type of initiative on the part of regulated entities, although it is sometimes fostered by the public sector. It is a private sector, not a public sector, initiative and is therefore not binding. Regardless, once the company has adhered to the code of conduct, its compliance is mandatory. In other words, its adherence is voluntary, but if it freely chooses to integrate itself into a system of self-discipline, the commitments assumed under the code of conduct must necessarily be respected. If they are not observed, an unfair commercial practice will unfold, as we show below.
Self-regulation is not a recent phenomenon. Any organization or subject is self-regulating, in one way or another. Self-regulation is legally relevant when it goes beyond the original private or domestic framework and exerts its effects on a notably wider range of activities. In some cases, it will have a supranational reach and involve government authorities.
During the twentieth century, standards of conduct were generally considered to be only marginally effective in regulating social behavior. There was a general belief at that time that the norms of self-regulation were not legally binding and were only proposed moral standards; thus, there was minimal compliance with ethics codes. However, the current environment examined in this study has changed markedly.
An Assessment of Corporate Social Responsibility (CSR)
We are witnessing an unprecedented social and business revolution. The concept of the company as an organization that plays a leading role in a free society and that is not exclusively dedicated to the generation of wealth and employment is being more widely accepted. Thus, the Friedman school is losing credibility, as it contends that the only responsibility of a business is to maximize profit within the limits established by the law and commercial practices.
Notably, the concept of the company has recently evolved into the model of the socially responsible company. In this regard, the idea that a company can be reduced to a legal artifice that consists only of a series of private contracts ignores the idea that a company is a collection, coalition, or association of economic agents distinct from the individuals working in the company. The set of resources accumulated by the organization and its participants through external and internal social relationships constitutes its social capital.
In addition, Freeman and Evan’s (1990) stakeholder theory states that by appropriately considering the needs of various stakeholders, managers can increase the efficiency with which their organizations adapt to external demands.
Businesses currently coexist in a highly competitive environment that forces them to differentiate themselves in every way to survive in international markets, which includes the digital realm, one of the newest business sectors.
The term “corporate social responsibility” has no universally accepted meaning, although it represents something akin to the communication of values. That said, CSR continues to be a nebulous term that translates into a range of different activities and objectives, depending on the company, entity, or organization.
Providing a generally accepted definition of corporate or business social responsibility is not an easy task. Such a definition would depend on, among other variables, the geographical scope, ideological assumptions, the scientific, economic, or sociological perspective itself or the political theory based on which the researcher approaches this topic. CSR can be defined as the set of domestic and international legal and ethical obligations and commitments to the organization’s stakeholders, derived from the impacts that the organization’s activities and operations have in the social, work, environmental, and human rights arenas.
One of the most widely accepted definitions is from the European Commission’s green paper on CSR, which defines it as “a concept whereby companies integrate social and environmental concerns in their business operations and in their interaction with their stakeholders on a voluntary basis.” The United Nations, on the other hand, argues that “Business has a social responsibility and moral duty to use the power of markets to make globalization a positive force for all.” The raison d’être of CSR is that companies have a commitment that goes beyond financial and commercial responsibilities (Hopkins 1999). Most CSR definitions implicitly include business ethics and the relevance of stakeholders beyond owners (Schmidheiny et al. 1997; Feigerlová and Pauknerová 2020). In other words, CSR has become a key activity in many corporations because it is considered the right thing to do (Gan 2006; Allen and Peloza 2015).
An increasing number of companies are now willing to fully assume their social responsibility since they recognize that in today’s market economy, legitimacy to operate must be granted by all of the organization’s agents or interest groups (Yan 2019).
There is a twofold consideration to discuss here. First, CSR is neither an end nor a means; rather, it is a basic principle that should broadly govern a company’s set of business activities and should be present in any decision-making process. Second, CSR is closely related to the predisposition to take business behavior to a higher level, one in which such behavior is consistent with the norms, values, and social expectations of all groups within and surrounding the organization but, at the same time, the primacy of the organization’s economic function and domestic regulatory mandates is recognized.
Although only businesses can take on social responsibility, other interested parties—stakeholders (all those who have an interest in or a relationship with the company, such as workers, investors, and consumers)—can play a fundamental role in urging companies to adopt socially responsible practices (Embid Irujo 2004, 2006a; Eguidazu Palacios 2006; Moneva Abadía 2006; Díaz-Perdomo et al. 2020).
However, in the vast majority of cases, a company’s adoption of CSR has more to do with achieving its own strategic objectives than with moral issues (Escamilla Solano et al. 2019). The reality that can be observed on a daily basis is that companies and organizations manipulate values in a seemingly frivolous manner that is almost exclusively oriented toward business interests and image enhancement. Similarly, it seems that businesses are motivated to build and communicate their corporate values because doing so generates significant dividends and enhances an organization’s image and reputation in comparison with the competition.
However, this assessment is not accurate since it does not address the essence of what, as we shall see, is happening in the knowledge society and, in particular, with the codes of conduct regulating commercial transactions. Businesses that have committed to adhering to a code of conduct must change their behaviors accordingly. Otherwise, their potential consumers and/or users may be able to demand compliance, as measured by an appropriate monitoring body that manages the respective code of conduct. Thus, if a noncompliant company does not remediate an infraction, it may be expelled based on the self-disciplining mechanism linked to the code of conduct (Darnaculleta and Gardella 2008). The monitoring body could actively publicize an expulsion or similar penalty, resulting in significant harm to the image or reputation of the noncompliant company.
The new socially responsible measures that we will examine can help to significantly improve how a company operates on the Internet, and they can indirectly improve its bottom line, thereby strengthening its competitive position (Kramer and Porter 2003). The financial cost of social responsibility can sometimes be high, but social responsibility can provide significant value for a company’s image or reputation. In the digital world, this will translate into a substantial sense of consumer and/or user trust when conducting business with a company committed to the best available legal and ethical practices, as documented in the code of conduct that the company has adopted (Sharma and Lijuan 2014). In the case of e-contracting, consumer trust seems to be a prerequisite and an indispensable condition for the comprehensive development of e-commerce. It is, therefore, essential to guarantee that consumer interests in the online environment will be protected just as well as or even better than in the physical world. From a meta-legal perspective, trust is an indicator of the absence of risk or of the level of risk mitigation since we all strive to control the risks in our lives and to avoid uncontrolled risks. This value grows as expectations are satisfied and is entirely subjective.
The priorities of pursuing material gain and earning a profit in economic activities are usually taken for granted. However, they are not the only goals or business priorities since certain ethical values are conspicuously present and, sometimes, publicly recognized (Sen 2003). Ethics is an inherent part of business activity (Frontrodona Felip et al. 1998); however, until recently, there has been scant research on this topic (Kaptein and Schwartz 2008). In this regard, three viewpoints should be discussed. First, companies and organizations are, in their own way, analogically moral agents (Goodpaster and Matthews 1982). Second, it is appropriate to speak not only of ethics within a company but also of business ethics. This leads to the third viewpoint, which is that an organization has values—or nonvalues—beyond its profit orientation, which are the organization’s ethics. These organizational ethics will necessarily look different from individual morality.
One of the visible manifestations of corporate commitment to ethical behavior is a written code of conduct (Alexander and Harding 2003). The term “code of conduct” refers to certain rules of “correct” behavior established by associations involved in a particular sector of business activity (in our case, the digital environment), with the objective of establishing norms of reciprocal behavior among themselves and other economic agents.
Business codes of conduct have clear origins in the corporate world, as they were developed by companies to formulate their own internal rules of operation, although they sometimes also contained principles for interacting with other companies and potential consumers and/or users. In this regard, some contend that consumer transactions with online sellers increase in proportion to their positive perceptions of the ethics of these sellers (Lu et al. 2013; Bauman and Bachmann 2017; Sullivan and Kim 2018).
In general, codes of ethics are intended to communicate an organization’s character or to highlight compliance with certain practices. Since the success of a business largely depends on consumer trust, widespread unethical activity leads to a loss of market sentiment, making it difficult for the business to survive (Qu et al 2017; Hallikainen and Laukkanen 2018). In fact, information security and privacy are some of the main drivers for digital companies to promote practices that generate trust in the virtual world (Sharma and Lijuan 2014; Lee et al 2018).
Codes of conduct now play an important role as a CSR management tool. We are witnessing a significant proliferation of businesses adopting codes of conduct. In fact, practically all professional associations, sectors of business activity, conglomerates, organizations, institutions, or groups have considered the development of conduct guidelines in some form or other, have drafted codes of conduct, or even have a tradition of conduct norms (Cowton and Thompson 2000). If self-regulatory instruments are accompanied by institutionalized sanctions, it is safe to assume that people will typically comply with them. According to human behavior theory, with respect to the expected benefit of noncompliance, compliance will be inversely proportional to the severity of sanctions and the probability that they will be applied (Becker 1993).
In this study, we discuss the characteristics of codes of conduct, a product of self-regulation, in digital business. It has become relatively common for companies, especially those that operate transnationally, to have established a code of conduct to inform the public of their governing commitments and principles. It is also common in certain fields such as virtual environments to adhere to a code of conduct managed by an independent and impartial third party that provides a high-quality regulatory function. Although these instruments have certain commonalities with typical business codes of conduct, they feature some special attributes that we discuss in this paper.
Self-regulation: Concepts and Attributes
In recent years, we have all witnessed, and in some cases been the protagonists of, a vigorous push, propelled by various forces, for “soft law.” Soft law is quasilegal, nonbinding law that is mostly oriented toward the protection of consumers and/or users in digital matters. While it does not have the weight of legal norms, nonbinding or voluntary law is a set of instruments that can significantly affect the legislative panorama and promote the legal standardization of certain practices (Lachaud 2018). Similarly, nonbinding law can facilitate the interpretation of legal norms affected by CSR activities (Embid Irujo 2006b). Notably, although soft law is not legally binding, this fact does not imply that it completely lacks any legal force. In fact, the practices addressed in soft laws exist within reference frameworks established by public entities.
The possibility that private organizations and subjects can also pursue general interests must be recognized. Similarly, certain private normative instruments created by these private entities can be an important tool for public administration as well.
Self-regulation involves the observance of certain standards of conduct—ethical principles and standards—the fulfillment of which has been previously established as an objective. At the same time, it is also an expression by a particular industry sector of a commitment to social responsibility.
Since self-regulation is more informal than legislation and lacks the coercive power of a government entity, it can be very ineffective if it is not supported by a favorable cultural environment and all the parties involved.
Additionally, self-regulation cannot become an excuse to relieve lawmakers of their obligations. Rather, it is a complement to legislation that is inevitably very general and ambiguous.
Globalization and the unfettered pace of technological innovation in various sectors, especially the Internet, make it difficult to anticipate all the problems that may arise in areas such as the protection of consumers and/or electronic users. There is a framework that facilitates the creation of procedures that enable appropriate solutions for all. In turn, government authorities are required to constantly monitor the policies that define these protections (Barkatullah and Djumadi 2018).
We can argue that the professionalization of the business sector leads to its own self-regulation. Regulatory pressure from government authorities, who tend to encourage and sometimes even impose self-regulation, is simply a manifestation of the need to improve the professionalism of companies. They all must acquire more specialized knowledge and take more responsibility for the risks of putting that knowledge into practice. In short, they must have a better service orientation (in our case, e-commerce) toward their consumers and/or users.
The higher the level of professionalism of those engaged in a given activity is, the higher the degree of voluntary compliance with the rules governing that activity. This is true regardless of whether the rules are legal and binding or the product of self-regulation.
The application of self-regulation is particularly appropriate in areas where experience has shown that legal consumer protection is lacking. In such cases, voluntary participation by the consumers and users targeted by those who create and market products, as well as by information service providers, increasingly appears to be an unavoidable element for ensuring adequate consumer protections. This voluntary participation takes place within an interesting private protection mechanism that complements other public regulatory instruments, resulting in a greater degree of protection for consumers and users.
Clearly, self-regulation takes place between society and government, between the private and the public. This is inherent to the type of self-discipline discussed here that emerges from the private sector to gain public relevance. In fact, the major finding regarding self-regulation is that there is no government-private sector schism since self-regulation does not entail a complete separation of the two. On the contrary, self-regulation allows this new product of society to fully develop and empower the creative capacity of private subjects, who can then use, collect, and organize it while public and private interests converge.
The essence of self-regulation is that it is based on the options, rules, and decisions of actors in the marketplace, while legal regulations are created based on decisions made by government authorities. As the term itself indicates, self-regulation does not mean the absence of standards or regulations. Rather, its meaning derives from the fact that rules are adopted in a completely voluntary manner, although they may have been fueled by different interests.
There are two main reasons why private organizations self-regulate. First, they want to fill a gap that lawmakers are unable or unwilling to fill. Second, they choose to comply with rules that are stricter than those imposed by the legal system (even when they themselves drafted those rules) to earn high levels of trust from those on the potential receiving end of these rules (i.e., potential consumers and users). In this regard, one example is a private association that approves or voluntarily submits to a code of conduct.
Currently, the prevailing idea is that pure self-regulation is not the most convenient; instead, there is increasingly more support for the theory of mixed self-regulation or coregulation, of which success lies in collaborating with the government either for the creation of codes or for the granting of certain prerogatives to those with certain demands so that it becomes, in the last instance, the entity in charge of resolving controversies raised in the field of self-regulation systems.
The position to which we have just referred was glimpsed decades ago, specifically in the 1980s, by authors such as Boddewyn (1992), who, in taking into account relations emerging between the government and private individuals or agents, listed up to four different systems of self-regulation. First, there is Pure Self-Regulation, where standards are developed, used, and complied with by the industry involved in the system. Second, there is Coopted Self-Regulation, according to which the industry, on its own will, involves third parties such as consumers, government representatives, and experts in the field in creating, developing, and complying with standards that will govern the system of self-regulation. Third, we have Negotiated Self-Regulation, where the industry voluntarily negotiates the creation and development of standards and their compliance with outsiders or third parties, which may include consumer associations or a government department. Fourth and lastly, with Mandated Self-Regulation, the government orders the industry to create, develop, and comply with regulations so that they can coercively regulate themselves.
What makes self-regulation a legally relevant phenomenon is that it must be considered by public authorities? We are thus faced with a situation in which Anglo-Saxon jurisprudence maintains a very defined position, since the determining factor is not public interest, which it considers in its initial manifestations, but governmental interest or the interest of public powers beyond what that strictly affects the government (Black 1996).
Codes of Conduct: A Paradigm for E-commerce Self-regulation
Codes of conduct are sometimes integrated into what can be called a system of self-regulation. For their coexistence, two assumptions must be applied: the documentation of good practices or codes of conduct and the presence of an impartial and independent control body responsible for ensuring full compliance. A lack of prescriptive assumptions or their malfunctioning will lead the system to, in addition to being ineffective, be incomplete. Next, we discuss certain considerations regarding each of the aforementioned factors.
On the one hand, the documentation of good practices or codes of conduct will imply the establishment of certain guarantees that go beyond legislation, which is a requirement for us to find ourselves before a true document of good practices because otherwise, we could be faced with a mere legislative compilation or a more or less didactic explanation of the prevailing regulations. The document of good practices would govern, in its entirety, improvements performed (both legal and ethical) with respect to the potential consumer and/or user, but not in the downgrading of consumer protective legislation. In other words, when the legal norm is partially mandatory, its content cannot be excluded to the detriment of the party the law is intended to protect. Among other aspects, the norm will regulate issues related to hiring and interactive advertising, which is publicly known to society in general, making it possible to consult it electronically and enabling its consistency, at a minimum, within the languages of the places of establishment of the companies adhering to them.
On the other hand, the second assumption to which we allude concerns the independent control body established, where appropriate, to resolve disputes between affiliated companies and consumers or users who, in one way or another, undertake the contracting or provision of a good and/or service, including activities aimed at promoting interactive advertising. In other words, the extrajudicial dispute resolution mechanism will rule on the existence or nonexistence of a possible violation of the good practices document (a code of conduct) in which it is integrated, imposing, where appropriate, the sanction that proceeds according to the articles of the latter.
There are certain legal standards in various European nations that establish the need for codes of conduct to regulate e-commerce. One such regulation in Spain is Law 34/2002, Article 18 (11 July), on Information Service Providers and Electronic Commerce. Article 18 provides directional guidance more than regulatory strictures, which are almost nonexistent in this statute. The community legislator also seeks to promote codes of conduct. In this sense, it is worth mentioning, among others, Article 5 of Directive 84/450/CEE of September 10, 1984 on misleading advertising as amended by Directive 97/55/CEE of October 6, 1997 and Article 16 of Directive 2000/31/CE of June 8 on certain legal aspects of information society services and e-commerce in the internal market in particular. Codes of conduct should not be limited to reiterating the law; rather, they should also be designed to encompass certain areas such as technology, in general, and e-commerce, in particular. In other words, they must go beyond the legal statute in the areas they pretend to govern. In fact, they must specify the general principles established in the law when they are being adapted to specific circumstances.
One should not assume that all codes of conduct are very similar, regardless of where they are implemented. This is not the case at all—it is an assumption that reveals an ignorance of the details of codes of conduct. While they may share common themes or topics, most often there will be significant differences.
Importantly, for a code of conduct to be effective, it must contain a documented process for its own modification and be considered a living document. By their very nature, policies regarding business ethics must be dynamic since practical views about what is fair and right—both for organizations and for society overall—change over time, while the foundational principles are preserved.
One of the most significant characteristics of codes of conduct is that they fill the space between ethical standards and positive regulatory provisions but without being either one or the other. A nuance of the current codes of conduct in e-commerce is that although compliance is voluntary, they provide more guaranteed protections of consumers and/or users than the relevant government legislation. Once an information service provider formally implements a code of conduct, it has the binding force of law between the contracting parties (the information service provider and the entity managing the self-regulatory system of which the code of conduct is a part). By establishing membership (the fact that some of the rules in codes of conduct have a distinct ethical bias notwithstanding), they enhance the base level of consumer protection provided by the law. Potential consumers and users who benefit from these protections have the right to request the full content of these codes of conduct.
The contractual legal relationship, that is, the obligatory relationship established by the e-contract between the information service provider and the consumer and/or user, is an economic relationship regulated by the legal norms or rules agreed upon between the service provider and the entity managing the self-regulatory system. It is incorporated in good faith (a general legal principle) into the code of conduct by its use (habitual or normative use) and by law. The behavioral model that good faith entails has an element of loyalty toward achieving the proposed goal, as well as an element of safeguarding the trust placed in each party’s behavior since it assumes a certain goodwill in the reciprocal behavior of the contracting parties. In contractual relationships, the principle of good faith is associated with trust and honesty. Specific applications of the good faith principle in business are prevalent in activities that involve mutual trust. Consequently, good faith is especially important in bilateral or multilateral endeavors. It is a fundamental pillar of the law of obligations, especially in e-contracts.
In this regard, it should be noted that the ethics content (in a code of conduct) is not equivalent to a company’s or an organization’s compliance with its legal obligations. Legality is an ethical principle since compliance with the law is ethically obligatory. However, as previously stated, organizational ethics are not reduced to that moral minimum. In fact, ethics often implies going above and beyond the law. Here, one of the main features of CSR can be observed.
Some codes of conduct have not been applied because they have not been properly formalized or because no one is responsible for enforcing them. In other words, for a code of conduct to be effective, it must be enforceable (Raiborn and Payne 1990; Nitsch et al. 2005). The greatest potential for effective self-regulation is seen in organizations that have an appropriate level of maturity and development and that are able to apply internal codes and voluntary technical standards as a matter of course, as if they were positive law.
The codes of conduct promoted by European Community (EC) legislators and, subsequently, by Spanish legislators are appropriate instruments for regulating the business sectors that directly or indirectly participate in e-commerce. That is, they are an ideal tool for implementing the EC’s goal of unifying fragmented consumer groups. This lack of unity weakens the EC’s position vis-à-vis the business community; thus, self-regulation is a truly significant step toward giving consumers a more powerful voice in the European Union.
Furthermore, codes of conduct cannot establish rules that are more permissive than the minimum required by law, nor can they openly contradict mandatory law (López Jiménez et al. 2020). Consequently, codes of conduct cannot lower legal standards established by law, whether mandatory or partially mandatory, to benefit consumers. However, they can indeed significantly improve existing guidance applicable to potential consumers and/or users, which is a weak area in e-commerce contracts.
The code of conduct is the most widely used instrument for establishing trust in the self-regulation of e-commerce, and it is made possible by virtue of the principle of autonomy of will. The rules presented in best practice documents for e-commerce are a manifestation of self-regulation. In other words, they are autonomous rules emanating from the principle of autonomy of will that is based on Article 1255 of the Spanish Civil Code, which recognizes the regulatory power of autonomy of will in contracts. Contractual rules are similar to legal regulations in that the contracting parties must adapt their behavior to fulfill the terms of the contract. However, since it is born from legislative power, a legal regulation is heteronomous—it is general and abstract. On the other hand, a contractual rule is autonomous since it is born from the will of the contracting parties—it is private, specific, and concrete.
We must stipulate that codes of conduct consist of a set of rules that are deontological in nature (Vázquez Fernández 1991; Santaella López 2003; Barkatullah and Djumadi 2018). That is, they represent the best professional practices that provide a high level of legal security. It is this security that results in their target groups, whose trust is critical for the success of e-commerce, taking a positive view of them. Since codes of conduct are governed by the autonomy of will of the parties, the information used for their approval will be more extensive and complete. Moreover, their content will seek to protect the interests of the parties concerned in a more equitable manner.
In e-commerce, codes of conduct are voluntary documents (Lachaud 2018). They include a set of principles, rules, and practices that are certified by an independent third party. While they are being drafted, these documents consider the interests of consumer and user organizations, disabled individuals, or other affected groups. They regulate matters relating to precontractual, contractual, and postcontractual procedures (in e-contracting) without involving other issues, such as interactive advertising, security, privacy, accessibility, the comprehensive protection of minors, and other related issues.
The rules presented in codes of conduct are usually much more focused on the specific problem at hand since the people who are closest to the problem have created these codes. The various groups that interact in e-commerce include the following: consumers and users, businesspeople, public officials, and other agents with potential impacts. The future projections of such texts, the result of self-regulation, may well depart from their ethical and in some cases even contractual nature to become effective normative bodies with the close cooperation of public authorities. Moreover, in this sense, some countries have coined a certain expression to refer to codes of conduct developed between businessmen, consumers, and public authorities, which are institutional or functional codes (Garvin 1983).
While almost all European countries are aware of the benefits of codes of conduct, they apply them differently in the area of e-commerce. For example, Denmark, Sweden, Austria, and Finland use codes of conduct to supplement general legislation, and the entities responsible for consumer issues are heavily involved in creating such codes. The United Kingdom, Ireland, and the Netherlands use codes of conduct widely, although the government entities responsible for consumer affairs have a less formal role. Finally, as a complement to general regulation, self-regulation is much less developed in countries such as Spain, where it is a relatively recent phenomenon and where the country’s legal tradition and socioeconomic structure make mandatory rules a better option.
Compliance with the articles of a code of conduct is a contractual commitment between the companies adhering to the code and the entity managing the self-regulatory system of which the code is a part. The day-to-day management of the code is the responsibility of the monitoring body, while the resolution of disputes between member companies and consumers and/or users is the purview of specified extrajudicial mediation entities.
The ethics content of e-commerce self-monitoring systems does not conflict with the judicial function exclusively entrusted to judges and courts. According to Article 117.3 of the Spanish Constitution, the judicial function consists of the power to judge and enforce judicial decisions, and there is no conflict or overlap between this function and e-commerce self-regulatory systems. Extrajudicial dispute resolution bodies will issue decisions only on the ethical or deontological correctness of the issue submitted to them.
Almost always, the existing body of law must frame any discussion of ethical behavior. Therefore, the first ethical mandate that e-commerce self-regulatory systems must fulfill is the need to align e-commerce transactions with current legislation.
Consumers require mechanisms that are quick and inexpensive or even free, since the price of the contracted good or service is often low. These mechanisms must also be effective in resolving disputes that may arise between the parties that have entered into a contractual relationship.
Another feature of self-regulatory systems is that the processing of complaints by consumers and/or users is free. They do not incur any cost for the resolution of the dispute due to the procedures created by the self-disciplinary bodies, unlike the costs inherent to using judicial mechanisms. These judicial processes not only entail high costs for the litigants but also very frequently involve a long wait for the resolution of the dispute by the judges and magistrates presiding over the matter in civil court. The purpose of this reference to judges and magistrates is to highlight the fact that extrajudicial conflict resolution is usually presided over by experts in the field who offer a better chance of providing an appropriate solution to the dispute.
Finally, in line with what has been highlighted, it is worth mentioning that self-regulation systems, with the aim of solving the difference that separates parties (entrepreneurs, and consumers or users), have established mediation. By virtue of the latter, an attempt is made to prevent the conflict from reaching the judicial or extrajudicial dispute resolution mechanisms that govern e-contracting and interactive advertising. In recent years, one of the essential objectives of the European Union has been to improve citizens’ access to justice. Directive 2008/52 of May 21 on mediation in civil and commercial matters has served as an important step in this direction, since, among other aspects, it invites Member States to reflect on the role of Alternative Dispute Resolution. From the aforementioned Directive, Member States are urged to promote mediation in all of their mandates, promote the initial and continuing training of mediators and specialized organizations, and develop codes of conduct that serve as a guide in this realm. Mediation is a friendly and peaceful system, despite not binding and thus lacking the decision-making power of dispute resolution. At all times, parties have the power to negotiate and determine applicable regulations. The mediator acts as a neutral third party who facilitates communication between the parties while guaranteeing confidentiality for the resolution of the dispute that faces them. The presence of good faith between the parties is essential, since they must behave as collaborators and not as adversaries with the goal of resolving the conflict that separates them.
Noncompliance with Codes of Conduct as an Unfair Commercial Practice
Adherence to an e-commerce code of conduct allows a company to display certain accreditation symbols, like a trust badge or seal. The ability to display this type of badge has a beneficial impact on a company’s image, as it is widely recognized by other businesses (competitors) and by current or potential consumers and/or users (Kuhlmann 1990; Bock 2000; Gierl and Winkler 2000; Russell and Lane 2002; Kroeber-Riel and Weinberg 2003; Özpolat and Jank 2015; Mattison Thompson et al 2019). Thus, participation in a self-regulation mechanism provides added value to a company, and protecting consumers through self-regulation to retain their trust is in the interest of companies that self-regulate. If as a management tool, e-commerce self-regulation generates trust at a macro level, then each individual code of conduct has the same effect on its subscribers.
The trust badges displayed on the websites of companies that adhere to a self-regulatory system enable consumers to choose between those that are publicly committed to best business and ethical practices and those that are not (Mattison Thompson et al 2019). Only the former offer added value to the product or service being marketed. Furthermore, customers will choose the website of a business that offers higher added value over the websites of other vendors; thus, this added value represents a competitive advantage (Chen et al. 2013). Therefore, consumer loyalty in e-commerce is partly due to the added value perceived by customers (Frost et al. 2010; Seckler et al. 2015; Kim et al. 2016).
Displaying a trust badge that represents adherence to a certain self-regulatory system means that the business displaying it is committed to complying, in all its activities, with the corresponding code of conduct. These trust badges constitute a recognition of the quality of the companies that earn and display them, as they seek better positioning in the market. A benefit of the prestige that such badges represent is that this prestige translates into more e-commerce transactions. A click on the trust badge will link to the text of the code of conduct (McCabe et al. 1996; Chonko et al. 2003).
In the Anglo-Saxon world, especially in the United States, there is a growing belief that breaches of a company’s own code of conduct (particularly when it is used as a marketing tool or for promoting the company’s corporate image) represent acts of unfair competition, specifically deceitful acts and misleading advertising (Lu 2000).
This notion is gaining ground in Europe, as Directive 2005/29/EC of the European Parliament and of the Council (11 May 2005) concerning unfair business-to-consumer commercial practices in the internal market (“Unfair Commercial Practices Directive”) marks an important step in the integration of self-regulatory systems with the unfair competition legal regime. Indeed, in certain circumstances, unfair commercial practices include noncompliance with the commitments in codes of conduct.
In this regard, Article 6(2)(b) of a proposed version of Directive 2005/29/EC detailed the commercial practices considered to be misleading, including the failure to comply with a code of conduct, if such codes and the companies adhering to them had been made public (López Jiménez et al. 2013). If this language had been approved, it would have seriously hindered the growth of self-regulation since by imposing a heavy cost of compliance, it would have discouraged the adoption of codes of conduct.
Article 6(2)(b) of the version that was ultimately adopted appropriately considers noncompliance with a code of conduct to be a misleading commercial practice only when a business explicitly mentions its adoption of such a code in its statements of commercial practices. The underlying rationale of Article 6(2)(b) is that when a business publicizes its adoption of a code of conduct, legitimate expectations are produced. Thus, when a company does not comply with the commitments in its code of conduct, such behavior is considered to be a false claim and, therefore, an unfair practice under Directive 2005/29/EC.
Regardless, the final wording of the Directive should not be interpreted to mean that a simple violation by a business of its code of conduct is considered an unfair practice; rather, it means that an unfair practice occurs if a business violates the code and then fails to comply with the decision of the code’s supervisory body regarding the violation. In other words, two conditions need to exist for a code of conduct violation to be considered an unfair commercial practice under the Directive. First, the business has explicitly stated its compliance with the code in its advertising, and second, the business has failed to comply with a decision by the monitoring body responsible for applying the code.
Thus, an unfair practice occurs only when a business explicitly pledges to follow certain “best practices.” A violation of a code of conduct should not be considered fraudulent if the company has only expressed its intention to make a “best effort.”
Notably, in this regard, two types of penalties may be imposed on a company that violates its code of ethics. First, the monitoring body of the self-regulatory system may decide, depending on the seriousness of the case, to issue a simple warning, to suspend rights, or to expel the company in question (Ferrell and Hartline 2014). The penalties imposed may be actively publicized. Second, the appropriate public authorities may impose a legal penalty for violations of applicable regulations. There are cases in which certain systems of self-discipline can be pronounced, generally taking the form of nonbinding opinions among nonadhering companies. Thus, a claim can be presented to third parties for having violated the articles of the ethical code in question, which, we insist, are not obliged to observe. In the latter case, the control body, normally at the request of a party, will assess the behavior of the company that violates the corresponding ethical code. Such ruling will only have the value of mere opinion, so unless the company has assumed the competence of the control body, it is not obliged, in any way, to observe.
Regardless, it is worth mentioning the various reasons why the service provider may not adhere to a code of conduct at a certain point in time. On the one hand, given that entrepreneurs are completely free to decide when they wish to enter and leave the self-regulation system—in which the document that we could call good practices is integrated—they can express their willingness to stop being linked by the aforementioned document, giving, where appropriate, timely notice from a certain date. On the other hand, the abandonment of the system of self-discipline may not follow a voluntary decision made by the entrepreneur, who up to that moment had been adhering, but may have happened as a result of the sanctioning activity of the control body. Note that particularly serious cases can determine the conveniently publicized expulsion of the associate.
Additionally, under the Unfair Commercial Practices Directive, a misleading practice occurs when a business or professional presents the rights granted by law to consumers or users as if they were a distinctive feature of the product or service offered. Furthermore, when a service provider displays a trust badge that advertises adherence to a code of conduct that merely restates what the law provides, such a display is also considered to be a misleading practice. Moreover, it is also a misleading practice if a code of conduct is presented as a distinctive feature or some sort of legal improvement when the code actually offers less consumer/user protection than currently applicable regulations. Both cases constitute misleading advertising and unfair commercial practices.
A business that adopts high-quality business practices that follow the prevailing law pertaining to e-commerce and that are documented in a code of conduct will be viewed positively by government officials and by its competition and potential clients. Of course, this depends on a number of things, such as the level of compliance with advertising regulations, the protection of information, minors, and intellectual and industrial property, electronic security, and accessibility, among other matters.
Conclusions
CSR is a challenge for both current and future organizations. An increasing number of companies rightfully choose to follow socially responsible practices. They recognize that in the current market economy, all those interest groups that interact with them (their stakeholders) support their legitimacy as businesses.
One of the most recent trends in CSR is the adoption of e-commerce codes of conduct. In addition to current, relevant legal regulations, these documents include a set of ethical enhancements to these regulations. These ethics standards contribute to a high level of trust on the part of the target audience for these codes of conduct: consumers and businesses that are committed to complying with them.
Although a business’s adoption of a code of conduct is completely voluntary, once it has formalized its commitment (through the principle of autonomy of will), it must comply. Noncompliance in continental Europe and Anglo-Saxon countries is considered misleading to the public and could be considered an unfair commercial practice subject to penalty. A business that is thusly penalized could suffer a significant loss of credibility with the public.
Codes of conduct are a manifestation of self-regulation, which is a new tool for public administration. In its broadest sense, self-regulation refers to the ability and tendency of all individuals and organizations to regulate their own conduct. Thus, self-regulation can be seen as the private production and application of rules by the same entities that develop, apply, or control such rules. It does not imply the absence of rules but, rather, the application of norms that originate from autonomy of will instead of government officials.
References
Alexander, M., & Harding, M. C. (2003). Self-regulation and the Certification of the European Information Economy. The Case of e-Healthcare Information Provision. Economics Series, 154, 1–53.
Allen, A. M., & Peloza, J. (2015). Someone to watch over me: The integration of privacy and corporate social responsibility. Business Horizons, 58(6), 635–642.
Barkatullah, A. H., & Djumadi, A. (2018). Does self-regulation provide legal protection and security to e-commerce consumers? Electronic Commerce Research and Applications, 30, 94–101.
Bauman, A., & Bachmann, R. (2017). Online consumer trust: Trends in research. Journal of Technology Management and Innovation, 12(2), 68–79.
Becker, G. S. (1993). Nobel Lecture: The economic way of looking of behaviour. Journal of Political Economy, 101(3), 385–409.
Black, J. (1996). Constitutionalising self-regulation. Modern Law Review, 59(1), 24–55.
Bock, A. (2000). Gütezeichen als Qualitätsaussage im digitalen Informationsmarkt. Darmstadt: Toeche-Mittler.
Boddewyn, J. J. (1992). Global perspectives on advertising self-regulation: Principles and practices in thirty-eight countries. Westport, CT: Quórum Books.
Chen, Y. H., Wu, J. J., & Chang, H. T. (2013). Examining the mediating effect of positive moods on trust repair in e-commerce. Internet Research, 23(3), 355–371.
Chonko, L. B., Wotruba, T. R., & Loe, T. W. (2003). Ethics codes familiarity and usefulness: Views on idealist and relativist managers under varying conditions and turbulence. Journal of Business Ethics, 42(2), 237–252.
Cowton, C., & Thompson, P. (2000). Do codes make a difference? The case of bank lending and the environment. Journal of Business Ethics, 24(2), 165–178.
Darnaculleta, I., & Gardella, M. (2008). Autorregulación, sanciones administrativas y sanciones disciplinarias. In L. Arroyo Jiménez & A. Nieto Martín (Eds.), Autorregulación y Sanciones (pp. 120–150). Valladolid: Lex Nova.
Díaz-Perdomo, Y., Álvarez-González, L. I., & Sanzo-Pérez, M. J. (2020). Non-profit organization-business value co-creation: Conceptualization and scale development. Harvard Deusto Business Research, 9(1), 3–19.
Eguidazu Palacios, F. (2006). El intervencionismo político en la empresa: regulaciones y responsabilidad social corporativa. In J. Martínez Arévalo (Ed.), Regulación, Desregulación, Liberalización y Competencia (pp. 227–240). Madrid: Marcial Pons.
Embid Irujo, J. M. (2004). Perfil jurídico de la responsabilidad social corporativa. Revista Valenciana de Economía y Hacienda, 12, 51–76.
Embid Irujo, J. M. (2006a). Perfil jurídico de la responsabilidad social corporativa. In L. Vargas Escudero (Ed.), Mitos y realidades de la Responsabilidad Social Corporativa en España. Un enfoque multidisciplinar (pp. 35–63). Navarra: Thomson Civitas.
Embid Irujo, J. M. (2006b). Derecho, mercado y responsabilidad social corporativa. Papeles de Economía Española, 108, 63–74.
Escamilla Solano, S., Plaza Casado, P., Galeana Figueroa, E., & Aguilasocho Montoya, D. (2019). Does corporate social responsibility affect to legitimacy of the companies? Analysis of Spain and Mexico through the case method. Harvard Deusto Business Research, 8(2), 189–205.
Feigerlová, M., & Pauknerová, M. (2020). Czech Republic. In C. Kessedjian & H. Cantú Rivera (Eds.), Private international law aspects of corporate social responsibility (pp. 325–352). Cham: Springer.
Ferrell, O. C., & Hartline, M. D. (2014). Marketing strategy. Mason, OH: South-Western.
Freeman, R. E., & Evan, W. M. (1990). Corporate governance: A stakeholder interpretation. Journal of Behavioural Economics, 19(4), 337–359.
Frontrodona Felip, J., Guillén Parra, M., & Rodríguez Sedano, A. (1998). La ética que necesita la empresa. Madrid: Unión Editorial.
Frost, D., Goode, S., & Hart, D. (2010). Individualist and collectivist factors affecting online repurchase intentions. Internet Research, 20(1), 6–28.
Gan, A. (2006). The impact of public scrutiny on corporate philanthropy. Journal of Business Ethics, 69(3), 217–336.
Garvin, D. A. (1983). Can industry self-regulation work? California Management Review, 25(4), 37–52.
Gierl, H., & Winkler, S. (2000). Neue Gütezeichen als Qualitätssignale. Marketing ZFP, 1(3), 197–207.
Goodpaster, K. E., & Matthews, J. B. (1982). ¿Pueden tener conciencia moral las empresas? Harvard-Deusto Business Review, 4, 5–18.
Griffin, J. J., & Mahon, J. F. (1997). The corporate social performance and corporate financial performance debate: Twenty-five years of incomparable research. Business and Society, 2(36), 5–31.
Hallikainen, H., & Laukkanen, T. (2018). National culture and consumer trust in e-commerce. International Journal of Information Management, 38(1), 97–106.
Hopkins, M. (1999). The planetary bargain: Corporate social responsibility comes of age. London: Macmillan Press.
Kaptein, M., & Schwartz, M. S. (2008). The effectiveness of business codes: A critical examination of existing studies and the development of an integrated research model. Journal of Business Ethics, 77(2), 111–127.
Kim, D. J., Yim, M. S., Sugumaran, V., & Rao, H. R. (2016). Web assurance seal services, trust, and consumers’ concerns: An investigation of e-commerce transaction intentions across two nations. European Journal of Information Systems, 25(3), 252–273.
Kramer, M. R., & Porter, M. E. (2003). La filantropía empresarial como ventaja competitiva. Harvard Deusto Business Review, 112, 6–21.
Kroeber-Riel, W., & Weinberg, P. (2003). Konsumentenverhalten. Munich: Vahlen.
Kuhlmann, E. (1990). Verbraucherpolitik: Grundzüge ihrer Theorie und Praxis. Munich: Vahlen.
Lachaud, E. (2018). The General Data Protection Regulation and the rise of certification as a regulatory instrument. Computer Law and Security Review, 34(2), 244–256.
Lee, S., Ahn, C., Minjung Song, K., & Ahn, H. (2018). Trust and distrust in e-commerce. Sustainability, 10(4), 1015.
López Jiménez, D., Dittmar, E. C., & Vargas Portillo, J. P. (2020). Self-regulation of sexist digital advertising: From ethics to law. Journal of Business Ethics. https://doi.org/10.1007/s10551-020-04471-y.
López Jiménez, D., Redchuk, A., Dittmar, E. C., Vargas, P. J. (2013). Internet privacy seals: User perception in Spain. Revista Iberica de Sistemas e Tecnologias de Informação, 12, 49–63.
Lu, S. P. (2000). Corporate codes of conduct and the FTC: Advancing human rights through deceptive advertising law. Columbia Journal of Transnational Law, 38(3), 603–629.
Lu, L. C., Chang, H. H., & Yu, S. T. (2013). Online shoppers’ perceptions of e-retailers’ ethics, cultural orientation, and loyalty: An exploratory study in Taiwan. Internet Research, 23(1), 47–68.
Mattison Thompson, F., Tuzovic, S., & Braun, C. (2019). Trustmarks: Strategies for exploiting their full potential in ecommerce. Business Horizons, 62(2), 237–247.
Mccabe, D. L., Treviño, L. T., & Butterfield, K. D. (1996). The influence of collegiate and corporate codes of conduct on ethics-related behaviour in the workplace. Business Ethics Quarterly, 6(4), 461–476.
Mcwilliams, A., & Siegel, D. (2000). Corporate social responsibility and financial performance: Correlation or misspecification? Strategic Management Journal, 21(5), 603–609.
Melé, D., Debeljuh, P., & Arruda, C. (2006). Corporate ethical policies in large corporations in Argentina, Brazil and Spain. Journal of Business Ethics, 63(1), 21–38.
Moneva Abadía, J. M. (2006). La responsabilidad social corporativa y las memorias de sostenibilidad. In L. Vargas Escudero (Ed.), Mitos y realidades de la Responsabilidad Social Corporativa en España. Un enfoque multidisciplinar (pp. 237–253). Navarra: Thomson Civitas.
Nitsch, D., Baetz, M., & Hughes, J. C. (2005). Why code of conduct violations go unreported: A conceptual framework to guide intervention and future research. Journal of Business Ethics, 57, 327–341.
Omran, M., Atrill, P., & Pointon, J. (2002). Shareholder versus stakeholders: Corporate mission statement and investor returns. Business Ethics: A European Review, 11(4), 318–326.
Özpolat, K., & Jank, W. (2015). Getting the most out of third party trust seals: An empirical analysis. Decision Support Systems, 73, 47–56.
Qu, M., Kim, J., & Choi, S. (2017). The effects of multidimensional customer trust on purchase and eWOM intentions in social commerce based on WeChat in China. Asia–Pacific Journal of Information Systems, 27(2), 77–98.
Raiborn, C. A., & Payne, D. (1990). Corporate Codes of Conduct: A collective conscience and continuum. Journal of Business Ethics, 9(11), 879–889.
Russell, T. T., & Lane, W. R. (2002). Kleppner’s advertising procedure. Upper Saddle River, NJ: Prentice Hall.
Santaella López, M. (2003). Derecho de la Publicidad. Madrid: Civitas.
Schmidheiny, S., Chase, R., & Desimone, L. (1997). Signals of change: Business progress towards sustain. Geneva: WBCSD Publications.
Seckler, M., Heinz, S., Forde, S., Tuch, A. N., & Opwis, K. (2015). Trust and distrust on the web: User experiences and website characteristics. Computers in Human Behavior, 45, 39–50.
Sen, A. (2003). Ética de la empresa y desarrollo económico. In A. Cortina Orts (Ed.), Construir confianza. Ética de la empresa en la sociedad de la información y las comunicaciones (pp. 39–53). Madrid: Editorial Trotta.
Sharma, G., & Lijuan, W. (2014). Ethical perspectives on e-commerce: An empirical investigation. Internet Research, 24(4), 414–435.
Simpson, W. G., & Kohers, T. (2002). The link between corporate social and financial performance: Evidence from the banking industry. Journal of Business Ethics, 2(35), 97–109.
Sullivan, Y. W., & Kim, D. J. (2018). Assessing the effects of consumers’ product evaluations and trust on repurchase intention in e-commerce environments. International Journal of Information Management, 39, 199–219.
Vázquez Fernández, F. (1991). Ética y Deontología de la Información. Madrid: Paraninfo.
Yan, M. (2019). Corporate social responsibility versus shareholder value maximization: Through the lens of hard and soft law. Northwestern Journal of International Law and Business, 40(1), 47–86.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical Approval
The authors declare that they comply with Ethical Standards.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
López Jiménez, D., Dittmar, E. & Vargas Portillo, J.P. New Directions in Corporate Social Responsibility and Ethics: Codes of Conduct in the Digital Environment. J Bus Ethics (2021). https://doi.org/10.1007/s10551-021-04753-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10551-021-04753-z