This issue is filled with great insights and expert commentary on areas that are relevant to the legal landscape and highlight how the business community is embracing technology, media and telecommunications. There are various topics covered, from new ways of working and digital transformation in the finance sector to data protection regulatory updates and guidance. We also have a series of articles that focus on e-commerce across a number of jurisdictions.
You will also find insights from our lawyers around real estate analytics, tech trends, and data centres.
We hope this edition of Law Update provides some useful food for thought – enjoy the read!Take a read of the edition
Based on the success of Amazon.ae, Noon.com, and other platforms in the UAE online marketplace, traditional bricks and mortar retail business are increasingly seeking to establish their own e-commerce portals as an add-on to their existing business models. However, a successful e-commerce platform involves more than just acquiring a domain name and adding a payment process gateway. Retailers need to make sure that they comply with the legal and regulatory framework surrounding online sales to customers in the UAE.
We take a look below at the key considerations in the context of applicable UAE laws and regulations as they relate to the e-commerce ecosystem.
Retailers that operate e-commerce platforms need to make sure that they are, in fact, licensed to undertake e-commerce activities as part of their current trade licence. If not, those retailers need to make sure that their licensed business activities are expanded to cover e-commerce. The addition of an e-commerce activity to the license is subject to the discretion of the relevant authorities and often the decision of whether to permit the addition of such activities is based on whether the e-commerce activity is compatible with the retailer’s existing licensed activities. In the event that the authorities determine that e-commerce cannot be added to a retailers existing licensed activities, a new license would be required.
Although retailers have the option to simply add e-commerce to their licensed activities, quite often they opt instead for setting up separate entities to own and operate their e-commerce platform. Structuring their online business in this manner allows retailers to ring fence risk under the operating entity and also to centralise their e-commerce business.
It is common practice, both locally and internationally, to attach terms and conditions of sale to the use of a website or e-commerce portal. These terms and conditions of sale will then govern the way in which the retailer and its online customers will interact with each other in respect of the sale of the retailer’s products online.
The terms and conditions of sale might include details relating to delivery, refund policies, termination of accounts, and interactions between the users. But more importantly the terms and conditions of sale must contain any terms that are required by the operators of the payment gateway. Over time, we have seen an increase in the number and scope of these requirements but it is important to note that the payment gateway operator will not allow the e-commerce portal to commence operations until it has seen the final version of the applicable terms and conditions of sale of the retailer.
In operating an e-commerce platform, it is very important to have clear terms and conditions of sale to reduce any ambiguity and increase customer trust, and to highlight any key transactional terms to the consumer, maybe as a pop-up window at one point during the sale.
It is important to note that the payment gateway operator will also expect that certain provisions are included within that policy. One provision commonly required is the provision that data (such as credit card details) will in fact be used by third parties that are assisting with the provision of certain services.
Although there is no specific data protection legislation in the UAE (with the exception of some of the UAE’s free zones) data protection is governed and regulated by a combination of legislative and practical measures, including the UAE Penal Code. Specifically, Article 379 of the UAE Penal Code prohibits the use or disclosure of ‘secret’ information without the consent of the person to whom the secret relates. Breach of this Article incurs potential penal liability in the form of a fine and/or incarceration for the individual that is responsible for the use and/or disclosure of such information. The cybercrimes law may also be applicable in certain circumstances and contains severe penalties.
“a successful e-commerce platform involves more than just acquiring a domain name and adding a payment process gateway.”
The emergence of an online marketplace in the UAE resulted in commercial transactions and contracts of sale being concluded electronically. The most common methods of contracting with a customer online are by way of ‘click-to-accept’ (i.e. a physical act by the customer to indicate their consent to the contract) and deemed consent by way of a customer’s general use of a website.
In the UAE, the Electronic Transactions and E-Commerce Law (Federal Law No 1 of 2006) generally permits the execution of contracts between two parties via electronic means, and expressly states that the consent and acceptance of contracts may be expressed via electronic communications.
The risk of contracting in this manner is that the way in which the terms and conditions of sale are delivered to the customer (e.g. electronically) creates the opportunity for customers to argue that no contract of sale was concluded in respect of an online sale of products since they never read or agreed to the terms and conditions of sale. As such, retailers are advised to take steps to ensure that such arguments are limited to the extent possible. For example, retailer should ensure that each customer ‘click-to-accept’ the terms and conditions of sale which relate to his/her purchase of goods before a transaction can be concluded as opposed to just having the terms placed in the ‘legal’ section on the website where the customer may or may not see them.
A person (or company) that creates content usually has the legal right to determine whether or not a third party can use that content. This position is generally the case across the world and certainly applies in the UAE. This means that, if the retailer that operates an e-commerce site is commissioning a freelancer to produce content for the site, then it needs to enter into an agreement with that freelancer to confirm the ownership of the material created as well as the use that can be made of the material by both parties.
For ad hoc content, the relevant retailer should obtain a written licence from the owner of the content before using it. The only time that content could legitimately be used without a written licence would be for material that is clearly a press release or some other form of publicity – these are specifically provided in order to be used by third parties and therefore judicious use of that content (that is, within the expected usage and within a reasonable time from the date of the press release) will be unlikely to raise claims of copyright infringement.
Retailers should also be careful with the use of stock image libraries and music libraries. These libraries do have some limits on the use that can be made of their materials and it is wise to check the fine print in all cases. There have also been numerous cases of ‘bait and switch’ tactics with music libraries, where “unlimited use of music” was advertised but was not reflected within the standard terms that are sent to, and signed by, the user. There is an entire industry devoted to chasing entities that use music in excess of the licensed terms.
Content on e-commerce sites, can fall broadly into three categories:
It is important to recognise that, with all of these three types of content, the retailer that operates the e-commerce site is considered to be the publisher of the material, and so may be found liable for that content if it is found to breach the rights of another party, or breaks any laws or regulations. Whilst content regulation is quite a complex area of law that requires separate attention, note that Federal Law No 15 of 1980 (concerning Publications and Publishing) (“P&P Law”) contains a list of material that is unacceptable for publication within Chapter 7. In addition, Federal Law No 5 of 2012 (on Combating Cybercrimes) (“Cybercrimes Law”) contains other matters that are not permitted in relation to activities on the internet. The National Media Council (“NMC”) has further regulations that will apply (“NMC Regulations”).
Not only does the retailer that operates the e-commerce site have to consider these laws in the creation of its own content but also when using the content of others. More particularly, this becomes problematic when the site allows user generated content to be created and shared. Customer reviews and contributions to forums can become confrontational and may inadvertently constitute a breach of the P&P Law or the Cybercrimes Law. For this reason, many a retailer that operates the e-commerce site actively monitor user-generated content before they permit it to be published.
As an e-commerce site will fundamentally contain marketing for goods or services, it will be considered to be advertising and as such will be subject to the regulations that apply to such content. Advertising content is regulated by the NMC, as part of the NMC Regulations, as well as particular issues that have been included in guidelines issued at the end of 2018 (“Guidelines”).
These standards cover false and misleading claims, and the need for advertising to be clear and unambiguous. They also include provisions about clearly determining the identity of the advertiser in each case. The Guidelines, in particular, are helpful for ensuring compliance across the board as they are a helpful summary of the various law and regulations.
“e-commerce means extending usual business operations beyond the retail sector and into the publishing sector.”
Many entities, whether online or otherwise, are more and more frequently using social media to reach a wider audience and promote their business. The same content laws apply to any such activity, and we regularly advise our clients to ensure that they have effective social media policies in place to regulate their employees’ use of social media and to ensure that there is a consistent approach with how the business is promoted. More importantly, the social media policy will (hopefully) raise awareness to the individual employees that the regulatory regime governing content also applies to content displayed on social media platforms. Simply posting comments on behalf of an employer does not exonerate an employee of any liability under this regulatory regime.