E-commerce: A Primer on Relevant UAE Laws and Regulations Impacting the E-commerce Industry

Martin Hayward - Head of Digital & Data - Digital & Data

Willem Steenkamp - Partner - Corporate / Mergers and Acquisitions / Commercial

Based on the success of Amazon.ae, Noon.com, and other platforms in the UAE online marketplace, traditional bricks and mortar retail business are increasingly seeking to establish their own e-commerce portals as an add-on to their existing business models. However, a successful e-commerce platform involves more than just acquiring a domain name and adding a payment process gateway. Retailers need to make sure that they comply with the legal and regulatory framework surrounding online sales to customers in the UAE. 

We take a look below at the key considerations in the context of applicable UAE laws and regulations as they relate to the e-commerce ecosystem. 

 

Licencing Requirements 

Retailers that operate e-commerce platforms need to make sure that they are, in fact, licensed to undertake e-commerce activities as part of their current trade licence. If not, those retailers need to make sure that their licensed business activities are expanded to cover e-commerce. The addition of an e-commerce activity to the license is subject to the discretion of the relevant authorities and often the decision of whether to permit the addition of such activities is based on whether the e-commerce activity is compatible with the retailer’s existing licensed activities. In the event that the authorities determine that e-commerce cannot be added to a retailers existing licensed activities, a new license would be required.

Although retailers have the option to simply add e-commerce to their licensed activities, quite often they opt instead for setting up separate entities to own and operate their e-commerce platform. Structuring their online business in this manner allows retailers to ring fence risk under the operating entity and also to centralise their e-commerce business.

 

Terms and conditions of sale 

It is common practice, both locally and internationally, to attach terms and conditions of sale to the use of a website or e-commerce portal. These terms and conditions of sale will then govern the way in which the retailer and its online customers will interact with each other in respect of the sale of the retailer’s products online. 

The terms and conditions of sale might include details relating to delivery, refund policies, termination of accounts, and interactions between the users. But more importantly the terms and conditions of sale must contain any terms that are required by the operators of the payment gateway. Over time, we have seen an increase in the number and scope of these requirements but it is important to note that the payment gateway operator will not allow the e-commerce portal to commence operations until it has seen the final version of the applicable terms and conditions of sale of the retailer.

In operating an e-commerce platform, it is very important to have clear terms and conditions of sale to reduce any ambiguity and increase customer trust, and to highlight any key transactional terms to the consumer, maybe as a pop-up window at one point during the sale.

 

Privacy Policy

In addition, an e-commerce site must have a privacy policy that is appropriate for the countries in which it operates. The most important role for the privacy policy is to provide customers with the confidence that their data will be properly stored, used, protected and done in accordance with the applicable law. This law analysis needs to be done carefully – the operator of the website may inadvertently mean that the operator must consider more than one country’s laws.

It is important to note that the payment gateway operator will also expect that certain provisions are included within that policy. One provision commonly required is the provision that data (such as credit card details) will in fact be used by third parties that are assisting with the provision of certain services. 

Although there is no specific data protection legislation in the UAE (with the exception of some of the UAE’s free zones) data protection is governed and regulated by a combination of legislative and practical measures, including the UAE Penal Code. Specifically, Article 379 of the UAE Penal Code prohibits the use or disclosure of ‘secret’ information without the consent of the person to whom the secret relates. Breach of this Article incurs potential penal liability in the form of a fine and/or incarceration for the individual that is responsible for the use and/or disclosure of such information. The cybercrimes law may also be applicable in certain circumstances and contains severe penalties.

 

“a successful e-commerce platform involves more than just acquiring a domain name and adding a payment process gateway.”

 

Electronic Contracting 

The emergence of an online marketplace in the UAE resulted in commercial transactions and contracts of sale being concluded electronically. The most common methods of contracting with a customer online are by way of ‘click-to-accept’ (i.e. a physical act by the customer to indicate their consent to the contract) and deemed consent by way of a customer’s general use of a website.

In the UAE, the Electronic Transactions and E-Commerce Law (Federal Law No 1 of 2006) generally permits the execution of contracts between two parties via electronic means, and expressly states that the consent and acceptance of contracts may be expressed via electronic communications.

The risk of contracting in this manner is that the way in which the terms and conditions of sale are delivered to the customer (e.g. electronically) creates the opportunity for customers to argue that no contract of sale was concluded in respect of an online sale of products since they never read or agreed to the terms and conditions of sale. As such, retailers are advised to take steps to ensure that such arguments are limited to the extent possible. For example, retailer should ensure that each customer ‘click-to-accept’ the terms and conditions of sale which relate to his/her purchase of goods before a transaction can be concluded as opposed to just having the terms placed in the ‘legal’ section on the website where the customer may or may not see them.

 

Copyright

A person (or company) that creates content usually has the legal right to determine whether or not a third party can use that content. This position is generally the case across the world and certainly applies in the UAE. This means that, if the retailer that operates an e-commerce site is commissioning a freelancer to produce content for the site, then it needs to enter into an agreement with that freelancer to confirm the ownership of the material created as well as the use that can be made of the material by both parties.

For ad hoc content, the relevant retailer should obtain a written licence from the owner of the content before using it. The only time that content could legitimately be used without a written licence would be for material that is clearly a press release or some other form of publicity – these are specifically provided in order to be used by third parties and therefore judicious use of that content (that is, within the expected usage and within a reasonable time from the date of the press release) will be unlikely to raise claims of copyright infringement.

Retailers should also be careful with the use of stock image libraries and music libraries. These libraries do have some limits on the use that can be made of their materials and it is wise to check the fine print in all cases. There have also been numerous cases of ‘bait and switch’ tactics with music libraries, where “unlimited use of music” was advertised but was not reflected within the standard terms that are sent to, and signed by, the user. There is an entire industry devoted to chasing entities that use music in excess of the licensed terms.

 

Content 

Content on e-commerce sites, can fall broadly into three categories:

  • content created by the operators of the e-commerce site – this will include the description of goods but might also include editorial content;
  • content that is provided by third parties for use on the e-commerce site, such as press releases or articles about the products sold on the site; and
  • content that is created by the customers, commonly known as user-generated content, which could include reviews or comments in forums.

It is important to recognise that, with all of these three types of content, the retailer that operates the e-commerce site is considered to be the publisher of the material, and so may be found liable for that content if it is found to breach the rights of another party, or breaks any laws or regulations. Whilst content regulation is quite a complex area of law that requires separate attention, note that Federal Law No 15 of 1980 (concerning Publications and Publishing) (“P&P Law”) contains a list of material that is unacceptable for publication within Chapter 7. In addition, Federal Law No 5 of 2012 (on Combating Cybercrimes) (“Cybercrimes Law”) contains other matters that are not permitted in relation to activities on the internet. The National Media Council (“NMC”) has further regulations that will apply (“NMC Regulations”). 

Not only does the retailer that operates the e-commerce site have to consider these laws in the creation of its own content but also when using the content of others. More particularly, this becomes problematic when the site allows user generated content to be created and shared. Customer reviews and contributions to forums can become confrontational and may inadvertently constitute a breach of the P&P Law or the Cybercrimes Law. For this reason, many a retailer that operates the e-commerce site actively monitor user-generated content before they permit it to be published.

 

Marketing

As an e-commerce site will fundamentally contain marketing for goods or services, it will be considered to be advertising and as such will be subject to the regulations that apply to such content. Advertising content is regulated by the NMC, as part of the NMC Regulations, as well as particular issues that have been included in guidelines issued at the end of 2018 (“Guidelines”).

These standards cover false and misleading claims, and the need for advertising to be clear and unambiguous. They also include provisions about clearly determining the identity of the advertiser in each case. The Guidelines, in particular, are helpful for ensuring compliance across the board as they are a helpful summary of the various law and regulations.

 

“e-commerce means extending usual business operations beyond the retail sector and into the publishing sector.”

 

Social Media

Many entities, whether online or otherwise, are more and more frequently using social media to reach a wider audience and promote their business. The same content laws apply to any such activity, and we regularly advise our clients to ensure that they have effective social media policies in place to regulate their employees’ use of social media and to ensure that there is a consistent approach with how the business is promoted. More importantly, the social media policy will (hopefully) raise awareness to the individual employees that the regulatory regime governing content also applies to content displayed on social media platforms. Simply posting comments on behalf of an employer does not exonerate an employee of any liability under this regulatory regime.

In conclusion, the establishment of e-commerce sites can be considered to be a logical extension of a retail brand or a simple way for a company to create and maintain a direct relationship with their customer base. However, e-commerce means extending usual business operations beyond the retail sector and into the publishing sector. As many retail operators are generally unaccustomed to considering matters such as liability for the publishing of content, or the management of data in accordance with a privacy policy, it is important that they not only set up appropriate documentation in each case but also establish protocols to ensure internal compliance with the various laws that will apply to their new business operations.