Welcome to the Saudi Arabia focus edition of Law Update.
One of the key markets in the Middle East and North Africa (MENA) that continues to lead from the front is the Kingdom of Saudi Arabia (KSA). As the largest country in the Middle East and the 18th largest economy in the world, the progress KSA continues to make is underpinned by its Vision 2030 that envisions developing the country as an investment powerhouse and hub that ultimately connects Asia, Europe, and Africa. Given Saudi Arabia’s significance to the regional economy, our team of experts have prepared a range of pertinent articles that provide insights into new laws, regulations, and the legal landscape in the Kingdom.
This edition will provide you with an up-to-date guide on matters such as; the framework issued by the Saudi Central Bank on IT governance, the anti-corruption landscape under Vision 2030; we also provide practical tips for dispute avoidance. This is only a snapshot; there are many more articles within the KSA focus section for you to read, which we hope you will find valuable and enjoyable.Read the edition
Internet-capable mobile devices have become ubiquitous. More and more businesses are trying to meet their customers’ swiftly evolving needs and expectations by using mobile devices and social media. This article briefly considers some risks that businesses should consider when seeking to engage with their customers via mobile devices and social media.
Acceptance of terms and conditions via mobile devices
In general terms, accepting the terms of a contract by way of a mobile device is recognized under UAE law as a valid method of entering a contract. The wording of the E-Commerce Law (Federal Law Number 1 of 2006 on Electronic Commerce and Transactions) confirms that an offer can be accepted via electronic means. The E-Commerce Law is not limited to acceptance via a personal computer connected to the internet; it aims to be ‘technology neutral’, and is thus broad enough to encompass acceptance by way of a mobile phone or other such electronic or digital device.
The E-Commerce Law provides that where the law requires that certain documents be ‘in writing’ or ‘signed’, compliance with the relevant provisions of the E-Commerce Law will (in the absence of statutory requirements to the contrary) result in the satisfaction of such rules.
Any business wishing to rely on contractual terms that have been accepted by a customer by electronic means should also ensure that its system adequately records electronic transactions for evidentiary purposes.
The key risk of having terms and conditions accepted via a mobile device is that the format in which the terms and conditions are delivered to the customer may provide scope for the customer to dispute that any agreement ever occurred – even if the customer has indicated acceptance of the terms by clicking ’accept’. Terms and conditions may not be presented to the client prior to acceptance, or may be made available in an inconvenient way (such as by requiring customers to access the terms and conditions elsewhere prior to acceptance).
While a business should be able to rely on a customer’s clear acceptance of terms and conditions, Article 194 of the Civil Code states that if there is a mistake as to the identity of a contract, or as to one of the conditions of the concluding thereof, or as to the subject matter of the contract, the contract shall be void. The ability to present evidence that a customer accepted the terms and conditions by clicking ‘accept’ on a mobile device is thus not the only consideration.
Our recommendation when providing customers with terms and conditions to accept via mobile devices is to ensure that there is as little scope as possible for there to be any dispute as to whether or not the terms and conditions have been considered. Requiring customers to scroll through terms and conditions in full before they are presented with an ‘accept’ button is just one example of the type of process that could be adopted to try to reduce the risk.
Risks of adopting social media in a business context
Social media can be described as online interaction that allows for user generated content, often for public consumption, and often in such a way that provides for dialogue with others. Whether or not we actually use them ourselves, it is beyond dispute that the popularity of social media platforms such as Facebook, Twitter and LinkedIn has made them a well-established part of daily life for many people around the world. The high degree of up-take of social media by the public is leading businesses to adopt social media as a means of communicating internally and externally.
Social media considerations for businesses are wide ranging, and could encompass anything from establishing and using an official corporate Facebook page or Twitter account, through to the use of social media by employees at work or in their own time, the use of social media by third parties in such a way that it impacts on the company, and many more scenarios besides.
Before adopting social media as a business tool, it is important to develop appropriate social media policies, and ensure that employees are familiar with those policies. It is also important to ensure that other corporate policies are considered from a social media perspective. Employee code of conduct policies, employment candidate screening processes, and brand protection policies are examples of diverse circumstances in which social media policies have the potential to be relevant. As such, social media policies should be of interest to all employees, and to managers across a range of departments.
The issue of privacy has become more and more topical in the Gulf region. It is essential that companies are familiar with the privacy and data protection laws applicable to them. While the current UAE laws regulating privacy are basic, they are nevertheless of considerable effect, and the consequences of breach are serious. When considering engaging with customers via social media, companies should also consider aspects such as whether information being requested from a customer will pass through systems that are inferior to the company’s own data-protection measures – and whether or not customers fully appreciate this.
Social media provides a further avenue for the creation of data that might be subject to legal and regulatory obligations with regard to the retention and disposal of records. By way of example, the Commercial Transactions Law (Federal Law No.18 of 1993) requires traders to retain business correspondence for a certain period of time. This raises questions as to what constitutes business correspondence that might be the subject of such requirements (a ‘post’ on a corporate Facebook page, for example?), along with the practical issue of whether it is technically possible to capture and retain such data.
The use of social media can also impact on the employer/employee relationship. An ill-considered comment about a colleague via social media could be considered workplace bullying or harassment, and potentially lead to allegations of misconduct against the employee making the comment – or even liability on the part of the employer for failing to address the matter. A social media policy cross-referenced with the IT system and internet usage policy and employee code of conduct is one way to address this risk.
The use of social media by others brings with it risks to a company’s reputation. The type of risks could involve inaccurate or disparaging comments by employees or members of the public about the company or its products. Some content that has the potential to damage a company’s reputation (say, a poorly judged attempt at humour in a viral marketing campaign) is put out there with the company’s blessing. As part of a social media policy, many companies institute formal social media monitoring to ensure that they are aware of what is being said about them, and to able to address adverse content promptly – and appropriately – if the need arises.
The use of social media by corporate users brings with it significant scope for the lines between professional and personal use to be blurred, and this can be problematic. Examples include instances where employees responsible for managing a company’s social media account mistakenly post private comments or opinions on a corporate site (or vice versa). The fall-out from an employee sending an inappropriate message from a company’s social media account can be quite diverse. Embarrassment, brand degradation, and litigation against the company (as the employee is seen to be acting as a representative of their employer) are just some of the risks.
The way in which social media usage by businesses is developing means that it is often by another corporate entity’s misfortune that businesses are able to learn the ‘rules of engagement’. Besides relying on other people’s mistakes, businesses should be proactive and consider developing social media usage policies, so as to help reduce the risks associated with social media in a business environment.
Al Tamimi & Company’s Technology, Media & Telecommunications team regularly handles issues arising from the use of social media in a business context, and can provide in-house training on the subject.