E- Commerce Law in Saudi Arabia
Introduction
Due to the advance of internet across the globe and in the age of technology, e-commerce has found unprecedented support and flourished greatly during the past decade bringing about a major change in the retail industry, especially during these trying times. Most businesses have adopted an online model to inculcate themselves into the electronic sphere. With such an increase in the usage of e-commerce platforms to conduct business, there arises a need to regulate these activities, including the maintenance of confidentiality of the data exchanged therein.
For the purpose of protecting and regulating e-commerce activities countries all over the world have laws and regulations that impose obligations upon businesses, policies that need to be strictly complied with and restrictions on publication and use of customer information.
E- Commerce in the Middle East
As per various studies that have been conducted and statistical data collected by consumer surveys, it is safe to say the countries falling in the MENA region are digitally savvy and have some of the highest levels of internet usage as compared to other regions. However, the e-commerce industry remains comparatively slower than other regions.
Middle Eastern countries are however, rapidly moving into the digital sphere to conduct their business with the rise in notable e-commerce players. Local governments of these regions have taken up the responsibility to regulate this rapid digitization.
In the UAE, Federal Law number 1 of 2006 for Electronic Commerce and Transactions has been implemented in order to regulate business activities in the cyber sphere. It aims at protect the rights of people doing business electronically along with promoting growth E- Commerce and other transactions on the national and international level. It further sets out a regulatory framework related to licensing, approval, monitoring and overseeing the activities of service providers who are seeking to enter or are already operating in the UAE e-commerce market.
Saudi Arabia
The Saudi market is opening up, inviting investors and businesses to partake in commercial activities resulting in exponential growth of e-commerce in the country. The Saudi E- Commerce Law of 2019 plays a major role in providing a comprehensive framework of rules that need to be adhered to by any e-commerce entity planning to or conducting e-commerce in Saudi Arabia.
The Ministry of Commerce and Investment (MCI), is responsible for setting up and carrying out commercial policies with a view to diversify the sector and boost competition among participant institutions. The MCI is also tasked with issuing, reviewing and supervising commercial systems and regulations.
Legislations
The cardinal legislation that precedes over all laws in KSA is the Shari’ah law.
In an attempt to progress as per global standards, Saudi Arabia has undertaken a National Transformation Program pursuant to Vision 2030 that aims at bringing about changes by widening the scope of legal and regulatory framework of their commercial systems. In 2019, KSA took steps to formulate laws that are able to blend their domestic laws with global standards. This was done with the introduction of a new Electronic Commerce Law (the Law) adopted on 10th July, 2019 by Royal Decree Number M/126 along with Implementing Regulations of the Electronic Commerce Law (the Regulation).
Electronic Commerce Law (Royal Decree Number M/126)
The provisions of the Law apply to three categories of people:
- the Service Provider, that is the person practicing within the territory of KSA;
- the Practitioner, a person outside KSA that offers goods and services within the Kingdom allowing Consumers to access such products and services, and;
- the Consumer (Article 2).
It aims to build faith in the e-commerce industry in addition to boosting development in the field whilst providing consumers with necessary protection from misinformation and fraudulent practice.
Disclosure
As per Article 6 of the Law, the service provider is required to disclose the following information in relation to their online store/ e-shop:
- Contact details that include, the name and address of the service provider unless registered with an e- shop authentication entity.
- If registered with the commercial registry or any publicly available record, the name and registration number thereof.
- Information as under Article 6 of the Regulation, that includes; the e-shop’s privacy policy which should contain methods to the scope of dealing with user profiles and measures to protect the personal data of the consumer, measures to receive and resolve consumer complaints and the service provider’s tax details, if any.
- The service provider is also required to disclose his license information with regards to his e-shop accompanied by information regarding the authority that granted such license.
The service provider basically enters in to a contract with the consumer during the course of conducting business, therefore it is important for them expressly clarify, the terms and conditions that will apply thereof.
The service provider must disclose information relating to the characteristics of the products that are being offered, the total price inclusive of all taxes and fees, warranty information, after sales services, termination of contract, and any other such information that may be stipulated in the Regulations. Providing the consumer with all such information assures the consumer of the authenticity of the service provider and affirms their faith in the reliability of products offered.
Registration
For an e- shop to be operational and legitimate, it is necessary that it be registered in the Commercial Register. Therefore, a Trader (as per Article 1 of the Law, Service Provider registered in the Commercial Register) is required to register the main electronic shop in the Commercial Register within 30 days from the date of its establishment. Article 12 of the Regulations lay down that an application for registration should made through the Ministry website which must include all the necessary contact information of the trader accompanied with the description of the main e-shop and its activities.
However, if a Practitioner (according to Article 1 of the Law, means any person who is not registered in the commercial register practicing e-commerce) wishes to become a Trader and get registered into the Commercial Register, then his application must include the following information:
- The contact details of the Practitioner accompanied by his ID number
- The description of the e-shop and the activities that will be practiced through the E-shop
- In case of any changes in the registration application, the competent department must be informed within 30 days of such change through the Ministry website
Once the Application is filed, the E- shops are to be authenticated. This Authentication is carried out by licensed authentication bodies that have been established by the Ministry. In order for the E- shop to be authenticated, the service provider is required to provide the following information:
- The name, address and means of communication of the service provider, which must also include, whether it is a trader or practitioner, a Saudi or non- Saudi
- Commercial registration information or identity information, whichever applicable
- Names of authorized signatories in case of a legal person
- The platforms that will be used by the service provider to conduct e-commerce
- The licenses issued by competent authorities, if any
After all such information is authenticated by the licensed authentication entity, a statement of authentication shall be issued to the applicant and the same shall be published in the Entity’s website. A statement regarding authentication shall then be published on the service provider’s e- shop.
Advertisement
In order to target the desired audience for their products, the service provider may engage in advertising products to promote sale, directly or indirectly on any digital platform.
As per Article 10 of the Law, electronic advertisements shall be considered a contractual document and shall be binding on both parties. In order to make the advertisement effective, the service provider must contain some distinctive mark that would help the consumer identify and distinguish the products of one service provider from another along with the service provider’s contact information.
The consumer must be able to make an informed decision, therefore, the service provider must ensure that all information related to the product should be available, further, the advertisement should not contain any such information that might mislead the consumer or contain any such logo or trademark that the service provider has no right to use. Notwithstanding the previous statement, if the consumer does not wish to receive any such advertisements, then the service provider must provide means to cease transmission of such advertisements.
Termination
As per the provisions of the Law, the Consumer has the option to terminate an e-commerce contract. The Consumer is permitted to terminate the contract within 7 days from the receipt of the product, unless except, he has used and/or benefitted from use of the product in which case the consumer shall bear the costs of termination.
The consumer shall not however, be eligible for termination and refund in cases enumerated as follows:
- In case of custom made products
- Products in the digital format, such as CDs and DVDs
- Products subject to damage during the termination period
- In case of services, such as catering, transportation etc.
- In case of a contract entered into for public auction
- Any other such products or services as enumerated under Article 13 of the Law.
Protection of Personal Data
A major concern while engaging in E- commerce activities, is that of data privacy and protection. It is the duty of the law and lawmakers to establish laws that protect an individual’s identity and prohibits invasion of privacy thereof. Under the Shari’ah principles, disclosure of any secrets of private information of an individual is prohibited except unless the individual has expressly consented to it or if such disclosure is in furtherance of public interest.
The Law (Royal Decree Number M/126) imposes certain obligations upon the service provider regarding privacy of consumer information that have to be strictly adhered to. Article 5 of the Law lays down that, the service provider is barred from retaining any personal consumer data except for the period required by nature of the transaction, unless expressly consented by the consumer for another period or transaction.
The service provider owes a responsibility to the consumers to take all such measures to maintain confidentiality of personal data that is under his control during the course of the transaction. The service provider is therefore, barred from using such data for unlicensed and unauthorized transactions or disclosing the same to third parties, except with the consent of the consumer. In case it comes to the notice of the service provider that his system has been hacked and the personal information of consumers have been leaked, the service provider must, immediately report such a breach to the Ministry within 3 days.
The Law also provides for penalties in case of contravention of any provision of the Law and/or Regulation in Article 18 of the Law; enumerated as follows:
- A warning
- A fine not exceeding 1 Million Riyals
- Suspension of the E-shop, partially or fully
- Blocking the E- shop, temporarily or permanently
Further, since e-commerce is conduction in the cyber sphere, the Anti- Cyber Crime Law (Royal Decree Number M/17) may also apply. The law aims at, protecting rights pertaining to legitimate use of computers and information networks, public interest and national economy along with enhancing information security. The law also stipulates that, the consent of an individual be taken before processing any of their personal details.
The Anti- Cyber Crime Law, provides for penalties for with regards to unauthorized access, use, distribution or redistribution of personal data, including bank and credit information and unlawful access to website or hacking a website with the intention to destroy or modify it, or occupy its URL.
Moreover, the Telecommunications Law lays down provisions to safeguard public interest as well as maintain confidentiality and security of telecommunication information (as per Article 1 of Royal Decree Number M/12, telecommunications also includes transmission over the internet). It further restricts disclosure of information of subscribers by internet providers to third parties.
Therefore, moving forward, the E- commerce sphere in the Kingdom of Saudi Arabia is booming and aims to achieve greater heights with this comprehensive Law in place, accompanied by a myriad of safeguards to ensure safety of all participants.