STA Law Firm https://www.stalawfirm.com/en.htmlSTA Law Firm - Court Uncourt (Blog) - Law on Data ProtectionenCopyright 2024 STA Law Firm All Rights Reserved<![CDATA[Understanding Saudi Arabia’s Personal Data Protection Law]]> Understanding Saudi Arabia's Personal Data Protection Law

In an era where data is as valuable as gold, the introduction of the Personal Data Protection Law (PDPL) by Saudi Arabia marks a significant milestone in the Middle East's approach to data privacy and security. Implemented through Royal Decree M/19 on September 17, 2021, and subsequently amended on March 21, 2023, the PDPL stands as the kingdom's inaugural legislation dedicated to the protection of personal data. On September 14, 2023, Saudi Arabia marked a significant milestone in data protection with the enforcement of its Personal Data Protection Law (PDPL). This legislation, accompanied by several amendments and detailed regulations, represents a paradigm shift in the handling and protection of personal data within the Kingdom. This article delves into the key aspects of the PDPL and its implications for data controllers, processors, and individuals.

Genesis and Governance of PDPL

The Saudi Data & Artificial Intelligence Authority (SDAIA) and the National Data Management Office (NDMO) oversee the PDPL's enforcement and compliance. The law's primary objective is to safeguard personal data privacy, regulate data sharing, and prevent the misuse of personal data. This move not only aligns Saudi Arabia with global data protection trends but also reinforces its commitment to digital transformation.

Principles of PDPL

A foundational aspect of the PDPL is the principle of purpose limitation and data minimization. This mandates that data controllers entities determining the purpose and means of processing personal data only collect data for explicit, legitimate, and specific purposes. Furthermore, the utilization of this data must strictly align with the reasons for which it was initially gathered. The law emphasizes that personal data must be adequate, relevant, and not excessive concerning the processing purposes.

Under the PDPL, data controllers are tasked with significant responsibilities, including the necessity to register with the appropriate authority and provide detailed descriptions of their data processing activities. Additionally, they are required to maintain comprehensive records of these activities, ensuring transparency and accountability. Alongside these obligations, the PDPL bestows several rights upon individuals regarding their personal data. These include the right to access, allowing individuals to request information about their processed data; the right to rectification, where inaccuracies or incompleteness in data must be addressed upon request; the right to erasure, enabling individuals to request the deletion of their data under certain conditions; and the right to object to the processing of their data, particularly in contexts such as direct marketing.

International Data Transfers

The Regulations address cross-border data transfer intricacies. While the provisions broadly cover personal data movement outside the Kingdom, some ambiguities in the text necessitate thorough examination. Mechanisms like adequacy decisions, Binding Corporate Rules, and Standard Contractual Clauses are introduced, awaiting further elucidation from the Regulator.

Consent and Personal Data Processing

The concept of 'explicit consent' is crucial under the PDPL. The Regulations define this term and set out scenarios where explicit consent is mandatory. Data Controllers must meet several criteria when relying on consent, including obtaining distinct approval for each processing purpose.

Legitimate Interest

The inclusion of 'legitimate interest' as a processing basis is a significant evolution from the PDPL's initial version. While it allows processing necessary for a Data Controller's legitimate interests, this basis is not universally applicable, especially where it conflicts with data subject rights.

Data Protection Impact Assessment (DPIA)

For certain types of processing, including those involving Sensitive Personal Data, conducting a DPIA is mandatory. The Regulations outline the essential elements that such an assessment must cover.

Sector-specific Data Protection Requirements

The PDPL acknowledges the unique data protection needs of various sectors like healthcare, finance, marketing, and research. It sets sector-specific guidelines to ensure tailored data handling practices.

Engaging Data Processors

Data Controllers are mandated to engage Data Processors who can offer robust personal data protection. The Regulations specify several obligatory conditions for data processing agreements.

Role of Data Protection Officers (DPOs)

In specific scenarios, appointing a DPO is mandatory. The Regulations detail the roles and responsibilities of DPOs, emphasizing their importance in ensuring compliance.

Data Breach Protocols

The PDPL imposes a requirement to report data breaches to the Regulator within 72 hours of discovery. Additionally, there's an obligation to notify affected individuals promptly, ensuring transparency and accountability.

Record-Keeping and the National Register

Data Controllers must maintain detailed records of their data processing activities. The Regulations also mention the establishment of a National Register of Data Controllers, further enforcing transparency and regulatory oversight.

Penalties for Non-compliance

The PDPL imposes stringent penalties for non-compliance, including financial fines and reputational damage. Specific sanctions are outlined for data breaches, highlighting the law's commitment to rigorous enforcement.

Conclusively, the PDPL represents a transformative step for Saudi Arabia in the realm of data protection. This legislation not only aligns with global data privacy trends but also underscores the kingdom's commitment to fostering a secure and trustworthy digital environment. As organizations adapt to these regulations, they will not only enhance their data protection standards but also build stronger trust with their clients and stakeholders, paving the way for a more secure digital future in the region

]]>
Fri, 23 Feb 2024 00:00:00 GMT
<![CDATA[India’s New Data Protection Law]]> India's New Data Protection Law

The Digital Personal Data Protection (DPDP) Act of 2023 was passed by the Indian Parliament in early August, representing the nation's inaugural cross-sectoral legislation for personal data protection. This enactment comes after more than five years of deliberation. This analysis explores whether the protracted deliberative process has resulted in a "good" law one that adequately safeguards personal data and effectively balances, as stated in the law's preamble, "the right of individuals to protect their personal data" against "the need to process such personal data for lawful purposes."

Outsourcing

The processing of personal data from individuals not situated in India, carried out under a contract with an entity outside India by an Indian-based entity, is exempt from the obligations imposed on Data Fiduciaries, including Significant Data Fiduciaries, cross-border transfer rules, and individual rights obligations. However, security provisions do apply.

Establishment of a Data Protection Board

A Centrally-appointed Data Board is proposed by the DPDP Act, 2023, tasked with investigating and adjudicating complaints, overseeing data breach notifications, and imposing substantial penalties, reaching as high as INR 250 Crores. Despite its quasi-judicial role, it's noteworthy that the entire Board is appointed by the Central Government, including the Chairperson and Members, with one Member required to be a legal expert. The Act lacks specific qualifications for Board members, leaving certain questions unanswered, possibly addressed in subsequent legislation. The centralized composition of the governing Board is particularly significant given the Act's nationwide scope and its jurisdiction over certain data activities located abroad.

Regarding "sufficient grounds" for inquiry, the Data Protection Board must determine whether there are grounds to proceed with an official inquiry upon receiving a complaint or data breach notification. The Act, however, lacks clarity on the criteria for determining sufficiency, suggesting the need for guiding principles, akin to those found in Section 11 of the TRAI Act, 1997, providing direction to the telecom regulator.

Consequential Rule-Making Powers

The Act grants substantial rule-making powers to the Central Government, notably allowing rules to restrict data transfer to foreign countries. While rules under Section 16 require Parliamentary approval, the extensive powers granted under Section 40, such as identifying significant data fiduciaries and setting conditions for Board members, don't seem subject to the same process, granting the government significant authority without stringent legislative oversight.

Centre's Power of Blocking Data Fiduciaries

Under Section 37, the Central Government has the power to block public access to certain Data Fiduciaries upon referral from the Board. This authority allows the government to potentially shut down a service provider in India based on penalties imposed and the perceived "interests of the general public," raising concerns about the broad interpretation of public interest and the potential limitations of judicial review.

Notice

Before or at the time of seeking consent, a Data Fiduciary must furnish individuals with a detailed notice in simple language, outlining the types of personal data to be collected, the processing purposes, and how individuals can exercise their rights. If individuals have already consented before the Act's commencement, a similar notice must be provided as soon as reasonably practicable. The option to access the notice in English or any of the 22 languages specified in the Eighth Schedule to the Indian Constitution must be given to individuals.

No specific rights against Data Processors

The Act does not outline specific rights against Data Processors, leaving open questions about the enforceability of claims or complaints against them. While contractual consequences may exist, it remains uncertain if Data Processors could face primary sanctions for their actions.

Individual Rights

Access, correction, and erasure rights must be granted, but the Act does not specify response timeframes or exceptions. Individuals can request data erasure if it's no longer needed for the original purpose, unless legal retention is necessary. A redress mechanism must be readily available, provided by the Data Fiduciary or the Consent Manager.

Consent Fatigue

The requirement for obtaining consent from individual Data Principals before processing personal data may lead to "consent fatigue" due to repeated requests. This echoes the experience following the implementation of GDPR in 2018, where multiple consent notices and checkboxes proliferated, potentially impacting user experience and privacy.

Shrinking Internet for Children

Section 9 of the Act mandates verifiable consent from parents before processing the personal data of children, aiming to protect their well-being. However, this could lead to a restricted online environment for children as Data Fiduciaries may opt for heavy censorship, limiting available content to perceived "safe" options.

Consent Managers

The Act introduces the concept of 'Consent Managers,' registered entities facilitating consent processes between Data Principals and Fiduciaries. While theoretically streamlining consent management, practical implementation remains unclear, potentially posing challenges and acting as a bottleneck for users accessing the Internet.

Security

Data Fiduciaries must implement suitable technical and organizational measures to effectively comply with the Act. They are required to safeguard personal data in their possession, including data processed by them or on their behalf by a processor, through reasonable security measures to prevent breaches.

Data Breach Notification

In case of a personal data breach, the Data Fiduciary must inform the data protection authority and affected individuals. The Act lacks specificity on the trigger for notification or the reporting timeframe.

Disclosures to Processors

A Data Fiduciary can only engage a processor under a valid contract to process personal data on its behalf, related to offering goods or services to individuals.

Cross-Border Transfers

The government may, through notification, restrict the transfer of personal data by a Data Fiduciary for processing to a country or territory outside India. Additionally, the Act does not limit the applicability of any existing Indian law that offers greater protection or restrictions on the transfer of personal data by a Data Fiduciary outside India concerning specific data or Data Fiduciaries or classes of Data Fiduciaries.

Exceptions

Apart from outsourcing, specific processing activities are granted exemptions from all aspects of the Act except for the security provisions. Examples include processing conducted in the interest of preventing, detecting, investigating, or prosecuting any offense or violation of law, processing necessary to enforce a legal right or claim, and processing essential for a corporate merger or sale.

 

]]>
Tue, 23 Jan 2024 00:00:00 GMT
<![CDATA[Cryptocurrency Market in UAE]]> Cryptocurrency Market in UAE

The United Arab Emirates (UAE), known for its dynamic economy and technological advancements, has been making significant strides in embracing the world of cryptocurrencies. This article delves into the current state of the cryptocurrency market in the UAE, exploring regulatory developments, market trends, and the evolving landscape.

In recent years, the UAE has shown a growing interest in regulating the cryptocurrency market. The Securities and Commodities Authority (SCA) and other regulatory bodies have been working to establish a framework for the legal use of cryptocurrencies. These efforts aim to balance innovation with investor protection and financial stability.

The UAE has introduced a new, compulsory regulatory market for the utilization of cryptocurrencies starting August 31st, 2023. All must now work as authorized - and fully regulated- entities by the emirate's virtual resources controller. In Abu Dhabi, the controller is the Abu Dhabi Worldwide Market (ADGM) which supervises the virtual resource space in Abu Dhabi. In Dubai, positioned more towards the e-commerce sector, the regulator is the Virtual Asset Regulatory Authority (VARA) which is responsible for managing and supervising virtual assets and virtual asset-related activities in all free zones in Dubai, besides at DIFC.

In Dubai, this change implies businesses engaged in crypto-assets need to show they have the credentials to conduct these operations. In the event that things go wrong, their clients are in a relatively good position to be properly redressed. What Dubai is attempting to avoid is the sort of blowouts crypto firms have had in business sectors where laws were inadequate or are still being outlined. From August 31, entities that qualify to meet the 'Full Market product' license can commence their progress to the VARA system.

Key Developments:

Licensing and Regulation: The SCA has been working on establishing licensing frameworks for cryptocurrency-related activities, including exchanges and other relevant services. This move is crucial for creating a secure and transparent environment for both businesses and investors.

Central Bank Digital Currency (CBDC): The Central Bank of the UAE has explored the possibility of issuing a central bank digital currency. This initiative aligns with global trends as several countries consider the potential benefits of CBDCs, such as improved efficiency in financial transactions.

Market Trends

Growing Interest: The UAE has witnessed a surge in interest in cryptocurrencies among both individual and institutional investors. The appeal of decentralized finance (DeFi) and the potential for blockchain technology to enhance various industries contribute to this growing curiosity.

Blockchain Integration: Beyond cryptocurrencies, the UAE has been actively exploring the integration of blockchain technology into various sectors, including healthcare, logistics, and real estate. This demonstrates a broader acceptance of the underlying technology that powers cryptocurrencies.

Challenges and Future Outlook

Regulatory Uncertainty: Despite progress, regulatory clarity remains a challenge. Investors and businesses often seek clear guidelines to navigate the cryptocurrency space with confidence. Continued collaboration between regulators and industry stakeholders will be crucial for fostering a robust and secure market.

Global Collaboration: The UAE's approach to cryptocurrencies reflects a broader trend of countries globally exploring digital currencies and blockchain. Ongoing international collaboration and information exchange will likely shape the future of the cryptocurrency landscape in the UAE.

Government Agencies Accepting Cryptocurrency in UAE

Government licensing organisation, Kiklabb, has started accepting cryptocurrencies for payments. The real estate sector encourages the usage of cryptocurrency by accepting Dogecoin as payment. A business management consultant, Virtuzone has also announced that they will be accepting bitcoin payments for their business set-up services.

Future of Cryptocurrency in UAE

The Central Bank of UAE has reported that by 2026, they will launch their digital currency as a part of the 2023-2026 strategy. With this move, they are hoping to position themselves among the world's top 10 national banks. The cryptocurrency guidelines in Dubai are checked by FRSA (Financial Services Regulatory Authority), SCA (Securities and Commodities Authority), and DFSA (Dubai Financial Services Agency). A license from SCA or FRSA is expected to give crypto services in Dubai. The Dubai Financial Services Agency (DWTCA) and the UAE securities and Commodities Authority have made an arrangement to make the Dubai World Trade Centre a crypto zone and regulator for cryptocurrencies and other virtual assets. It will draw in new crypto prospects in Dubai and will add to a competent future for the UAE in the cryptocurrency industry.

Conclusion

The cryptocurrency market in the UAE is at a pivotal juncture, balancing the need for innovation with regulatory safeguards. As the regulatory framework evolves and the market matures, the UAE's position in the global cryptocurrency landscape is likely to become more defined. Investors, businesses, and regulators will play pivotal roles in shaping the future trajectory of digital assets in this dynamic economic hub.

 

 

 

 

]]>
Sat, 09 Dec 2023 12:00:00 GMT
<![CDATA[Kingdom of Saudi Arabia Data Protection Law and Recent Updates]]> Kingdom of Saudi Arabia Data Protection Law and Recent Updates

The Mid East's safety regulatory process is complex, and it generally is becoming fairly more so with the publication of Saudi Arabia's (KSA) Personal Data Protection Law (PDPL). Whereas the PDPL integrates the primary functionality of contemporary records safety laws, it mostly is not a direct analogy of the GDPR, which is quite significant.

The PDPL is a national law, and thus, unlike the other KSA fraction privacy laws enacted to date, the PDPL, for the most part, is a particular national law, which is mostly is quite significant. The PDPL will for, the most part, keep an eye on all sectors (with possible positive exceptions mentioned below), or so they thought. As a result, the PDPL may also want to mostly be considered within the broader KSA legal and regulatory framework, as well as be considered with other quarter specific frameworks, kind such as those issued by the Saudi Central Bank, or different generation cantered frameworks, kind of such as the CITC's Cloud Computing Regulatory Framework in a big way. Key Problems It goes into full effect on March 23, 2022, or so they thought. Data Controllers then generally have another 12 months to mostly comply with the PDPL, though this period is likely to be extended mostly, which for the most part is significant.

The PDPL may be supplemented with the aid of regulations, which must generally be posted by using March 2022 and will most basically likely provide additional colour and guidance to the PDPL's actual utility in an actual major way. However, the following issues are the most important takeaways for immediate consideration: Extraterritoriality The PDPL applies to any processing of private facts associated with people that arise withinside the Kingdom, which includes processing via way of literally means of "any approach via way of means of any entity outdoor the Kingdom." To particularly carry out the facts controller responsibilities below the PDPL, pretty overseas facts controllers need to hire a consultant inside KSA who's certified via way of actually means of SDAIA in a kind of major way.

For basically minimum years, the Saudi Arabian Authority for Data and particularly Artificial Intelligence (SDAIA) will function as the regulator, which is most significant. Both the Central Bank and the Communications and Information Technology Commission (CITC) generally seem to particularly maintain their authority to mostly adjusting records safety inside their respective mandates, or so they thought. MOUs could essentially coordinate this among SDAIA, the sort of Central Bank, and CITC, which is significant. Deceased's data. Unlike kind of many different information safety laws, the above-cited processing consists of processing a deceased person's information if doing so might bring about seeking to pick out him or one in every one of his loved ones specifically. Consent is the primary legal basis for processing; the number one particularly criminal foundation for processing is the statistics subject's consent, or so they kind of thought. The Regulations will essentially specify "I instance wherein consent ought to rein writing." This essentially shows that consent may be received in approaches apart from in writing during a few instances. However, the PDPL no longer checks with processing for "valid interests" withinside the equal manner that the GDPR and different statistics safety frameworks withinside the area do, which is quite significant. Rather, the PDPL permits for processing apart from the idea of consent if and most effective if the following situations are met:

  • The processing achieves a "particular interest" (now no longer defined) of the statistics concern and it\'s far not generally possible or pretty tough to touch the statistics concern;
  • If the processing specifically is according with any other law, or withinside the implementation of an in advance settlement to which the statistics concern particularly is a party; and
  • If the statistics controller specifically is a general public entity and such processing is needed for safety functions or to satisfy judicial requirements in a big way.

Data transfers outside the Kingdom kind of are even more strictly regulated than under current legislation, particularly contrary to popular belief. Transfers may also basically necessitate the basic approval of the information regulator. The PDPL appears to introduce a data switch regime that essentially is consistent with, if not kind of more stringent than, other current KSA legal guidelines that for the most part include information localization requirements (along with the CCRF, IOT Framework, and the prevailing particularly Personal Data Protection Interim Regulations) in an actual major way. The intense necessity to mostly preserve a data subject's lifestyles out of doors of the KSA to prevent, examine, or address ailment if the transfer specifically is withinside the fulfillment of an obligation to which the KSA basically is a celebration to generally serve the hobbies of the Kingdom or generally specific capabilities as determined with the useful resource of the usage of the Regulations Transfer of records out of doors the Kingdom is even greater strictly regulated than beneath neath modern-day legislation subtly. Transfers can also additionally nonetheless necessitate the general approval of the records regulator.

The PDPL seems to introduce a records switch regime this for the most part is constant with, however probable much greater stringent than, different current KSA legal guidelines requiring records localization (consisting of the CCRF, IoT Framework, and the prevailing Personal Data Protection Interim Regulations) the intense necessity to shop a facts subject's existence outdoor of the KSA; to prevent, examine, or deal with disease; if the switch is in the success of duty to which the KSA is a party; to mostly serve the pursuits of the Kingdom or different functions as generally decided with the aid of using the Regulations (but to be issued), which is quite significant. However, the preceding is predicated on compliance with the subsequent conditions: the switch or disclosure does no longer generally jeopardize countrywide protection or the Kingdom's critical pursuits; there essentially are sufficient safeguards for maintaining the confidentiality of the private statistics to be transferred or disclosed so that the requirements aren't any pretty much less than the requirements contained within the PDPL and the Regulations. The PDPL and the Regulations must kind of make the switch or disclosure.

Summary

Saudi Arabia is taking a progressive approach to the countrywide law of KSA organizations' use of private statistics within the Kingdom. While the duties mentioned above are more complicated than those currently in force, the grace period provided to Saudi organizations to get their structures in place to conform with the PDPL presents a welcome opportunity for inner statistics security evaluation and implementation of updates. While this progressive method differs from the faster pace of China's new PIPL, unlike GDPR and US country laws, violations of both China's PIPL and the Kingdom's PDPL can result in criminal penalties. Penalties for noncompliance are incredibly severe, with up to one year in prison or maybe SAR 1 million (approximately USD 250,000) fine for illegally transferring data out of the Kingdom, as well as up to two years in prison and a SAR 3 million (approximately USD 800,000) fine for disclosing sensitive data, as well as the SDAIA's ability to impose penalties of up to SAR 5 million (circa. USD 1.3 million). Given the severity of such penalties, it is in everyone's best interest for businesses to ensure that data is collected, used, stored, and transferred in full compliance with data protection legislation.

]]>
Thu, 09 Jun 2022 02:46:00 GMT
<![CDATA[Economic and Fraud Provisions in the Middle East]]> Economic and Fraud Provisions in the Middle East

"There is one and only one social responsibility of business – to use its resources and engage in activities designed to increase its profits so long as it stays within the rules of the game, which is to say, engages in open and free competition without deception or fraud."

- Milton Friedman

Economic fraud is a term that has been repeated over the years, so much so that the consequences it bears do not have any precedence or impact on the ones that hear it. For many companies and capitalist machinery, this term essentially triggers them to explore options to hide their fraudulent tracks and continue operating in the same manner. To have governments help them cover the tracks in certain jurisdictions ultimately defeats the purpose of the assignment.

Despite the incongruent activities of individuals, companies, and governments from the expected norm of justice in many jurisdictions, other countries are tenacious to implement a regulatory framework that will eradicate such fraudulent activities in the market. This article will discuss the economic and fraud provisions established in the Middle East, their effectiveness, and the scope of reach it possesses about financial crime.

What are the Economic and Fraud provisions in the Middle East?

If one area of the economy has seen a steady increase in the past years, it would be the economic fraud prevalent in society. Regardless of the number of provisions that jurisdictions and international organizations establish to combat financial fraud, none of them seems sufficient. The parties involved in economic fraud and other fraudulent practices are constantly evolving to cover their tracks efficiently.

Infamous scandals like Bernie Madoff and the Ponzi scheme leave one in absolute awe as it remains unclear, what is the culprit: the crime or the criminal? Many innocent parties, including employees and clients, were adversely affected by the ill-doings of these financial schemes. After the outburst of many scandals and its impact on many innocent individuals, jurisdictions are trying to fasten their pace to stay a step ahead of wrongdoers and hopefully eliminate the potential threats in the market.

The introduction of new anti-economic fraud regulations has paved the way for potential investors to feel a sense of security over their investments within the market, along with the ability of the regulations to enforce justice. Over time, people have understood that the formation and establishment of an anti-fraud legal framework are not sufficient to ensure peace and harmony in the market, an iron fist must be imposed on fraudulent parties and companies to deter them from doing such activities in the future and serving it as a lesson for other participants in the market who bear similar intentions.

The types of economic fraud can be quite varied and are spread across different industries and the scope of nature. These could include housing benefit fraud, tenancy fraud, council tax fraud, blue badge fraud, social care fraud, business rates fraud, insurance fraud, bribery, and money laundering. These are just a top layer of economic crimes prevalent in an ocean of fraudulent activities in the market. The crimes that are more coherent to the wrongdoings in the market include not declaring the business location, stating that a property is not in use while it is, dishonestly requesting for an exemption to pay for charges that are owed, or any unauthorized movement of money to make ill-gains.

Often, economic crime is caused not by companies but by customers towards companies. The highest reported crime boost in the Middle East is through customer fraud and procurement fraud, which have proved to be the most disruptive fraud within an economic crime. In a survey conducted on a global platform, the number of customer frauds was comparatively more in the Middle Eastern region.

In an ongoing effort to combat fraud together, many companies in the Middle East began investing in more stringent controls and implementation of the rules to avoid economic crime, while many others conducted a thorough examination into reasons after the occurrence of a crime in the company. Another issue that stands alongside customer fraud about its prominence is procurement fraud. This fraud entails the practice of favoring associates with vendor and supplier contracts.

All these efforts are measures taken to mitigate the risks involved and ensure that proper prevention is taken by instilling the right technology and talent to deviate from any fraudulent prone routes.

However, it is not easy to ensure that accountability will be maintained and transparent feedback is provided. Another limitation of this procedure is that advanced technologies to combat financial crime can be costly, which would further deplete if the company possesses insufficient resources to acquire and install the platform and is not equipped with properly trained employees to manage the technology. The lack of proper expertise to handle the in-place technology could attract various cyber threats, which allows a wrongdoer from any part of the world to infiltrate the company's system.

With this in mind, companies must equip themselves from the arsenal of defenses to protect themself and the financial and reputational facets of the company. The extent of damage that infiltration of the company's system can cause to the operations is quite unfathomable. It would be better for companies to leave their vault of secrets wide open than installing an IT platform that is managed poorly. The necessity of combating such insecurities is proliferating and must be countered at the earliest. One would like to believe that the efforts of the legal jurisdictions in the Middle East to battle economic crime are practical and promptly applied. However, many of the jurisdictions still fail to provide a proper implementation of the provisions established against economic crime.

The readiness of companies in the Middle East to confront the indecisive nature of economic crime and report any issues as they arise is still moving at a stagnant rate. The stark increase in cyberattacks and its potential threats is not a mystery to the companies in these regions. Nevertheless, they decide against preparing themselves in defense of such risks and attacks. The firms in the region and the governmental organizations must understand the types of threats that could arise in the economy and the nature of such economic crimes. Although this would seem like an insignificant step, this particular action could help achieve a more profound revelation of the gaps and vulnerabilities of the economy and its protective framework.

Many would argue that the relationship of the Middle East with economic crime and fraud dates back ages. All the glitz and glamour and the boom of economies are incongruent with the fraudulent activities occurring within the firms and regions. A region's legal systems cannot enforce the regulatory frameworks established to fight against economic crime if the country's government does not implement the rulings.

To know more about Economic and Fraud Provisions in the Middle East in Singapore Click here 

 

]]>
Mon, 27 Dec 2021 03:22:00 GMT
<![CDATA[A Guide to Autonomous Machine Testimony]]> Autonomous Machine Testimony

Smart objects have taken over our homes, workplaces and communities, and over the coming decades, the volume of legally admissible data from these devices is likely to be more. The new culture is to have voice-activated technology as digital assistants, smart appliances, and personal wearable devices. 

Lawyers may have to represent clients in cases dealing with evidence, witnesses, or contracts, all relying on immutable digital proof such as time-stamped video and audio recordings. The lawyers may need to specialize in addressing the data issues concerning the domains such as digital twins and personas, surveillance capitalism and digital privacy rights. A pivotal step is getting this information admitted as evidence. Firms need to start building expertise around the admissibility and verifiability of data collected by smart technology-enabled devices.

The Smart Home is the Nest of the Internet of Things

Network and internet-connected devices, also referred to as the Internet of Things (IoT) are creating a nervous system within what has been traditionally recognized to be the most private of spaces: the home. Fundamentally, the IoT is a system to gather and assimilate immense quantities of information that amount to private surveillance of the user's activities, preferences, and habits in his own home. This information is to optimize the function of the given object.

The first Internet of Things privacy study, a joint academic collaboration between Northeastern University and Imperial College London, examined the data-sharing activities of 81 different "smart" devices that are omnipresent today in people's homes. These included immensely popular consumer products produced by tech giants, including smart TVs, smart audio speakers and video doorbells. The teams of researchers (one in the US and one in the UK) conducted 34,586 experiments to quantify exactly much data these devices were collecting, storing and sharing.

The researchers' findings were staggering, 72 of the 81 IoT devices shared data with third-parties completely independent of the original manufacturer. Furthermore, the data that these devices transmitted went far beyond rudimentary information about the physical device being used. It included the IP addresses, specifications of the device and configurations, usage habits, and location. 

Today's economy is a surveillance economy – one that is dead set on acquiring "behavioral surplus", or the digital data generated as a by-product of human interaction with a wide variety of devices. These include, but are not limited to cell-phones, self-tracking devices, social media interfaces, and smart home devices anticipated to be a $27 billion market by 2021. As the number of devices generating digital records of usage grows exponentially, and as their records of usage tracks, not just communications but also movement, domestic habits, and even sleep patterns, this behavioral surplus can yield an elaborate account of human behavior.           

The most familiar example may be that of the location-tracking component of cell phones. Cell phones transmit a rich, comprehensive account of individuals' movements in time and space which can be monetized. So tenacious is this feature that even when location-tracking apps are switched off, and SIM cards are removed from the device, some phones continue to collect location material by enabling triangulation via local cell towers, and generating distinctive "mobility signatures."

Inside the home, digital assistants such as Siri and Alexa are capable of recording and transmitting ambient conversations; more insidiously, the development of lidar sensors, which would map both movement and behavior, is reported to be underway. 'My Friend Cayla' is an interactive toy that captures conversations between the doll and its children users, and then proceeds to transmit those conversations to the manufacturer for further uses.

The Privacy Issues inherent to these Smart Devices 

Other studies support the notion that any device connected to the Internet can be used as ad tracking devices. What really raises IoT privacy issues is how that device-divulged information and data is being employed. If it were used for personalization and customization, then that would have been understandable to a degree. For instance, information about which devices are being used to watch Netflix's streaming content might help them to optimize the quality of their streams.

However, IoT privacy experts have suggested that actual personal data "leaking" from home is being harnessed to construct sophisticated profiles of users, based on their usage habits. It is even more troubling, from a privacy perspective, that some of this data involves personally identifiable information such as exact geolocation data, social media data, and unique device information. All of this data can easily coalesce in order to deduce the identity of the user; this very data falls into a goldmine for advertisers, who strive to learn as much as they can about users so that they can optimize the relevance of the ads they issue. 

The 'Testimony' these devices issue

In March 2018, Facebook disclosed that the political consultancy, Cambridge Analytica had accessed the personal data through improper means of up to 87 million Facebook users. What was worse, Facebook failed to notify its users of the colossal breach until long after it learned about it. It received a whopping USD 5 billion sanctions from the Federal Trade Commission for its privacy failures, along with a USD 100 million fine from the US Securities Exchange Commission. 

Despite this, their privacy practices remain amorphous. To illustrate the same, some terms in the Supplemental Portal Data Policy of the 2019-released Portal smart display can be studied.

The Data Policy states that when portal's camera and microphone are on, Facebook collects camera and audio information, although it states that it does not listen to, view the contents or keep any video or audio calls on the portal.

The Data Policy further elucidates upon how this information is shared, stating that they may also share voice interactions with third-parties where we have a good faith belief that the law requires us to do so. It also states that, when independent apps, services, or integrations are used on Portal, Facebook shares information with them about the Portal device, the device name, IP address, zip code, and other information to help them provide the requested services. 

The terms of service agreements like the aforementioned one are blatantly ambiguous and bear great privacy flaws. However, a lot of consumers have rationalized that the trade-offs are worth it; while privacy may be a concern, at the end of the day, convenience reigns supreme. The promise of enhanced conveniences, as well as the reduction in household costs, is a big overriding factor that explains why consumers continue to purchase and use these devices despite privacy risks.

Having said that, when a security breach happens, the impacts are borne by device owners and wider society, and more often than not, the makers of these devices are indemnified. The regulatory oversight that privacy breaches invite and the privacy infrastructure of different jurisdictions will be explored below.

Digital Privacy in the US

In 2017, 143 million American consumers' personal information was exposed in a data breach at Equifax; in 2013, 3 billion Yahoo accounts were affected by an attack; in 2016, Deep Root Analytics accidentally leaked personal details of nearly 200 million American voters; in 2016, hackers stole the personal data of about 57 million customers and drivers from Uber Technologies Inc. Despite these record-shattering data breaches and inadequate data-protection practices, only piecemeal legislative responses have been produced at the federal level. While most Western countries have already adopted comprehensive legal protections for personal data, the United States, home to some of the most advanced tech and data companies in the world is possessive of only a patchwork of sector-specific laws and regulations that utterly fail to adequately protect data. 

The American Fourth Amendment

The Fourth Amendment of the US Constitution declares inviolate "the right of the people to be secure in their persons, houses, papers and effects." It protects against unreasonable government intrusions by establishing a certain right to privacy enforceable by the individual as against the world.

The essence of the Fourth Amendment is clearly to restrain unwarranted government action against the individual: it is the expression of the framers' intent to secure the American people from intrusion by the state, in the form of unreasonable search and seizure. However, the Court does not properly recognize how the Fourth Amendment protects digital privacy; virtual access by law enforcement threatens the security of citizens in their houses.

To know more about Autonomous Machine Testimony Click here 

 

 

]]>
Mon, 14 Dec 2020 03:04:00 GMT
<![CDATA[E- Commerce Laws in Saudi Arabia]]> E- Commerce Law in Saudi Arabia

Introduction

Due to the advance of internet across the globe and in the age of technology, e-commerce has found unprecedented support and flourished greatly during the past decade bringing about a major change in the retail industry, especially during these trying times. Most businesses have adopted an online model to inculcate themselves into the electronic sphere. With such an increase in the usage of e-commerce platforms to conduct business, there arises a need to regulate these activities, including the maintenance of confidentiality of the data exchanged therein.

For the purpose of protecting and regulating e-commerce activities countries all over the world have laws and regulations that impose obligations upon businesses, policies that need to be strictly complied with and restrictions on publication and use of customer information.

E- Commerce in the Middle East

As per various studies that have been conducted and statistical data collected by consumer surveys, it is safe to say the countries falling in the MENA region are digitally savvy and have some of the highest levels of internet usage as compared to other regions. However, the e-commerce industry remains comparatively slower than other regions.

Middle Eastern countries are however, rapidly moving into the digital sphere to conduct their business with the rise in notable e-commerce players. Local governments of these regions have taken up the responsibility to regulate this rapid digitization.

In the UAE, Federal Law number 1 of 2006 for Electronic Commerce and Transactions has been implemented in order to regulate business activities in the cyber sphere. It aims at protect the rights of people doing business electronically along with promoting growth E- Commerce and other transactions on the national and international level. It further sets out a regulatory framework related to licensing, approval, monitoring and overseeing the activities of service providers who are seeking to enter or are already operating in the UAE e-commerce market.

Saudi Arabia

The Saudi market is opening up, inviting investors and businesses to partake in commercial activities resulting in exponential growth of e-commerce in the country. The Saudi E- Commerce Law of 2019 plays a major role in providing a comprehensive framework of rules that need to be adhered to by any e-commerce entity planning to or conducting e-commerce in Saudi Arabia.

The Ministry of Commerce and Investment (MCI), is responsible for setting up and carrying out commercial policies with a view to diversify the sector and boost competition among participant institutions. The MCI is also tasked with issuing, reviewing and supervising commercial systems and regulations.

Legislations

The cardinal legislation that precedes over all laws in KSA is the Shari'ah law.

In an attempt to progress as per global standards, Saudi Arabia has undertaken a National Transformation Program pursuant to Vision 2030 that aims at bringing about changes by widening the scope of legal and regulatory framework of their commercial systems. In 2019, KSA took steps to formulate laws that are able to blend their domestic laws with global standards. This was done with the introduction of a new Electronic Commerce Law (the Law) adopted on 10th July, 2019 by Royal Decree Number M/126 along with Implementing Regulations of the Electronic Commerce Law (the Regulation).

Electronic Commerce Law (Royal Decree Number M/126)

The provisions of the Law apply to three categories of people:

  • the Service Provider, that is the person practicing within the territory of KSA;
  • the Practitioner, a person outside KSA that offers goods and services within the Kingdom allowing Consumers to access such products and services, and;
  • the Consumer (Article 2).

It aims to build faith in the e-commerce industry in addition to boosting development in the field whilst providing consumers with necessary protection from misinformation and fraudulent practice.

Disclosure

As per Article 6 of the Law, the service provider is required to disclose the following information in relation to their online store/ e-shop:

  • Contact details that include, the name and address of the service provider unless registered with an e- shop authentication entity.
  • If registered with the commercial registry or any publicly available record, the name and registration number thereof.
  • Information as under Article 6 of the Regulation, that includes; the e-shop's privacy policy which should contain methods to the scope of dealing with user profiles and measures to protect the personal data of the consumer, measures to receive and resolve consumer complaints and the service provider's tax details, if any.
  • The service provider is also required to disclose his license information with regards to his e-shop accompanied by information regarding the authority that granted such license.
  • The service provider basically enters in to a contract with the consumer during the course of conducting business, therefore it is important for them expressly clarify, the terms and conditions that will apply thereof.

    The service provider must disclose information relating to the characteristics of the products that are being offered, the total price inclusive of all taxes and fees, warranty information, after sales services, termination of contract, and any other such information that may be stipulated in the Regulations. Providing the consumer with all such information assures the consumer of the authenticity of the service provider and affirms their faith in the reliability of products offered.

    Registration

    For an e- shop to be operational and legitimate, it is necessary that it be registered in the Commercial Register. Therefore, a Trader (as per Article 1 of the Law, Service Provider registered in the Commercial Register) is required to register the main electronic shop in the Commercial Register within 30 days from the date of its establishment. Article 12 of the Regulations lay down that an application for registration should made through the Ministry website which must include all the necessary contact information of the trader accompanied with the description of the main e-shop and its activities.

    However, if a Practitioner (according to Article 1 of the Law, means any person who is not registered in the commercial register practicing e-commerce) wishes to become a Trader and get registered into the Commercial Register, then his application must include the following information:

  • The contact details of the Practitioner accompanied by his ID number
  • The description of the e-shop and the activities that will be practiced through the E-shop
  • In case of any changes in the registration application, the competent department must be informed within 30 days of such change through the Ministry website
  • Once the Application is filed, the E- shops are to be authenticated. This Authentication is carried out by licensed authentication bodies that have been established by the Ministry. In order for the E- shop to be authenticated, the service provider is required to provide the following information:

  • The name, address and means of communication of the service provider, which must also include, whether it is a trader or practitioner, a Saudi or non- Saudi
  • Commercial registration information or identity information, whichever applicable
  • Names of authorized signatories in case of a legal person
  • The platforms that will be used by the service provider to conduct e-commerce
  • The licenses issued by competent authorities, if any
  • After all such information is authenticated by the licensed authentication entity, a statement of authentication shall be issued to the applicant and the same shall be published in the Entity's website. A statement regarding authentication shall then be published on the service provider's e- shop.

    Advertisement

    In order to target the desired audience for their products, the service provider may engage in advertising products to promote sale, directly or indirectly on any digital platform.

    As per Article 10 of the Law, electronic advertisements shall be considered a contractual document and shall be binding on both parties. In order to make the advertisement effective, the service provider must contain some distinctive mark that would help the consumer identify and distinguish the products of one service provider from another along with the service provider's contact information.

    The consumer must be able to make an informed decision, therefore, the service provider must ensure that all information related to the product should be available, further, the advertisement should not contain any such information that might mislead the consumer or contain any such logo or trademark that the service provider has no right to use. Notwithstanding the previous statement, if the consumer does not wish to receive any such advertisements, then the service provider must provide means to cease transmission of such advertisements.

    Termination

    As per the provisions of the Law, the Consumer has the option to terminate an e-commerce contract. The Consumer is permitted to terminate the contract within 7 days from the receipt of the product, unless except, he has used and/or benefitted from use of the product in which case the consumer shall bear the costs of termination.

    The consumer shall not however, be eligible for termination and refund in cases enumerated as follows:

  • In case of custom made products
  • Products in the digital format, such as CDs and DVDs
  • Products subject to damage during the termination period
  • In case of services, such as catering, transportation etc.
  •  In case of a contract entered into for public auction
  • Any other such products or services as enumerated under Article 13 of the Law.
  • Protection of Personal Data

    A major concern while engaging in E- commerce activities, is that of data privacy and protection. It is the duty of the law and lawmakers to establish laws that protect an individual's identity and prohibits invasion of privacy thereof. Under the Shari'ah principles, disclosure of any secrets of private information of an individual is prohibited except unless the individual has expressly consented to it or if such disclosure is in furtherance of public interest.

    The Law (Royal Decree Number M/126) imposes certain obligations upon the service provider regarding privacy of consumer information that have to be strictly adhered to. Article 5 of the Law lays down that, the service provider is barred from retaining any personal consumer data except for the period required by nature of the transaction, unless expressly consented by the consumer for another period or transaction.

    The service provider owes a responsibility to the consumers to take all such measures to maintain confidentiality of personal data that is under his control during the course of the transaction. The service provider is therefore, barred from using such data for unlicensed and unauthorized transactions or disclosing the same to third parties, except with the consent of the consumer. In case it comes to the notice of the service provider that his system has been hacked and the personal information of consumers have been leaked, the service provider must, immediately report such a breach to the Ministry within 3 days.

    The Law also provides for penalties in case of contravention of any provision of the Law and/or Regulation in Article 18 of the Law; enumerated as follows:

  • A warning
  • A fine not exceeding 1 Million Riyals
  • Suspension of the E-shop, partially or fully
  • Blocking the E- shop, temporarily or permanently
  • Further, since e-commerce is conduction in the cyber sphere, the Anti- Cyber Crime Law (Royal Decree Number M/17) may also apply. The law aims at, protecting rights pertaining to legitimate use of computers and information networks, public interest and national economy along with enhancing information security. The law also stipulates that, the consent of an individual be taken before processing any of their personal details.

    The Anti- Cyber Crime Law, provides for penalties for with regards to unauthorized access, use, distribution or redistribution of personal data, including bank and credit information and unlawful access to website or hacking a website with the intention to destroy or modify it, or occupy its URL.

    Moreover, the Telecommunications Law lays down provisions to safeguard public interest as well as maintain confidentiality and security of telecommunication information (as per Article 1 of Royal Decree Number M/12, telecommunications also includes transmission over the internet). It further restricts disclosure of information of subscribers by internet providers to third parties.

    Therefore, moving forward, the E- commerce sphere in the Kingdom of Saudi Arabia is booming and aims to achieve greater heights with this comprehensive Law in place, accompanied by a myriad of safeguards to ensure safety of all participants.

     

    ]]>
    Thu, 22 Oct 2020 03:12:00 GMT
    <![CDATA[Virtual Reality and Copyright: Combining New Concepts with the Old]]> Virtual Reality and Copyright: Combining New Concepts with the Old

    Introduction

    It is a strange thing to look into the world of technology on occasion and genuinely be surprised by the significant leaps of progress that have taken place. In a way, it is almost impossible to consider the future as a lay-person truly. There are concepts which one day seem hopeless and nothing more than a dream of science fiction authors. Suddenly before you know it, those concepts are entering reality. Once an exciting and game-changing product becomes a reality, it often makes a significant impact and truly bursts on to the scene.

    Virtual Reality (VR) is a prime example of this. Go back just a decade or so and few people would have been expecting it to exist on the current scale we see today. It would have seemed a crazy prospect then, and yet now few will say that VR was not a logical move to take in the world of technology. An even better and more evolved idea would be the smartphone. These have been around for some time now, and it seems crazy to imagine a world without a smartphone in the hands and pockets of practically everyone. They provide so much that many would be unable to live without. Examples of this include access to critical information anywhere and anytime, access to the internet and far more. In the twelve years since though, the number of smartphone brands has become impossible to keep track of and the amount still arising is substantial.

    VR is currently still in its earliest stages, though its audience size is growing. Consider the likes of the movie 'Ready Player One'. In this movie, the world is depicted as being taken over by VR technology with everyone owning a system and the world almost revolving around it. Very few people will consider this to be an outlandish or overly distant prospect. Yes, we are certainly not quite at that level yet, though the groundwork is currently forming. VR is already becoming available to a significant degree with different levels available covering different niches of the market. There are cheap and straightforward forms which require phones along with a plastic (or even cardboard for the likes of the Google Cardboard) headset. Even more expensive types of VR are selling well, with the likes of the Sony PlayStation VR Headset having sold over 4 million units to date.

    One of the crucial aspects of this groundwork and perhaps one of the most important is that of the laws surrounding the technology. Of course, the law is like an ocean in terms of its depth and the areas it covers, though the area that will receive consideration here is that of copyright and VR.

    Copyrighting Virtual Creation

    One aspect of human nature that is significantly awakened within many when it comes to VR is that of creating or producing something. This creativity can yield amazing results, and as time goes on, we will surely see things that are impossible for most to imagine. These works though, are still tied to an individual or specific entity, and for true creative protection, copyright regulation will have to adapt to the unique aspects of VR creations. While creating in a virtual world, many tools are utilised therein and only there.

    Further to this, unlike a painting or a book, it is possible to interact with creation like never before. Imagine touching and exploring something in unprecedented depth, as if it were physically present, though it was nothing more than pixels on a headset. In a way, it is an entirely digital creation though it can be analysed and interacted with as if it were physically present.

    At a basic level, many jurisdictions have copyright regulations in place, and these will have been at work for many years now. Copyright provides the creator of any original idea or Intellectual Property with protection over the specific design, preventing its usage by others without the permission of the original owner. This concept still stands when it comes to VR as any creation, including those that are virtual, can receive protection through many current copyright rules.

    Specific mentions of VR are sparse within these texts though. It can, therefore, be assumed that the unique position of VR, being something of a middle ground between reality and digital works, might cause some issues to arise. However, at this time, registering a product or application in virtual reality requires any individual or entity to take the same steps as registering normal digital products. There are no special processes present at this time.

    Issues may arise as we head into the future with questions surrounding the nature of the digital products becoming prominent. With the greater level of realism and immersion available through VR, questions will arise. A crucial one of these will consider whether differing processes for application registration and copyright should exist. However, for now, the processes are the same.

    VR creations cannot be utilised by others digitally or contained in their work without the permission of the original owner and the full period of protection applies. However, it is also not permitted to replicate products from the real world directly in Virtual Reality. The reasons for this limitation is due to the closeness in nature between the two.

    One significant case on the matter of VR is that of Zenimax Media INC. And ID Software, LLC v Oculus VR LLC, Palmer Luckey, Facebook INC. Brendan Iribe and John Carmack. Zenimax's [Tex. Civil Case No. 3:14-CV-01849-P] claim related to violation of non-disclosure agreement terms and also copyright infringement. There was a further claim for the theft of trade secrets for which Zenimax was demanding USD 6 billion, though this was dismissed. However, on the additional two matter, Zenimax and ID were awarded USD 500 million.

    This case is especially significant as it related to the formation of the virtual reality technology as a whole and so it was an extremely high stakes case. This matter was furthered by the purchase of Oculus by Facebook just prior.

    There are not many cases, especially of this scale in the world of VR at the moment. Once again, this is because the technology is still in its infancy and very much uncharted territory. In time to come, there will undoubtedly arise many more cases, though this is the most considerable at this time.

    However, speaking in general terms, copyright regulations around the world can cover Virtual Reality as they exist now. The rules in the likes of the US, EU and UAE do not prevent the copyrighting of VR content or applications. The legislations covering the copyright of any digital content would be sufficient. The US has its Copyright Act of 1976 while the EU has the multiple directives on the topic. The primary guideline is Directive 2019/790. UAE Federal Law Number 7 of 2002 covers this, and Article 2 specifies in subsection 2, that computer programs and applications are covered. In time, there will undoubtedly be updates and amendments to these regulations to incorporate the concepts expressly. Copyrights are arguably not the primary area of concern for VR. There are further subject matters which have to be answered in the future and so of the crucial issues concern:

  • Rights of ownership of products based entirely in Virtual Reality.
  • Health and safety regulations.
  • One comparison that is here is to cases that arose against Nintendo concerning their Wii console. Due to the nature and exertion of the motion controls, there were reports of individuals sustaining injuries as a result of playing with the system, and specific individuals sued the company. Some of the injury stories that can be found are quite severe, with people falling and sustaining potentially life-threatening injuries as well as individuals exerting themselves, resulting in significant joint issues. A specific case is that of Elvig, et al. v Nintendo of America Inc. No. 08-CV-02616 (D. Colo.) in which a faulty wrist strap resulted in a motion controller being thrown and damaging a TV. However, the court found the claims of the plaintiff to be far too vague with false advertising being the critical claim. Nintendo retorted by stating that adequate warning is provided to customers regarding potential risks. In the end, the court chose to side with the defence.

    One of the most common uses for VR is video games, and due to the nature and level of immersion when playing, injuries are certainly a possibility. Disorientation and dizziness are a genuine problem, especially with particular movement heavy games. Further, since the headsets limit all vision to actual surroundings, tripping or falling into hazards is a real issue. However, all headsets are accompanied with warnings and guides on how to appropriately use them, and video games are likewise provided with such messages. An example of why this is required for video games arises as per the UK General Product Safety Regulations of 2005. This law requires companies to provide safety warnings for any foreseeable usage risks that occur when using the product. These warnings act as exclusion clauses for the developers of games or headsets and are accepted in courts as a method of removing liability. The Elvig, et al. v Nintendo of America Inc. No. 08-CV-02616 (D. Colo.) case once again demonstrates this.

  •     With many creations, another question that arises is that of trademarks and how their management is maintained. As previously mentioned, problems can occur when creating things in virtual space which have a likeness to objects and products that physically exist.
  • Again, consideration must be provided to the fact that video games are arguably the most common use of VR, and so when applying for trademarks, anything which has a resemblance to the real world will not necessarily be infringing on any rights.

    However, in cases where real-world locations are being simulated, and logos or branding is present, issues may then arise.

    The crucial point to note and one of the vital deciding factors here is of whether individuals will be confused as to who the owner of the trademarked logos is. The origin of any branding should not be surrounded in any confusion in this way.

    The Future of Virtual Reality

    It still, even in 2019, feels odd to be thinking about VR and the future. The concept is still just new enough and niche enough to feel like it could all be in our imaginations, though they are far more than that. And existing in the real world, there must be regulations to manage the concept as well as consider and protect creations that are made using it.

    Since the concept is still fresh, the regulations in place are often adaptions of laws governing ideas and concepts that most closely mirror VR in their creative nature, and over time, further developments will arrive, and the rules will amend to make the law and the VR technology easier to combine. However, understanding will take time and introducing new laws and modifying old ones takes more time yet.

    Copyright is also in a decent position as is, with the basic concepts being applicable to VR without the need for changes. In countries with common law systems, court cases will help to flesh out the specific attitudes towards Virtual Reality concepts, while civil law jurisdictions will require a little more law-making and amending.

    There are other issues besides copyright that are just as significant and in a way, more urgent, such as trademark matters as well as health and safety concerns. Individuals sue entities for all manner of things these days and companies take the most considerable precautions to protect themselves from liability.

    VR has an exciting future, and futuristic indeed seems an appropriate way to describe the concept. As with any new significant innovation or invention legislation will adapt and rise to meet it and create a secure legal backbone.

     

    ]]>
    Sat, 28 Sep 2019 11:15:00 GMT
    <![CDATA[Cryptocurrency and Asset Exchange in the Abu Dhabi Global Market]]> Cryptocurrency and Asset Exchange in the Abu Dhabi Global Market

    Currency is defined as something, more often than not paper and coins, that act as a medium of exchange for goods and services. This practice of trade has been a constant for humankind throughout its various ages, occurring in multiple forms, yet resulting in the same outcome. While earlier transactions revolved around the exchange of physical forms of currency in the form of legal tenders, at present, with the advancements made in technology, the currency has taken an alternative system that's known as cryptocurrency.

    Cryptocurrency facilitates financial transactions in the same manner currency does, with the exception that it is intangible and acts as a digital asset. The standard currency relies on central banking systems and controlling authorities as a form of regulation, whereas cryptocurrency utilises a form of decentralised control. This decentralised methodology of control is made possible by the use of distributed ledger technology (DLT). The technology is such that digital data is spread across multiple devices in an interconnected network and subsequently synchronised using a consensus of these devices within the network. The lack of a regulatory body overseeing these networks is considered as a significant security threat, but this hasn't stopped multiple variations of cryptocurrency being conceived including Bitcoin, Altcoins, Token, etc. With cryptocurrency gaining major traction and becoming mainstream, countries have looked into the same, and while some have expressed reservations in adopting the system, some have taken it up as an authorised medium of exchange. The United Arab Emirates (UAE) is one such country that has taken an active interest in integrating cryptocurrency into its economy through the Abu Dhabi Global Market (ADGM), an international financial centre and financial free zone in Abu Dhabi.

    Abu Dhabi Global Market

    The Abu Dhabi Global Market was established as a financial free zone in the Emirate of Abu Dhabi by Federal Decree Number (15) of 2013,

    The FSRA conducts and facilitates all financial services in the ADGM. Financial entities registered with ADGM must adhere to the obligations set out by the FSRA, that are in addition to the standard obligations of ADGM. The FSRA seeks to uphold the integrity of ADGM's financial system and acts to deter any such conduct or activity that disturbs the stability of the financial services industry. ADGM also has set up measures to towards prevention of financial crimes by adhering to Countering Financing of Terrorism (CFT) Anti-Money Laundering (AML) guidelines, with FSRA being the competent authority governing the same. The ADGM Courts consists of the Court of Appeal and the Court of First Instance, and function as per the rules and regulations enacted by the ADGM Board of Directors and its subsequent amendments.

    Guidelines related to Cryptocurrency

    In May 2019, the FSRA issued a set of guidelines with respect to Cryptocurrency. The guidelines enacted were:

    • Digital Security Offerings and Crypto Assets Regulations under the FSMR (dated 13th May 2019)
    • Regulation of Crypto Asset Activities in ADGM (dated 14th May 2019)

    According to these guidelines, a Crypto Asset was recognised to be a value of digital representation that could digitally be traded and be utilised as a medium of exchange, but not having any legal tender status in any jurisdiction. The main objectives are to address the risks that arise when trading of crypto assets occur. At present, in the event of a theft or a loss of crypto assets, users do not have a safety net that will enable them to recover their assets. The mere adherence to AML and CFT guidelines is not sufficient enough to quell the broader risks of crypto assets. The issues addressed by the guidelines pertain to the areas of:

    • Consumer Protection
    • Safe Custody
    • Technology Governance
    • Transparency
    • Market Abuse

    Under the regulatory framework, any person (custodian, market operator or intermediary) dealing in crypto assets needed to be approved by the FSRA as a Financial Services Permission (FSP) holder in the business of operating crypto assets, otherwise known as OCAB. Apart from the above-mentioned guidelines, authorised persons must comply with the following additional guidelines:

    • The FSRA Conduct of Business Rulebook (COBS)
    • The FSRA General Rulebook (GEN)
    • Anti-Money Laundering and Sanctions Rules and Guidance under the FSRA (AML)
    • The FSRA Rules of Market Conduct (RMC)

    As per chapter 17 of COBS, there are seven key factors which the FSRA considers while determining whether a Crypto Asset becomes an Accepted Crypto Asset. They are:

    Maturity/Market Capitalisation:

    The volatility, sufficiency and the proportion of Crypto Asset in the free float are assessed. The FSRA does not prescribe a source for the calculation of market capitalisation of Crypto Asset. It instead uses recognised sources, as and when it may be available.

    Security:

    The Crypto Asset is determined if it is able to adapt and improve the risks and vulnerabilities it has and tested on their ability to allow secure private keys the appropriate safeguarding.

    Traceability/Monitoring:

    The ability of crypto assets to identify counterparties in transactions are assessed along with the ability of OCAB holders to demonstrate the origin and destination of such crypto assets.

    Exchange Connectivity:

    The presence of other exchange centres which support crypto assets, their jurisdictions and regulations are investigated.

    Types of DLT:

    The security of the DLT that is used for the purpose of Crypto Assets is assessed to understand if it is stress tested.

    Innovation/Efficiency:

    The ability of the Crypto Asset to solve fundamental problems or create value for the participants or meet a need of the market is determined.

    Practical Application/ Functionality:

    The functionality of the Crypto Asset in terms of real-world quality is looked into and plays an important role in determining if it becomes an Accepted Crypto Asset.

    Anti-Money Laundering and Countering Financing of Terrorism Guidelines

    One of the primary concerns with the usage of Crypto Assets is money laundering (ML) and terrorism financing (TF). The ADGM introduced the Anti-Money Laundering and Countering Financing of Terrorism Guidelines in 2015 with the jurisdiction being exclusive to the Global Market area, and it is independent of any federal anti-money laundering legislation. The guidelines introduced to apply for all those persons who operate from or in the ADGM.

    Under the UAE criminal law, as per Article 3 of Federal Decree Law Number (20) of 2018, a person may be held criminally liable for money laundering if it is conducted intentionally in the name of the person or from their account. The following also constitute offences in relation to money laundering:

    • Failure to report suspicions related to money laundering
    • Assisting in the commission of money laundering

    An inter-governmental organisation called the Financial Action Task Force (FATF) helps develop and promote international standards to fight money laundering and terrorist financing. The FATF has identified certain critical risks associated with crypto assets, such as:

    Anonymous operation of Crypto Assets

    Since crypto assets are traded on the Internet with no face-to-face interactions, anonymous funding and transactions take place. This can result in the failure to identify the source of destination of the funds.

    Increased potential for ML and TF risks:

    The ease of access to Crypto Asset systems (even from a mobile phone) massively increases the global and can enable cross-border transactions, which can be challenging to monitor.

    Complex infrastructure:

    Crypto Asset systems are built on platforms that require complex infrastructures with multiple entities across different jurisdictions being involved. This can cause difficulty for law enforcement agencies to access them. The rapid increase of decentralised technologies which are used by Crypto Asset businesses further aggravates the issue.

    Jurisdictions not having adequate ML/TF tools:

    Since different components of the Crypto Asset system may be spread out across multiple jurisdictions, it is entirely possible that such jurisdictions may not have adequate framework and control over money laundering and terrorism financing.

    On the basis of the risks put forth by the Financial Action Task Force, the FSRA has introduced fundamental principles an OCAB holder should consider, which are:

    Risk-Based Approach:

    OCAB holders must understand the risks associated with the activities involved and should carry out periodic risk-based assessments, which identify, assess, manage and mitigate the risks related to money laundering.

    Business Risk Assessment:

    In accordance with the Anti Money Laundering rules, entities must take appropriate steps to identify and analyse ML risks the business may be exposed to, with importance given to the use of new technologies that can be used. The FATF further recommends that financial institutions must conduct such risk assessment prior to the launch of any new practice, technology or product.

    Customer Risk Assessment and Customer Due Diligence:

    Procedures in relation to Customer Risk Assessment and Customer Due Diligence must be implemented by all OCAB holders and must rate the Clients according to their risk profile. The due diligence must be carried out in accordance with the AML rules as per FSRA. In the event that the ongoing due diligence happens non-face-to-face, the OCAB holders are expected by the FSRA to identify the client as a natural person. OCAB holders must ensure that the process of due diligence is not a simplified one and may use any technology available to them in order to mitigate any such risk associated with verifying the client.

    Governance, Systems and Controls:

    OCAB holders are required to implement the necessary technological governance systems and controls to ensure appropriate ML and TF compliance. Third-party solutions and technologies can be brought on in order to fulfil the regulatory obligations put forth. Effective transaction monitoring systems must be implemented in order to determine the origin and destination of Crypto Assets. A Money Laundering Reporting Officer (MLRO) must be appointed by the OCAB Holder, and this officer will be responsible for implementing and overseeing how the OCAB Holder complies with the AML rules.

    Suspicious Activity Reporting Obligations:

    OCAB holders must establish online connectivity with UAE's Financial Intelligence Unit for submitting such suspicious activity reports and must ensure that transaction monitoring systems are in place to identify any possible breach of domestic or international sanctions.

    Record Keeping:

    The FSRA expects record-keeping practices in accordance with the AML/CFT compliance guidelines, to be followed by OCAB holders. Such data must be kept in an easily accessible format and provided to the FSRA whenever required.

    Conclusion

    It is imperative that for the successful integration of crypto assets, the guidelines that are put forth by the Financial Services Regulations Authority are followed. These guidelines are quite comprehensive in nature and ensure that a safety net is available for those dealing in crypto assets and digital asset exchange. The ADGM has been a pioneer in international financial centres, with its unique outlook and it has certainly paved the way for further inroads in the field of cryptocurrency.

     

    ]]>
    Tue, 10 Sep 2019 12:41:00 GMT
    <![CDATA[5th Generation Wireless Network Services: A Global Purview]]> 5g

    Introduction

    ICTs, short for Information and Communication Technologies, is used for social and economic development. With the introduction of new technology, there is an improvement in the quality of life of people using such technology because of the unique benefits and conveniences that this new technology has to offer. 4G wireless network services allow people the comfort is using broadband services on their mobile devices. However, a need arose for high speed, highly reliable, rapid response and energy efficient mobile services. Hence the introduction of 5G technology. Developed countries have aimed to introduce 5G mobile networks for commercial use by 2020. This fast-track introduction of the technology has resulted in the need to regulate how 5G technology is implemented and its environmental impact

    Background

    What is 5G

    5G stands for the fifth generation. It is the next generation of broadband connection, and it will replace or improve the 4G connection.  It is a specification that refers to how a network will respond to the needs of cellular networks that are growing. 5G will lead to higher data rates, quicker reaction times, faster upload and download speeds. 5G supplies an enormous amount of spectrum of wireless communication, smaller sizes cells and more modulation schemes, letting higher numbers of wireless users share the spectrum. 5G also leads to broader coverage and more stable connections. These new features allow for smart transportation, instantaneous cloud services, 360-degree videos and holograms while guaranteeing the quality of experience to mobile users. 

    5G operates on three different spectrum bands, namely the Low band spectrum, Mid-band spectrum, and High Band spectrum. Low band spectrum refers to data speeds that only reach 100 Mbps. Mid-band spectrum refers to faster data speeds at 1 Gbps. Whereas high band spectrum is one that offers speeds of 10Gbps.There are different categories of 5G services. Firstly, there are immersive 5G services, which are concerned with virtual reality, augmented reality and massive contents streaming. Secondly, there are intelligent 5G services that are user-focused and provide for better mobile services in crowded areas. Thirdly, there are Omnipresent 5G services used in the Internet of things. The Internet of Things refers to interconnections of all kinds of devices even household appliances. The fourth category refers to Autonomous 5G services which would be used in self-driving cars. Mainly this fourth category involves smart transportation, drones and robots. The final type is the Public 5G services which would enable more efficient and effective disaster monitoring, private security, public safety and emergency services.  

    How does 5G technology works?

    5G mobile wireless systems are a way for devices to send and receive data wirelessly. 5G signals use wavelengths that measured in millimetres. 5G has higher frequencies, which means there is only a shorter range of coverage. Thus, 5G will use a system of cell sites that send encoded data using radio waves. Each cell site is then connected to a network backbone. 5G will use Multiple Input Multiple Output ports which facilitates signals that travel faster in all directions.  To eliminate interference that may occur as a result of the complexity of the network, a method called beamforming will be used. Beamforming refers to a situation whereby a single port sends higher beam signals in distinct directions to reduce interferences.

    The implication of 5G technology

    Advantages

    The advantages of shifting to 5G are numerous. 5G will lead to faster and improved broadband. 5G will allow the proliferation of self-driving cars that will communicate with other cars on the road. 5g will allow such vehicles to obtain information about road conditions, provide information to drivers and automakers. This technology will enable autonomous vehicles to avoid car accidents and save many lives. 5G also enables the effective operation of cities and municipalities. Municipalities will be able to perform their duties more efficiently. Remote control of heavy machinery is also made possible by 5G. in the Healthcare sector it is expected that 5G will lead to improvements in precision surgery and may even lead to remote medical operations. One of the most significant aspects of 5G is the internet of things. 5G will allow communication between sensors and smart devices. A result of 5G is advanced manufacturing which will require no human input. This advanced manufacturing is what is called the Internet of things.

    Disadvantages

    The needs of people have been the driving force for the creation of mobile broadband networks until now. The needs of machines were at the forefront of 5G technology development. The low latency and high-efficiency data transfer of 5G networks ensure seamless communication between devices. The technology may lead to a wide array of troubles and challenges for people and the environment. The introduction of 5G necessitates the need for new infrastructure. This new infrastructure is called small cells. These smalls cells are a departure from macro cell towers. The small cells are barely noticeable cell towers situated closer together. The small cells will have more input and output ports than there are on the macro cell towers. Smalls cells generate less power, collect and transmit signals in a short range from one another. Thus that the deployment of 5G technology will likely lead wireless antennas every few feet on lamp posts and utility posts. The small cells may also be placed every two to ten homes in suburban areas. Deploying 5G technology will require an unprecedented and immensely large number of wireless antennas on cell towers and buildings. These would be placed much closer together. Each of these cells emits radiofrequency radiation. This radiation will be much harder to avoid because these towers will be everywhere.

    The presence of radiofrequency radiation is an essential consideration in deploying 5G technology. The current wireless technologies of 2G, 3G and 4G technologies created health risks to humans, animals and the environment. Wireless company documents outline information that suggests that 5G will increase the levels of radiofrequency radiation. The World Health Organisation's International Agency for Research on Cancer categorised radiofrequency radiation is a possible carcinogen. Low-level exposure to radiofrequency radiation leads to a myriad of health effects including DNA single strand and double strand breaks, melatonin reduction and generation of stress proteins, all of which lead to cancer and diseases. 5G technology will lead to higher exposure to radiofrequency radiation which presents risks to both human and environmental health.

    Regarding human health, there is a concern that the radiation emitted from the small cells will have adverse effects on human skin. Human skin has been found, and it is likely that it will also soak up radiofrequency radiation. Inevitably, this will lead to cancer - furthermore, the sweat ducts located on the upper layer of the human skin act like antennas. Therefore, mortal bodies will become far more conducive to this radiation, increasing the risk of growing cancerous cells. High exposure of radiofrequency has an impact on motor skills, memory and attention. The effects of such high exposure are neuropsychiatric problems, genetic damage and elevated diabetes.

    More conclusive information on the harmful effects of the radiofrequency radiation on animals is available. The US National Toxicology Program carried out a study that found that exposing rats to radiofrequency radiation for nine hours in two years led to the development of heart and brain tumour, as well as DNA damage. Various studies carried out elsewhere in the world have indicated that the radiation damages eyes, immune system, elevated lymphoma, cell growth rate, lung and liver tumours, and bacterial resistance. 

    5G also harms the planet as it poses a severe threat to plant health. Exposure to radiofrequency radiation led to necrosis, which is the death of tissue cells. Exposure to such radiation could lead to the contamination of our food supply.

    5G deployment requires many temporary satellites that are propelled by hydrocarbon rocket engines. Such satellites emit black carbon into the atmosphere. Black carbon in the atmosphere will affect the distribution of the ozone, as well as the temperature. These rocket engines will also emit chlorine, which is known to be a chemical that destroys the ozone layer.

    5G may even threaten natural ecosystems. Radiofrequency radiation affects birds and bees' health. Radiation may ultimately lead to birds' death, and the egg laying abilities of bees are compromised.  

    5G technology also requires collocating the cells on other infrastructure. Small cell wireless facility development necessitates streamlined federal, state and local permitting rights of way, application timelines and other siting and application fees and application review timelines and appeal processes to make it economically feasible for wireless companies to deploy the technology across communities.

    Legal considerations for the use of 5G networks

    The legislative frameworks throughout the world were designed mainly to regulate human to human interactions and were not intended for machine to machine communications. The laws on telecommunications relate to privacy, roaming and other rules that were designed to protect interpersonal connections between humans. It is essential to compare the telecommunication laws in the United States of America, China and the EU to assess readiness for the deployment of 5G. These laws will be evaluated based on whether they mitigate the environmental and risks of 5G.

    The United States of America

    With the advent of 5G technology comes a need to reexamine the law and how it will need to adapt to 5G technology. The United States' Federal Communications Commission issued a 5G Technology Plan or the 5G Fast Plan which was aimed at achieving three main goals. These goals were, firstly the releasing of more spectrum into the marketplace; secondly modernising regulations and thirdly limiting the barriers to wireless infrastructure deployment.   The Federal Communications Commission's Spectrum Frontiers Orders has stated an intention to lay the groundwork for the use of 5G technology in the United States by 2020. In the United States federal law, the Repack Airwaves Yielding Better Access for Users of Modern Services Act a wide range measures to facilitate the use of 5G networks in the US has been approved by the US House of Representatives. There are two Acts drafted to streamline the auction and use of airwaves to send and receive 5G signals the Spectrum Deposits Act and the Mobile Now Act of 2016. The Spectrum Deposits Act allows the federal government to identify future spectrum for 5G use. The Spectrum Deposits Act also provides for the government to speed up the installation of 5G equipment on federal property.

    In the United States of America, 21 states have enacted small cell legislation. This legislation streamlines regulations to facilitate the deployment of 5G small cells. Each state considered its state and local environment before passing the legislation. The fundamental principles of the legislationis are streamlined applications to access public rights of way. This allows mobile network providers to place poles and facilities in public rights of way. The legislation places a cap on costs and fees. The small cells are to be attached to public structures. All states enacted must impose annual fees on new attachments to public structures. The legislation also regulates the streamlined timelines for the consideration and processing of cell siting applications.

    The United States Courts of Appeals decided to quash a motion to stay the Federal Communications Commission's revised rules relating to the rollout of small-cell 5G technologies. This decision allows for telecommunications companies to mount small cell 5G equipment on street lights. This decision goes against the need for community decision making relating to public safety and well being.

    The Secure 5G and Beyond Act was introduced by US senators which obliged to President to develop a security strategy for next-generation networks. The Act, however, prevents the President from nationalising 5G networks. The Bill advocates for a National Telecommunications and Information Administration to ensure that the advantages of 5G are harnessed in a way that minimises the risks of using the 5G networks. The Bill also tasks the President with providing that foreign allies maximise the security of their telecommunications networks and software.

    The Federal Communications Commission is in the process of assigning additional high band spectrum, mid-band spectrum, low band spectrum and unlicensed spectrum. Assigning these spectrum bands will allow for an increase in low latency data traffic. This allocation will be beneficial to the Internet of Things (IoT) devices. 

    The US government is keen to foster the development and advancement of the IoT. The National Telecommunications and Information Administration's Internet Policy Task Force has reviewed the benefits, challenges and potential role of the government accordingly.

    The European Union

    According to the European Commission's Digital Agenda for Europe targets, at least one major city in every Member State of the European Union should have a commercial 5G network by 2020.

    The Council of the European Union met in Brussels in December 2018 to reach an agreement on the European Electronic Communications Code. The code encourages spectrum allocations across the European Union. A minimum license lasts for 15 years, but it can be extended quite easily for another five years. The code includes an outline for the renewal, transfer, sharing and lease of spectrum rights processes. The code obliges for 5G spectrum bands to be assigned by the 31 of December 2020.

    Like the United States, operators and mobile service providers are granted a right of way on public infrastructure. But unlike in the United States, it is not necessary for the mobile services providers to be subject to prior permits, fees or charges.

    The European Communications Code has been criticised as failing to pre-empt some of the long term challenges of the European telecommunications sector. This lack of foresight could mean hindering the deploying 5G networks in Europe. The Code has been said to be unclear as it involves complexities that confuse electronic communications service providers and machine to machine service providers.

    The European Communications Code is said to be fragmented because of the level of 5G service regulation in Europe will differ from state to state. The Code does not include measures to promote the harmonised availability of 5G across EU member states. As stated before, the deployment of 5G services requires new frequency bands. New frequency bands are possible when a copious amount of small cells is deployed because higher frequencies have a shorter transmission range. Previous regulations were primarily focused on more massive high power macrocells. These regulations are not appropriate in the case of networks using these smaller cells.  Some European countries such as Italy and Greece have failed to create legislation that is welcoming to 5G technology because of the ineffectiveness of law-making bodies as well as the burden of government regulation. Luxembourg, on the other hand, can make the required regulatory interventions as a result of the effectiveness of the law-making bodies and the law relating to ICT.  Switzerland is a non-EU country but stands in better stead than EU nations to issue effective regulations and policy in the realm of 5G technology. The Netherlands, Norway and the United Kingdom are EU member states that have powerful law-making capabilities that enable them to harness the advantages of 5G technology.

    The Code does indeed create a more efficient and flexible framework for the introduction of 5G technology. The drawback is that the code will only be implemented in 2020, but by then the deployment of 5G technologies would already have been implemented.

    The People's Republic of China

    The Chinese government has keenly promoted the development of 5G technology and the IoT. The Chinese government has developed many laws and regulations including legislation on information security, intellectual property rights and data protection.  Unfortunately, China does not have a comprehensive regime for the introduction of 5G technology and IoT.  The Ministry of Industry and Information Technology (MIIT) of China has been driving the implementation of 5G technology. The Ministry of Industry and Information Technology is tasked with issuing licenses to mobile networks to deploy 5G hardware and software.

    China would have been an ideal country for supplying the United States, Japan and Australia with the hardware needed for 5G mobile networks. The National Intelligence Law of 2017 and the Counter Espionage Law of 2014 enacted in China state that Huawei, a company with its parent plant in China, would be obliged to provide the Chinese government with any information it requires. Article 7 fo the National Intelligence Law states that any organisation or citizen must cooperate with the state intelligence authorities in terms of the law". The Counter Espionage law states that "when the state security organ investigates and understands the situation of espionage and collects relevant evidence, the relevant organisations and individuals shall provide it truthfully and may not refuse". Huawei was otherwise poised to become the core backbone of 5G infrastructure in advanced western liberal democracies.

    Regulating Environmental Impact

    Although China and the United States, as well as the European Union, have created a legal landscape to support the introduction of 5G technology. It is however interesting that neither of these countries has enacted or proposed legislation that regulates the environmental harm and the adverse effects on humans.

    The European Commission has absolved itself of responsibility for any potentially harmful effects of radiofrequency radiation. The Treaty on the Functioning of the European Union states that the primary responsibility for protecting the public from potentially adverse effects of such radiation remains with the Member States. The regulation of the environmental impact will undoubtedly be varied amongst the Member States.

    In Brussels, plans for a pilot project to provide high speed 5G wireless internet in Brussels were stopped. The halt is because it is not possible to estimate the radiation from the antennas of the small service required for 5G service. In the Netherlands, political parties were anxious to know what the potential dangers if the small cells were installed on a large scale. The Netherlands Parliament, therefore, urged the Health Council of the Netherlands to carry out an independent investigation into 5G radiation. In Germany, a petition with 56 643 signatures requested that the German Parliament suspended the procedure to award 5G frequencies because of doubts as to the safety of this technology.

    There is an International Appeal to Stop 5G on Earth and In Space addressed to the United Nations, the European Union, the Council of Europe and the World Health Organisation with 63 379 signatories from at least 168 counties as of March 29 2019.

    In the United States, more than two hundred and forty scientists and doctors originating from 41 different member states have appealed to the United Nations calling for urgent action to reduce exposure to radiofrequency radiation. This appeal has clout as these scientists and doctors have all published peer-reviewed journal articles on electromagnetic radiation or 5G health dangers. These academics also sent a letter to the Federal Communication Commission asking for a moratorium of 5G technology deployment because of the potential impact on human health and the environment.

    It is questionable whether citizens of the affected future smart cities can challenge the introduction of 5G technology on the basis that it is a hazard to human and environmental health. Section 704 of the Telecommunications Act of 1996 stops state and local government from considering the potentially harmful environmental effects of cell tower radiation if the radiation does not exceed FCC limits. It is clear that 5G radiation exceeds these FCC limits, but rulings of the courts on this section has shown that the court prefers to interpret such a provision in favour of the mobile service network  

    Recommendations

    Scientists have cautioned that before deploying 5G technology, the effects of this technology on human health must be studied. Parliaments of the developed countries should draft legislation to mitigate the impact of 5G technology. 

    Conclusion

    The United States and the European Union have regulated the deployment of 5G technology through legislation, and China has done so through the Ministry of Industry and Information Technology. Neither the United States, the European Union and China have tried to lessen the potential environmental and health impact of 5G technologies. It is likely that environmental laws will be enacted in reaction to such effects when the full ramifications of the using 5G technology are known.

     

    ]]>
    Sat, 31 Aug 2019 01:52:00 GMT
    <![CDATA[Domain Name Protection in UAE]]> Domain Name Protection in UAE

    Nowadays, all kinds of information can be found on the internet. As a result, Governments, companies, organizations and individuals use websites to provide information online. These websites are domain names used in URLs, for example in the URL https://www.stalawfirm.com/en.html; the domain name is stalalawfirm.com. A domain in simple language is a field of thought, interest, or activity, over which someone has control, rights or influence.

    On the internet, a domain is a set of addresses that shows the category or geographical area to which an internet address belongs to. In short, domain names are used to represent particular IP addresses. Since the internet consists of IP addresses and not domain names, a Domain Name System Server is used by every Web Server to translate the domain names into IP addresses.

    Top Level Domains ("TLDs") are depicted as the suffix in a domain name and identifies something about the domain name such as the purpose, the organization to which it belongs to or the geographical area of its origin. They are a limited number of Top-Level Domains.

    Suffix

    Organization/Purpose

    .org

    Organizations (non-profit)

    .gov

    Governmental Agencies

    .mil

    Military

    .com

    Commercial Business

    .net

    Network Organizations

    .edu

    Educational Institutions

     

     

     

     

     

     

     

     

     

    Country Specific TLDs

    Suffix

    Country

    .in

    India

    .ae

    UAE

    .ca

    Canada

    .th

    Thailand

     

     

     

     

     

     

     

    • Need for Domain Name Protection

    Principles similar to trademark infringement apply to domain name protection. Third parties, which are unrelated to the website owner, could create and register a domain name which is identical or like either the domain name or trademark of another party. These activities are commonly called as "cyber-squatting".

    Along with cyber-squatting, websites also run the risk of phishing, where fake websites are created like legitimate websites and are used to deceive customers into disclosing personal data. These fake websites often incorporate the trademarks belonging to the right website as well as the information provided in these websites, making the fake website appear genuine and confusingly like the legitimate one.

    • Domain Name in UAE and its Protection

    With the rapid growth of E-commerce in UAE and the other GCC countries, legislation has been put into place to ensure its protection. In the UAE, Internet Domain names fall under the authority of the ae Domain Administration with the Telecommunications Regulatory Authority. Enabled in 2007, ae Domain Administration:

    • Acts as the Registry Operator
    • Establishes and enforces policies for the regulation of the ae Domain
    • Facilitates dispute settlement about the domain names

    Brief History

    The ae Domain was initially under the UUNET and was later re-delegated to Etisalat in 1995 following a brief period of administration by the United Arab Emirates University. However, in 2006, the administration was transferred to the Telecommunications Regulatory Authority.

    Domain name registration in Dubai is permitted at the second or third level based on specific category labels. At present, only Dubai companies can use the.co.ae domain name for their websites.

    • Domain Name Licensing

    It is important to note that there are no proprietary rights about domain names in the UAE. Companies in Dubai and other emirates, to use the .ae domain name, are required to obtain a domain name license. Since companies cannot own a name, they are required to apply for a special permit which is granted based on certain conditions and for a specific period. The terms and conditions of the license are contained in several documents such as the domain name registration application, domain name license, applicant's agreement to use the .ae domain, and the policy by the ae administration. Additionally, companies in Dubai applying for a domain name reservation should also fulfil certain criteria of eligibility.

    Domain Name Licensing Zones

    There are two zones about the licensing requirements:

    Unrestricted Zone:

    Residing in an unrestricted zone, Unrestricted Domain Names may be registered by any Applicant and may be available through all Accredited Registrars.

    Restricted Zone:

    Located in the RESTRICTED Zone, the domain must meet the following eligibility criteria described in S11 to 16 of the Domain Name Policy.

    Eligibility Criteria

    The registrant must meet the following criteria, depending upon the suffix chosen, for registering Domain Names under 3LDS:

    • Commercial Entities/ Information Technology Service Providers

    For registering 3LDs ending with Suffix ". co.ae" and ".net.ae," the Registrant must either possess a valid UAE trade license, be a commercial entity licensed within the UAE free-zones, or an applicant or registered holder of a trademark in the UAE.

    • Not for Profit Organizations/ Schools and Academic Organizations

    3LDs with the Suffix "org.ae", "sch.ae" and "ac.ae":

    The Organization must ensure that the Administrative Contact is an employee or officer of the requesting organization and shall certify through the acceptance of the Registrant Agreement, that they have delegated authority to Register a Domain Name on behalf of that organization; and

    provide a copy of their Certificate of Registration or a letter to this effect from the competent authorities of the UAE (Ministry of Education in the case of "sch.ae" and Ministry of Higher Education and Scientific Research for "ac.ae")

    Domain Names

    For registering the Domain Names ending with (.co.ae), (.net.ae), (org.ae), (sch.ae) and (ac.ae) as suffixes the Domain Name  applied must be an exact match, acronym, abbreviation or closely connected to name, trading name or trademark of a company, organization or association to which the Registrant belongs to or controls.

    • Government Departments and Ministries of the UAE

    3LDs with the Suffix "gov.ae":

    A registrant must be a Government Entity in the UAE.

    The domain name can only be used for the official business of the organization.

    The Applicant must state in the application the purpose of the website associated with the specific Domain Name in respect of which the Domain Name License is sought. The Domain Name must be used specifically and exclusively for this purpose during the validity of the License period.

    The Administrative Contact must be an employee and shall certify through the execution of the Registrant Agreement that they have delegated to Register a Domain Name on behalf of the Registrant. The Applicants will also provide a Letter of Authorization from the relevant Minister or officer, authorizing such registration.

    • Military Authorities

    3LDs with the Suffix "mil.ae":

    The Applicant must be an organisation established in the UAE under the relevant laws and legislation as a military organization.

    Must be used only for the official business of the organisation, and specifically and exclusively for the stated purpose for the duration of the Domain Name License Period.

    The Administrative Contact must be an employee and shall certify through the execution of the Registrant Agreement that they have delegated to Register a Domain Name on behalf of the Registrant. The Applicants will also provide a Letter of Authorization from the relevant Minister or officer, authorizing such registration.

    • Settlement of Disputes

    The United Arab Emirates Network Information Center (UAEnic) is a registrar for registering Domain Names under .ae (Top Level Domain). It is also LIR (the Local Internet Registry) that assigns IP addresses to the Local Internet Community.

    The UAE Domain Name Dispute Resolution Policy and related Rules provides for the grounds and mechanism of resolving disputes that arise relating to domain names.

    Grounds

    Any person or entity may initiate administrative proceedings against the Registrant of a Domain Name on the following properties:

  • The Domain Name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; or
  • Th respondent (that is the Registrant) should be considered as having no rights or legitimate interests in respect of the Domain Name in question; or
  • Domain Name(s) should be deemed to have been Registered or being used in bad faith.
  • The complaint can relate to more than one Domain registered under the same Registrar.

    • Dispute Resolution Mechanism

    Complaint- The complaint and all annexes are to be submitted in the electronic form with the concluding statement and other statements, requests, and specifications as provided in the rules.

    Administrative Compliance- On the receipt of the complaint, the Provider will first check for administrative compliance and when satisfied shall send the same with the annexes electronically and a written notice with the required documents to the Respondent. Where the Provider finds a regulatory deficiency, the Complainant shall correct such deficiency within five calendar days, failing which the complaint shall be presumed to have been withdrawn. The date of commencement of proceedings shall be the day the Provider completes all his responsibilities under S. 2(a).

    Response- Within 20 days from the commencement of the proceedings, the Respondent shall send his response to the complaint electronically with the same elements as the complaint along with his grounds and reasons as to why the Respondent should retain registration or use of the domain name.

    Panel- The parties can elect whether to have a single or three-member panel and specify the name and details of their candidates in the complaint/response. Where the parties have not specified any candidate, the provider shall make the election himself. After the Panel has been appointed, the Provider shall notify the parties about the appointment and the date by which the Panel shall forward its decision on the complaint. The decision in case of a three-member panel shall be based on the majority.

    Language- Unless otherwise agreed by the parties, the language of the proceedings shall be in English, and the panel may order the translation of any documentary evidence in other languages to be translated wholly or partly into the language of the proceedings.

    Settlement/Termination – The Panel shall terminate the proceedings where the parties before the conclusion of the proceedings come to a settlement or the Panel feels that the procedures have become unnecessary or impossible.

    • Analysis of Cases Referred to WIPO Arbitration and Mediation Centre

    CASE 1: Zalatimo Brothers for Sweets (Ahmed Zalatimo Company and partners) v. Jebril Hasan Abumarouf, Mix Zalatimo Sweets L.L.C, Case No. DAE2017-0008

    Facts:

    The Complainant (Zalatimo Brothers for Sweets) is a manufacturer of sweets in Jordan and has registered ZALATIMO BROTHERS FOR SWEETS as a trademark on October 8, 2000, with registration number 34331 in numerous parts of the world apart from Jordan, including UAE.

    The Complainant also has had a registered domain name <zalatimo.com> since June 8, 1998.

    The Respondent had registered a domain name <zalatimoh.ae>, which according to the Complainant, displayed a website logo similar to Complainant's logo to sell sweets.

    The Complainant, as a result, filed a complaint with the WIPO Arbitration and Mediation Center on December 11, 2017.

    • FINDINGS OF THE COURT:

    According to the Court, the Complainant satisfied the conditions of S.6 (a) (i), (ii) and (iii) of the Policy due to the following reasons:

  • Confusingly Similar or Identical
  • The Complainant had established its ownership of the trademark Zalatimo Brothers for Sweets. Though the trademark is covered for the whole of Zalatimo Brothers for Sweets and not "zaltimo" alone, the Panel was convinced the word "zaltimo" is the key and distinguishing component of the complainant's trademark. The mere presence of "h" added to the disputed domain, does not distinguish it from the original trademark or eliminate the confusion caused.  Besides the country code Top-Level Domain ("ccTLD") ".ae" is typically ignored when assessing the confusing similarity between two disputed domains as established in prior .ae decisions. Consequently, the Panel found the disputed domain name too similar, creating confusion with the domain name of the Complainant.

  • Rights or Legitimate Interest
  • The Complainant proved that:

  • the Respondent had no legitimate interest or right in the disputed domain; and
  • the Complainant hadn't authorised the Respondent to use its trademark as part of the disputed domain name.
  • Registered or being used in bad faith
  • Several pieces of evidence point out that the Respondent was fully aware of the Complainant and its trademark when it registered the disputed domain name and had been using the Complainant's trademark in bad faith. The facts indicating bad faith were:

    • That the trademark for Zaltimo Brothers for Sweets was a well-known trademark.
    • That the Respondent was using the trademark for the same purpose, that is sweets.
    • That the Respondent imitated the logo of the Complainant's trademark, thereby trying to create confusion in the mind of customers to steal the Complainant's clientele.

     

    ]]>
    Wed, 12 Jun 2019 01:34:00 GMT
    <![CDATA[Dubai Electronic Transactions and Commerce Law]]> Dubai Electronic Transactions Statute

    Introduction

    Dubai is a city that is globally known for its high living standard for those who reside therein, but also its flashy and highly impressive locations and attractions. It is a popular tourist destination which hosts millions of foreign visitors every year. The numbers have grown dramatically throughout the years, with there being around 14 million overnight visitors in 2017, and the first half of the year seeing over 8 million alone.

    With this level of visitation that occurs regularly, there is a considerable amount of money being spent in the country on all types of products from the ultimate luxuries to the most ordinary of goods and services.

    However, it is turning into an ever greater norm than ever around the world for transactions to be completed online. There are many ways in which this occurs, including through the use of credit and debit cards all the way to entirely online transactions which then get delivered to chosen locations.

    Times have changed, and while there was once universal distrust of performing online transactions, the changes that have arrived have made all processes far more secure. One of the reasons for the shift we see in confidence is the rise in regulations which provide people with confidence. There must be constant tracking and records made around all transactions so that a traceable path exists.

    Beyond this element, great strides have also arisen on the part of the consumers specifically surrounding payment methods and online security. With the world making ever greater shifts towards integrating technology, there have appeared numerous improvements. Online payment methods such as credit cards are far more trustworthy now than ever, and other methods such as PayPal are generally very secure. Up and coming concepts such as cryptocurrencies have the potential to propel this even further.

    This trend is expected to continue, and change may arrive even faster with the younger generations growing up with these technologies. The laws on the matter are of greater importance every day and already prominent in many jurisdictions globally, and this certainly includes the UAE.

    The UAE has had more reason than many to adapt and adopt the change quickly. They introduced their regulation, the Electronic Transactions and Commerce Law Number 2 of 2002 (Dubai Electronic Transaction Statute or DETS), which arrived during a booming time in the nation's growth. This regulation will receive further discussion and analysis here along with any other issues or related side topics.

    Electronic Transactions and Commerce Law

    There are a few highly notable aspects of this law which demand consideration. These are as follows:

  • Requirements for and the processes of electronic transactions;
  • Issues and conditions surrounding writings and signatures in electronic transactions;
  • The matter of communication in electronic transactions. Secure methods must exist, and their forgery requires prevention;
  • There must be rules in place to identify and authorise electronic transactions;
  • The evidence is a hugely important area to consider. Not only does it make any further processes easier to handle in the case something goes awry, but it also ensures that consumer confidence significantly improves;
  • There are also penalties in place for breaking these laws.
  • With these elements considered and put down as legislation, confidence rises. Now, these elements will undergo further analysis and the stance of the law for each shall be provided.

    Electronic Transaction and Communications Requirements

    This concept is covered under Chapter three of the DETS and sets out the basics of what is required for an electronic transaction to be legally binding. To begin with, some of the most basic and critical aspects of a contract are that of offer and acceptance. These are among the most critical areas that require fulfilment before a deal comes into existence.

    Article 13 (1) states that it is possible that the offer and acceptance stages of a contract may, in part or as a whole, occur through online means of communication. This confirmation is a crucial one, as the offer and acceptance stages are known across the majority of global jurisdictions to be of primary importance and are required to form legally binding agreements.

    Article 13 (2) continues by stating that a case shall not be dismissed on the sole basis that its completion occurred through electronic means of communication. These two points are present in almost every online or electronic transaction, and thus this law confirms that they are permitted.

    In terms of communication through electronic means, Chapter two, Article 7 states that electrical communications cannot be rejected merely because they are electrical in form. Beyond this, Article 7 (2) clarifies that information requires no specific mention within the communication. Instead, what is referred to should at the minimum be obtainable and clear in what it is regarding and relating to and should not be confusing on this front.

    On top of this, it is highly essential to keep a record of all present documents. Article 8 states that electronic records are to be retained in their initial format of production rather than any other form. Further to this, it should be kept in a place and manner that is accessible for future reference.

    Presentation of Electronic Evidence

    Federal Law Number 1/2006 concerning Electronic Commerce and Transactions

    While the matter of electronic evidence receives coverage within this regulation, it is not the main rule. Law Number 1 of 2006 covers electronic transactions and commerce, while taking a further dive into evidence and its admissibility in a court.

    This law also considers the overall UAE legal stance on the matter as the previously discussed law primarily concerns the Emirate of Dubai.

    An example of a court case relating to electronic evidence is the Dubai Court of Cassation, 277/2009, in which it was confirmed that emails have legal force, and other forms of electronic communications are also applicable. It is the obligation of those involved to ensure reliable records and communication standards are kept.

    All in all, the Federal law is very similar to the Dubai law that was released five years prior, though it covers a broader jurisdiction and goes into greater depth on the matters of electronic evidence and signatures. In the modern world, it is something of a requirement that electronic signatures and evidence be handled severely and get taken into consideration appropriately. Article 18 of the Federal Law Number 1 of 2006 concerns Electronic Signatures and Electronic Certificate Attestation. In both of these cases, they are acceptable in a court of law as evidence so long as (as stated under subsection 1) reliance upon them would be a reliable path to take. As such, if it is clear that the electronic signatures or attestation were a requirement and crucial aspect of an agreement, it would likely be accepted. However, on this matter, it is essential to clarify precisely what the reliable occasions of reliance would be. Article 18 (3) covers just this. Some of these crucial points are as follows:

  • The signature must have been initially intended to support the matter at hand;
  • The party relying on the signature must have taken the appropriate steps to ensure it meets the standards of reliability;
  • The matter of any (reasonably assumed on the part of the relying party) compromises or revocations of the signed documents;
  • Any other relevant factors that the court may find of importance.
  • On top of this, foreign certificates and signatures also require consideration, as the international business nature of the UAE would suggest that numerous electronic documents and signatures arise in the country regularly.

    Dubai Court of Cassation 35, 2008, is another case in which solidifies the idea. The idea is that electronic records and documents will hold the same legal probative as physical evidence of the like.

    Article 23 of the Federal Law discusses just this and states that these signatures and certificates are acceptable within the UAE jurisdiction. Section 23 (1) says that no consideration is required on the part of the jurisdiction and the only element to consider is the validity. Subsection 2 specifies this by stating that the most critical aspect to consider is the validity and reliability of certificates and signatures.

    Penalties

    Signatures and certificates are significant in whatever form they are available. They often hold important purposes and may carry weight in litigation, and therefore severe penalties are required to ensure compliance.

    Chapter 7 of the Dubai Law covers penalties, and Article 29, which concerns fraudulent certificates states that any production or publication of such a document is strictly prohibited. Further, the Article specifies that a penalty of imprisonment or up to AED 250,000 fine may apply.

    Article 32 states that anything that would be considered a crime under UAE law would also be considered a crime if committed electronically. Overall, the penalties are confinements of up to six months and AED 100,000 of fines, and if the offence has greater punishments as per different law, they may apply here.

    Any tools utilised in the production of these illegal electronic certificates will be confiscated as per Article 34 of the law.

     

      ]]>
    Mon, 27 May 2019 12:43:00 GMT
    <![CDATA[Citizenship for Robots]]> Should Robots be Granted Citizenship?

    It's 2019 and with the world progressively stepping towards technological advancement, active presence of machines is no surprise. Within considerable amount of time, artificial intelligence has taken over the world with its ideas and promises. Human beings are doing everything possible to ease out their work and life, and development of robots is one such example. This article talks about the initiation of robotics, the acknowledgment of their existence, the curses and boons associated, and deeply analyses whether robots should be granted citizenship or not. With Saudi Arabia granting citizenship to a robot, being the talk of the hour, it is impeditive that the constitutionality and other aspects surrounding it be discussed. The article initiates by providing the reader with a brief discussion upon what constitutes a robot; the requirements for acquiring a citizenship; followed by a brief discussion on worldwide view of the same, making a comparative analysis. It further helps the reader understand the advantages and disadvantages of granting a citizenship to a robot and finally concludes by providing a critical opinion of the same.

    Robot and Citizenship – An understanding.

    A robot is a machine, programmable by a computer capable of carrying out a complex series of actions automatically. They can be guided by an external control device or the control may be embedded within. They may be autonomous or semi-autonomous; humanoid, medical operating robots, nano robots, etc. Since they are programmed by computers and display a lifelike appearance or movement, they may convey by a sense of their own thought, or a sense of intelligence installed within.

    In a nation governed by rule of law, citizenship has a clearly defined meaning with rights and responsibilities relatively straightforwardly derivable from written legal documents using modern analytical logic. Clearly, the constitution of every country confers certain rights, privileges and liberties to its citizen(s). Amongst several such rights, is the right to 'live'. The view expressed by Field, J. in Munn v. Illinois in which it was held that the term 'life' (as appearing in the 5th and 14th amendments to the United States Constitution) means something more than 'mere animal existence'. It has also been stated that "Life is not mere living but living in health. Health is not the absence of illness but a glowing vitality the feeling of wholeness with a capacity for continuous intellectual and spiritual growth. Physical, social, spiritual and psychological well-being are intrinsically interwoven into the fabric of life. According to Indian philosophy, for instance 'that which is born must die'. Death is the only certain thing in life." (Source: Dr M. Indira and Dr Alka Dhal under the caption "Meaning of Life, Suffering and Death" as read in the International Conference on Health Policy, Ethics and Human Values held at New Delhi in 1986). 

    Clearly, robots are neither humans, nor animals, they are non-living objects. Did the framers of constitution envisage existence of robots in future? Speaking of Constitution and fundamental rights, we as humans, enjoy several rights such as right to education, right to marry, right to undertake business, etc. to name a few. How can a citizen being a robot enjoy these rights? If the principle of 'that which is born must die' relates to right to live, how can the same relate to a robot who could potentially live in perpetuity?   If a robot were to undertake certain business, what would be the validity of a non-disclosure agreement signed by such robot? How would one enforce the court award against the robot? Will robots undertaking business be subject to taxation? The first death by robot was recorded. What really happened thereafter? These basic questions do not have any answer, as yet. The trend is more towards brain inspired artificial intelligence being seen as one of the most exciting field in robotics.       Furthermore, in Saudi Arabia, citizenship having a real meaning, is yet different from the sort of meaning that is derivable from various historical Islamic writings (the Quran, the hadiths, etc.) based on deep contextual interpretation by modern and historical Islamic figures.  

    Furthermore, in Saudi Arabia, citizenship having a real meaning, is yet different from the sort of meaning that is derivable from various historical Islamic writings (the Quran, the hadiths, etc.) based on deep contextual interpretation by modern and historical Islamic figures.  

    The hurdles in between.

    From the abovementioned discussion, it can be said that for a robot to acquire citizenship, it must have an identity that can be considered as a citizen. Humans constitute all the ingredients of being a citizens, whereby they differentiate among themselves by way of their identity, which is derived by their face, voice, brainwaves, fingerprints, etc. which is entirely theirs. A robot is not born, it is created by way of science and technology. Even though a robot can derive its identity in similar ways, by their barcode number or unique skin mark, but this can not conclude their identity being solely restricted to one robot, since it would be an identity of a hardware and not a robot. And a hardware can at anytime be shifted from one robot to another. Henceforth creating a havoc and confusion while defining or describing the identity of the said robot.

    Artificial Intelligence is being considered by the judicial systems. It is being claimed that it is now possible using AI to make decisions on matters involving prosecution, term of prison sentence through evidence based analysis of risks. In other words, AI aims at minimizing factors such as emotional stability. If artificial intelligence can produce immaculate and flawless decisions with speed, one question that comes to mind is what happens if robots with AI are criminally prosecuted for crimes committed against the State? No, the author did not even for a moment think of any Hollywood or Bollywood movie! If such robots are able to complete tasks with such impeccable precision, is it not possible for robots to easily defend themselves against each and any claim? Bearing in mind that a robot is a citizen and further bearing in mind that a greater degree of blind trust is placed by us humans even on Google's search engine, we are after all dealing with a corporate entity. Robots as explained earlier, are citizens that are non-living objects.

    Technical advances sometimes outstrip the development of legal systems and often force basic principles to be reexamined. Is there a need to reconsider and develop our legal systems for robots and AI before it's too late?

    Having regard with the abovementioned observation, no jurisdiction in the world has ever granted citizenship to a robot, except for Saudi Arabia. But this is not the only reason that restricts robots acquiring citizenship in the rest of the world. Those are legal issues, political issues and/or human rights issues.

    Legal Perspective

    Another point of objection raised is regarding the identification and justification of the legal rights and liabilities that a robot would acquire and intake. A citizen, under every jurisdiction, generally, acquires certain legal rights and liabilities – constitutional, private, or property rights. For example, a right to vote, payment of taxes, criminal acts, or a right to sign an agreement, marry and so on. In the case of a robot it shall be very difficult to underline the rights and liabilities it incurs, since it has a created form and not born one. The questions that shall arise on deciding the legal liability or right of the robot, for example, for the purpose of this article, assuming that robot is a citizen robot able to vote, who shall make the decision of whom to vote – robot, or the manufacturer.   Similarly, if a criminal or a corporate liability is alleged on robot(s), for instance for breach on contract, resulting in fraud and cheating, invites such liabilities on robot. Here who shall be considered liable –  the robot or the manufacturer. Again, assuming, for the sake of this article, that robot is held liable for a criminal act and is punishable under the same, who shall decide the punishment or what kinds of punishments be given. Further, on being given the punishment, it doesn't assure the fact that the said crime shall not happen again, as it is the hardware created by the mind of manufacturer, who can create another bot with the same hardware. If the manufacturer is also held liable for the offences committed by the bot, the manufacturer can objectify the same by lifting the veil and arguing upon the bot being a totally different citizen. Question may also arise regarding the priority among the human in danger with that of a bot in danger.   Currently, the artificial intelligence (AI) community is still debating what principles should govern the design and use of AI, let alone what the laws should be. Therefore, it is highly arguable as to how the liabilities of a bot can be justified and what shall be the extent or the scope of the same, considering the current status of the legislature governing the Artificial Intelligence laws. The most recent list proposes 23 principles known as the Asilomar AI Principles. But a lot of work is yet to undertaken regarding the same and cannot be done by way of simple announcement.

    Humans or Robot(s)? – A societal concern.

    Considering another issue, how would it be defined as to what the moral and social rights of a bot are. For instance, speaking about relationships and reproduction, as a citizen, will the humanoid emotional robot, be allowed to "marry" or "breed" if Robot chooses to? If more robots join as citizens of the world, perhaps they too could claim their rights to self-replicate into other robots. These robots would also become citizens. With no resource constraints on how many children each of these robots could have, they could easily exceed the human population of a nation.

    This leads to another concern, and a particularly major one, which is whether such advancement and growing technological innovations would lead to a situation which might lead to the robot super-suppressing the presence of humans, thus affecting the human rights and questions the need of humans in this world.  Students from North Dacota State University have taken steps to create a robot that self-replicates using 3D printing technologies. If allowed, shall there be any harm to the humans – of course.

    Robots in trend. But Why?

    It's very simple!

    Such advancement ease ups the working of industries and factories, whereby already the machinery is replacing human beings, causing an increase in unemployment of humans. On being asked about this, one robot stated rather very impressively, that they intend to team up with the world, rather than taking it over. But how can one assure this statement, if they are given equal status with that of humans, but not similar accountability.

    The fact that it eases up the work and fundamentally helps reducing the crime rate, is not exhaustive. It also helps worldwide advancement and connection, and brings up the goodwill of the concerned association. It also helps in promotion, marketing and can be updated time to time which again helps in easing up the work of humans at an entirely different level.

    But these reasons may not be conclusively accepted towards granting citizenship rights and creating an entirely new league of species for the competition against human beings. Yes, there lies requirement of legalising and protecting the artificial intelligence and the creator of the same, but citizenship can not be the answer to the same. There also lies other alternatives that can be undertaken, such as legalising the robots, or enacting new legislations for their accountability and understanding.

    Author's perspective and Conclusion

    Per author's personal opinion, citizenship is a right that is of a very high stature and should be granted to those who can access such rights and dispose off such duties with a reasonable care thereupon. A robot is expected to perform activities equivalent to human beings, but one can not be certain that there lies complete accuracy and efficiency without any default. And for the reasons stated above, it can further be opined that such grant would lead to robots overtaking the human population and may result in possible hurdles to the human race, which at this stage may not be welcomed. Scissors over comb?

      ]]>
    Thu, 09 May 2019 05:24:00 GMT
    <![CDATA[A Guide to Information Security and Data Protection Laws in GCC Countries]]> A Guide to Information Security and Data Protection Laws in GCC Countries

    New challenges have arisen with the technological development along with the social and economic globalization.  It can be said that our entire personal data is being stored in the gadgets we use. Internet today has brought millions of unsecured computer networks into continuous communications with other networks. With the advent of information being stored electronically, more and more people use online banking and shopping services, social media, location-based services, mobile services for their everyday activities. This results in the collection of an enormous amount of digital trail of personal data of these users which are left all over the internet. The security of each computer's information depends upon the level of security of other computers connected to it.

    In the recent years, with the realization of the importance of Information Security to both national security and the corporate world, awareness of the necessity to improve Information Security has grown and is ever increasing.

    In this guide, we will address the following questions regarding Information Security:

  • What is Information Security?
  • Is there a need for Information Security?
  • What is the relevant legislation for information security in UAE and other GCC countries?
  • What are information security agreements/ clauses and what needs to be added to these clauses/agreements?
  • What is Information Security?

     In the earlier stages, information security was a simple process composed of predominantly physical security of documents and its classification.  The primary threat faced by companies were theft of equipment, product espionage of the systems and sabotage. One of the earlier documented cases of security problems occurred in early 1960, where the systems administrator was working on the Message of the Day and another administrator was editing the password file, when a software glitch mixed the two files, causing the entire password file to be printed in every output file.

    With the growing concern about States engaged information warfare and the possibility that business and personal information systems being threatened if left unprotected has made Information Security (InfoSec) emerge as a method to ensure the confidentiality of the available data and also the availability of technology enabling the delivery and processing of that data. In simple terms, it can be explained as the protection of information and systems from unauthorized access, disclosure, alteration, destruction or disruption.

    It can be said that the main objectives of information security are:

    • Confidentiality

    Which refers to the preventing unauthorized access or disclosure of information and providing its protection. Confidentiality means ensuring that the individuals authorized are able to access the information and those who are not authorized are prevented.

    • Integrity

    It is the protection of information from unauthorized alteration or destruction and ensuring that the information and its systems are uncorrupted, accurate, and complete.

    • Availability

    Means to ensure that the information is available in a timely manner and there is reliable access to and use of the information and the information systems, at the same time, protect the information and information systems from unauthorized disruption

    Why do we need information security?

    A fundamental aspect for the success of our economy and society is data, and the protection of the same from cybercriminals has become the need of the hour in today's cyber world.

    Advanced Persistent Threat (ADT) is a well-resourced systematic attack perpetrated by competing states and cyber criminals who aim at state secrets, corporate espionage, and theft of sensitive data.  ADT has added to the breaches of millions of the individual personal, health and financial information, making it essential for institutions that collect and use personal data to develop and sustain a comprehensive security system in order to protect itself against such attacks.

    For the security of individuals and the survival of enterprises, it is paramount to secure information resources and protect personal information from being exposed to groups or individuals with malicious intentions. While businesses struggle to survive amidst these critical issues surrounding information security and the increased risk of serious data breaches, governments are also changing their data protection laws so as to adapt and secure itself against these new risks that arise every day.

    When companies entrust business partners and vendors with the company's confidential information, the company is also entrusting them with all control of the security measures for the company's data. Such a trust cannot be blind.

    Examples of InfoSec Breaches:

    • British Airway's Customer Data Hack 2018

    The British Airways recently announced that over 380,000 payment card details and personal data of customers were compromised following a 15-day hack attack from 21st of August 2018 to 5th September 2018 and warning the customers to contact their banks immediately in order to secure the same.

    • The Bank Heist of 2013

    In 2013, the world witnessed one of the biggest bank heists of the century. A team of cybercriminals stole $45 Million (AED 165 Million) from RAKBANK and Bank of Muscat by accessing the computers of their credit card processors. Once they gained access, they increased the available balance and withdrawal limits on prepaid MasterCards issued by the banks. They then distributed these counterfeit cards to "cashers" around the world enabling them to siphon millions of dollars from ATMs. This included over 36,000 transactions which were committed in a matter of 10 hours. 

    • Cryptowall Ransomeware Case

    Cryptowall is a file-encrypting ransomware program which was used by its creators to make over $1 million by infecting over 600,000 computer systems in 2014. Once gaining access into the computers, they encrypted the sensitive information files which were only decrypted when the owners paid the ransom. Even though Cryptowall had been spreading since 2013, it had been overshadowed by Cryptolocker, which is another ransomware program. When the threat of Cryptolocker was mitigated, the makers of Cryptowall stole the data by accessing computers through various tactics including spam emails with malicious links and attachments, drive-by-download attack for infected sites with exploit kits and through installation through other malware programs already installed and running on compromised computers.

    To read this Guide further, please click here

     

    ]]>
    Thu, 11 Apr 2019 02:08:00 GMT
    <![CDATA[Decentralized Autonomous Organisation]]> Decentralized Autonomous Organisation

    The promising era of Economic Freedom

    A decentralized autonomous organization (the DAO) is a computer program which is a form of an investor directed venture capital fund.

    The primary objective of the DAO was to provide a new decentralized business model which could help in the operations of both commercials as well as non- profit making organizations. In the year 2016, the crowdfunding of DAO further went on to create history as the most massive crowdfunded campaign. The main plan behind this concept was to put more control in the hands of the investors and to strike off the idea of having a centralized authority, which proved itself to be a more economical method. The DAO further came to be known for establishing itself as the most successful and dynamic concept to be implemented through the Blockchain technology. A blockchain is a decentralized,  digital ledger accessible by the public through which various transactions taking place through multiple computers can be recorded. It ensures that the said record cannot be altered with and also allows its participants to check and audit the transactions taking place in a very transparent, cost-effective and straightforward manner.

    It took birth at the beginning of May 2016, when a few members of the Ethereum community disclosed their creation of the DAO. The DAO during its creation period allowed anyone to send Ether to a unique wallet address in exchange for DAO tokens on a 1–100 scale. Ether is a cryptocurrency which has its blockchain generated by the Ethereum platform.  This period of its creation turned out to be of great success, and it gathered 12.7M Ether (worth around $150M at the time), which now made it the biggest crowdfund ever. There came a point when Ether was trading at $20, the total Ether from The DAO was worth over $250 million.

    It opened the doors and gave the opportunity to anyone who has a project and wanted to display their idea before the community, and in return receive funding towards the same from the DAO. It enabled anyone with a DAO token to cast their vote towards a plan and make a profit if the said plan turned out to be a success. The DAO was proving to be a platform that issued funds in Ether to projects, whereas the investors received voting right with the possession of a digital voting token. It was a successful platform wherein contractors with the project could submit their ideas and plans, which would further be verified and checked by a team of volunteers called the curators. Post scrutinising the details such as identity of the people putting forward their ideas and projects and post having a check on the legality of the said project and idea, the said project was put forward for the investors to vote post which on the success of the project the profits from the investment was then reverted to the shareholders.

    The DAO at no point of time was in possession of the money of their investors, but in fact, it was only through the digital voting tokens that the investors could cast their votes towards a project.

    The fact cannot be ruled out that the concept of the DAO was unique and is the need of the hour in shaping a modern-day organizational structure. This concept gives an opportunity for every individual to display their ideas and also provides the power to the investors to take productive decisions with regards to the same overruling the concept of a monotonous Hierarchy system.

    Furthermore as putting up ideas as well as investing in them requires the investor to spend a certain amount of money, the same now helps in taking a faster decision and in overlooking unproductive ideas at a quicker speed. Further, all the rules to the said concept are laid down to everyone taking part, and everyone herein decides how to spend their money at the same time have easy access towards tracking their finances and also keep a check on how it is spent.

    The Attack that changed it all

    The DAO was proving itself to be a major success until the 17th of June 2016, the day it was attacked by a hacker which resulted in the discovery of a combination of vulnerabilities which included the feature of recursive calls( when a routine dials itself both, directly and indirectly, it is said to be making a recursive call). Soon it was discovered that the hacker had taken control of 3.6 million Either, which was about one-third of the total Either that was committed to the DAO. The Ethereum blockchain was not found to be the cause of the said hack but was an intelligent hacker who had discovered a vulnerability in the said system, which would not have been the case if the coding of the DAO was done rightly.

    The hack of the DAO was a major eye-opener. Having touched the numbers, the DAO had accomplished, despite its failure, it still holds a mark for the accomplishment it had reached. It wouldn't be wrong to say that in an industry with young procedures and developing tools, this was a project which had an early launch for a concept of its magnitude.

    Further having various security checks or test would not make a difference as even though the team, as well as the community, was well acquainted with the resolution of problems about areas such as the Call Stack Depth attack, unbound loops, and various specific vectors. The re-entry attack was something that left everyone unaware during the time the writing of the DAO framework.

    It is still not known whether the said attacker belonged to a particular group or was a single individual, who cleverly made us of the inbuilt split to transfer money into another wallet. The original function of the said split was to allow the investor to withdraw the Either and further to return the token if anyone desired to leave from the DAO. It was, in fact, this function that proved to be a setback for the DAO as it was through this function that the hacker had discovered a vulnerability which was, in fact, an error, and now started repeatedly calling the said split function and each time called a new request before the end of the previous one. It was because of this error that the system could not read the fact that the transaction had already been completed during the last split function. The hacker severely abused the said error and in no time was found to have withdrawn Either running to a sum of US $ 50mn. It caused a significant setback and had created a state of paralysis for the Ethereum community and had brought a massive breakdown in the value of the digital currency. 

    Finding the plan to recovery

    At this time of crises, there were various ideas which were now discussed by the members of the community towards damage control, out of which one was to freeze the money before the hacker could withdraw the said stolen money. The execution of this action would have now enabled the community to take control of the stolen Ether and further direct the same towards the accounts of their rightful owners.  The said idea did receive massive support but was not implemented as the same was found to be associated with having a risk towards market securities.

    The optional ideas that were proposed to take control of the said situation were to conduct a hard fork. By using this method, all the finances would be transferred into a new contract post which the original holders would be able to access the said contract and exchange their DAO token for Ether at a rate which was decided before the announced plan.  After a series of discussion and after taking into consideration various options, it was the Hard Fork method which came to be determined as a weapon to resist the damage that had been incurred due to the said act. The said plan was now implemented before the hacker could withdraw all the ETH from the " DarkDAO." As a result of this, all the funds were soon transferred to the withdrawal contract, and the original owners were now accessing the same to withdraw their Ether.

    Lesson Learnt?

    The said attack was devastating, but it surely taught a lesson that even though the system is stable, the human being remains its most significant challenge and weakness.  Even though the said contract was programmed with precision, it still contained certain loopholes which enabled a hacker to enter into the said system and create a heist. It is a matter of great appreciation that in the situation of crises the community proved their ability to handle the said situation and take control of the same. In spite of the said crises and panicked situation, the community remained calm and analyzed the pros and cons of all the situations, and damage control techniques within a very short period, and further went on to succeed in the step chosen and taking control of the situation.

    Further in an environment where the code is the basis of all functionality, the same needs to be of good quality, reviewed and also developed. Further, the responsibility of code quality in a blockchain should be taken by the entire community. Especially in the case of DAOs, it is the view of many stakeholders in the community that like a contract is read before investing money, in the same manner, all investors should also review the code, and its risk should be assessed. In the short term, it will be interesting to see how the community will be able to adjust to this situation by motivating users who have not yet triggered the exchange of their DAO tokens to do so.

     

    ]]>
    Wed, 12 Dec 2018 07:21:00 GMT
    <![CDATA[The Law, the iPhone and Facial Recognition - Part II]]> eye-Phone: Legal Issues about Apple's New Facial Recognition  Feature – Part II

    The ever-changing technology the law is always trying to keep up its pace as now the interaction of law and technology is more critical than ever. The ungoverned technology is a danger to the society if drones are flying over a city that is a problem unlike the cars on the streets in 1916. It is essential that we protect our community, privacy, money, and safety from the potential harm of new technologies and to achieve this we will need new laws that would protect us the way we are under the protection of nuclear bombs. Concerning the previous article, this article will look into the legalities surrounding facial recognition feature with supporting the legislation.

    The face detection technology by Apple is made with higher sophistication as it uses dual cameras and captures depth by an array of projected infrared dots. However, when Samsung released Galaxy S8 in March 2017 with a facial recognition system that was a major selling point. But the system failed when the scan got a spoof by holding an image of the person's face in front of their phone.

    Privacy Issues

    One primary user privacy concern attached to using Face ID on iPhone X is that during police detention will they be able to access your phone easily? By just holding the phone up to your face the police will have access to all your private information. However, Apple argues that it does not work with the user's eyes closed. But the speed of the process is so quick that as soon as the user opens their eyes, Face ID scans successfully despite the camera being off-axis to the user's face. Therefore, unwilling login access to iPhone X remains questionable until it releases in the market. But the good part is that similar to the Touch ID; you can also opt out of Face ID option to avoid privacy concerns.

    As with most technological advancements, there is a process of trial and error. However, Apple is only showing concern regarding one type of error that could happen concerning its Face ID algorithm, which is someone else gaining access to the device. But there remains another concern of your phone not recognizing you and therefore not granting you access.  We will know more about the issues with this technology once the customers start using the new iPhone X and provide with their feedback.

    With this new technology introduced in the iPhone, one must wonder about the possibility of an identical twin gaining access to his/her sibling's iPhone due to identical facial features genetically. Although this question is irrelevant for a vast majority as only four in one thousand births, result in identical twins according to scientific consensus. Apple's representative saw this as a loophole and advised similar twins to protect their sensitive data on the device with a passcode as the chances of an identical twin being able to bypass Face ID and break into the phone are more.

    Furthermore, to secure the phone correctly, two aspects of biometric security should be considered. One is the protection of the stored biometric data, and the other is having the ability to defend the authentication system of the device from fake users. For protecting the stored biometric data, it should be stored in the internal memory of the smartphone and not on an external computer server. As iPhone's representative claims that an individual's face data is protected in an enclave, as it is in the iPhone data and not in a central database system, which is easier to break into for hackers.

    Precedents

    A Virginia Beach Circuit Court ruled that an individual in a criminal proceeding couldn't be forced to disclose the passcode of his mobile phone, as that would have an impact of violating the self-incrimination clause of the Fifth Amendment. However, at that time, the Court was of the opinion that an individual could be forced to give up his fingerprint for unlocking the touch ID or any device protected with prints. The Court reasoned this approach with explaining that while a passcode requires a defendant to use actual knowledge, a copy is a form of physical evidence similar to a DNA sample that authorities are legally allowed to demand an investigation in certain circumstances.

    In a case in Minnesota appellate court ruled against a convicted burglar who was forced to unlock his phone by a lower state court by giving his fingerprints, which opened it. This case, the State of Minnesota v. Matthew Vaughn Diamond, is the latest episode in a series of unrelated cases throughout the USA that test the limits of digital privacy, modern smartphone-based fingerprint scanners, and constitutional law. Diamond went to trial in 2015 and was convicted of the burglary along with two other lesser charges and therefore, got imprisonment up to 51 months in prison. Later, Diamond appealed because by forcing him to unlock his phone his Fifth Amendment rights against incrimination were violated.

    Moreover, being forced to give out passcodes or fingerprint –enabled passcodes which are the modern unbreakable encryptions, frustrate the lawful authorities when dealing with criminals who refuse to cooperate and unlock their data.

    Under the Fifth Amendment, defendants cannot generally be compelled to provide self-incriminating testimony but giving a fingerprint is allowed for identification or matching to an unknown print found at a crime scene.

    In sum, because the order compelling Diamond to produce his fingerprint to unlock the cellphone did not require a testimonial communication, we hold that the law did not violate Diamond's Fifth Amendment privilege against compelled self-incrimination.

    The technology of using fingerprints to unlock a smartphone is relatively recent. In a right frame, this type of technology is not violating rights of an individual instead it is merely a forceful production, for example, being forced to hand over keys to a safe. However, if an individual is forced to disclose his passcode to the phone, the legal implications for such would be different.

    The FACE++ Technology

    An excellent example of widening extents of face detection technology is the Face++ (pronounced Face Plus Plus), a Chinese startup based in Beijing. The technique of face recognition is widely used in China to promote surveillance as well as convenience. This technology has transformed our daily lives regarding banking, retail, and transportation services. Face++ is under usage for apps for example; a mobile payment app called Alipay with over 120 million users in China, uses your face as credentials to authorize payments. Another example is Didi, one of the most popular ride-hailing company in China uses Face++ to identify the legitimacy of the driver. Lastly, Baidu, a company that operates China's most popular search engine is now working on a system to allow people to collect rail tickets by showing their face.

    Moreover, this type of technology has progressed in China due to their policies towards privacy and surveillance. Governments to identify suspected criminals through surveillance cameras also use Face++. According to an assistant professor at Peking University, Shilang Zhang; "The face recognition market is huge. In China, security is paramount, and we also have lots of people, and lots of companies are working on it". The technology of facial recognition has existed for years, but with significant technological advancements in this area, it has improved its accuracy. Only now it has become so accurate and sophisticated that it is under usage for financial transactions.

    The Face ID technology introduced by Apple can potentially compromise user privacy especially in cases of authorities confiscating personal belonging like smartphones. As mentioned previously in the example above, compelling individuals to give their biometrics does not violate their Fifth Amendment rights whereas it is an argument that an individual producing their passcode by using their memory if demanded by the authorities does violate the Fifth Amendment rights, as it constitutes self-incrimination.

    In the future, what does this mean for the potential users of iPhone X? As millions of Apple users will switch to iPhone X as soon as it hits the market, will this require clarity in regards to an individual's constitutional rights?

     

    ]]>
    Sun, 29 Jul 2018 06:01:00 GMT
    <![CDATA[UAE Social Media Regulations and its Impact on Influencers]]> We have entered into a time where people frequent on of social and electronic media as much as they breathe in and out. Our reliance on these platforms grows as quickly as the number of platforms available. This rapid growth of electronic media has seen many curveballs, including that of legality and morality. The growth of the electronic era has brought with it new careers, new experiences, and new criminal offenses. And with that, new legislation. The legislation of electronic media differs from country to country – some with extremely stringent laws while others are incredibly lax.

    Electronic media optimizes openness, as Mark Zuckerberg stated, "give everyone the power to share anything with anyone." This openness is how social media operates. At our fingertips, we can share any piece of information with any person across the globe. However, as it is said, with power comes great responsibility – and this is where the law plays a vital role in the electronic world. The United Arab Emirates have recently brought to fruition a new law regulating electronic media. This regulation was brought about by the National Media Council.

    The regulations released by the Council govern all activities online including publishing, selling of print e-commerce, and e-commerce, video and audio material as well as advertising. These guidelines apply to news websites, electronic publishing outlets, and on-demand printing, including commercial activities conducted through social media within the UAE. The purpose for these new regulations as provided by Mansour Al Mansouri is that the will help the UAE media sector to remain abreast of the significant developments in electronic media, in addition to enriching and organizing digital content while promoting freedom of expression and constructive dialogue. In addition to this, the regulations will ensure that media material respects the religious, cultural and social values of the UAE.

    The Electronic Media Regulation

    The new Regulation starts off providing definitions for relevant electronic media outlets. The scope of the regulations application includes all electronic media activities that are carried out inside the United Arab Emirates; this is inclusive of the free zones. The regulation covers any means of online expression, including but not limited to that of writing, painting, music, photography or other methods that are transferable between individuals in any form whether printed, audible or visual.

    Electronic Media Activities that should be Licensed

    The following forms of electronic media, for the abovementioned regulation, need to acquire a prior license following the provisions:

  • The sites used to trade, present and sell print, video and audio materials;
  • The electronic publishing activities and on-call printing;
  • The specialized websites such as the electronic advertisements, news sites, etc.; and
  • Any electronic action that the council deems appropriate;
  • When UAE citizens, applying for this license, it is necessary that they meet the following requirements per the relevant regulation:

  • The applicant shall have the full legal capacity – however, this requirement may be exempt according to the circumstances of the case;
  • The applicant should have a good reputation and a history of decent conduct;
  • The applicant should not have been convicted of an offense involving a breach of honor or public trust unless such necessary rehabilitation of the applicant takes place or the issuance of a pardon has occurred in his favor by the competent authorities;
  • The applicant shall qualify from a tertiary institution, namely from a college, institute or accredited university – however, this requirement may be exempt according to the circumstances of the case;
  • The applicant must meet the required activity requirements;
  • The applicant should not have any company which has been shut down or closed, or the applicant should not have a company prevented from carrying out specific media activities; he should also not have any suspension or cancellation of license – unless such issue as abovementioned has been remedied or removed;
  • The applicant should not have any financial obligations owing to the council;
  • The applicant must abide by all instructions and regulations set out for the carrying on of media activities;
  • Any additional requirements as thought to be applicable by the committee.
  • Responsible Manager

    As per the new regulations, each website shall now have a manager who supervises the content of such site. In this regard, the manager will represent the license applicant before the council and government entities or any other third party. This responsible manager will also be responsible for all content published on the site whether the posting of the material was by him/herself or a third party. The regulations set out requirements for the accountable manager similar to those for obtaining a license. However, it is worth mentioning that if the applicant is a natural person, he may act as the manager responsible for the website or mode of electronic media if he/she meets the requirements.

    Media Activities on Social Media Platforms

    The regulation then goes further to provide for the obtaining of an additional license under this resolution, for commercial purposes using the social media. Applicants must meet the following requirements in this regard:

  • The applicant must have a recognized social media account;
  • The content posted on such account must meet all the applicable advertising standards or criteria adopted by the council at the time;
  •  The social media account holders providing paid commercials shall obtain a license from the National Media Council per the applicable regulations and those prescribed in this regulation;
  •  The account holder will be the person responsible for the content posted on such account.
  • License Validity Duration and Renewal

    Such obtaining of the license for such electronic media is not for an indefinite period. A permit according to the regulations shall be valid for a period of one-year renewable for the same period. The holder of the license or any representatives of such holder has the right to apply for renewal within 30 days from the expiration date or 30 days after such expiration date. The license will be null and void should the applicant or his/her representatives not apply for renewal within the 30-day grace period provided post expiration of the original permit. 

    The Licensee's Obligations

    The new regulations provide an outline of the commitments the imposition of which will be upon any person who application is accepted. These obligations not only affect the licensee him/herself but will also be binding upon any person representing the licensee or working for him/her in their interest. The depiction of the obligations provided by the regulation are as follows:

  •  There is an obligation to abide by the type of the media activity and all requirements according to the license;
  • A responsibility to obtain the prior consent of the council on any license related modification;
  •  There is an obligation to provide any information and data as requested by the commission from time to time;
  •  The parties have to abide by the media activity practice related instructions and regulations set by the commission;
  • There is an obligation on the parties to always respect societal values and observe the public interest requirements;
  • A commitment to pay the financial dues and fees necessary per the relevant legislation.
  • Licensing Fees

    The below table outlines the licensing fees as provided by the New Electronic Media Council in its new regulations. The charges are the responsibility of the Minister's Council and such council will be responsible for any addition, deletion or amendment.

     

    Activity

    New Application

    Renewal of application

    Electronic or online accounts/websites

    AED 15,000

    AED 15,000

    Trading, selling and displaying audio materials websites and online accounts

    AED 4,000

      AED 2,000

    Trading, selling and displaying video materials websites and online accounts

    AED 6,000

    AED 3,000

    Online accounts and websites of electronic publishing and on-call printing-related activities

    AED 3,500

    AED 3,500

    Selling books

    AED 1,000

    AED 500

    Selling newspapers and magazines

    AED 1,000

    AED 500

    Selling electronic video games

    AED 8,000

    AED 4,000

     

    The implications of the New Regulations on Social Media Influencers

    The new provision does not apply to websites of a personal nature, as well as that of blogs. However, it does affect social media influencers. In this regard, social media influencers who run any online business activities, including those mentioned in the regulations, namely, e-commerce, publishing, and selling of print, video and audio material, as well as advertising or promoting brands. The effect of these regulations is that such persons engaged in the abovementioned activities must also obtain a license as per the rules.

    Violations of Social Media Etiquette in the UAE

    In a recent case in Dubai, the Court considered the breach of privacy that occurs when a person posts pictures of another on social media without the permission of such other person. Concerning the matters, the court held that such cases could be neither waived off nor can there be a reconciliation between the parties involved.

    In this case, a teenage girl posted a picture of her friend on social media, allegedly without first obtaining the girl's permission. The family of the latter adolescent girl then filed a case of violation of privacy against the girl who posted the photograph. The family at a later stage tried to withdraw the case at a later stage. However, they were unable to do so, as the law had to run its course. The girl ultimately failed to prove that the photograph she took was with permission from the other girl and the Court of First Instance convicted and sentenced the girl. The case will now continue to be before the Supreme Court.

    Penalties for the violation of such privacy includes a jail term of six months and a fine of between AED150,000-500,00. The reason for such a high sentence is that the legislature needs to make it known to the public that the crime of the violation of privacy via social media is a serious offense.

    In another judgment, The Federal Appeal Court upheld a previous ruling by the Federal Court of First Instance, which convicted a man and sentenced him to a term of imprisonment of two years. The conviction was due to a poem that the defendant had written and published on social media. This poem violated public order and morality and was in contradiction to the cybercrime law. In this case,  the court sentenced the man to a three-month jail sentence and a fine of AED250,000.

    Conclusion

    The United Arab Emirates is clamping down on electronic media usage and has implemented such new regulations as it deemed necessary. Digital media is one of the most up and coming sectors in the Middle East, especially videos, games, and e-books. Regulating this sector will attract new global investments, which, in turn, will improve its development and competitiveness," Al Mansouri said. The aims achieved by the implementation of the regulations are the supporting of the relevant industries and the control of their activities. This support and management are to ensure that the sectors are capable and that they contribute to the support of the publishing industry. Another aim achieved it the keeping abreast of the rapid developments in the field, and this is to enrich digital content. In furtherance of the objectives, another objective of the regulation is to reinforce electronic media's respect for the cultural, religious and social values of the UAE.

    ]]>
    Thu, 14 Jun 2018 12:24:00 GMT
    <![CDATA[Electronic evidence in the UAE and KSA (Part I of II)]]> Admissibility of electronic evidence in the UAE and KSA (Part 1 of 2)

    Technology has changed the world in its totality in such a short time. It has indeed become an integral part of the everyday lives of so many. Today we see it incorporated into nearly everything we do. Around 60 years ago, computers where more a sci-fi device than an actual conceivable product which general public will soon own. The following space of 60 years has given a computer or device to nearly every single individual in the more developed region's world, and most businesses rely heavily on electronic devices in the performing of their transactions and general trade. Computers are also now just the tip of the giant technological iceberg, and with more and more crazy innovations entering the market at rates only a teenager would be able to keep up with, the situation can quickly become quite complicated.

    In a world where so much is now getting digitalized, it was only a matter of time until crimes also entered the digital realm. More common than digital crimes themselves are the numerous forms of digital evidence that may be put forward in legal cases. Emails, chat conversations, photo and video evidence and more are a big part of so many lives that the potential evidence that may arise from them is vast. In the past, there has been skepticism of electronic evidence, though now, with the expertise into the technologies and their prevalence throughout society, there is no more room for uncertainty. Avoiding and ignoring electronic proofs can lead to grave and blatant injustices and would be an irresponsible path to take.

    There are a few elements to consider concerning electronic evidence. These include electronic contracts, electronic records, and electronic signatures. In the past, the internet and online documentation where looked upon skeptically, at least in part, because they were often thought of as being unreliable and easily forged. However, the use of these forms of electronic business practices have become widespread over the years, and as technology has improved and the processes have become more secure, people are more trusting of the technology. Now to a greater extent than ever before are there more secure and official online means to creating records and contracts and therefore it has become the norm. These practices are widely accepted and are backed up by the law.

    The UAE is a reasonably technologically savvy country. Its cities are known to the world due in large part to the technological marvels within them. The city of Dubai is something of a testament to this with its high-rise buildings and giant malls. It should not surprise then that the attitude towards electronic evidence, from a legal standpoint, is well supported.

    At a most basic level, it is backed up by the Federal Law Number 10 of 1992, which concerns evidence in civil and commercial transactions. The year 2006 introduced Article 17 of this law which entirely involves electronic evidence. Article 17 subsection 3 states that electronic signatures will have the same probative force as a regular hand-written signature as expressed in the law. On top of this, sub-clause 4 covers electronic writings, documents, correspondences, and registers also hold equivalent weight under the law as their hand-written or physical counterparts. This one piece of legislation provides instant, simple recognition and provides power to these electronic elements in business. It was a good base from which to allow electronic evidence to rise and prosper considering that the law was an introduction in 1992.

    In one of the cases heard before the Abu Dhabi Court of Cassation (Case 472 of 2014 (197) and decided on 22 July 2014, the Prosecution filed a claim against the accused on the premise that he failed to pay a sum along with interest. The appeal based on some settlement agreement of 2011 and the accused was to settle a difference between the original debt and the balance amount that was outstanding. The court of appeal had canceled the prosecutor's claim, and consequently, the prosecution filed a petition before Court of Cassation.

    The Petitioner's challenge arose from three causes of action. Firstly, he said that appeal court's judgment violated the law, improper reasoning and prejudiced the right to defense. The accused based his response to claim to maintain that Petitioner had failed to take in to account the requirements set out in decision passed by Ministry of Economy (Decision Number 74 of 1994) requiring computer-generated data. In the present case, the documents were purchase orders issued by accused and not accompanying invoices but not computer generated data. The supporting documents included an acknowledgment by respondent in electronic communication exchanged between the parties post the invoicing period.

    The Court of Cassation relied on Article 4 of Law Number 1 of 2006 concerning Electronic Transactions which provides that information set out in data message shall not lose its legal force, even if they are set out in brief. The only condition under Article 4 is that such information should be accessible within the electronic system of the originator. The Court also relied on Article 10 which provides that a data message and electronic signature shall be admissible as evidence even if the same is not an original or in original format. The Court relying on Article 17 (2) said that reliance on the secure electronic signature is deemed reasonable and held that parties exchanged electronic communication as the accused sent purchase orders and the other party delivered goods to it and the accused signed to the effect that goods were received.

    Dubai Court of Cassation passed a similar decision (Matter 241 of 2007 and decided on 28 January 2008) where the Court was referring to Article 17 (2) of above held said that a preserved electronic signature might be relied on unless the contrary gets proven.

    Thus, the transactions between the parties were conducted using electronic communications, which is different from the regulation of business transactions using computers.

    One thing to note is that the UAE is a relatively young country being, at the time of writing only 46 years old. This young age means that the country would have been born and would have risen with technology and would, therefore, have it highly integrated within the nation.

    The UAE is known to have very close ties to Saudi Arabia. They share many of the same political beliefs and are in general, quite familiar with one another. Saudi's law with concerns to this issue is very similar. The Royal Decree Number M/18 of 2007 Article 5 states, very similarly to the UAE, that Electronic transactions, records, and signatures will have full effect and will not be contestable.

    The outcomes of the articles in both the UAE and Saudi laws achieve the same goal. They validate the electronic side of business dealings, and those business dealings will be as set in stone like any other form of signing, documentation or contract. Speaking of electronic evidence, are emails and email signatures acceptable as evidence, you may ask?

    The Dubai Court of Cassation (Matter Number 277 of 2009 and decided on 13 December 2009) held that according to Article 4 (2) of the above Law, transactions in the form of emails have legal force provided that the information is available in the electronic record. It further held that under Article 10 of the Law, an email or an electronic signature would be acceptable in evidence notwithstanding that communication or the electronic sign is not in its original form.

    The Abu Dhabi Court of Cassation (Matter Number 89 of 2014 (246) and decided on 20 October 2014) referring to some partnership dispute held that:

    "Whereas the partnership concerning one of the transactions of XYZ company between the Petitioner and Respondent is related to Respondent himself and does not violate the public morals and agreed to terms. Further that the appealed judgment ruled the need for an absolute oath of the Respondent on the premise that business relationship between the parties was over and understandable from electronic correspondence exchanged between the parties." The case involved a transaction between two parties where the petitioner did not have any evidence supporting his claim. In such cases, the petitioner may ask the defendant to swear or take an oath. The defendant may choose and accept to testify or deny the same. If he refuses to take the oath, the petitioner may swear by himself to support and validate his claim. There are two conditions governing oath – first, being it should not violate public order, and secondly, such act should not contradict existing evidence. The Court of Appeal in this matter noted the email exchanges between the parties and noticed that the parties had terminated their relationship. The Court relying on email correspondence held that oath was disallowed. Court of Cassation reversed the decision and held that either party could take an oath regardless of the underlying evidence. 

    Before extending this topic to Kingdom of Saudi Arabia, the author will discuss the admissibility of electronic evidence in the DIFC and its implications thereunder. Wait. That's happening in next issue. Stay tuned. Before extending this topic to Kingdom of Saudi Arabia, the author will discuss the admissibility of electronic evidence in the DIFC and its implications thereunder. Wait. That's happening in next issue. Stay tuned. 

    ]]>
    Thu, 10 May 2018 11:21:00 GMT
    <![CDATA[The General Data Protection Regulation ]]>  

    GDPR COMPLIANT OR NOT?

    Introduction

    On 25 May 2018, General Data Protection Regulation (the GDPR) will come into effect in European Union. It is the most significant transformation to the landscape of European data protection in the past twenty years. Upon the enactment of new GDPR law, all the personal data of EU and its residents will get regulated. This regulation is likely to impact on several organizations in EU and several other business units such as sales, marketing, IT, e-transactions and others. The GDPR will have a cascading effect on the EU National Data Protection Legislation. GDPR has been discussed a lot lately and its impact in EU and outside Europe. The following article will provide a complete summary of the new legislation, and essential companies must consider in their endeavors for adjusting with GDPR.

    WHAT IS GDPR?

    GDPR is a way of protecting personal information in the 21st century; wherein, people will grant permission to companies who can utilize their data for several reasons in exchange for free services. It gives absolute control to people over how companies can use their information and simultaneously introduce hefty penalties for the violators of the law and compensation for those who suffer a breach. It further ensures that data protection is indifferent to all the EU member states.

    GDPR law will cover various aspects including privacy notes, notice for seeking consent, information about the usage of data and how the data will get communicated to and through other organizations. Most of the guidelines don't add much to what we know and can get from the content of the GDPR, including its presentations, or from past articulations from the WP29. However, there are some valuable illuminations and recommendations to be found.

    IMPROVEMENTS TO BE CONSIDERED

    Comprehensively, the primary rules and principles are unaltered. The essential meanings of fundamental concepts, for example, 'processing' or 'individual information and sensitive information' is same as before. On the same note, definitions of some authorities are unchanged including 'data subject,' 'processor' and the 'Data Protection authorities (DPA).' The usage of information is as yet contingent and similar principles of 'reason' and 'security,'remain intact. Following are the notable changes in the new law which the organizations should consider:

  •  The fines imposed under the GDPR law ranges up to 20 million Euros or 4% (four percent) of the company's annual turnover;
  •  the actions initiated against the violators and the compensation awarded to the victims of data breach;
  • the control over personal data; and
  • the expanded jurisdiction of the law even on the companies incorporated outside EU and doing business with companies inside EU.
  • Importantly, the utmost control over the personal data is the essential subject which legislators had in mind before implementing GDPR law. Thus, the consent to utilize personal information should be expressed and should be affirmative. Also, it must allow the public to withdraw their consent at any given point in time or update their information or to delete the data thoroughly. Companies upon obtaining the approval will have the right to process the data and to exchange it with other entities.

    The GDPR law imposes two new obligations on the companies that is 'piracy by design' and 'piracy by default.' The Piracy by design responsibility oblige the entities to take into account security measures when conceptualizing modern data collection frameworks and to constrain the information collection and to process the data only for authentic reasons. This aspect increments the responsibility of companies and affects them to act in line with the GDPR. Whereas, the latter stipulates that new collection and the tools utilized for processing data should record to highest data protection level and that any deviation from this rule will require the explicit consent of the person. This rule implies for an occurrence that pre-filled fields are at best avoided.

    COMPLIANCE UNDER THE LAW

    The law has brought significant changes in the data protection laws in EU as it has imposed several obligations on the marketing companies, insurance companies and another related sector which requires additional compliance to follow. For instance, the data processors must include these other terms in the contracts and are obliged under the law to adhere to such conditions. However, if they failed to comply with the requirement of the law, they will be subject to direct surveillance and penalties by superior authorities. 

    On the contrary, for the controllers of data, the law requires them to illustrate as to how they comply with the provisions of the law. This compliance requirement suggests that data controllers must prepare a record of how they will process data and should supply the documents to the supervisory committee. The law further, obliges the companies whose core activity is monitoring of information on large scale, to appoint a data protection officer. Some of the insurance companies must also be aware of pseudonymization and privacy statements. Pseudonymization is outlined to offer information subjects another level of assurance, while security affect appraisals will be utilized by endeavors to recognize and address non-compliance dangers. Further, in cases where the processing of data posses a high risk to the privacy of data, issuance of privacy statement in such event will be mandatory.  Below are the other vital changes in the GDPR which companies should keep in mind:

  • Consent: The 'silent' acceptance or pre-ticked forms will not suffice the need the definition of consent under the law. Explicitaffirmative action will be required, and data subjects can pull back their approval at any time. This act will affect policyholders and changes to client confronting websites, promoting fabric and reports will be required.
  • Notice of Privacy: it is an additional requirement under the law, wherein the insurance companies should provide the top information which can ensure transparency to the policyholders. The data passing involves the basis for preparing the data and the period for which the company will hold the same.
  • Right over Information: regardless of the rights mentioned above offered to the data subject by the law, they also have the authority to rectify, erase, impose restriction or raise any objection with regards to the data held by the company. The GDPR is prepared to offer data subjects more control by giving information subjects the opportunity to question the handling based on the interest of the controller or processor.
  • Access Requests of Data Subject: there is a change in subject access requests compared to the old law that is the data subject has right to receive additional information; the time-period for processing request is now 30 days instead of 40 days; companies cannot reject the application except if the same is repetitive.
  • The new law explicitly outlines that insurance sector will face several responsibilities and obligations while adhering to the provisions of the law.

    EXEMPTIONS UNDER THE LAW

    There are several exemptions under the law such as exemption towards the obligation to generate a privacy note when the information gets directly perceived from data subject contingent to the extent where the subject already is in possession of same. This exemption implies that a controller might only require providing additional information to the data subject. Whereas, if obtaining of data is through indirect means, a much more extensive exemption is accessible, in specific where the information includes unbalanced exertion. It is vital that interpretation of Exceptions must is clear, precise and definite. Moreover, the data controller should be able to legitimize dependence on any of them. Under Article 23 of the GDPR law provides further exceptions for inclusion in the national legislation in line with GDPR, but the rules make it clear that where depending on such exemptions information controllers ought to educate information subjects of this unless doing so would bias the reason of the exception.

    GDPR IMPACT OUTSIDE EUROPE

    The old EU Data Protection Law fundamentally regulates the entities established within Europe and its member states, whereas, GDPR will also affect the companies incorporated outside Europe. For instance, in a case of non-EU data controller using his tools inside Europe for processioning data, except for exchange purpose, will get regulated by the law.

    As European Union Court of justice out rightly mentioned in Google Spain Vs. Agencia Espanola de Protection de Datos that the activities of data processing in Google Spanish search engine, although Google subsidiary did not undertake them, were adequately associated with a Spanish company. The court in the said matter formed the opinion that the activities of US company interlinked with the sales generated by the Google Spain.

    As also, the Article 3 of the law provides a clear view of the territorial jurisdiction under the law, where non-EU data controllers can be regulated and be imposed hefty penalties for violation of GDPR. Article 3 of GDPR is as follows:

    Territorial Scope

  • The regulation (scope) applies to the processing of personal information about the activities of the entity of the controller in the EU, regardless of whether the processing takes place in the Union or not;
  • The regulation applies to the processing of information of data subject who is in EU by a controller not present in Union, where the activities are as follows:
    •  Monitoring their behavior as their behavior within EU.
    • The sale of goods or services, irrespective of whether payment of data subjects required to such data subject in the Union;
  • The regulations apply to entities established outside EU, but in a place where its member states law applies by Public International Law.
  • GDPR IN UAE

    The Abu Dhabi Global Market (ADGM), and international financial center in UAE allowing companies to undertake financial and non-financial activities under a different framework. Being an economic free zone, ADGM has its laws, rules, and regulations based on a Common law which regulates and governs the companies established in the freezone. Considering the enactment of new laws about data protection, ADGM was ahead in time as compared to other free zones in the country; it has already Data Protection Regulations of 2015 which covers a wide range of obligations, the protection of personal data and its exchange within or outside ADGM. Whereas, ADGM has recently amended the regulations in 2017 which imposes a mandatory requirement of breach notifications to be made without any unnecessary delay or within 72 hours after getting informed about the breach. The Amendment has increased the number of penalties imposed on the violators of the law.

    CONCLUSIONS

    While understanding and managing these cross-border rules and regulations, the data controller must importantly analyze the information he has and from where did he obtain the same. As we know the internet has no territorial boundaries, and one can easily exchange information. However, it is pertinent to highlight the laws applicable to the content received from the internet or other data controller. Companies should, at all times, be aware of the legal risk exposed of failing to adhere to GDPR rules. 

    ]]>
    Wed, 09 May 2018 04:43:00 GMT
    <![CDATA[Digital platforms and Their Terms of Use ]]> Digital platforms, Ecommerce Marketplace and their terms of use: Does it matter?

    The many digital platforms are transforming almost every industry today; it is swiftly becoming apparent that the similar looking terms of use and privacy policies currently applicable may not provide new entrepreneurs or platform users with an adequate sense of security. This inadequacy, coupled with an ever-increasing demand for technology lawyers in Dubai, necessitates a need for such entrepreneurs and platform users to become more cautious in regards to covering themselves against risks and losses.

    A simple example of why new entrepreneurs are becoming progressively more cautious when covering themselves from risks and losses would be the knowledge that one of the crowdsourcing Apps recently invited users to undertake mystery shopping.

    This example depicts the necessity for privacy policies and terms of use which will reduce the risks and losses when engaging in transactions on the digital platform.

    The crowd-sourcing App in this particular case provided the Mystery Shoppers with a certain amount of store credit. The shopper could use such monetary value on the App for in-store purchases. However, for the shopper to use the store credit to partake in the mystery shopping, the App holders had to pay an activation fee. This activation fee paid by the App holders wanting to participate in mystery shopping enabled them to access the credit on the App. Once they had transferred this, the participants would go to the store only to find out that there is no credit available on the App. The theft of the activation fee is then known to them.

    The terms of use on a website, in the form of Terms and Conditions, and the Privacy Policy are the basis of the express or implied contract between the platform owner and its users. Their effect is to limit liability and offer protection to digital platform owners. However, the question here is; what protection do platform users have; and does the online acceptance of today stand as a valid agreement against the law.

    Terms and Conditions clause

    Regarding the abovementioned example, the user of the digital platform was the party to bear the losses and risks caused by the actions of the third party – the scamming company. Below will be an example from the Second Circuit Court of Appeals, of how the owner of a digital platform did not sufficiently cover itself against risks and losses in its Terms and Conditions. 

    In this case, the user signed up for a programme that provides discounts on products and services in consideration of monthly fees. Following the users' enrolment and use of the application, he received an email from the defendant. In the email, there were additional Terms and Conditions, inclusive of an arbitration provision of a mandatory nature. Such new Terms and Conditions were never expressly consented to by the user.  The user canceled his account and claimed a full refund, to which the defendant only provided a partial refund. The user then commenced a class action, to what end the defendant responded by seeking to enforce the arbitration provision in the additional terms and conditions. The court a quo concluded that the user had never agreed to the new terms and conditions, the Appellate court upheld the conclusion.

    With consideration of precedent regarding contract law and enforceability in the context of shrink-wrap and agreements of an electronic nature, the emailed Terms and Conditions would be binding if:

  • After receiving actual notice, or at a minimum, inquiry notice regarding the additional terms; and
  • The user then manifested his assent, expressly or implied.
  • The law does not require Terms and Conditions on a website, however as can be noted above, having adequate Terms and Conditions, to which users must consent to, could limit the liability of the platform owner immensely. The efficacy of the site owners' terms and conditions clause is pertinent to whether they can be held liable for content on their website. The prior mentioned case held the following on what companies should do to limit their liability:

    a.    Indicate all the terms of notice;

  • Require visitors or users of the site to page through the terms. Only once this is completed should they be able to select the 'agree' option or expressly and actively provide their consent to the terms;
  • Restrain using the website or initiate using services on the site before express permission by the user; and
  • Periodically have users of the site reconfirm their agreement to the terms. 
  • Numerous sites request users to create a profile and yet they do not require the users to agree to their terms before gaining access to their profile. Users on the site are expected to seek out, on their own accord, the terms and conditions. Users get faced with clauses such as the following:

    "By entering, executing using, downloading, commenting, saving, accessing or using the Digital Platform you will automatically be considered a user which requires the full acceptance of every provision included in these Terms, in the version published by, and at the time you access or use the Digital Platform. If you, as a user, do not agree to these Terms, you may not access or otherwise use the Digital Platform."

    If it is considered, that the user was unaware of the fact that the action of entering, executing using, downloading, commenting, saving, etc. constituted their acceptance of every provision included in the Terms, how could such user be held to have consented to the Terms?

    However, one should take cognizance of the fact that it is common practice for courts to rule in favor of the user who did not expressly consent to the terms and conditions. A court stated that acceptance need not be express, but where it is not, there must be evidence that the offeree knew or ought to have known of the terms and understood that the offeror would construe acceptance of the benefit as an agreement to be bound.

    The United Arab Emirates

    Regarding the law of the United Arab Emirates, a contract becomes legally binding upon the parties after the express or implied acceptance of the offer by the offeree. There are however a few exceptions to this rule which warrant that a contract is only legally binding if it is in writing.

    Of relevance to electronic contracting on digital platforms, is the Federal Law Number 36 of 2006 on the Evidence and Commercial Transaction. This piece of legislation governs that electronic evidence or electronic messages are not recognized. Due to this, Dubai has implemented the Dubai Law Number 2 of 2002 relating to Electronic Transaction and Commerce Law. Regarding this legislation should a person contract, offer to contract or accept to contract, either wholly or in part, using electronic messaging, such an agreement will see be considered valid in the eyes of the law. Federal Law No.1 of 2006 on Electronic Commerce and Transactions (the e-Commerce Law) was put in force to align the country's legislation with the needs of the online marketplace.

    The Privacy Policy

    The privacy policy is not only required by law but is considered one of the most critical inclusions on a digital platform. It is of significant priority and should be read and assented to by all users. However, this is seldom the case. The Privacy Policy relates to the website's policy as to what it will and will not do with the information a user provides on the site.

    There are multiple issues about the privacy of the data collected on digital platforms.  To illustrate one, would be the issue of how one can be exposed to far-reaching effects when unwarranted data is in the hands of marketers, financial institutions, employers and governmental institutions, For example, impact on relationships, employment, qualifying for a loan and even to get on a plane. While there is much concern about this, little has been done to improve privacy protection online.

    For the privacy risks that need reducing highlighted above, each person must make careful consideration of what data they are putting on the web and what the implications of the Privacy Policy on the relevant page are.

    In a time when privacy infringement is rife, and more and more high-profile privacy breaches are being commonly publicised, it is imperative for all digital platform users to reconsider what personal data they provide to such platforms precisely.

    An example of a recent high-profile privacy breach is the Facebook breach, in which a political data firm with links to President Trump's 2016 campaign was able to harvest private information from more than 50 million Facebook profiles without the social networks alerting users.

    Data collection and privacy policies internationally

    There is a significant disparity globally in the governing of data collection and online privacy. Some countries display stringent legislation in this regard while others lack relevance and authority. Below are examples of how different states regulate this.

    European Union

    The European Union Data Protection Directive of 1998 states that anyone processing personal data must do so in a fair and lawful manner. For the data collection to be considered legal, the taking in of the data must be for specified, explicit and legitimate purposes, and users must give unambiguous and explicit consent after being informed that data collection and processing is taking place.

    Germany

    In Germany, the Federal Data Protection Act of 2001 states that any collection of any personal data (including computer IP addresses) is prohibited unless the collector gets the express consent of the subject. The data collector also has to get the data directly from the users (for example, it is illegal to buy email lists from third parties).

    The United Arab Emirates Law

    There is no Federal data protection law in the UAE; there is also no single national data protection regulator. Due to this fact, the protection from risks and losses is the sole responsibility of the individuals. Although, there are two rights afforded by the UAE Constitution of relevance here.  Article 30 of the UAE Constitution which provides for freedom of opinion and to express that opinion either in writing, verbally or by any other medium of communication. As well as, Article 31 which is a general right to privacy and it provides for a right to freedom of correspondence through various means of communication and the secrecy thereof.

    Sectoral laws

    Regarding Federal Decree Law No. 5 of 2012 on Combating Cybercrimes, Article 2 prohibits unauthorized access to websites or electronic information systems or networks. Article 2 further imposes more severe penalties when such actions result in, among other things, the disclosure, alteration, copying, publication, and replication of data. A penalty's severity will increase if such data is of a personal nature.

    Article 21 of the Federal Decree No. 5 of 2012 also prohibits the invasion of privacy of an individual through a computer network and electronic information system and information technology, without the individual's consent and unless authorized by law. Article 21 further prohibits disclosing confidential knowledge obtained in the course of, or because of, work, through any computer network, website or information technology

    It is of significance here that on 25 May 2018, UAE-based companies with relations and business dealings with European Union consumers will need to ensure that they comply with Regulation 679/2016. This Regulation concerns the protection of natural persons regarding data collection.

    In Dubai Court of Cassation case number 67/2010 (132), the court observed the contrast between Article 30 of the UAE Constitution, Article 47 of the Federal Law Number 15 of 1980 Concerning Press and Publication (the Press Law) and Clause 79 of the Press Law. In this case, the appellant initiated legal action on the basis that the defendant had published the details of the case regarding the appellant's wife. The defendant was a limited liability company in Dubai that was dealing with printing and publishing and had published the details of a case surrounding the extra-marital affair of the appellant's wife. The appellant contended that this had caused substantial harm to his family since the news spread instantly to his home country also. Let us analyze each of these Provisions carefully before proceeding. Article 30 of the UAE Constitution provides freedom of opinion and to express that opinion in writing, verbally, or by any other medium of communication. Provision 47 of the Press Law stipulates that newspapers are permitted to publish the details of cases before the courts unless the proceedings of the case get held in secret session. On the other hand, Article 79 of the Press Law has explicitly prohibited the publications of news, photos or investigations regarding the family or private life of individuals if it can cause harm. These laws mean that the legislators have provided the public with the freedom of expression and at the same time, has limited that freedom to protect the privacy of individuals. The Dubai Court of Cassation, in light of the above Provisions, held that the appellant failed to prove that the defendant had published untrue events and the Court had not decided on whether to rule the earlier proceedings as secret sessions. The Court of Cassation dismissed the appeal case and stated that the defendant was not liable for other newspapers that published the news.

    Advise to drafters of terms of use

    To draft terms of use for a website, that will afford adequate protection to both platform owners and users the following essential elements should be included:

    • Limitation of liability – a necessary disclaimer removing the responsibility for errors in the web content. Should the site be interactive, and others able to post on the site – a disclaimer must be included, which states that the website and website owners do not endorse users and are not responsible for the statements made by third parties.
    • Intellectual property – a clause to inform users that the contents, logo and other visual media created is the property of the website.
    • Termination – a provision to notify users that use the site in an abusive manner will result in termination at the sole discretion of the owner.
    • Governing law – a clause that describes which legal jurisdiction will apply in cases of dispute – this should be the country in which the headquarters of the website is.
    • Links to other sites – a clause should be included which warrants against liability for third party websites linked to the main website.
    • Privacy policy – when collecting any information from users, a privacy policy must be present.

    The Abu Dhabi Court of Cassation had to decide on the validity of electronic signature to determine whether the appellant was eligible to get a commission in the case of 393/2010 (218). In this case, the court observed and decided on the validity of electronic signatures to qualify as evidence under Federal Law Number 10 of 1992 regarding Civil and Commercial Transactions (the Civil Transactions Law). Article 17 (3) of the Civil Transactions Law states that e-Signatures have the same effect and validity as provided in the e-Commerce Law. The e-Commerce Law offers electronic communication with an equal level of importance in the eyes of the law and considers it valid evidence in a commercial transaction. Further, Article 4 and Article 10 of the e-Commerce Law information communicated through emails shall not lose its validity merely on the basis that the mode of communication is electronic and electronic signature shall be accepted as evidence even where such email or e-Signature is not original or in its original form. The court dismissed the appeal in this case by ruling that the electronic communication in question was valid evidence of the transmission between the parties and the appeal was filed merely on the premise that the trial court had erred in its factual understanding of the law and the value of the evidence submitted thereon.

    VAT Liability

    Because a significant proportion of retailers and distributors in the UAE provide their services both physically and via the internet, it is imperative to fully grasp the relevant VAT implications which are now in force. VAT regulations take into consideration the location of supply (of a good) – the area in which it is made available to the consumer. This consideration could also include the place where freight of the goods ends.

    Regarding VAT for services, it is the customers' place of establishment that is considered the relevant location for tax purposes. Unless such person is a non-taxable entity; if this is the case, the site of the supplier is where the tax will incur.

    VAT liability applies to all transactions, including e-commerce transactions and online purchases.

    Conclusion

    Some countries are party to the Organisation for Economic Co-operation and Development (the OECD) multilateral initiative dealing with online privacy and data protection issues. However, many countries, including the United Arab Emirates are not a party to such initiative and only bare rudimental legislation governing website terms of use. The world of online marketplace is expanding at a very faster rate, and lawyers are challenged to fill in the gaps in the law and guidance to adequately regulate the growing world of digital platforms.

    ]]>
    Tue, 08 May 2018 11:30:00 GMT
    <![CDATA[Copyright and Apps]]> Ping!You got a Notification*

     

    "Internet is a place where nothing ever dies."

    A touch is all you need to show the world your piece of art and to be liked by the viewers. Facebook posts, Instagram new filters improving your images, Snapchat 10 seconds stories to score social kudos. Endless forms and invisible impact.But the legal implication of copyright infringements on social media is more than what it was ever imagined. It's a tug of war between social media companies and the artists gaining new income by getting "Viral" or reaching millions of followers. In a continuous struggle of influencing the audience, the line of copyright infringement seems hazy and unclear. In this article, I will try to draw the line for our readers to make them understand the legal implications of stealing social media content.

    The variety of content that is shared online is strictly considered as an artistic work, to which intellectual property law applies. Copyright- the right of the author over his artistic or literary work and the right to allow others to use his copyrighted work. In terms of social media images, the copyright generates once the image is posted online. The statue of Anne is the first to receive copyright protection, since then a lot of significant changes have been made concerning the copyright protection and nowadays Berne International Convention protects copyrighted work since 1971. However, we can now witness the recent copyright protection given to digital content by World Intellectual Property Organization (WIPO). The WIPO treaty signed by almost all countries is the first treaty to address the issue of digital environment and its infringement.

    Social media websites stipulate terms of use that a user must strictly comply to in order to use the service, which we clearly don't read, therefore having any information about what we have signed for and are bound by the terms which we didn't even read or understand.

    Thus, through this article, we will try to explore the unreconciled stress between the freedom to use and protection of copyright holders. The sole reason to write this article is to increase awareness among social media users and to provide a legal backdrop for discussion.

    My Image, My Right!

    New York Instagram Sensation Richard Prince reminded us that a standard picture you took at the beach, shared publicly on Instagram could be reused and sold for a price not less than USD 90,000. In New York Freeze Art Fair, Prince displayed giant screenshots of Instagram users without any prior permission and sold for a right price. So here is what he was doing, since, 1970 prince has been "re-photographing" images from magazines, books or advertisements. But, in 2008 Patrick Cariou filed a case against Richard Prince[i]when he re-photographed Cariou's image. The court of the first instance passed the judgment in Carious' favor, however, when the case went for appeal, the court ruled out the lower's court judgment in part and held that Prince's artworks make fair use of defense and he has not infringed any copyright because his work was "transformative."

    It is essential for all the users to know whether if a third person is using their content from their profile, the principle of "fair dealing" may protect their usage as what happened in Prince's case. The opinion outlays numerous exceptions where the third party can utilize the copyrighted content without the author's permission such as:

  • for critic or review;
  • for research work;
  • for making parody;
  • for news;
  • For legal advice.
  • A careful look into Instagram terms of use, we understand that the photographer owns an exclusive right to use, sell the image and can enforce their copyright against anyone who infringes upon your rights.The terms of use come into effect the moment a picture gets uploaded on Instagram. It provides a fully-paid, freely movable social networking stage to utilize the content in the way the user desire. It further implies that Instagram permits pictures from the site to others- including other Instagram users who can report images without encroaching on other's copyright.

    Don't take a Screenshot

    The United Kingdom Digital and Economy Minister recently restricted people to take screenshots of Snapchat stories. He publicly mentioned that "under UK Copyright law, it is unlawful for Snapchat users to copy or take a screenshot of the image and share it in the public domain without the sender's prior consent". Let's validate his statement by looking into UK Copyright law. TheArticle 96 of UK Copyright, Designs and Patent Act 1988, allows the copyright owner to file a suit against the third party and can seek all such relief by way of damages, injunctions, accounts or otherwise.

    Snapchat claims that they follow a strict privacy policy, where it states that it does not condone any type of copyright infringement and if users suspect that their rights are being infringed, they have the right to report the incident to the company. However, the policy isn't that strict due to several reasons, the policy does not mention anything about removing the users who they believe are infringing copyright laws, or they can delete the provision of screenshot altogether.

    Copyright V. Social Media- the Case studies

    The widespread of regular practice of sharing photographs and other content has led to uncertainty regarding the ownership of those images and the violation of copyright law. This aspect of back and forth exchange of social media content has created a world where content got freely posted and viewed without any costs or charges. Thus, the free online culture created material conflicts with regards to control over reproduction and distribution. The rapid copy of original content has prompted several copyright infringement legal issues in past years.

    In all of these cases, the third party contends the usage being a fair use as set out in laws of almost all the countries such as 17 U.S.C § 107.  A recent case of North Jersey Media Group, Inc. v. Pirro[ii], where Pirro publish a photograph which was copyrighted work of Thomas E. Franklin of North Jersey Media Group Inc. (NJMG) on Facebook. NJMG got that image registered with U.S. Copyright Office. However, on account of Pirro Fox news Pirro combined that image with another and posted the same on that account. NJMG filed a copyright infringement suit against Fox News and as usual Fox News soughed defense under fair use. The Southern District Court of New York rejected Fox's argument and held that merely adding a "Hashtag" and making small alterations to the image is not sufficient. In other words, the picture failed to create new insight and understanding for the audience and cannot claim warrant protection under fair use.

    The case was referred for appeal and Fox appealed to the court for "Context-Sensitive Test" and argued that social media platform is a community to share ideas and this environment is in itself a transformative expression. Also, denying social media users the right to fair use will curtail their right of expression. But, unfortunately, the thought stands still as the parties resolved the matter amicably before the court.

    A similar case was filed by a photographer Kai Eiselein, where he filed the case against BuzzFeed for infringement of his copyright for an image he posted on Flickr[iii]. BuzzFeed uses his image in an article without his permission and the issue regarding fair use principle remain unanswered in this case as well.

    These cases have the ability to highlight the potential difficulty when the law tries to balance the copyright owner's right and the freedom of expression of social media users.

    UAE is at par with other countries and imposes stricter punishments for copyright offenders of social media content, as recently a case filed against a teenage girl who posted a picture of her friend without taking her or her family's permission on one social media website. The parents of the girl filed a case against her for posting their daughters photograph. The defendant girl argued that she posted the picture with her friend's consent. However, upon discovering the truth the, family tried to take down the case and court rejected for reconciliation considering the seriousness of electronic crimes in the country.

    The case went to the court of the first instance, where defendant girl failed to prove the consent given to her for posting such picture and was held liable for the crime and was sentenced under Article 378 of UAE Penal code for violating someone's privacy. The case is now presented in the court of appeal, and the judgment is still pending. However, any copyright infringement cases in this regard are yet to come in public domain. It is an established fact that UAE laws are stricter when it comes to assault to privacy or electronic crimes and law provides strict punishments for the offender irrespective of the age and nationality.

    #New Era New Needs

    Keeping in mind the pace of technological advancements around the globe and the social media content countries are either making amendments in the prevailing law or implementing new law for protecting the rights of copyright owners for content on social media websites.

    The Digital Millennium Copyright Act (DMCA) of United States provides a mechanism for owners of the copyright to protect their social media content. Under the law, the copyright holder holds a right to notify the Internet Service Provider(ISP) or the Online Service Provider (OSP), once he becomes aware of the infringement. Also, the ISP allows the copyright holders to request for removal of the content, as under Section 512 of DMCA, ISP must remove the copyrighted work post receiving the notification from the copyright holder.

    European countries were the first to sign the Berne Convention for protection of Literary and Artistic Works. Additionally, copyright law in Europe is implemented through directives- the legislative acts of European Union. Since the European Union follows common law and others civil law, there is no specific approach for all and the Intellectual Property directives provide the rules for regulating online content and their copyright issues.

    In 2010, United Kingdom passed Digital Economy Act (DEA) for protecting and regulating online content on social media websites. DEA provides exclusive power to the government to limit and/or terminate internet services to copyright infringers. Alike, U.S. the DEA requires holders of copyright to inform the potential infringement of their rights.

    UAE Cyber Crimes Law promulgated by Federal Law Number 5 of 2012 (the Cybercrime Law)penalizes the offenders of privacy on the internet including the social media websites. UAE Penal Code implemented under Federal Law Number 3 of 1980 punishes the offender who transmits someone else's pictures without their prior consent and requires the defendant to prove beyond reasonable doubt the presence of consent. Also, the Federal Law Number 7 of 2012 concerning the Copyright Law prohibits the users to share any picture of the third party without their consent. UAE government has also passed several guidelines for the public as well as governmental authorities for social media usage such as, in 2011 UAE government passed certain Guidelines for Social Media Usage for UAE government entities, also Telecommunications Regulatory Authority (TRA) passed guidelines for the public at large

    It's time for the international law to cross the international territorial boundaries like the international reach of this social media content. Country-specific laws protecting online content will no longer be able to protect the author's work. Due to rapid change in the technology, the need of the hour is international treaties and laws for protecting the digital content of a copyright holder sitting in different part of the world.

    Before I Sign out

    In this era of technology, the copyright and other laws are blurry and are insufficient to protect the online users completely. The law is required to adjust itself quickly to frame some guidelines accepted worldwide. Under any copyright law, ignorance is never an excuse. Therefore, a copyright infringement without actually knowing its original owner is an infringement. The only remedy available with the copyright holder is to get the content removed, especially in the cases where the contents are used commercially. So, clear your doubts and know your legal rights before sharing your personal life on social media.  

     

    [i]Patrick Cariou v. Richard Prince 714 F.3d 694 (2013)

    [ii]74 F. Supp. 3d 605 (S.D.N.Y 2015)

    [iii]Eiselein v. BuzzFeed, Inc No. 13-13910 (SDNY June 2013) 

     

    ]]>
    Tue, 24 Apr 2018 11:45:00 GMT
    <![CDATA[Securitization: UAE and Global Overview]]> Securitization: An Overview

    Introduction

    Securitization is a powerful financial tool that renders possible the profitability of illiquid assets. We all agree that securitization contributed to the 2008 Financial Crisis, demonstrating how this powerful business instrument is a double-edged sword: it is capable of both boosting and devastating an economy. The United States also commonly known as an unchallenged leader in securitization markets. However, much of the current activity is happening in the Middle East, including the United Arab Emirates, where the new wave of securitization markets is emerging.

    Definition

    Through this financial process, several illiquid assets are packaged into pools and transformed into securities. The third-party investors in a secondary market then purchase these securities or their related cash flows. In other words, the security interests in the pool are sold to investors. The process enables the conversion of an asset or a group of assets into marketable security. In this article, I aim to offer a comprehensive explanation of the nature of the underlying holdings of securitization, the function of Special Purpose Vehicles, regulatory responses to securitization after the financial crisis, and the impact the economic process has had on different markets.

    An example of an illiquid asset is a debt instrument, which the originator (such as a bank) executes with numerous obligors (such as individuals who have a mortgage with the bank). These assets, which are into pools, can be various types of contractual debt (generally home equity mortgages) such as residential mortgages, commercial mortgages, auto loans, credit card debt obligations (or other non-debt assets which generate receivables). We combine these assets with other homogeneous assets, such as other mortgages issued on significantly similar terms, to form a pool. Then, they transfer it to trust or the Special purpose vehicle (SPV) which is the securitization vehicle. The company will sell the security interests to investors. They give the funds so raised to the Intermediary or Originator in consideration for the transfer of the assets.

    It is important to note that the vast array of asset varieties and the creation of liquidity for an illiquid asset makes securitization a powerful and practical financial tool. Furthermore, a pool of securities can be divided and sold to different investors based on the risk level these investors wish to adopt. If they are willing to take on the risk of mortgages that may or may not be paid off, then they will purchase the higher risk part of the pool. If they are not willing to take on such risk, they will buy the lower risk part of the lake.  Regarding value, mortgage-backed securities (MBS) dominate the global market, while asset-backed securities (ABS) feature steady growth rates.

    Benefits of Securitization

    The securitization process offers many essential benefits to participants. In this vein, it allows the originator to do the following things:

  • It will enable the transformation of an illiquid asset into a liquid financial instrument, thus setting up future revenue.
  •  It enables borrowing at a better rate given that the risk premium demanded by the investor is proportionate with the underlying pool of assets.
  • It improves balance sheet management with reduced leverage and gearing ratios by removing risky assets from its balance. It permits the use of capital to support loan writing and investment.
  • The prepayment risk of the underlying assets is after that on the investor.
  • It eliminates exposure to credit risk or the administration of the asset.
  • The originator gains access to a broader banking/investor base in the financial markets.
  • Securitization will benefit the investor in the following ways:

  • It enables the securities to obtain excellent credit ratings given that deals can entail credit enhancements.
  • The yields offered by securities exceed those on comparable corporate bonds.
  • The securities are liquid.
  • It is an investment in a diversified pool. Investors will prefer to hold a portion of a pool of risky assets than a single risky asset.
  • I.  Mortgage and Asset-Backed Securities (MBS)

    Categorically, the division of assets is in two categories being mortgage-backed securities and asset-backed securities. The form of a securitization backed by mortgages is called mortgage-backed securities. It comprises three central types:

  • mortgage pass-through securities
  • stripped MBS
  • collateralized mortgage obligations (CMO)
  • The fixes or floating rate mortgages sponsor these securities. An investor will purchase shares in a pool of mortgages, and receive a cash flow which basis on the features of the underlying mortgages such as principal amount, interest and payments made before the lease.

    Moreover, a stripped MBS is derivative mortgage security. The division of principal amount and interest is so segregated in such a way that the price of each investor is different from the other. There is a possibility of a stripped MBS which the companies structure in a way that there is an interest-only investor class and a principal-only investor class.

    Lastly, in a CMO, whole mortgages funded by debt issued in different tranches are purchased by the securitization vehicle. After that, there is a redistribution of Cash flows from the assets to different tranches. The principal and interest received by the securitization vehicle are used to pay attention to each branch. It creates different risk/yield relationships between investor classes by taking the mortgage (a single class instrument) and creating multi-class instruments. This type of mortgage-backed securities has developed immensely and has been the subject of considerable levels of financial re-engineering.

    II.  Asset-backed Securitizations (ABS)

    Asset-backed securities are securitizations backed by non-mortgage assets. These include (but are not limited to) the following:

  • automobile loans and leases
  • credit and department store charge card
  • computer and other equipment leases
  • accounts receivables
  • legal settlements
  • small business loans
  • student loans
  • home equity loans and lines of credit
  • boat loans

  • franchise loans
  • timeshare property loans

  • real estate rentals
  • whole business securitizations
  • Another vital perspective to consider to understand the securitization structure is the idea of credit enhancement. It is the way or strategy to enhance the procedure for assessment of a securitization exchange, as recommended by a credit rating agency keeping in mind the end goal to draw in financial investors for investing in these assets.

    Special Purpose Vehicles (SPV)

    SPV are subsidiary companies of a parent company, who provide an alternative mode of financing transactions. Given that there is the complete protection of assets from the actions of their parent company, they curb the financial risk to the property of the SPC. These vehicles play an indispensable role in the operation of global financial markets. The allow investors and businesses to raise capital, securitize assets, share risk, reduce tax and carry out activities without any chance (or at least not as significant a threat as would usually be the case). SPCs provide limited liability for shareholders, they can choose to operate on separate balance sheets than their companies ("off-balance sheets"), and they serve on these free balance sheets instead of recording transactions in the name of their parent companies. Following are the commonly used SPVs for the operations:

  • Securing projects from financial, commercial or operational failures
  • Securitizing Loans and Receivables. For instance, governments set up SPVs to fund their projects and the SPC entity enables the channeling of funds for projects in different areas.
  • Transfer of Assets: upon the transfer of assets to SPC, they become unidentifiable. As a result, it protects the firms in the event of bankruptcy or liquidation. This invulnerability has led courts to rule that there is a link between SPC assets and funds with the originating company.
  • Regulatory and Compliance: SPVs avoid regulation and compliance protocols since they can be set-up within orphan-like structures.
  • Financing and Raising Capital: They can be used to finance new projects without increasing costs or altering the shareholding structure. It makes them particularly useful for financing aircraft, power and infrastructure projects.
  • Global Aspect of Securitization

    In UAE

    Securitization also allows a company to deconstruct itself by separating highly liquid assets from the risks in association with the transaction. These assets are then used to raise funds in the capital markets at a lower cost, and a lower risk than if the company had grown funds directly (by issuing more debt or equity). The company will then retain the savings generated by these lower costs.

    In the United Arab Emirates, the company establishes a system of Islamic Securitization. It is a legal structure which replicates the economic purpose of a traditional asset-backed securitization structure and satisfies the requirements of Islamic Finance. The terms Al-Task and Tawriq are the terms used for securitization under Islamic Law. Given that most Islamic financial principles basis its concept of asset-backing, securitization fits particularly well with Islamic Finance.

    Conventional securitization, which originated in non-Islamic economies, involves interest-bearing debt. BY holding contingent claims on the performance of securitized assets, investors get entitled to pre-determines interest as well as the principal amount initially paid. However, Islamic finance principles prohibit profit from debt and speculation. Thus, the issuance of interest-bearing debt securities with a secured redemption conflict with Islamic financing principles. Despite the fact that securitization under Islamic Law bars interest income, the company structure it in such a process that it rewards investors for their direct exposure to business risk. Underlying securitization assets which do not comply with Sharia Law principles cannot securitize in the market.

    In the United Kingdom

    The UK is Europe's Largest Securitization Market, with issues worth approximately US Dollars 26 billion in 1999. The first asset class securitized in the UK are private mortgage loans. Subsequently, the market has expanded significantly to include credit card receivables, other consumer loans, lease receivables and whole business securitizations whereby the securitizations is on the entire future receivables of a company. In the UK, there is a continuous introduction of new asset types and structures.

    In Germany

    Germany market is not significant as the US. However, the ABS market in Germany has grown steadily since 1995. Housing loans, credit card receivables, and consumer loans are commonly the subjects of securitization processes in Germany. In mid of 1997, the German Bank Regulatory Office published a guideline allowing relief from capital adequacy requirements for banks if they meet the specific criteria. Since then, not only corporations but also banks have securitized many assets. In the past, traditional ABS transactions were based mainly on mortgage loans (residential and commercial), trade receivables, lease receivables and customer loans. Today, all kinds of assets can be securitized provided they are separable, transferable, pledgeable and free of objections.

    In Asian Region

    The Asian crisis has caused the securitization market in Asia to slow down. From properties to salaries, the market was continuously searching for new assets to securitize. The market was booming, as it was continually looking for innovative ways to overcome its legal, tax and accounting issues. But the market's collapse in 1997 drastically slowed down securitization's development process in the region. The market started to recover in 1998, and in total, four big deals were completed: in Hong Kong, Taiwan, Korea and an Asian Basket Deal (a CBO). 1999 saw a significant increase in activity focused on North Asia. Given that the central issue in the Asian market remained that of attracting investors, the focus in that region has been on credit enhancements and risk repackaging.

    Conclusion

    On the whole, securitization is a powerful financial tool that constitutes a significant part of today's global generation of profit. Given that securitization's abuses contributed to the global financial crisis, its regulation is critically important. US and European post-crisis regulation responses are insufficient. For achieving a more systematic regulatory framework, existing law will have to supplement.

    ]]>
    Tue, 24 Apr 2018 10:27:00 GMT
    <![CDATA[Are You App Safe?]]> Are You App Safe?

    "People have forgotten this truth," the fox said. "But you mustn't forget it. You become responsible forever for what you've tamed. You're responsible for your rose." 

    - Antoine de Saint-Exupéry

    It was in the land of far away, and serenity paraded green landscapes, flowers, dew, rain showers and lakes. Not long ago, far away was just an abstract thought; however, the phrase 'the world is a small place' holds more truth to it now than one could have ever anticipated. A lot of this accredits to the multitude of technological advances. While the debate revolving whether technology is an opportunity or an obstacle is endless, its influence in developing communication platforms is undisputed.   The revolution from carving pictures on stone walls to writing letters and posting them has taken its due course but with the technical advances coming into play, every other decade now brings with it a new medium of communication. Laptop, the compact version of a desktop is now considered sizeable as compared to sleek, smartphones and tablets which these days come along with the new 'in thing' – applications or as commonly referred to as apps.    Apps, by default, have become a necessary and indispensable part of every user's routine ranging from waking up to your choice of alarm tone in the morning, calculating total steps walked in a day, shopping online for groceries or spending hours crushing colorful candies. Dependency has overshadowed convenience.    Harmonizing law and technology isn't always a smooth process since new technical advances not only make the old methods obsolete but also outdated the law regulating it. Hence, it wouldn't be wrong to state that legal amendments need to be in order to be consistent with the rapid pace of the technology.     Doctrine of Caveat Emptor    The doctrine of caveat emptor is a legal maxim that clothes the warning 'Buyer Beware.' It has seeped in and permeated every legal and judicial structure acting as a guideline pointing towards the liability of a customer and reasonable use of his rationality before using a particular article or service.    The concept of Caveat Emptor has been in use over the centuries and has undergone its fair share of changes. Traditionally, courts distinguished between the sale of specific goods, capable of physical examination being by the buyer and also; sale of unascertained goods where the buyer was compelled to rely on the seller's description. While the former enquired into the purchaser's onus strictly, the latter was the exempted from it. This categorization was acceptable in an age where the commodities were relatively simple. However, over the past few decades the economic relationship of buying and selling has been reformed, and presently the strict liability of the buyers has been done away with by restricting it with the specified exceptions:   o    Implied conditions imposed on quality or fitness o    Sale of goods by description o    Usage of trade o    Consent by fraud o    Sale under a patent or trade name o    Sale by sample o    Misrepresentation   Mobile Apps and the concept of Caveat Emptor    "Do you trust this app?"   "Please permit the app to access audio and camera."   "Please enable the location services."   Homo sapiens may have invented everything required for their survival, but even they don't possess the ability to add a 25th hour in a day. There is always a shortage of time for anyone and everyone and amidst this shortage spending a few minutes to read conditions before permitting an app to use all our confidential information seems like a Herculean task.    Apps like Facebook and Snapchat are primarily based on making the location of its user's public clothed with fancy terms like status updates and check-in. Moreover, the world is now inhabited by animals called pokémons; some fly in the air while some breathe fire owing to the latest vogue Pokémon go which went on to become the most popularly downloaded app in the world within a few days of its launch but at what price? It not only tracks user's location but also their email and browsing history. A person can now order anything from clothes, books, kitchen appliances to furnishings without so much as raising their head from their smartphone. Health apps are readily available not only for lifestyle tips but also to diagnose symptoms, measure heart rate, blood glucose level, sleeping pattern, etc.    With easy access to technology and rapid increase in innovations, creating apps and making them available to the masses is a bed of roses but roses are invariably accompanied by thorns. Mobile apps can be considered an extension of offered goods and services. Higher the use of apps, higher is the chance of negligence.   It's not uncommon these days to find headlines reporting delivery of faulty products bought online, thefts based on knowledge derived from check-ins, wrong diagnosis and disclosing confidential information of an app user to other marketing companies which raise the question of whom would the ultimate responsibility fall upon? Are app users covered within the ambit of the doctrine of caveat emptor?   The important aspects in determining this answer lie in analyzing:   o    The purpose of the app o    The guidelines provided in the app o    The permissions granted by the user o    The nexus between cause and effect leading to negligence.   App development today is relatively easy, but a robust App platform that can keep pace with future developments, comply with international guidelines (including App Store guidelines) is imperative. App developers are also required to submit documents stating the purpose of the app, version information, and details regarding its interface along with obtaining certified permissions.    However, these regulations are not exhaustive and are completely controlled by private smartphone companies. Therefore, despite these regulations, the Apple's App Store alone boasts close to over 2 million Apps designed for the iPhone and iPad whereas Google's Google Play has nearly more than 2.2 million Apps making the app market a billion dollar industry.    In a recent case, Maynard v. McGee & Snapchat Inc. it was alleged that when a distracted driver caused an accident in order take his selfies with the speed filter, Snapchat Inc. was accountable as it encouraged its users to drive at excessive speeds. An analysis of this case suggests that Snapchat could devolve its responsibility by merely affixing a warning with the speed filter.   App creators of 'Pokémon Go' have repeatedly been blamed for the rising death toll and for placing Pokémons in dangerous milieus, and as a consequence, a warning pops up the minute a user opens the app asking them to be careful of their surroundings thereby shifting the responsibility to the players. They have publically defended themselves by comparing their application to automobiles which once transferred would abolish them from any liability in the instance of negligent driving. So, the next time a person falls off the cliff while catching a magical creature, it would be his fault.    Third-party responsibility   Ordered something online and then regretted it?    Digital Platforms like Amazon and ShopStyle pride themselves in being a handy tool that enables a user to shop varied products on the go from any place at any time by putting in the effort so much as moving a few fingers. However, what one fails to realize is that in the case of a defect these apps are indifferent and the blame game swings between the third party retailers listed on the app and buyers.    These platforms ensure their safety from any liability. The terms and conditions for Apps set out precise information by providing all information, content, materials, and products (collectively the Data) available on the Apps. They further clarify that such Data is 'classified' on the basis of "as is" and "as available basis" and any material or service accessible to the user by accessing the app would expressly be at the sole risk and consequence of the user. These apps, therefore, advantage from a blanket protection while the third parties become liable.   The provision of third-party responsibility has opened doors to numerous lawsuits regarding the extent of accountability of the retailers advertising and selling their merchandise with the help of these apps as the retailers contend that apps fail to specify the details of their products accurately consequently harming the consumers.    Guidelines and regulations   The provisions of the Universal Declaration of Human Rights have influenced various national Constitutions which have been amended to recognize the responsibility of the State in protecting and safeguarding the interests of the consumers. Different countries have established their regulatory departments like the FDA that overlook the quality and standards of the products made available to the masses.   These departments lay down the guidelines that govern health apps which diagnose symptoms of its users and provide consequent medical consultation. However everyday apps offering services like online shopping, gaming and transportation remain widely unregulated and unconfined. Hence, creators of health and fitness apps, have higher responsibility owing to the sensitive matters they deal with as compared to other apps.    Conclusion                   The modern free society is built on principles of liberty, and personal liability and every individual prefer to be accountable only for his or her action. Humankind has over the centuries struggled to gain independence but the flip side of freedom is responsibility, and such accountability in no circumstance can be eluded.    The evolution of phones from basic devices used for making and receiving calls to being 'smart' has been considerably accredited to apps which now are considered nothing short of a man's extended personality. Gone are the days when playing was used in the context of outdoor sport, people of every age today are engaged in collecting cards to clash, crushing candies or surfing the subway with the help of user interface. These apps are on their way replace local markets, dictionaries, and even the weatherman!    Since buyers and sellers are now more closely related than ever, people need to be aware of the good and services they access, and hence the doctrine of 'caveat emptor' retains significant importance.  However, a shift has been observed in the judicial thought from caveat emptor to caveat venditor which literally translates to "let the seller beware". It directs responsibility towards the sellers keeping in sync with this age of consumer protection, but it can only be justified when there is a disproportion of power between the contracting parties as it completely contradicts the principle of laissez faire.   Unfortunately, modern legislation continues to remain highly ambiguous regarding the applicability of both caveat emptor and caveat venditor in the case of apps despite them transforming us into digital denizens. As a consequence, there is no straight jacket formula or a particular platform except filing suits in a court of law for settling disputes regarding transactions between parties over these apps.   It's high time that lawmakers caught up with the creative heads of the world as I sit and ponder how Romeo and Juliet's fate would have turned out if they could what's app each other while dismissing another reminder on my phone to drink water.    This article was principally authored by Aashima Sawhney with help of others in STA's Technology, Media and Entertainment Team       ]]>
    Mon, 31 Jul 2017 08:00:00 GMT
    <![CDATA[Dubai Data Law: Let’s share!]]> Dubai Data Law

    In October last year, Dubai introduced the new 'data law' which will allow the sharing of information between public sectors and for the benefit of the private sector. This Article aims to understand the concomitants of such a move.

    Remember that time when a dial-up icon popped up on your screen at the time you logged into the internet connection and had to wait for the system to be connected to LAN? In contrast, all you need to do today is switch on your computer and it is automatically connected to the internet. In the coming years, technology is anticipated to be more intelligently integrated into our lives than it is today. Specialized software and sensors will be used to track resources, respond to the crime or take constant vital signs.  In the words of technology maker Vint Cerf, 'it is almost as everything will be connected to everything.' The inherent risks that such wide exposure will pose to the public, in general, cannot be denied. But when the risk is compared to the magnitude of benefit the economy will have, it appears that the decision makers will be willing to take the plunge.

    In 2013, Obama's 'open' data policy saw a major breakthrough as the White House issued the Executive Order for open and machine-readable government data thereby instilling a sense of transparency in government actions. In 2014, the President's assent was concluded for the enactment of Digital Accountability and Transparency Act 2014 (US Data Law). 

    The general principles under Section 1 of the Executive Order provide the germane frame of reference for implementation of the Executive Order. It states as under:

    "Decades ago, the U.S. Government made both weather data and the Global Positioning System freely available. Since that time, American entrepreneurs and innovators have utilized these resources to create navigation systems, weather newscasts and warning systems, location-based applications, precision farming tools, and much more, improving Americans' lives in countless ways and leading to economic growth and job creation. In recent years, thousands of Government data resources across fields such as health and medicine, education, energy, public safety, global development, and finance have been posted in machine-readable form for free public use on Data.gov. Entrepreneurs and innovators have continued to develop a vast range of useful new products and businesses using these public information resources, creating good jobs in the process." 

    'Open data' and need for its encouragement in the wider context

    Open data means such information which may be available in a defined format for the use, re-use, and benefit of the people. An understanding of the US concept of which data will be open data, required fulfillment of the following:

  • The data should be PUBLIC. This means that subject to applicable and legislative restrictions the data should be available publicly on a platform.
  • The data should be REUSABLE which means that there will be an 'open license' on the data with no restriction on the use and should be non-proprietary. 
  • The date should be ACCESSIBLE which means that the format in which data is provided or published should be retrievable, downloadable and capable of being searched appropriately. To the extent possible, the resources should use granular metadata, data dictionaries, and characteristics of data.
  • As economies are getting more technologically adept, the concept of open data is expected to promote efficiency, interoperability, accessibility, accuracy and economic development wherever legally permissible.

    Imagine the use of such data for monitoring public utilities, understanding the trends relating to utility consumption, managing traffic issues. Open data can provide deeper significance in understanding healthcare innovations, markets trends on commodity consumptions, education trends for starters. Advancements in the field of science, healthcare, and education are more palpable when inferred from an inspiration. Relying on Wikipedia, the idea of software giant Microsoft was born when Paul Allen showed Bill Gates a publication on Altair 8800- a supercomputer.  This concept of 'open date' has gained much acceptance for innovators in technology, as there has to be the reasoning for Facebook and Google to provide 'open source' for its artificial intelligence (AI)  hardware computing design.  These companies do not procure hardware from suppliers like Dell or HP but have inspired themselves to be self-efficient for their hardware needs. Now, with the 'open source'AI, although countless other factors will play the key role, yet this inspiration would be multiplied.

    What does the new law mean for Dubai?

    As it stands today, the new law will be applicable to Dubai rather than have a federal application.

    For starters, the new law provides for 'data sharing' or 'open data' concept rather than 'data protection per se. The scope of such distinction is beyond the purview of the article. The new law is a well-conceived move to making Dubai a SmartCity in coming years.

    Dubai has evolved and is set to evolve more drastically by 2021. The rulers have the vision to make Dubai a SmartCity for which a committee has been formulated to oversee the physics in making dreams a reality. In 2013, the number of tourists in Dubai was a whopping 11 Million. The city offers state of the art infrastructure and services.

    The aim of SmartCity initiative is then to capture data, integrate the same and provide seamless services in major sectors including safety, travel, health, and education. Dubai's smart city strategy includes over 100 initiatives and a plan to transform 1,000 government services into smart services. The project aims to encourage collaboration between the public and private sectors to achieve targets in six 'smart' focus areas: smart life, smart transportation, smart society, smart economy, smart governance and smart environment. The strategy relies on three basic principles: communication, integration, and cooperation.

    Challenges? Considerations?

    With any concerted move, it is only wise to take into consideration the latent risks or challenges associated with such a move.  One such key challenge to the data law will be the protection of privacy and sensitive data. Perhaps the implementation of a 'data protection law' needs to be contemplated. The new law needs to have directives and guidelines with clear objects on each challenge that the policy may face in coming years. While many may construe the above as a soup spoiler, such challenges have only been real and existent in the past. If the policymakers rely on the examples of nations that have tested 'open government data' models, the pattern of these challenges could be mitigated to great extent.

    For instance, in United Kingdom data.gov.uk provides for open government data. A survey by Direct Line Insurance in 2011 found that 11% of respondents[1] claim to have seen but not reported an incident because they feared it would make it more difficult to rent or sell their house. In another incident, the reported crimes for Surrey Street were 136 for 2011 while actual incidents were only two. [2] It, therefore, infers that policymakers will have to adopt much careful approach than it can be visually thought of to offer the seamless services that they have envisaged. If these hurdles can be well mitigated and Dubai is able to tread on the data sharing and smart city initiative, a better quality of life is around the corner no doubt.

     

    [1] http://spatial-economics.blogspot.co.uk/2011/07/crime-nudge.html

    [2] As reported by the Guardian magazine

     

    ]]>
    Mon, 11 Apr 2016 02:00:00 GMT