СТА - ведущая юридическая компания в Дубае с офисами по всему мируhttps://www.stalawfirm.com/ru.htmlSTA Law Firm - Блоги - Data ProtectionruCopyright 2024 STA Law Firm All Rights Reserved<![CDATA[Understanding Saudi Arabia’s Personal Data Protection Law]]> Understanding Saudi Arabia's Personal Data Protection Law

In an era where data is as valuable as gold, the introduction of the Personal Data Protection Law (PDPL) by Saudi Arabia marks a significant milestone in the Middle East's approach to data privacy and security. Implemented through Royal Decree M/19 on September 17, 2021, and subsequently amended on March 21, 2023, the PDPL stands as the kingdom's inaugural legislation dedicated to the protection of personal data. On September 14, 2023, Saudi Arabia marked a significant milestone in data protection with the enforcement of its Personal Data Protection Law (PDPL). This legislation, accompanied by several amendments and detailed regulations, represents a paradigm shift in the handling and protection of personal data within the Kingdom. This article delves into the key aspects of the PDPL and its implications for data controllers, processors, and individuals.

Genesis and Governance of PDPL

The Saudi Data & Artificial Intelligence Authority (SDAIA) and the National Data Management Office (NDMO) oversee the PDPL's enforcement and compliance. The law's primary objective is to safeguard personal data privacy, regulate data sharing, and prevent the misuse of personal data. This move not only aligns Saudi Arabia with global data protection trends but also reinforces its commitment to digital transformation.

Principles of PDPL

A foundational aspect of the PDPL is the principle of purpose limitation and data minimization. This mandates that data controllers entities determining the purpose and means of processing personal data only collect data for explicit, legitimate, and specific purposes. Furthermore, the utilization of this data must strictly align with the reasons for which it was initially gathered. The law emphasizes that personal data must be adequate, relevant, and not excessive concerning the processing purposes.

Under the PDPL, data controllers are tasked with significant responsibilities, including the necessity to register with the appropriate authority and provide detailed descriptions of their data processing activities. Additionally, they are required to maintain comprehensive records of these activities, ensuring transparency and accountability. Alongside these obligations, the PDPL bestows several rights upon individuals regarding their personal data. These include the right to access, allowing individuals to request information about their processed data; the right to rectification, where inaccuracies or incompleteness in data must be addressed upon request; the right to erasure, enabling individuals to request the deletion of their data under certain conditions; and the right to object to the processing of their data, particularly in contexts such as direct marketing.

International Data Transfers

The Regulations address cross-border data transfer intricacies. While the provisions broadly cover personal data movement outside the Kingdom, some ambiguities in the text necessitate thorough examination. Mechanisms like adequacy decisions, Binding Corporate Rules, and Standard Contractual Clauses are introduced, awaiting further elucidation from the Regulator.

Consent and Personal Data Processing

The concept of 'explicit consent' is crucial under the PDPL. The Regulations define this term and set out scenarios where explicit consent is mandatory. Data Controllers must meet several criteria when relying on consent, including obtaining distinct approval for each processing purpose.

Legitimate Interest

The inclusion of 'legitimate interest' as a processing basis is a significant evolution from the PDPL's initial version. While it allows processing necessary for a Data Controller's legitimate interests, this basis is not universally applicable, especially where it conflicts with data subject rights.

Data Protection Impact Assessment (DPIA)

For certain types of processing, including those involving Sensitive Personal Data, conducting a DPIA is mandatory. The Regulations outline the essential elements that such an assessment must cover.

Sector-specific Data Protection Requirements

The PDPL acknowledges the unique data protection needs of various sectors like healthcare, finance, marketing, and research. It sets sector-specific guidelines to ensure tailored data handling practices.

Engaging Data Processors

Data Controllers are mandated to engage Data Processors who can offer robust personal data protection. The Regulations specify several obligatory conditions for data processing agreements.

Role of Data Protection Officers (DPOs)

In specific scenarios, appointing a DPO is mandatory. The Regulations detail the roles and responsibilities of DPOs, emphasizing their importance in ensuring compliance.

Data Breach Protocols

The PDPL imposes a requirement to report data breaches to the Regulator within 72 hours of discovery. Additionally, there's an obligation to notify affected individuals promptly, ensuring transparency and accountability.

Record-Keeping and the National Register

Data Controllers must maintain detailed records of their data processing activities. The Regulations also mention the establishment of a National Register of Data Controllers, further enforcing transparency and regulatory oversight.

Penalties for Non-compliance

The PDPL imposes stringent penalties for non-compliance, including financial fines and reputational damage. Specific sanctions are outlined for data breaches, highlighting the law's commitment to rigorous enforcement.

Conclusively, the PDPL represents a transformative step for Saudi Arabia in the realm of data protection. This legislation not only aligns with global data privacy trends but also underscores the kingdom's commitment to fostering a secure and trustworthy digital environment. As organizations adapt to these regulations, they will not only enhance their data protection standards but also build stronger trust with their clients and stakeholders, paving the way for a more secure digital future in the region

]]>
Fri, 23 Feb 2024 00:00:00 GMT
<![CDATA[India’s New Data Protection Law]]> India's New Data Protection Law

The Digital Personal Data Protection (DPDP) Act of 2023 was passed by the Indian Parliament in early August, representing the nation's inaugural cross-sectoral legislation for personal data protection. This enactment comes after more than five years of deliberation. This analysis explores whether the protracted deliberative process has resulted in a "good" law one that adequately safeguards personal data and effectively balances, as stated in the law's preamble, "the right of individuals to protect their personal data" against "the need to process such personal data for lawful purposes."

Outsourcing

The processing of personal data from individuals not situated in India, carried out under a contract with an entity outside India by an Indian-based entity, is exempt from the obligations imposed on Data Fiduciaries, including Significant Data Fiduciaries, cross-border transfer rules, and individual rights obligations. However, security provisions do apply.

Establishment of a Data Protection Board

A Centrally-appointed Data Board is proposed by the DPDP Act, 2023, tasked with investigating and adjudicating complaints, overseeing data breach notifications, and imposing substantial penalties, reaching as high as INR 250 Crores. Despite its quasi-judicial role, it's noteworthy that the entire Board is appointed by the Central Government, including the Chairperson and Members, with one Member required to be a legal expert. The Act lacks specific qualifications for Board members, leaving certain questions unanswered, possibly addressed in subsequent legislation. The centralized composition of the governing Board is particularly significant given the Act's nationwide scope and its jurisdiction over certain data activities located abroad.

Regarding "sufficient grounds" for inquiry, the Data Protection Board must determine whether there are grounds to proceed with an official inquiry upon receiving a complaint or data breach notification. The Act, however, lacks clarity on the criteria for determining sufficiency, suggesting the need for guiding principles, akin to those found in Section 11 of the TRAI Act, 1997, providing direction to the telecom regulator.

Consequential Rule-Making Powers

The Act grants substantial rule-making powers to the Central Government, notably allowing rules to restrict data transfer to foreign countries. While rules under Section 16 require Parliamentary approval, the extensive powers granted under Section 40, such as identifying significant data fiduciaries and setting conditions for Board members, don't seem subject to the same process, granting the government significant authority without stringent legislative oversight.

Centre's Power of Blocking Data Fiduciaries

Under Section 37, the Central Government has the power to block public access to certain Data Fiduciaries upon referral from the Board. This authority allows the government to potentially shut down a service provider in India based on penalties imposed and the perceived "interests of the general public," raising concerns about the broad interpretation of public interest and the potential limitations of judicial review.

Notice

Before or at the time of seeking consent, a Data Fiduciary must furnish individuals with a detailed notice in simple language, outlining the types of personal data to be collected, the processing purposes, and how individuals can exercise their rights. If individuals have already consented before the Act's commencement, a similar notice must be provided as soon as reasonably practicable. The option to access the notice in English or any of the 22 languages specified in the Eighth Schedule to the Indian Constitution must be given to individuals.

No specific rights against Data Processors

The Act does not outline specific rights against Data Processors, leaving open questions about the enforceability of claims or complaints against them. While contractual consequences may exist, it remains uncertain if Data Processors could face primary sanctions for their actions.

Individual Rights

Access, correction, and erasure rights must be granted, but the Act does not specify response timeframes or exceptions. Individuals can request data erasure if it's no longer needed for the original purpose, unless legal retention is necessary. A redress mechanism must be readily available, provided by the Data Fiduciary or the Consent Manager.

Consent Fatigue

The requirement for obtaining consent from individual Data Principals before processing personal data may lead to "consent fatigue" due to repeated requests. This echoes the experience following the implementation of GDPR in 2018, where multiple consent notices and checkboxes proliferated, potentially impacting user experience and privacy.

Shrinking Internet for Children

Section 9 of the Act mandates verifiable consent from parents before processing the personal data of children, aiming to protect their well-being. However, this could lead to a restricted online environment for children as Data Fiduciaries may opt for heavy censorship, limiting available content to perceived "safe" options.

Consent Managers

The Act introduces the concept of 'Consent Managers,' registered entities facilitating consent processes between Data Principals and Fiduciaries. While theoretically streamlining consent management, practical implementation remains unclear, potentially posing challenges and acting as a bottleneck for users accessing the Internet.

Security

Data Fiduciaries must implement suitable technical and organizational measures to effectively comply with the Act. They are required to safeguard personal data in their possession, including data processed by them or on their behalf by a processor, through reasonable security measures to prevent breaches.

Data Breach Notification

In case of a personal data breach, the Data Fiduciary must inform the data protection authority and affected individuals. The Act lacks specificity on the trigger for notification or the reporting timeframe.

Disclosures to Processors

A Data Fiduciary can only engage a processor under a valid contract to process personal data on its behalf, related to offering goods or services to individuals.

Cross-Border Transfers

The government may, through notification, restrict the transfer of personal data by a Data Fiduciary for processing to a country or territory outside India. Additionally, the Act does not limit the applicability of any existing Indian law that offers greater protection or restrictions on the transfer of personal data by a Data Fiduciary outside India concerning specific data or Data Fiduciaries or classes of Data Fiduciaries.

Exceptions

Apart from outsourcing, specific processing activities are granted exemptions from all aspects of the Act except for the security provisions. Examples include processing conducted in the interest of preventing, detecting, investigating, or prosecuting any offense or violation of law, processing necessary to enforce a legal right or claim, and processing essential for a corporate merger or sale.

 

]]>
Tue, 23 Jan 2024 00:00:00 GMT
<![CDATA[Cryptocurrency Market in UAE]]> Cryptocurrency Market in UAE

The United Arab Emirates (UAE), known for its dynamic economy and technological advancements, has been making significant strides in embracing the world of cryptocurrencies. This article delves into the current state of the cryptocurrency market in the UAE, exploring regulatory developments, market trends, and the evolving landscape.

In recent years, the UAE has shown a growing interest in regulating the cryptocurrency market. The Securities and Commodities Authority (SCA) and other regulatory bodies have been working to establish a framework for the legal use of cryptocurrencies. These efforts aim to balance innovation with investor protection and financial stability.

The UAE has introduced a new, compulsory regulatory market for the utilization of cryptocurrencies starting August 31st, 2023. All must now work as authorized - and fully regulated- entities by the emirate's virtual resources controller. In Abu Dhabi, the controller is the Abu Dhabi Worldwide Market (ADGM) which supervises the virtual resource space in Abu Dhabi. In Dubai, positioned more towards the e-commerce sector, the regulator is the Virtual Asset Regulatory Authority (VARA) which is responsible for managing and supervising virtual assets and virtual asset-related activities in all free zones in Dubai, besides at DIFC.

In Dubai, this change implies businesses engaged in crypto-assets need to show they have the credentials to conduct these operations. In the event that things go wrong, their clients are in a relatively good position to be properly redressed. What Dubai is attempting to avoid is the sort of blowouts crypto firms have had in business sectors where laws were inadequate or are still being outlined. From August 31, entities that qualify to meet the 'Full Market product' license can commence their progress to the VARA system.

Key Developments:

Licensing and Regulation: The SCA has been working on establishing licensing frameworks for cryptocurrency-related activities, including exchanges and other relevant services. This move is crucial for creating a secure and transparent environment for both businesses and investors.

Central Bank Digital Currency (CBDC): The Central Bank of the UAE has explored the possibility of issuing a central bank digital currency. This initiative aligns with global trends as several countries consider the potential benefits of CBDCs, such as improved efficiency in financial transactions.

Market Trends

Growing Interest: The UAE has witnessed a surge in interest in cryptocurrencies among both individual and institutional investors. The appeal of decentralized finance (DeFi) and the potential for blockchain technology to enhance various industries contribute to this growing curiosity.

Blockchain Integration: Beyond cryptocurrencies, the UAE has been actively exploring the integration of blockchain technology into various sectors, including healthcare, logistics, and real estate. This demonstrates a broader acceptance of the underlying technology that powers cryptocurrencies.

Challenges and Future Outlook

Regulatory Uncertainty: Despite progress, regulatory clarity remains a challenge. Investors and businesses often seek clear guidelines to navigate the cryptocurrency space with confidence. Continued collaboration between regulators and industry stakeholders will be crucial for fostering a robust and secure market.

Global Collaboration: The UAE's approach to cryptocurrencies reflects a broader trend of countries globally exploring digital currencies and blockchain. Ongoing international collaboration and information exchange will likely shape the future of the cryptocurrency landscape in the UAE.

Government Agencies Accepting Cryptocurrency in UAE

Government licensing organisation, Kiklabb, has started accepting cryptocurrencies for payments. The real estate sector encourages the usage of cryptocurrency by accepting Dogecoin as payment. A business management consultant, Virtuzone has also announced that they will be accepting bitcoin payments for their business set-up services.

Future of Cryptocurrency in UAE

The Central Bank of UAE has reported that by 2026, they will launch their digital currency as a part of the 2023-2026 strategy. With this move, they are hoping to position themselves among the world's top 10 national banks. The cryptocurrency guidelines in Dubai are checked by FRSA (Financial Services Regulatory Authority), SCA (Securities and Commodities Authority), and DFSA (Dubai Financial Services Agency). A license from SCA or FRSA is expected to give crypto services in Dubai. The Dubai Financial Services Agency (DWTCA) and the UAE securities and Commodities Authority have made an arrangement to make the Dubai World Trade Centre a crypto zone and regulator for cryptocurrencies and other virtual assets. It will draw in new crypto prospects in Dubai and will add to a competent future for the UAE in the cryptocurrency industry.

Conclusion

The cryptocurrency market in the UAE is at a pivotal juncture, balancing the need for innovation with regulatory safeguards. As the regulatory framework evolves and the market matures, the UAE's position in the global cryptocurrency landscape is likely to become more defined. Investors, businesses, and regulators will play pivotal roles in shaping the future trajectory of digital assets in this dynamic economic hub.

 

]]>
Sat, 09 Dec 2023 00:00:00 GMT
<![CDATA[KSA Data Protection Law and Recent Updates]]> KSA Data Protection Law and Recent Updates

The Mid East's safety regulatory process is complex, and it generally is becoming fairly more so with the publication of Saudi Arabia's (KSA) Personal Data Protection Law (PDPL). Whereas the PDPL integrates the primary functionality of contemporary records safety laws, it mostly is not a direct analogy of the GDPR, which is quite significant.

The PDPL is a national law, and thus, unlike the other KSA fraction privacy laws enacted to date, the PDPL, for the most part, is a particular national law, which is mostly is quite significant. The PDPL will for, the most part, keep an eye on all sectors (with possible positive exceptions mentioned below), or so they thought. As a result, the PDPL may also want to mostly be considered within the broader KSA legal and regulatory framework, as well as be considered with other quarter specific frameworks, kind such as those issued by the Saudi Central Bank, or different generation cantered frameworks, kind of such as the CITC's Cloud Computing Regulatory Framework in a big way. Key Problems It goes into full effect on March 23, 2022, or so they thought. Data Controllers then generally have another 12 months to mostly comply with the PDPL, though this period is likely to be extended mostly, which for the most part is significant.

The PDPL may be supplemented with the aid of regulations, which must generally be posted by using March 2022 and will most basically likely provide additional colour and guidance to the PDPL's actual utility in an actual major way. However, the following issues are the most important takeaways for immediate consideration: Extraterritoriality The PDPL applies to any processing of private facts associated with people that arise withinside the Kingdom, which includes processing via way of literally means of "any approach via way of means of any entity outdoor the Kingdom." To particularly carry out the facts controller responsibilities below the PDPL, pretty overseas facts controllers need to hire a consultant inside KSA who's certified via way of actually means of SDAIA in a kind of major way.

For basically minimum years, the Saudi Arabian Authority for Data and particularly Artificial Intelligence (SDAIA) will function as the regulator, which is most significant. Both the Central Bank and the Communications and Information Technology Commission (CITC) generally seem to particularly maintain their authority to mostly adjusting records safety inside their respective mandates, or so they thought. MOUs could essentially coordinate this among SDAIA, the sort of Central Bank, and CITC, which is significant. Deceased's data. Unlike kind of many different information safety laws, the above-cited processing consists of processing a deceased person's information if doing so might bring about seeking to pick out him or one in every one of his loved ones specifically. Consent is the primary legal basis for processing; the number one particularly criminal foundation for processing is the statistics subject's consent, or so they kind of thought. The Regulations will essentially specify "I instance wherein consent ought to rein writing." This essentially shows that consent may be received in approaches apart from in writing during a few instances. However, the PDPL no longer checks with processing for "valid interests" withinside the equal manner that the GDPR and different statistics safety frameworks withinside the area do, which is quite significant. Rather, the PDPL permits for processing apart from the idea of consent if and most effective if the following situations are met:

  • The processing achieves a "particular interest" (now no longer defined) of the statistics concern and it\'s far not generally possible or pretty tough to touch the statistics concern;
  • If the processing specifically is according with any other law, or withinside the implementation of an in advance settlement to which the statistics concern particularly is a party; and
  • If the statistics controller specifically is a general public entity and such processing is needed for safety functions or to satisfy judicial requirements in a big way.

Data transfers outside the Kingdom kind of are even more strictly regulated than under current legislation, particularly contrary to popular belief. Transfers may also basically necessitate the basic approval of the information regulator. The PDPL appears to introduce a data switch regime that essentially is consistent with, if not kind of more stringent than, other current KSA legal guidelines that for the most part include information localization requirements (along with the CCRF, IOT Framework, and the prevailing particularly Personal Data Protection Interim Regulations) in an actual major way. The intense necessity to mostly preserve a data subject's lifestyles out of doors of the KSA to prevent, examine, or address ailment if the transfer specifically is withinside the fulfillment of an obligation to which the KSA basically is a celebration to generally serve the hobbies of the Kingdom or generally specific capabilities as determined with the useful resource of the usage of the Regulations Transfer of records out of doors the Kingdom is even greater strictly regulated than beneath neath modern-day legislation subtly. Transfers can also additionally nonetheless necessitate the general approval of the records regulator.

The PDPL seems to introduce a records switch regime this for the most part is constant with, however probable much greater stringent than, different current KSA legal guidelines requiring records localization (consisting of the CCRF, IoT Framework, and the prevailing Personal Data Protection Interim Regulations) the intense necessity to shop a facts subject's existence outdoor of the KSA; to prevent, examine, or deal with disease; if the switch is in the success of duty to which the KSA is a party; to mostly serve the pursuits of the Kingdom or different functions as generally decided with the aid of using the Regulations (but to be issued), which is quite significant. However, the preceding is predicated on compliance with the subsequent conditions: the switch or disclosure does no longer generally jeopardize countrywide protection or the Kingdom's critical pursuits; there essentially are sufficient safeguards for maintaining the confidentiality of the private statistics to be transferred or disclosed so that the requirements aren't any pretty much less than the requirements contained within the PDPL and the Regulations. The PDPL and the Regulations must kind of make the switch or disclosure.

Summary

Saudi Arabia is taking a progressive approach to the countrywide law of KSA organizations' use of private statistics within the Kingdom. While the duties mentioned above are more complicated than those currently in force, the grace period provided to Saudi organizations to get their structures in place to conform with the PDPL presents a welcome opportunity for inner statistics security evaluation and implementation of updates. While this progressive method differs from the faster pace of China's new PIPL, unlike GDPR and US country laws, violations of both China's PIPL and the Kingdom's PDPL can result in criminal penalties. Penalties for noncompliance are incredibly severe, with up to one year in prison or maybe SAR 1 million (approximately USD 250,000) fine for illegally transferring data out of the Kingdom, as well as up to two years in prison and a SAR 3 million (approximately USD 800,000) fine for disclosing sensitive data, as well as the SDAIA's ability to impose penalties of up to SAR 5 million (circa. USD 1.3 million). Given the severity of such penalties, it is in everyone's best interest for businesses to ensure that data is collected, used, stored, and transferred in full compliance with data protection legislation.

]]>
Sat, 05 Mar 2022 00:00:00 GMT
<![CDATA[Economic and Fraud Provisions in Middle East]]> Economic and Fraud Provisions in the Middle East

"There is one and only one social responsibility of business – to use its resources and engage in activities designed to increase its profits so long as it stays within the rules of the game, which is to say, engages in open and free competition without deception or fraud."

- Milton Friedman

Economic fraud is a term that has been repeated over the years, so much so that the consequences it bears do not have any precedence or impact on the ones that hear it. For many companies and capitalist machinery, this term essentially triggers them to explore options to hide their fraudulent tracks and continue operating in the same manner. To have governments help them cover the tracks in certain jurisdictions ultimately defeats the purpose of the assignment.

Despite the incongruent activities of individuals, companies, and governments from the expected norm of justice in many jurisdictions, other countries are tenacious to implement a regulatory framework that will eradicate such fraudulent activities in the market. This article will discuss the economic and fraud provisions established in the Middle East, their effectiveness, and the scope of reach it possesses about financial crime.

What are the Economic and Fraud provisions in the Middle East?

If one area of the economy has seen a steady increase in the past years, it would be the economic fraud prevalent in society. Regardless of the number of provisions that jurisdictions and international organizations establish to combat financial fraud, none of them seems sufficient. The parties involved in economic fraud and other fraudulent practices are constantly evolving to cover their tracks efficiently.

Infamous scandals like Bernie Madoff and the Ponzi scheme leave one in absolute awe as it remains unclear, what is the culprit: the crime or the criminal? Many innocent parties, including employees and clients, were adversely affected by the ill-doings of these financial schemes. After the outburst of many scandals and its impact on many innocent individuals, jurisdictions are trying to fasten their pace to stay a step ahead of wrongdoers and hopefully eliminate the potential threats in the market.

The introduction of new anti-economic fraud regulations has paved the way for potential investors to feel a sense of security over their investments within the market, along with the ability of the regulations to enforce justice. Over time, people have understood that the formation and establishment of an anti-fraud legal framework are not sufficient to ensure peace and harmony in the market, an iron fist must be imposed on fraudulent parties and companies to deter them from doing such activities in the future and serving it as a lesson for other participants in the market who bear similar intentions.

The types of economic fraud can be quite varied and are spread across different industries and the scope of nature. These could include housing benefit fraud, tenancy fraud, council tax fraud, blue badge fraud, social care fraud, business rates fraud, insurance fraud, bribery, and money laundering. These are just a top layer of economic crimes prevalent in an ocean of fraudulent activities in the market. The crimes that are more coherent to the wrongdoings in the market include not declaring the business location, stating that a property is not in use while it is, dishonestly requesting for an exemption to pay for charges that are owed, or any unauthorized movement of money to make ill-gains.

Often, economic crime is caused not by companies but by customers towards companies. The highest reported crime boost in the Middle East is through customer fraud and procurement fraud, which have proved to be the most disruptive fraud within an economic crime. In a survey conducted on a global platform, the number of customer frauds was comparatively more in the Middle Eastern region.

In an ongoing effort to combat fraud together, many companies in the Middle East began investing in more stringent controls and implementation of the rules to avoid economic crime, while many others conducted a thorough examination into reasons after the occurrence of a crime in the company. Another issue that stands alongside customer fraud about its prominence is procurement fraud. This fraud entails the practice of favoring associates with vendor and supplier contracts.

All these efforts are measures taken to mitigate the risks involved and ensure that proper prevention is taken by instilling the right technology and talent to deviate from any fraudulent prone routes.

However, it is not easy to ensure that accountability will be maintained and transparent feedback is provided. Another limitation of this procedure is that advanced technologies to combat financial crime can be costly, which would further deplete if the company possesses insufficient resources to acquire and install the platform and is not equipped with properly trained employees to manage the technology. The lack of proper expertise to handle the in-place technology could attract various cyber threats, which allows a wrongdoer from any part of the world to infiltrate the company's system.

With this in mind, companies must equip themselves from the arsenal of defenses to protect themself and the financial and reputational facets of the company. The extent of damage that infiltration of the company's system can cause to the operations is quite unfathomable. It would be better for companies to leave their vault of secrets wide open than installing an IT platform that is managed poorly. The necessity of combating such insecurities is proliferating and must be countered at the earliest. One would like to believe that the efforts of the legal jurisdictions in the Middle East to battle economic crime are practical and promptly applied. However, many of the jurisdictions still fail to provide a proper implementation of the provisions established against economic crime.

The readiness of companies in the Middle East to confront the indecisive nature of economic crime and report any issues as they arise is still moving at a stagnant rate. The stark increase in cyberattacks and its potential threats is not a mystery to the companies in these regions. Nevertheless, they decide against preparing themselves in defense of such risks and attacks. The firms in the region and the governmental organizations must understand the types of threats that could arise in the economy and the nature of such economic crimes. Although this would seem like an insignificant step, this particular action could help achieve a more profound revelation of the gaps and vulnerabilities of the economy and its protective framework.

Many would argue that the relationship of the Middle East with economic crime and fraud dates back ages. All the glitz and glamour and the boom of economies are incongruent with the fraudulent activities occurring within the firms and regions. A region's legal systems cannot enforce the regulatory frameworks established to fight against economic crime if the country's government does not implement the rulings.

To know more about Economic and Fraud Provisions in the Middle East in Singapore Click here 

 

]]>
Thu, 30 Sep 2021 14:28:00 GMT
<![CDATA[Autonomous Machine Testimony]]> Autonomous Machine Testimony

Smart objects have taken over our homes, workplaces and communities, and over the coming decades, the volume of legally admissible data from these devices is likely to be more. The new culture is to have voice-activated technology as digital assistants, smart appliances, and personal wearable devices. 

Lawyers may have to represent clients in cases dealing with evidence, witnesses, or contracts, all relying on immutable digital proof such as time-stamped video and audio recordings. The lawyers may need to specialize in addressing the data issues concerning the domains such as digital twins and personas, surveillance capitalism and digital privacy rights. A pivotal step is getting this information admitted as evidence. Firms need to start building expertise around the admissibility and verifiability of data collected by smart technology-enabled devices.

The Smart Home is the Nest of the Internet of Things

Network and internet-connected devices, also referred to as the Internet of Things (IoT) are creating a nervous system within what has been traditionally recognized to be the most private of spaces: the home. Fundamentally, the IoT is a system to gather and assimilate immense quantities of information that amount to private surveillance of the user's activities, preferences, and habits in his own home. This information is to optimize the function of the given object.

The first Internet of Things privacy study, a joint academic collaboration between Northeastern University and Imperial College London, examined the data-sharing activities of 81 different "smart" devices that are omnipresent today in people's homes. These included immensely popular consumer products produced by tech giants, including smart TVs, smart audio speakers and video doorbells. The teams of researchers (one in the US and one in the UK) conducted 34,586 experiments to quantify exactly much data these devices were collecting, storing and sharing.

The researchers' findings were staggering, 72 of the 81 IoT devices shared data with third-parties completely independent of the original manufacturer. Furthermore, the data that these devices transmitted went far beyond rudimentary information about the physical device being used. It included the IP addresses, specifications of the device and configurations, usage habits, and location. 

Today's economy is a surveillance economy – one that is dead set on acquiring "behavioral surplus", or the digital data generated as a by-product of human interaction with a wide variety of devices. These include, but are not limited to cell-phones, self-tracking devices, social media interfaces, and smart home devices anticipated to be a $27 billion market by 2021. As the number of devices generating digital records of usage grows exponentially, and as their records of usage tracks, not just communications but also movement, domestic habits, and even sleep patterns, this behavioral surplus can yield an elaborate account of human behavior.           

The most familiar example may be that of the location-tracking component of cell phones. Cell phones transmit a rich, comprehensive account of individuals' movements in time and space which can be monetized. So tenacious is this feature that even when location-tracking apps are switched off, and SIM cards are removed from the device, some phones continue to collect location material by enabling triangulation via local cell towers, and generating distinctive "mobility signatures."

Inside the home, digital assistants such as Siri and Alexa are capable of recording and transmitting ambient conversations; more insidiously, the development of lidar sensors, which would map both movement and behavior, is reported to be underway. 'My Friend Cayla' is an interactive toy that captures conversations between the doll and its children users, and then proceeds to transmit those conversations to the manufacturer for further uses.

The Privacy Issues inherent to these Smart Devices 

Other studies support the notion that any device connected to the Internet can be used as ad tracking devices. What really raises IoT privacy issues is how that device-divulged information and data is being employed. If it were used for personalization and customization, then that would have been understandable to a degree. For instance, information about which devices are being used to watch Netflix's streaming content might help them to optimize the quality of their streams.

However, IoT privacy experts have suggested that actual personal data "leaking" from home is being harnessed to construct sophisticated profiles of users, based on their usage habits. It is even more troubling, from a privacy perspective, that some of this data involves personally identifiable information such as exact geolocation data, social media data, and unique device information. All of this data can easily coalesce in order to deduce the identity of the user; this very data falls into a goldmine for advertisers, who strive to learn as much as they can about users so that they can optimize the relevance of the ads they issue. 

The 'Testimony' these devices issue

In March 2018, Facebook disclosed that the political consultancy, Cambridge Analytica had accessed the personal data through improper means of up to 87 million Facebook users. What was worse, Facebook failed to notify its users of the colossal breach until long after it learned about it. It received a whopping USD 5 billion sanctions from the Federal Trade Commission for its privacy failures, along with a USD 100 million fine from the US Securities Exchange Commission. 

Despite this, their privacy practices remain amorphous. To illustrate the same, some terms in the Supplemental Portal Data Policy of the 2019-released Portal smart display can be studied.

The Data Policy states that when portal's camera and microphone are on, Facebook collects camera and audio information, although it states that it does not listen to, view the contents or keep any video or audio calls on the portal.

The Data Policy further elucidates upon how this information is shared, stating that they may also share voice interactions with third-parties where we have a good faith belief that the law requires us to do so. It also states that, when independent apps, services, or integrations are used on Portal, Facebook shares information with them about the Portal device, the device name, IP address, zip code, and other information to help them provide the requested services. 

The terms of service agreements like the aforementioned one are blatantly ambiguous and bear great privacy flaws. However, a lot of consumers have rationalized that the trade-offs are worth it; while privacy may be a concern, at the end of the day, convenience reigns supreme. The promise of enhanced conveniences, as well as the reduction in household costs, is a big overriding factor that explains why consumers continue to purchase and use these devices despite privacy risks.

Having said that, when a security breach happens, the impacts are borne by device owners and wider society, and more often than not, the makers of these devices are indemnified. The regulatory oversight that privacy breaches invite and the privacy infrastructure of different jurisdictions will be explored below.

Digital Privacy in the US

In 2017, 143 million American consumers' personal information was exposed in a data breach at Equifax; in 2013, 3 billion Yahoo accounts were affected by an attack; in 2016, Deep Root Analytics accidentally leaked personal details of nearly 200 million American voters; in 2016, hackers stole the personal data of about 57 million customers and drivers from Uber Technologies Inc. Despite these record-shattering data breaches and inadequate data-protection practices, only piecemeal legislative responses have been produced at the federal level. While most Western countries have already adopted comprehensive legal protections for personal data, the United States, home to some of the most advanced tech and data companies in the world is possessive of only a patchwork of sector-specific laws and regulations that utterly fail to adequately protect data. 

The American Fourth Amendment

The Fourth Amendment of the US Constitution declares inviolate "the right of the people to be secure in their persons, houses, papers and effects." It protects against unreasonable government intrusions by establishing a certain right to privacy enforceable by the individual as against the world.

The essence of the Fourth Amendment is clearly to restrain unwarranted government action against the individual: it is the expression of the framers' intent to secure the American people from intrusion by the state, in the form of unreasonable search and seizure. However, the Court does not properly recognize how the Fourth Amendment protects digital privacy; virtual access by law enforcement threatens the security of citizens in their houses.

 

]]>
Thu, 03 Dec 2020 00:00:00 GMT
<![CDATA[E- Commerce Law KSA]]> E- Commerce Law Saudi Arabia

Introduction

Due to the advance of internet across the globe and in the age of technology, e-commerce has found unprecedented support and flourished greatly during the past decade bringing about a major change in the retail industry, especially during these trying times. Most businesses have adopted an online model to inculcate themselves into the electronic sphere. With such an increase in the usage of e-commerce platforms to conduct business, there arises a need to regulate these activities, including the maintenance of confidentiality of the data exchanged therein.

For the purpose of protecting and regulating e-commerce activities countries all over the world have laws and regulations that impose obligations upon businesses, policies that need to be strictly complied with and restrictions on publication and use of customer information.

E- Commerce in the Middle East

As per various studies that have been conducted and statistical data collected by consumer surveys, it is safe to say the countries falling in the MENA region are digitally savvy and have some of the highest levels of internet usage as compared to other regions. However, the e-commerce industry remains comparatively slower than other regions.

Middle Eastern countries are however, rapidly moving into the digital sphere to conduct their business with the rise in notable e-commerce players. Local governments of these regions have taken up the responsibility to regulate this rapid digitization.

In the UAE, Federal Law number 1 of 2006 for Electronic Commerce and Transactions has been implemented in order to regulate business activities in the cyber sphere. It aims at protect the rights of people doing business electronically along with promoting growth E- Commerce and other transactions on the national and international level. It further sets out a regulatory framework related to licensing, approval, monitoring and overseeing the activities of service providers who are seeking to enter or are already operating in the UAE e-commerce market.

Saudi Arabia

The Saudi market is opening up, inviting investors and businesses to partake in commercial activities resulting in exponential growth of e-commerce in the country. The Saudi E- Commerce Law of 2019 plays a major role in providing a comprehensive framework of rules that need to be adhered to by any e-commerce entity planning to or conducting e-commerce in Saudi Arabia.

The Ministry of Commerce and Investment (MCI), is responsible for setting up and carrying out commercial policies with a view to diversify the sector and boost competition among participant institutions. The MCI is also tasked with issuing, reviewing and supervising commercial systems and regulations.

Legislations

The cardinal legislation that precedes over all laws in KSA is the Shari'ah law.

In an attempt to progress as per global standards, Saudi Arabia has undertaken a National Transformation Program pursuant to Vision 2030 that aims at bringing about changes by widening the scope of legal and regulatory framework of their commercial systems. In 2019, KSA took steps to formulate laws that are able to blend their domestic laws with global standards. This was done with the introduction of a new Electronic Commerce Law (the Law) adopted on 10th July, 2019 by Royal Decree Number M/126 along with Implementing Regulations of the Electronic Commerce Law (the Regulation).

Electronic Commerce Law (Royal Decree Number M/126)

The provisions of the Law apply to three categories of people:

  • the Service Provider, that is the person practicing within the territory of KSA;
  • the Practitioner, a person outside KSA that offers goods and services within the Kingdom allowing Consumers to access such products and services, and;
  • the Consumer (Article 2).

It aims to build faith in the e-commerce industry in addition to boosting development in the field whilst providing consumers with necessary protection from misinformation and fraudulent practice.

Disclosure

As per Article 6 of the Law, the service provider is required to disclose the following information in relation to their online store/ e-shop:

  • Contact details that include, the name and address of the service provider unless registered with an e- shop authentication entity.
  • If registered with the commercial registry or any publicly available record, the name and registration number thereof.
  • Information as under Article 6 of the Regulation, that includes; the e-shop's privacy policy which should contain methods to the scope of dealing with user profiles and measures to protect the personal data of the consumer, measures to receive and resolve consumer complaints and the service provider's tax details, if any.
  • The service provider is also required to disclose his license information with regards to his e-shop accompanied by information regarding the authority that granted such license.
  • The service provider basically enters in to a contract with the consumer during the course of conducting business, therefore it is important for them expressly clarify, the terms and conditions that will apply thereof.

    The service provider must disclose information relating to the characteristics of the products that are being offered, the total price inclusive of all taxes and fees, warranty information, after sales services, termination of contract, and any other such information that may be stipulated in the Regulations. Providing the consumer with all such information assures the consumer of the authenticity of the service provider and affirms their faith in the reliability of products offered.

    Registration

    For an e- shop to be operational and legitimate, it is necessary that it be registered in the Commercial Register. Therefore, a Trader (as per Article 1 of the Law, Service Provider registered in the Commercial Register) is required to register the main electronic shop in the Commercial Register within 30 days from the date of its establishment. Article 12 of the Regulations lay down that an application for registration should made through the Ministry website which must include all the necessary contact information of the trader accompanied with the description of the main e-shop and its activities.

    However, if a Practitioner (according to Article 1 of the Law, means any person who is not registered in the commercial register practicing e-commerce) wishes to become a Trader and get registered into the Commercial Register, then his application must include the following information:

  • The contact details of the Practitioner accompanied by his ID number
  • The description of the e-shop and the activities that will be practiced through the E-shop
  • In case of any changes in the registration application, the competent department must be informed within 30 days of such change through the Ministry website
  • Once the Application is filed, the E- shops are to be authenticated. This Authentication is carried out by licensed authentication bodies that have been established by the Ministry. In order for the E- shop to be authenticated, the service provider is required to provide the following information:

  • The name, address and means of communication of the service provider, which must also include, whether it is a trader or practitioner, a Saudi or non- Saudi
  • Commercial registration information or identity information, whichever applicable
  • Names of authorized signatories in case of a legal person
  • The platforms that will be used by the service provider to conduct e-commerce
  • The licenses issued by competent authorities, if any
  • After all such information is authenticated by the licensed authentication entity, a statement of authentication shall be issued to the applicant and the same shall be published in the Entity's website. A statement regarding authentication shall then be published on the service provider's e- shop.

    Advertisement

    In order to target the desired audience for their products, the service provider may engage in advertising products to promote sale, directly or indirectly.

    As per Article 10 of the Law, electronic advertisements shall be considered a contractual document and shall be binding on both parties. In order to make the advertisement effective, the service provider must contain some distinctive mark that would help the consumer identify and distinguish the products of one service provider from another along with the service provider's contact information.

    The consumer must be able to make an informed decision, therefore, the service provider must ensure that all information related to the product should be available, further, the advertisement should not contain any such information that might mislead the consumer or contain any such logo or trademark that the service provider has no right to use. Notwithstanding the previous statement, if the consumer does not wish to receive any such advertisements, then the service provider must provide means to cease transmission of such advertisements.

    Termination

    As per the provisions of the Law, the Consumer has the option to terminate an e-commerce contract. The Consumer is permitted to terminate the contract within 7 days from the receipt of the product, unless except, he has used and/or benefitted from use of the product in which case the consumer shall bear the costs of termination.

    The consumer shall not however, be eligible for termination and refund in cases enumerated as follows:

  • In case of custom made products
  • Products in the digital format, such as CDs and DVDs
  • Products subject to damage during the termination period
  • In case of services, such as catering, transportation etc.
  •  In case of a contract entered into for public auction
  • Any other such products or services as enumerated under Article 13 of the Law.
  • Protection of Personal Data

    A major concern while engaging in E- commerce activities, is that of data privacy and protection. It is the duty of the law and lawmakers to establish laws that protect an individual's identity and prohibits invasion of privacy thereof. Under the Shari'ah principles, disclosure of any secrets of private information of an individual is prohibited except unless the individual has expressly consented to it or if such disclosure is in furtherance of public interest.

    The Law (Royal Decree Number M/126) imposes certain obligations upon the service provider regarding privacy of consumer information that have to be strictly adhered to. Article 5 of the Law lays down that, the service provider is barred from retaining any personal consumer data except for the period required by nature of the transaction, unless expressly consented by the consumer for another period or transaction.

    The service provider owes a responsibility to the consumers to take all such measures to maintain confidentiality of personal data that is under his control during the course of the transaction. The service provider is therefore, barred from using such data for unlicensed and unauthorized transactions or disclosing the same to third parties, except with the consent of the consumer. In case it comes to the notice of the service provider that his system has been hacked and the personal information of consumers have been leaked, the service provider must, immediately report such a breach to the Ministry within 3 days.

    The Law also provides for penalties in case of contravention of any provision of the Law and/or Regulation in Article 18 of the Law; enumerated as follows:

  • A warning
  • A fine not exceeding 1 Million Riyals
  • Suspension of the E-shop, partially or fully
  • Blocking the E- shop, temporarily or permanently
  • Further, since e-commerce is conduction in the cyber sphere, the Anti- Cyber Crime Law (Royal Decree Number M/17) may also apply. The law aims at, protecting rights pertaining to legitimate use of computers and information networks, public interest and national economy along with enhancing information security. The law also stipulates that, the consent of an individual be taken before processing any of their personal details.

    The Anti- Cyber Crime Law, provides for penalties for with regards to unauthorized access, use, distribution or redistribution of personal data, including bank and credit information and unlawful access to website or hacking a website with the intention to destroy or modify it, or occupy its URL.

    Moreover, the Telecommunications Law lays down provisions to safeguard public interest as well as maintain confidentiality and security of telecommunication information (as per Article 1 of Royal Decree Number M/12, telecommunications also includes transmission over the internet). It further restricts disclosure of information of subscribers by internet providers to third parties.

    Therefore, moving forward, the E- commerce sphere in the Kingdom of Saudi Arabia is booming and aims to achieve greater heights with this comprehensive Law in place, accompanied by a myriad of safeguards to ensure safety of all participants.

     

    ]]>
    Sat, 17 Oct 2020 11:16:00 GMT
    <![CDATA[Virtual Reality and Copyright]]> Virtual Reality and Copyright: Combining New Concepts with the Old

    Introduction

    It is a strange thing to look into the world of technology on occasion and genuinely be surprised by the significant leaps of progress that have taken place. In a way, it is almost impossible to consider the future as a lay-person truly. There are concepts which one day seem hopeless and nothing more than a dream of science fiction authors. Suddenly before you know it, those concepts are entering reality. Once an exciting and game-changing product becomes a reality, it often makes a significant impact and truly bursts on to the scene.

    Virtual Reality (VR) is a prime example of this. Go back just a decade or so and few people would have been expecting it to exist on the current scale we see today. It would have seemed a crazy prospect then, and yet now few will say that VR was not a logical move to take in the world of technology. An even better and more evolved idea would be the smartphone. These have been around for some time now, and it seems crazy to imagine a world without a smartphone in the hands and pockets of practically everyone. They provide so much that many would be unable to live without. Examples of this include access to critical information anywhere and anytime, access to the internet and far more. In the twelve years since though, the number of smartphone brands has become impossible to keep track of and the amount still arising is substantial.

    VR is currently still in its earliest stages, though its audience size is growing. Consider the likes of the movie 'Ready Player One'. In this movie, the world is depicted as being taken over by VR technology with everyone owning a system and the world almost revolving around it. Very few people will consider this to be an outlandish or overly distant prospect. Yes, we are certainly not quite at that level yet, though the groundwork is currently forming. VR is already becoming available to a significant degree with different levels available covering different niches of the market. There are cheap and straightforward forms which require phones along with a plastic (or even cardboard for the likes of the Google Cardboard) headset. Even more expensive types of VR are selling well, with the likes of the Sony PlayStation VR Headset having sold over 4 million units to date.

    One of the crucial aspects of this groundwork and perhaps one of the most important is that of the laws surrounding the technology. Of course, the law is like an ocean in terms of its depth and the areas it covers, though the area that will receive consideration here is that of copyright and VR.

    Copyrighting Virtual Creation

    One aspect of human nature that is significantly awakened within many when it comes to VR is that of creating or producing something. This creativity can yield amazing results, and as time goes on, we will surely see things that are impossible for most to imagine. These works though, are still tied to an individual or specific entity, and for true creative protection, copyright regulation will have to adapt to the unique aspects of VR creations. While creating in a virtual world, many tools are utilised therein and only there.

    Further to this, unlike a painting or a book, it is possible to interact with creation like never before. Imagine touching and exploring something in unprecedented depth, as if it were physically present, though it was nothing more than pixels on a headset. In a way, it is an entirely digital creation though it can be analysed and interacted with as if it were physically present.

    At a basic level, many jurisdictions have copyright regulations in place, and these will have been at work for many years now. Copyright provides the creator of any original idea or Intellectual Property with protection over the specific design, preventing its usage by others without the permission of the original owner. This concept still stands when it comes to VR as any creation, including those that are virtual, can receive protection through many current copyright rules.

    Specific mentions of VR are sparse within these texts though. It can, therefore, be assumed that the unique position of VR, being something of a middle ground between reality and digital works, might cause some issues to arise. However, at this time, registering a product or application in virtual reality requires any individual or entity to take the same steps as registering normal digital products. There are no special processes present at this time.

    Issues may arise as we head into the future with questions surrounding the nature of the digital products becoming prominent. With the greater level of realism and immersion available through VR, questions will arise. A crucial one of these will consider whether differing processes for application registration and copyright should exist. However, for now, the processes are the same.

    VR creations cannot be utilised by others digitally or contained in their work without the permission of the original owner and the full period of protection applies. However, it is also not permitted to replicate products from the real world directly in Virtual Reality. The reasons for this limitation is due to the closeness in nature between the two.

    One significant case on the matter of VR is that of Zenimax Media INC. And ID Software, LLC v Oculus VR LLC, Palmer Luckey, Facebook INC. Brendan Iribe and John Carmack. Zenimax's [Tex. Civil Case No. 3:14-CV-01849-P] claim related to violation of non-disclosure agreement terms and also copyright infringement. There was a further claim for the theft of trade secrets for which Zenimax was demanding USD 6 billion, though this was dismissed. However, on the additional two matter, Zenimax and ID were awarded USD 500 million.

    This case is especially significant as it related to the formation of the virtual reality technology as a whole and so it was an extremely high stakes case. This matter was furthered by the purchase of Oculus by Facebook just prior.

    There are not many cases, especially of this scale in the world of VR at the moment. Once again, this is because the technology is still in its infancy and very much uncharted territory. In time to come, there will undoubtedly arise many more cases, though this is the most considerable at this time.

    However, speaking in general terms, copyright regulations around the world can cover Virtual Reality as they exist now. The rules in the likes of the US, EU and UAE do not prevent the copyrighting of VR content or applications. The legislations covering the copyright of any digital content would be sufficient. The US has its Copyright Act of 1976 while the EU has the multiple directives on the topic. The primary guideline is Directive 2019/790. UAE Federal Law Number 7 of 2002 covers this, and Article 2 specifies in subsection 2, that computer programs and applications are covered. In time, there will undoubtedly be updates and amendments to these regulations to incorporate the concepts expressly. Copyrights are arguably not the primary area of concern for VR. There are further subject matters which have to be answered in the future and so of the crucial issues concern:

  • Rights of ownership of products based entirely in Virtual Reality.
  • Health and safety regulations.
  • One comparison that is here is to cases that arose against Nintendo concerning their Wii console. Due to the nature and exertion of the motion controls, there were reports of individuals sustaining injuries as a result of playing with the system, and specific individuals sued the company. Some of the injury stories that can be found are quite severe, with people falling and sustaining potentially life-threatening injuries as well as individuals exerting themselves, resulting in significant joint issues. A specific case is that of Elvig, et al. v Nintendo of America Inc. No. 08-CV-02616 (D. Colo.) in which a faulty wrist strap resulted in a motion controller being thrown and damaging a TV. However, the court found the claims of the plaintiff to be far too vague with false advertising being the critical claim. Nintendo retorted by stating that adequate warning is provided to customers regarding potential risks. In the end, the court chose to side with the defence.

    One of the most common uses for VR is video games, and due to the nature and level of immersion when playing, injuries are certainly a possibility. Disorientation and dizziness are a genuine problem, especially with particular movement heavy games. Further, since the headsets limit all vision to actual surroundings, tripping or falling into hazards is a real issue. However, all headsets are accompanied with warnings and guides on how to appropriately use them, and video games are likewise provided with such messages. An example of why this is required for video games arises as per the UK General Product Safety Regulations of 2005. This law requires companies to provide safety warnings for any foreseeable usage risks that occur when using the product. These warnings act as exclusion clauses for the developers of games or headsets and are accepted in courts as a method of removing liability. The Elvig, et al. v Nintendo of America Inc. No. 08-CV-02616 (D. Colo.) case once again demonstrates this.

  •     With many creations, another question that arises is that of trademarks and how their management is maintained. As previously mentioned, problems can occur when creating things in virtual space which have a likeness to objects and products that physically exist.
  • Again, consideration must be provided to the fact that video games are arguably the most common use of VR, and so when applying for trademarks, anything which has a resemblance to the real world will not necessarily be infringing on any rights.

    However, in cases where real-world locations are being simulated, and logos or branding is present, issues may then arise.

    The crucial point to note and one of the vital deciding factors here is of whether individuals will be confused as to who the owner of the trademarked logos is. The origin of any branding should not be surrounded in any confusion in this way.

    The Future of Virtual Reality

    It still, even in 2019, feels odd to be thinking about VR and the future. The concept is still just new enough and niche enough to feel like it could all be in our imaginations, though they are far more than that. And existing in the real world, there must be regulations to manage the concept as well as consider and protect creations that are made using it.

    Since the concept is still fresh, the regulations in place are often adaptions of laws governing ideas and concepts that most closely mirror VR in their creative nature, and over time, further developments will arrive, and the rules will amend to make the law and the VR technology easier to combine. However, understanding will take time and introducing new laws and modifying old ones takes more time yet.

    Copyright is also in a decent position as is, with the basic concepts being applicable to VR without the need for changes. In countries with common law systems, court cases will help to flesh out the specific attitudes towards Virtual Reality concepts, while civil law jurisdictions will require a little more law-making and amending.

    There are other issues besides copyright that are just as significant and in a way, more urgent, such as trademark matters as well as health and safety concerns. Individuals sue entities for all manner of things these days and companies take the most considerable precautions to protect themselves from liability.

    VR has an exciting future, and futuristic indeed seems an appropriate way to describe the concept. As with any new significant innovation or invention legislation will adapt and rise to meet it and create a secure legal backbone.

     

    ]]>
    Sun, 22 Sep 2019 17:33:00 GMT
    <![CDATA[Cryptocurrency and Asset Exchange auh]]> Cryptocurrency and Asset Exchange in the Abu Dhabi Global Market

    Currency is defined as something, more often than not paper and coins, that act as a medium of exchange for goods and services. This practice of trade has been a constant for humankind throughout its various ages, occurring in multiple forms, yet resulting in the same outcome. While earlier transactions revolved around the exchange of physical forms of currency in the form of legal tenders, at present, with the advancements made in technology, the currency has taken an alternative system that's known as cryptocurrency.

    Cryptocurrency facilitates financial transactions in the same manner currency does, with the exception that it is intangible and acts as a digital asset. The standard currency relies on central banking systems and controlling authorities as a form of regulation, whereas cryptocurrency utilises a form of decentralised control. This decentralised methodology of control is made possible by the use of distributed ledger technology or distributed ledger technology (DLT). The technology is such that digital data is spread across multiple devices in an interconnected network and subsequently synchronised using a consensus of these devices within the network. The lack of a regulatory body overseeing these networks is considered as a significant security threat, but this hasn't stopped multiple variations of cryptocurrency being conceived including Bitcoin, Altcoins, Token, etc. With cryptocurrency gaining major traction and becoming mainstream, countries have looked into the same, and while some have expressed reservations in adopting the system, some have taken it up as an authorised medium of exchange. The United Arab Emirates (UAE) is one such country that has taken an active interest in integrating cryptocurrency into its economy through the Abu Dhabi Global Market (ADGM), an international financial centre and financial free zone in Abu Dhabi.

    Abu Dhabi Global Market

    The Abu Dhabi Global Market was established as a financial free zone in the Emirate of Abu Dhabi by Federal Decree No. (15) of 2013 and is governed by Abu Dhabi Law No. (4) of 2013. It is located at Al Maryah Island and is comprised of three independent authorities:

    • The Global Market's Registration Bureau (known as the Registration Authority or RA)
    • The Financial Services Regulations Bureau (known as the Financial Services Regulations Authority or FSRA)
    • The Global Market's Courts (known as the ADGM Courts)

    The responsibility of registration, incorporation and licensing of legal entities within the ADGM rests with the Registration Authority. It also works with government authorities and services and is in charge of issuing notices, circulars, permits in relation to ADGM. Any changes to the information provided by the entity have to be officially informed to the Registration Authority within a set time period. Any failure by the entity to do so will result in fines. Apart from this, the RA is tasked with enforcement of ADGM companies regulations, dissolution and restoration of ADGM establishments and registration of property located in Al Maryah Island.

    The Financial Services Regulations Authority conducts and facilitates all financial services in ADGM. Financial entities registered with ADGM must adhere to the obligations set out by the FSRA, that are in addition to the standard obligations of ADGM. The FSRA seeks to uphold the integrity of ADGM's financial system and acts to deter any such conduct or activity that disturbs the stability of the financial services industry. ADGM also has set up measures to towards prevention of financial crimes by adhering to Countering Financing of Terrorism (CFT) Anti-Money Laundering (AML) guidelines, with FSRA being the competent authority governing the same. The ADGM Courts consists of the Court of Appeal and the Court of First Instance, and function as per the rules and regulations enacted by the ADGM Board of Directors and its subsequent amendments.

    Guidelines related to Cryptocurrency

    In May 2019, the Financial Services Regulatory Authority issued a set of guidelines with respect to Cryptocurrency. The guidelines enacted were:

    • Digital Security Offerings and Crypto Assets Regulations under the FSMR (dated 13th May 2019)
    • Regulation of Crypto Asset Activities in ADGM (dated 14th May 2019)

    According to these guidelines, a Crypto Asset was recognised to be a value of digital representation that could digitally be traded and be utilised as a medium of exchange, but not having any legal tender status in any jurisdiction. The main objectives are to address the risks that arise when trading of crypto assets occur. At present, in the event of a theft or a loss of crypto assets, users do not have a safety net that will enable them to recover their assets. The mere adherence to AML and CFT guidelines is not sufficient enough to quell the broader risks of crypto assets. The issues addressed by the guidelines pertain to the areas of:

    • Consumer Protection
    • Safe Custody
    • Technology Governance
    • Transparency
    • Market Abuse

    Under the regulatory framework, any person (custodian, market operator or intermediary) dealing in crypto assets needed to be approved by the FSRA as a Financial Services Permission (FSP) holder in the business of operating crypto assets, otherwise known as OCAB. Apart from the above-mentioned guidelines, authorised persons must comply with the following additional guidelines:

    • The FSRA Conduct of Business Rulebook (COBS)
    • The FSRA General Rulebook (GEN)
    • Anti-Money Laundering and Sanctions Rules and Guidance under the FSRA (AML)
    • The FSRA Rules of Market Conduct (RMC)

    As per chapter 17 of COBS, there are seven key factors which the FSRA considers while determining whether a Crypto Asset becomes an Accepted Crypto Asset. They are:

    Maturity/Market Capitalisation:

    The volatility, sufficiency and the proportion of Crypto Asset in the free float are assessed. The FSRA does not prescribe a source for the calculation of market capitalisation of Crypto Asset. It instead uses recognised sources, as and when it may be available.

    Security:

    The Crypto Asset is determined if it is able to adapt and improve the risks and vulnerabilities it has and tested on their ability to allow secure private keys the appropriate safeguarding.

    Traceability/Monitoring:

    The ability of crypto assets to identify counterparties in transactions are assessed along with the ability of OCAB holders to demonstrate the origin and destination such crypto assets.

    Exchange Connectivity:

    The presence of other exchange centres which support crypto assets, their jurisdictions and regulations are investigated.

    Types of DLT:

    The security of the DLT that is used for the purpose of Crypto Assets is assessed to understand if it is stress tested.

    Innovation/Efficiency:

    The ability of the Crypto Asset to solve fundamental problems or create value for the participants or meet a need of the market is determined.

    Practical Application/ Functionality:

    The functionality of the Crypto Asset in terms of real-world quality is looked into and plays an important role in determining if it becomes an Accepted Crypto Asset.

    Anti-Money Laundering and Countering Financing of Terrorism Guidelines

    One of the primary concerns with the usage of Crypto Assets is money laundering (ML) and terrorism financing (TF). The ADGM introduced the Anti-Money Laundering and Countering Financing of Terrorism Guidelines in 2015 with the jurisdiction being exclusive to the Global Market area, and it is independent of any federal anti-money laundering legislation. The guidelines introduced to apply for all those persons who operate from or in the ADGM.

    Under the UAE criminal law, as per Article 3 of Federal Decree Law No. (20) of 2018, a person may be held criminally liable for money laundering if it is conducted intentionally in the name of the person or from their account. The following also constitute offences in relation to money laundering:

    • Failure to report suspicions related to money laundering
    • Assisting in the commission of money laundering

    An inter-governmental organisation called the Financial Action Task Force (FATF) helps develop and promote international standards to fight money laundering and terrorist financing. The FATF has identified certain critical risks associated with crypto assets, such as:

    Anonymous operation of Crypto Assets

    Since crypto assets are traded on the Internet with no face-to-face interactions, anonymous funding and transactions take place. This can result in the failure to identify the source of destination of the funds.

    Increased potential for ML and TF risks:

    The ease of access to Crypto Asset systems (even from a mobile phone) massively increases the global and can enable cross-border transactions, which can be challenging to monitor.

    Complex infrastructure:

    Crypto Asset systems are built on platforms that require complex infrastructures with multiple entities across different jurisdictions being involved. This can cause difficulty for law enforcement agencies to access them. The rapid increase of decentralised technologies which are used by Crypto Asset businesses further aggravates the issue.

    Jurisdictions not having adequate ML/TF tools:

    Since different components of the Crypto Asset system may be spread out across multiple jurisdictions, it is entirely possible that such jurisdictions may not have adequate framework and control over money laundering and terrorism financing.

    On the basis of the risks put forth by the Financial Action Task Force, the FSRA has introduced fundamental principles an OCAB holder should consider, which are:

    Risk-Based Approach:

    OCAB holders must understand the risks associated with the activities involved and should carry out periodic risk-based assessments, which identify, assess, manage and mitigate the risks related to money laundering.

    Business Risk Assessment:

    In accordance with the AML rules, entities must take appropriate steps to identify and analyse ML risks the business may be exposed to, with importance given to the use of new technologies that can be used. The FATF further recommends that financial institutions must conduct such risk assessment prior to the launch of any new practice, technology or product.

    Customer Risk Assessment and Customer Due Diligence:

    Procedures in relation to Customer Risk Assessment and Customer Due Diligence must be implemented by all OCAB holders and must rate the Clients according to their risk profile. The due diligence must be carried out in accordance with the AML rules as per FSRA. In the event that the ongoing due diligence happens non-face-to-face, the OCAB holders are expected by the FSRA to identify the client as a natural person. OCAB holders must ensure that the process of due diligence is not a simplified one and may use any technology available to them in order to mitigate any such risk associated with verifying the client.

    Governance, Systems and Controls:

    OCAB holders are required to implement the necessary technological governance systems and controls to ensure appropriate ML and TF compliance. Third-party solutions and technologies can be brought on in order to fulfil the regulatory obligations put forth. Effective transaction monitoring systems must be implemented in order to determine the origin and destination of Crypto Assets. A Money Laundering Reporting Officer (MLRO) must be appointed by the OCAB Holder, and this officer will be responsible for implementing and overseeing how the OCAB Holder complies with the AML rules.

    Suspicious Activity Reporting Obligations:

    OCAB holders must establish online connectivity with UAE's Financial Intelligence Unit for submitting such suspicious activity reports and must ensure that transaction monitoring systems are in place to identify any possible breach of domestic or international sanctions.

    Record Keeping:

    The FSRA expects record-keeping practices in accordance with the AML/CFT compliance guidelines, to be followed by OCAB holders. Such data must be kept in an easily accessible format and provided to the FSRA whenever required.

    Conclusion

    It is imperative that for the successful integration of crypto assets, the guidelines that are put forth by the Financial Services Regulations Authority are followed. These guidelines are quite comprehensive in nature and ensure that a safety net is available for those dealing in crypto assets and digital asset exchange. The ADGM has been a pioneer in international financial centres, with its unique outlook and it has certainly paved the way for further inroads in the field of cryptocurrency.

     

    ]]>
    Mon, 02 Sep 2019 10:35:00 GMT
    <![CDATA[5g]]> 5g

    Introduction

    ICTs, short for Information and Communication Technologies, is used for social and economic development. With the introduction of new technology, there is an improvement in the quality of life of people using such technology because of the unique benefits and conveniences that this new technology has to offer. 4G wireless network services allow people the comfort is using broadband services on their mobile devices. However, a need arose for high speed, highly reliable, rapid response and energy efficient mobile services. Hence the introduction of 5G technology. Developed countries have aimed to introduce 5G mobile networks for commercial use by 2020. This fast-track introduction of the technology has resulted in the need to regulate how 5G technology is implemented and its environmental impact

    Background

    What is 5G

    5G stands for the fifth generation. It is the next generation of broadband connection, and it will replace or improve the 4G connection.  It is a specification that refers to how a network will respond to the needs of cellular networks that are growing. 5G will lead to higher data rates, quicker reaction times, faster upload and download speeds. 5G supplies an enormous amount of spectrum of wireless communication, smaller sizes cells and more modulation schemes, letting higher numbers of wireless users share the spectrum. 5G also leads to broader coverage and more stable connections. These new features allow for smart transportation, instantaneous cloud services, 360-degree videos and holograms while guaranteeing the quality of experience to mobile users. 

    5G operates on three different spectrum bands, namely the Low band spectrum, Mid-band spectrum, and High Band spectrum. Low band spectrum refers to data speeds that only reach 100 Mbps. Mid-band spectrum refers to faster data speeds at 1 Gbps. Whereas high band spectrum is one that offers speeds of 10Gbps.There are different categories of 5G services. Firstly, there are immersive 5G services, which are concerned with virtual reality, augmented reality and massive contents streaming. Secondly, there are intelligent 5G services that are user-focused and provide for better mobile services in crowded areas. Thirdly, there are Omnipresent 5G services used in the Internet of things. The Internet of Things refers to interconnections of all kinds of devices even household appliances. The fourth category refers to Autonomous 5G services which would be used in self-driving cars. Mainly this fourth category involves smart transportation, drones and robots. The final type is the Public 5G services which would enable more efficient and effective disaster monitoring, private security, public safety and emergency services.  

    How does 5G technology works?

    5G mobile wireless systems are a way for devices to send and receive data wirelessly. 5G signals use wavelengths that measured in millimetres. 5G has higher frequencies, which means there is only a shorter range of coverage. Thus, 5G will use a system of cell sites that send encoded data using radio waves. Each cell site is then connected to a network backbone. 5G will use Multiple Input Multiple Output ports which facilitates signals that travel faster in all directions.  To eliminate interference that may occur as a result of the complexity of the network, a method called beamforming will be used. Beamforming refers to a situation whereby a single port sends higher beam signals in distinct directions to reduce interferences.

    The implication of 5G technology

    Advantages

    The advantages of shifting to 5G are numerous. 5G will lead to faster and improved broadband. 5G will allow the proliferation of self-driving cars that will communicate with other cars on the road. 5g will allow such vehicles to obtain information about road conditions, provide information to drivers and automakers. This technology will enable autonomous vehicles to avoid car accidents and save many lives. 5G also enables the effective operation of cities and municipalities. Municipalities will be able to perform their duties more efficiently. Remote control of heavy machinery is also made possible by 5G. in the Healthcare sector it is expected that 5G will lead to improvements in precision surgery and may even lead to remote medical operations. One of the most significant aspects of 5G is the internet of things. 5G will allow communication between sensors and smart devices. A result of 5G is advanced manufacturing which will require no human input. This advanced manufacturing is what is called the Internet of things.

    Disadvantages

    The needs of people have been the driving force for the creation of mobile broadband networks until now. The needs of machines were at the forefront of 5G technology development. The low latency and high-efficiency data transfer of 5G networks ensure seamless communication between devices. The technology may lead to a wide array of troubles and challenges for people and the environment. The introduction of 5G necessitates the need for new infrastructure. This new infrastructure is called small cells. These smalls cells are a departure from macro cell towers. The small cells are barely noticeable cell towers situated closer together. The small cells will have more input and output ports than there are on the macro cell towers. Smalls cells generate less power, collect and transmit signals in a short range from one another. Thus that the deployment of 5G technology will likely lead wireless antennas every few feet on lamp posts and utility posts. The small cells may also be placed every two to ten homes in suburban areas. Deploying 5G technology will require an unprecedented and immensely large number of wireless antennas on cell towers and buildings. These would be placed much closer together. Each of these cells emits radiofrequency radiation. This radiation will be much harder to avoid because these towers will be everywhere.

    The presence of radiofrequency radiation is an essential consideration in deploying 5G technology. The current wireless technologies of 2G, 3G and 4G technologies created health risks to humans, animals and the environment. Wireless company documents outline information that suggests that 5G will increase the levels of radiofrequency radiation. The World Health Organisation's International Agency for Research on Cancer categorised radiofrequency radiation is a possible carcinogen. Low-level exposure to radiofrequency radiation leads to a myriad of health effects including DNA single strand and double strand breaks, melatonin reduction and generation of stress proteins, all of which lead to cancer and diseases. 5G technology will lead to higher exposure to radiofrequency radiation which presents risks to both human and environmental health.

    Regarding human health, there is a concern that the radiation emitted from the small cells will have adverse effects on human skin. Human skin has been found, and it is likely that it will also soak up radiofrequency radiation. Inevitably, this will lead to cancer - furthermore, the sweat ducts located on the upper layer of the human skin act like antennas. Therefore, mortal bodies will become far more conducive to this radiation, increasing the risk of growing cancerous cells. High exposure of radiofrequency has an impact on motor skills, memory and attention. The effects of such high exposure are neuropsychiatric problems, genetic damage and elevated diabetes.

    More conclusive information on the harmful effects of the radiofrequency radiation on animals is available. The US National Toxicology Program carried out a study that found that exposing rats to radiofrequency radiation for nine hours in two years led to the development of heart and brain tumour, as well as DNA damage. Various studies carried out elsewhere in the world have indicated that the radiation damages eyes, immune system, elevated lymphoma, cell growth rate, lung and liver tumours, and bacterial resistance. 

    5G also harms the planet as it poses a severe threat to plant health. Exposure to radiofrequency radiation led to necrosis, which is the death of tissue cells. Exposure to such radiation could lead to the contamination of our food supply.

    5G deployment requires many temporary satellites that are propelled by hydrocarbon rocket engines. Such satellites emit black carbon into the atmosphere. Black carbon in the atmosphere will affect the distribution of the ozone, as well as the temperature. These rocket engines will also emit chlorine, which is known to be a chemical that destroys the ozone layer.

    5G may even threaten natural ecosystems. Radiofrequency radiation affects birds and bees' health. Radiation may ultimately lead to birds' death, and the egg laying abilities of bees are compromised.  

    5G technology also requires collocating the cells on other infrastructure. Small cell wireless facility development necessitates streamlined federal, state and local permitting rights of way, application timelines and other siting and application fees and application review timelines and appeal processes to make it economically feasible for wireless companies to deploy the technology across communities.

    Legal considerations for the use of 5G networks

    The legislative frameworks throughout the world were designed mainly to regulate human to human interactions and were not intended for machine to machine communications. The laws on telecommunications relate to privacy, roaming and other rules that were designed to protect interpersonal connections between humans. It is essential to compare the telecommunication laws in the United States of America, China and the EU to assess readiness for the deployment of 5G. These laws will be evaluated based on whether they mitigate the environmental and risks of 5G.

    The United States of America

    With the advent of 5G technology comes a need to reexamine the law and how it will need to adapt to 5G technology. The United States' Federal Communications Commission issued a 5G Technology Plan or the 5G Fast Plan which was aimed at achieving three main goals. These goals were, firstly the releasing of more spectrum into the marketplace; secondly modernising regulations and thirdly limiting the barriers to wireless infrastructure deployment.   The Federal Communications Commission's Spectrum Frontiers Orders has stated an intention to lay the groundwork for the use of 5G technology in the United States by 2020. In the United States federal law, the Repack Airwaves Yielding Better Access for Users of Modern Services Act a wide range measures to facilitate the use of 5G networks in the US has been approved by the US House of Representatives. There are two Acts drafted to streamline the auction and use of airwaves to send and receive 5G signals the Spectrum Deposits Act and the Mobile Now Act of 2016. The Spectrum Deposits Act allows the federal government to identify future spectrum for 5G use. The Spectrum Deposits Act also provides for the government to speed up the installation of 5G equipment on federal property.

    In the United States of America, 21 states have enacted small cell legislation. This legislation streamlines regulations to facilitate the deployment of 5G small cells. Each state considered its state and local environment before passing the legislation. The fundamental principles of the legislationis are streamlined applications to access public rights of way. This allows mobile network providers to place poles and facilities in public rights of way. The legislation places a cap on costs and fees. The small cells are to be attached to public structures. All states enacted must impose annual fees on new attachments to public structures. The legislation also regulates the streamlined timelines for the consideration and processing of cell siting applications.

    The United States Courts of Appeals decided to quash a motion to stay the Federal Communications Commission's revised rules relating to the rollout of small-cell 5G technologies. This decision allows for telecommunications companies to mount small cell 5G equipment on street lights. This decision goes against the need for community decision making relating to public safety and well being.

    The Secure 5G and Beyond Act was introduced by US senators which obliged to President to develop a security strategy for next-generation networks. The Act, however, prevents the President from nationalising 5G networks. The Bill advocates for a National Telecommunications and Information Administration to ensure that the advantages of 5G are harnessed in a way that minimises the risks of using the 5G networks. The Bill also tasks the President with providing that foreign allies maximise the security of their telecommunications networks and software.

    The Federal Communications Commission is in the process of assigning additional high band spectrum, mid-band spectrum, low band spectrum and unlicensed spectrum. Assigning these spectrum bands will allow for an increase in low latency data traffic. This allocation will be beneficial to the Internet of Things (IoT) devices. 

    The US government is keen to foster the development and advancement of the IoT. The National Telecommunications and Information Administration's Internet Policy Task Force has reviewed the benefits, challenges and potential role of the government accordingly.

    The European Union

    According to the European Commission's Digital Agenda for Europe targets, at least one major city in every Member State of the European Union should have a commercial 5G network by 2020.

    The Council of the European Union met in Brussels in December 2018 to reach an agreement on the European Electronic Communications Code. The code encourages spectrum allocations across the European Union. A minimum license lasts for 15 years, but it can be extended quite easily for another five years. The code includes an outline for the renewal, transfer, sharing and lease of spectrum rights processes. The code obliges for 5G spectrum bands to be assigned by the 31 of December 2020.

    Like the United States, operators and mobile service providers are granted a right of way on public infrastructure. But unlike in the United States, it is not necessary for the mobile services providers to be subject to prior permits, fees or charges.

    The European Communications Code has been criticised as failing to pre-empt some of the long term challenges of the European telecommunications sector. This lack of foresight could mean hindering the deploying 5G networks in Europe. The Code has been said to be unclear as it involves complexities that confuse electronic communications service providers and machine to machine service providers.

    The European Communications Code is said to be fragmented because of the level of 5G service regulation in Europe will differ from state to state. The Code does not include measures to promote the harmonised availability of 5G across EU member states. As stated before, the deployment of 5G services requires new frequency bands. New frequency bands are possible when a copious amount of small cells is deployed because higher frequencies have a shorter transmission range. Previous regulations were primarily focused on more massive high power macrocells. These regulations are not appropriate in the case of networks using these smaller cells.  Some European countries such as Italy and Greece have failed to create legislation that is welcoming to 5G technology because of the ineffectiveness of law-making bodies as well as the burden of government regulation. Luxembourg, on the other hand, can make the required regulatory interventions as a result of the effectiveness of the law-making bodies and the law relating to ICT.  Switzerland is a non-EU country but stands in better stead than EU nations to issue effective regulations and policy in the realm of 5G technology. The Netherlands, Norway and the United Kingdom are EU member states that have powerful law-making capabilities that enable them to harness the advantages of 5G technology.

    The Code does indeed create a more efficient and flexible framework for the introduction of 5G technology. The drawback is that the code will only be implemented in 2020, but by then the deployment of 5G technologies would already have been implemented.

    The People's Republic of China

    The Chinese government has keenly promoted the development of 5G technology and the IoT. The Chinese government has developed many laws and regulations including legislation on information security, intellectual property rights and data protection.  Unfortunately, China does not have a comprehensive regime for the introduction of 5G technology and IoT.  The Ministry of Industry and Information Technology (MIIT) of China has been driving the implementation of 5G technology. The Ministry of Industry and Information Technology is tasked with issuing licenses to mobile networks to deploy 5G hardware and software.

    China would have been an ideal country for supplying the United States, Japan and Australia with the hardware needed for 5G mobile networks. The National Intelligence Law of 2017 and the Counter Espionage Law of 2014 enacted in China state that Huawei, a company with its parent plant in China, would be obliged to provide the Chinese government with any information it requires. Article 7 fo the National Intelligence Law states that any organisation or citizen must cooperate with the state intelligence authorities in terms of the law". The Counter Espionage law states that "when the state security organ investigates and understands the situation of espionage and collects relevant evidence, the relevant organisations and individuals shall provide it truthfully and may not refuse". Huawei was otherwise poised to become the core backbone of 5G infrastructure in advanced western liberal democracies.

    Regulating Environmental Impact

    Although China and the United States, as well as the European Union, have created a legal landscape to support the introduction of 5G technology. It is however interesting that neither of these countries has enacted or proposed legislation that regulates the environmental harm and the adverse effects on humans.

    The European Commission has absolved itself of responsibility for any potentially harmful effects of radiofrequency radiation. The Treaty on the Functioning of the European Union states that the primary responsibility for protecting the public from potentially adverse effects of such radiation remains with the Member States. The regulation of the environmental impact will undoubtedly be varied amongst the Member States.

    In Brussels, plans for a pilot project to provide high speed 5G wireless internet in Brussels were stopped. The halt is because it is not possible to estimate the radiation from the antennas of the small service required for 5G service. In the Netherlands, political parties were anxious to know what the potential dangers if the small cells were installed on a large scale. The Netherlands Parliament, therefore, urged the Health Council of the Netherlands to carry out an independent investigation into 5G radiation. In Germany, a petition with 56 643 signatures requested that the German Parliament suspended the procedure to award 5G frequencies because of doubts as to the safety of this technology.

    There is an International Appeal to Stop 5G on Earth and In Space addressed to the United Nations, the European Union, the Council of Europe and the World Health Organisation with 63 379 signatories from at least 168 counties as of March 29 2019.

    In the United States, more than two hundred and forty scientists and doctors originating from 41 different member states have appealed to the United Nations calling for urgent action to reduce exposure to radiofrequency radiation. This appeal has clout as these scientists and doctors have all published peer-reviewed journal articles on electromagnetic radiation or 5G health dangers. These academics also sent a letter to the Federal Communication Commission asking for a moratorium of 5G technology deployment because of the potential impact on human health and the environment.

    It is questionable whether citizens of the affected future smart cities can challenge the introduction of 5G technology on the basis that it is a hazard to human and environmental health. Section 704 of the Telecommunications Act of 1996 stops state and local government from considering the potentially harmful environmental effects of cell tower radiation if the radiation does not exceed FCC limits. It is clear that 5G radiation exceeds these FCC limits, but rulings of the courts on this section has shown that the court prefers to interpret such a provision in favour of the mobile service network  

    Recommendations

    Scientists have cautioned that before deploying 5G technology, the effects of this technology on human health must be studied. Parliaments of the developed countries should draft legislation to mitigate the impact of 5G technology. 

    Conclusion

    The United States and the European Union have regulated the deployment of 5G technology through legislation, and China has done so through the Ministry of Industry and Information Technology. Neither the United States, the European Union and China have tried to lessen the potential environmental and health impact of 5G technologies. It is likely that environmental laws will be enacted in reaction to such effects when the full ramifications of the using 5G technology are known.

     

    ]]>
    Tue, 09 Jul 2019 17:52:00 GMT
    <![CDATA[Domain Name Protection in UAE]]>  

    Domain Name Protection in UAE

    Nowadays, all kinds of information can be found on the internet. As a result, Governments, companies, organizations and individuals use websites to provide information online. These websites are domain names used in URLs, for example in the URL https://www.stalawfirm.com/en.html; the domain name is stalalawfirm.com. A domain in simple language is a field of thought, interest, or activity, over which someone has control, rights or influence.

    On the internet, a domain is a set of addresses that shows the category or geographical area to which an internet address belongs to. In short, domain names are used to represent particular IP addresses. Since the internet consists of IP addresses and not domain names, a Domain Name System Server is used by every Web Server to translate the domain names into IP addresses.

    Top Level Domains ("TLDs") are depicted as the suffix in a domain name and identifies something about the domain name such as the purpose, the organization to which it belongs to or the geographical area of its origin. They are a limited number of Top-Level Domains.

    SUFFIX

    ORGANIZATION/PURPOSE

    .org

    Organizations (non-profit)

    .gov

    Governmental Agencies

    .mil

    Military

    .com

    Commercial Business

    .net

    Network Organizations

    .edu

    Educational Institutions

     

     

     

     

     

     

    Suffix

    Country

    .in

    India

    .ae

    UAE

    .ca

    Canada

    .th

    Thailand

    Country Specific TLDs

     

     

     

     

     

    • Need for Domain Name Protection

    Principles similar to trademark infringement apply to domain name protection. Third parties, which are unrelated to the website owner, could create and register a domain name which is identical or like either the domain name or trademark of another party. These activities are commonly called as "cyber-squatting".

    Along with cyber-squatting, websites also run the risk of phishing, where fake websites are created like legitimate websites and are used to deceive customers into disclosing personal data. These fake websites often incorporate the trademarks belonging to the right website as well as the information provided in these websites, making the fake website appear genuine and confusingly like the legitimate one.

    • Domain Name in UAE and its Protection

    With the rapid growth of E-commerce in UAE and the other GCC countries, legislation has been put into place to ensure its protection. In the UAE, Internet Domain names fall under the authority of the ae Domain Administration with the Telecommunications Regulatory Authority. Enabled in 2007, ae Domain Administration:

    • Acts as the Registry Operator
    • Establishes and enforces policies for the regulation of the ae Domain
    • Facilitates dispute settlement about the domain names

    Brief History

    The ae Domain was initially under the UUNET and was later re-delegated to Etisalat in 1995 following a brief period of administration by the United Arab Emirates University. However, in 2006, the administration was transferred to the Telecommunications Regulatory Authority.

    Domain name registration in Dubai is permitted at the second or third level based on specific category labels. At present, only Dubai companies can use the.co.ae domain name for their websites.

    • Domain Name Licensing

    It is important to note that there are no proprietary rights about domain names in the UAE. Companies in Dubai and other emirates, to use the .ae domain name, are required to obtain a domain name license. Since companies cannot own a name, they are required to apply for a special permit which is granted based on certain conditions and for a specific period. The terms and conditions of the license are contained in several documents such as the domain name registration application, domain name license, applicant's agreement to use the .ae domain, and the policy by the ae administration. Additionally, companies in Dubai applying for a domain name reservation should also fulfil certain criteria of eligibility.

    Domain Name Licensing Zones

    There are two zones about the licensing requirements:

    Unrestricted Zone:

    Residing in an unrestricted zone, Unrestricted Domain Names may be registered by any Applicant and may be available through all Accredited Registrars.

    Restricted Zone:

    Located in the RESTRICTED Zone, the domain must meet the following eligibility criteria described in S11 to 16 of the Domain Name Policy.

    Eligibility Criteria

    The registrant must meet the following criteria, depending upon the suffix chosen, for registering Domain Names under 3LDS:

    • Commercial Entities/ Information Technology Service Providers

    For registering 3LDs ending with Suffix ". co.ae" and ".net.ae," the Registrant must either possess a valid UAE trade license, be a commercial entity licensed within the UAE free-zones, or an applicant or registered holder of a trademark in the UAE.

    • Not for Profit Organizations/ Schools and Academic Organizations

    3LDs with the Suffix "org.ae", "sch.ae" and "ac.ae":

    The Organization must ensure that the Administrative Contact is an employee or officer of the requesting organization and shall certify through the acceptance of the Registrant Agreement, that they have delegated authority to Register a Domain Name on behalf of that organization; and

    provide a copy of their Certificate of Registration or a letter to this effect from the competent authorities of the UAE (Ministry of Education in the case of "sch.ae" and Ministry of Higher Education and Scientific Research for "ac.ae")

    Domain Names

    For registering the Domain Names ending with (.co.ae), (.net.ae), (org.ae), (sch.ae) and (ac.ae) as suffixes the Domain Name  applied must be an exact match, acronym, abbreviation or closely connected to name, trading name or trademark of a company, organization or association to which the Registrant belongs to or controls.

    • Government Departments and Ministries of the UAE

    3LDs with the Suffix "gov.ae":

    A registrant must be a Government Entity in the UAE.

    The domain name can only be used for the official business of the organization.

    The Applicant must state in the application the purpose of the website associated with the specific Domain Name in respect of which the Domain Name License is sought. The Domain Name must be used specifically and exclusively for this purpose during the validity of the License period.

    The Administrative Contact must be an employee and shall certify through the execution of the Registrant Agreement that they have delegated to Register a Domain Name on behalf of the Registrant. The Applicants will also provide a Letter of Authorization from the relevant Minister or officer, authorizing such registration.

    • Military Authorities

    3LDs with the Suffix "mil.ae":

    The Applicant must be an organisation established in the UAE under the relevant laws and legislation as a military organization.

    Must be used only for the official business of the organisation, and specifically and exclusively for the stated purpose for the duration of the Domain Name License Period.

    The Administrative Contact must be an employee and shall certify through the execution of the Registrant Agreement that they have delegated to Register a Domain Name on behalf of the Registrant. The Applicants will also provide a Letter of Authorization from the relevant Minister or officer, authorizing such registration.

    • SETTLEMENT OF DISPUTES

    The United Arab Emirates Network Information Center (UAEnic) is a registrar for registering Domain Names under .ae (Top Level Domain). It is also LIR (the Local Internet Registry) that assigns IP addresses to the Local Internet Community.

    The UAE Domain Name Dispute Resolution Policy and related Rules provides for the grounds and mechanism of resolving disputes that arise relating to domain names.

    Grounds

    Any person or entity may initiate administrative proceedings against the Registrant of a Domain Name on the following properties:

  • The Domain Name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; or
  • Th respondent (that is the Registrant) should be considered as having no rights or legitimate interests in respect of the Domain Name in question; or
  • Domain Name(s) should be deemed to have been Registered or being used in bad faith.
  • The complaint can relate to more than one Domain registered under the same Registrar.

    • DISPUTE RESOLUTION MECHANISM

    Complaint- The complaint and all annexes are to be submitted in the electronic form with the concluding statement and other statements, requests, and specifications as provided in the rules.

    Administrative Compliance- On the receipt of the complaint, the Provider will first check for administrative compliance and when satisfied shall send the same with the annexes electronically and a written notice with the required documents to the Respondent. Where the Provider finds a regulatory deficiency, the Complainant shall correct such deficiency within five calendar days, failing which the complaint shall be presumed to have been withdrawn. The date of commencement of proceedings shall be the day the Provider completes all his responsibilities under S. 2(a).

    Response- Within 20 days from the commencement of the proceedings, the Respondent shall send his response to the complaint electronically with the same elements as the complaint along with his grounds and reasons as to why the Respondent should retain registration or use of the domain name.

    Panel- The parties can elect whether to have a single or three-member panel and specify the name and details of their candidates in the complaint/response. Where the parties have not specified any candidate, the provider shall make the election himself. After the Panel has been appointed, the Provider shall notify the parties about the appointment and the date by which the Panel shall forward its decision on the complaint. The decision in case of a three-member panel shall be based on the majority.

    Language- Unless otherwise agreed by the parties, the language of the proceedings shall be in English, and the panel may order the translation of any documentary evidence in other languages to be translated wholly or partly into the language of the proceedings.

    Settlement/Termination – The Panel shall terminate the proceedings where the parties before the conclusion of the proceedings come to a settlement or the Panel feels that the procedures have become unnecessary or impossible.

    • ANALYSIS OF CASES REFERRED TO WIPO ARBITRATION AND MEDIATION CENTRE

    CASE 1: Zalatimo Brothers for Sweets (Ahmed Zalatimo Company and partners) v. Jebril Hasan Abumarouf, Mix Zalatimo Sweets L.L.C, Case No. DAE2017-0008

    Facts:

    The Complainant (Zalatimo Brothers for Sweets) is a manufacturer of sweets in Jordan and has registered ZALATIMO BROTHERS FOR SWEETS as a trademark on October 8, 2000, with registration number 34331 in numerous parts of the world apart from Jordan, including UAE.

    The Complainant also has had a registered domain name <zalatimo.com> since June 8, 1998.

    The Respondent had registered a domain name <zalatimoh.ae>, which according to the Complainant, displayed a website logo similar to Complainant's logo to sell sweets.

    The Complainant, as a result, filed a complaint with the WIPO Arbitration and Mediation Center on December 11, 2017.

    • FINDINGS OF THE COURT:

    According to the Court, the Complainant satisfied the conditions of S.6 (a) (i), (ii) and (iii) of the Policy due to the following reasons:

  • Confusingly Similar or Identical
  • The Complainant had established its ownership of the trademark Zalatimo Brothers for Sweets. Though the trademark is covered for the whole of Zalatimo Brothers for Sweets and not "zaltimo" alone, the Panel was convinced the word "zaltimo" is the key and distinguishing component of the complainant's trademark. The mere presence of "h" added to the disputed domain, does not distinguish it from the original trademark or eliminate the confusion caused.  Besides the country code Top-Level Domain ("ccTLD") ".ae" is typically ignored when assessing the confusing similarity between two disputed domains as established in prior .ae decisions. Consequently, the Panel found the disputed domain name too similar, creating confusion with the domain name of the Complainant.

  • Rights or Legitimate Interest
  • The Complainant proved that:

  • the Respondent had no legitimate interest or right in the disputed domain; and
  • the Complainant hadn't authorised the Respondent to use its trademark as part of the disputed domain name.
  • Registered or being used in bad faith
  • Several pieces of evidence point out that the Respondent was fully aware of the Complainant and its trademark when it registered the disputed domain name and had been using the Complainant's trademark in bad faith. The facts indicating bad faith were:

    • That the trademark for Zaltimo Brothers for Sweets was a well-known trademark.
    • That the Respondent was using the trademark for the same purpose, that is sweets.
    • That the Respondent imitated the logo of the Complainant's trademark, thereby trying to create confusion in the mind of customers to steal the Complainant's clientele.

     

    ]]>
    Sat, 08 Jun 2019 11:25:00 GMT
    <![CDATA[Dubai Electronic Transactions Statute]]> Dubai Electronic Transactions Statute

    Introduction

    Dubai is a city that is globally known for its high living standard for those who reside therein, but also its flashy and highly impressive locations and attractions. It is a popular tourist destination which hosts millions of foreign visitors every year. The numbers have grown dramatically throughout the years, with there being around 14 million overnight visitors in 2017, and the first half of the year seeing over 8 million alone.

    With this level of visitation that occurs regularly, there is a considerable amount of money being spent in the country on all types of products from the ultimate luxuries to the most ordinary of goods and services.

    However, it is turning into an ever greater norm than ever around the world for transactions to be completed online. There are many ways in which this occurs, including through the use of credit and debit cards all the way to entirely online transactions which then get delivered to chosen locations.

    Times have changed, and while there was once universal distrust of performing online transactions, the changes that have arrived have made all processes far more secure. One of the reasons for the shift we see in confidence is the rise in regulations which provide people with confidence. There must be constant tracking and records made around all transactions so that a traceable path exists.

    Beyond this element, great strides have also arisen on the part of the consumers specifically surrounding payment methods and online security. With the world making ever greater shifts towards integrating technology, there have appeared numerous improvements. Online payment methods such as credit cards are far more trustworthy now than ever, and other methods such as PayPal are generally very secure. Up and coming concepts such as cryptocurrencies have the potential to propel this even further.

    This trend is expected to continue, and change may arrive even faster with the younger generations growing up with these technologies. The laws on the matter are of greater importance every day and already prominent in many jurisdictions globally, and this certainly includes the UAE.

    The UAE has had more reason than many to adapt and adopt the change quickly. They introduced their regulation, the Electronic Transactions and Commerce Law Number 2 of 2002 (Dubai Electronic Transaction Statute or DETS), which arrived during a booming time in the nation's growth. This regulation will receive further discussion and analysis here along with any other issues or related side topics.

    Electronic Transactions and Commerce Law

    There are a few highly notable aspects of this law which demand consideration. These are as follows:

  • Requirements for and the processes of electronic transactions;
  • Issues and conditions surrounding writings and signatures in electronic transactions;
  • The matter of communication in electronic transactions. Secure methods must exist, and their forgery requires prevention;
  • There must be rules in place to identify and authorise electronic transactions;
  • The evidence is a hugely important area to consider. Not only does it make any further processes easier to handle in the case something goes awry, but it also ensures that consumer confidence significantly improves;
  • There are also penalties in place for breaking these laws.
  • With these elements considered and put down as legislation, confidence rises. Now, these elements will undergo further analysis and the stance of the law for each shall be provided.

    Electronic Transaction and Communications Requirements

    This concept is covered under Chapter three of the DETS and sets out the basics of what is required for an electronic transaction to be legally binding. To begin with, some of the most basic and critical aspects of a contract are that of offer and acceptance. These are among the most critical areas that require fulfilment before a deal comes into existence.

    Article 13 (1) states that it is possible that the offer and acceptance stages of a contract may, in part or as a whole, occur through online means of communication. This confirmation is a crucial one, as the offer and acceptance stages are known across the majority of global jurisdictions to be of primary importance and are required to form legally binding agreements.

    Article 13 (2) continues by stating that a case shall not be dismissed on the sole basis that its completion occurred through electronic means of communication. These two points are present in almost every online or electronic transaction, and thus this law confirms that they are permitted.

    In terms of communication through electronic means, Chapter two, Article 7 states that electrical communications cannot be rejected merely because they are electrical in form. Beyond this, Article 7 (2) clarifies that information requires no specific mention within the communication. Instead, what is referred to should at the minimum be obtainable and clear in what it is regarding and relating to and should not be confusing on this front.

    On top of this, it is highly essential to keep a record of all present documents. Article 8 states that electronic records are to be retained in their initial format of production rather than any other form. Further to this, it should be kept in a place and manner that is accessible for future reference.

    Presentation of Electronic Evidence

    Federal Law Number 1/2006 concerning Electronic Commerce and Transactions

    While the matter of electronic evidence receives coverage within this regulation, it is not the main rule. Law Number 1 of 2006 covers electronic transactions and commerce, while taking a further dive into evidence and its admissibility in a court.

    This law also considers the overall UAE legal stance on the matter as the previously discussed law primarily concerns the Emirate of Dubai.

    An example of a court case relating to electronic evidence is the Dubai Court of Cassation, 277/2009, in which it was confirmed that emails have legal force, and other forms of electronic communications are also applicable. It is the obligation of those involved to ensure reliable records and communication standards are kept.

    All in all, the Federal law is very similar to the Dubai law that was released five years prior, though it covers a broader jurisdiction and goes into greater depth on the matters of electronic evidence and signatures. In the modern world, it is something of a requirement that electronic signatures and evidence be handled severely and get taken into consideration appropriately. Article 18 of the Federal Law Number 1 of 2006 concerns Electronic Signatures and Electronic Certificate Attestation. In both of these cases, they are acceptable in a court of law as evidence so long as (as stated under subsection 1) reliance upon them would be a reliable path to take. As such, if it is clear that the electronic signatures or attestation were a requirement and crucial aspect of an agreement, it would likely be accepted. However, on this matter, it is essential to clarify precisely what the reliable occasions of reliance would be. Article 18 (3) covers just this. Some of these crucial points are as follows:

  • The signature must have been initially intended to support the matter at hand;
  • The party relying on the signature must have taken the appropriate steps to ensure it meets the standards of reliability;
  • The matter of any (reasonably assumed on the part of the relying party) compromises or revocations of the signed documents;
  • Any other relevant factors that the court may find of importance.
  • On top of this, foreign certificates and signatures also require consideration, as the international business nature of the UAE would suggest that numerous electronic documents and signatures arise in the country regularly.

    Dubai Court of Cassation 35, 2008, is another case in which solidifies the idea. The idea is that electronic records and documents will hold the same legal probative as physical evidence of the like.

    Article 23 of the Federal Law discusses just this and states that these signatures and certificates are acceptable within the UAE jurisdiction. Section 23 (1) says that no consideration is required on the part of the jurisdiction and the only element to consider is the validity. Subsection 2 specifies this by stating that the most critical aspect to consider is the validity and reliability of certificates and signatures.

    Penalties

    Signatures and certificates are significant in whatever form they are available. They often hold important purposes and may carry weight in litigation, and therefore severe penalties are required to ensure compliance.

    Chapter 7 of the Dubai Law covers penalties, and Article 29, which concerns fraudulent certificates states that any production or publication of such a document is strictly prohibited. Further, the Article specifies that a penalty of imprisonment or up to AED 250,000 fine may apply.

    Article 32 states that anything that would be considered a crime under UAE law would also be considered a crime if committed electronically. Overall, the penalties are confinements of up to six months and AED 100,000 of fines, and if the offence has greater punishments as per different law, they may apply here.

    Any tools utilised in the production of these illegal electronic certificates will be confiscated as per Article 34 of the law.

     

    ]]>
    Tue, 21 May 2019 15:35:00 GMT
    <![CDATA[Should Robots Granted Citizenship]]> Should Robots be Granted Citizenship?

    It's 2019 and with the world progressively stepping towards technological advancement, active presence of machines is no surprise. Within considerable amount of time, Artificial Intelligence has taken over the world with its ideas and promises. Human beings are doing everything possible to ease out their work and life, and creation of robots is one such example. This article talks about the initiation of robotics, the acknowledgment of their existence, the curses and boons associated, and deeply analyses whether robots should be granted citizenship or not. With UAE granting citizenship to Sophia, being the talk of the hour, it is impeditive that the constitutionality of the same be discussed. The article initiates by providing the reader with a brief discussion upon what constitutes a robot; the requirements for acquiring a citizenship; followed by a brief discussion on worldwide view of the same, making a comparative analysis with the present case in the UAE. It further helps the reader understand the advantages and disadvantages of granting a citizenship to a robot and finally concludes by providing a critical opinion of the same.

    Robot and Citizenship – An understanding.

    A robot is a machine, programmable by a computer capable of carrying out a complex series of actions automatically. They can be guided by an external control device or the control may be embedded within. They may be autonomous or semi-autonomous; humanoid, medical operating robots, nano robots, etc. Since they are programmed by computers and display a lifelike appearance or movement, they may convey by a sense of their own thought, or a sense of intelligence installed within.

    In a nation governed by rule of law, citizenship has a clearly defined meaning with rights and responsibilities relatively straightforwardly derivable from written legal documents using modern analytical logic.

    For example in India, Article 5-8 conferred citizenship on each person who met the criteria below at the commencement of the Constitution :

    • Domiciled in India and born in India
    • domiciled not born in India but either of whose parents was born in India
    • domiciled, not born in India but ordinarily resident for more than five years
    • resident in India but migrated to Pakistan after 1 March 1947 and later returned to India on resettlement permit
    • resident in Pakistan but who migrated to India after 19 July 1948 or who came after that date but had resided for more than six months and got registered in prescribed manner
    • resident outside India but who or either of whose parents or grand parents were born in India.

    Furthermore, in Saudi Arabia, citizenship having a real meaning, is yet different from the sort of meaning that is derivable from various historical Islamic writings (the Quran, the hadiths, etc.) based on deep contextual interpretation by modern and historical Islamic figures. Claiming a UAE citizenship depends on every individuals' personal situation whereby the authorities have discretionary powers to offer citizenship to foreigners who have made an exceptional contribution to the region. The clear way of acquiring citizenship in UAE remains by way of birth, on marrying an Emirati or by way of residence. However, the wait time for this means you must live and work in the UAE continuously for up to 30 years before your application will be considered.

    The hurdles in between.

    From the abovementioned discussion, it can be said that for a robot to acquire citizenship, it must have an identity that can be considered as a citizen. Humans constitute all the ingredients of being a citizens, whereby they differentiate among themselves by way of their identity, which is derived by their face, voice, brainwaves, fingerprints, etc. which is entirely theirs. A robot is not born, it is created by way of science and technology. Even though a robot can derive its identity in similar ways, by their barcode number or unique skin mark, but this can not conclude their identity being solely restricted to one robot, since it would be an identity of a hardware and not a robot. And a hardware can at anytime be shifted from one robot to another. Henceforth creating a havoc and confusion while defining or describing the identity of the said robot.

    Having regard with the abovementioned observation, no jurisdiction in the world has ever granted citizenship to a robot, except for UAE. But this is not the only reason that restricts robots acquiring citizenship in the rest of the world. Those are legal issues, political issues and/or human rights issues.

    In the case of United Arab Emirates, the robot that has been granted citizenship is named as Sophia, and she has taken over the news all over the world like a fire. The last World Government Summit in Dubai in 2017, made it very clear that a close attention was to be paid to the Artificial Intelligence and its working, and Sophia was without any doubt under the spotlight. For the sake of this article, the details about Sophia and its accordance with the laws in UAE are not discussed in detail.

    Sophia, a Hanson Robotics creation, who is the first robot being granted citizenship of a country, was created in November 2017, celebrating its birthday on the Valentine's day, Sophia becomes the first robot to have acquired citizenship. This grant of status is highly questionable, following three major issues- legal identification, legal rights and social rights.

    The issue of identity has been discussed above and should be noted accordingly.

    Legal Perspective

    Another point of objection raised is regarding the identification and justification of the legal rights and liabilities that a robot would acquire and intake. A citizen, under every jurisdiction, generally, acquires certain legal rights and liabilities – constitutional, private, or property rights. For example, a right to vote, payment of taxes, criminal acts, or a right to sign an agreement, marry and so on. In the case of a robot it shall be very difficult to underline the rights and liabilities it incurs, since it has a created form and not born one. The questions that shall arise on deciding the legal liability or right of the robot, for example, for the purpose of this article, assuming that Sophia is a citizen robot able to vote, who shall make the decision of whom to vote – Sophia, or the manufacturer.

    Similarly, if a criminal or a corporate liability is alleged on Sophia, for instance for breach on contract, resulting in fraud and cheating, invites such liabilities on Sophia. Here who shall be considered liable –  Sophia or the manufacturer.

    Again, assuming, for the sake of this article, that Sophia is held liable for a criminal act and is punishable under the same, who shall decide the punishment or what kinds of punishments be given. Further, on being given the punishment, it doesn't assure the fact that the said crime shall not happen again, as it is the hardware created by the mind of manufacturer, who can create another bot with the same hardware. If the manufacturer is also held liable for the offences committed by the bot, the manufacturer can objectify the same by lifting the veil and arguing upon the bot being a totally different citizen. Question may also arise regarding the priority among the human in danger with that of a bot in danger.

    Currently, the artificial intelligence (AI) community is still debating what principles should govern the design and use of AI, let alone what the laws should be. Therefore, it is highly arguable as to how the liabilities of a bot can be justified and what shall be the extent or the scope o the same, considering the current status of the legislature governing the Artificial Intelligence laws. The most recent list proposes 23 principles known as the Asilomar AI Principles. But a lot of work is yet to undertaken regarding the same and cannot be done by way of simple announcement.

    Humans or Sophia(s)? – A societal concern.

    Considering another issue, how would it be defined as to what the moral and social rights of a bot are. For instance, speaking about relationships and reproduction, as a citizen, will Sophia, the humanoid emotional robot, be allowed to "marry" or "breed" if Sophia chooses to? If more robots join Sophia as citizens of the world, perhaps they too could claim their rights to self-replicate into other robots. These robots would also become citizens. With no resource constraints on how many children each of these robots could have, they could easily exceed the human population of a nation.

    This leads to another concern, and a particularly major one, which is whether such advancement and growing technological innovations would lead to a situation which might lead to the robot super-suppressing the presence of humans, thus affecting the human rights and questions the need of humans in this world.  Students from North Dacota State University have taken steps to create a robot that self-replicates using 3D printing technologies. If allowed, shall there be any harm to the humans – of course.

    Robots in trend. But Why?

    It's very simple!

    Such advancement ease ups the working of industries and factories, whereby already the machinery is replacing human beings, causing an increase in unemployment of humans. On being asked about this, Sophia stated rather very impressively, that they intend to team up with the world, rather than taking it over. But how can one assure this statement, if they are given equal status with that of humans, but not similar accountability.

    The fact that it eases up the work and fundamentally helps reducing the crime rate, is not exhaustive. It also helps worldwide advancement and connection, and brings up the goodwill of the concerned association. It also helps in promotion, marketing and can be updated time to time which again helps in easing up the work of humans at an entirely different level.

    But these reasons may not be conclusively accepted towards granting citizenship rights and creating an entirely new league of species for the competition against human beings. Yes, there lies requirement of legalising and protecting the artificial intelligence and the creator of the same, but citizenship can not be the answer to the same. There also lies other alternatives that can be undertaken, such as legalising the robots, or enacting new legislations for their accountability and understanding.

    Author's perspective and Conclusion

    In my opinion, citizenship is a right that is of a very high stature and should be granted to those who can access such rights and dispose off such duties with a reasonable care thereupon. A robot is expected to perform activities equivalent to human beings, but one can not be certain that there lies complete accuracy and efficiency without any default. And for the reasons stated above, it can further be opined that such grant would lead to robots overtaking the human population and would also cause a gross disadvantage to the human race, which at this stage may not be welcomed.

    ]]>
    Tue, 07 May 2019 10:56:00 GMT
    <![CDATA[A Guide Information Security ]]> A Guide to Information Security and Data Protection Laws in GCC Countries

    New challenges have arisen with the technological development along with the social and economic globalization.  It can be said that our entire personal data is being stored in the gadgets we use. Internet today has brought millions of unsecured computer networks into continuous communications with other networks. With the advent of information being stored electronically, more and more people use online banking and shopping services, social media, location-based services, mobile services for their everyday activities. This results in the collection of an enormous amount of digital trail of personal data of these users which are left all over the internet. The security of each computer's information depends upon the level of security of other computers connected to it.

    In the recent years, with the realization of the importance of Information Security to both national security and the corporate world, awareness of the necessity to improve Information Security has grown and is ever increasing.

    In this guide, we will address the following questions regarding Information Security:

  • What is Information Security?
  • Is there a need for Information Security?
  • What is the relevant legislation for information security in UAE and other GCC countries?
  • What are information security agreements/ clauses and what needs to be added to these clauses/agreements?
  • What is Information Security?

     In the earlier stages, information security was a simple process composed of predominantly physical security of documents and its classification.  The primary threat faced by companies were theft of equipment, product espionage of the systems and sabotage. One of the earlier documented cases of security problems occurred in early 1960, where the systems administrator was working on the Message of the Day and another administrator was editing the password file, when a software glitch mixed the two files, causing the entire password file to be printed in every output file.

    With the growing concern about States engaged information warfare and the possibility that business and personal information systems being threatened if left unprotected has made Information Security (InfoSec) emerge as a method to ensure the confidentiality of the available data and also the availability of technology enabling the delivery and processing of that data. In simple terms, it can be explained as the protection of information and systems from unauthorized access, disclosure, alteration, destruction or disruption.

    It can be said that the main objectives of information security are:

    • Confidentiality

    Which refers to the preventing unauthorized access or disclosure of information and providing its protection. Confidentiality means ensuring that the individuals authorized are able to access the information and those who are not authorized are prevented.

    • Integrity

    It is the protection of information from unauthorized alteration or destruction and ensuring that the information and its systems are uncorrupted, accurate, and complete.

    • Availability

    Means to ensure that the information is available in a timely manner and there is reliable access to and use of the information and the information systems, at the same time, protect the information and information systems from unauthorized disruption

    Why do we need information security?

    A fundamental aspect for the success of our economy and society is data, and the protection of the same from cybercriminals has become the need of the hour in today's cyber world.

    Advanced Persistent Threat (ADT) is a well-resourced systematic attack perpetrated by competing states and cyber criminals who aim at state secrets, corporate espionage, and theft of sensitive data.  ADT has added to the breaches of millions of the individual personal, health and financial information, making it essential for institutions that collect and use personal data to develop and sustain a comprehensive security system in order to protect itself against such attacks.

    For the security of individuals and the survival of enterprises, it is paramount to secure information resources and protect personal information from being exposed to groups or individuals with malicious intentions. While businesses struggle to survive amidst these critical issues surrounding information security and the increased risk of serious data breaches, governments are also changing their data protection laws so as to adapt and secure itself against these new risks that arise every day.

    When companies entrust business partners and vendors with the company's confidential information, the company is also entrusting them with all control of the security measures for the company's data. Such a trust cannot be blind.

    Examples of InfoSec Breaches:

    • British Airway's Customer Data Hack 2018

    The British Airways recently announced that over 380,000 payment card details and personal data of customers were compromised following a 15-day hack attack from 21st of August 2018 to 5th September 2018 and warning the customers to contact their banks immediately in order to secure the same.

    • The Bank Heist of 2013

    In 2013, the world witnessed one of the biggest bank heists of the century. A team of cybercriminals stole $45 Million (AED 165 Million) from RAKBANK and Bank of Muscat by accessing the computers of their credit card processors. Once they gained access, they increased the available balance and withdrawal limits on prepaid MasterCards issued by the banks. They then distributed these counterfeit cards to "cashers" around the world enabling them to siphon millions of dollars from ATMs. This included over 36,000 transactions which were committed in a matter of 10 hours. 

    • Cryptowall Ransomeware Case

    Cryptowall is a file-encrypting ransomware program which was used by its creators to make over $1 million by infecting over 600,000 computer systems in 2014. Once gaining access into the computers, they encrypted the sensitive information files which were only decrypted when the owners paid the ransom. Even though Cryptowall had been spreading since 2013, it had been overshadowed by Cryptolocker, which is another ransomware program. When the threat of Cryptolocker was mitigated, the makers of Cryptowall stole the data by accessing computers through various tactics including spam emails with malicious links and attachments, drive-by-download attack for infected sites with exploit kits and through installation through other malware programs already installed and running on compromised computers.

     

    ]]>
    Thu, 11 Apr 2019 13:37:00 GMT
    <![CDATA[Decentralized Autonomous Organisation]]> Decentralized Autonomous Organisation

    The promising era of Economic Freedom

    A decentralized autonomous organization (the DAO) is a computer program which is a form of an investor directed venture capital fund.

    The primary objective of the DAO was to provide a new decentralized business model which could help in the operations of both commercials as well as non- profit making organizations. In the year 2016, the crowdfunding of DAO further went on to create history as the most massive crowdfunded campaign. The main plan behind this concept was to put more control in the hands of the investors and to strike off the idea of having a centralized authority, which proved itself to be a more economical method. The DAO further came to be known for establishing itself as the most successful and dynamic concept to be implemented through the Blockchain technology. A blockchain is a decentralized,  digital ledger accessible by the public through which various transactions taking place through multiple computers can be recorded. It ensures that the said record cannot be altered with and also allows its participants to check and audit the transactions taking place in a very transparent, cost-effective and straightforward manner.

    It took birth at the beginning of May 2016, when a few members of the Ethereum community disclosed their creation of the DAO. The DAO during its creation period allowed anyone to send Ether to a unique wallet address in exchange for DAO tokens on a 1–100 scale. Ether is a cryptocurrency which has its blockchain generated by the Ethereum platform.  This period of its creation turned out to be of great success, and it gathered 12.7M Ether (worth around $150M at the time), which now made it the biggest crowdfund ever. There came a point when Ether was trading at $20, the total Ether from The DAO was worth over $250 million.

    It opened the doors and gave the opportunity to anyone who has a project and wanted to display their idea before the community, and in return receive funding towards the same from the DAO. It enabled anyone with a DAO token to cast their vote towards a plan and make a profit if the said plan turned out to be a success. The DAO was proving to be a platform that issued funds in Ether to projects, whereas the investors received voting right with the possession of a digital voting token. It was a successful platform wherein contractors with the project could submit their ideas and plans, which would further be verified and checked by a team of volunteers called the curators. Post scrutinising the details such as identity of the people putting forward their ideas and projects and post having a check on the legality of the said project and idea, the said project was put forward for the investors to vote post which on the success of the project the profits from the investment was then reverted to the shareholders.

    The DAO at no point of time was in possession of the money of their investors, but in fact, it was only through the digital voting tokens that the investors could cast their votes towards a project.

    The fact cannot be ruled out that the concept of the DAO was unique and is the need of the hour in shaping a modern-day organizational structure. This concept gives an opportunity for every individual to display their ideas and also provides the power to the investors to take productive decisions with regards to the same overruling the concept of a monotonous Hierarchy system.

    Furthermore as putting up ideas as well as investing in them requires the investor to spend a certain amount of money, the same now helps in taking a faster decision and in overlooking unproductive ideas at a quicker speed. Further, all the rules to the said concept are laid down to everyone taking part, and everyone herein decides how to spend their money at the same time have easy access towards tracking their finances and also keep a check on how it is spent.

    The Attack that changed it all

    The DAO was proving itself to be a major success until the 17th of June 2016, the day it was attacked by a hacker which resulted in the discovery of a combination of vulnerabilities which included the feature of recursive calls( when a routine dials itself both, directly and indirectly, it is said to be making a recursive call). Soon it was discovered that the hacker had taken control of 3.6 million Either, which was about one-third of the total Either that was committed to the DAO. The Ethereum blockchain was not found to be the cause of the said hack but was an intelligent hacker who had discovered a vulnerability in the said system, which would not have been the case if the coding of the DAO was done rightly.

    The hack of the DAO was a major eye-opener. Having touched the numbers, the DAO had accomplished, despite its failure, it still holds a mark for the accomplishment it had reached. It wouldn't be wrong to say that in an industry with young procedures and developing tools, this was a project which had an early launch for a concept of its magnitude.

    Further having various security checks or test would not make a difference as even though the team, as well as the community, was well acquainted with the resolution of problems about areas such as the Call Stack Depth attack, unbound loops, and various specific vectors. The re-entry attack was something that left everyone unaware during the time the writing of the DAO framework.

    It is still not known whether the said attacker belonged to a particular group or was a single individual, who cleverly made us of the inbuilt split to transfer money into another wallet. The original function of the said split was to allow the investor to withdraw the Either and further to return the token if anyone desired to leave from the DAO. It was, in fact, this function that proved to be a setback for the DAO as it was through this function that the hacker had discovered a vulnerability which was, in fact, an error, and now started repeatedly calling the said split function and each time called a new request before the end of the previous one. It was because of this error that the system could not read the fact that the transaction had already been completed during the last split function. The hacker severely abused the said error and in no time was found to have withdrawn Either running to a sum of US $ 50mn. It caused a significant setback and had created a state of paralysis for the Ethereum community and had brought a massive breakdown in the value of the digital currency. 

    Finding the plan to recovery

    At this time of crises, there were various ideas which were now discussed by the members of the community towards damage control, out of which one was to freeze the money before the hacker could withdraw the said stolen money. The execution of this action would have now enabled the community to take control of the stolen Ether and further direct the same towards the accounts of their rightful owners.  The said idea did receive massive support but was not implemented as the same was found to be associated with having a risk towards market securities.

    The optional ideas that were proposed to take control of the said situation were to conduct a hard fork. By using this method, all the finances would be transferred into a new contract post which the original holders would be able to access the said contract and exchange their DAO token for Ether at a rate which was decided before the announced plan.  After a series of discussion and after taking into consideration various options, it was the Hard Fork method which came to be determined as a weapon to resist the damage that had been incurred due to the said act. The said plan was now implemented before the hacker could withdraw all the ETH from the " DarkDAO." As a result of this, all the funds were soon transferred to the withdrawal contract, and the original owners were now accessing the same to withdraw their Ether.

    Lesson Learnt?

    The said attack was devastating, but it surely taught a lesson that even though the system is stable, the human being remains its most significant challenge and weakness.  Even though the said contract was programmed with precision, it still contained certain loopholes which enabled a hacker to enter into the said system and create a heist. It is a matter of great appreciation that in the situation of crises the community proved their ability to handle the said situation and take control of the same. In spite of the said crises and panicked situation, the community remained calm and analyzed the pros and cons of all the situations, and damage control techniques within a very short period, and further went on to succeed in the step chosen and taking control of the situation.

    Further in an environment where the code is the basis of all functionality, the same needs to be of good quality, reviewed and also developed. Further, the responsibility of code quality in a blockchain should be taken by the entire community. Especially in the case of DAOs, it is the view of many stakeholders in the community that like a contract is read before investing money, in the same manner, all investors should also review the code, and its risk should be assessed. In the short term, it will be interesting to see how the community will be able to adjust to this situation by motivating users who have not yet triggered the exchange of their DAO tokens to do so.

     

    ]]>
    Tue, 04 Dec 2018 15:22:00 GMT
    <![CDATA[The Law, the iPhone and Facial Recognition - PartII]]> EYE-PHONE: LEGAL ISSUES ABOUT APPLE'S NEW FACIAL RECOGNITION FEATURE – PART II

    The ever-changing technology the law is always trying to keep up its pace as now the interaction of law and technology is more critical than ever. The ungoverned technology is a danger to the society if drones are flying over a city that is a problem unlike the cars on the streets in 1916. It is essential that we protect our community, privacy, money, and safety from the potential harm of new technologies and to achieve this we will need new laws that would protect us the way we are under the protection of nuclear bombs. Concerning the previous article, this article will look into the legalities surrounding facial recognition feature with supporting the legislation.

    The face detection technology by Apple is made with higher sophistication as it uses dual cameras and captures depth by an array of projected infrared dots. However, when Samsung released Galaxy S8 in March 2017 with a facial recognition system that was a major selling point. But the system failed when the scan got a spoof by holding an image of the person's face in front of their phone.

    Privacy Issues

    One primary user privacy concern attached to using Face ID on iPhone X is that during police detention will they be able to access your phone easily? By just holding the phone up to your face the police will have access to all your private information. However, Apple argues that it does not work with the user's eyes closed. But the speed of the process is so quick that as soon as the user opens their eyes, Face ID scans successfully despite the camera being off-axis to the user's face. Therefore, unwilling login access to iPhone X remains questionable until it releases in the market. But the good part is that similar to the Touch ID; you can also opt out of Face ID option to avoid privacy concerns.

    As with most technological advancements, there is a process of trial and error. However, Apple is only showing concern regarding one type of error that could happen concerning its Face ID algorithm, which is someone else gaining access to the device. But there remains another concern of your phone not recognizing you and therefore not granting you access.  We will know more about the issues with this technology once the customers start using the new iPhone X and provide with their feedback.

    With this new technology introduced in the iPhone, one must wonder about the possibility of an identical twin gaining access to his/her sibling's iPhone due to identical facial features genetically. Although this question is irrelevant for a vast majority as only four in one thousand births, result in identical twins according to scientific consensus. Apple's representative saw this as a loophole and advised similar twins to protect their sensitive data on the device with a passcode as the chances of an identical twin being able to bypass Face ID and break into the phone are more.

    Furthermore, to secure the phone correctly, two aspects of biometric security should be considered. One is the protection of the stored biometric data, and the other is having the ability to defend the authentication system of the device from fake users. For protecting the stored biometric data, it should be stored in the internal memory of the smartphone and not on an external computer server. As iPhone's representative claims that an individual's face data is protected in an enclave, as it is in the iPhone data and not in a central database system, which is easier to break into for hackers.

    Precedents

    A Virginia Beach Circuit Court ruled that an individual in a criminal proceeding couldn't be forced to disclose the passcode of his mobile phone, as that would have an impact of violating the self-incrimination clause of the Fifth Amendment. However, at that time, the Court was of the opinion that an individual could be forced to give up his fingerprint for unlocking the touch ID or any device protected with prints. The Court reasoned this approach with explaining that while a passcode requires a defendant to use actual knowledge, a copy is a form of physical evidence similar to a DNA sample that authorities are legally allowed to demand an investigation in certain circumstances.

    In a case in Minnesota appellate court ruled against a convicted burglar who was forced to unlock his phone by a lower state court by giving his fingerprints, which opened it. This case, the State of Minnesota v. Matthew Vaughn Diamond, is the latest episode in a series of unrelated cases throughout the USA that test the limits of digital privacy, modern smartphone-based fingerprint scanners, and constitutional law. Diamond went to trial in 2015 and was convicted of the burglary along with two other lesser charges and therefore, got imprisonment up to 51 months in prison. Later, Diamond appealed because by forcing him to unlock his phone his Fifth Amendment rights against incrimination were violated.

    Moreover, being forced to give out passcodes or fingerprint –enabled passcodes which are the modern unbreakable encryptions, frustrate the lawful authorities when dealing with criminals who refuse to cooperate and unlock their data.

    Under the Fifth Amendment, defendants cannot generally be compelled to provide self-incriminating testimony but giving a fingerprint is allowed for identification or matching to an unknown print found at a crime scene.

    In sum, because the order compelling Diamond to produce his fingerprint to unlock the cellphone did not require a testimonial communication, we hold that the law did not violate Diamond's Fifth Amendment privilege against compelled self-incrimination.

    The technology of using fingerprints to unlock a smartphone is relatively recent. In a right frame, this type of technology is not violating rights of an individual instead it is merely a forceful production, for example, being forced to hand over keys to a safe. However, if an individual is forced to disclose his passcode to the phone, the legal implications for such would be different.

    The FACE++ Technology

    An excellent example of widening extents of face detection technology is the Face++ (pronounced Face Plus Plus), a Chinese startup based in Beijing. The technique of face recognition is widely used in China to promote surveillance as well as convenience. This technology has transformed our daily lives regarding banking, retail, and transportation services. Face++is under usage for apps for example; a mobile payment app called Alipay with over 120 million users in China, uses your face as credentials to authorize payments. Another example is Didi, one of the most popular ride-hailing company in China uses Face++ to identify the legitimacy of the driver. Lastly, Baidu, a company that operates China's most popular search engine is now working on a system to allow people to collect rail tickets by showing their face.

    Moreover, this type of technology has progressed in China due to their policies towards privacy and surveillance. Governments to identify suspected criminals through surveillance cameras also use Face++. According to an assistant professor at Peking University, Shilang Zhang; "The face recognition market is huge. In China, security is paramount, and we also have lots of people, and lots of companies are working on it". The technology of facial recognition has existed for years, but with significant technological advancements in this area, it has improved its accuracy. Only now it has become so accurate and sophisticated that it is under usage for financial transactions.

    The Face ID technology introduced by Apple can potentially compromise user privacy especially in cases of authorities confiscating personal belonging like smartphones. As mentioned previously in the example above, compelling individuals to give their biometrics does not violate their Fifth Amendment rights whereas it is an argument that an individual producing their passcode by using their memory if demanded by the authorities does violate the Fifth Amendment rights, as it constitutes self-incrimination.

    In the future, what does this mean for the potential users of iPhone X? As millions of Apple users will switch to iPhone X as soon as it hits the market, will this require clarity in regards to an individual's constitutional rights?

     

    ]]>
    Mon, 09 Jul 2018 11:18:00 GMT
    <![CDATA[GDPR Compilant or not]]> GDPR COMPLIANT OR NOT?

    Introduction

    On 25 May 2018, General Data Protection Regulation (the GDPR) will come into effect in European Union. It is the most significant transformation to the landscape of European data protection in the past twenty years. Upon the enactment of new GDPR law, all the personal data of EU and its residents will get regulated. This regulation is likely to impact on several organizations in EU and several other business units such as sales, marketing, IT, e-transactions and others. The GDPR will have a cascading effect on the EU National Data Protection Legislation. GDPR has been discussed a lot lately and its impact in EU and outside Europe. The following article will provide a complete summary of the new legislation, and essential companies must consider in their endeavors for adjusting with GDPR.

    WHAT IS GDPR?

    GDPR is a way of protecting personal information in the 21st century; wherein, people will grant permission to companies who can utilize their data for several reasons in exchange for free services. It gives absolute control to people over how companies can use their information and simultaneously introduce hefty penalties for the violators of the law and compensation for those who suffer a breach. It further ensures that data protection is indifferent to all the EU member states.

    GDPR law will cover various aspects including privacy notes, notice for seeking consent, information about the usage of data and how the data will get communicated to and through other organizations. Most of the guidelines don't add much to what we know and can get from the content of the GDPR, including its presentations, or from past articulations from the WP29. However, there are some valuable illuminations and recommendations to be found.

    IMPROVEMENTS TO BE CONSIDERED

    Comprehensively, the primary rules and principles are unaltered. The essential meanings of fundamental concepts, for example, 'processing' or 'individual information and sensitive information' is same as before.On the same note, definitions of some authorities are unchanged including 'data subject,' 'processor' and the 'Data Protection authorities (DPA).' The usage of information is as yet contingent and similar principles of 'reason' and 'security,'remain intact. Following are the notable changes in the new law which the organizations should consider:

             i.            The fines imposed under the GDPR law ranges up to 20 million Euros or 4% (four percent) of the company's annual turnover;

           ii.            the actions initiated against the violators and the compensation awarded to the victims of data breach;

          iii.            the control over personal data; and

         iv.            the expanded jurisdiction of the law even on the companies incorporated outside EU and doing business with companies inside EU.

    Importantly, the utmost control over the personal data is the essential subject which which legislators had in mindbefore implementing GDPR law. Thus, the consent to utilize personal information should be expressed and should be affirmative. Also, it must allow the public to withdraw their consent at any given point in time or update their information or to delete the data thoroughly. Companies upon obtaining the approval will have the right to process the data and to exchange it with other entities.

    The GDPR law imposes two new obligations on the companies that is 'piracy by design' and 'piracy by default.' The Piracy by design responsibility oblige the entities to take into account security measures when conceptualizing modern data collection frameworks and to constrain the information collection and to process the data only for authentic reasons. Thisaspect increments the responsibility of companies and affects them to act in line with the GDPR. Whereas, the latter stipulates that new collection and the tools utilized for processing data should record to highest data protection level and that any deviation from this rule will require the explicitconsent of the person. Thisrule implies for an occurrence that pre-filled fields are at best avoided.

    COMPLIANCE UNDER THE LAW

    The law has brought significant changes in the data protection laws in EU as it has imposed several obligations on the marketing companies, insurance companies and another related sector which requires additional compliance to follow. For instance, the data processors must include these other terms in the contracts and are obliged under the law to adhere to such conditions. However, if they failed to comply with the requirement of the law, they will be subject to direct surveillance and penalties by superior authorities. 

    On the contrary, for the controllers of data, the law requires them to illustrate as to how they comply with the provisions of the law. Thiscompliance requirement suggests that data controllers must prepare a record of how they will process data and should supply the documents to the supervisory committee. The law further, obliges the companies whose core activity is monitoring of information on large scale, to appoint a data protection officer. Some of the insurance companies must also be aware of pseudonymization and privacy statements. Pseudonymization is outlined to offer information subjects another level of assurance, while security affect appraisals will be utilized by endeavors to recognize and address non-compliance dangers. Further, in cases  where the processing of data posses a high risk to the privacy of data, issuance of privacy statement in such event will be mandatory.  Below are the other vital changes in the GDPR which companies should keep in mind:

            I.            Consent: silent acceptance or pre-ticked forms will not suffice the need the definition of consent under the law. Explicitaffirmative action will be required,and data subjects can pull back their approval at any time. Thisact will affect policyholders and changes to client confronting websites, promoting fabric and reports will be required.

          II.            Notice of Privacy: it is an additional requirement under the law, wherein the insurance companies should provide the top information which can ensure transparency to the policyholders. The data passing involves the basis for preparing the data and the period for which the company will hold the same.

        III.            Right over Information: regardless of the rights mentioned above offered to the data subject by the law, they also have the authority to rectify, erase, impose restriction or raise any objection with regards to the data held by the company. The GDPR is prepared to offer data subjects more control by giving information subjects the opportunity to question the handling based on the interest of the controller or processor.

        IV.            Access Requests of Data Subject: there is a change in subject access requests compared to the old law that is the data subject has right to receive additional information; the time-period for processing request is now 30 days instead of 40 days; companies cannot reject the application except if the same is repetitive.

    The new law explicitly outlines that insurance sector will face several responsibilities and obligations while adhering to the provisions of the law.

    EXEMPTIONS UNDER THE LAW

    There are several exemptions under the law such as exemption towards the obligation to generate a privacy note when the informationgets directly perceived from data subject contingent to the extent where the subject already is in possession of same. Thisexemption implies that a controller might only require providing additional information to the data subject. Whereas, if obtaining of data is through indirect means, a much more extensive exemption is accessible, in specific where the information includes unbalanced exertion. It is vital that interpretation of Exceptions must is clear, precise and definite.Moreover, the data controller should be able to legitimize dependence on any of them. Under Article 23 of the GDPR law provides further exceptionsfor inclusion in the national legislation in line with GDPR, but the rules make it clear that where depending on such exemptions information controllers ought to educate information subjects of this unless doing so would bias the reason of the exception.

    GDPR IMPACT OUTSIDE EUROPE

    The old EU Data Protection Law fundamentally regulates the entities established within Europe and its member states, whereas, GDPR will also affect the companies incorporated outside Europe. For instance, in a case of non-EU data controller using his tools inside Europe for processioning data, except for exchange purpose, will get regulated by the law.

    As European Union Court of justice out rightly mentioned in Google Spain Vs. Agencia Espanola de Protection de Datosthat the activities of data processing in Google Spanish search engine, althoughGoogle subsidiary did not undertake them, were adequately associated with a Spanish company. The court was of the opinion that the activities of US companyinterlinked with the sales generated by the Google Spain.

    As also, the Article 3 of the law provides a clear view of the territorial jurisdiction under the law, where non-EU data controllers can be regulated and be imposed hefty penalties for violation of GDPR. Article 3 of GDPR is as follows:

    Territorial Scope

             i.            The regulation (scope) applies to the processing of personal informationabout the activities of the entity of the controller in the EU, regardless of whether the processing takes place in the Union or not;

           ii.            The regulation applies to the processing of information of data subject who is in EU by a controller not present in Union, where the activities are as follows:

    ·         The sale of goods or services, irrespective of whether payment of data subjects required to such data subject in the Union;

    ·         Monitoring their behavior as their behavior within EU.

          iii.            The regulations apply to entities established outside EU, but in a place where its member states law applies by Public International Law.

    GDPR IN UAE

    The Abu Dhabi Global Market (ADGM), and international financial center in UAE allowing companies to undertake financial and non-financial activities under a different framework. Being an economic free zone, ADGM has its laws, rules,and regulations based on a Common law which regulates and governs the companies established in the freezone. Considering the enactment of new laws about data protection, ADGM was ahead in time as compared to other free zones in the country; it has already Data Protection Regulations of 2015 which covers a wide range of obligations, the protection of personal data and its exchange within or outside ADGM. Whereas, ADGM has recently amended the regulations in 2017 which imposes a mandatory requirement of breach notifications to be made without any unnecessary delay or within 72 hours after getting informed about the breach. The Amendment has increased the number of penalties imposed on the violators of the law.

    CONCLUSIONS

    While understanding and managing these cross-border rules and regulations, the data controller must importantly analyze the information he has and from where did he obtain the same. As we know the internet has no territorial boundaries,and one can easily exchange information. However, it is pertinent to highlight the laws applicable to the content received from the internet or other data controller. Companies should, at all times, be aware of the legal risk exposed of failing to adhere to GDPR rules. 

    ]]>
    Wed, 09 May 2018 16:43:23 GMT
    <![CDATA[Admissibility of electronic evidence in the UAE and KSA (Part 1 of 2)]]> Admissibility of electronic evidence in the UAE and KSA (Part 1 of 2)

    Technology has changed the world in its totality in such a short time. It has indeed become an integral part of the everyday lives of so many. Today we see it incorporated into nearly everything we do. Around 60 years ago, computers where more a sci-fi device than an actual conceivable product which general public will soon own. The following space of 60 years has given a computer or device to nearly every single individual in the more developed region's world, and most businesses rely heavily on electronic devices in the performing of their transactions and general trade. Computers are also now just the tip of the giant technological iceberg, and with more and more crazy innovations entering the market at rates only a teenager would be able to keep up with, the situation can quickly become quite complicated.

    In a world where so much is now getting digitalized, it was only a matter of time until crimes also entered the digital realm. More common than digital crimes themselves are the numerous forms of digital evidence that may be put forward in legal cases. Emails, chat conversations, photo and video evidence and more are a big part of so many lives that the potential evidence that may arise from them is vast. In the past, there has been skepticism of electronic evidence, though now, with the expertise into the technologies and their prevalence throughout society, there is no more room for uncertainty. Avoiding and ignoring electronic proofs can lead to grave and blatant injustices and would be an irresponsible path to take.

    There are a few elements to consider concerning electronic evidence. These include electronic contracts, electronic records, and electronic signatures. In the past, the internet and online documentation where looked upon skeptically, at least in part, because they were often thought of as being unreliable and easily forged. However, the use of these forms of electronic business practices have become widespread over the years, and as technology has improved and the processes have become more secure, people are more trusting of the technology. Now to a greater extent than ever before are there more secure and official online means to creating records and contracts and therefore it has become the norm. These practices are widely accepted and are backed up by the law.

    The UAE is a reasonably technologically savvy country. Its cities are known to the world due in large part to the technological marvels within them. The city of Dubai is something of a testament to this with its high-rise buildings and giant malls. It should not surprise then that the attitude towards electronic evidence, from a legal standpoint, is well supported.

    At a most basic level, it is backed up by the Federal Law Number 10 of 1992, which concerns evidence in civil and commercial transactions. The year 2006 introduced Article 17 of this law which entirely involves electronic evidence. Article 17 subsection 3 states that electronic signatures will have the same probative force as a regular hand-written signature as expressed in the law. On top of this, sub-clause 4 covers electronic writings, documents, correspondences, and registers also hold equivalent weight under the law as their hand-written or physical counterparts. This one piece of legislation provides instant, simple recognition and provides power to these electronic elements in business. It was a good base from which to allow electronic evidence to rise and prosper considering that the law was an introduction in 1992.

    In one of the cases heard before the Abu Dhabi Court of Cassation (Case 472 of 2014 (197) and decided on 22 July 2014, the Prosecution filed a claim against the accused on the premise that he failed to pay a sum along with interest. The appeal based on some settlement agreement of 2011 and the accused was to settle a difference between the original debt and the balance amount that was outstanding. The court of appeal had canceled the prosecutor's claim, and consequently, the prosecution filed a petition before Court of Cassation.

    The Petitioner's challenge arose from three causes of action. Firstly, he said that appeal court's judgment violated the law, improper reasoning and prejudiced the right to defense. The accused based his response to claim to maintain that Petitioner had failed to take in to account the requirements set out in decision passed by Ministry of Economy (Decision Number 74 of 1994) requiring computer-generated data. In the present case, the documents were purchase orders issued by accused and not accompanying invoices but not computer generated data. The supporting documents included an acknowledgment by respondent in electronic communication exchanged between the parties post the invoicing period.

    The Court of Cassation relied on Article 4 of Law Number 1 of 2006 concerning Electronic Transactions which provides that information set out in data message shall not lose its legal force, even if they are set out in brief. The only condition under Article 4is that such information should be accessible within the electronic system of the originator. The Court also relied on Article 10 which provides that a data message and electronic signature shall be admissible as evidence even if the same is not an original or in original format. The Court relying on Article 17 (2) said that reliance on the secure electronic signature is deemed reasonable and held that parties exchanged electronic communication as the accused sent purchase orders and the other party delivered goods to it and the accused signed to the effect that goods were received.

    Dubai Court of Cassation passed a similar decision (Matter 241 of 2007 and decided on 28 January 2008) where the Court was referring to Article 17 (2) of above held said that a preserved electronic signature might be relied on unless the contrary gets proven.

    Thus, the transactions between the parties were conducted using electronic communications, which is different from the regulation of business transactions using computers.

     One thing to note is that the UAE is a relatively young country being, at the time of writing only 46 years old. This young age means that the country would have been born and would have risen with technology and would, therefore, have it highly integrated within the nation.

    The UAE is known to have very close ties to Saudi Arabia. They share many of the same political beliefs and are in general, quite familiar with one another. Saudi's law with concerns to this issue is very similar. The Royal Decree Number M/18 of 2007 Article 5 states, very similarly to the UAE, that Electronic transactions, records, and signatures will have full effect and will not be contestable.

    The outcomes of the articles in both the UAE and Saudi laws achieve the same goal. They validate the electronic side of business dealings, and those business dealings will be as set in stone like any other form of signing, documentation or contract. Speaking of electronic evidence, are emails and email signatures acceptable as evidence, you may ask?

    The Dubai Court of Cassation (Matter Number 277 of 2009 and decided on 13 December 2009) held that according to Article 4 (2) of the above Law, transactions in the form of emails have legal force provided that the information is available in the electronic record. It further held that under Article 10 of the Law, an email or an electronic signature would be acceptable in evidence notwithstanding that communication or the electronic sign is not in its original form.

    The Abu Dhabi Court of Cassation (Matter Number 89 of 2014 (246) and decided on 20 October 2014) referring to some partnership dispute held that:

    "Whereas the partnership concerning one of the transactions of XYZ company between the Petitioner and Respondent is related to Respondent himself and does not violate the public morals and agreed to terms. Further that the appealed judgment ruled the need for an absolute oath of the Respondent on the premise that business relationship between the parties was over and understandable from electronic correspondence exchanged between the parties." The case involved a transaction between two parties where the petitioner did not have any evidence supporting his claim. In such cases, the petitioner may ask the defendant to swear or take an oath. The defendant may choose and accept to testify or deny the same. If he refuses to take the oath, the petitioner may swear by himself to support and validate his claim. There are two conditions governing oath – first, being it should not violate public order, and secondly, such act should not contradict existing evidence. The Court of Appeal in this matter noted the email exchanges between the parties and noticed that the parties had terminated their relationship. The Court relying on email correspondence held that oath was disallowed. Court of Cassation reversed the decision and held that either party could take an oath regardless of the underlying evidence. 

    Before extending this topic to Kingdom of Saudi Arabia, the author will discuss the admissibility of electronic evidence in the DIFC and its implications thereunder. Wait. That's happening in next issue. Stay tuned. Before extending this topic to Kingdom of Saudi Arabia, the author will discuss the admissibility of electronic evidence in the DIFC and its implications thereunder. Wait. That's happening in next issue. Stay tuned. 

    ]]>
    Wed, 09 May 2018 15:47:24 GMT
    <![CDATA[Digital platforms and their terms of use - Does it matter]]> Digital platforms and their terms of use: Does it matter?

    The many digital platforms are transforming almost every industry today; it is swiftly becoming apparent that the similar looking terms of use and privacy policies currently applicable may not provide new entrepreneurs or platform users with an adequate sense of security. This inadequacy, coupled with an ever-increasing demand for technology lawyers in Dubai, necessitates a need for such entrepreneurs and platform users to become more cautious in regards to covering themselves against risks and losses.

    A simple example of why new entrepreneurs are becoming progressively more cautious when covering themselves from risks and losses would be the knowledge that one of the crowdsourcing Apps recently invited users to undertake mystery shopping.

    This example depicts the necessity for privacy policies and terms of use which will reduce the risks and losses when engaging in transactions on the digital platform.

    The crowd-sourcing App in this particular case provided the Mystery Shoppers with a certain amount of store credit. The shopper could use such monetary value on the App for in-store purchases. However, for the shopper to use the store credit to partake in the mystery shopping, the App holders had to pay an activation fee. This activation fee paid by the App holders wanting to participate in mystery shopping enabled them to access the credit on the App. Once they had transferred this, the participants would go to the store only to find out that there is no credit available on the App. The theft of the activation fee is then known to them.

    The terms of use on a website, in the form of Terms and Conditions, and the Privacy Policy are the basis of the express or implied contract between the platform owner and its users. Their effect is to limit liability and offer protection to digital platform owners. However, the question here is; what protection do platform users have; and does the online acceptance of today stand as a valid agreement against the law.

    Terms and Conditions clause

    Regarding the abovementioned example, the user of the digital platform was the party to bear the losses and risks caused by the actions of the third party – the scamming company. Below will be an example from the Second Circuit Court of Appeals, of how the owner of a digital platform did not sufficiently cover itself against risks and losses in its Terms and Conditions. 

    In this case, the user signed up for a programme that provides discounts on products and services in consideration of monthly fees. Following the users' enrolment and use of the application, he received an email from the defendant. In the email, there were additional Terms and Conditions, inclusive of an arbitration provision of a mandatory nature. Such new Terms and Conditions were never expressly consented to by the user.  The user canceled his account and claimed a full refund, to which the defendant only provided a partial refund. The user then commenced a class action, to what end the defendant responded by seeking to enforce the arbitration provision in the additional terms and conditions. The court a quo concluded that the user had never agreed to the new terms and conditions, the Appellate court upheld the conclusion.

    With consideration of precedent regarding contract law and enforceability in the context of shrink-wrap and agreements of an electronic nature, the emailed Terms and Conditions would be binding if:

    a.    After receiving actual notice, or at a minimum, inquiry notice regarding the additional terms; and

    b.    The user then manifested his assent, expressly or implied.

    The law does not require Terms and Conditions on a website, however as can be noted above, having adequate Terms and Conditions, to which users must consent to, could limit the liability of the platform owner immensely. The efficacy of the site owners' terms and conditions clause is pertinent to whether they can be held liable for content on their website. The prior mentioned case held the following on what companies should do to limit their liability:

    a.    Indicate all the terms of notice;

    b.    Require visitors or users of the site to page through the terms. Only once this is completed should they be able to select the 'agree' option or expressly and actively provide their consent to the terms;

    c.    Restrain using the website or initiate using services on the site before express permission by the user; and

    d.    Periodically have users of the site reconfirm their agreement to the terms. 

    Numerous sites request users to create a profile and yet they do not require the users to agree to their terms before gaining access to their profile. Users on the site are expected to seek out, on their own accord, the terms and conditions. Users get faced with clauses such as the following:

    "By entering, executing using, downloading, commenting, saving, accessing or using the Digital Platform you will automatically be considered a user which requires the full acceptance of every provision included in these Terms, in the version published by, and at the time you access or use the Digital Platform. If you, as a user, do not agree to these Terms, you may not access or otherwise use the Digital Platform."

    If it is considered, that the user was unaware of the fact that the action of entering, executing using, downloading, commenting, saving, etc. constituted their acceptance of every provision included in the Terms, how could such user be held to have consented to the Terms?

    However, one should take cognizance of the fact that it is common practice for courts to rule in favor of the user who did not expressly consent to the terms and conditions. A court stated that acceptance need not be express, but where it is not, there must be evidence that the offeree knew or ought to have known of the terms and understood that the offeror would construe acceptance of the benefit as an agreement to be bound.

    The United Arab Emirates

    Regarding the law of the United Arab Emirates, a contract becomes legally binding upon the parties after the express or implied acceptance of the offer by the offeree. There are however a few exceptions to this rule which warrant that a contract is only legally binding if it is in writing.

    Of relevance to electronic contracting on digital platforms, is the Federal Law Number 36 of 2006 on the Evidence and Commercial Transaction. This piece of legislation governs that electronic evidence or electronic messages are not recognized. Due to this, Dubai has implemented the Dubai Law Number 2 of 2002 relating to Electronic Transaction and Commerce Law. Regarding this legislation should a person contract, offer to contract or accept to contract, either wholly or in part, using electronic messaging, such an agreement will see be considered valid in the eyes of the law. Federal Law No.1 of 2006 on Electronic Commerce and Transactions (the e-Commerce Law) was put in force to align the country's legislation with the needs of the online marketplace.

    The Privacy Policy

    The privacy policy is not only required by law but is considered one of the most critical inclusions on a digital platform. It is of significant priority and should be read and assented to by all users. However, this is seldom the case. The Privacy Policy relates to the website's policy as to what it will and will not do with the information a user provides on the site.

    There are multiple issues about the privacy of the data collected on digital platforms.  To illustrate one, would be the issue of how one can be exposed to far-reaching effects when unwarranted data is in the hands of marketers, financial institutions, employers and governmental institutions, For example, impact on relationships, employment, qualifying for a loan and even to get on a plane. While there is much concern around this, little has been done to improve privacy protection online.

    For the privacy risks that need reducing highlighted above, each person must make careful consideration of what data they are putting onto the web and what the implications of the Privacy Policy on the relevant page are.

    In a time when privacy infringement is rife, and more and more high-profile privacy breaches are being commonly publicised, it is imperative for all digital platform users to reconsider what personal data they provide to such platforms precisely.

    An example of a recent high-profile privacy breach is the Facebook breach, in which a political data firm with links to President Trump's 2016 campaign was able to harvest private information from more than 50 million Facebook profiles without the social networks alerting users.

    Data collection and privacy policies internationally

    There is a significant disparity globally in the governing of data collection and online privacy. Some countries display stringent legislation in this regard while others lack relevance and authority. Below are examples of how different states regulate this.

    European Union

    The European Union Data Protection Directive of 1998 states that anyone processing personal data must do so in a fair and lawful manner. For the data collection to be considered legal, the taking in of the data must be for specified, explicit and legitimate purposes, and users must give unambiguous and explicit consent after being informed that data collection and processing is taking place.

    Germany

    In Germany, the Federal Data Protection Act of 2001 states that any collection of any personal data (including computer IP addresses) is prohibited unless the collector gets the express consent of the subject. The data collector also has to get the data directly from the users (for example, it is illegal to buy email lists from third parties).

    The United Arab Emirates Law

    There is no Federal data protection law in the UAE; there is also no single national data protection regulator. Due to this fact, the protection from risks and losses is the sole responsibility of the individuals. Although, there are two rights afforded by the UAE Constitution of relevance here.  Article 30 of the UAE Constitution which provides for freedom of opinion and to express that opinion either in writing, verbally or by any other medium of communication. As well as, Article 31 which is a general right to privacy and it provides for a right to freedom of correspondence through various means of communication and the secrecy thereof.

    Sectoral laws

    Regarding Federal Decree Law No. 5 of 2012 on Combating Cybercrimes, Article 2 prohibits unauthorized access to websites or electronic information systems or networks. Article 2 further imposes more severe penalties when such actions result in, among other things, the disclosure, alteration, copying, publication, and replication of data. A penalty's severity will increase if such data is of a personal nature.

    Article 21 of the Federal Decree No. 5 of 2012 also prohibits the invasion of privacy of an individual through a computer network and electronic information system and information technology, without the individual's consent and unless authorized by law. Article 21 further prohibits disclosing confidential knowledge obtained in the course of, or because of, work, through any computer network, website or information technology

    It is of significance here that on 25 May 2018, UAE-based companies with relations and business dealings with European Union consumers will need to ensure that they comply with Regulation 679/2016. This Regulation concerns the protection of natural persons regarding data collection.

    In Dubai Court of Cassation case number 67/2010 (132), the court observed the contrast between Article 30 of the UAE Constitution, Article 47 of the Federal Law Number 15 of 1980 Concerning Press and Publication (the Press Law) and Clause 79 of the Press Law. In this case, the appellant initiated legal action on the basis that the defendant had published the details of the case regarding the appellant's wife. The defendant was a limited liability company in Dubai that was dealing in printing and publishing and had published the details of a case surrounding the extra-marital affair of the appellant's wife. The appellant contended that this had caused substantial harm to his family since the news spread instantly to his home country also. Let us analyze each of these Provisions carefully before proceeding. Article 30 of the UAE Constitution provides freedom of opinion and to express that opinion in writing, verbally, or by any other medium of communication. Provision 47 of the Press Law stipulates that newspapers are permitted to publish the details of cases before the courts unless the proceedings of the case are held in secret session. On the other hand, Article 79 of the Press Law has explicitly prohibited the publications of news, photos or investigations regarding the family or private life of individuals if it can cause harm. These laws mean that the legislators have provided the public with the freedom of expression and at the same time, has limited that freedom to protect the privacy of individuals. The Dubai Court of Cassation, in light of the above Provisions, held that the appellant failed to prove that the defendant had published untrue events and the Court had not decided on whether to rule the earlier proceedings as secret sessions. The Court of Cassation dismissed the appeal case and stated that the defendant was not liable for other newspapers that published the news.

    Advise to drafters of terms of use

    To draft terms of use for a website, that will afford adequate protection to both platform owners and users the following essential elements should be included:

    •    Limitation of liability – a necessary disclaimer removing the responsibility for errors in the web content. Should the site be interactive, and others able to post on the site – a disclaimer must be included, which states that the website and website owners do not endorse users and are not responsible for the statements made by third parties.

    •    Intellectual property – a clause to inform users that the contents, logo and other visual media created is the property of the website.

    •    Termination – a provision to notify users that use of the site in an abusive manner will result in termination at the sole discretion of the owner.

    •    Governing law – a clause that describes which legal jurisdiction will apply in cases of dispute – this should be the country in which the headquarters of the website is.

    •    Links to other sites – a clause should be included which warrants against liability for third party websites linked to the main website.

    •    Privacy policy – when collecting any information from users, a privacy policy must be present.

    The Abu Dhabi Court of Cassation had to decide on the validity of electronic signature to determine whether the appellant was eligible to get a commission in the case of 393/2010 (218). In this case, the court observed and decided on the validity of electronic signatures to qualify as evidence under Federal Law Number 10 of 1992 regarding Civil and Commercial Transactions (the Civil Transactions Law). Article 17 (3) of the Civil Transactions Law states that e-Signatures have the same effect and validity as provided in the e-Commerce Law. The e-Commerce Law offers electronic communication with an equal level of importance in the eyes of the law and considers it valid evidence in a commercial transaction. Further, Article 4 and Article 10 of the e-Commerce Law information communicated through emails shall not lose its validity merely on the basis that the mode of communication is electronic and electronic signature shall be accepted as evidence even where such email or e-Signature is not original or in its original form. The court dismissed the appeal in this case by ruling that the electronic communication in question was valid evidence of the transmission between the parties and the appeal was filed merely on the premise that the trial court had erred in its factual understanding of the law and the value of the evidence submitted thereon.

    VAT Liability

    Because a significant proportion of retailers and distributors in the UAE provide their services both physically and via the internet, it is imperative to fully grasp the relevant VAT implications which are now in force. VAT regulations take into consideration the location of supply (of a good) – the area in which it is made available to the consumer. This consideration could also include the place where freight of the goods ends.

    Regarding VAT for services, it is the customers' place of establishment that is considered the relevant location for tax purposes. Unless such person is a non-taxable entity; if this is the case, the site of the supplier is where the tax will incur.

    VAT liability applies to all transactions, including e-commerce transactions and online purchases.

    Conclusion

    Some countries are party to the Organisation for Economic Co-operation and Development (OECD) multilateral initiative dealing with online privacy and data protection issues. However, many countries, including the United Arab Emirates are not a party to such initiative and only bare rudimental legislation governing website terms of use. The world online is expanding at a paid rate, and lawyers are challenged to fill in the gaps in the law and guidance to adequately regulate the growing world of digital platforms.

    ]]>
    Tue, 08 May 2018 11:30:01 GMT
    <![CDATA[Copyright and Apps]]> Ping!You got a Notification*

    "Internet is a place where nothing ever dies."

    A touch is all you need to show the world your piece of art and to be liked by the viewers. Facebook posts, Instagram new filters improving your images, Snapchat 10 seconds stories to score social kudos. Endless forms and invisible impact.But the legal implication of copyright infringements on social media is more than what it was ever imagined. It's a tug of war between social media companies and the artists gaining new income by getting "Viral" or reaching millions of followers. In a continuous struggle of influencing the audience, the line of copyright infringement seems hazy and unclear. In this article, I will try to draw the line for our readers to make them understand the legal implications of stealing social media content.

    The variety of content that is shared online is strictly considered as an artistic work, to which intellectual property law applies. Copyright- the right of the author over his artistic or literary work and the right to allow others to use his copyrighted work. In terms of social media images, the copyright generates once the image is posted online. The statue of Anne is the first to receive copyright protection, since then a lot of significant changes have been made concerning the copyright protection and nowadays Berne International Convention protects copyrighted work since 1971. However, we can now witness the recent copyright protection given to digital content by World Intellectual Property Organization (WIPO). The WIPO treaty signed by almost all countries is the first treaty to address the issue of digital environment and its infringement.

    Social media websites stipulate terms of use that a user must strictly comply to in order to use the service, which we clearly don't read, therefore having anyinformation about what we have signed for and are bound by the terms which we didn't even read or understand.

    Thus, through this article, we will try to explore the unreconciled stress between the freedom to use and protection of copyright holders. The sole reason to write this article is to increase awareness among social media users and to provide a legal backdrop for discussion.

    My Image, My Right!

    New York Instagram Sensation Richard Prince reminded us that a normal picture you took at the beach, shared publicly on Instagram can be reused and sold for a price not less than USD 90,000. In New York Freeze Art Fair, Prince displayed giant screenshots of Instagram users without any prior permission and sold for a good price. So here is what he was doing, since, 1970 prince has been "re-photographing" images from magazines, books or advertisements. But, in 2008 Patrick Cariou filed a case against Richard prince[i]when he re-photographed Cariou's image. The court of thefirst instance passed the judgment in Carious' favor, however, when the case went for appeal, the court ruled out the lower's court judgment in part and held that Prince's artworks make fair use of defense and he has not infringed any copyright because his work was "transformative."

    It is important for all the users to know whether if a third person is using their content from their profile, the principle of "fair dealing" may protect their usage as what happened in Prince's case. The principle outlays numerous exceptions where the third party can utilize the copyrighted content without the author's permission such as:

  • for critic or review;
  • for research work;
  • for making parody;
  • for news;
  • For legal advice.
  • A careful look into Instagram terms of use, we understand that the photographer owns an exclusive right to use, sell the image and can enforce their copyright against anyone who infringes upon your rights.The terms of use come into effect the moment a picture is uploaded on Instagram. It provides a fully-paid, freely transferable social networking stage to utilize the content in the way the user desire. It further implies that Instagram permits pictures from the site to others- including other Instagram users who can report pictures without encroaching on other's copyright.

    Don't take a Screenshot

    The United Kingdom Digital and Economy Minister recently restricted people to take screenshots of Snapchat stories. He publicly mentioned that "under UK Copyright law, it is unlawful for Snapchat users to copy or take a screenshot of theimage and share it in the public domain without the sender's prior consent". Let's validate his statement by looking into UK Copyright law. TheArticle 96 of UK Copyright, Designs and Patent Act 1988, allows the copyright owner to file a suit against the third party and can seek all such relief by way of damages, injunctions, accounts or otherwise.

    Snapchat claims that they follow a strict privacy policy, where it states that it does not condone any type of copyright infringement and if users suspect that their rights are being infringed, they have the right to report the incident to the company. However, the policy isn't that strict due to several reasons, the policy does not mention anything about removing the users who they believe are infringing copyright laws, or they can delete the provision of screenshot altogether.

    Copyright V. Social Media- the Case studies

    The widespread of regular practice of sharing photographs and other content has led to uncertainty regarding the ownership of those images and the violation of copyright law. This back and forth exchange of social media content has created a world where content is freely posted and viewed without any costs or charges. Thus, the free online culture created material conflicts with regards to control over reproduction and distribution. The rapid reproduction of original content has prompted several copyright infringement legal issues in past years.

    In all of these cases, the third party contends the usage being a fair use as set out in laws of almost all the countries such as 17 U.S.C § 107.  A recent case of North Jersey Media Group, Inc. v. Pirro[ii], where Pirro publish a photograph which was copyrighted work of Thomas E. Franklin of North Jersey Media Group Inc. (NJMG) on Facebook. NJMG got that image registered with U.S. Copyright Office. However, on account of Pirro Fox news Pirro combined that image with another and posted the same on that account. NJMG filed a copyright infringement suit against Fox News and as usual Fox News soughed defense under fair use. The Southern District Court of New York rejected Fox's defense and held that merely adding a "Hashtag" and making small alterations to the image is not sufficient. In other words, the image failed to create a new insight and understanding for the audience and cannot claim warrant protection under fair use.

    The case was referred for appeal and Fox appealed to the court for "Context-Sensitive Test" and argued that social media platform is a community to share ideas and this environment is in itself a transformative expression. Also, denying social media users the right to fair use will curtail their right of expression. But, unfortunately, the thought stands still as the parties resolved the matter amicably before the court.

    A similar case was filed by a photographer Kai Eiselein, where he filed the case against BuzzFeed for infringement of his copyright for an image he posted on Flickr[iii]. BuzzFeed uses his image in an article without his permission and the issue regarding fair use principle remain unanswered in this case as well.

    These cases have the ability to highlight the potential difficulty when thelaw tries to balance the copyright owner's right and the freedom of expression of social media users.

    UAE is at par with other countries and imposes stricter punishments for copyright offenders of social media content, as recently a case has been filed against a teenage girl who posted a picture of her friend without taking her or her family's permission on one social media website. The parents of the girl filed a case against her for posting their daughters photograph. The defendant girl argued that she posted the picture with her friend's consent. However, upon discovering the truth the family tried to take down the case and court rejected for reconciliation considering theseriousness of electronic crimes in the country.

    The case went to thecourt of thefirst instance, where defendant girl failed to prove the consent given to her for posting such picture and was held liable for the crime and was sentenced under Article 378 of UAE Penal code for violating someone's privacy. The case is now presented in the court of appeal, and the judgment is still pending. However, any copyright infringement cases in this regard are yet to come in public domain. It is an established fact that UAE laws are stricter when it comes to assault to privacy or electronic crimes and law provides strict punishments for the offender irrespective of the age and nationality.

    #New Era New Needs

    Keeping in mind the pace of technological advancements around the globe and the social media content countries are either making amendments in the prevailing law or implementing new law for protecting the rights of copyright owners for content on social media websites.

    The Digital Millennium Copyright Act (DMCA) of United States provides a mechanism for owners of thecopyright to protect their social media content. Under the law, the copyright holder holds a right to notify the Internet Service Provider(ISP) or the Online Service Provider (OSP), once he becomes aware of the infringement. Also, the ISP allows the copyright holders to request for removal of the content, as under Section 512 of DMCA, ISP must remove the copyrighted work post receiving the notification from thecopyright holder.

    European countries were the first to sign the Berne Convention for protection of Literary and Artistic Works. Additionally, copyright law in Europe is implemented through directives- the legislative acts of European Union. Since the European Union follows common law and others civil law, there is no specific approach for all and the Intellectual Property directives provide the rules for regulating online content and their copyright issues.

    In 2010, United Kingdom passed Digital Economy Act (DEA) for protecting and regulating online content on social media websites. DEA provides exclusive power to the government to limit and/or terminate internet services to copyright infringers. Alike, U.S. the DEA requires holders of copyright to inform the potential infringement of their rights.

    UAE Cyber Crimes Law promulgated by Federal Law Number 5 of 2012 (the Cybercrime Law)penalizes the offenders of privacy on theinternet including the social media websites. UAE Penal Code implemented under Federal Law Number 3 of 1980 punishes the offender who transmits someone else's pictures without their prior consent and requires the defendant to prove beyond reasonable doubt the presence of consent. Also, the Federal Law Number 7 of 2012 concerning the Copyright Law prohibits the users to share any picture of thethird party without their consent. UAE government has also passed several guidelines for public as well as governmental authorities for social media usage such as, in 2011 UAE government passed certain Guidelines for Social Media Usage for UAE government entities, also Telecommunications Regulatory Authority (TRA) passed guidelines for public at large

    It's time for the international law to cross the international territorial boundaries like the international reach of this social media content. Country-specific laws protecting online content will no longer be able to protect the author's work. Due to rapid change in the technology, the need of the hour is international treaties and laws for protecting the digital content of a copyright holder sitting in different part of the world.

    Before I Sign out

    In this era of technology, the copyright and other laws are blurry and are insufficient to protect the online users completely. The law is required to adjust itself quickly to frame some guidelines accepted worldwide. Under any copyright law, ignorance is never an excuse. Therefore, a copyright infringement without actually knowing its original owner is an infringement. The only remedy available with the copyright holder is to get the content removed, especially in the cases where the contents are used commercially. So, clear your doubts and know your legal rights before sharing your personal life on social media.  


    [i]Patrick Cariou v. Richard Prince 714 F.3d 694 (2013)

    [ii]74 F. Supp. 3d 605 (S.D.N.Y 2015)

    [iii]Eiselein v. BuzzFeed, Inc No. 13-13910 (SDNY June 2013) 

     

    ]]>
    Tue, 24 Apr 2018 11:45:10 GMT
    <![CDATA[Securitization]]> SECURITIZATION: AN OVERVIEW

    Introduction

    Securitization is a powerful financial tool that renders possible the profitability of illiquid assets. We all agree that securitization contributed to the 2008 Financial Crisis, demonstrating how this powerful businessinstrument is a double-edged sword: it is capable of both boosting and devastating an economy. The United States also commonly known as an unchallenged leader in securitization markets. However, much of the current activity is happening in the Middle East, including the United Arab Emirates, where the new wave of securitization markets is emerging.

    Definition

    Through this financial process, several illiquid assets are packaged into pools and transformed into securities. The third-party investors in a secondary market then purchase these securities or their related cash flows. In other words, the security interests in the pool are sold to investors. The process enables the conversion of an asset or a group of assets into marketable security. In this article, I aim to offer a comprehensive explanation of the nature of the underlying holdings of securitization, the function of Special Purpose Vehicles, regulatory responses to securitization after the financial crisis, and the impact the economic process has had on different markets.

    An example of an illiquid asset is a debt instrument, which the originator (such as a bank) executes with numerous obligors (such as individuals who have a mortgage with the bank). These assets, which are into pools, can be various types of contractual debt (generally home equity mortgages) such as residential mortgages, commercial mortgages, auto loans, credit card debt obligations (or other non-debt assets which generate receivables). We combine these assets with other homogeneous assets, such as other mortgages issued on significantly similar terms, to form a pool. Then, they transfer it to trust or the Special purpose vehicle (SPV) which is the securitization vehicle. The company will sell the security interests to investors. They give the funds so raised to the Intermediary or Originator in consideration for the transfer of the assets.

    It is important to note that the vast array of asset varieties and the creation of liquidity for an illiquid asset makes securitization a powerful and practical financial tool. Furthermore, a pool of securities can be divided and sold to different investors based on the risk level these investors wish to adopt. If they are willing to take on the risk of mortgages that may or may not be paid off, then they will purchase the higher risk part of the pool. If they are not willing to take on such risk, they will buy the lower risk part of the lake.  Regarding value, mortgage-backed securities (MBS) dominate the global market, while asset-backed securities (ABS) feature steady growth rates.

    Benefits of Securitization

    The securitization process offers many essential benefits to participants. In this vein, it allows the originator to do the following things:

             i.            It will enable the transformation of an illiquid asset into a liquid financial instrument, thus setting up future revenue.

           ii.            It enables borrowing at a better rate given that the risk premium demanded by the investor is proportionate with the underlying pool of assets.

          iii.            It improves balance sheet management with reduced leverage and gearing ratios by removing risky assets from its balance. It permits the use of capital to support loan writing and investment.

         iv.            The prepayment risk of the underlying assets is after that on the investor.

           v.            It eliminates exposure to credit risk or theadministration of the asset.

         vi.            The originator gains access to a broader banking/investor base in the financial markets.

    Securitization will benefit the investor in the following ways:

             i.                        It enables the securities to obtain excellent credit ratings given that deals can entail credit enhancements.

           ii.                        The yields offered by securities exceed those on comparable corporate bonds.

          iii.                        The securities are liquid.

         iv.                        It is an investment in a diversified pool. Investors will prefer to hold a portion of a pool of risky assets than a single risky asset.

    I.                    Mortgage and Asset-Backed Securities (MBS)

    Categorically, the division of assets is in two categories being mortgage-backed securities and asset-backed securities. The form of asecuritization backed by mortgages is called mortgage-backed securities. It comprises three central types:

                            i.                     mortgage pass-through securities

                          ii.                     stripped MBS

                         iii.                     collateralized mortgage obligations (CMO)

    The fixes or floating rate mortgages sponsor these securities. An investor will purchase shares in a pool of mortgages, and receive a cash flow which basis on the features of the underlying mortgages such as principal amount, interest and payments made before the lease.

    Moreover, a stripped MBS is derivative mortgage security. The division of principal amount and interest is so segregated in such a way that the price of each investor is different from the other. There is a possibility of a stripped MBS which the companies structure in a way that there is an interest-only investor class and a principal-only investor class.

    Lastly, in a CMO, whole mortgages funded by debt issued in different tranches are purchased by the securitization vehicle. After that, there is a redistribution of Cash flows from the assets to different tranches. The principal and interest received by the securitization vehicle are used to pay attention to each branch. It creates different risk/yield relationships between investor classes by taking the mortgage (a single class instrument) and creating multi-class instruments. This type of mortgage-backed securities has developed immensely and has been the subject of considerable levels of financial re-engineering.

    II.                  Asset-backed Securitizations (ABS)

    Asset-backed securities are securitizations backed by non-mortgage assets. These include (but are not limited to) the following:

                                     i.            automobile loans and leases

                                   ii.            credit and department store charge card

                                  iii.            computer and other equipment leases

                                 iv.            accounts receivables

                                   v.            legal settlements

                                 vi.            small business loans

                                vii.            student loans

                              viii.            home equity loans and lines of credit

                                 ix.            boat loans


                                   x.            franchise loans

                                 xi.            timeshare property loans


                                xii.            real estate rentals

                              xiii.            whole business securitizations

    Another vital perspective to consider to understand the securitization structure is the idea of credit enhancement. It is the way or strategy to enhance the procedure for assessment of a securitization exchange, as recommended by a credit rating agency keeping in mind the end goal to draw in financial investors for investing in these assets.

    Special Purpose Vehicles (SPV)

    SPV are subsidiary companies of a parent company, who provide an alternative mode of financing transactions. Given that there is the complete protection of assets from the actions of their parent company, they curb the financial risk to the property of the SPC. These vehicles play an indispensable role in the operation of global financial markets. The allow investors and businesses to raise capital, securitize assets, share risk, reduce tax and carry out activities without any chance (or at least not as significant a threat as would usually be the case). SPCs provide limited liability for shareholders, they can choose to operate on separate balance sheets than their companies ("off-balance sheets"), and they serve on these free balance sheets instead of recording transactions in the name of their parent companies. Following are the commonly used SPVs for the operations:

    i.               Securing projects from financial, commercial or operational failures

    ii.             Securitizing Loans and Receivables. For instance, governments set up SPVs to fund their projects and the SPC entity enables the channeling of funds for projects in different areas.

    iii.            Transfer of Assets: upon the transfer of assets to SPC, they become unidentifiable. As a result, it protectsthe firms in the event of bankruptcy or liquidation. This invulnerability has led courts to rule that there is a link between SPC assets and funds with the originating company.

    iv.           Regulatory and Compliance: SPVs avoid regulation and compliance protocols since they can be set-up within orphan-like structures.

    v.             Financing and Raising Capital: They can be used to finance new projects without increasing costs or altering the shareholding structure. It makes them particularly useful for financing aircraft, power and infrastructure projects.

    Global Aspect of Securitization

    In UAE

    Securitization also allows a company to deconstruct itself by separating highly liquid assets from the risks in association with the transaction. These assets are then used to raise funds in the capital markets at a lower cost, and a lower risk than if the company had grown funds directly (by issuing more debt or equity). The company will then retain the savings generated by these lower costs.

    In the United Arab Emirates, the company establishes a system of Islamic Securitization. It is a legal structure which replicates the economic purpose of a traditional asset-backed securitization structure and satisfies the requirements of Islamic Finance. The terms Al-Task and Tawriq are the terms used for securitization under Islamic Law. Given that most Islamic financial principles basis its concept of asset-backing, securitization fits particularly well with Islamic Finance.

    Conventional securitization, which originated in non-Islamic economies, involves interest-bearing debt. BY holding contingent claims on the performance of securitized assets, investorsare entitled to pre-determines interest as well as the principal amount initially paid. However, Islamic finance principles prohibit profit from debt and speculation. Thus, the issuance of interest-bearing debt securities with a secured redemption conflicts with Islamic financing principles. Despite the fact that securitization under Islamic Law bars interest income, the company structure it in such a process thatit rewards investors for their direct exposure to business risk. Underlying securitization assets which do not comply with Sharia Law principles cannot securitize in the market.

    In the United Kingdom

    The UK is Europe's Largest Securitization Market, with issues worth approximately US Dollars 26 billion in 1999. The first asset class securitized in the UK are private mortgage loans. Subsequently, the market has expanded significantly to include credit card receivables, other consumer loans, lease receivables and whole business securitizations whereby the securitizations is on the entire future receivables of a company. In the UK, there is a continuous introduction of new asset types and structures.

    In Germany

    Germany market is not significant as the US. However, the ABS market in Germany has grown steadily since 1995. Housing loans, credit card receivables,and consumer loans are commonly the subjects of securitization processes in Germany. In mid of 1997, the German Bank Regulatory Office published a guideline allowing relief from capital adequacy requirements for banks if they meet the specific criteria. Since then, not only corporations but also banks have securitized many assets. In the past, traditional ABS transactions were based mainly on mortgage loans (residential and commercial), trade receivables, lease receivables and customer loans. Today, all kindsof assets can be securitized provided they are separable, transferable, pledgeable and free of objections.

    In Asian Region

    The Asian crisis has caused the securitization market in Asia to slow down. From properties to salaries, the market was continuously searching for new assets to securitize. The market was booming, as it was continually looking for innovative ways to overcome its legal, tax and accounting issues. But the market's collapse in 1997 drastically slowed down securitization's development process in the region. The market started to recover in 1998, and in total, four big deals were completed: in Hong Kong, Taiwan, Korea and an Asian Basket Deal (a CBO). 1999 saw a significant increase in activity focused on North Asia. Given that the central issue in the Asian market remained that of attracting investors, the focus in that region has been on credit enhancements and risk repackaging.

    Conclusion

    On the whole, securitization is a powerful financial tool that constitutes a significant part of today's global generation of profit. Given that securitization's abuses contributed to the global financial crisis, its regulation is critically important. US and European post-crisis regulation responses are insufficient. For achieving a more systematic regulatory framework, existing law will have to supplement.

    ]]>
    Tue, 24 Apr 2018 10:27:32 GMT
    <![CDATA[Обновления Законодательства о Социальных Сетях]]>Обновления Законодательства о Социальных Сетях

    Мы живем в то время, когда люди находятся в социальных сетях и электронных СМИ, также часто как и дышат. Наша зависимость от этих платформ растет также быстро, как и количество доступных платформ. В этом стремительном росте электронных средств массовой информации встречается много подвохов, в том числе в отношении законности и нравственности. Рост электронной эры привел к возникновению новых профессий, нового опыта и новых уголовных преступлений. И в связи с этим нового законодательства. Законы об электронных СМИ различаются в разных странах – некоторые являются чрезвычайно жесткими, другие – невероятно слабы.

    Электронные СМИ оптимизируют открытость, как заявил Марк Цукерберг, «чтобы дать каждому возможность поделиться чем угодно с кем угодно».  Подобная открытость – это то, как работают социальные сети. Мы можем поделиться любой информацией с любым человеком в любом конце мира совершенно не напрягаясь. Однако, как говорится, власть несет с собой большую ответственность, и именно здесь закон играет жизненно важную роль в электронном мире. Объединенные Арабские Эмираты недавно представили новый закон, регулирующий электронные СМИ. Это постановление было принято Национальным Советом по Средствам Массовой Информации.

    Правила, выпущенные Советом, регулируют всю деятельность в Интернете, включая публикации, продажу и электронную коммерцию, видео и аудио материалы, а также рекламу. Эти правила применяются к новостным веб-сайтам, электронным публикациям, включая коммерческую деятельность, ведущуюся через социальные сети в ОАЭ. Цель новых правил, как объясняет Мансур Аль Мансури, заключается в том, что это поможет медиа сектору ОАЭ  оставаться в курсе значительных событий в электронных СМИ, обогащению и организации цифрового контента, одновременно поощряя свободу выражения и конструктивный диалог. В дополнение к этому, правила обеспечивают уважение религиозных, культурных и социальных ценностей ОАЭ средствами массовой информации.

    Регулирование Электронных СМИ

    Новое Положение начинается определением для соответствующих электронных средств массовой информации. Сфера применения положений включает всю деятельность электронных средств массовой  информации, осуществляемую в Объединенных Арабских Эмиратах, включая свободные экономические зоны. Положения охватывают любые средства онлайн-выражения, в том числе письма, изображения, музыку, фотографии или другие методы, которые могут передаваться между людьми в любой форме – печатной, аудио или визуальной.

    Деятельность Электронных СМИ, которая должна быть лицензирована

    Следующие формы средств массовой информации должны  получить лицензию в соответствии с упомянутыми выше положениями:

  • Сайты, используемые для торговли, представления и продажи печатных, видео и аудио материалов;
  • Электронные публикации и печать;
  • Специализированные сайты, такие как электронная реклама, новостные сайты и т.д.;
  • Любое электронное действие, которое Совет сочтет целесообразным;
  • Жители ОАЭ, подающие заявку на получение этой лицензии, должны соответствовать следующим требованиям:

  • Заявитель должен иметь полную правоспособность, однако, это требование может не применяться в зависимости от обстоятельств дела;
  • Заявитель должен иметь хорошую репутацию и историю достойного поведения;
  • Заявитель не должен быть осужден за преступление, связанное с нарушением чести, достоинства и общественного мнения, если только не состоялась необходимая реабилитация заявителя или было выдано помилование компетентными органами;
  • Заявитель должен получить образование в колледже, институте или аккредитованном университете, однако, это требование может не применяться в зависимости от обстоятельств дела;
  • Заявитель должен соответствовать требованиям к деятельности;
  • Заявитель не должен иметь компанию, которая была закрыта, или иметь запрет на ведение деятельности в сфере СМИ; у него не должно быть приостановления или отмены лицензии – если только указанная выше причина была устранена;
  • Заявитель не должен иметь никаких финансовых обязательств с Советом;
  • Заявитель должен соблюдать все инструкции и правила, установленные для ведение медиа деятельности;
  • Любые дополнительные требования, которые могут применяться комитетом.
  • Ответственный Менеджер

    Согласно новым правилам, каждый веб сайт должен иметь менеджера, который контролирует содержание такого сайта. В этой связи менеджер будет представлять заявителя лицензии перед Советом, государственными органами или любой третьей стороной. Этот ответственный менеджер также будет нести ответственность за весь контент, размещенный на сайте, независимо был ли материал размещен им самостоятельно или третьим лицом. Правила устанавливают требования для ответственного менеджера, аналогичные требованиям для получения лицензии. Однако стоит упомянуть, что если заявитель является физическим лицом, он может выступать в качестве менеджера, ответственного за веб-сайт или электронные средств массовой информации, если он / она отвечает требованиям.

    Деятельность СМИ на платформах социальных сетей

    Постановление предусматривает дальнейшее предоставление дополнительной лицензии для коммерческих целей использования социальных сетей. Заявители должны соответствовать следующим требованиям:

  • Заявитель должен иметь узнаваемый профайл в социальных сетях;
  • Контент, размещенный в подобном эккаунте должен соответствовать  всем применимым стандартам рекламы или критериям, принятым Советом в данное время;
  • Владельцы эккаунтов в социальных сетях, представляющие платную рекламу, должны получить лицензию от Национального Медиа Совета  в соответствии с применимыми правилами и положениями;
  • Владелец учетной записи будет лицом, ответственным за весь контент, размещенный в этом профайле.
  • Срок Действия Лицензии и Ее Продление

    Лицензия на электронные СМИ действует определенный срок. Разрешение в соответствии с правилами действует в течение одного года, и может быть продлено на тот же срок. Владелец лицензии или его представители имеют право подать заявку на продление в течение 30 дней после истечения срока действия. Лицензия будет недействительна, если заявитель или его представители не подадут заявление в течение 30-дневного льготного периода, предоставленного после истечения срока действия первоначального разрешения.

    Обязательства Лицензиата

    Новые правила описывают обязательства, накладываемые на лица, подающие заявку. Эти обязательства не только влияют на самого лицензиата, но также будут иметь обязательную силу для любого лица, представляющего лицензиата или работающего в его/ее интересах. Ниже перечислены обязательства, предусмотренные постановлением:

  • Обязательство соблюдать вид деятельности и все требования в соответствии с лицензией;
  • Ответственность за получение предварительного согласия Совета на изменение любой лицензии;
  • Обязательство предоставлять любую информацию и данные в соответствии с запросами комиссии время от времени;
  • Стороны должны соблюдать инструкции и правила, регулирующие деятельность в области средств массовой информации, установленные комиссией;
  • Обязательство сторон всегда уважать общественные ценности и соблюдать требования общественных интересов;
  • Обязательство выплачивать финансовые сборы, необходимые в соответствии с законодательством.
  • Лицензионные Сборы

    The below table outlines the licensing fees as provided by the New Electronic Media Council in its new regulations. The charges are the responsibility of the Minister's Council and such council will be responsible for any addition, deletion or amendment.

     

    Вид Деятельности

    Новая Лицензия

    Продление Лицензии

    Электронные или онлайн эккаунты/вебсайты 

    AED 15,000

    AED 15,000

    Торговля, продажа и показ аудиоматериалов и интернет-аккаунтов

    AED 4,000

    AED 2,000

    Торговля, продажа и показ видеоматериалов и интернет-аккаунтов

    AED 6,000

    AED 3,000

    Онлайн учетные записи и веб-сайты электронной публикации и операции, связанные с печатью 

    AED 3,500

    AED 3,500

    Продажа книг

    AED 1,000

    AED 500

    Продажа газет и журналов 

    AED 1,000

    AED 500

    Продажа электронных видеоигр 

    AED 8,000

    AED 4,000

     

    Последствия новых правил для инфлюенсеров социальных сетей

    Новое положение не распространяется на сайты личного характера, а также блоги. Однако, оно распространяется на влиятельные эккаунты социальных сетей. Это касается популярных медиа блогеров, которые ведут онлайн бизнес деятельность, в том числе ту, указанную в положениях, а именно электронная коммерция, издательство и продажа печатной, аудио и видео продукции, а также реклама и продвижение брендов. Действие этих правил заключается в том, что лица, которые занимаются вышеупомянутой деятельностью, должны получить лицензию в соответствии с правилами.

    Нарушения Этикета в Социальных Сетях в ОАЭ

    В недавнем случае в Суде Дубая рассматривалось нарушение конфиденциальности, произошедшее, когда лицо публикует фотографии другого лица в социальных сетях без его разрешения. В отношении этих вопросов суд постановил, что такие случаи не могут быть проигнорированы, или стороны прийти к примирению.

    В данном случае девочка-подросток опубликовала фотографию своей подруги в социальных сетях, предположительно без предварительного разрешения другой девушки. Семья последней подала заявление о нарушении конфиденциальности в отношении девушки, разместившей фотографию. Семья на более позднем этапе попыталась снять дело. Однако, они не смогли этого сделать, поскольку закон должен идти своим чередом. Девушка, в конечном счете, не смогла доказать, что фотография, которую она выложила, была с разрешения другой девушки, и Суд первой инстанции, осудил ее. Теперь дело рассматривается в Верховном Суде.

    Наказание за нарушение такой конфиденциальности включает в себя тюремный срок в шесть месяцев и штраф в размере AED150,000-500,00. Причиной такой сурового наказания является то, что законодательная власть должна информировать общественность о том, что нарушение конфиденциальности с помощью социальных сетей является серьезным преступлением.

    В другом решении Федеральный апелляционный суд оставил в силе предыдущее постановление Федерального суда первой инстанции, которое осудило человека и приговорило его к тюремному заключению на два года. Осуждение было вызвано стихотворением, которое обвиняемый написал и опубликовал в социальных сетях. Это стихотворение нарушало общественный порядок и мораль и противоречило закону о киберпреступности. В этом случае суд приговорил мужчину к трехмесячному тюремному заключению и штрафу в размере 250 000 дирхамов.

    Заключение

    Объединенные Арабские Эмираты контролируют использование электронных средств массовой информации и внедряют новые правила, которые считают необходимыми. Цифровые медиа - один из самых перспективных секторов на Ближнем Востоке, особенно видео, игры и электронные книги. Регулирование этого сектора привлечет новые глобальные инвестиции, что, в свою очередь, улучшит его развитие и конкурентоспособность», - сказал Аль Мансури. Цели, достигнутые в реализации положений, - это поддержка соответствующих отраслей и контроль за их деятельностью. Другая достигнутая цель заключается в том, чтобы быть в курсе быстрых изменений в этой области, и это должно обогащать цифровой контент. Еще одной целью регулирования является укрепление уважения электронными средствами массовой информации культурных, религиозных и социальных ценностей ОАЭ.

     

     

     

     

     

    ]]>
    Tue, 17 Apr 2018 12:00:00 GMT
    <![CDATA[Являются ли Мобильные Приложения Безопасными?]]> Являются ли Мобильные Приложения Безопасными?

     

    «Люди забыли эту истину», - сказал Лис. «Но вы не должны забывать об этом. Вы в ответе за тех, кого приручили. Вы в ответе за свою розу».

    -Антуан де Сент Экзюпери

     

    Это было в далекой стране, стране безмятежных зеленых пейзажей, цветов, росы, проливных дождей и озер. Совсем недавно понятие «где-то далеко» было абстрактным, однако сейчас в выражении «мир, на расстоянии вытянутой руки», гораздо больше правды, чем можно было ожидать. Во многом это произошло благодаря развитию технологий. В то время, как дискуссия о том, являются ли технологии возможностью или препятствием, бесконечна, их влияние на развитие коммуникационных платформ неоспоримо.

    Эволюция от вырезания рисунков на каменных стенах до письменности и публикаций прошла своим чередом, но сейчас, с современными техническими достижениями, каждое десятилетие приносит новый способ общения. Ноутбук, компактная версия настольного компьютера, уже считается громоздким по сравнению с удобными смартфонами и планшетами, которые поставляются с самыми разнообразными приложениями.

    Мобильные приложения стали неотъемлемой частью жизни каждого пользователя, начиная  с утреннего будильника, подсчета шагов, пройденных за день, онлайн покупок или часов, проведенных за мобильными играми. Зависимость отодвинула на второй план удобство.

    Приведение в соответствие законодательства и технологий не всегда является гладким процессом, поскольку технические новшества не только делают прежние методы устаревшими, но и нарушают законы, их регулирующие. Поэтому не будет неверным утверждать, что нужны поправки в законодательство для того, чтобы идти в ногу с быстрыми темпами технологий.

      Доктрина об Ответственности Покупателя   

    Доктрина об ответственности покупателя  - это юридический принцип, который гласит: «Покупатель, будь осмотрителен».  Он пронизывает каждую юридическую структуру, выступая в качестве ориентира, указывающего на ответственность покупателя и разумное использование его здравого смысла перед использованием какой-либо услуги.

    Концепция ответственности покупателя использовалась на протяжении веков и претерпела существенные изменения. Изначально суды различали продажу конкретных товаров, которые могли быть рассмотрены покупателем и продажу неустановленных товаров, когда покупатель вынужден был полагаться на описание продавца. И если первый вариант подпадал под ответственность покупателя, то второй был вне ее. Такая категоризация была приемлемой в те времена, когда товары были относительно простыми. Однако, за последние несколько десятилетий экономические отношения купли-продажи претерпели изменения, и в настоящее время строгая ответственность покупателей была устранена за следующими исключениями:

     

    ·       Условия, связанные с качеством или пригодностью

    ·       Продажа товаров по описанию

    ·       Использование  торга

    ·       Согласие, полученное обманным путем

    ·       Продажа по патенту или товарному наименованию

    ·       Продажа по образцу

    ·       Искажение

     

    Мобильные Приложения и Ответственность Покупателя

     

    «Вы доверяете этому приложению?»

    «Пожалуйста, разрешите приложению получать доступ к аудио и фото»

    «Пожалуйста, включите службы определения местоположения»

      Хомо сапиенс, возможно, изобрел все необходимое для выживания, но даже он не может добавить 25-й час в сутки. Всем всегда не хватает времени, и потратить несколько минут, чтобы прочитать условия соглашения перед разрешением приложению использовать конфиденциальную информацию, похоже на невыполнимую задачу.   

    Такие приложения, как Фейсбук, Тиндер или Снапчат, в первую очередь основаны на том, чтобы сделать доступным местоположение пользователя, с такими функциями как обновление статуса и чек-ин. Более того, мир сейчас населен такими существами как покемоны, некоторые летают в воздухе, некоторые дышат огнем, и все благодаря последнему приложению Pokémon go, которое за несколько дней после запуска стало самым загружаемым приложением в мире, но какой ценой? Оно не только отслеживает местоположение пользователя, но и его электронную почту и историю браузера. Сейчас можно заказывать одежду, книги, кухонную технику, мебель, не поднимая головы от своего смартфона. Приложения для здоровья доступны не только для советов по вопросам образа жизни, но и для диагностики симптомов, частоты сердцебиения, уровня глюкозы в крови, типов сна и т.д. 

    Благодаря простому доступу  к технологиям и быстрому росту инноваций, создание приложений и их массовое распространение оказалось полем из роз, но розы неизменно сопровождаются шипами. Мобильные приложение можно рассматривать как расширение предлагаемых товаров и услуг. Чем больше использование мобильных приложений, тем больше вероятность халатности.

    В наши дни не редкостью будут заголовки о некачественных товарах, купленных онлайн, кражах, основанных на информации, полученной из чек-инов, неквалифицированных диагнозах и раскрытии конфиденциальной информации пользователя приложения маркетинговым компаниям, что поднимает вопрос, кто в конечном итоге несет за это ответственность? Охвачены ли пользователи мобильных приложений доктриной об ответственности покупателя?

    Важным аспектом определения ответа на данный вопрос является анализ следующих факторов:

    ·       Цель приложения

    ·       Рекомендации, приведенных в приложении

    ·       Разрешения, предоставленные пользователем

    ·       Связь между причиной и следствием, ведущими к халатности

    Несмотря на то, что процесс разработки приложения на данный момент стал относительно легким, найти авторитетную платформу, которая позволит пользователям получить доступ к этому приложению, требует определенных усилий со стороны производителей. Они должны предоставить документы, в которых указывается цель приложения, информация о версии и сведения о ее интерфейсе, а также получение сертифицированных разрешений.

    Однако эти правила не являются исчерпывающими и полностью контролируются частными компаниями смартфонов. Поэтому, несмотря на эти правила, магазин приложений Apple насчитывает около 2 миллионов приложений, в то время как аналогичный магазин Google play около 2,2 миллионов приложений, что делает рынок приложений многомиллиардной индустрией.

    В недавнем случае Maynard против McGee & Snapchat Inc утверждалось, что когда водитель отвлекся на селфи на высокой скорости, тем самым вызвав аварийную ситуацию, Snapchat несет за это ответственность, так как поощряет водителей ездить  с превышением скорости. Анализ этого случая демонстрирует, что Snapchat мог снять с себя ответственность, просто наложив предупреждение на фильтр превышения скорости.

    Создатели приложения Pokémon Go неоднократно обвинялись в росте числа погибших и расположении покемонов в опасных местах, в результате, предупреждающее сообщение о необходимости вести себя осторожно всплывает в момент, когда пользователь запускает приложение, тем самым перекладывая ответственность на игроков. Они публично себя защищали, сравнивая свое приложение с производством автомобиля, который после покупки перестает быть ответственностью производителя за небрежное вождение. Итак, в следующий раз, когда человек упадет со скалы, преследуя волшебное существо, это будет его собственная ошибка.

    Ответственность Третьих Лиц

    Заказывали что-то онлайн, а затем пожалели об этом?

    Платформы, такие как Amazon или Shopstyle гордятся тем, что являются удобным инструментом для совершения различных покупок в любом месте и в любое время, всего лишь движением пальцев. Однако, никто не обращает внимание, что в случае дефектов, эти приложения остаются в стороне, и игра в виноватого начинается между продавцами, размещенными в приложении и покупателями.

    Эти платформы обеспечивают свою безопасность от любой ответственности, заявляя, что вся информация, контент, материалы и продукты, доступные на их приложениях, классифицируются по принципу состояния «на данный момент» и «в зависимости от наличия», и любой товар или услуга, доступная пользователю в приложении, приобретается исключительно на риск покупателя. Эти приложения, таким образом, выигрывают от подобной защиты, в то время, как третьи стороны несут ответственность.

    Обеспечение ответственности перед третьими лицами открыло двери для многочисленных требований относительно степени ответственности ретейлеров, рекламирующих  и продающих товары с помощью этих приложений, так как продавцы утверждают, что приложения не могут точно указать детали продуктов, следовательно, нанося ущерб потребителям.

    Руководства и Правила

    Положения Всеобщей Декларации Прав Человека оказали влияния на Конституции различных стран, в которые были внесены поправки, признающие ответственность государства по защите и охране интересов потребителей. Различные страны установили свои собственные регулирующие органы, как например, FDA, которые следят за качеством и стандартами товаров массового спроса.

    Эти отделы устанавливают принципы, которые регулируют приложения для здоровья, диагностирующие симптомы своих пользователей и предоставляющих последующие медицинские консультации. Однако повседневные приложения, предоставляющие такие услуги, как онлайн-шоппинг, игры и транспортные перевозки, до сих пор остаются нерегулируемыми. Таким образом, создатели приложения по фитнесу и здоровью несут большую ответственность по сравнению с другими из-за чувствительных вопросов, с которыми они имеют дело.

    Заключение             

    Современное свободное общество построено на принципах свободы и личной ответственности, и каждый человек предпочитает нести ответственность только за свои действия. Человечество боролось за независимость в течение столетий, но оборотная сторона независимости – это ответственность, и ее ни в коем случае нельзя избежать.

    Эволюция телефонов от простых устройств, используемых для звонков, до смартфонов произошла во многом благодаря приложениям, которые теперь во многом дополняют личность человека. Прошли те времена, когда игры были спортом на открытом воздухе, теперь люди любого возраста собирают кристаллы, выстраивают конфеты и катаются по подземке с помощью пользовательского интерфейса. Эти приложения вскоре могут заменить местные рынки, словари и даже метеоролога!

    Поскольку покупатели и продавцы теперь более тесно связаны, покупатели должны знать о товарах и услугах, которые они получают, и следовательно доктрина об ответственности покупателя имеет важное значение. Тем не менее, наблюдается сдвиг в судебной мысли от ответственности покупателя к ответственности продавца, которую можно перевести буквально как «продавец, будь осмотрителен». Она направляет ответственность в сторону продавца, защищая права потребителей, но это может быть оправдано только в случае диспропорции власти между сторонами, так как абсолютно противоречит принципу свободной торговли и невмешательства.

    К сожалению, современное законодательство по-прежнему остается весьма двусмысленным в отношении ответственности покупателя и продавца в случае мобильных приложений. Икак следствие, нет конкретной формулы или платформы кроме подачи исков в суде для разрешения споров относительно транзакций между сторонами покупателя и продавца в приложениях.a

    Настало время, когда законодатели должны быть на одной волне с технологическими хедлайнерами мира, пишу я, размышляя, как бы сложилась судьба Ромео и Джульетты, если бы они могли переписываться по what's app, закрывая очередное напоминание на телефоне.

          ]]>
    Mon, 31 Jul 2017 08:00:00 GMT
    <![CDATA[Dubai Data Law: Let’s share!]]> In October last year, Dubai introduced the new 'data law' which will allow the sharing of information between public sectors and for the benefit of the private sector. This Article aims to understand the concomitants of such a move.

    Remember that time when a dial up icon popped up on your screen at the time you logged into internet connection and had to wait for the system to be connected to LAN? In contrast, all you need to do today is switch on your computer and it is automatically connected to the internet. In the coming years, technology is anticipated to be more intelligently integrated in our lives than it is today. Specialized software and sensors will be used to track resources, respond to crime or take constant vital signs.  In the words of technology maker Vint Cerf, 'it is almost as everything will be connected to everything.' The inherent risks that such wide exposure will pose to the public in general cannot be denied. But when the risk is compared to the magnitude of benefit the economy will have, it appears that the decision makers will be willing to take the plunge.

    In 2013, Obama's 'open' data policy saw a major breakthrough as the White House issued the Executive Order for open and machine readable government data thereby instilling a sense of transparency in government actions. In 2014, the President's assent was concluded for the enactment of Digital Accountability and Transparency Act 2014 (US Data Law). 

    The general principles under Section 1 of the Executive Order provides germane frame of reference for implementation of the Executive Order. It states as under:

    "Decades ago, the U.S. Government made both weather data and the Global Positioning System freely available. Since that time, American entrepreneurs and innovators have utilized these resources to create navigation systems, weather newscasts and warning systems, location-based applications, precision farming tools, and much more, improving Americans' lives in countless ways and leading to economic growth and job creation. In recent years, thousands of Government data resources across fields such as health and medicine, education, energy, public safety, global development, and finance have been posted in machine-readable form for free public use on Data.gov. Entrepreneurs and innovators have continued to develop a vast range of useful new products and businesses using these public information resources, creating good jobs in the process." 

    'Open data' and need for its encouragement in the wider context

    Open data means such information which may be available in a defined format for the use, re-use and benefit of the people. An understanding of the US concept of which data will be open data, required fulfilment of the following:

    i. The data should be PUBLIC. This means that subject to applicable and legislative restrictions the data should be available publicly on a platform.

    ii. The data should be RESUSABLE which means that there will be an 'open license' on the data with no restriction on the use and should be non-proprietary. 

    iii. The date should be ACCESSIBLE which means that the format in which data is provided or published should be retrievable, downloadable and capable of being searched appropriately. To the extent possible, the resources                  should use granular metadata, data dictionaries, and characteristics of data.

    As economies are getting more technologically adept, the concept of open data is expected to promote efficiency, interoperability, accessibility, accuracy and economic development wherever legally permissible.

    Imagine the use of such data for monitoring public utilities, understanding the trends relating to utility consumption, managing traffic issues. Open data can provide deeper significance in understanding healthcare innovations, markets trends on commodity consumptions, education trends for starters. Advancements in the field of science, healthcare and education are more palpable when inferred from an inspiration. Relying on Wikipedia, the idea of software giant Microsoft was born when Paul Allen showed Bill Gates a publication on Altair 8800- a super computer.  This concept of 'open date' has gained much acceptance for innovators in technology, as there has to be reasoning for Facebook and Google to provide 'open source' for its artificial intelligence (AI)  hardware computing design.  These companies do not procure hardware from suppliers like Dell or HP but have inspired themselves to be self-efficient for their  

    ]]>
    Mon, 14 Mar 2016 00:00:00 GMT