• What is e-commerce?
– The sale of physical or digital goods or services via a digital channel
• Interesting Fact:
– 11th November 2016, The Star Online reported that Chinese e-
commerce giant Alibaba Group Holding Ltd said it racked up more
than US$5bil in transactions in the first hour of its annual 'Singles' Day'
– In Malaysia, revenue in the e-commerce market amounting to USD
1,199.8 million in 2016
• The high volume of e-commerce transactions creates multiple
challenges to all parties
• consumer protection issues/unfair terms in
• data and network security issues;
• Intellectual Property rights issues;
• Privacy issues;
• jurisdiction/choice of law issues;
• admissibility/evidence issues;
• Cybercrime to e-payment & etc.
5. The Main Legislation
• Electronic Commerce Act 2006
– “electronic” means the technology of utilizing electrical, optical,
magnetic, electromagnetic, biometric, photonic or other similar
– “commercial transaction” means single communication or multiple
communications of a commercial nature, whether contractual or not,
which includes any matters relating to the supply or exchange of
goods or services, agency, investments, financing, banking and
• UNCITRAL Model Law on Electronic Commerce
– Part I which covers e-commerce in general
– Part II which covers E-commerce in specific areas such as carriage of
6. UNFAIR TERMS IN E-COMMERCE
• E-commerce transactions are categorised in four
– (a) consumer to consumer transactions;
– (b) business to consumer transactions;
– (c) business to business transactions; and
– (d) many to many transactions (e-marketsor exchanges).
• The Star Online reported that:
– ‘Between 80% and 85% of e-commerce is the business-to-
business (B2B) market. The business-to-consumer (B2C)
market takes up only a small portion.’
• Standard form contract
• A common contract where unfair contract
terms can be expected to be found.
• Consumer Protection Act only governs
– Not specifically on e-commerce
– Not the business-to business market
8. Unfair Terms in Malaysian Law
• Consumer Protection Act
– Section 24A defines “unfair term” as a term in a consumer contract
which, with regard to all the circumstances, causes a significant
imbalance in the rights and obligations of the parties arising under the
contract to the detriment of the consumer
– Procedural Unfairness (knowledge and understanding, bargaining
strength, reasonably practicable for the consumer to negotiate for the
alternation, independent legal or other expert evidence, accurately
explained) – These are not suitable for e-commerce, click-wrap
agreement? Air Asia auto-added system?
– Substantive Unfairness (unreasonably difficult to comply with, not
reasonably necessary for the protection of the legitimate interests of
the supplier) – No list of example of substantive unfair terms, e-
commerce will not know which term is allowed and which term is not
– A breach of any circumstances is a not breach of the law, it is not a
mandatory requirement, merely a list of circumstances for a court or
the Tribunal to take in account.
9. Business-to-business market (business contracts)
• Contract Law
– a contract caused by coercion, undue influence, misrepresentation
and fraud all of which are concerned with the procedural aspects of
– Consider the burden of proof
– Consider the substantive unfairness
• Common Law
– Doctrine of Unconscionability
– The applicability of the doctrine of inequality of bargaining power or
unconscionable contract under the common law of Malaysia is still
– Malaysian courts have yet to deal with the issue of unconscionability
and unequal bargaining power in e-commerce transactions.
10. A regional movement
• European Union Council Directive 93/13/ECC on Unfair
Terms in Consumer Contracts
• UK enacted the Consumer Rights Act 2015 (CRA) in order to
give effect to the Directive
– ‘Contract and Notices’ vs ‘A Contract or a Term of the Contract’
• A notice that relates to rights and obligations between a trader and a
consumer or a notice which appears to exclude or restrict a trader’s
liability to a consumer
• Contractual or non-contractual consumer notices
• Notices can be found on an e-commerce website (e.g incorrect price,
incorrectly states the offer's end date, late delivery, etc)
– The Fairness Requirement
• A term or a notice is unfair if, contrary to the requirement of good
faith, it causes a significant imbalance in the parties’ rights and
obligations under the contract to the detriment of the consumer.
– The Transparency Requirement
• A term which is ambiguous will be interpreted in the meaning that is
most favorable to the consumer
• The transparency requirement may be enforced by public bodies
11. Conclusion on Unfair Terms in
• No Model Law, Convention or Treaty
• No specific provision
• No regulation on business contracts
• No mandatory requirement on transparency
• The current law is inadequate for dealing with unfair
terms in e-commerce
• Insert the provisions on unfair terms in
Electronic Commerce Act 2005—applicable to
business contracts and consumer contracts
• Set up a commission or regulator to govern the
unfair terms in e-commerce
• Insert a transparency requirement
• Importance: to foster a more conducive
environment for e-commerce activities
14. CYBER CRIME !!
The term ‘Crime’ is defined as “an intentional act in violation of the
criminal law (statutory and case law), committed without defence or
excuse, and penalized by the state as a felony or misdemeanour.
Cybercrime is a term used to broadly describe criminal activity in which
computers or computer networks are a tool, a target or a place of
criminal activity. It include everything from electronic cracking to denial
of service attacks.
It is also used to include traditional crimes in which computers or
networks are used to enable the illegal activity.
15. Categories of Cybercrime
Saturday, 11 February 2017
Cybercrime can generally be divided into two categories;
• Crimes that target computer networks or devises directly,
example; Malware and malicious code, denial of service attacks,
computer viruses, industrial espionage, software piracy and
• Crimes facilitated by computer networks or devices, example;
cyber stalking, fraud and identity theft, phishing scams and
20. International efforts to combat Cybercrime
• International Criminal Police Organization (Interpol)
– As an international law-enforcement organization with 184
members, Interpol started to tackle computer crime very
early, by coordinating law-enforcement agencies and
legislations, in regard to which Interpol made efforts to
improve counter-cybercrime capacity at the international
– Interpol has provided a technical guidance in cybercrime
detection, investigation and evidence collection. The
Interpol Information Technology Crime Investigation
Manual was compiled by the European Working Party on
Information Technology Crime.
– Compared with the substantive and procedural law
harmonization of today's Convention on Cybercrime, the
Manual developed a technological law-enforcement model
to improve the efficiency of combating cybercrime
Saturday, 11 February 2017
21. Regional efforts to combat Cybercrime;
• The Asia-Pacific Economic Cooperation (APEC)
• In 2005, The sixth APEC Ministerial Meeting on the
Telecommunications and Information Industry passed the
• "encouraging all economies to study the Convention on
Cybercrime (2001) and to endeavour to enact a
comprehensive set of laws relating to cyber security and
cybercrime that are consistent with international legal
instruments, including UN General Assembly Resolution
55/63 (2000) and the Convention on Cybercrime (2001)."
• Nevertheless, due to the great difference between member
economies within the APEC, the development toward unified
legal instruments has not been too satisfactory.
Saturday, 11 February 2017
22. Regional efforts to combat Cybercrime cont.….
Saturday, 11 February 2017
• COUNCIL OF EUROPE
• In 1981, the Council of Europe implemented “the Convention for the
Protection of Individuals with Regard to Automatic Processing of
• The Convention recognized the desirability
– "to extend the safeguards for everyone's rights and fundamental
freedoms, and in particular the right to the respect for privacy,
taking account of the increasing flow across frontiers of personal
data undergoing automatic processing," and the necessity "to
reconcile the fundamental values of the respect to privacy and the
free flow of information between peoples" (Preamble).
• The Convention covers the protection of personal data in both the
public and private sectors.
23. COUNCIL OF EUROPE cont.…
Saturday, 11 February 2017
• In 1997, the Council of Europe began drafting the Convention on
Cybercrime, which was open for signature in 2001 and took
effect in 2004.
• In 2003, the Additional Protocol to the Convention on
Cybercrime Concerning the Criminalization of Acts of a Racist
and Xenophobic Nature Committed Through Computer System
(ETS NO. 189) was implemented.
• The Convention is a historic landmark in the combat against
• The Council of Europe in 2006 launched a Project against
Cybercrime, envisioned to assist the development of national
legislation in line with the provision of the Convention, training
of judges, prosecutors and law-enforcement officers, and
training of criminal justice officials and 24/5 contact points in
24. The European Union
• In 1995, the European Parliament and the Council (EPC) endorsed Directive
95/46/EC of 24 October 1995 on the protection of Individuals with regard to the
Processing of Personal Data and on the Movement of Such Data.
• In 1997, the EPC endorsed Directive 97/66/EC of 15 December 1997 concerning
the Processing of Personal Data and the Protection of Privacy in the
• In April 2002, the Commission of the European Communities presented a proposal
for a Council Framework Decision on Attacks against information systems, and this
proposal constitutes the case of the Decision of 24 February 2005.
• The Framework Decision only dealt with attacks through unauthorized access to
or interference with information systems or data. It does not specify penalties for
illegal access to information systems and instigation, aiding and abetting and
attempting of these offences, but requires member states to take the necessary
measures to ensure that they are punishable by effective, proportional and
dissuasive criminal penalties.
• It is worth noting that the matters mentioned in the Framework Decision can also
be found in the Convention on Cybercrime.
25. Multi-national Organizations;
• The Common Wealth Nations
• The Commonwealth of Nations’ Secretariat prepared the "Model Law on Computer
and Computer Related Crime" in October 2002
• The Model Law expanded criminal liability - so as to include reckless liability- for the
offences of interfering with data, interfering with computer systems, and using illegal
• The Model Law also covered the problem of dual criminality by stating that the act
applied to an act done or an omission made by a national of a state outside its
territory, if the person's conduct would also constitute an offence under a law of the
country where the offence was committed. This may lead to prosecution or extradition
based on dual criminality.
• Another focus of the Commonwealth is on mutual assistance in law enforcement
between Commonwealth member states and non-commonwealth States.
• In the 2005 Meeting of Commonwealth Law Ministers and Senior Officials, the Expert
Working Group proposed 10 recommendations for member states to adopt suitable
measures for improving domestic law enforcement and trans-national assistance.
• It also encouraged member states to sign, ratify, accede to and implement the
Convention on Cybercrime as a basis for mutual legal assistance between
Commonwealth member states and Non-commonwealth States.
26. The Group of Eight (G8)
• In 1995 at the Halifax Summit, the Group of Seven recognized
– "that ultimate success requires all governments to provide for effective
measures to prevent the laundering of proceeds from serious crimes, and to
implement commitments in the fight against trans-national organized crime."
• The group released 40-point set of "recommendations to combat Trans-
national Organized Crime efficiently" at the G7/P8 Lyon Summit. The
recommendations urged the states to increase the level of criminalization,
prosecution, investigation, and international cooperation, while
acknowledging in their entirety human-rights protection.
• The Group of Eight Meeting of the Justice and Interior Ministers indicated, in
a Statement of Principles Concerning Electronic Crime, that,
– ‘although criminal legislation was a national responsibility, the character of the
information networks obstructed countries from operating traditional power over
this problem. National legislations have to be supplemented by international
cooperation to criminalize the exploitation of the networks and harmonize the
• The Group of Eight agreed on principles and approaches for the protection of
privacy, the free flow of information, and the security of transactions.
27. The Organization for Economic Corporation and Development
• In 1983, an expert committee was appointed by the OECD
to discuss computer crime phenomena and criminal-law
• In December 1999, the OECD officially approved the
Guidelines for Consumer Protection in the Context of
• In 2002 the OECD adopted Guidelines for the Security of
Information Systems and Networks, calling on member
– "establish a heightened priority for security planning and
management", and to "promote a culture of security among
all participants as a means of protecting information systems
• The guidelines established nine principles, including
awareness, responsibility, response, ethics, democracy,
risk assessment, security design and implementation,
security management, and re-assessment.
28. Major themes of the Organizations
The promotion of security awareness at both
the international and national levels,
Global harmonization of laws and procedure,
Coordination and Cooperation in law
Direct anti-cybercrime actions.
Saturday, 11 February 2017
29. Efforts to combat cybercrime in Malaysia
• Numerous legislations have been enacted in
1997 to 1998. They are: -
– 1. Multimedia and Communications Act 1998
– 2. Multimedia Commission Act 1998
– 3. Digital Signature Act 1997
– 4. Computer Crimes Act 1997
– 5. Telemedicine Act 1997
– 6. Copyright (Amendment) Act 1997
Saturday, 11 February 2017
30. Malaysia cont.….
• Computer Crimes Act 1997 is the main Act use to combat
cybercrime in Malaysia.
• However, the offences are only described in sections 3, 4, 5,
6, 7 and 8 in Part II of the Act.
• The Computer Crimes Act 1997 does not cover many areas of
• The criminal laws of Malaysia, in particular the Penal Code,
do not specifically provide for any computer-related crimes.
• The legal standing of these cybercrime protections must be
determined in the context of the existing laws.
• The existing laws were not drafted with computer technology
in mind and in most cases, is not sufficiently broad enough to
encompass the various types of computer-related activities.
• Consequently, no matter how repulsive or evil such activities
may be in the perception of the policymakers and the public,
they may not constitute unlawful or prohibited behaviour.
Saturday, 11 February 2017
31. FINDINGS AND RECOMMENDATIONS
Cybercrime’s definition; no comprehensive definition of the term “cybercrime”
yet. Cybercrime covers diverse types of offences which includes; offences against
the confidentiality, integrity and availability of data and information systems.
There is need for a harmonized definition of the term cybercrime in an
international instruments either binding or non-binding.
ICT is complex and often unfamiliar to the traditional criminal justice world. It
requires well-trained personnel to deal with crimes involving these devices
throughout the investigation phase, during prosecution, and in courts. States
need to invest in constant training and education of its operators
Sovereignty and the territoriality principle issue; cybercrimes
frequently occur in different places, which may be under the
jurisdictions of different countries. There is a strong need for clear
norms setting the priorities and competences of each country
Crimes occur in a fraction of a second and evidence of cybercrime
frequently consists of digital information, which is momentary by
nature and can be altered or deleted. Law enforcement agencies
must therefore take rapid action and be able to collect and preserve
digital evidence for use in criminal proceedings
Saturday, 11 February 2017
32. How to Tackle Such Activities?
An important question that arises is how can these crimes be prevented. A
number of techniques and solutions have been presented but the problems still
exists and are increasing day by day.
Antivirus And Anti Spyware Software:
Antivirus software consists of computer programs that attempt to identify,
thwart and eliminate computer viruses and other malicious software. Anti spy
wares are used to restrict backdoor program, trojans and other spy wares to be
installed on the computer.
A firewall protects a computer network from unauthorized access. Network
firewalls may be hardware devices, software programs, or a combination of the
two. A network firewall typically guards an internal computer network against
malicious access from outside the network.
Saturday, 11 February 2017
Cryptography is the science of encrypting and decrypting information.
Encryption is like sending a postal mail to another party with a lock code
on the envelope which is known only to the sender and the recipient. A
number of cryptographic methods have been developed and some of
them are still not cracked.
Cyber Ethics and Laws:
Cyber ethics and cyber laws are also being formulated to stop cyber
crimes. It is a responsibility of every individual to follow cyber ethics and
cyber laws so that the increasing cyber crimes shall reduce. Security
Software like Anti Viruses and Anti Spy Wares should be installed on all
computers, in order to remain secure from Cyber Crimes. Internet Service
Providers should also provide high level of security at their servers in order
to keep their clients secure from all types of viruses and malicious
34. The Future of Cyber-Crimes in Malaysia
• Continued Website Hacks and
• Data and Information theft
• Increasing phishing attacks on
Ecommerce and Financial Websites
• Cybercriminals targeting Social and
• Threats directed at the Mobile Platform:
Smartphones and Tablets
"As internet technology advances so does the
threat of cyber crime. In times like these we must
protect ourselves from cyber crime. Anti-virus
software, firewalls and security patches are just
the beginning. Never open suspicious e-mails and
only navigate to trusted sites.”
JURISDICTIONAL ISSUES IN E - COMMERCE
• “As long as different countries have different laws and cultures,
there are no good principles for jurisdiction….Every nation wants
unity, but no nation wants to give up any of its traditions.”
• When something goes wrong with contracts between parties in
different countries, there is often confusion as to where a court
action should be brought.
Should it be in the country of the purchaser?
Or that of the seller or service provider?
And how can you enforce a court ruling when each party is in a
Internet Contracts are based largely on the terms and conditions
contained on the web site in question
• The terms and conditions often contain a 'choice of law'
clause, which indicates the country in which a dispute will be
• But most times not brought to the attention of the customer.
• These problems may be solved and/or reduced by an
• Unfortunately, there are no specific rules in the model laws
and conventions dealing with Internet jurisdiction yet
• Common law courts around the world have applied different
criteria to determine whether they have jurisdiction over
• While some courts have simply applied existent traditional
rules, others have tried to develop new criteria to
accommodate the uniqueness of the electronic commerce.
38. CASE STUDY; BANYAN TREE HOLDING (P) LIMITED VS. A.
MURALI KRISHNA REDDY & ANR.
• The case came up at Delhi India Court
• The Plaintiff’s registered office is at Singapore
• The Defendants 1 and 2 are at Hyderabad. None of the parties is located
within the territorial jurisdiction of the Court.
Brief facts of the case.
• The Plaintiff, since 1994 adopted and used the word mark “Banyan Tree”
and also the banyan tree device.
• Due to long usage the Plaintiff claimed that the said mark have come to be
associated with it and its sister concerns.
• The Plaintiff maintains the websites www.banyantree.com and
www.banayantreespa.com since 1996.
• The said websites are accessible in India.
• In October 2007, the Plaintiff learnt that the Defendants had initiated work on
a project under the name “Banyan Tree Retreat”.
• The Plaintiff contend that the word mark and the device adopted by the
Defendants in relation to their retreat is deceptively similar to that of the
39. Case study cont.…
The Plaintiff contends that the use of the said mark and device
by the Defendants was calculated to cause confusion and
deception among the public by passing off the services of the
Defendants as that of the Plaintiff.
The Plaintiff filed for an injunction to restrain the Defendants
from the use of the said mark and device.
One of the issues before the court for determination is,
– whether for the purposes of a passing off action, or an
infringement action where the Plaintiff is not carrying on
business within the jurisdiction of a court, in what circumstances
can it be said that the hosting of a universally accessible website
by the Defendants lends jurisdiction to such Court where such
suit is filed ("the forum court")?
• In the United States, the rules on applicable law and jurisdiction are based on
notions of “reasonableness” and “fundamental fairness” to both plaintiffs and
• Case to case basis
1. Purposeful availment test;- the Plaintiff to prove;
o That the defendant has sufficient "minimum contacts" in the forum state. In
other words, the defendant must have purposefully directed its activities
towards the forum state or otherwise "purposefully availed" of the privilege of
conducting activities in the forum state.
o The forum court had to be satisfied that exercising jurisdiction would comport
with the traditional notions of fair play and substantial justice (International
Shoe Co. v. Washington)
2. The “Zippo” sliding scale test:- the plaintiff to prove:
o the defendant must have sufficient "minimum contacts" with the forum state,
(2) the claim asserted against the defendant must arise out of those contacts,
and (3) the exercise of jurisdiction must be reasonable."
o The court in Zippo classified websites as (i) passive, (ii) interactive and (iii)
integral to the defendant’s business. (Zippo Mfg. Co. v. Zippo Dot Com, Inc.)
3. Effects test:-
o The courts moved from a “subjective territoriality” test to an
“objective territoriality” or “effects” test in which the forum court
will exercise jurisdiction if it is shown that effects of the Defendant’s
website are felt in the forum state. (Calder v. Jones)
4. Targeting Approach:-
o Currently evolving in the USA courts, a targeting analysis requires
that a defendant specifically aim its online activities at a forum to
come under the jurisdiction of that state.
In addition, US courts have generally held that consumer protection
authorities can assert jurisdiction over foreign businesses harming
EUROPEAN UNION APROACH
• Europe has specific rules relating to jurisdictional issues relating to e-
The Brussels Convention on Jurisdiction and Recognition of Enforcement of
Judgments in Civil and Commercial Matters (known as “the Brussels
Convention”) govern the issue of jurisdiction; and
The EC Convention on the Law Applicable to Contractual Obligations (known
as “the Rome Convention”) govern the issue of applicable law for consumer
contracts concluded over the Internet.
• Under these conventions, jurisdiction and applicable law for consumer
contracts are based on whether consumer is “active” or “passive”.
– Passive;- the consumer is not the initiator of the international contract(has no
intention to enter international market) such contract was preceded by a
specific invitation or by advertising.
– Active:- takes the initiative to enter international market
• The conventions focus more on passive consumer than active consumers
• This protection is not affected by a choice of forum or law clause.
• Art. 17.1( c) Brussels Reg. requires only that the commercial activity was
directed towards the consumer’s state and the specific contract should fall
within the scope of the business area
• It does not provide any basis for a causation requirement
43. BANYAN TREE HOLDING (P) LIMITED CONT….
• The Delhi High Court after thorough examination of different
commonwealth cases and principles of law, applying USA
targeting approach held that;
“………For it to exercise jurisdiction there should be a
prima facie evidence to shown that the nature of the
activity indulged in by the Defendant by the use of the
website was with an intention to conclude a commercial
transaction with the website user and that the specific
targeting of the forum state by the Defendant resulted in an
injury or harm to the Plaintiff within the forum state”.
44. APPROACH IN MALAYSIA
There is no Malaysian decision on the jurisdiction of a
commercial website yet.
• Should a case arise, we assume, the basic law
regarding Court’s jurisdiction would apply i.e.;-
• Thus Malaysian Courts would have jurisdiction only
– The cause of action arose in Malaysia; or
– The defendant resides or is domiciled in Malaysia; or
– The defendant has a business or carrying on a business in
It is suggested that the approach taken by the U.S.A.
courts would be the best way forward, that is the
45. FINDINGS AND RECOMMENDATIONS
The presence of multiple parties in various parts of the world
who have a virtual connection with each other.
Difficulties in determining the appropriate forum court in times
of dispute due to borderless nature of internet.
We recommend that in this kind of situations the court should
apply the USA targeting approach theory.
The challenge of conflict of laws among nations may also arise.
For instance, some websites may be offensive in Malaysia but
legal in Canada.
These issues are of serious concern especially with respect to
enforcement of foreign judgment.
We suggest that there is urgent need for strong and pervasive
laws at the international level to deal with forum jurisdiction in
e-commerce disputes and the recognition and compulsory
enforcement of such forum decisions in other territorial
• As the number of internet users increases globally and
consumers and vendors gain more familiarity and comfort in
doing business online, internet markets will play an even
more significant role in the economies of nations worldwide.
• Therefore, the subject of jurisdiction in e-commerce
consumer contracts is of great importance in the lives of
online vendors, consumers, policy makers and governments.
Saturday, 11 February 2017