The conclusion of transactions using e-mail and electronic messages has become increasingly prevalent in Qatar. The Decree Law No (16) of 2010 on the Promulgation of the Electronic Commerce and Transactions Law (“E-Commerce Law”), which was enacted on August 19, 2010, regulates these transactions.
The E-Commerce Law was drafted and proposed by the Supreme Council of Information and Communications Technology (ictQATAR), the state’s information and communications regulator which supervises the telecommunication and IT sectors in Qatar.
To the best of our knowledge, the E-Commerce Law is the first law in Qatar that deals with the rules and regulations concerning electronic business and includes the penalties for breaking such rules.
Legalisation of electronic transactions
The law gives evidential weight and legal effect to electronic transactions.
The law applies to transactions between parties who agree to conduct transactions using electronic communications and provides for the legalisation of a contract formed by means of electronic communications.
The law states that the information in the data message shall not be denied legal effect, validity or enforceability solely on the grounds that they are in the form of a data message.¹ (Article 20)
It is important to note that the law does not apply to documents relating to family and personal status, documents that create interests in land, documents that are required by law to be authenticated by the Notary Public and negotiable commercial instruments in accordance with the provisions of the Commercial Law (Article 3).
Legalisation of electronic signatures
The legalisation of e-signatures in Qatar is an important step towards making e-commerce a convenient and efficient way of concluding contracts and conducting business online.
In order for an e-signature to have legal weight the following conditions should be met (Article 28):
1) the signature creation information² must be identified with the signatory and no other person;
2) the signature creation information at the time of signing must be under the control of the signatory and of no other person;
3) any alteration to the electronic signature, made after the time of signing, must be detectable;
4) where a purpose of the legal requirement for a signature is to provide assurance as to the integrity of the information to which it relates, any alteration made to that information after the time of signing must be detectable.
An electronic signature is considered legally valid regardless of the geographic location where the electronic signature is created or used, or the geographic location of the place of business of the signatory.
Transmission and storage of information
Article 45 of the E-Commerce Law provides protection to business owners by limiting their liability for the transmission of information of the e-commerce service3 provided or requested by user of the service if the service provider4 does not:
1) initiate the transmission;
2) select the receiver of the transmission; or
3) select or modify the information contained in the transmission.
Consumer protection
The E-Commerce Law aims to protect consumers online in a number of ways.
Article 54 states that electronic communications must have been solicited by the recipient or sent as a result of an existing relationship. Therefore “spam” has been outlawed.
Article 57 states that where contracts have been concluded by electronic communications a consumer may within three days rescind or terminate the contract from the date of entering into it without penalty.
This is as long as the service provider has not fully implemented the contract in a manner that serves the purpose of the contract during that time and the consumer does not use or benefit from the goods or services in the meantime.
Article 58 states that the consumer may terminate the contract with a service provider where delivery or other performance of the contract is delayed for a period exceeding thirty days and shall be entitled to a refund to any payments made by the consumer. It is also stated that a consumer has no obligation to pay to return goods which were delivered to it by the service provider in error.
Article 59 provides for consumer data protection, in that it states, the service provider shall not, except as permitted or required by law, or with the consent of the customer to which the personal information relates, collect, use, retain or disclose customer personal information for undisclosed or unauthorised purposes.
Powers of ictQATAR
The E-Commerce Law provides ictQATAR with the power to oversee the provision, use and development of electronic commerce and transactions, as well as issue licences and authorisations necessary in accordance with the provisions of the law.
ictQATAR has the ability to take appropriate legal action and measures to ensure that service providers and other persons falling under the jurisdiction of the law comply with the provisions of the law its regulations and it’s implementing decisions.
Crimes and Penalties
The E-Commerce Law provides a penalty not exceeding QR300,000 /and or imprisonment for two years, if a person deliberately commits any of the following crimes:
1) unlawful access to any information system, data message or electronic commerce service;
2) providing false or misleading information to the Supreme Council or misusing the certification services5;
3) creating, publishing or using electronic signatures or certification certificates for unlawful purposes;
4) destroying or damaging a data message, electronic signature, certification certificate or any other electronic medium;
5) forging a data message, electronic signature, a certification certificate or any other electronic medium by imitation, modification, issuance or by any other means or using any of them with knowledge of forgery;
6) providing false information to the certification service provider or false electronic signature information to any party relying on the e signature under the law;
7) illegally accessing, copying reproducing or obtaining the electronic signature system or the signature creation data of another person;
8) stealing the identity of a person or falsely claiming to represent him/her in applying for, accepting or requesting the suspension or revocation of a certification certificate;
9) publishing circulating or providing a certification certificate that contains or refers to false information;
10) intercepting or committing illegal interference with any information system, electronic communication or electronic commerce service; and
11) carrying out the activity of the certification service provider without obtaining a licence from the Supreme Council.
Essentially the importance of the E-Commerce Law is that it provides legal recognition of electronic communications, data messages and electronic signatures. The law also provides protection to both business owners and consumers.
This law will obviously help develop a safe and reliable environment for companies that utilise the Internet for business which, we think, have increased in the past few years.
*** For any further information in respect of legal issues please contact Fouad El Haddad or David Salt at [email protected] or [email protected]
------------
1 Data message is information generated, sent, received, processed, stored or displayed by one or more information systems or by means of electronic communication.
2 The signature creation information is the information, codes or private cryptographic keys used by the signatory to create an electronic signature.
3 An e-commerce service is a service normally provided for remuneration, or a service of a non commercial nature provided by means of any combination of an information system and any telecommunications network or telecommunications service, including electronic government services.
4 A service provider is a person providing an e-commerce service.
5 A certification service provider is a person licensed to maintain public key infrastructure, to issue certification certificates and to provide related electronic signature services.
A certification certificate is a document issued by a certification service provider confirming the valid link between a signatory and the signature creation information.