IBLS Editor Kelly O'ConnellTuesday, July 22, 2008
On May 18th, 2008 the Electronic Transactions Law 69/2008 of the Sultanate of Oman was issued by His Majesty's Royal Decree. This is the first law passed to regulate electronic transactions in Oman. Secretary General of Oman's National Economy Ministry and Chairman of the Information Technology Authority (ITA) Mohammad Al-Khussaibi said the Electronic Transactions Law "is the start of a new era in Oman, where a truly e-enabled society evolves in the realization of the digital society in the Sultanate."
The Electronic Transactions Law (ETL) contains 54 articles drafted over a period of three years. The Government said that the ITA, and other Government bodies, as well as a private law firm compiled the law. It was based on existing statutes promulgated by the United Nations Commission on International Trade Law (UNCITRAL) and the Organization for Economic Cooperation and Development (OECD). Statutes from other countries were consulted, including those from the United States, France, Ireland, Malaysia, and Tunisia.
These questions will be answered to understand how the new law relates to blogging in Oman. What Areas Does the New Law Cover?; What is a "Network Agent" Under the Law?; What is the Legal Import of a Website Being Defined as a Network Agent Under the ETL?; What About Protection of Personal Data on Omani Websites?
What Areas Does the New Law Cover? The Electronic Transactions Law is largely related to e-signatures and e-commerce. It legalizes e-transactions via accountable electronic data or records; It invalidates obstacles or challenges to e-transactions regarding writing and signature; It enhances basic legal structures for secured processing or e-transactions. It is meant to make easier transfer of e-documents; and also minimize counterfeiting and defrauding of electronic messages; It creates a unified set of rules, regulations, and standards regarding the authentication of electronic messages and records. It is meant as a public policy measure to bolster public trust in the safety and authenticity of e-transaction, messages, and records. The law establishes an encryption standard to protect e-transactions and insure confidentiality of the message, to verify the originator, and to prevent unauthorized recipients from getting the data unintentionally. Private entities can now sign binding contracts via the Internet. Government ministries can now use electronic records and digital signatures for tendering acts. As well, license requests can be processed online and taxation systems can also accept payments electronically. The law also establishes punishments for digital crimes.
What is a "Network Agent" Under the Law? The law uses the phrase "Network Agent" to describe a website owner. Although the law generally sanctions use of online signatures, a Network Agent covers more than an Internet retail site. In fact, no mention is made of the Network Agent needing to take payments as part of the definition. It describes a Network Agent related site as any providing services for sending, receiving, adopting, or storing an electronic transaction or performing any services relating to these transactions. Further, the term of art used is "Electronic Transaction," being any action that includes the sending or receiving of electronic messages, although not strictly restricted to commerce. For example, if a person owned an Omani styled "Craigslist" type website, which was free to use and the owner made no direct income from any sales, the "Network Agent" law would probably apply to the owner. Further, such a site would be expected to collect user information, as well.
Likewise, a blog owner, simply by giving others a medium within which to send or post message is theoretically under this definition of "Network Agent." The reason why is because a blog can create income from posting ads which create revenue indirectly, based upon user numbers, despite the fact that no goods are ever exchanged and no user sales have taken place. Also, a private message sent via a blog technically qualifies as a "transaction," if it includes a contractual offer and acceptance. How courts will define "contract" and "procedure" in these settings will also prove a crucial detail.
So, any blogger forum, website, or weblog that contains revenue producing ads could be considered to be owned by a "Network Agent," and under the "Electronic Transaction" law.
What is the Legal Import of a Website Being Defined as a Network Agent Under the ETL?Under the ETL, Article 6, the law obliges network agents to provide themselves a way to make the website accessible for the purposes of national security. The Ministry of Finance will specify connectivity requirements Network Agents must be comply with. So, the Government will essentially have access to all user data whenever they want to download it.
Under the ETL, Article 14, a liability scheme for Network Agents is articulated. Here the Act makes the Network Agents liable for the content of the users. This inverts normal Internet free speech protocol by making the blog owner responsible for the online statements of the users, and not the bloggers themselves, as is the rule in the U.S. and other places.
A Network Agent can avoid such liability for illegal statements by satisfying two criteria of the law:
The Network Agents swears he or she do not know that the posted information constitutes a criminal or a civil liability; and he or she instantly removes the sanctioned content and then blocks access to this information once informed of its whereabouts.
The law does not make clear if the Network Agents' knowledge is actual, or imputed. The latter would be from the standard of what an ordinary Network Agent would be expected to be aware of, in the given situation. For example, if a blog posting is left in plain site & has clearly illegal content, is the Network Agent held liable if he did not bother to check his or her blog for a week?
What About Protection of Personal Data on Omani Websites?The ETL, in Chapter 7 on the Protection of Personal Data, Article 45 covers this.
It states that any person, not just a Network Agent, who has control of a user's personal data that they plan to use must inform the data subject of any information before using that information. This would include telling the data subject of what e-information is being held and how will will be used.
Article 48 makes illegal misuse of such personal details in a way that could harm the data subject, or deny them their legal rights.
Article 49 insists that any data transfer or storage be done in such a way as to safeguard the information when transferring it abroad, and being sure to follow the data rules of the destination country.