Chapter 5: Legal Issues Unique To E-Business

BAEB 301 : BASIC LAW FOR E-BUSINESS
CHAPTER 5: LEGAL ISSUES UNIQUE TO

E-BUSINESS
Chapter 5: Legal Issues Unique to E-Business
Topic Outlines
5.1 Malaysian Government Initiative on E-Business
5.2 Outline of Specic Legal Issues Unique to E-Business
5.3 Law of Defamation in Malaysia
5.3.1 Civil Defamation under the Defamation Act 1957

5.3.2 Criminal Defamation under S. 499 of the Penal Code
5.3.3 Defamation and the Internet – Name-Calling in Cyberspace
5.3.4 Defamation in Cyberspace in the Malaysian Context
5.4 Communications and Multimedia Act 1998 (CMA98)
5.4.1 CMA98 Guidelines on Online Publication

5.4.2 Examples of Complaints Under the CMA98
Slide 2 of
[Count you
total slide and
change the
number here]
Topic Outlines
5.5 Computer Crimes Act 1997 (CCA97)
5.5.1 Purpose of CCA97

5.5.2 Six Types of Criminal Offences under the CCA97
5.6 Personal Data Protection Act 2010 (PDPA10)
5.6.1 Overview of the PDPA10

5.6.2 Legal Significance of the PDPA10
5.6.3 Meaning of Personal Data under the PDPA10
5.6.4 Meaning of Sensitive Personal Data under the PDPA10
5.6.5 Seven Data Protection Principles
5.6.6 Situations Where Data Subject is Refused Access to Data
5.6.7 Rationale of Having PDPA10
Slide 3 of
[Count you
total slide and
change the
number here]
Topic Outlines
5.7 Digital Signature Act 1997 (DSA97)
5.7.1 Definition of a Digital Signature

5.7.2 Security of a Digital Signature
5.7.3 Legal Effect of a Digital Signature
Slide 4 of
[Count you
total slide and
change the
number here]
Learning Outcomes
At the end of this chapter, students should be able to:

 Appreciate that fact that due to the exponential growth of the Internet and
online activity, it has raised a number of new regulatory issues and legal
questions.
 Understand how Malaysian Cyber laws consisting of the Computer Crimes
Act 1997 (CCA97), the Digital Signature Act 1997 (DSA97), the
Communications and Multimedia Act 1998 (CMA98) and the Personal Data
Protection Act 2010 (PDPA10) apply to activities in cyberspace to safeguard
privacy, safety and data integrity on the Web.
 Understand the law of defamation under Malaysian Law which
contemplates both civil defamation under the Defamation Act 1957 and
criminal defamation under Section 499 of the Penal Code and the problem
of defamation in cyberspace.
Slide 5 of
[Count you
total slide and
change the
number here] Topics
5.1 Malaysian Government Initiative on E-Business
 The Multimedia Super Corridor (MSC) is part of the

Malaysian government initiative to transform Malaysia
from a manufacturing-based economy to a knowledge
economy employing electronic intelligence.
 MSC also aims to provide a perfect environment for
companies to create, distribute and employ multimedia
products and services to the rest of the world.
 Cyberlaws are necessary to provide a conducive
environment for the conduct of electronic commerce over
wires, computers, and the Internet.
Slide 6 of
[Count you
total slide and
change the
number here] Topics
5.2 Outline of Specific Legal Issues Unique to E-Business
 The law of defamation and how it applies to persons

doing business on the Internet.
 Specific Areas of Malaysian Cyber laws:-
1. the Computer Crimes Act 1997 (CCA97),
2. the Digital Signature Act 1997 (DSA97),
3. the Communications and Multimedia Act 1998 (CMA98)
and
4. the Personal Data Protection Act 2010 (PDPA10)
Slide 7 of
[Count you
total slide and
change the
number here] Topics
 Generally, defamation occurs when a false statement or

publication injures the reputation of another.
 In Malaysia defamation can be:
1. (i) a civil wrong under the Defamation Act 1957;
OR
2. (ii) a criminal wrong under Section 499 of the
Penal Code.
Slide 8 of
[Count you
total slide and
change the
number here] Topics

1. Defamation is established if a plaintiff is

able to show:-
(a) that publication of the defamatory
statement was done; and
(b) the defamatory statement was made with
malicious intent; and/or
(c) the words in the defamatory statement in
their natural and ordinary meaning reflect
the defamatory intention; AND
(d) Further, the plaintiff must show that the
statement is not a fair comment or
justifiable.
Slide 9 of
[Count you
total slide and
change the
number here] Topics

2. If the offender is liable he has to

pay damages to compensate
the Plaintiff.
3. Slander if by words spoken;
Libel if in a permanent form like
writing
Slide 10 of
[Count you
total slide and
change the
number here] Topics

5.3.2 Criminal Defamation under Section 499 of the Penal Code
1. Defamation is established once it is

shown that:
(i) the words either spoken or intended to
be read or by signs, or by visible
representations, make or publish any
imputation concerning any person,
intending to harm; or
(ii) knowing or having reason to believe that
such imputation will harm the reputation
of such person.
Slide 11 of
[Count you
total slide and
change the
number here] Topics

5.3.2 Criminal Defamation under Section 499 of the Penal Code
2. The penalty for offenders found liable

for criminal defamation is a fine,
imprisonment of up to two years, or
both.
3. Slander if by words spoken; Libel if in a
permanent form like writing.
Slide 12 of
[Count you
total slide and
change the
number here] Topics

5.3.3 Defamation and the Internet – name-calling in Cyberspace
 Internet connectivity is global

characterised by speedy transmission
of huge amounts of data
simultaneously to multiple destinations.
 it is extremely easy for an internet user
to make a defamatory comment via a
computer, which can then be read by
thousands if not millions of people
similarly equipped in multiple other
countries.
Slide 13 of
[Count you
total slide and
change the
number here] Topics

5.3.3 Defamation and the Internet – name-calling in Cyberspace
 There are at least four distinct sites

where defamation may occur on the
Internet:-
a. One to one email messages;
b. Mailing lists
c. Newsgroups, the USENET and
discussion fora e.g. Malaysiakini,
blogs; social networking sites.
d. The World Wide Web i.e. www
Slide 14 of
[Count you
total slide and
change the
number here] Topics

5.3.4 Defamation in Cyberspace In the Malaysian Context
1. The Federal Court recently affirmed one of the highest

defamation awards in Malaysian history, ordering a
freelance journalist and two others to pay tycoon Tan
Sri Vincent Tan RM7 million (about US$1.8 million) in
damages.
2. A Malaysian Transport Minister sued a lawyer for
RM200 million (about US$53 million) for defamation.
The lawyer had allegedly circulated to the press his
client’s letter of demand for RM52 million (about
US$13.7 million) to the Minister and two others. One of
the Minister’s allegations was that the lawyer posted
the notice containing defamatory words on Malay-
siakini.com, an Internet newspaper.
Slide 15 of
[Count you
total slide and
change the
number here] Topics
 The Communications and Multimedia Act 1998 (CMA98)

sets out the Malaysian Government's objectives in
fostering a self-regulatory framework for the
communications and multimedia industry.
 The objective of the Code is to encourage development
of the communications and multimedia industry, while
protecting the end user.
 The Malaysian Communications and Multimedia
Commission (MCMC) will identify internet crimes from
time to time.
Slide 16 of
[Count you
total slide and
change the
number here] Topics
 The Communications and Multimedia Act 1998 covers

offences such as:
(i) abuse of religion,
(ii) pornography,
(iii) phishing and
(iv) sedition.
Slide 17 of
[Count you
total slide and
change the
number here] Topics

5.4.1 CMA98 Guidelines on Online Publication
The guidelines can be found on the the Communications

and Multimedia Content Forum of Malaysia’s (CMCF)
website at http://cmcf.my.
Slide 18 of
[Count you
total slide and
change the
number here] Topics

5.4.2 Examples of Complaints under the CMA98
 Recently Information, Communication and Culture

Minister Datuk Seri Dr Rais Yatim said Prime Minister
Datuk Seri Najib Razak has advised the Commission to
take stern action against those who uploaded articles
insulting Islam on their websites and social networking
pages.
 e.g. A nongovernmental organisation Gerakan Pemuda
Prihatin Putrajaya (Gempur) had lodged a police report
on a Facebook account, which it claimed carried
insulting comments on Islam and Allah.
Slide 19 of
[Count you
total slide and
change the
number here] Topics

5.4.2 Examples of Complaints under the CMA98
 e.g. the Namewee issue

 Rapper Wee Meng Chee, or better known as Namewee,
is being investigated under the Sedition Act 1948 for
posting a video clip on YouTube, believed to have been
produced to criticise a school principal in Kulaijaya, Johor,
who had allegedly used racist remarks against non-Malay
students during a school assembly on Aug 12.
Slide 20 of
[Count you
total slide and
change the
number here] Topics

5.5.1 Purpose of the CCA97
1. The Act aims to provide for criminal offenses relating to

the misuse of computers. E.g. hackers
2. The term “computer” is defined broadly to include data
storage facility or communications facility and also to
include computer network.
3. It also makes provisions to facilitate investigations for
the enforcement of the Act. Enforcement is in the hands
of the police.
4. The Act criminalizes some acts and provides for
punishment such as fine and/or imprisonment
Slide 21 of
[Count you
total slide and
change the
number here] Topics

 Section 3 – Unauthorized access to computer material

 Section 4 –Unauthorized access with intent to commit or
facilitate commission of further offence
 Section 5 – Unauthorized modification (temporary or
permanent) of the contents of any computer
 Section 6 – Wrongful communication
 Section 7 – Abetments and attempts punishable as
offences
Slide 22 of
[Count you
total slide and
change the
number here] Topics

 Section 8 – A person is deemed to have obtained

unauthorized access to any program, data or information
(unless proved otherwise) if he is found to have custody
or control of such program, data, or other information in
any computer or storage media which he is not
authorized to have.
Slide 23 of
[Count you
total slide and
change the
number here] Topics

1. On 19 November 2009, the Personal Data Protection

Bill 2010 was tabled in Parliament, and on 5 April 2010,
the Lower House passed the Bill.
2. PDPA10 protects the personal data of internet
users in e-commerce transactions over the
internet by regulating the way in which such
personal data is used by others.
3. Disclosure of Data subject’s sensitive personal
data requires the data subject’s express
consent.
Slide 24 of
[Count you
total slide and
change the
number here] Topics

4. The Commissioner is not empowered to order

compensation for damage.
5. There is no express right to pursue a civil claim
for non-compliance.
Slide 25 of
[Count you
total slide and
change the
number here] Topics

5.6.2 Legal Significance of the PDPA10
1. A data subject may withdraw his consent to the

processing of the personal data by giving the data user
a notice in writing.
2. Disclosure of Data subject’s sensitive personal data
requires the data subject’s express consent.
3. Data subjects will have, for the first time, clearly defined
rights to access, to correct and to generally control how
third parties use and manage their personal data.
4. Data subjects can also decide how much personal
information they are willing to disclose on the web and
how it might be used.
Slide 26 of
[Count you
total slide and
change the
number here] Topics
5.6 Malaysian Personal Data Protection Act 2010 (PDPA10)

5.6.3 Meaning of Personal Data under the PDPA10
 To qualify as "personal data," the data must :-

i. relate, either directly or indirectly, to a data subject who
can be identified from the data; and
ii. Such data must also be capable of being recorded and
be capable of automatic or manual processing.
Slide 27 of
[Count you
total slide and
change the
number here] Topics

5.6.4 Meaning of Sensitive Personal Data under the PDPA10
‘Sensitive Personal Data’ refers to data regarding the

data subject’s medical history, religious beliefs, political
opinions and the commission or alleged commission of
any offence.
Slide 28 of
[Count you
total slide and
change the
number here] Topics

1. General Principle: The processing of personal data

requires consent;
2. Notice and Choice Principle: Data users are required
to notify the data subjects regarding the purpose for
which the data is collected and about the right to
request access and correction of the personal data;
3. Disclosure Principle: No personal data shall be
disclosed without the consent of the data subject;
Slide 29 of
[Count you
total slide and
change the
number here] Topics

4. Security Principle: A data user shall take practical

steps to protect the personal data from any loss,
misuse, modification, unauthorised or accidental access
or disclosure, alteration or destruction.
5. Retention Principle: The personal data processed for
any purpose shall not be kept longer than is necessary
for the fulfillment of the purpose to which it was
obtained for.
Slide 30 of
[Count you
total slide and
change the
number here] Topics

6. Data Integrity Principle: A data user shall take

reasonable steps to ensure the accuracy and to
maintain the data current for the purpose it was
collected for.
7. Access Principle: A data subject shall be given access
to his personal data and shall be able to correct the
personal data where the data is inaccurate or
incomplete.
Slide 31 of
[Count you
total slide and
change the
number here] Topics

5.6.6 Situations where Data Subject is Refused Access to His Personal Data
1. information which is subject to existing confidentiality

obligations and those which are governed by another
law such as the Banking and Financial Act 1989 and
also the upcoming Whistleblower Act 2010;
2. Where the burden or expense of providing access is
disproportionate to the risks to the data subject's
privacy, and
3. Where providing access would disclose confidential
commercial information.
Slide 32 of
[Count you
total slide and
change the
number here] Topics

5.6.7 Rationale of Having a Personal Data Protection Act 2010
1. Unique to e-business, the safety, security and privacy

of personal data belonging to individuals and
businesses are enforced and protected more
considerably.
2. If personal data falls into irresponsible hands, the
misuse of personal data will create losses ranging from
financial to legal liabilities, to commercial and public
embarrassment.
Slide 33 of
[Count you
total slide and
change the
number here] Topics

3. Example people losing their money due to credit card

abuses, or companies losing their reputation due to
infringement of customer privacy, businesses ruined by
data fraud, government agencies concerned by
personal data leakages, and national e-government
readiness undermined by data privacy concerns.
4. PDPA 2010 is also necessary for global trade since
incidents involving misuse of personal data threatens
the integrity of Malaysia as an emerging knowledge
economy.
Slide 34 of
[Count you
total slide and
change the
number here] Topics

5. For example Article 25 in the European Union's Data

Protection Directive 1995 outlines that "the transfer to a
third-party country, of personal data which are
undergoing processing or are intended for processing
after transfer, may take place only if… the third-party
country in question ensures an adequate level of
protection".
Slide 35 of
[Count you
total slide and
change the
number here] Topics
he primary intent of the Digital Signature Act 1997 is to regulate the use of digital signatures and to provide for matters connected therewi
 The primary intent of the Digital Signature Act 1997 is to

regulate the use of digital signatures and to provide for
matters connected therewith.
Slide 36 of
[Count you
total slide and
change the
number here] Topics

5.7.1 Definition of a Digital Signature
1. To ensure privacy, a digital signature is a 'message

digest' encrypted using the sender's private key.
2. To ensure integrity of data, the recipient can recreate
the message digest from the message they receive
using the sender's public key. He can then compare the
two results to satisfy himself that the contents of the
message received is the same as that which was sent
(data integrity)
3. A certification authority's (CAs) duty is to certify that a
public key is that of a particular person to avoid the risk
of another using digital signatures to commit fraud.
Slide 37 of
[Count you
total slide and
change the
number here] Topics

5.7.2 Security of a Digital Signature
1. The duties of the licensed certificate authorities (CAs)

and the duties of the subscriber upon acceptance of an
issued certificate in storing and backing-up private keys.
2. Key-generation is undertaken entirely under the control
of the individual concerned, and that the private key
never leaves the possession of that person without
strong security precautions being taken.
3. The subscriber is responsible for the control of his
private key.
Slide 38 of
[Count you
total slide and
change the
number here] Topics

5.7.3 Legal Effect of a Digital Signature
1. “A digitally signed message is deemed to be a written

document” (see section 64(1)(2) DSA).
2. “A digitally signed message is deemed to be original
document” (section 65 DSA).
Slide 39 of
[Count you
total slide and
change the
number here] Topics

Chapter 5: Legal Issues Unique To E-Business

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chapter 5: Legal Issues Unique To E-Business

Uploaded by

Copyright:

Available Formats

BAEB 301 : BASIC LAW FOR E-BUSINESS

CHAPTER 5: LEGAL ISSUES UNIQUE TO

5.1 Malaysian Government Initiative on E-Business

5.2 Outline of Specic Legal Issues Unique to E-Business

5.3 Law of Defamation in Malaysia

5.3.1 Civil Defamation under the Defamation Act 1957

5.4 Communications and Multimedia Act 1998 (CMA98)

5.4.1 CMA98 Guidelines on Online Publication

5.5 Computer Crimes Act 1997 (CCA97)

5.5.1 Purpose of CCA97

5.6 Personal Data Protection Act 2010 (PDPA10)

5.6.1 Overview of the PDPA10

5.7 Digital Signature Act 1997 (DSA97)

5.7.1 Definition of a Digital Signature

At the end of this chapter, students should be able to:

5.1 Malaysian Government Initiative on E-Business

 The Multimedia Super Corridor (MSC) is part of the

5.2 Outline of Specific Legal Issues Unique to E-Business

 The law of defamation and how it applies to persons

5.3 Law of Defamation in Malaysia

 Generally, defamation occurs when a false statement or

5.3 Law of Defamation in Malaysia

1. Defamation is established if a plaintiff is

5.3 Law of Defamation in Malaysia

2. If the offender is liable he has to

5.3 Law of Defamation in Malaysia

1. Defamation is established once it is

5.3 Law of Defamation in Malaysia

2. The penalty for offenders found liable

5.3 Law of Defamation in Malaysia

 Internet connectivity is global

5.3 Law of Defamation in Malaysia

 There are at least four distinct sites

5.3 Law of Defamation in Malaysia

1. The Federal Court recently affirmed one of the highest

5.4 Communications and Multimedia Act 1998 (CMA98)

 The Communications and Multimedia Act 1998 (CMA98)

5.4 Communications and Multimedia Act 1998 (CMA98)

 The Communications and Multimedia Act 1998 covers

5.4 Communications and Multimedia Act 1998 (CMA98)

The guidelines can be found on the the Communications

5.4 Communications and Multimedia Act 1998 (CMA98)

 Recently Information, Communication and Culture

5.4 Communications and Multimedia Act 1998 (CMA98)

 e.g. the Namewee issue

5.5 Computer Crimes Act 1997 (CCA97)

1. The Act aims to provide for criminal offenses relating to

5.5 Computer Crimes Act 1997 (CCA97)

 Section 3 – Unauthorized access to computer material

5.5 Computer Crimes Act 1997 (CCA97)

 Section 8 – A person is deemed to have obtained

5.6 Personal Data Protection Act 2010 (PDPA10)

1. On 19 November 2009, the Personal Data Protection

5.6 Personal Data Protection Act 2010 (PDPA10)

4. The Commissioner is not empowered to order

5.6 Personal Data Protection Act 2010 (PDPA10)

1. A data subject may withdraw his consent to the

5.6 Malaysian Personal Data Protection Act 2010 (PDPA10)

 To qualify as "personal data," the data must :-

5.6 Malaysian Personal Data Protection Act 2010 (PDPA10)

‘Sensitive Personal Data’ refers to data regarding the

5.6 Malaysian Personal Data Protection Act 2010 (PDPA10)