Articles

With about 2 blogs created each second every day, blogging is growing at a speed faster than any other web activities on the Internet. Bloggers are not immune from legal consequences, be it civil or criminal liabilities. The relevant IP right in a blogging environment concerns mainly issues of copyright and sometimes, trademarks. In this article, we will focus on the rights and liabilities under copyright laws in Malaysia. One of the greatest challenges posed by the Internet is the ease with which copyrighted materials may be freely and quickly disseminated, reproduced and modified. Copyright in Blog Contents Works placed on a blog are equally protected by copyright, a blog being merely a medium of a sufficiently permanent nature in which thoughts and even images are expressed. The texts posted in a blog are protected as literary works; the images (pictures or videos) are protected as artistic works or films, and sounds and music are protected as sound recordings and musical works. Some blogs are purely full of text, but some blogs consist of multiple multimedia works which involve a combination of several separate and distinct types of works in an integrated form. In this case, different forms of copyright may subsist in one blog simultaneously, and the design and the layout of a blog as a whole may also be entitled to a separate copyright. The law gives the original authors the right to exclude others from copying their works or claiming them as their own. Copyright in URL? One may wonder whether copyright would subsist in Uniform Resource Locators (“URL”), the electronic addresses of websites on the Internet. In Exxon Corp v Exxon Insurance Consultants, it was held that the invented word “Exxon” was not entitled to copyright because the word “Exxon” did not instruct nor convey any information, instruction or pleasure in the form of literary enjoyment. URLs being a string of alphanumeric notation, would unlikely enjoy copyright protection as such. Posting of copyrighted materials Contents found on the search engines such as Google and Yahoo! may be in the public domain but it does not mean that they are free to be copied or downloaded. Most of the time, they are proprietary and copyrighted materials. Posting of pictures, videos or songs on a blog without the permission of the copyright owner is an act of infringement because it reproduces a work in digitized form and it infringes the copyright owner’s exclusive right to control the communication of such works to the public. There is also the issue of moral rights of the authors. Our copyright law confers moral rights to authors. These rights include the right to be identified as the author of the work and the right to object to derogatory treatment of his work such as distortion, mutilation or other types of modification of the work which significantly alters the work and might adversely affect the author’s honour and reputation. Defences on Copyright One particular important defence to works placed on the Internet is that of fair dealing. If the act is for purposes of non-profit research, private study, criticism, review or the reporting of current events, it does not tantamount to copyright infringement. However, it must be accompanied by sufficient acknowledgement and attribution of the title of the work and its authorship. There are no fast and hard rules in determining whether a certain use of a work amounts to “fair use”. However, the following factors are to be taken into consideration: the purpose and character of the use, such as whether such use is of commercial nature or for non-profit purposes; the nature of the copyrighted work; the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and the effect of the use upon the potential market for or value of the copyrighted works. For example, if only small portions of the original work or short quotations were copied or cited which are de minimis (bearing in mind that substantial reproduction is judged qualitatively rather than quantitatively in the assessment of infringement), or commenting or criticizing an item someone else has posted, these will likely be fair dealing. Blogs will usually fall under non-profit use or for purposes of criticism and review. However, in recent times, some bloggers have started to make profit out of their blogs by earning advertising revenue, engaging in blogs as a marketing strategy for their companies, and some are being paid for doing product review or endorsement. For these types of blogs, it might be argued that use of copyrighted materials can hardly be for non-profit use or would have otherwise exceeded the acceptable standards of “fair dealing” (however nebulous and subjective these standards may be). The law further requires an acknowledgement of the title of the work and authorship if the work is used in public, which would be applicable in a blog environment. Inline linking and Thumbnails – Fair Use? Copyright Infringement? The issue as to whether inline linking is copyright infringement has been decided in the United States. The first of such decision could be found in the case of Kelly v Arriba Soft Corp. The defendant is an image search engine company. It operates an Internet search engine that displays its result in the form of small pictures called thumbnails rather than the more usual form of text. To provide this service, the defendant developed a computer program that “crawls” the web looking for images to index. The crawler then downloads full-sized copies of the images onto the defendant’s server. The program then uses these copies to generate smaller, lower-resolution thumbnails of the images. Once the thumbnails are created, the program deletes the full-sized original images from its server. By clicking on one of these thumbnails, the user can then view a large version of that same image within the plaintiff’s website. This is called “inline linking”. As a result, although the images of the plaintiff came directly from the plaintiff’s website and were not

The Personal Data Protection Act 2010 (“the PDP Act”), a much-awaited piece of legislation finally made its way through the Malaysian Parliament after a delay of more than a decade. The first draft of the Personal Data Protection Bill (“PDP Bill”) was released in 1998 for public consultation but was not tabled in Parliament until November 2009. The earlier drafts of the PDP Bill have since been redrafted to reflect public feedback as well as the Government’s approach towards personal data protection. The redrafted PDP Bill was tabled for first reading in November 2009 and passed by the Parliament in May 2010. It received Royal Assent and was gazetted in June 2010. The PDP Act will come into force on a date to be notified by the Minister. The PDP Act has generally been well received by the public and the Malaysian Government is to be commended for its commitment to granting more protection to the people in respect of their personal data. Prior to this, Malaysia had adopted a sectoral approach in protecting personal data but this approach proved to be inadequate. Other than this, personal data was only protected in the form of confidential information through contractual obligations or common law. It is therefore timely for a legislation of general application to be introduced to regulate the processing of personal data. Having said that, the PDP Act is by no means a perfect piece of legislation. This article will examine some of the shortcomings of the PDP Act. NARROW APPLICATION OF THE PDP ACT Federal and State Governments The draft of the PDP Bill explicitly stated that “This Act shall bind the Government”. However, in a complete turnaround, Section 3(1) of the PDP Act now reads “This Act shall not apply to the Federal and State Governments”. The Government did not explain the reason behind this drastic change. Substantial amounts of personal data are processed by the government departments and agencies for various reasons and purposes. For example, the National Registration Department holds the personal data of nearly every citizen in Malaysia and our income tax returns which contain detailed records of our financial affairs and sources of income are well within the knowledge of the Inland Revenue Board. All this information is valuable personal data which ought to be protected in the interest of every individual. The Government, being one of the biggest data users in the country, ought to be bound by the PDP Act to prevent any form of abuse of personal data of its citizens. One of the objectives behind the PDP Act is to safeguard personal data by requiring the data user to comply with certain obligations and conferring certain rights to the data subject in respect to his personal data. There is currently no legislation in Malaysia to regulate how personal data is processed and stored by governmental bodies. To exclude the Government from the PDP Act is contrary to the objectives of the PDP Act and would severely curtail its full effect. It also means that there is nothing to prevent the Government from processing personal data of its citizen in whatever manner it deems fit. Of even greater concern is that there are no sanctions to prevent civil servants from abusing such personal data other than the risk of disciplinary action. The exclusion of the Federal and State Governments from the application of the PDP Act is inconsistent with jurisdictions such as Australia, Hong Kong and member countries of the European Union (“EU”) where governments are bound by their respective data protection legislation. Non-commercial transactions Section 2(1) provides that the PDP Act applies to the processing of any personal data in respect of commercial transactions. In other words, the PDP Act does not apply to personal data processed in non-commercial transactions. Although the term “commercial transactions” is widely defined to include “any transaction of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services”, the full effect of this term remains uncertain. The limitation of the application of the PDP Act to “commercial transactions” makes the Malaysian legislation unique. This limitation was not found in the earlier draft of the PDP Bill. The personal data protection laws of most other jurisdictions do not have similar restrictions. However, it is interesting to note that the Personal Information Protection and Electronic Documents Act of Canada applies to every organization that collects, uses or discloses personal information in the course of commercial activities. Cases suggest that “commercial activities” must involve some profit making element or attract certain monetary value. Personal data is not only processed in commercial transactions. They are also processed for educational, professional, taxation, social security and welfare purposes. An individual may submit his personal data in a contest or survey without consideration being given by any party. He may also submit his personal data as part of the subscription to various free online services such as online newspapers and magazines. Personal data may also be submitted to social networking websites such as Facebook or MySpace. Processing of personal data in these situations may not necessarily involve any “profit-making” element and is hardly to be considered as “use in respect of commercial transactions”. It will be interesting to see how the courts will interpret “commercial transactions” in the context of the PDP Act. The combined effect of these two limitations is that the PDP Act only applies to the private sector and within the private sector, it is narrowed down to organizations which process personal data in commercial transactions. It is undesirable to have such a narrow application of the PDP Act. No provisions for civil remedies As mentioned earlier, the PDP Act imposes various obligations on data users and confers certain rights on data subjects. Data users who fail to comply with the provisions of the PDP Act may be subject to fines or imprisonment or both. There are, however, no provisions in the PDP Act that allow

The Royal Malaysian Police Force is in talks with the Attorney-General’s Chambers to monitor the movements and whereabouts of certain accused persons released on bail by tagging them with an electronic monitoring device (“EMD”), which is a new technological security measure introduced by the Security Offences (Special Measures) Act 2012 (”SOSMA”) and the Criminal Procedure Code (“CPC”). The police are expected to start using the EMD in October 2013. Both the SOSMA and the CPC also introduce new provisions that allow interception of communications by the authorities. The SOSMA was enacted to replace the archaic and draconian Internal Security Act 1950. It provides for special measures relating to security offences for the purpose of maintaining public order and internal security. The CPC, on the other hand, sets out rules relating to criminal procedure in Malaysia for matters such as the mode of arrest; a search of body, property or premises; police investigation of a case; prosecution of an accused person; procedure for trial, etc. The police claim that this is part of their on-going efforts in utilising all the existing laws and technology available to combat serious and organised crimes, in light of the spate of high-profile shootings and the surge in crime rates in the country. This article focuses on the two new technological security measures introduced by the SOSMA and the CPC, namely, the use of EMD and the interception of communication by the authorities. The use of EMD Under the law, a court may, after taking into account the nature of the offence and the circumstances of the case as being sufficient to secure an accused person’s attendance at court, order for an EMD to be attached to the accused person while he is released on bail. Before an accused person is to be attached with an EMD, he will be given an opportunity to be heard as to why he should not be attached with an EMD. Failing to comply with the electronic monitoring requirement will result in the bail being revoked by the court. Any person who tampers or destroys the EMD shall be liable to a fine not more than RM5,000 or to imprisonment, not more than 3 years, or both, as well as to pay for any damage to the EMD arising from his action. The EMD can be either a device which is attached to a person (usually attached to the person’s wrist or ankle); a portable tracking device or a site monitoring device. These devices with built-in Global Positioning System (GPS) are linked to a receiving centre by means of a fixed line, radio frequency, satellite or other technology. They are capable of transmitting to the receiving centre information relating to the particular place at which the device is located at a particular time and the functioning of the device and capable of detecting any tampering with the device and transmitting to the receiving centre information relating to such tampering. Using EMD to track the movements and whereabouts of accused persons has proven to be quite effective in many jurisdictions around the world. It is said that the EMD will act as a restraint on recidivists (convicted criminals who return to crime after they are released from prison) as gangs are unlikely to rely upon or re-engage with those who are being monitoring. EMD can be used to ensure that the accused person remains in a designated place or does not enter prescribed areas or approaches certain people such as the complainants or the witnesses. The police will be immediately alerted if the accused person ignores or goes against the court’s order. It will also be easier for the police to track down the location of the accused person if he jumps bail. Interception of Communication of the EMD by the Authorities Under the law, the Public Prosecutor, if he considers that it is likely to contain any information relating to the commission of an offence, may authorize any police officer – (a) to intercept, detain and open any postal article in the course of transmission by post; (b) to intercept any message transmitted or received by any communication; or (c) to intercept or listen to any conversation with any communication. The Public Prosecutor also has the power to require a communication service provider to intercept and retain communication and authorise a police officer to enter any premises to install any interception devices. Any information obtained from such interception shall be admissible in evidence at trial. Interestingly, the SOSMA even gives power to a police officer not below the rank of Superintendent of police to perform the interception without the authorization of the Public Prosecutor in urgent and sudden cases where immediate action is required leaving no moment of deliberation. What this means is that the authorities can “eavesdrop” or “wiretap” any telephone lines, emails, letters or even web surfing habits without a warrant, as long as the Public Prosecutor considers that it is likely to contain any information relating to the commission of an offence. Provisions relating to the interception of communication by the authorities are not something very new in Malaysia. Similar provisions are already found in other legislation such as the Communications and Multimedia Act 1998, Malaysian Anti-Corruption Commission Act 2009, the Strategic Trade Act 2010, Copyright Act 1987, etc. However, do note that the laws cited above are restricted to communication data only. If the data does not form part of the communication, as far as the law is concerned, the authorities have no power to intercept/access or conduct surveillance on those data unless they have obtained a warrant to access such data. Many have criticised that the Public Prosecutor should not be given such a broad power to intercept communication. While it is true that in certain circumstances, interception of communication may be effective in preventing planned crimes and collecting evidence, it should be dealt within the parameter of natural justice coupled with adequate checks and balances by an independent body. For example, in the

Personal data such as customer database has become so valuable that is now being traded as a form of commodity. The European Consumer Commissioner described personal data as the new oil of the Internet and the new currency of the digital world. The Economist said that personal data is becoming a new type of raw material that is on par with capital and labour. It was reported that a list of 1,000 entries containing names, phone numbers, types of credit cards owned and even place of works can be bought for a mere RM100, while a list containing the personal data of Datuks and Tan Sris can be bought for RM4 for each individual. How many of you are tired of receiving spam emails and unsolicited cold-calls from banks, property agents, insurance agents who try to sell you more insurance products, properties, or offer you more credit cards/personal loans? This has escalated to a stage where even politicians were sending out SMSes and emails begging for votes during the recent 13th General Election. Have you always been wondering how or where these people get hold of your personal data? Would you wish to have a say on how your personal data should be handled? The solution is finally here. Very soon, we will have legal protection to cover those unwanted activities. The Personal Data Protection Department of Malaysia (“PDPD”) has intimated that the Personal Data Protection Act 2010 (“PDPA”), which was passed in June 2010, will come into force in the next 1-2 months. The advancement of technology, the growing problems of misuse of personal data and the lack of comprehensive data protection law were amongst the reasons that pushed the Malaysian Government to finally enact and pass the PDPA. The objective of the PDPA is to regulate the processing of personal data in commercial transactions and to safeguard the rights and interests of individuals. What this means is that anyone who processes personal data in commercial transactions, be it online or offline, must comply with the PDPA once it comes into force. The consequences for breaching the PDPA are severe. Aside from the negative publicity, penalties for non-compliance with the PDPA include fines for companies and/or fines and imprisonment for directors and officers of the company. Application of the PDPA The PDPA applies to anyone who processes personal data (“data user”) of an individual (“data subject”) in commercial transactions. Essentially, data user must comply with the seven (7) personal data protection principles, which form the fundamental backbone of the PDPA, as well as other relevant provisions of the PDPA. Non-compliance with any of the principles is an offence. An overview of the principles is set out as follows: General principle – a data user must only process personal data with the consent of a data subject, for a lawful purpose and the personal data collected must not be excessive or beyond that is required for the purpose it was collected; Notice and choice principle – a data user must inform the data subject that his personal data is being processed and provide a description of the personal data, the purpose of collection and choice for him to decide whether he wants to provide his data; Disclosure principle – a data user must only disclose personal data for purposes or to another third party to which the data subject has consented to; Security principle – a data user must take practical steps to protect personal data from loss, misuse, modification, unauthorized or accidental access or disclosure; Retention principle – a data user must not retain personal data longer than it is necessary to fulfil the purpose for which it was collected; Data integrity principle – a data user must take reasonable steps to ensure that all personal data is accurate, complete, not misleading and kept-up-to-date; and Access principle – a data user must allow data subject to have access to his own personal data and to correct it if it is inaccurate, incomplete, misleading or outdated. The PDPA also confers a number of rights to a data subject, as set out below: a data subject is entitled to be informed by a data user whether his personal data is being processed by or on behalf of the data user; a data subject is entitled to correct his personal data it if it is inaccurate, incomplete, misleading or outdated; a data subject is entitled to withdraw his consent to the processing of personal data; a data subject is entitled to request the data user to cease or not begin the processing of his personal data based on the reasons that the processing of that personal data is causing or likely to cause substantial damage or substantial distress to him or to another; and the damage or distress is or would be unwarranted; and a data subject is entitled to request the data user to cease or not begin processing his personal data for purposes of direct marketing. Compliance with the PDPA As the PDPA will come into force very soon, data users must understand the PDPA and its legal and commercial implications on their businesses. They should begin reviewing their policies, processes, contractual rights and obligations as well as standard forms and notices which relate to processing of personal data in order to ensure that they are in compliance with the PDPA. It is no longer “business as usual”. If companies do not have any data protection policies yet, they must put in place sound policies that are consistent with the provisions of the PDPA, and make sure that the policies are actually implemented accordingly. There is no “one-size-fits-all” type of policies, and each policy will need to be drafted according to the specific business nature and operations. Conclusion The PDPA has commercially far-reaching implications and severe penalties in the event of non-compliance. However, one should note that the intent of the PDPA is not to inhibit business or to stifle the legitimate use of personal data, but rather it

The Personal Data Protection Act 2010 (“PDPA”) finally came into force on 15 November 2013 and marks the introduction of a data privacy regime in Malaysia. The objective of the PDPA is to regulate the processing of personal data and to safeguard the data privacy rights of  individuals. It applies to anyone who processes personal data (“data user”) of an individual (“data subject”) in commercial transactions. Data users have until 14 February 2014 to comply with the PDPA. Essentially, a data user must comply with the 7 personal data protection principles, which form the backbone of the PDPA. The 7 principles are; General – consent is required before personal data can be processed Notice & Choice – individuals must be notified of the purpose their data is processed Disclosure – personal data cannot be disclosed without consent Security – data users must take practical steps to protect the security of personal data Retention – personal data can only be retained for as long as it is required Data Integrity – personal data that is collected must be accurate, complete and updated Access – all individuals have the right to view and correct their personal data Aside from the negative publicity, penalties for violation of data privacy or non-compliance or  with the PDPA include fines of up to RM500,000 for companies and/or fines and imprisonment of up to 3 years for officers of the offending company. The Regulations Several new regulations have also been issued. These are: Personal Data Protection Regulations 2013; Personal Data Protection (Class of Data Users) Order 2013; Personal Data Protection (Registration of Data User) Regulations 2013; and Personal Data Protection (Fees) Regulations 2013. Personal Data Protection Regulations 2013 These regulations provide some clarification on the 7 principles, which can be summarised as follows: General Principle – consent obtained by data users from data subjects must be capable of being recorded and maintained properly. It appears that implied consent is not acceptable. Notice & Choice Principle – data users must give data subjects information on how to contact them for inquiries or complaints, such as the designation of the contact person, phone and fax numbers, email address and any other related information (if any). The notice must also be given in Malay. Security Principle – data users must develop and implement a security policy that will comply with the security standards prescribed by the Personal Data Protection Commissioner (“Commissioner”). Data users must also ensure that these security standards are complied with by data processors who process personal data on their behalf. Retention Principle – data users must ensure that personal data of their data subjects are retained in accordance with the standards prescribed by the Commissioner. Data Integrity Principle – data users must ensure that the processing of personal data is in accordance with the data integrity standards prescribed by the Commissioner. Personal Data Protection (Class of Data Users) Order 2013 This order provides that the following classes of data users must register with the Commissioner in the next 3 months: Communications Banking and financial institutions InsuranceHealth (e.g. private hospitals, clinics, dental clinics and pharmacies) Tourism and hospitalities (e.g. tour operators, travel agents tourist guides, tourist accommodation premises) Transportation (all Malaysian airlines) Education (e.g. private higher education institutions, private schools) Direct selling Services (e.g. lawyers, auditors, accountants, engineers, architects, retail and wholesale dealings and employment agencies) Real Estate (e.g. housing developers) Utilities The other two regulations deal with the fees payable under the PDPA and the registration process for data users. Registration fees range from RM100 to RM400, depending on the category of the data user. Appointment of the Commissioner The Minister of Communications and Multimedia has also announced the appointment of Tuan Haji Abu Hassan bin Ismail as the Commissioner. It is also expected that the Personal Data Protection Department (“PDPD”) will be converted into an independent Personal Data Protection Commission, which is consistent with the provisions of the PDPA and in line with international practice. Implementation Phases The writer understands that the PDPA will be implemented in 3 phases: Phase 1 will focus on the registration of data users and creating awareness; Phase 2 will see enforcement teams carrying out inspections for compliance; and Phase 3 will see the Commissioner undertake audits and commence a prosecution for non-compliance. Concluding Words Whilst individuals will rejoice in knowing there is a law that now protects their personal data, there remain numerous points which require clarification as the PDPA has not issued comprehensive guidelines on how the PDPA will be enforced. Nevertheless, given the severe penalties under the PDPA, and potential reputational damage for non-compliance or violation of data privacy, it is unlikely companies will not comply. If not already in place, businesses should immediately review their processes, contracts and standard forms, and implement sound internal policies on personal data processing to ensure compliance with the PDPA. ***** About the author: This article was written by Edwin Lee Yong Cieh, Partner of LPP Law – law firm in Kuala Lumpur, Malaysia (+6016 928 6130, [email protected]). Feel free to contact him if you have any queries. This article was first published in CHIP Magazine Malaysia. The view expressed in this article is intended to provide a general guide to the subject matter and does not constitute professional legal advice. You are advised to seek proper legal advice for your specific situation.

Starting from 1 July 2013, all online businesses have to comply with the new requirements set out in the Consumer Protection (Electronic Trade Transactions) Regulations 2012 (“Regulations”) made by the Ministry of Domestic Trade, Co-operatives and Consumerism (“MDTCC”) under Section 150 of the Consumer Protection Act 1999 (“CPA”). The Regulations apply to individual person and business that supplies goods or services via a website (for e.g. blog shop, online store) or an online marketplace (for e.g. Groupon, Lelong, eBay, Mudah, Zalora, Lazada)(“Online Business Supplier”), as well as operator of online marketplace (“Online Marketplace Operator”). An ‘online marketplace’ is defined as a website where goods or services are marketed by third parties for the purpose of trade. This definition is so wide that arguably it covers websites that charge the Online Business Supplier a fee or commission as well as those that provide such platform for free. Online Business Supplier The main objective of the Regulations is to promote transparency through full and frank disclosure. An Online Business Supplier needs to disclose the following information on the website or online marketplace where the business is conducted: the business name (either the name of the owner, business or company); the registration number of the business or company, if applicable; the email address and telephone number, or address of the Online Business Supplier; a description of the main characteristics of the goods or services; the full price of the goods or services, including transportation costs, taxes and any other costs; the method of payment; the terms and conditions of the sale; and the estimated time of delivery of the goods or services to the buyer. It is an offence if the Online Business Supplier fails to disclose any of the above information, or if he/it provides false or misleading information. In addition, the Online Business Supplier also needs to provide appropriate means to enable the buyer to rectify any errors prior to the confirmation of the order made by the buyer; and he/it should acknowledge receipt of the order to the buyer without undue delay. Online Marketplace Operator As for the Online Marketplace Operator, he/it is required to take reasonable steps to keep and maintain a record of the names, telephone numbers and addresses of the Online Business Suppliers for a period of two years. Failure to keep and maintain such record is an offence. The intention of this is to make it easier for a buyer to track down the identity of the Online Business Suppliers in the event of loss or fraud. Privacy, Unfair Contract Terms, False or Misleading Advertisement In addition, if the Online Marketplace Operator collects and processes personal data of the online buyers and the Online Business Suppliers, he/it must also comply with the Personal Data Protection Act 2010 (which may come into force by the end of 2013). In this respect, the Online Marketplace Operators are encouraged to have in place privacy policy, privacy statement, notice and consent form on their websites and online marketplaces that are drafted in compliance with the requirements under the Personal Data Protection Act 2010. It should be noted that there is no “one size fits all” type of privacy policy, privacy statement, notice and consent form. Online Marketplace Operators must refrain from slavishly copying privacy policy, privacy statement, notice and consent form found in other websites and online marketplaces without having regard to their specific business nature and needs. Although the Regulations does not define what should be included in the “terms and conditions” of the sale, the terms and conditions must not contain unfair terms, otherwise, the terms and conditions may be declared as unenforceable or void under the CPA. Any Online Business Supplier or Online Marketplace Operator who put up false or misleading advertisement in relation to their goods or services will also be liable under the CPA. A Rising Trend in Online Businesses and Online Frauds Online businesses have been gaining popularity in recent years as they present an alternative choice for shopping for consumers in Malaysia. The proliferation of the Internet, the wider broadband penetration, the growing prevalence of smartphones as well as the convenience of online shopping are amongst the driving forces behind the growth of online businesses. According to the MDTCC’s statistics, 1.1 million people in Malaysia carried out online transactions with businesses worth more than RM1.8 billion in 2010 and the figure is expected to grow to RM5 billion by 2014. There are 600 online companies and 16,405 online businesses currently registered with the Companies Commission of Malaysia. Unfortunately, incidents of online fraud have also been on the rise. The number of online frauds reported in 2011 rose to 1,879 cases as compared to 511 cases in 2009. It has been reported that online fraud is one of the factors that deter people from actively engaging in online transactions. Offences and Penalties Any Online Business Supplier or Online Marketplace Operator who fails to comply with the Regulations will, upon conviction, be fined up to RM50,000 or jail up to 3 years or both, and for a second or subsequent offence the person will be liable to a fine of up to RM100,000 or to imprisonment up to 5 years or both, and for a second or subsequent offence the person will be liable to a fine of up to RM100,000 or to imprisonment up to 5 years or both. If the offence is committed by a company, it will, upon conviction, be liable to a fine of up to RM100,000, and for a second or subsequent offence a fine of up to RM200,000. In addition to the criminal penalties, an aggrieved consumer may also lodge a claim with the Tribunal for Consumer Complaints about civil remedies against unscrupulous online traders. Conclusion The enactment of the Regulations shows the growing concerns that the Government has towards strengthening consumer protection in online business transactions. In fact, in conjunction with the Regulations, the MDTCC has also launched an e-commerce guideline for consumers to avoid the pitfalls

On 26 April every year, the intellectual property community around the world celebrates the World Intellectual Property Day (“World IP Day”). World IP Day is celebrated every year to “promote discussion of the role of intellectual property (“IP”) in fostering and encouraging innovation and creativity, and to celebrate the contribution made by innovators and creators to the development of societies across the world”. The World Intellectual Property Organization (WIPO) has named the theme of this year’s World IP Day as “Creativity: The Next Generation”, as it wishes to highlight the role that the next generation of visionary innovators and creators will play in shaping and improving the world. “What is the next big thing to come?” has become the hottest technology phrase. It is a known fact that technology moves so fast that today’s technology could become outdated by the time we master it. Some people cannot wait to get their hands on the latest gadgets, some are curious to find out every new development in the market, many want to know how the world will look like in future, what the new innovations that lie beyond us are, and who would create a song that would become the next online sensation after “Gangnam Style”, which went viral and took the world by storm by hitting 1.5 billion views on YouTube. No one would have thought that a mobile phone can actually function as a computer, combining phone, camera, video camera, music player, GPS, word processing and Internet browsing functions into a little device now widely known as a smartphone. Who would have thought that an online social networking website, Facebook, that was developed and launched from a Harvard dormitory room, would become the most visited website attracting more than 1 billion users worldwide. Google recently introduced Google Wallet, which turns your phone into an electronic wallet, where you can make a payment just by tapping your phone against a Near Field Communication (NFC) point of sale terminal at checkout. By 2015, Google plans to launch Google Glass, an eyeglasses-like wearable computer that can interact with the Internet through voice commands. It is also expected that, by 2025, Google driverless cars will hit the road in many major countries. What used to be science fiction that we see in Hollywood movies will soon become reality. The successful take-off of all these inventions and creations can partly be attributed to the protection given to IP rights. IP rights play an important role in stimulating creativity and innovation, which in turn leads to economic, cultural and social advancement. IP protection also encourages the dissemination of knowledge and provides a guarantee of source and quality to consumers. Different types of IP are protected in different ways, for example, literature and arts such as books, music, films and software are protected as copyright; technological inventions are protected by patent rights; distinctive brands that distinguish one product or service from another are protected through trademark rights; while the unique design or external appearance of objects are protected via industrial design rights. The IP rights framework provides incentives and motivation to innovators and creators to invest time, resources and creative thinking into producing new inventions. Without IP protection, there would be no incentives for film makers to make excellent movies; for artists to produce vibrant music; for inventors to invent new innovative products; or for scientists to develop life-saving drugs that can improve and save millions of lives. Exclusive patent rights are granted to the inventors for a certain period of time in exchange for full disclosure of their inventions and technologies which in turn encourage others to continue to innovate and develop existing products. Studies have also shown that countries with strong IP frameworks and protection experience the greatest innovation, creativity and economic growth. South Korea is a good example. Samsung has now become a household name and a dominant player in the electronic industry. There are millions of fans of K-Pop culture around the world. According to the World Bank’s statistics, South Korea’s GDP per capita has grown from USD$2,000 in 1970 to USD$32,000 in 2012. Ideas matter. Thomas Edison invented and developed, amongst others, the phonograph, motion picture camera and a long lasting electric light bulb that greatly influenced life around the world. Vaccinations have saved the lives of hundreds of millions of people. Music now forms an integral part of our lives. Today, some 2 billion people are connected on the Internet for work, play, communication and entertainment. All these technologies, inventions and creations have had a profound impact on many peoples’ lives. They all stem from someone having a visionary or creative idea to shape and improve the world The future, therefore, lies in the hands of the next generation, and it is hoped that the next generation will make the best use of all these technologies to change the world for the better, and the benefit of humanity. ***** About the author: This article was written by Edwin Lee Yong Cieh, Partner of LPP Law – law firm in Kuala Lumpur, Malaysia (+6016 928 6130, [email protected]). Feel free to contact him if you have any queries. This article was first published in CHIP Magazine Malaysia. The view expressed in this article is intended to provide a general guide to the subject matter and does not constitute professional legal advice. You are advised to seek proper legal advice for your specific situation.

The Trade Descriptions Act 2011 (“New TDA”) has effectively come into force on 1 November 2011. The New TDA seeks to reform the law on trade descriptions by repealing the Trade Descriptions Act 1972 (“Old TDA”). The New Trade Description Act, like its predecessor, is enacted to promote good trade practices in the market by prohibiting false trade descriptions and false or misleading statements, conduct and practices in relation to the supply of goods and services, thereby protecting the interest of consumers. This article sets out to highlight some of the key provisions in the New TDA that every trademark owner should be aware of when protecting their trademarks in Malaysia. Methods to Enforce Trade Mark Rights In Malaysia, there are several methods in which a trademark owner can use to enforce and protect his rights. One of the most common methods is by initiating a civil action against the trademark infringers. However, a civil action is usually expensive, time-consuming and it places the burden of proof on the trademark owners to establish their case. In most cases, trademark owners usually prefer to stop the infringement immediately in the most cost-effective manner. As a first step, the trademark owners may issue a letter of demand or what is commonly known as a “cease and desist letter” to the infringers stating the trademark owners’ rights and how those rights have been infringed by the infringers. Issuing a cease and desist letter has proven to be quite effective in stopping further infringement. However, if the infringers deny their infringing acts, the trademark owners may resort to a civil action under the Trade Marks Act 1976. The trademark owners may also apply for an injunction to restrain further infringement or an order for delivery up of the infringing goods. In addition, the Trade Marks Act 1976 also provides a remedy for border measures control in which it allows the trademark owners (with the co-operation from the Royal Malaysian Customs Department) to stop the importation of counterfeit goods into the country. Similarly, like the Old Trade Description Act, the New Trade Description Act also provides for certain criminal remedies which would allow the trademark owners to stop their trademarks from being misused as false trade descriptions. Trademark owners may apply for a Trade Description Order (“TDO”), which is basically a declaratory order granted by the High Court declaring that a trademark or get-up used by an infringer amounts to a false trade description. The TDO empowers the officers from the Ministry of Domestic Trade, Cooperatives and Consumerism (“MDTCC”) to receive official complaints from the trademark owners and to raid and seize goods to which a false trade description has been applied. As a TDO is applied on an ex parte basis without having to call the respondent to the court, this lessens the procedures usually associated with injunctions and thus it saves substantial time and cost for the applicant. Besides, the enforcement and prosecution of the offence are carried out by the MDTCC at minimal cost to the registered trademark owners. As a result, an action under the TDO has proven to be the most commonly used and cost-effective way in curbing the sale of counterfeit goods. “Trade Description” A trademark owner should be aware that the New TDA expressly defines a “trade description” to include an indication, whether direct or indirect and by any means given, in respect of any goods or parts of goods relating to any rights in respect of trade marks registered under the Trade Marks Act 1976. A “false trade description” is a trade description which is false to a material degree or is misleading. Under the New TDA, it is an offence for any person who applies a false trade description to any goods as if the goods were subject to any rights relating to a registered trademark, or who supplies or offers to supply, exposes for supply or has in his possession, custody or control for supply any goods to which a false trade description is applied as if the goods were subject to any rights relating to a registered trademark. Upon conviction, the person will be liable to a hefty fine or imprisonment or both. Key Features of the New Trade Description Act (TDA) One of the key features under the New TDA is that only registered trademark owners in Malaysia can apply for a TDO. Previously, under the Old TDA, any trademark owners who have not registered their trademarks in Malaysia were allowed to enforce their common law trademark rights through the TDO. It appears that the Parliament has decided to restrict the right to the TDO, to only trademark owners who have registered their trademarks in Malaysia. No explanation was proffered for such a radical move. It should be noted that the Old TDA was modelled upon the UK Trade Descriptions Act 1968 and the UK law still allows common law trademark owners to enforce their rights regardless of whether they have a registered trademark in the UK. In the light of these changes, trademark owners should ensure that their trademarks are duly registered in Malaysia in order to protect their rights and interest. The validity period of a TDO has also been reduced from 5 years under the Old TDA to 1 year under the New TDA. Although the TDO can be renewed for a further period as may be determined by the court, this would incur further cost and time to the trademark owners. As such, the trademark owners who have obtained a TDO from the court should initiate the enforcement action as soon as possible rather than procrastinate. It should be noted that the TDO is only required in cases where the trademark or get-up used by the infringer is not identical but can be passed off as a registered trademark. A TDO, once granted, shall be taken as conclusive proof of a false trade description. Due to its far-reaching effects, the courts have held that a TDO will only

Malaysian Airline System Berhad (“MAS”), AirAsia Berhad (“AirAsia”) and AirAsia X Sdn Bhd (“Air Asia X”) have recently entered into a Comprehensive Collaboration Framework to explore opportunities to collaborate on a broad range of areas in which all parties will strive to complement each other’s businesses so as to leverage on their respective core competencies and optimise efficiency for the benefit of consumers. Does it violate the competition law? The collaboration has sparked concerns that the tie-up between the two airlines may result in a monopoly or anti-competitive behaviour in the airline industry. Many have expressed their worries that the collaboration may result in less frequent flights, limited travel options and that AirAsia may stop offering low price airfares since MAS is no longer a competitor to AirAsia. The collaboration agreement would only come into effect after a full competition analysis is completed and is in compliance with the applicable laws with regard to competition law in all the markets that the airlines operate in. It is noted that the recently-established Malaysian Competition Commission is also looking into the possible impact of the collaboration on the local market. Competition Act 2010 The Competition Act 2010 (“Act”) was passed by Parliament last year and is scheduled to come into force on 1 January 2012. The Act applies to any commercial activity by any company (including Government-linked companies) within and outside Malaysia which has an effect on competition in any market in Malaysia. Generally, competition law in most jurisdictions around the world covers three main pillars, prevention of anti-competitive agreements; abuse of a dominant position as well as a ruling against anti-competitive mergers and acquisitions. The Act does not, however, provide for regulation of mergers and acquisitions which may be anti-competitive, although the Government has not ruled out the possibility of introducing the third pillar in the future. Anti-Competitive Agreements The Act prohibits horizontal and vertical agreements between enterprises where an agreement has the object or effect of significantly preventing, restricting or distorting competition in any market for goods or services. Horizontal agreements which have the effect of price-fixing; market sharing; limit or control of production, market outlets or market access; bid rigging are deemed to be an anti-competitive agreement. Vertical agreements include tie-in arrangements and exclusive dealings which have the object of setting up barriers of entry against new entrants in a particular industry. Abuse of a Dominant Position Enterprises are prohibited from engaging in any conduct which amounts to an abuse of a dominant position such as imposing unfair purchase or selling price; limiting or controlling production, market outlets or market access, refusing to supply; applying discriminatory conditions that discourage new market entry; engaging in predatory behaviour towards competitors; or buying up scarce supplies in excess of the dominant enterprise’s own needs The Application of Competition Law to the Airline Industry In the airline industry, the typical competition issues include global alliances, tariff coordination, code-sharing, price-fixing, airport capacity and slots allocation, predatory pricing, frequent flyers programme, corporate discount schemes, travel agent commission, etc. These competition issues may arise from day-to-day dealings with competitors, joint venture partners, airport operators, suppliers, agents as well as customers, and will likely come under the scrutiny by the competition authority. In many countries, airlines have to seek permission and clearance from the competition authorities before they are allowed to form an alliance. The competition authorities will consider the terms of the agreement, the potential impact on the relevant markets as well as whether the alliance would result in excessive market domination. The competition authorities in many jurisdictions are generally supportive of airline alliances as they would result in cost savings, better connectivity and foster greater synergies between the airlines unless the alliances would result in the elimination of competition. Code-Sharing Code-sharing is an arrangement between two airlines where one airline (operating airline) allows another airline (marketing airline), as a codeshare partner, to market and sell tickets on the operating airline’s flights. The marketing airline that sells tickets under its own code does not actually operate the flight. While code-sharing agreements are generally permissible as they provide substantial benefits to consumers (such as seamless connections, greater network access and competitive airfares), some code-sharing agreements may give rise to anti-competitive concerns as the multiple displays of code-shared flights on computer screens push down other airlines’ flights to be displayed on following screens which may be missed by consumers searching for other flight options. It may also go beyond this and cover comprehensive integration of marketing and sharing of operational information that results in distortion of healthy competition practices. In this respect, AirAsia has dismissed the possibility of entering into a code-sharing agreement with MAS as it claims that both airlines operate on different market segments and different business models. It is believed that both airlines are likely to have a common understanding of joint planning, operating and coordinating routes, flight schedules and airfares. In Europe and the US, exemptions have been granted to a number of co-operation agreements between airlines on the condition that the whole arrangement benefits the customers of each party by providing access to a wider range of routes. Price Fixing In the past few years, dozens of airlines around the world have been slapped with hefty punishments by competition authorities for involvement in price-fixing cartels. For example, in November 2010, 11 airlines were fined a total of €799 million (about US$ 1.1 billion) by the European Commission for fixing the price of fuel and security surcharges on cargo flights worldwide over a six-year period from 1999 until 2006. Back at home, in July 2011, MAS announced that it would pay US$ 3.35 million to a number of freight forwarders in the US to settle claims alleging that MAS was involved in price fixing of airfreight shipping services and related surcharges, although MAS has denied any wrongdoing and claimed that the settlement was to allow MAS to focus its full attention on further strengthening its business and to keep its legal costs to