Articles

The Government recently enacted the Price Control and Anti-Profiteering Act 2011 (“Act”), which came into force on 1 April 2011. The purpose of the Act is to enable the Government to determine prices of goods or charges for services with the object of curbing excessive profiteering of essential goods and services by unscrupulous traders. Previously, the Price Control Act 1946 was the main legislation regulating the prices of goods and services. However, the Government recognized the need to revamp and update the law to deal with today’s realities. The Act is also meant to prevent businesses from hiking up prices excessively once the proposed Goods and Services Tax (“GST”) is implemented. Anti-Profiteering Under the Act, it is an offence for any person who, in the course of trade or business, makes an unreasonably high profit in selling goods or services, and this is not restricted to price-controlled goods or services. The Ministry of Domestic Trade, Co-operatives and Consumerism (“Ministry”) will prescribe the mechanisms to determine when profit would be deemed unreasonable. Factors such as tax, supplier’s cost, conditions of supply and demand, and geographical and product market considerations may be taken into account in formulating these mechanisms. Different mechanisms may be prescribed to cater for different conditions and circumstances. The Ministry is currently working with the Malaysian Institute of Economic Research, Institute of Strategic and International Studies Malaysia as well as other organizations to formulate these mechanisms. Therefore, anyone who unreasonably increases prices of goods or services, especially during festive seasons, when there is a shortage of supply of goods, or where there is an increase in petrol or commodity prices, none of which may have any tangible impact on the cost of the goods or services, would commit an offence under the Act. Key Provisions of the Act The Price Controller may, with the approval of the Minister of Domestic Trade, Cooperatives and Consumerism, determine the maximum, minimum or fixed price for any goods or services. Where prices or charges are determined by the Price Controller, such prices or charges would include all government taxes, duties and any other related charges, and businesses are not allowed to impose higher prices or charges just because of taxes such as GST. A list of the prices or charges must also be displayed in a conspicuous position so as to be easily read by anyone intending to purchase such goods or services. The Act also sensibly gives the Price Controller the power to determine different prices and charges for different geographical areas in respect of like or similar goods and services. Offences and Penalties Under the Act, anyone who sells or offers to sell any price-controlled goods or services inconsistent with the prices or charges determined by the Price Controller commits an offence. Interestingly, the Act also makes buyers liable to prosecution. Therefore, anyone who purchases or offers to purchase any price-controlled goods or services at prices different from those determined by the Price Controller is liable to prosecution unless he can prove that he had no knowledge of the price-controlled goods or services and that he acted in good faith in acquiring the goods or services at that price. If the offence is committed by a company, it will be liable to a maximum fine of RM500,000 and, for a second or subsequent offence, up to RM1,000,000. A director or CEO of a company may also be charged severally or jointly with the company unless he can prove that the offence was committed without his knowledge, consent or connivance and that he had taken all reasonable precautions and exercised due diligence to prevent the commission of the offence. If the offence is committed by an individual, he is liable to a maximum fine of RM100,000 or to imprisonment for a term not exceeding 3 years or both and, for a second or subsequent offence, to a fine of up to RM250,000 or to imprisonment for a term not exceeding 5 years or both. Conclusion While the Price Control and Anti-Profiteering Act 2011 will have an impact on businesses, it is not anti-business or intended to stop people from making a profit. What it aims to do is to prevent greedy traders and unscrupulous businesses from charging exorbitant prices for their goods and services. The enactment of the Act should therefore be welcomed as a safeguard for consumers against opportunistic profiteers. However, as it gives the Price Controller broad powers that will have a direct effect on the rakyat, prices should only be determined after thorough consideration of the impact on stakeholders. The success of the Price Control and Anti-Profiteering Act 2011 in achieving its objective is therefore very much dependent on its implementation. ***** About the author: This article was written by Edwin Lee Yong Cieh, Partner of LPP Law – law firm in Kuala Lumpur, Malaysia (+6016 928 6130, [email protected]). Feel free to contact him if you have any queries. This article was first published in CHIP Magazine Malaysia. The view expressed in this article is intended to provide a general guide to the subject matter and does not constitute professional legal advice. You are advised to seek proper legal advice for your specific situation.

Unquestionably, FinTech has continued to take centre stage in recent months. Not only that FinTech players are raising millions of funding from investors, governments and regulators around the world (including Malaysia) are also looking to regulate and facilitate the growth of FinTech industry in their respective countries through the creation of FinTech frameworks. To this end, it is recognised that some form of policy and regulatory framework is necessary to be put in place so that FinTech participants can operate in a safe, efficient and transparent manner, as rightly pointed out by the Governor of Bank Negara Malaysia, Datuk Muhammad bin Ibrahim. Equity crowdfunding (“ECF”) The first player to the FinTech party scene in Malaysia is ECF. In February 2015, the Securities Commission of Malaysia (“SC”), a statutory body in charge of the securities and derivatives markets in Malaysia, released guidelines to facilitate ECF market. Six (6) ECF platform operators (Alix Global, Ata Plus, Crowdonomic, Eureeca, pitchIN and Propellar Crowd+) were approved by the SC to operate ECF platforms. Malaysia is the first country in the ASEAN region to have introduced an ECF regulatory framework. The SC describes ECF platform as “a new form of fundraising platform that allows startups or other small-and-medium-sized enterprises to obtain funding through small equity investments from a relatively large number of investors, using online portals to publicise and facilitate such offers to investors”. Investors receive shares in return for their investments and can expect a return in the form of dividends if the company performs well. According to the SC, from May 2016 until October 2016, the combined amount SMEs have raised through the six regulated ECF platforms amounted to RM8 million for 11 Malaysian businesses. The platforms have also received widespread interest from across 38 different sectors. In April 2016, the SC released another guideline and this time, it sought to regulate the even more lucrative P2P Lending market. The first round of application was opened from 2 May 2016 to 2 July 2016 and the SC had received more than 50 applications from interested applicants. Six (6) P2P Lending platform operators (B2B FinPAL, Ethis Kapital, FundedByMe Malaysia, ManagePay Services, Modalku Ventures and Peoplender) were approved by the SC in early November 2016. These platforms are expected to launch their operations in 2017. Malaysia is once again the 1st country in the ASEAN region to have formally authorised such platforms to operate in the P2P Lending market. P2P financing, as described by the SC, is a “web-based innovation that broadens the ability of entrepreneurs and SME business owners to unlock capital from a pool of individual investors in small amounts and provides a quick turnaround time to obtain financing for their businesses, through an online digital platform”. Individuals, however, are not allowed to seek personal financing via a P2P Lending platform. Investors may now use P2P Lending platforms to buy securities in the form of an investment note or Islamic investment note, which are issued by businesses or companies. Once purchased, the issuer of the investment note or Islamic investment note will be obliged to pay the investors over a period of time, with interest or profits. Both borrowers and lenders benefit from better interest rates and returns on investment, respectively, compared to traditional financing methods. In addition, there are no intermediation parties as money change hands directly. Bank Negara Malaysia’s FinTech Regulatory Sandbox Following a public consultation exercise in July-September 2016, Bank Negara Malaysia (“BNM”) released the Financial Technology Regulatory Framework on 18 October 2016. The framework seeks to provide a regulatory environment that is conducive for the deployment of FinTeech in the form of a FinTech sandbox. With this framework, FinTech product, service or innovation can be deployed and tested in a live environment within certain testing parameters and timeframes. In order for a participant to participate in the sandbox, the participant must show the following: its product, service or innovation is genuinely innovative; it has conducted an adequate and appropriate assessment to demonstrate the usefulness and functionality of the product, service or innovation and identified the associated risks; it has the necessary resources to support testing in the sandbox; it has a realistic business plan to deploy the product, service or innovation on a commercial scale in Malaysia after exiting from the sandbox; and it is led and managed by persons with credibility and integrity. Additionally, in determining an application to participate in the sandbox and the extent of regulatory flexibilities to be granted to the participants, BNM has indicated that they would take into account various factors which include, but not limited to the following: the potential benefits of the proposed product, service or innovation; the potential risks and mitigating measures; and the integrity, capability and track record of the participants. The test will run for a period not exceeding 12 months. Participants may extend the testing period by submitting a written application to BNM no later than 30 days before the expiry of the testing period. At the end of the testing period, BNM will work with the participants to develop a transition plan for the deployment of the solution on a commercial scale in Malaysia upon successful testing. On the other hand, if the test fails or is discontinued, BNM will then consult the participants and develop an exit strategy for them. Beefing Up Cyber Resilience in Capital Market Industry While the SC is advocating the benefits of digital finance, the SC is also mindful of the new forms of risks and challenges posed by technology. To address this, the SC published a new Guidelines on Management of Cyber Risk on 31 October 2016 to raise awareness of industry-wide cyber resilience. The objective of the new guidelines is to enhance governance measures and counter cyber risk so as to protect investors within the capital market. Against a backdrop of increased dependency on information technology and Internet connectivity in capital market activities, operations of market intermediaries, market infrastructure and market-based financing platforms, there is a need to

Here are some recent legal developments in the technology, media and telecommunications sphere in Malaysia that happened in Q3 of 2016. Bank Negara Malaysia (“BNM”) Discussion Paper on FinTech Regulatory Sandbox On 29 July 2016, BNM issued a discussion paper on FinTech regulatory sandbox (“Sandbox”), inviting financial institutions, FinTech companies and the public to provide general feedback on the discussion paper. Additionally, BNM has also requested interested stakeholders to comment on the adequacy, appropriateness and adequacy of the initially set eligibility criteria and to suggest alternatives to the current minimum standards. The introduction of the Sandbox would allow FinTech innovations to be deployed and experimented in a live environment within certain testing parameters and timeframe. Pursuant to the discussion paper, in order for a participant to participate in the Sandbox, the participant must show the following: (a) its solutions are genuinely innovative, novel, and not similar to solutions which are already available in the Malaysian market; (b) it intends to deploy its solutions on a commercial scale in Malaysia after its exit from the Sandbox; and (c) its solution will contribute to the development of Malaysia’s financial sector, bring about an enhancement to the Malaysian financial institutions, or significantly benefit the Malaysian economy or customers. Additionally, in determining an application to participate in the Sandbox and the extent of regulatory flexibilities to be granted to the participants, BNM has indicated that they would take into account various factors which include, but are not limited to the following: (a) the potential benefits of the proposed solution; (b) the potential risks and mitigating measures; and (c) the integrity, capability and track record of the participants. The test will run for a period not exceeding 12 months. Participants may extend the testing period by submitting a written application to BNM no later than 30 days before the expiry of the testing period. At the end of the testing period, BNM will develop a transition plan for the deployment of the solution on a commercial scale in Malaysia upon successful testing. On the other hand, if the test fails or is discontinued, BNM will then consult the participants and develop an exit strategy for them. Legality of Airbnb Services Recently, it has been reported that some hoteliers had complained to the authorities that Airbnb services were illegal as the online platform allows the public to provide short-term rentals on residential premises to tourists for business purposes. The Malaysian Association of Hotels has indicated that not only this causes unwanted disturbance to the neighbours of Airbnb hosts (“Hosts”), users of Airbnb services are not adequately protected as the Hosts are not required to adhere to any safety requirements such as ensuring their customers against any risks or installing safety equipment on their premises. Additionally, unlike the Malaysian Homestay Programme, where the locals are authorized to offer tourists the unique lifestyle of rural villages, Airbnb operates without any licence or approval from the authorities, and the Hosts are not required to pay or collect taxes. As such, the hoteliers have urged the Government to regulate such services. In June 2016, the Penang Municipal Council (“MBPP”) issued a number of fines to several Hosts in Penang for providing homestay or lodging services to tourists without a valid licence issued under section 4 of the Municipal Council of Penang Island (Trade, Business and Industries) By-Laws 1991. Some of the Hosts have challenged this decision on the ground that since they do not provide homestay nor hotel services, there is no licence required. In August 2016, the Urban Wellbeing, Housing and Local Government Ministry (“KPKT”) was quoted by the media as saying that Airbnb’s home sharing service was not illegal and no licence was required. The KPKT, Tourism and Culture Ministry and Malaysia Productivity Corporation have also announced that there are no immediate plans to draft any new law on the matter or to issue any licences similar to those granted to hotels. It remains to be seen whether there will be further developments in this area. Announcement of the Fees for Spectrum Reallocation In Q1 of 2016, the Government announced that spectrum for the telecommunications industry would be reallocated in a move to optimize revenue. It was reported that this move was made pursuant to the Budget 2016 recalibrations. Soon after, the Malaysian Communications and Multimedia Commission (“MCMC”) announced that the 900 MHz and 1,800 MHz frequency bands would be reallocated among the four major telcos, namely Maxis, Celcom, Digi and U Mobile. On 31 August 2016, the MCMC announced the respective fees for the reallocation of spectrum in the 900 MHz and 1800 MHz bands. The MCMC states that the fee of spectrums will be determined per block of 2 x 5MHz in both 900 MHz and 1800 MHz frequency bands. It was reported that the spectrum fee is structured in two parts. First is a one-off payment for the price component which is determined at RM499,725,000.00 per block for the 900 MHz band and RM217,770,000 per block for the 1800 MHz band. The second part is an annual maintenance fee that is payable annually. The assignment will be valid for 15 years, with an implementation date set on 1 July 2017. Furthermore, to prevent the cost of spectrum assignment from trickling down to the consumers, the MCMC added that it is a condition of reallocation that telcos must offer packages that are cheaper than what is currently being offered to their subscribers. Establishment of 1st Special Cyber Court The purpose of this initiative is to arm the judicial system with sufficient and adequate means of handling cybercrime offences, such as hacking, online fraud/scamming, botnet, online defamation, sedition and harassment, web-defacement, stealing of online information, cyber gambling and pornography, etc. The Special Cyber Court will deploy specialised and trained judges to hear cases relating to cybercrime. The Special Cyber Court is expected to function in the same way like any other special courts such as those that are already in place to deal with intellectual property,

Pokemon Go has officially arrived in Malaysia. This augmented reality mobile app game has taken the world by storm and become a worldwide phenomenon since its debut in July 2016. It has more daily active users than Twitter and is fast becoming one of the most downloaded mobile app games ever. Pokémon Go is an augmented reality game that uses GPS on smartphones to identify players’ (in the game, such players are called “trainers”) physical location and shows trainers a map of their real-life surroundings. The game combines real-life surrounding places such as parks or buildings with virtual characters or objects that appear on the smartphone. The goal is to collect and train virtual Pokémon characters. The more Pokémon the trainer catches, the higher his or her ranking rises. Like all things, what comes with a wildly popular and innovative technology is always a series of fascinating legal issues that it raises. For Pokemon Go, some have raised concerns about its impact on privacy, property rights, trespass, public safety and liability. To make matter worse, the game has been linked to serious crimes such as kidnapping, robberies and sexual offences. Privacy When it was first launched, the Pokémon Go app requested permission to access and control all of the data associated with the trainer’s Google account (including emails, calendar entries, photos and even stored documents). This had caused some privacy concerns to the trainers and Niantic (Pokémon Go’s developer) has since remedied this by restricting access to only Google IDs and email addresses. However, the app still tracks the location data every time a trainer uses the app. Due to the nature of the game, most trainers leave the app and GPS on at all times while waiting for some rare Pokémon to appear. This means that, effectively, the movements of trainers could be tracked whenever and wherever they go. The app has access to a lot of data which if falls into the wrong hands, could lead to a privacy nightmare for trainers. The app also has a feature which places “gyms” at certain locations to attract trainers to battle against each other. There are news reports claiming that gyms that are placed at private residences and business premises have attracted dozens to hundreds of trainers, which potentially infringe the privacy and peace and quiet enjoyment of individuals and businesses. Also, as the app allows trainers to turn on their cameras when playing the game, there is a possibility that perverts or paedophiles may use their cameras to take pictures of girls or young children in public places on the pretext of playing the game. Trespass and Unlawful Assembly The game also places PokéStops at certain places that invite trainers to catch Pokémon at PokéStops. While most PokéStops are found in public places, do be mindful that not all public places are freely open to the members of public without any form of restrictions. For example, you cannot simply walk into the military bases, prisons and certain government-controlled offices without a proper permit. Anyone who does so can be found guilty of wilful trespass on government property under Section 22 Minor Offences Act 1955 (Revised 1987). For PokéStops that are found in private residences, you are also not allowed to climb over the fence or gate of your neighbour’s yard to catch Pokémon, as that would constitute a criminal trespass on private property under Section 441 Penal Code, which if convicted, you can be jailed up to 6 months or fined up to RM3,000 or both. If there is a wake or funeral proceeding, you can be found guilty of criminal trespass if your act of entering the area insults the religion of any person or disturbs the performance of a funeral ceremony, and you can be jailed up to 1 year or fined under Section 297 Penal Code. If you together with a group of friends (more than 5) gather at a place, all of you might commit a crime of unlawful assembly, if your intention is to commit an offence there or if the police ask you to leave but you stay on and you resist the execution of any legal process by the police. You and your friends can be jailed up to 6 months or fined under Section 141 Penal Code. Nuisance Even if you do not walk into someone’s house but you loiter around the perimeter of the house and create a lot of noise late into the night, the house owner can sue you for the tort of private nuisance if your activity interferes with his quiet enjoyment and use of the house. Both trespass and nuisance are also civil wrongs which allow the property owner or lawful occupier to sue you for compensation. If you cause any property damage, you will also be responsible for that. Pokemon Go Developer’s Liability It has also been reported that some trainers had suffered injuries while playing Pokemon Go (running into physical surroundings such as trees or lamp posts, getting into car accidents, falling off cliffs). Can the trainers sue Niantic for such injuries by arguing that it is predictable that trainers would stare at their phones while walking distractedly and ignore oncoming cars and natural hazards? Such argument might be weak, considering that Pokémon Go has put in place certain warnings and safeguards to warn trainers “be mindful of surroundings and play at their own risk”. This is very much like if an individual gets hit by a car while text-walking, and assuming no fault on the part of the driver, the individual only has himself to blame for his injury. The Terms of Service also includes disclaimers against any damage, injury or death that may occur during the use of the game. All trainers are required to agree to the Terms of Service in order to play the game. Pokemon Go Occupiers’ Liability Some small businesses and organisations are riding on the popularity of Pokemon Go by paying the game a daily fee

The issue of the need to maintain net neutrality and an open Internet concept has been a considerable debate for years, with the most recent development being the landmark ruling of the US Court of Appeals for the District of Columbia Circuit on 14 June 2016 in favour of net neutrality. Net neutrality is a principle which requires all Internet Service Providers (“ISPs”) to treat all sources of online content equally and provide all consumers with the right to access the content on a non-discriminatory basis. The idea behind net neutrality is that the Internet should remain open and neutral with uninhibited access to online content without the ISPs being allowed to block, impair or establish fast/slow lanes on the delivery of online content to consumers. However, ISPs argue that they have the right to optimise the use of the network resources and that Internet traffic or traffic prioritisation measures are necessary to ensure a reasonable quality of service standard for all Internet users, especially as Internet traffic continues to grow. The Open Internet Rules in the US In the US, the Federal Communications Commission (“FCC”) has developed Open Internet Rules, which are designed to protect free expression, innovation and economic growth on the Internet, as well as to promote investment in broadband networks. The Open Internet Rules are also intended to ensure that consumers and businesses alike have access to a fast, fair and open Internet. The FCC’s Open Internet Rules came into force on 12 June 2015 and apply to both fixed and mobile broadband Internet access services, which is classified as a “telecommunications service” by the FCC. Essentially, the Open Internet Rules set out five bright-line rules, as follows: (a) No blocking: ISPs are not allowed to block access to lawful online content, applications, services or non-harmful devices; (b) No throttling: ISPs are not allowed to impair or degrade lawful Internet traffic on the basis of content, applications, services or non-harmful devices; (c) No paid prioritisation: ISPs are not allowed to favour some lawful Internet traffic over other lawful traffic in exchange for consideration of any kind (in other words, ISPs are not allowed to provide “fast lanes” to certain content/service providers who are willing to pay in exchange for fast lanes); (d) No unreasonable interference: ISPs are not allowed to interfere unreasonably with their end users’ ability to use broadband Internet access services, or with their edge providers’ ability to make lawful online content, applications, services and devices available to end users; and (e) Enhanced transparency: ISPs must publicly disclose accurate information regarding the network management practices, performance and commercial terms of its broadband Internet access services to allow end users to make informed choices and for content, application and service providers to develop, maintain and market Internet offerings. As many as 4 million Americans have overwhelmingly voted to support the FCC’s initiative in keeping a free and fair Internet. Many tech giants like Google, Facebook and Netflix have also rallied in favour of the Open Internet Rules. It is said that without net neutrality, ISPs may choose to deliver certain online content at a slower speed, for example, making the video streaming on Netflix or YouTube buffer, unless they pay extra to get in the fast lane. However, the Open Internet Rules were not welcomed by the ISPs and they brought a case against the FCC. They argued, amongst others, that as broadband is an information service, as opposed to a telecommunications service, hence the FCC lacked statutory authority to create the Open Internet Rules and impose them on ISPs. They also argued that some of the rules were unconstitutionally vague and ran afoul of the US Constitution. The US Court of Appeals rejected the ISPs’ arguments and held in favour of the Open Internet Rules. The court held that: FCC had the authority to reclassify broadband as a telecommunications service. This was based on the evidence that consumers generally viewed broadband as essential communication and information platform that transmits data of their own choosing to their desired destination, as opposed to a mere information service; interconnection arrangements are derivative of the broadband Internet access service and hence, they could be regulated under the law; FCC had the authority to come up with measures to encourage the deployment of broadband infrastructure and rules to govern ISPs’ treatment of Internet traffic; and the Open Internet Rules generally require ISPs to offer a standardised service that transmits data on a non-discriminatory basis. Such equal access rule did not run afoul of the First Amendment to the US Constitution (which affirms the right to freedom of expression). This decision affirmed the US Government’s view that broadband is a utility that should be made equally available to all consumers, rather than a luxury that does not require government supervision. This decision marks a landslide victory for net neutrality in the US and an enormous win for consumers. With this decision, all ISPs must treat all Internet traffic equally, and this assures a level playing field for all online content and benefit both consumers and online content developers alike. President Obama – The Man behind the Push for Net Neutrality Rules The current US President, Barack Obama, is known as an ardent supporter of net neutrality. He has been instrumental in calling on the FCC to take up the strongest possible rules to protect net neutrality. In an open letter to the FCC in November 2014, he wrote, “an open Internet is essential to the American economy, and increasingly to our very way of life. By lowering the cost of launching a new idea, igniting new political movements, and bringing communities closer together, it has been one of the most significant democratizing influences the world has even known… The Internet has been one of the greatest gifts our economy and our society has ever known… there is no higher calling than protecting an open, accessible and free Internet.” Net Neutrality Concept in Malaysia & ASEAN In ASEAN, Singapore’s telecommunications

Facebook, arguably the world’s most successful and influential social networking site, has just turned 10 last month. On 4 February 2004, Mark Zuckerberg launched The Facebook from his Harvard dorm room. Originally intended to just serve as a social networking site exclusively for university and college students in the United States, Facebook has since grown by leaps and bounds to become the largest social networking site in the world. Facebook has attracted 1.23 billion users worldwide so far, and reportedly earned $7.9 billion in revenue in 2013. Facebook made a grand entrance into Nasdaq stock exchange when it went public in May 2012 by having one of the largest initial public offerings in Internet history, and it continues to make headlines every now and then, the latest being the acquisition of WhatsApp for a whopping $19 billion (Facebook bought Instagram for $1 billion in April 2012, just before it went public). This article is not intended to talk about how awesome Facebook is, or the benefits or changes that Facebook has brought to our daily lives (for better or worse). This article is meant to set out the various social and legal implications arising from the rapid growth and widespread use of Facebook in the last 10 years. In this article, reference will be made to Facebook’s Statement of Rights and Responsibilities (“Facebook’s Terms”), which is essentially the main document that sets out the terms of use that governs the relationship between Facebook with users and others who interact with Facebook. Violation of any provisions under Facebook’s Terms will result in the individual’s Facebook account being terminated or suspended. Posting third party content Very often, we find users posting contents such as text, graphics, photos or videos not belonging to theirs on Facebook without realising that such actions could potentially amount to infringement of copyright law which can result in both criminal and civil liability. According to Facebook’s Terms, users are not allowed to post content that infringes or violates someone else’s rights or otherwise violates the law. Facebook has set up a special tool to enable users to report to Facebook if their intellectual property rights have been infringed by other users. Facebook has the right to take down the infringing content upon receipt of such a report. It also states that repeated or continuous infringement of other’s intellectual property rights may result in the individual’s Facebook account being terminated or disabled by Facebook. Who owns and controls your content? When Facebook first started, it tried to claim ownership over all contents posted on Facebook. This had, of course, resulted in much criticism, which prompted Facebook to change its terms of use. The Facebook’s Terms now state that all users own all of the content and information they post on Facebook, and they give Facebook a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any content that users post on Facebook. Facebook also tried to remove a sentence from the Facebook’s Terms saying that “the license will automatically end when the user removes the content”, and this had again caused an uproar, forcing Facebook to restore that particular sentence. Disclosure of sensitive or confidential information The ease of posting information online and the desire to share (or show-off) information have resulted in instances where users (knowingly or unintentionally) leak sensitive or confidential information (such as trade secret, corporate intelligence or financial disclosure in violation of securities laws) to the public. We all know what once information gets published on the Internet, it will never get deleted. The instantaneous and far-reaching nature of social networking makes it difficult for users to recall information that has gone public. The implication can be very serious because for information to remain confidential, it must have the necessary “quality of confidence”. The confidential information will lose its confidential nature the moment it is disclosed to the public. Defamation Lawsuits alleging defamation based on content posted on social networking sites such as Facebook are on the rise. A defamation claim may be actionable when a person has published words which connote any imputation which may tend “to lower the other person in the estimation of right-thinking members of society generally”, “cut him off from society” or “to expose him to hatred, contempt or ridicule”. Courts have ruled that posting on Facebook amounts to a publication to the world at large. Facebook’s Terms require users not to post content that is hate speech, threatening, or pornographic; incites violence, or contains nudity or graphic or gratuitous violence. Users should, therefore, avoid making statements that are harmful, offensive or inflammatory. Cyber-stalking and cyber-bullying Stalking and bullying that used to only take place in real life, are now also happening on the Internet, particularly on social networking sites. Many users tend to post too much of personal information on their profile pages, which enables anyone with access to that information to stalk them. What is more worrying is, many users are not aware that everything posted on Facebook is by default made public, and it is up to the users to restrict the access to the information to just friends or family. Cyber-bullying can take many forms, such as posting hurtful or threatening messages on users’ page, spreading false rumours online, starting pages to ridicule or spread gossip about individuals, or circulating embarrassing or compromising pictures about individuals. It has been reported in the newspapers that many teenagers have committed suicide or suffered from anxiety and depression due to cyber-stalking and cyber-bullying that they had experienced on social networking sites. Facebook’s Terms explicitly state that users are not allowed to bully, intimidate or harass any other users on Facebook, or use Facebook to do anything unlawful, misleading, malicious or discriminatory. Electronic discovery Lawyers and prosecutors have resorted to fishing for evidence from information posted on Facebook. Some have even applied for court orders to obtain such information. In one instance, a photo of a wife hugging an unidentified man on Facebook was accepted as evidence to support a

This marks a new series of articles that I am writing, with the aim of providing you with a snapshot of important legal developments to keep you informed of the significant legal developments in the technology, media and telecommunications sphere in Malaysia on a quarterly basis. Issuance of Compounding Regulations pursuant to the Personal Data Protection Act 2010 On 15 March 2016, the Commissioner issued the Personal Data Protection (Compounding of Offences) Regulations 2016 (“Compounding Regulations”). The Compounding Regulations provides a list of offences which are prescribed to be “compoundable offences”. For offences which are compoundable, the Commissioner may offer data users an opportunity to pay a monetary penalty (which penalty can be up to half of the maximum fine stipulated in the Personal Data Protection Act 2010 (“PDPA”) within the time period stipulated in the offer. If no payment is received within the stipulated period, prosecution for the offence will be instituted against the data user. It is important to note that only some and not all offences under the PDPA and its regulations are compoundable. The issuance of the Compounding Regulations points to the focus of the Commissioner and the Personal Data Protection Department (“PDP Department”) moving to the next phase of implementation of the PDPA, namely investigation and enforcement. Most data users would favour the use of compounds as it is likely to reduce the penalties for not complying with the PDPA significantly, as well as save both the prosecution’s and alleged offender’s time and costs, as parties would be spared the time and expense of court proceedings. Malaysia to step up cybersecurity measures in the capital market and national defence sectors On 21 March 2016, the Securities Commission Malaysia (“SC”) published a consultation paper seeking public feedback on the proposed regulatory framework relating to the management of cyber security risk by capital market participants. The SC recognises that with the increased dependency on information technology and Internet connectivity, there is a need to put in place cyber security policies and procedures to safeguard and protect the confidentiality, integrity and availability of information systems used by capital market participants. Sound management of cybersecurity risk has been identified as a critical component to further strengthen the resilience of the Malaysian capital markets. Towards this objective, the SC intends to introduce regulatory requirements to guide the capital market participants to achieve a certain state of cybersecurity resilience. The SC recommends that the board of directors of capital market participants set a clear direction and give adequate priority in their respective board’s agenda for the effective management of cybersecurity risk and require their senior management to develop and implement appropriate cybersecurity frameworks (which includes policies, procedures, awareness programmes and risk reporting mechanisms) throughout their organisations. On the defence front, the Deputy Defence Minister Datuk Seri Mohd Johari Baharum, during his keynote address at the Cyber Security Conference in conjunction with the 15th Defence Services Asia Exhibition and Conference on 20 April 2016, proposed a three-pronged approach to enhance cybersecurity in Malaysia. The three-pronged approach consists of: reorientation of the design philosophy of the Information Communications Technology (ICT) systems, in particular focusing on cyber defence systems to ensure all computing systems reflect uniform reliance; establishment of inter-disciplinary centres, specifically on the need to connect academia, the private sector, national laboratories and the government in sharing information and offering innovative and creative solutions; and getting the military defence and security community to provide “leadership by example” and “provide support to the national and global efforts in meeting cybersecurity challenges to the defence and security domains”. The above announcement was made in response to the rising threat of cyber-attacks in Malaysia. Cyber Security Malaysia (a government agency tasked with being Malaysia’s Cyber Security Reference and Specialist Centre) reported that 11,900 cybersecurity-related cases were recorded in 2015, as compared to only 1,038 cases recorded in 2007, which may lead to some legislative reforms to bolster and/or to introduce new legislation that deals with cybersecurity threats to Malaysia’s critical information infrastructure. Land Public Transport Commission to regulate ride-sharing and taxi-booking apps by Q4 of 2016 Following an endorsement by the Special Economic Committee chaired by the Prime Minister of Malaysia, ride-sharing and taxi-booking apps such as Uber and Grab may be subject to a new regulatory framework to be introduced by the Land Public Transport Commission (“SPAD”) by Q4 of 2016. This proposal was made in response to the rising tide of a new form of competition introduced by these third party ride-sharing and taxi-booking apps and complaints filed by the incumbent taxi companies. Although no draft of the regulatory framework has yet been circulated, it is understood that for the conventional taxi industry, a profit-sharing concept or guaranteed percentage of the day’s income for the taxi drivers will be introduced. For the private car drivers, they would be required to obtain a public service vehicle license and register themselves with SPAD for vetting purposes, before they are allowed to offer their services. Private car drivers are also required to send their vehicles for annual inspections and take up passenger insurance coverage, much like what taxi drivers are currently required to adhere to. It is also understood that this third-party ride-sharing and taxi-booking companies may be subject to local taxation laws when the regulatory framework is introduced, as the government has realised that there is a potentially massive outflow of the Ringgit due to the widespread use of these booking apps. Several laws, such as the Land Public Transport Act 2010, Road Transport Act 1987 and Communications and Multimedia Act 1998, will need to be amended to facilitate these new changes. The Amendment Bills may be tabled in Parliament during its sitting in October 2016, and “if everything goes well, a new dawn of taxi industry may begin the end of the year,” SPAD chairman said. Spectrum reallocation in the telecommunications industry On 27 January 2016, the Prime Minister of Malaysia, Dato Sri Mohd Najib bin Razak, during the Budget 2016 recalibration, announced that

Taxi-booking services such as MyTeksi and Easy Taxi, as well as ride-sharing booking services such as Uber and GrabCar, have been touted as the game changers as they set to revolutionise and transform the taxi-booking system and practice in the taxi industry. These ride-sharing services leverage on smartphone technology to connect passengers to drivers in a reliable, affordable and safe way. Many have lauded the introduction of these services into the market as they set to solve the taxi woes, end the frustration and ease the pain when it comes to booking a taxi. Features such as real-time GPS tracking and cashless payment system on these services give a greater level of confidence, convenience and security to passengers and drivers. Protests and Bans The reality is, change often brings resistance. The ride-sharing business model is not short of controversy. Uber is facing a number of court cases worldwide and its service is banned in several countries. Incumbent taxi drivers are up in arms, claiming that Uber engages in unfair competition and bulldozes its ways through the system by using drivers and cars not licensed/authorised by law. Some have claimed that as these drivers do not have passenger liability insurance, this will put the passengers’ safety at risk. Authorities around the world continue to crack down on Uber’s and GrabCar’s drivers and some drivers had been unfortunately harassed and attacked by other taxi drivers. Legality of Ride-Sharing MyTeksi and Easy Taxi are essentially taxi-booking services, where passengers can summon taxis through mobile apps. They both work with licensed taxi drivers, and do not charge passengers anything extra. Passengers will pay the metered fare as regulated by the government. From the look of it, it appears that they work within the boundaries of the law. Uber and GrabCar, on the other hand, are described as ride-sharing services. Uber and GrabCar partner with private vehicle owners, licensed for-hire chauffeur-driven limousine and commercially licensed rental car companies. Their drivers do not use a taxi meter, but rather they use a mobile app to calculate fares based on distance travelled and time is taken, which apparently are much cheaper than the regulated metered fare. In Malaysia, there is no express prohibition under the law which prohibits someone from using a software to connect its users to drivers for rides on private cars. Under the Land Public Transport Act 2010, no person shall operate or provide a public vehicle service using a class of public service vehicles unless he holds an operator’s licence issued under the Act. A person is deemed to be operating or providing a public service vehicle service if he uses or drives a public service vehicle or employs one or more persons to use or drive a public service vehicle and he owns the said vehicle or is responsible to maintain or operate the said vehicle. “Public service vehicle” includes a motor vehicle used for carrying persons on any journey in consideration of a single fare. It appears that Uber and GrabCar do not fall within the above scope. Uber and GrabCar also claim that they are just a technology company that facilitates the ride-sharing services and not a transportation company. Their drivers, however, appear to fall within the above scope and are potentially liable under the Act, which attracts fine up to RM10,000 and/or imprisonment up to 1 year. Their vehicles can also be confiscated. Legalising Ride-Sharing Services Governments in several jurisdictions have taken steps to create a regulatory framework for the ride-sharing market. In the US, California is the first jurisdiction that legalizes the ride-sharing services through the creation of a new category of public transportation service known as “Transportation Network Company” (“TNC”). A TNC is a company that uses an online-enabled platform to connect passengers with drivers using their private vehicles. Some of the conditions that must be met before a company can be licensed as a TNC include driver background checks, driver training, minimum insurance coverage, the maximum age limit of the vehicle, the requirement to install a GPS tracking device, etc. The TNC model ensures a level playing field is established by preventing ride-sharing services from undertaking specific taxi related activities (rank, hail, pre-booked and cash transactions). A High Court in London recently delivered a landmark judgment, saying that Uber’s app does not operate in the same way as “taxi meter”, and therefore Uber’s service is not considered as providing taxi service. In May 2015, the Philippines became the first country in Asia to legalise and regulate the ride-sharing services nationwide by adopting California’s TNC model. In Singapore, the Third-Party Taxi Booking Service Providers Act 2015, which regulates taxi-booking services, came into force on 1 September 2015. The Singapore Government has also announced that the next phase will involve the review of the ride-sharing services. On 8 October 2015, Didi Kuaidi, the largest ride-sharing company in China, received the first official car booking license for its ride-sharing service from Shanghai’s Municipal Transportation Commission. According to the regulations, Didi Kuaidi is required to do in-house screening and training of all its potential drivers as well as to make sure that all the private cars registered on its platform are certified and properly licensed by the authority and that each vehicle, driver and passenger must be insured. Uber China is said to be actively preparing documents for its own application in Shanghai. In Australia, ride-sharing companies will be able to legally operate in the state of Canberra from 30 October 2015 onwards. In Malaysia, a Bill to amend the Land Public Transport Act 2010 is expected to be tabled in Parliament in October 2015. The amendments would include provisions to regulate mobile app providers offering any public transport, commercial transport and delivery services as well as to deal with mobile apps that facilitate car-pooling or the charging of passengers using unlicensed vehicles. It would be interesting to see if the Bill is a move to legalise ride-sharing services or a move to allow the authorities to exert control

It was recently reported that the Malaysian Communications and Multimedia Commision (“MCMC”) had received six complaints regarding the supply and sale of devices that can hack into WiFi connections. Three cases have since been sentenced by the courts and the other three will soon be brought to the courts soon. Most of the WiFi hacking incidents were carried out by using devices such as WiFi booster and WiFi cracker, which can amplify signals to attract WiFi signals within a distance of one to three kilometres. The MCMC said that a person who uses, has in possession or sells this type of non-standard equipment or device can be charged under Section 239 of the Communications and Multimedia Act 1998 (“CMA”), and will be fined up to RM100,000 and/or jailed up to 2 years upon conviction. A person who possesses, obtains or creates an equipment or device designed to fraudulently use or obtain any network facilities, network service, applications service or content applications service can also be charged under Section 232 of the CMA, which upon conviction, will be fined up to RM300,000 and/or jailed up to 3 years. There is also another form of “stealing” WiFi connections without having to use any equipment or device such as WiFi booster or WiFi cracker. It has been established that using another person’s unsecured WiFi connection without his or her consent and knowledge is known as “piggybacking” or “mooching”. If a person’s WiFi connection is not secured by a password, any person can actually connect to the account, without the person’s consent and knowledge. WiFi piggybacking normally happens when a person uses his neighbour’s WiFi connection without permission, or when a person sitting in a car near a WiFi hotspot to access the WiFi connection. The issue on WiFi piggybacking remains controversial. Some argue that it is harmless, because it is no different to sitting behind another passenger on a train, and reading his newspaper over his shoulder, or enjoying the music a neighbour is playing in his backyard. Others, however, argue that it is unethical, because it is akin to entering a home just because the door is unlocked, or hanging on the outside of a bus to get a free ride (Source: Wikipedia – Piggybacking (Internet Access)). Let’s take a look at what has happened around the world in respect of WiFi piggybacking. In the United States, most of the states prohibit unauthorised access to computer networks which include open WiFi networks. In 2005, a man in Florida was charged with unauthorised access to a computer network because he was using a resident’s WiFi connection from a car parked outside. In 2007, a man in Michigan was fined for using a cafe’s WiFi connection from a car parked nearby to check his email every day. In Singapore, a 17 years old teenager was arrested for tapping into his neighbour’s WiFi connection. Apparently, he went outside his house to piggyback on any available WiFi connection after his mother had confiscated his computer modem. He was seen chatting online when a passerby asked what he was doing, became suspicious, and later called the police. He pleaded guilty and was sentenced to 18 months’ probation under the Computer Misuse Act. In the United Kingdom, a man was also convicted for dishonestly obtaining an electronic communication service when he was found repeatedly trying to gain access to a neighbour’s WiFi connection with a laptop from his car. In Malaysia, no one has been arrested or charged for WiFi piggybacking so far. Our Computer Crimes Act 1997 is very similar to the Computer Misuse Act in Singapore and the United Kingdom, which means WiFi piggybacking could potentially constitute a criminal offence under Malaysian law. Section 3 of the Computer Crimes Act 1997 states that a person who: causes a computer to perform any function with intent to secure access to any program or data held in any computer; the access he intends to secure is unauthorised; and he knows at the time when he causes the computer to perform the function that that is the case, will be fined up to RM50,000 and/or jailed up to 5 years upon conviction. This section is also targeted at hackers who hack into other’s computer network or system. One peculiar feature of this Computer Crimes Act 1997 is that it has extra-territorial scope. The Computer Crimes Act 1997 states that regardless of the person’s nationality or citizenship, where an offence is committed by the person in any place outside Malaysia, in which the computer, program or data that he accessed was in Malaysia, or capable of being connected to or sent to or used by or with a computer in Malaysia, he may be charged under the Computer Crimes Act 1997 as if it was committed at any place within Malaysia. What this means is that a foreign hacker may be charged in Malaysia if he hacks into a computer, program or data in Malaysia. It will be interesting to see how the enforcement authorities will enforce the law against people who piggyback on other’s WiFi connection, especially with the Government’s plan to increase public WiFi hotspot to make it freely available to the people across the nation. From a technological point of view, it might do no harm to you sharing your WiFi connection with others. However, from a legal perspective, that may attract several problems. For example, sharing your home WiFi connection with neighbours may violate your Internet Service Provider’s terms of service. That is because usually home WiFi package only allows WiFi connection to be shared within home users only (as opposed to those business WiFi package used by cafés, offices and shopping malls which allows them to share with the public). Another legal implication that may arise from allowing WiFi connection freely available is that you may be liable for the conduct of the person using your WiFi connection since you are the subscriber of the WiFi connection. While it is clear that unauthorised access

In this world, nothing is certain except death and taxes – Benjamin Franklin (1706-90), one of the Founding Fathers of the United States. In October 2014, the Hungarian government submitted its proposed tax law for 2015. One of the features under that tax law is the introduction of “Internet tax” that will be imposed on Internet users at a rate of HUF 150 (approximately USD 0.60) for every gigabyte of data or part thereof. For example, downloading a movie in HD quality (8.5 GB) would attract a tax charge of approximately USD 5. This proposal has caused an uproar and received negative criticisms from the public and the industry players. It was even condemned by the European Union. Some people perceived this as a way for the Hungarian government to control the Internet and stifle free expression and access to information. The Hungarian government was later pressured into changing its stance slightly, by stating that this new tax will be capped at HUF 700 (approximately USD 2.8) for home users and HUF 5,000 (USD 20) for business users, with Internet Service Providers (“ISPs”) expected to pick up the rest of the tab. That did not help much as the public still believed that the ISPs will pass on the costs of complying with this law onto the consumers eventually. The Hungarian government has finally backed down and decided to shelve this law after large-scale protests from its people. From the inception of the Internet until the late 1990s, the Internet was free of regulation by governments all over the world. However, things began to change when government realized that Internet services is a potential source of tax revenue, especially in the e-commerce sphere where the world is becoming one big marketplace. As a result, many governments have amended their tax law to accommodate to this new way of doing business. In the United States, President Bill Clinton signed the Internet Tax Freedom Act into law in 1998, in an effort to promote and preserve the commercial, educational and informational potential of the Internet. This law bans federal, state and local governments from imposing tax on internet access and other discriminatory Internet-only taxes such as bit tax, bandwidth tax and email tax. The law also prohibits multiple taxes on e-commerce, although it does not exempt sales tax made through online transactions. A tax on internet access is not the same thing as a tax on internet sales. The former is what the Hungarian government was trying to introduce, whereas the latter is becoming a norm in many parts of the world. Likewise, the Malaysian government is not left out when it comes to taxing the internet sales. In March 2013, the Inland Revenue Board of Malaysia (“IRB Malaysia”) published a “Guidelines on Taxation of Electronic Commerce” (“E-Commerce Guidelines”) which as the name suggests, aims to provide guidance on the tax treatment of e-commerce transactions. E-commerce is defined to mean any commercial transaction conducted through electronic networks including the provision of information, promotion, marketing, supply order or delivery of goods or services although payment and delivery of such goods and services may be conducted off-line. The IRB Malaysia acknowledged that as there are no specific provisions under the Income Tax Act 1967 (“ITA”) that address e-commerce transactions, hence it is hoped that the E-Commerce Guidelines will provide the much needed guidance to clear the confusion as to whether online businesses need to pay income tax or not. The E-Commerce Guidelines adopts the principle of neutrality where both conventional and online businesses are subject to the same tax treatment under the ITA. What this means is that there is no difference between a seller who sells goods in a physical shop and a seller who sells goods on a website (online shop) – both of them need to pay income tax. With the coming into force of the E-Commerce Guidelines, it signals an end of the tax-free ride era enjoyed by e-commerce players since the beginning of the e-commerce industry in 1997. In general, income of a person accruing in or derived from Malaysia is subject to income tax in Malaysia. Where business operations are carried out in Malaysia, the income attributable to those business operations is deemed to be derived from Malaysia. Whether an income is considered to be derived from Malaysia or not is subject to the business operations test i.e. whether there are substantial business activities being carried out in Malaysia. Para 5.1 of the E-Commerce Guidelines states that a server/website by itself does not carry any meaning in determining derivation of income. Para 5.2 provides 3 examples of situations where income from e-commerce is deemed to be derived from Malaysia even though the company conducts business through a website which is hosted on a server located outside Malaysia. Para 6 examines the various permutations of e-commerce business models with varying assumptions, in each case, stating the IRB Malaysia’s position on whether or not business income is deemed to be derived from Malaysia. With the impending coming into force of the Goods and Services Tax (“GST”) Act 2014, the Royal Malaysian Customs Department, the authority tasked with administering, assessing, collecting and enforcing payment of GST, has also published a “Guide on E-Commerce” and a “Guide on Web Hosting Services” in August 2014 to assist e-commerce players and web hosting service providers in understanding the GST and its implications on their businesses. GST is a form of consumption tax i.e. it is charged on all taxable supplies of goods and services in Malaysia except those specifically exempted. GST is also charged on importation of goods and services into Malaysia. All provisions of services whether it originates in the country or imported from other countries also fall under the scope of GST. These include services provided via the internet. In Malaysia, a person who is registered under the GST Act 2014 is known as a “registered person”. A registered person is required to charge GST (“output tax”) on his taxable supply