e-Commerce 2019Contributing editor

Robert BondBristows LLP

PublisherTom [email protected]

SubscriptionsJames [email protected]

Senior business development managers Adam [email protected]

Dan [email protected]

Published by Law Business Research Ltd87 Lancaster Road London, W11 1QQ, UKTel: +44 20 3780 4147Fax: +44 20 7229 6910

© Law Business Research Ltd 2018No photocopying without a CLA licence. First published 2000Fifteenth editionISBN 978-1-78915-017-9

The information provided in this publication is general and may not apply in a specific situation. Legal advice should always be sought before taking any legal action based on the information provided. This information is not intended to create, nor does receipt of it constitute, a lawyer–client relationship. The publishers and authors accept no responsibility for any acts or omissions contained herein. The information provided was verified between June and July 2018. Be advised that this is a developing area.

Printed and distributed by Encompass Print SolutionsTel: 0844 2480 112

LawBusinessResearch

Reproduced with permission from Law Business Research Ltd This article was first published in August 2018

For further information please contact [email protected]

© Law Business Research 2018

CONTENTS

2 Getting the Deal Through – e-Commerce 2019

E-commerce, data processing and the GDPR 5Robert BondBristows LLP

Argentina 7Javier Etcheverry Boneo and Diego FernándezMarval, O’Farrell & Mairal

Brazil 13Raphael de Cunto, Pedro Paulo Barradas Barata and Beatriz Landi Laterza FigueiredoPinheiro Neto Advogados

Chile 19Claudio Magliona, Nicolás Yuraszeck and Carlos ArayaGarcía Magliona y Cía Abogados

China 25Jihong ChenZhong Lun Law Firm

France 34Bradley JosloveFranklin

India 45Hardeep Sachdeva, Sunila Awasthi and Rachit BahlAZB & Partners

Indonesia 53Fahrul S Yusuf and Mohammad K BratawijayaSSEK Legal Consultants

Japan 59Kozo Yabe and Takeshi KandaYuasa and Hara

Korea 65Kwang-Wook Lee, Keun Woo Lee and Jason Sangoh JeonYoon & Yang LLC

Malta 72Olga FinkelWH Partners

Mexico 80Carlos J Díaz SobrinoBGBG Abogados

Norway 86Christine Buer, Øivind K Foss, Eldrid Huseby, Trond Larsen, Anne-Marit Wang Sandvik and Jeppe Songe-MøllerAdvokatfirmaet Schjødt AS

Poland 93Robert Małecki and Jan WiegnerMałecki Pluta Dorywalski i Wspólnicy Spk

Portugal 100Sónia Queiróz Vaz, Duarte Abecasis, Paulo de Sá e Cunha, Paulo Costa Martins, Gonçalo Bastos Lopes and Mafalda Ferreira SantosCuatrecasa

Russia 107Ksenia Andreeva, Anastasia Dergacheva, Anastasia Kiseleva, Kseniya Lopatkina, Vasilisa Strizh and Brian ZimblerMorgan, Lewis & Bockius LLP

Spain 114Belén Arribas SánchezAndersen Tax & Legal

Switzerland 120Lukas Morscher and Stefan BürgeLenz & Staehelin

United Kingdom 129Robert BondBristows LLP

United States 140Gregg Kirchhoefer, P Daniel Bond, Ashley Eisenberg and Adine MitraniKirkland & Ellis LLP


www.gettingthedealthrough.com 3

PREFACE

Getting the Deal Through is delighted to publish the fifteenth edition of e-Commerce, which is available in print, as an e-book and online at www.gettingthedealthrough.com.

Getting the Deal Through provides international expert analysis in key areas of law, practice and regulation for corporate counsel, cross-border legal practitioners, and company directors and officers.

Throughout this edition, and following the unique Getting the Deal Through format, the same key questions are answered by leading practitioners in each of the jurisdictions featured. Our coverage this year includes new chapters on Argentina, Indonesia, Mexico, Norway and Spain.

Getting the Deal Through titles are published annually in print. Please ensure you are referring to the latest edition or to the online version at www.gettingthedealthrough.com.

Every effort has been made to cover all matters of concern to readers. However, specific legal advice should always be sought from experienced local advisers.

Getting the Deal Through gratefully acknowledges the efforts of all the contributors to this volume, who were chosen for their recognised expertise. We also extend special thanks to the contributing editor, Robert Bond of Bristows LLP, for his continued assistance with this volume.

LondonJuly 2018

Prefacee-Commerce 2019Fifteenth edition


MALTA WH Partners


MaltaOlga FinkelWH Partners

General

1 How can the government’s attitude and approach to internet issues best be described?

As a member state of the European Union, Malta has enacted legis-lation that aims to be technology-neutral, compliant with EU legisla-tion and harmonised with other member states’ regimes and broadly seeks to attract business and investment and foster competition in the market. Moreover, Malta’s government is leading the e-government initiative, increasingly making more government services accessible to Maltese citizens via electronic channels, including by means of elec-tronic ID available to every adult citizen. The current government is continuing the work previously done in this sphere to promote e-com-merce, digital services and investment in ICT.

Legislation

2 What legislation governs business on the internet?Unless a specific legislative instrument excludes the use of the inter-net or amends general provisions to address specific issues associated with the use of the internet, general legislation applies to transactions equally, regardless of the channel used. Thus, legislation dealing with general consumer protection and unfair consumer terms (under the Consumer Affairs Act, Chapter 378), data protection matters (through the Data Protection Act, Chapter 586), general direct and indirect taxa-tion rules, defamation and generally criminal laws apply.

In addition, there are several specific primary and subsidiary legis-lative instruments dealing with e-commerce, including:• the Electronic Commerce Act (the e-Commerce Act) dealing with

validity of electronic evidence, electronic contracts, liability of information society service providers and electronic signatures;

• Regulation (EU) No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market (the eIDAS Regulation);

• the Electronic Communications Networks and Services (General) Regulations 2011, which, among other things, address data protec-tion issues arising out of the use of electronic communications net-works and services;

• the Tax Credit (Electronic Commerce) Rules, granting tax credits in certain circumstances for qualifying expenditures relating to the development of e-commerce systems;

• the Distance Selling (Retail Financial Services) Regulations, addressing specific issues of distance selling of financial services;

• the Remote Gaming Regulations, dealing with the provision of gambling services over the internet, which are being replaced by the new Gaming Act;

• the Criminal Code and in particular the sections dealing with com-puter misuse and related offences;

• the Public Procurement Regulations, where public procurement by electronic means is involved; and

• the Copyright Act implementing EU law on copyright and digital rights.

Regulatory bodies

3 Which regulatory bodies are responsible for the regulation of e-commerce, data protection and internet access tariffs and charges?

The Malta Communications Authority (MCA) is designated as the com-petent authority under both the E-Commerce Act and the Electronic Commerce (General) Regulations. Moreover, electronic communica-tions networks and services also fall under the authority of the MCA, thereby granting it the responsibility to monitor the competitiveness of the market and regulate, where appropriate, internet access tariffs and charges in accordance with the requirements of the EU electronic communications regulatory framework as transposed in Malta by the Electronic Communications Regulation Act and subsidiary legislation.

The Malta Competition and Consumer Affairs Authority also plays an important role with respect to consumer protection in the electronic communications sector.

The Information and Data Protection Commissioner provides regulatory oversight with respect to data protection and privacy.

Finally, the Malta Information Technology Agency is the entity responsible for the Maltese government’s e-services.

Jurisdiction

4 What tests or rules are applied by the courts to determine the jurisdiction for internet-related transactions or disputes in cases where the defendant is resident or provides goods or services from outside the jurisdiction?

The rules relevant for the determination of jurisdiction for inter-net-related transactions or disputes mainly emanate from private international law, and particularly from the Brussels I and Rome II Regulations, although national jurisdictional rules established in the Code of Organisation and Civil Procedure (Chapter 12) must also be considered, in particular with regard to disputes involving a party not domiciled within the European Union.

Under Maltese law, the parties to a contract are free to choose the law and forum applicable to the contract, provided that this does not circumvent the mandatory rules that cannot be derogated from.

Within the EU, the rules established in Regulation (EU) No. 1215/2012 (the Brussels Regulation Recast, which came into force in January 2015 and replaced the previous Regulation (EC) No. 44/2001, known as ‘Brussels I’) apply to disputes in civil and commer-cial matters, including disputes arising from e-commerce transactions. In the case of a generic business-to-business transaction, the funda-mental principle is that, unless the parties agreed differently, a plaintiff should follow the defendant and institute an action at the forum of the defendant. In the case of business-to-consumer contracts, however, the consumer generally has the right to sue the seller established in another member state in the country where the consumer is resident.

Transactions or disputes involving parties not domiciled in a member state of the EU are generally governed by the law provided in the relevant terms and conditions.

With respect to non-contractual obligations and disputes aris-ing in civil and commercial matters, the main rule under Regulation 864/2007/EC (the Rome II Regulation) is that jurisdiction will be founded where the damage occurs or is likely to occur. One should note, however, that this does not apply to, inter alia, non-contractual


WH Partners MALTA


obligations arising out of violations of privacy and rights relating to personality, including defamation. In these cases, national jurisdic-tional rules apply.

While the principal rules are established as stated above, in reality it is important to analyse the facts of the case in order to establish the correct rules of jurisdiction.

Contracting on the internet

5 Is it possible to form and conclude contracts electronically? If so, how are contracts formed on the internet? Explain whether ‘click wrap’ contracts are enforceable, and if so, what requirements need to be met.

The E-Commerce Act clearly allows contracts to be formed and con-cluded electronically. Article 9(2) of the Act establishes that any offer, acceptance of an offer and any related communication, including any subsequent amendment, cancellation or revocation of the offer and acceptance of the contract may, unless otherwise agreed by the parties to the contract, be communicated electronically.

Article 10 then establishes that unless otherwise agreed by the parties which are not consumers, where the recipient of the service places an order through technological means, an electronic contract is concluded when, after the order is placed, the recipient of the service receives from the service provider acknowledgement of receipt of the order. The Act, therefore, clearly establishes the moment at which the contract is deemed to be concluded to prevent disputes, particularly as it propounds that the order made by the recipient and the acknowl-edgement of receipt are deemed to have been received when the par-ties to which they are addressed are able to access them. It is important to note, however, that the contract is not considered to have been con-cluded as aforesaid with respect to contracts concluded exclusively by email or by equivalent individual communications.

Article 11 further provides that unless otherwise agreed by par-ties which are not consumers, the service provider must provide clear, comprehensive and unambiguous information as set out in the First Schedule of the Act with respect to the electronic contract and must indicate the relevant codes of conduct which such service provider subscribes to and provide information as to how those codes can be consulted electronically. Article 11 further requires that the service provider make terms and conditions, if any, which may be applicable to the contract available in a manner in which the addressee can store and reproduce them.

‘Click wrap’ contracts are generally enforceable under Maltese law, provided that the electronic contract provides the recipient of the service with all of the information required by law, and provided also that the service provider acknowledges receipt of the order.

Finally, one must also consider that consumer protection legisla-tion, such as the Consumer Affairs Act and the Distance Selling (Retail Financial Services) Regulations, also applies to electronic contracts. The requirements established in these instruments must therefore also be adhered to.

6 Are there any particular laws that govern contracting on the internet? Do these distinguish between business-to-consumer and business-to-business contracts?

Apart from the provisions relating to general contract law in the Civil Code, contracting on the internet is governed by the E-Commerce Act mentioned above. While no general formal distinction between business-to-consumer and business-to-business contracts is set out under Maltese law, certain legislative provisions apply to only one of the two categories of contracts. For instance, the consumer protec-tion legislation applies only to business-to-consumer contracts, while the E-Commerce Act establishes a number of exceptions in respect of parties which are not consumers. In certain cases, therefore, business-to-business contracts may be approached differently from business-to-consumer contracts.

7 How does the law recognise or define digital or e-signatures?Recently, the eIDAS Regulation became directly applicable and changes to the E-Commerce Act, to ensure that such Regulation was effectively implemented, were brought about by means of Act XXXV of 2016. Any inconsistent provisions in Maltese law with the Regulation were amended or deleted. The Regulation’s main aim is to create a

better harmonised framework of e-commerce laws. Therefore, any definitions provided for in the Regulation are to apply, unless provided otherwise. In light of this, the Regulation defines ‘electronic signature’ as data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. It further provides that advanced electronic signatures are elec-tronic signatures that meet the requirements set out in article 26. Such requirements include that such signature is: • uniquely linked to the signatory; • is capable of identifying the signatory; • is created using electronic signature creation data that the signa-

tory can, with a high level of confidence;• use is under his or her sole control; and • is linked to the data signed therewith in such a manner that any

subsequent change of data is detectable.

The eIDAS Regulation further establishes another type of electronic signature, the ‘qualified electronic signature’. Such a signature should have the corresponding legal effect of a handwritten signature. This third type of electronic signature is defined by the Regulation as an advanced electronic signature that is created by a qualified electronic signature creation device and is based on a qualified certificate for electronic signatures.

It must be noted, however, that unless otherwise prescribed, the provisions of the E-Commerce Act and of the eIDAS Regulation do not apply to certain activities or sectors specifically listed in the Fifth Schedule of the E-Commerce Act. These include tax, matters in rela-tion to information society services covered by any laws relating to data protection, trust, contracts creating or transferring rights over immovable property other than leasing rights and powers of attorney, among others.

8 Are there any data retention or software legacy requirements in relation to the formation of electronic contracts?

There are no general data retention or software legacy requirements in relation to the formation of electronic contracts. Nevertheless, par-ties are strongly advised to keep organised records to ensure clarity in the event of a dispute. In general, companies are required to keep documents and contracts pertaining to their business for 10 years for accounting and verification purposes.

What the E-Commerce Act does provide is that where a person is required to record information in writing, such a requirement is satis-fied if such person records the information in electronic form, which is readily accessible so as to be useable for further reference and is com-pliant with such relevant regulations. The E-Commerce Act addition-ally states that where an individual is required to retain a document in paper format or through any other substance or material, for a par-ticular period, such a requirement will be satisfied if such document is retained in electronic form, as long as at the moment of creation: • the method for creating such electronic form provided a reliable

means of assuring the maintenance of the integrity of the informa-tion contained in that document;

• it was reasonably expected that the information contained therein would be readily accessible, should the need arise to refer to it at a later stage; and

• it complies with such regulations as may be prescribed.

Similar conditions must be satisfied should there be a require-ment to retain information that was the subject of an electronic communication.

Security

9 What measures must be taken by companies or ISPs to guarantee the security of internet transactions? Is encryption mandatory?

While no general obligations exist with respect to the security of inter-net transactions as such, there are several laws that require certain providers involved in various steps of an internet transaction to keep adequate security. This requirement, for instance, applies to provid-ers of electronic communications and services (as far as security and integrity of networks are concerned), as required under the Electronic Communications Networks and Services (General) Regulations 2011.


MALTA WH Partners


Moreover, the eIDAS Regulation provides that qualified trust ser-vice providers (these provide trust services which are elaborated on in question 10) must ensure a high level of security of whatever quali-fied trust services and products they are providing by taking appropri-ate technical and organisational measures, having regard to the latest technological developments. Measures to minimise and prevent the impact of security incidents and inform stakeholders of the adverse effects of any such incidents must be implemented by trust service pro-viders. The eIDAS Regulation provides that should there be any breach of security or loss of integrity having an impact on the trust service or personal data maintained therein, the trust service provider has a duty to notify the relevant supervisory body within 24 hours of becoming aware of the breach.

The Regulation further provides that trust service providers must respect requirements found under Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the Data Protection Directive), with respect to confidentiality and security of processing. All trust service providers are expected to apply good security practice appropriate to the risks related to their activities. Qualified trust service providers must ensure that they comply with the stringent rules provided by the Regulation.

Apart from this, qualified trust service providers are given the option to use the ‘EU trust mark’, which should clearly indicate what sort of services they provide. When making use of such a mark, the qualified service provider in question must provide a link on its web-site to the particular ‘trusted list’. Such trusted list must be created, maintained and published by each member state, and should contain information on the qualified trust service providers that it is responsi-ble for and the services that they provide. In addition to this, the eIDAS Regulation provides that an audit must be carried out by an assessment body on the qualified trust service providers, at their own expense, every two years at least.

Furthermore, under the provisions of the Data Protection Act and the General Data Protection Regulation (GDPR), which are imple-mented by means of the Act, all data controllers (persons responsible for processing personal data) must ensure adequate security of data processing.

Although the implementation of encryption techniques is not mandatory, the legal obligation to maintain adequate levels of security reflects the regulatory trend in favour of increased data security tech-niques, such as anonymisation and encryption, to promote personal data protection.

10 As regards encrypted communications, can any authorities require private keys to be made available? Are certification authorities permitted? Are they regulated and are there any laws as to their liability?

Under article 355Q of the Criminal Code, the executive police may, in addition to seizing a computer, require any information that is con-tained in a computer to be delivered in a form in which it can be taken away and in which it is visible and legible. It therefore follows that they may require either private keys or the encrypted information itself to be made available.

The eIDAS Regulation introduces ‘trust services’, which are to be provided by trust service providers. A ‘trust service’ is described by the Regulation as an electronic service which can include: (i) the for-mation, validation and verification of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to such services; (ii) the verification, validation and formation of certificates for website authentication; or (iii) pres-ervation of electronic signatures, seals or certificates related to those services. Such providers are classified as qualified or non-qualified. The Regulation provides that trust service providers will be liable for intentional or negligent damage to any natural or legal person should such trust service provider fail to comply with the obligations under the Regulation, and in the case of a non-qualified trust service provider, the claimant is to prove intention or negligence on the trust service provid-er’s part. This is in contrast to that for a qualified trust service provider where intention or negligence will be presumed unless the trust service provider itself proves to the contrary. In the event that the trust service provider has informed its customers in advance of the limitations on the

use of its services, the Regulation states that the trust service provider will not be liable for damages arising from the use of services exceed-ing the indicated limitations. The Regulation provides that matters on liability are to be applied in accordance with national law. Moreover, the Regulation imposes various security requirements which trust ser-vice providers are responsible for, as described in question 9.

The law also prohibits the unauthorised usage of electronic signa-tures, signature creation devices and certificates, as provided for in arti-cle 23 of the E-Commerce Act. Further to this, the Act does not allow fraudulent use of a certificate or electronic signature or electronic seal and does not allow a person to use any form of misrepresentation for the purpose of requesting or accepting a certificate or its suspension or revocation.

Domain names

11 What procedures are in place to regulate the licensing of domain names? Is it possible to register a country-specific domain name without being a resident in the country?

The Malta Internet Foundation (NIC (Malta)) is responsible for the .mt country code top-level domain. All domain names ending with .mt must therefore be registered with NIC (Malta). Terms and conditions apply when obtaining and using a domain name. While it is possible for anyone to obtain a .mt domain name, it must be noted that NIC (Malta) reserves the right to refuse to register a domain name, and may for good cause, and in any event upon any breach by the holder of the terms and conditions, immediately revoke the domain name from registration.

12 Do domain names confer any additional rights beyond the rights that naturally vest in the domain name?

No. The mere possession or use of a domain name does not, in and of itself, confer additional rights beyond those that naturally vest in the domain name. Where, on the other hand, the domain name itself con-stitutes or reflects a trademark, trade name or other form of intellectual property, the rights attaching to that intellectual property also apply in respect of the domain name.

13 Will ownership of a trademark assist in challenging a ‘pirate’ registration of a similar domain name?

In all likelihood, the ownership of a trademark will assist in challeng-ing the registration of such a domain name. An action for trademark infringement under the relevant provisions of applicable legislation may be instituted where the domain name is used, without the consent of the proprietor, either in Malta (in the case of a national trademark) or within the EU (in the case of a Community trademark). The approach to be taken depends on whether the person uses, in the course of trade, a sign that is identical or similar to the trademark in relation to goods or services that are identical or similar to those for which it is registered and may cause likelihood of confusion on the part of the public; or whether the mark has a reputation in Malta or the Community and the use of the domain takes unfair advantage of, or is detrimental to, the distinctive character or the repute of the trademark.

Advertising

14 What rules govern advertising on the internet? Maltese law does not specifically regulate advertising on the internet. However, legislative instruments regarding consumer matters will in many cases apply to advertising on the internet. The first of these instruments is the Consumer Affairs Act, which implements EU direc-tives and contains provisions that govern the use of unfair contract terms, misleading advertising practices and comparative advertising, among others. The restrictions contained in the Tobacco (Smoking Control) Act will also apply to advertising on the internet, particularly as it is explicitly provided that ‘advertising that is not permitted in the press and other printed publications will not be permitted in informa-tion society services’.

Online advertising for online gaming or gambling services is governed by the provisions of the Remote Gaming Regulations. The restrictions contained in these Regulations are supplemented by a directive issued by the Malta Gaming Authority, which enacted a Code of Conduct on Advertising, Promotions and Inducements which applies to all Maltese-licensed gaming operators.


WH Partners MALTA


These are being replaced by the Gaming Commercial Communications Regulations which are to come into force by August 2018 as part of the legal overhaul of the gaming legislation in Malta.

In addition, the E-Commerce Act provides that general informa-tion is to be provided to the recipient of the service by the service pro-vider in a form and manner which is easily, directly and permanently accessible. Such information should consist of details such as the name, geographic address and e-mail of the service provider, as well as whether the service provider is registered in a trade or public reg-ister, among others. The service provider must indicate prices, clearly and unambiguously, and should indicate whether they include tax and delivery costs.

Moreover, article 8D of the E-Commerce Act establishes certain requirements that a service provider has to ensure with respect to any commercial communication (which is described as any form of commu-nication designed to promote the goods, services or image of an entity or person carrying out a commercial, industrial or craft activity or exercis-ing a regulated profession). Such requirements range from clearly iden-tifying the commercial communication as such to clearly identifying on whose behalf such commercial communication has been made. Further to this, such commercial communication must prominently indicate any promotional offer, promotional competition or game, and ensure that any related conditions are presented clearly and unambiguously. A ser-vice provider must further ensure that any commercial communication that it provides clearly indicates details of how users of the service can register their choice regarding unsolicited commercial communications and such details must be conspicuously displayed at every point where users of the service are asked to provide information.

15 How is online advertising defined? Could online editorial content be caught by the rules governing advertising?

The Consumer Affairs Act defines an advertisement as any form of rep-resentation – including a catalogue, a circular and a price list – about a trade, business, craft or profession in order to promote the supply or transfer of goods or services, immovable property, rights or obliga-tions. The Act does not provide a specific definition of online advertis-ing since this definition is generic enough to cover the distribution of advertisements through any channel.

16 Are there rules against misleading online advertising? The Consumer Affairs Act defines misleading practices in advertising by providing lists of misleading commercial practices and by enumerating instances of misleading statements in advertising and misleading omis-sions in articles 51C and 51D respectively. Misleading statements refer, inter alia, to the provision of false information or advertising which, tak-ing into consideration all its features and circumstances and the limita-tions of the communication medium, omits or hides, or provides in an unclear, unintelligible, ambiguous or untimely format, material infor-mation. Misleading omissions on the other hand may be determined in context, with reference to limitations of space or time imposed by the advertising medium, and taking into consideration material informa-tion needed by the average consumer to take an informed transactional decision.

The Consumer Affairs Act rules apply irrespective of the indus-try and are to be followed by all advertisers, and irrespective of the medium of distribution of the advertising material. The Director General for Consumer Affairs has the power to carry out investiga-tions on his own motion or upon a reasonable allegation in writing of a breach of the provisions of the Consumer Affairs Act.

17 Are there any products or services that may not be advertised on the internet?

The general rules apply to internet content in this respect. For instance, dissemination of material contrary to public morals is prohibited gen-erally, and therefore also on the internet. Article 208 of the Criminal Code prohibits the acquiring, keeping, putting into circulation or exporting of pornography, even if this is done for the sake of distribu-tion. It may, therefore, be argued that Maltese criminal law prohibits those subject to Maltese jurisdiction from acquiring, possessing, circu-lating or exporting pornography in any manner, including via the inter-net. Malta is a party to relevant international treaties. Another example is defamatory material: defamation is an offence, including if carried out over the internet.

18 What is the liability of content providers and parties that merely host the content, such as ISPs? Can any other parties be liable?

Advertising content providers whose material infringes the rules of the Consumer Affairs Act may be liable to the imposition of an administra-tive fine, which may range between €470 and €47,000. The Director General for Consumer Affairs is also empowered to issue compliance orders requiring persons engaging in infringing advertising practices to refrain from such activity and may include other measures such as requiring a public corrective statement.

There are no specific liability provisions foreseen in relation to advertising that may be used against hosting providers or any other parties. To this end, it must be submitted that in all cases (including for advertising content providers themselves), a party may be liable for damages arising from a successful claim for liability in tort under the applicable provisions of the Civil Code.

Financial services

19 Is the advertising or selling of financial services products to consumers or to businesses via the internet regulated, and, if so, by whom and how?

Yes. It is primarily controlled via the Distance Selling (Retail Financial Services) Regulations. These regulations, emanating from article 20B of the Malta Financial Services Authority Act, cement the Malta Financial Services Authority’s position as the competent authority in regard to financial services. The regulations establish, inter alia, infor-mation that must be provided to consumers, a right of withdrawal, a requirement for contractual terms to be provided by the supplier to the consumer in writing or another durable medium and out-of-court dis-pute settlement procedures.

Defamation

20 Are ISPs liable for content displayed on their sites?The E-Commerce Act grants protection from liability, when certain conditions are met, to intermediary service providers for information in respect of which they act as mere conduits, and for the provision of caching and hosting facilities. Information displayed on a website gen-erally falls under the ‘hosting’ safe harbour provision found in article 21 of the E-Commerce Act, which provides protection from liability for damages resulting from the storage of information provided by and stored at the request of recipients of the service, as long as the provider does not have actual knowledge of the illegality of the activity, and is not aware of facts or circumstances from which illegal activity is appar-ent, or if upon obtaining such knowledge or awareness, such provider acts expeditiously to remove or disable access to such information. The protection from liability does not apply when the recipient of the service, in providing or requesting the storage of information, is acting under the authority or control of the provider.

21 Can an ISP shut down a web page containing defamatory material without court authorisation?

The determination of this question largely depends on the meaning attributed to the terms ‘knowledge’ and ‘awareness’ under article 21 of the Maltese E-Commerce Act. Regrettably, the Act transposed the ‘hosting’ safe harbour provision almost verbatim, thereby carrying forward the ambiguity of the Electronic Commerce Directive in this regard. The absence of court pronouncements on the matter does not aid the situation. Practical experience shows that many intermediary service providers based in Malta do remove contested material hosted on a web page upon complaint and in the absence of court authorisa-tion, and this practice has thus far not been challenged by the authori-ties or before the courts.

Intellectual property

22 Can a website owner link to third-party websites without permission?

This issue largely depends on the terms and conditions stipulated by the owners of third-party websites regarding the use of the material hosted on their websites. If any such owner expressly stipulates that the use of links to his or her own website requires prior authorisation, then


MALTA WH Partners


the absence of such permission could constitute a breach of contract tacitly entered into by the ‘linking’ party upon accessing the website. Maltese law does not, however, legislate explicitly on the use of links on the internet and there is no distinction made between linking and deep-linking.

23 Can a website owner use third-party content on its website without permission from the third-party content provider? Could the potential consequences be civil in nature as well as criminal or regulatory?

Content hosted on websites may qualify for protection under copy-right law. Article 7(1)(a) of the Maltese Copyright Act provides in this respect that the direct or indirect, temporary or permanent reproduc-tion by any means and in any form, in whole or in part, of copyrighted work, is dependent on the copyright owner’s authorisation. To qualify for such protection, the work must be an artistic, audiovisual, literary or musical work or a database; must have an original character; and must be written down, recorded, fixed or otherwise reduced to material form. In the case of databases, these must, by reason of the selection or arrangement of their contents, constitute the author’s intellectual creation. Infringement of copyright, neighbouring rights or sui gen-eris rights in respect of any work will result in proceedings of a civil nature with potential consequences of payment of damages or a fine, and possibility of restitution of all the profit derived from the infringe-ment. Furthermore, it is a criminal offence if a person in the exercise of any trade or course of business or with the view to gain for himself or herself or for any other person or with the intent to cause loss to or to prejudice another person, prints, manufactures, duplicates or other-wise reproduces or sells or otherwise offers for sale or distribution any article or other thing in violation of the rights of copyright-protected under the laws of Malta.

24 Can a website owner exploit the software used for a website by licensing the software to third parties?

The determination of this question depends largely on the ownership of the software being licensed to third parties. If the website owner is the software owner, it may license the software to third parties in accord-ance with article 7 of the Maltese Copyright Act. The same does not hold for the website owner if he or she merely licenses software from a third party and the copyright belongs to that third party. In the latter case, the licensing of such software to third parties may be in violation of article 7(a), (b) and (c) of the Copyright Act.

25 Are any liabilities incurred by links to third-party websites?Maltese law does not legislate expressly on the use of links on websites. In general, every person is liable for damage suffered by another person due to the first person’s fault, so civil liability will arise if the person claiming damages shows that the damages, which are real and quanti-fied, have been suffered and that these damages have been caused by the defendant’s placing and maintaining links.

26 Is video content online regulated in the same way as TV content or is there a separate regime?

There is no separate regime for online video content and the same rules that will apply for audiovisual works under the Copyright Act will apply in the same way to video content online as any other audiovisual content, since the definition of audiovisual works does not specify the distribution channel of such work.

27 Do authorities have the power to carry out dawn raids and issue freezing injunctions in connection with IP infringement?

The police may be granted the power, through a warrant issued by a magistrate, to enter any house, premises or place in order to search for, seize and remove any goods or items by means of which, or in relation to which, an offence against the Trademarks Act has been committed.

In terms of the Enforcement of Intellectual Property Rights (Regulation) Act, the court may, even before the commencement of proceedings on the merits of the case, upon an application by a person who has filed reasonably available evidence to support his or her claim that his or her intellectual property right has been infringed or is about to be infringed, order such prompt and effective provisional measures

as it considers appropriate to preserve relevant evidence in respect of the alleged infringement, subject to the protection of confidential information. Such measures may include a detailed description, with or without the taking of samples or physical seizure of the infringing goods and, in appropriate cases, the materials and implements used in the production or distribution of the said goods and the documents relating thereto. The competent court may also, if it considers it neces-sary, order that such measures be taken without the other party having been heard, in particular where any delay is likely to cause irreparable harm to the rights holders or where the court considers that there is an evident risk of the evidence being destroyed.

28 What civil remedies are available to IP owners? Do they include search orders and freezing injunctions?

In terms of the provisions of the Enforcement of Intellectual Property Rights (Regulation) Act, an IP owner may, by application, request the court to issue a decree to prevent or forbid any imminent infringement of such intellectual property right in the context of an alleged IP right infringement on a provisional basis and subject, where appropriate, to a recurring penalty payment where provided for by law, to prevent the continuation of the alleged infringements of that right, or to make such continuation subject to the lodging of guarantees intended to ensure the compensation of the right holder. An interlocutory injunction may also be issued, under the same conditions, against an intermediary whose services are being used by a third party to infringe an intellec-tual property right, and the physical seizure or delivery up of the goods suspected of infringing an intellectual property right may further be issued.

The same Act also makes a wide range of civil remedies available to IP rights holders in articles 12 et seq. A court may order the payment of an amount of damages to an injured party, taking into account all relevant aspects, including the negative economic consequences that may have been suffered as well as unfair profits made by the infringer. This provision is also one of the few instances under Maltese law where a court awarding damages may also have regard to moral prejudice suf-fered. To best ensure that an injured IP rights holder is provided with a sufficient remedy where its rights have been infringed, the court is also allowed to apply an alternative method of calculation of damages pay-able as it considers appropriate. Other corrective measures that may be applied where the court has found a breach of an IP right include recall from circulation within all channels of commerce (whether online or physical) and destruction of seized items.

Data protection and privacy

29 How does the law in your jurisdiction define ‘personal data’? The Maltese Data Protection Act relies on the definitions of the GDPR, which defines personal data as any information relating to an identi-fied or identifiable natural person, whereby an identifiable person is one who can be identified, directly or indirectly, in particular by refer-ence to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

The GDPR also establishes a subcategory of personal data subject to more stringent regulation – special categories of personal data. In this regard, ‘special categories of personal data’ are personal data that reveal race or ethnic origin, political opinions, religious or philosophi-cal beliefs, membership of a trade union, processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning health or sex life or sexual orientation. Special cat-egories of personal data may only be processed if the data subject has given explicit consent to such processing or has made the data public. Furthermore, special categories of personal data may be processed if appropriate safeguards are adopted and the processing is necessary in order for the controller to be able to comply with its duties or exercise its rights under any law regulating the conditions of employment, if the vital interest of the data subject or of some other person will be able to be protected and the data subject is physically or legally incapable of providing consent, or if legal claims will be able to be established, exercised or defended

Anonymised or pseudonymised data cannot identify a natural per-son; therefore, such data is not considered as personal data and is not subject to the Data Protection Act.


WH Partners MALTA


30 Do parties involved in the processing of personal data, such as website owners, have to register with any regulator to process personal data?

The Maltese Data Protection Act relies on the definition of the GDPR, which defines ‘controller’ as a person (natural or legal), public author-ity, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

A website provider, as a controller of personal data pertaining to its website users, must ensure under the GDPR that, inter alia, personal data is not processed for any purpose that is incompatible with that for which the information is collected. Thus, if personal data is origi-nally collected for a particular purpose not including sale of data, the provider cannot subsequently sell such personal data without the data subject’s consent.

The GDPR requires that a data protection officer be appointed if an entity’s main activities entail regular and systematic monitoring of data subjects on a large scale or if special categories of personal data, such as data in relation to religious beliefs or racial or ethnic origin, are processed.

31 Could data protection laws and regulatory powers apply to organisations or individuals resident outside of the jurisdiction?

The GDPR applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the European Union, regardless of whether the processing takes place in the European Union or not. The GDPR also apply to the processing of personal data of data subjects who are in the European Union by a con-troller or processor not established in the European Union, where the processing activities are related to the offering foods or services, irre-spective of whether a payment of the data subject is required to such data subjects in the European Union or the monitoring of their behav-iour as far as their behaviour takes place within the European Union. The GDPR applies to the processing of personal data by a controller not established in the EU, but in a place where member state law applies by virtue of public international law.

32 Is personal data processed on the basis of customer consent or other grounds? What is the commonly adopted mechanism for obtaining customer consent or establishing the other grounds for processing?

Personal data may be processed only if:• the data subject has unambiguously given his or her consent; • processing is necessary for the performance of a contract to which

the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

• processing is necessary for compliance with a legal obligation to which the controller is subject;

• processing is necessary in order to protect the vital interests of the data subject;

• processing is necessary for the performance of an activity that is carried out in the public interest or in the exercise of official author-ity vested in the controller or in a third party to which the data is disclosed; or

• processing is necessary for a purpose that concerns a legitimate interest of the controller or of such a third party to which personal data is provided, except where such interest is overridden by the interest to protect the fundamental rights and freedoms of the data subject and in particular the right to privacy.

Opt-in is generally the commonly adopted mechanism for obtaining customer consent; however, when certain processing is necessary in accordance with the principles above, consent is not required, but this is more the exception than the rule.

33 May a party involved in the processing of personal data, such as a website provider, sell personal data to third parties, such as personal data about website users?

Transfers of personal data are considered as processing of personal data, which therefore require either the consent of the data subject for the personal data to be transferred or that the transfer is necessary in accordance with one of the grounds mentioned above. As long as

the processing is done in accordance with the criteria for processing, a transfer can take the form of either an outright transfer or a limited licence. In the event that the buyer is subject to Maltese law, the buyer will be required to continue processing the personal data in accordance with the provisions of the Data Protection Act and the GDPR. It is, how-ever, common that the buyer is an operator located outside of Malta in which case it will be subject to the data protection legislation of the jurisdiction in which the buyer is located.

34 If a website owner is intending to profile its customer base to carry out targeted advertising on its website or other websites visited by its customers, is this regulated in your jurisdiction?

Generally, personal data may not be processed for purposes concern-ing direct marketing if the data subject gives notice to the controller of personal data that he or she is opposed to such processing. However, in relation to internet or electronic services, direct marketing (by means of email or SMS) and profiling may only be done with the explicit con-sent of the data subject (except for advertising of additional services offered by the provider itself to its current customers). In this regard, it must be noted that Regulation 9 of the Processing of Personal Data (Electronic Communications Sector) Regulations provides that pub-licly available electronic communications services cannot be used or allowed to be used to make unsolicited communications for the pur-pose of direct marketing.

The requirement for explicit consent for the use of cookies became enforceable under Maltese law by means of Legal Notice 239 of 2011. Maltese law therefore establishes an opt-in approach to the use of cook-ies, in line with EU law. The recitals of the relevant directive provide that users may give their consent by any appropriate method enabling a freely given, specific and informed indication of their wishes. Provided it is technically feasible and effective, in accordance with the relevant data protection legislation, consent could, for instance, be inferred from the user’s browser settings.

So far, no specific laws have been enacted or judgments adopted on profiling in Malta.

35 Does your jurisdiction have data breach notification or other cybersecurity laws specific to e-commerce?

In accordance with the GDPR, in the case of a personal data breach, the controller should without undue delay and, where feasible, not later than 72 hours after becoming aware of it, notify the personal data breach to the supervisory authority competent in accordance with arti-cle 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Sectoral data protection rules under the Processing of Personal Data (Electronic Communications Sector) Regulations further provide that in the event of personal data breaches, the providers of publicly available electronic communications services must notify the Data Protection Commissioner of the breach without undue delay. The data subject is to be notified where the personal data breach is likely to adversely affect the personal data or privacy of the individual. However, the personal subject need not be notified if the controller can demonstrate to the Data Protection Commissioner that adequate protective measures have been applied to the data in such a way that it is rendered unintelligible to the unauthorised person who has gained access to the data.

Currently, there are no specific statutes governing cybersecu-rity relating to e-commerce per se. Nevertheless, the Criminal Code (Chapter 9 of the Laws of Malta) contains a sub-title entitled ‘Of Computer Misuse’ which provides that should a person unlawfully access or misuse information as well as misuse hardware, it will be liable for a criminal offence.

In addition to this, in view of the GDPR, Malta will have to ensure that data controllers notify the supervisory authority within 24 hours of becoming aware of a data breach.

In 2016, the government of Malta launched a Cyber Security Strategy (the Strategy). One of the Strategy’s aims is to review the exist-ing legislation and come up with legal and regulatory frameworks to achieve the Strategy’s goals, such as securing cyberspace and combat-ing cybercrime.


MALTA WH Partners


36 Does your jurisdiction recognise or regulate the ‘right to be forgotten’?

The provisions of the GDPR provide for the right to erasure and this is applicable in Malta.

37 What regulations and guidance are there for email and other distance marketing?

The Processing of Personal Data (Electronic Communications Sector) Regulations provide that there has to be prior consent in writing by the subscriber or user for unsolicited marketing through electronic com-munications. Nevertheless, an advertiser may use the contact details obtained in relation to the sale of a product or service to market its own similar products or services. In this respect, the customer should always be given the opportunity to object, free of charge and in an easy and sim-ple manner, to such use of electronic contact details at the time of their collection and on the occasion of each message where the customer has not initially refused such use.

The E-Commerce Act contains provisions on commercial commu-nications and establishes certain requirements that must be adhered to in relation to such communications, examples of which are mentioned in question 14.

38 What rights and remedies do individuals have in relation to the processing of their personal data? Are these rights limited to citizens or do they extend to foreign individuals?

The data subject, who could be either a citizen of Malta or a foreign national, has the right to be informed, unless the data subject already has it, of the identity and habitual residence or principal place of busi-ness of the controller and any other person authorised by it in that regard, if any, the purpose of processing for which the data is intended, and any further information relating to recipients or categories of recipi-ents of the data, whether the reply to any questions made to the data subject is obligatory or voluntary, as well as the possible consequences of failure to reply, and the existence of the other rights pertaining to a data subject, primarily the right to access (ie, the right to request the controller information as to what personal data is held by the control-ler), the right to rectify (ie, the right to ask for the data to be updated if the data is not up to date) and the right to erase the data concerning him or her. Data subjects are also given the right to restriction of processing and the right to data portability.

Taxation

39 Is the sale of online products subject to taxation? Where income generated through the sale of online products is subject to tax in Malta, the applicable rate for individuals is determined on a progressive scale, whereas the standard corporate tax rate where this income is generated by a company is 35 per cent. In the latter case, how-ever, the shareholders of the company are entitled to claim a refund of six-sevenths of the 35 per cent Maltese tax originally paid by the com-pany upon receipt of dividend, effectively meaning that the shareholder receives a refund of 30 per cent of the tax originally paid.

As far as VAT is concerned, it is necessary to distinguish between the supply of goods and the supply of services. The standard rate of VAT in Malta is 18 per cent.

The supply of online goods is generally subject to VAT in Malta if the supply is a domestic supply and if the goods are transported by the sup-plier from Malta or made available for the customer in Malta (transport organised by the customer). Different treatment will apply if the cus-tomer is a business and receiving the goods in another member state.

As of 1 January 2015, Malta adopted the new VAT regime with respect to the supply of electronically supplied services to consumers. In terms of this new regime, electronically supplied services such as down-loadable software or books and games are subject to VAT in the country of consumption. B2B supplies of electronically supplied services are also subject to VAT in the member state of consumption. No VAT is due on electronically supplied services provided to customers outside the EU.

The Tax Credit (Electronic Commerce) Rules allow any small or medium-sized enterprise carrying on a trade, business, profession or vocation which enters into or intends to enter into a project for the acquisition of tangible or intangible assets consisting of computer hard-ware or software or website development services for or in connection with the development of e-commerce systems that enable the sale of

tangible goods or services through business transactions processed over publicly accessible electronic networks to apply for a tax credit in accordance with the rules. The granting of such a tax credit will depend on the enterprise’s adherence to the requirements set out in the rules and on the Malta Enterprise Corporation’s approval.

40 What tax liabilities ensue from placing servers outside operators’ home jurisdictions? Does the placing of servers within a jurisdiction by a company incorporated outside the jurisdiction expose that company to local taxes?

A company incorporated abroad may be subject to tax in Malta if it operates through a permanent establishment in Malta. Malta generally follows the principles and commentaries emanating from the OECD Model Tax Convention. A server may accordingly be considered to establish a permanent establishment in Malta if it meets the require-ment of creating a fixed place of business from which the foreign com-pany operates.

A Maltese company operating through servers located in another jurisdiction may likewise be subject to tax in that other jurisdiction, if the servers will be considered as creating a permanent establishment in that jurisdiction. The Maltese company will still be subject to tax in Malta on its worldwide income.

Naturally, one would need to consider the applicable double tax treaty and the interpretation given in the particular jurisdiction. Tax relief in the country of residence may generally be granted in the terms of the double tax treaty applicable or other form of tax relief. Malta offers, in addition to treaty relief, further forms of double tax relief, such as the flat rate foreign tax credit and unilateral relief.

41 When and where should companies register for VAT or other sales taxes? How are domestic internet sales taxed?

The VAT Act requires a supplier to register with the Director General (Tax) within 30 days of the date on which the goods or services are sup-plied. Companies may also have an obligation to register for VAT in Malta if VAT is due in Malta in terms of the Place of Supply Rules via the reverse charge mechanism. In domestic internet sales, the supplier should add Maltese VAT (18 per cent) to its invoices and pass this col-lected VAT to the VAT Department in Malta by submitting VAT returns, normally every three months.

42 If an offshore company is used to supply goods over the internet, how will returns be treated for tax purposes? What transfer-pricing problems might arise from customers returning goods to an onshore retail outlet of an offshore company set up to supply the goods?

Generally, a claim for refund of VAT and any applicable duty may be granted if the product is re-exported. If the goods are returned to an outlet of the offshore company and a refund is paid to the customer, the local outlet cannot claim a VAT refund unless the product is exported.

Gambling

43 Is it permissible to operate an online betting or gaming business from the jurisdiction?

Yes, provided the operator either obtains a licence from the Malta Gaming Authority in accordance with the provisions of the relevant gaming legislation, or is in possession of an equivalent authorisation from the government or competent authority of an EEA member state, or of any other jurisdiction approved by the authority.

44 Are residents permitted to use online casinos and betting websites? Is any regulatory consent or age, credit or other verification required?

Yes, provided, once again, that the operator either obtains a licence from the Malta Gaming Authority in accordance with the provisions of the Remote Gaming Regulations, or is in possession of an equivalent authorisation of the government or competent authority of an EEA member state, or of any other jurisdiction approved by the authority.

The Remote Gaming Regulations established a number of criteria that operators must satisfy to obtain a licence and provide lawful remote gaming services, including anti-money laundering, player protection and business integrity requirements. These requirements have also


WH Partners MALTA


been adopted in the legislative overhaul which will result in the coming into force of the new Gaming Act in August 2018.

With respect to the protection of players, the legislation requires a prospective player to register an account with a licensee, which must at least include the player’s identity, place of residence and communica-tion contact, and that the player is at least 18 years of age. Licensees are also required to verify the player’s identity, age and place of residence prior to making a payment to such player in excess of €2,329.37 and in line with anti-money laundering legislation.

Outsourcing

45 What are the key legal and tax issues relevant in considering the provision of services on an outsourced basis?

It is good practice to have explicit and precise provisions in an out-sourcing agreement covering at least the following matters: • the scope of services to be provided; • the applicable service levels, such as time frames for fixing errors

of different levels of urgency or criticality, uptime and response times for customer service;

• the price and its inclusions and exclusions;• the responsibilities of the service provider and remedies (rebates,

service credits, pre-liquidated damages) in case of failure to per-form under the agreement;

• the client’s responsibilities (providing information and access to systems, if necessary, responding to queries);

• intellectual property ownership (software, data);• exit or termination actions (change of control, notice period, hand-

over of data); and• choice of law and dispute resolution.

46 What are the rights of employees who previously carried out services that have been outsourced? Is there any right to consultation or compensation? Do the rules apply to all employees within the jurisdiction?

The Maltese Employment and Industrial Relations Act provides that when a business or other undertaking is taken over from an employer, an employee in employment on the date of transfer of the undertak-ing will be deemed to be in the employment of the transferee and the transferee will take on all rights and obligations that the transferor has towards the employee. These include the obligation on the part of the transferee to observe the terms and conditions of any collective agreement until the date of termination or expiry of such collective agreement or the entry into force or application of another collective agreement; they also include employees’ rights to old age, invalidity or survivors’ benefits under supplementary company pension schemes outside the provisions of the Social Security Act.

Moreover, the transferor and the transferee are obliged to inform the affected employees or their representatives, by means of a written statement to be delivered at least 15 days before the transfer is car-ried out or before the employees are directly affected by the transfer,

whichever is earlier, about the proposed or actual date of the transfer, the reasons for such transfer, the legal, economic and social implica-tions of the transfer for the employees and the measures envisaged in relation to them.

Non-compliance with the above-mentioned duties constitutes an offence under Maltese law. However, no right to compensation or con-sultation emanates from Maltese law.

Online publishing

47 When would a website provider be liable for mistakes in information that it provides online? Can it avoid liability?

The determination of this question depends on whether the website provider is merely hosting the information containing such mistakes, or whether it is also responsible for the content of such information. In the latter case, it is considered that the publisher and the rules applica-ble to publishers under the Press Act will apply. Potential liability may result in the case of defamation or where a mistake causes damage. Generally, online publishers are advised to include terms and condi-tions limiting their liability for mistakes on the website.

48 If a website provider includes databases on its site, can it stop other people from using or reproducing data from those databases?

Databases are eligible for protection under the Copyright Act. Pursuant to the requirements of the Database Directive (Directive 96/9/EC), databases may be protected in a number of ways.

First, a database that by reason of the selection and arrangement of its contents constitutes the author’s own intellectual creation is eli-gible for copyright protection as a whole. Moreover, the Copyright Act also provides for a sui generis database right, such that a database that involves a substantial investment in either the obtaining, verification or presentation of the contents of that database is protected by a database right of lesser duration than copyright.

It must be noted that both copyright and the sui generis right do not extend to the contents of the database, although if the requirements of the law are satisfied, such contents may be protected in their own right (for instance, as a literary work).

Copyright grants the holder the exclusive right to authorise or pro-hibit how the protected material in its totality or substantial part thereof is used in Malta, either in its original form or in any form recognisably derived from the original of, inter alia, the direct or indirect, temporary or permanent reproduction, rental and lending, distribution, transla-tion, broadcasting and performance of the work.

On the other hand, the database right grants the holder the right to authorise or prohibit acts of extraction or reuse of its contents, in whole or in substantial part, evaluated qualitatively or quantitatively.

The Copyright Act establishes exceptions and limitations in respect of both categories of protection. A website’s terms and conditions will normally state the allowed and prohibited uses of the database.

Olga Finkel [email protected]

Level 5, Quantum House75 Abate Rigord StreetTa’ Xbiex, XBX 1120Malta

Tel: +356 2092 5100Fax: +356 2092 5902www.whpartners.eu


2019G

ET

TIN

G T

HE

DE

AL T

HR

OU

GH

e-Com

merce

Acquisition Finance Advertising & Marketing AgribusinessAir Transport Anti-Corruption Regulation Anti-Money Laundering AppealsArbitration Art LawAsset RecoveryAutomotiveAviation Finance & Leasing Aviation Liability Banking Regulation Cartel Regulation Class ActionsCloud Computing Commercial ContractsCompetition ComplianceComplex Commercial LitigationConstruction Copyright Corporate Governance Corporate Immigration Corporate ReorganisationsCybersecurityData Protection & PrivacyDebt Capital MarketsDispute ResolutionDistribution & AgencyDomains & Domain Names Dominance e-CommerceElectricity RegulationEnergy Disputes

Enforcement of Foreign Judgments Environment & Climate RegulationEquity DerivativesExecutive Compensation & Employee BenefitsFinancial Services ComplianceFinancial Services LitigationFintechForeign Investment Review Franchise Fund ManagementGamingGas Regulation Government InvestigationsGovernment RelationsHealthcare Enforcement & LitigationHigh-Yield DebtInitial Public OfferingsInsurance & Reinsurance Insurance LitigationIntellectual Property & Antitrust Investment Treaty Arbitration Islamic Finance & Markets Joint VenturesLabour & EmploymentLegal Privilege & Professional SecrecyLicensing Life Sciences Loans & Secured FinancingMediation Merger Control MiningOil Regulation Outsourcing Patents Pensions & Retirement Plans

Pharmaceutical Antitrust Ports & TerminalsPrivate Antitrust LitigationPrivate Banking & Wealth Management Private Client Private Equity Private M&AProduct Liability Product Recall Project Finance Public M&APublic-Private Partnerships Public Procurement Real Estate Real Estate M&ARenewable EnergyRestructuring & Insolvency Right of Publicity Risk & Compliance ManagementSecurities Finance Securities LitigationShareholder Activism & EngagementShip FinanceShipbuilding Shipping State Aid Structured Finance & SecuritisationTax Controversy Tax on Inbound Investment Telecoms & Media Trade & Customs Trademarks Transfer PricingVertical Agreements

ISBN 978-1-78915-017-9

Getting the Deal Through

Also available digitally

Onlinewww.gettingthedealthrough.com


e-Commerce - WH Partners

Documents

Transcript of e-Commerce - WH Partners