The Covid-19 lockdowns resulted in the rapid growth of the e-commerce industry. Using the internet to promote your business or selling things online may now be the norm. However, online businesses must be aware of the various frameworks that regulate the industry. Business owners must ensure that regulations with regards to registration, advertisements and the handling of the clients’ data, amongst others, are complied with to avoid any sanctions or penalties imposed by the relevant authorities.
This article will explore the laws and regulations surrounding the e-commerce industry in Malaysia and how they regulate online businesses and protect consumers’ interests.
What is E-commerce?
Electronic commerce, more commonly known as e-commerce, is the buying and selling of goods or services on the internet. E-commerce is often divided into four types of business models, which are:
- Business to Consumer (B2C): This is where a business sells a product or service to an individual consumer. For example, Netflix provides its consumers access to a variety of movies and shows in exchange for a subscription fee;
- Business to Business (B2B): This is where a business sells a product or service to another business. For example, Amazon.com provides other businesses with an online platform to sell their products to consumers;
- Consumer to Consumer (C2C): This is where a consumer resells a product or service to another consumer. For example, online platforms such as Carousell or eBay allow individuals to sell their used goods to other individuals; and
- Consumer to Business (C2B): This is where a consumer sells or provides their products or services to a business or organisation. For example, online influencers provide their services by advertisements and promoting businesses in exchange for payments or benefits.
Online businesses can be carried out either by an individual or a legal entity. Such legal entities have to be registered with the Companies Commission of Malaysia (“CCM”). Vendors have the option to choose what type of business entity they wish to register, such as a business, company or limited liability partnership (LLP). Each business entity has its advantages and disadvantages.
Section 5 of the Registration of Businesses Act 1956 requires all businesses to be registered with CCM. It applies to e-commerce transactions, as ‘business’ is broadly defined under Section 2 of the Registration of Businesses Act 1956 to encompass all forms of trade, commerce, craftsmanship, calling, profession, or other activity carried on for the purposes of gain, but does not include any office or employment or any charitable undertaking or any occupation specified under the Registration of Businesses Act 1956.
CCM has issued Guidelines for Registration of New Business which includes sole proprietorships or partnerships under the Registration of Businesses Act 1956. The owner or the partner must be a citizen or a permanent resident in Malaysia and 18 years and above.
Online corporate merchants operating from another country and conducting cross-border business are not required to establish a local entity in Malaysia. Please also read our article titled “How Foreign Companies can carry on Business in Malaysia”.
Regulations governing online vendors and consumers
Although e-commerce is conducted online, it is necessary for the transaction to fulfil all of the elements of a legally binding contract. There must be an offer, acceptance of the offer, consideration, and the intention to create legal relations. Section 7(1) of the Electronic Commerce Act 2006 facilitates commercial transactions through electronic means by acknowledging the formation of a valid contract formed through an electronic message. These contracts are legally valid, binding and enforceable against the contracting parties as provided under Section 7(2) of the Electronic Commerce Act 2006.
Electronic signatures that fulfil the requirements of Section 9 of the Electronic Commerce Act 2006 or the Digital Signature Act 1997 are recognised in Malaysia and ease the creation of electronic contracts. However, e-signatures are not mandatory for online transactions.
There must be compliance with the Consumer Protection Act 1999. Initially, the Consumer Protection Act 1999 did not apply to electronic transactions. However, this position was changed after the 2007 amendment to include “any trade transactions conducted through electronic means”. Accordingly, the rights of e-commerce consumers are now protected under the Consumer Protection Act 1999, including the protection against false or misleading representations, the protection against baiting of prices, and the right to gifts if advertised.
The Consumer Protection Act 1999 also guarantees that the purchased product shall be of acceptable quality, as stated under Section 32. The goods must be fit for their purpose, acceptable in appearance, free from minor defects, and safe and durable. In addition, sellers are prohibited from oppressing the consumer by entering into a sales contract that is deemed to be procedurally or substantively unfair to the consumer.
Moreover, the Consumer Protection (Electronic Trade Transactions) Regulations 2012 requires sellers to provide sufficient and correct information to the customers, as the consumers rely solely on the information provided online. Under the schedule provided under the Regulations, the information that is required to be disclosed are:
- Name of the business and the registration number (if any);
- Email address and telephone number;
- Descriptions of the main characteristics of the goods and services;
- The total price of the goods and services, including transportation costs and taxes;
- The method(s) of payment; and
- Terms and conditions and the estimated time of delivery
All content that is advertised online must adhere to the Communications and Multimedia Act 1998 and the Malaysian Communications and Multimedia Content Code (“Content Code”). Under Section 211 of the Communications and Multimedia Act 1998, any content that is indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person is prohibited.
The Content Code further sets out guidelines and procedures for responsible content creation and consumption across all digital media platforms. The Content Code is implemented and enforced by Malaysia’s Communications and Multimedia Content Forum (“Content Forum”). Part 3 of the Content Code provides various regulations regarding advertisements, such as advertisements must not include offensive or indecent content or material whereby sellers are prohibited from advertising content that may include cigarettes, tobacco, gambling, pornography and slimming products.
In recent years, the Content Forum has been actively consulting with the public and proposing amendments to the Content Code in order to keep up with the fast-changing e-commerce landscape. In September 2021, the Content Forum issued a public consultation paper titled “Revamp of the Malaysian Communications and Multimedia Content Code” which proposed certain amendments to the Content Code in which these amendments were later incorporated into the Content Code 2022 and came into effect on 30 May 2022.
The key changes include protecting the rights of persons with disabilities in content production. Any reference to disability must be expressed in neutral terms, and reasonable effort is to be made to deliver any content or information in accessible formats for persons with disabilities.
The Content Code 2022 also widens the scope of “advertisement” to include online marketplace operators and others involved in producing and transmitting advertisements, such as online influencers and content creators. In addition, an online influencer who receives payment to endorse particular products must disclose it to the public to ensure that the marketing or promotional material is not used to mislead consumers.
There are now stricter standards on advertisers’ claims with the aim to enhance accountability for claims, testimonials, and endorsements made in advertisements. All testimonials used in advertisements should be capable of substantiation and advertisers are required to hold such substantiation ready for scrutiny without delay if and when requested.
Data Protection and Privacy
One of the major concerns of e-consumers is in relation to the processing of their personal data and the importance of maintaining their privacy online. In Malaysia, the Personal Data and Protection Act 2010 governs the processing of personal data concerning commercial transactions. Personal information such as name, address, identity card number, mobile number, email address, and credit card details is commonly collected and processed online.
The collection and processing of personal data are permitted on the condition that consent is obtained from the individual subject of the personal data (“Data Subject”). This is supported by the General Principle as set out in Section 6(1) of the Personal Data and Protection Act 2010, which states that a data user (“Data User”) shall not process personal data, that is other than sensitive personal data, regarding a Data Subject unless the Data Subject has given his consent to the processing of the personal data.
The Data User must also give written notification to the Data Subject to inform, among others, that the data is being processed, the purpose for which the data is collected and further processed, the Data Subject’s right to access and alter the personal data, the class of third parties to whom the data may be disclosed to and whether it is obligatory or voluntary for the Data Subject to supply the personal data. This written notification must be given in Bahasa Malaysia, English and any other language that may be applicable to ensure the Data Subject’s understanding.
Financial Process Exchange (FPX)
E-commerce transactions often require consumers to make online payments using online platforms. The most common method is through Financial Process Exchange (FPX), an internet-based payment in which users use their bank credentials and allow for direct crediting from a user’s account into the merchant’s account. As long as the user is a member of any participating FPX bank, they may use the FPX platform without a need for registration to make payments via online access to their bank account.
E-Money and E-Wallet
Another form of online payment is the use of electronic money (“e-money”) which is stored in electronic wallets (“e-wallet”). Under the Payment Systems (Designated Payment Instruments) Order 2003, e-money is defined as a payment instrument, whether tangible or intangible, that stores funds electronically in exchange for funds paid to the issuer and can be used as a means of making payment to any person other than the issuer. It was reported that Malaysia has cumulatively recorded 1.87 billion e-money transactions amounting to RM45.2 billion from January to November 2021. Among the recognisable forms of e-wallet used in Malaysia are GrabPay, ShopeePay and Touch n Go eWallet.
E-money in Malaysia is governed under the Financial Services Act 2013. Pursuant to Section 11 of the Financial Services Act 2013, approval must be obtained by Bank Negara Malaysia (“BNM”) before issuing any designated payment instruments, which include e-money. An issuer of e-Money (“EMI”) is defined as any person that is responsible for the payment obligation and assumes the liabilities for the e-money being issued. Prior to 2005, e-money was only permitted to be issued by banks. However, this position changed after 2005 and non-banks were allowed to issue electronic money after obtaining approval from BNM.
BNM issued a Guideline on Electronic Money, which shall be adhered to by EMIs or those that are seeking approval to be an EMI. The Guideline provides for operational and specific requirements to be met or complied with by the EMIs. The Guideline’s main regulatory objective is to promote the safety and soundness of the e-money scheme, thereby strengthening users’ confidence in the usage of e-money. On 11 June 2021, BNM issued the Exposure Draft of the Policy Document on Electronic Money (“Exposure Draft”) to seek written feedback from the public on the proposals stated in the Exposure Draft. The scope of the Exposure Draft is more extensive than the Guideline and is anticipated to replace and supersede the Guideline once the finalised Policy Document comes into effect.
Online businesses in Malaysia must comply with the various different frameworks and guidelines that are applicable in relation to registration, advertisements, data protection and payment options accordingly. From a commercial perspective, it is crucial for business owners involved in e-Commerce to comply with the applicable laws to build trust among its e-consumers.
By Mira Mashor