In light of the recent technological developments in the field of communication based on the exchange of information through modern communication networks, the Kuwaiti national assembly recently issued Law No. 20 of 2014 (Regarding Electronic Transactions) (the “ET Law”). The ET Law became effective upon the issuance of its Executive Regulations – Ministerial Resolution No. 48 of 2014 on 4 January 2015 (the “ET Bylaws”). Article 2 of the ET Law provides for the scope of its application which includes electronic records, messages, information, documents and signatures related to civil, commercial and administrative transactions and to any disputes arising from or in connection with their use, unless the parties agreed otherwise, or another law applies. Article 2 goes on to specifically exclude the following from the scope of application of the ET Law:
- transactions and issues related to personal status, endowment, and wills;
- real estate title deeds and the resulting original or consequential real rights;
- promissory notes and negotiable bills of exchange; and
- any event that the law requires to be expressed in a written document or to be documented or the making of which is subject to a specific provision of another law.
Furthermore, the ET Law specifically provides that no one is required to accept to transact by electronic means. One of the key concepts of the ET Law is the recognition of the validity of the hardcopy of an electronic document or record as evidence before Kuwaiti courts. This is provided such hardcopy matches its original version and as long as the electronic document or record exists on the relevant electronic medium. In order for the validity of an electronic document to be recognised before court, the document should fulfill the followings:
(a) The electronic document or record should be saved the way it was created, sent or received, or in any other way that can be used to prove the accuracy of data contained therein upon creation, sending or receiving.
(b) The data contained in the electronic document or record should be maintainable and storable so as to be retrieved at any time.
(c) The data contained in the electronic document or record should identify the creator or sender, date and time of sending or receiving the same.
(d) The document or record should be saved in an electronic format pursuant to the conditions and rules set by the competent authority to which supervision of this activity is subject.
Furthermore, in order for an electronic document to be binding on an addressee, said addressee should be able to print, store and keep the same. Under Article 19 of the ET Law, a signature shall be deemed a protected electronic signature if it meets the following conditions:
(i) The possibility of identifying the signatory.
(ii) Exclusively linking the signature with the signatory himself.
(iii) The implementation of the signature using a safe signature tool under the exclusive control of the signatory himself at the time of signing.
(iv) The possibility of detecting any change in the data associated with the protected signature or in the relationship between the date and the signatory.
(v) Compliance with the technical requirements set forth in the ET Bylaws.
Of interest, is Chapter Six of the ET Law which provides that transfer of money through electronic means will now be considered acceptable for payment. Also of particular significance, is the introduction of a concept akin to what is known in other jurisdictions as data privacy. More specifically, government authorities, public entities or agencies, companies and non-governmental entities or authorities will not be able to access, disclose or publish any “personal data” or information kept or documented on electronic data processing systems related a person or persons job, social biography, health condition, financial status or other personal information kept by or filed with any entity or authority listed in the law. This restriction is extended to its employees who by virtue of their job or position may have access to such information, unless and until such use and disclosure is permitted or consented to by the owner of such data or information, or his / her legal representative, or where the same is authorized by a court order. This is of significance given the fact that prior to the enactment of the ET Law, save for general concepts of Kuwaiti law, there were no specific laws or regulations in Kuwait regulating the collection or the protection of personal data / information. The ET Law further imposes responsibilities on entities that collect personal data. More specifically the, ET Law provides that such entities may not disclose any personal data or information kept or documented on electronic data processing systems related to a person without the approval of the person to whom the data relates. Additionally, entities that collect such information are required to inform the owner of the purpose for which the data is being collected. Furthermore, upon obtaining the consent of the relevant person whose data will be collected and may be shared with a third parties, the entities collecting the data must ensure that the data (a) is only used for the purpose for which it has been collected, (b) is correct and updated regularly and (c) is sufficiently protected from loss or disclosure. It is unclear at this stage whether the “personal data” referred to in the ET Law is that relating to individuals only or also extend to corporate entities. Further, the territoriality scope of these provisions is not expressly provided for and one may consider that same applies to any entity carrying on business in Kuwait. However, it is still too early, to express an opinion as to how the ET Law will be interpreted and enforced by Kuwaiti authorities and courts.