After almost a decade of negotiations, the Regional Comprehensive Economic Partnership (RCEP) Agreement was signed on 15 November 2020 by 10 ASEAN member states, along with Australia, China, Japan, New Zealand and South Korea.
The RCEP is the largest regional free trade agreement outside the WTO, and its member states account for approximately 30% of the world’s gross domestic product (USD 26.3 trillion) and 30% of the world’s population (2.3 billion). Its overarching aim is to establish a modern, comprehensive and mutually beneficial economic partnership that brings together countries with diverse levels of development, fuels regional value chains and promotes international trade and investment.
The agreement comprises 20 chapters with specific provisions covering, amongst other things, e-commerce, trade in goods, trade in services, investment, competition and intellectual property. In this Client Alert, we summarize the key highlights of the e-commerce chapter of the RCEP Agreement.
The e-commerce chapter of the RCEP Agreement focuses on the adoption of digitalized solutions, increasing the level of trust and confidence of e-commerce users and improving cooperation between member states on the development of e-commerce.
In summary, member states commit to the following with respect to e-commerce:
- implementing initiatives which enable paperless trading and acceptance of documents submitted electronically as the legal equivalent of its paper version
- acknowledging the validity of e-signatures (though exceptions by law are permitted)
- enacting and maintaining legal frameworks for the protection of personal data and consumer protection measures for e-commerce, particularly against fraudulent and misleading practices
- regulating unsolicited commercial electronic messages (i.e. direct marketing), including enabling opt-outs, consent-based requirements and otherwise minimizing such messages
- maintaining the current practice of not imposing customs duties on electronic transmissions between member states (although taxes / fees / charges imposed in a manner consistent with the RCEP Agreement are permitted)
- building capabilities of local cybersecurity authorities, and fostering cooperation between member states in tackling such matters
- prohibiting (i) data localization requirements mandating the use or location of computing facilities onshore as a condition to conducting business within the member state, and (ii) restrictions around cross-border data transfers by electronic means required for the conduct of business; except where such requirements/restrictions are necessary to achieve legitimate public policy objectives or for the protection of essential security interests
While Malaysia’s current legal landscape is broadly aligned with the commitments above, amendments to local data privacy laws are anticipated, particularly with respect to cross-border data transfers and direct marketing which were discussed in the public consultation paper circulated by the Malaysian Personal Data Protection Department in February this year.