eCommerce Regulations Updates

One of the fastest-growing economies in Southeast Asia, Malaysia emerges as the 33rd biggest eCommerce market. Malaysia has a projected revenue of 10.19 billion USD in 2023.

The eCommerce market saw a surge in the past few years due to an increase in the number of active Internet users, high mobile phone penetration, the 2020 pandemic, and government initiatives such as the National eCommerce Strategic Roadmap (NeSR) and the Digital Free Trade Zone.

As the eCommerce industry grows, regulatory bodies and laws are necessary to ensure accountability and customer protection. eCommerce Regulations and laws are especially vital in Malaysia, where cyber-attacks and threats are high.

Let us look into the legal framework for eCommerce in Malaysia.

Overview of existing laws and regulations

Personal Data Protection Act (PDPA)

The Personal Data Protection Act 2010 sets out principles for data protection. It requires businesses to obtain consent for data processing, ensure data accuracy, and protect data from unauthorized access or disclosure. eCommerce businesses that collect and process data must comply with PDPA to safeguard privacy.

Consumer Protection Act

The Consumer Protection Act 1999 protects consumers’ rights and interests. eCommerce businesses must adhere to these eCommerce regulations to ensure that they provide accurate product information, handle complaints effectively, and offer fair terms and conditions to consumers.

Government agencies overseeing eCommerce

Malaysian Communications and Multimedia Commission (MCMC)

MCMC regulates online content, ensures cybersecurity, and manages telecommunications and internet services issues.

Ministry of Domestic Trade and Consumer Affairs

The Ministry of Domestic Trade and Consumer Affairs regulates domestic commerce and consumer protection. It also addresses issues related to online scams, product quality, and pricing.

Impact of COVID-19 on eCommerce regulations

With the onset of the pandemic, physical stores were temporarily closed, increasing the market for eCommerce. As eCommerce flourished during the pandemic, cybersecurity and data privacy regulations improved to help protect consumers’ personal data.

The government also introduced incentives to help small and medium businesses expand or transition to eCommerce operations. In June 2020, they brought in the “Go eCommerce” campaign. They dedicated MYR140 million to drive eCommerce among small merchants and widen their reach.

Registration and Licensing for eCommerce Businesses

In Malaysia, eCommerce businesses register with the Companies Commission of Malaysia (SSM) if they operate as a company. To register, follow these steps:

• Choose the business structure. It can be a sole proprietorship, partnership, limited liability partnership (LLP), or a private limited company (Sendirian Berhad or Sdn Bhd).
• Choose a unique business name that resonates with your brand identity.
• Prepare the necessary registration documents.
• Pay the registration fees, which vary according to the business structure.
• Provide a registered office address in Malaysia.
• Provide details of the company’s directors and shareholders.

Licenses and permits vary according to each business product or service. However, some common licenses and permits include:

• Trade licenses: Specific trade licenses from relevant authorities such as the Ministry of Domestic Trade and Consumer Affairs or the Ministry of Health.
• Specialized permits: Specialized permits and approvals from the relevant ministries or agencies for regulated products (pharmaceuticals, cosmetics, food, etc.).

Cross-border eCommerce requires permits for import and export, including necessary permits and licenses for international trade. Also ensure that your online payment processing methods comply with the guidelines set by financial authorities, such as Bank Negara Malaysia.

Note that local and international eCommerce companies operating in Malaysia may encounter some differences in their registration and compliance requirements.

• International companies may be required to establish a local presence or appoint a local agent to comply with the registration process.
• International eCommerce companies may have more complex customs and import/export requirements when shipping goods across borders, including customs duties and documentation.
• When it comes to payment processing, international companies may have additional considerations related to currency conversion and international payment gateways.

Payment Gateway Regulations

Secure payment options are crucial in eCommerce. In Malaysia, there are several local and international payment gateway providers. Some of the notable ones include iPay88, Billplz, MOLPay, eGHL, and PayPal.

While there are robust cybersecurity efforts, Malaysia faces a lot of challenges when it comes to cyber-attacks and threats. Therefore, strict security and data protection measures are in effect:

• PCI DSS Compliance: Payment gateway providers must comply with the Payment Card Industry Data Security Standard (PCI DSS) to safeguard cardholder data, which involves maintaining secure payment processing environments and regular security assessments.
• Encryption: Payment gateways use encryption protocols to secure the transmission of payment data between customers, merchants, and financial institutions.
• Tokenization: Tokenization replaces sensitive payment information with unique tokens, enhancing security by reducing the exposure of cardholder data.
• Two-Factor Authentication (2FA): Many payment gateways implement 2FA to add an extra layer of security for customers during transactions.
• Data Privacy Laws: Payment gateway providers must also comply with Malaysia’s Personal Data Protection Act 2010 (PDPA) to protect the privacy of customer information.
• Fraud Detection and Prevention: Robust fraud detection systems are in place to identify and prevent fraudulent transactions.

Recent Developments in Online Payment Methods

Technological advancements and changing consumer preferences lead to continuously evolving online payment methods.

• Digital Wallets: Digital wallet usage, including e-wallets like GrabPay, Touch ‘n Go eWallet, and Boost, has grown significantly. These wallets offer convenience and cashless payment options.
• QR Code Payments: QR code-based payments are widely accepted in Malaysia, allowing customers to make payments by scanning QR codes at physical stores or during online transactions.
• Contactless Payments: Contactless payment methods, including Near Field Communication (NFC) and contactless cards, are gaining popularity, especially in the context of the COVID-19 pandemic.
• Cryptocurrency: Some eCommerce businesses in Malaysia are beginning to accept cryptocurrencies as a form of payment, though regulatory considerations are essential.
• Open Banking: The adoption of open banking APIs leads to more innovative payment solutions and services.
• Instant Fund Transfers: Services like DuitNow allow for real-time fund transfers between banks, enhancing the speed and convenience of online payments.

Intellectual Property and Copyright Issues

Intellectual property (IP) refers to the creations of the mind, which includes inventions, designs, or trademarks. By protecting intellectual property, you are safeguarding your brand, products, and content.

Trademark Registration: Register trademarks for your brand and products to prevent others from using similar names or logos.

Copyright Protection: Ensure that your website content, images, videos, and other creative works are protected by copyright. Consider using copyright notices and watermarks.

Patents and Designs: If your eCommerce business involves unique inventions or designs, consider patent and design registration to protect your innovations.

Trade Secrets: Safeguard confidential business information and trade secrets to prevent unauthorized access and use.

Contracts and Agreements: Use contracts and agreements, such as non-disclosure agreements (NDAs) and licensing agreements, to outline terms and conditions regarding the use of your IP by employees, partners, or suppliers.

Domain Names: Register domain names that correspond to your brand to prevent cybersquatting and domain name disputes.

eCommerce and Taxation

The various tax implications in Malaysia include:

Goods and Services Tax (GST) or Sales and Services Tax (SST): While GST applies to most goods and services, SST focuses on specific industries and products.

Income Tax: eCommerce businesses are subject to income tax on their profits which depends on the business structure and income levels.

Withholding Tax: If your eCommerce business engages in cross-border transactions with non-resident suppliers or service providers, you may be required to withhold tax on payments made to them.

Import and Export Duties: If you conduct cross-border eCommerce, you may need to pay import duties on goods brought into Malaysia or comply with export duties on products shipped internationally.

GST vs. SST: Understanding the Changes:

Malaysia transitioned from the Goods and Services Tax (GST) to the Sales and Services Tax (SST) system in 2018.

GST:

• Applies to a broader range of goods and services.
• Has a standard GST rate.
• Involves the issue of tax invoices for transactions.

SST:

• Focuses on specific industries and goods, with various SST rates.
• Invoices are not typically required for all transactions.

Data Privacy and Security

Data privacy and security are two of the biggest concerns in eCommerce. Apart from the Personal Data Protection Act, the General Data Protection Regulation also applies to Malaysia.

The General Data Protection Regulation (GDPR) is a European Union regulation that has an indirect impact on Malaysian eCommerce businesses if your business processes data of EU residents. You must comply with GDPR requirements when transferring data internationally.

To safeguard personal data, follow these practices:

• Maintain a proper privacy policy.
• Use secure payment gateways to process customer payments.
• Employ encryption protocols, such as SSL/TLS, to secure data.
• Restrict access to customer data to authorized personnel only.
• Conduct regular security audits and vulnerability assessments.
• Collect only the necessary data and avoid retaining customer data longer than necessary.
• Obtain consent from customers before collecting and processing their data.
• Train employees on data security and privacy best practices.
• Develop a detailed plan that outlines how to respond to data breaches and security incidents.
• Establish data retention policies and procedures to delete customer data that is no longer needed.

Data breaches can occur at any time. It is imperative to take certain steps to prevent it.

• Encrypt sensitive customer data during storage and transmission.
• Implement access controls to limit who can access customer data.
• Regularly update software and systems to address vulnerabilities.
• Conduct regular security audits and assessments.

Customer Rights and Dispute Resolution

In Malaysia, consumers have certain rights when engaging in online transactions, which are protected under various laws, including the Consumer Protection Act 1999.

• Right to Information: Consumers have the right to clear and accurate information about the products or services they are purchasing.
• Right to Refund and Return: Consumers have the right to request refunds or returns for products that are defective, not as described, or do not meet quality standards.
• Data Privacy: Consumers’ personal data must be handled in compliance with Malaysia’s Personal Data Protection Act 2010 (PDPA). This includes obtaining consent for data processing and protecting personal information.
• Protection Against Unfair Practices: Consumers are protected against unfair practices, such as misleading advertising, false claims, and deceptive sales tactics.
• Dispute Resolution: Consumers have the right to seek dispute resolution through relevant authorities or alternative dispute resolution mechanisms.

Dispute resolution can take place through mediation and arbitration.

Mediation is a voluntary and confidential process in which a neutral third party (the mediator) helps the parties involved in a dispute reach a mutually acceptable agreement.

Arbitration is a more formal process in which an impartial arbitrator or panel makes a binding decision on a dispute.

Some eCommerce platforms offer Online Dispute Resolution mechanisms to facilitate the resolution of disputes between buyers and sellers through an online platform.

 

Frequently Asked Questions (FAQs)

 

1. What tax obligations do eCommerce businesses in Malaysia have?

eCommerce businesses in Malaysia have several tax obligations to consider, including goods and services tax (GST) or sales and services tax (SST), income tax, withholding tax, and import and export duties.

2. How can I protect my intellectual property in online sales?

To protect your intellectual property (IP) in online sales, consider the following measures:

• Register trademarks for your brand and products.
• Ensure your online content is copyrighted and display copyright notices.
• Employ contracts and licensing agreements to define terms for IP use.
• Consult with an IP attorney to address any infringements or disputes effectively.

3. What should I do if my eCommerce business faces a data breach?

If your eCommerce business experiences a data breach, take these steps:

• Contain the Breach
• Notify Affected Parties
• Conduct Thorough Investigation
• Mitigate Damage
• Comply with Regulations

4. What are the consumer rights when shopping online in Malaysia?

Key consumer rights include:

• Right to Information: Consumers have the right to clear and accurate product information, pricing, and terms and conditions.
• Right to Withdrawal: There is usually a cooling-off period during which consumers can return goods or cancel services without penalty.
• Right to Refund: Consumers have the right to a refund if products are defective or not as described.
• Data Privacy: Consumers’ personal data should be handled in compliance with the Personal Data Protection Act 2010 (PDPA).
• Complaint Resolution: Consumers have the right to seek resolution for disputes and complaints through consumer protection authorities.

Conclusion

eCommerce is a flourishing industry, especially in Malaysia. If you are looking to start an eCommerce business, staying updated with the ecommerce regulations and laws is important.

It is vital to consider that technology and consumer preferences are always evolving. Therefore, laws and eCommerce regulations can also change over time. Keep yourself updated through official government sources and customs authorities to adapt appropriately and stay ahead of the competition.

Ready to elevate your eCommerce game in Malaysia? Explore the dynamic landscape with Estrrado. Stay compliant, stay competitive. Dive into our comprehensive guide on navigating eCommerce regulations and updates. Unleash your business potential today!