Is Law No. 81 Threatening Your Information Security?

With more than 76.1 percent of Lebanese people actively using the internet today, one can only imagine the amount of data and intelligence behind this figure. Your  employment, financial, and personal histories, all those Instagram selfies with your ex, all those check-ins at the airport and the hidden album of your most shameless photos (which I applaud you for) might actually be accessible by your government officials – and you don’t have a say in it. 

Fourteen years after having been pulled into the mainstream  in the global financial realm, a new law on electronic transactions and personal data was adopted by the Lebanese parliament in 2018. The main goal of this legislation is to expand the scope of e-commerce in order to benefit various economic sectors while codifying necessary rules and regulations regarding electronic transactions. 

The efforts invested in creating a structural legal approach when it comes to electronic businesses were necessary in Lebanon, where cyber-based models are gaining prominence as an important foundation for many successful businesses. Of course, in order to ensure the sustainability of such businesses, the data and metadata produced over electronic platforms needed  to be managed and safeguarded. Enter Law No. 81, which is one of the very few legal documents in the Lebanese judicial system that governs commercial electronic transactions. 

Not only does the law facilitate mechanisms for electronic transactions, but it also provides mechanisms for safeguarding information and the legality of accessing secure data… or does it?

Information Sharing Under Law No. 81

Lebanese courthouse (Annahar)

When it comes to information sharing, Law No. 81 grants the executive branch of government a quasi-monopoly over collecting, storing, modifying, using and even publishing this data. The concentration of such power in one branch of government decreases the legitimacy of the law in general by weakening the notions of checks and balances and increasing the risk of exploitation and blackmail along with various other protection concerns. The Ministry of Economy is given the right to share information with vague clauses on what conditions allow it to do so. 

The Ministry of Interior and the Ministry of Defense are trusted with the power to use any data pertaining to internal or external security concerns once the proper judicial order is granted. This raises the question about what qualifies as an internal or external security concern? 

The unfortunate truth is that such a definition is open  to interpretation by the above-mentioned ministries. So, to answer your question: Yes, your Sunday night texts pondering whether to watch a drag show to celebrate pride month might be deemed a matter of national security. 

Furthermore, the law outlines “judicial proceedings of various kinds” as a legitimate reason for the Minister of Justice to license the access to various forms of online information. The Ministry of Health, similarly, is granted authority over information pertaining to the health, genetic identity and even sexual life of individuals. The cherry on top of this sundae of surveillance is the fact that the usage of this information can be done without notifying concerned subject or taking their oral or written consent.

This skewed power dynamic is enshrined in the implementation of Law No. 81, rather than the  codification of the law. On paper, there are several reasons for jurists to perceive this type of legislation as an advancement for the economic and security situation in Lebanon. 

To better understand the legal intricacies of Law No. 81, Beirut Today sat with Talal Jaber, who holds a Ph.D  in International Business Law and has authored five legal book that have served as primary references for Lebanese national courts.

In a chronological recap, Jaber provided that the pretext of this law has existed in Lebanese courts for a while. Lebanon wanted to develop applicable laws that relate to the commercial field, especially since e-commerce became one of the pillars of local businesses after Lebanon gained access to the World Trade Organization (WTO). 

The development of this law started with the help of French precedents and the use of French expertise with reference to the General Data Protection Regulation (GDPR) of the European Union. Controversy surrounded the implementation of this law due to the existing political gaps between the March 14 and March 8 coalitions, whereby two competing bills aiming at similar laws were pitted against each other in parliament –and ended up in the drawer for 14 years. 

Jaber believes that, as a jurist, one of the most important provisions of this legislation is the introduction of “The Electronic Document” that clears out a lot of contention over evidence and truth. The law paves the way for electronic documents to be legitimized as pieces of evidence that can be admitted in court. Such practices were put into action in various courts but were always in the form of jurisprudence as opposed to their new status as a national codified robust law. 

The Safeguarding of Information

Another important part of the law, according to Jaber, is the safeguarding of information. “Law No. 81 is a special law that complements the law of civil procedure and the code of commerce,” he said.

This means that it includes topic-specific provisions serving as a narrower reference for jurists when it comes to e-commerce. The legal expert continues to explain that sanctioning any breaches in managing information is doable given the wide array of legal references that can impose a three-year sentence on perpetrators for a misdemeanor. 

 The necessary legal measures to be taken in the case of a breach –that are not provided by Law No. 81– are hallowed in the provisions of international treaties; they gain priority as  reference over national laws that might be more vague when it comes to the field of e-commerce, for example.

When asked about the ethical recommendations that must accompany the law, Jaber stressed on the fact that, despite the success of the codification of Law No. 81, the implementation process persists as an impediment. 

“With the lack of technical expertise and in-depth knowledge on the subject matter, judges and jurists will find it challenging to put the provisions of the law into action,” he stated. Jaber highlighted the necessity of rolling out a capacity building strategy that ensures the proper implementation of Law No. 81.

When asked about the steps to be taken in case of personal infringement on electronic data, Jaber simply replied by saying, “Safeguard it yourself instead of relying on the system.” His belief is based on his conviction that an ethical approach is not only vital for the codification of a law, but also in its implementation and dissemination. 

The challenge of finding innovative frameworks that capture adequate legislative, economic and ethical concerns persists more strongly than ever nowadays. The rise of the value of information and data as elements of international and national security is forcing governments to codify laws that govern a virtual world where the stakes are higher than ever. 

In an effort to protect ourselves from a security breach, we need to become more aware of our digital presence and how it relates to the legal nature of our community, our country and even our region.