Electronic Transactions Act, Parliamentary Legislation, Chapter 88, Revised Edition 2011, Dec 31, 2011 (originally Jul 10, 1998) (An Act to provide for the security and use of electronic transactions, to implement the United Nations Convention on the Use of Electronic Communications in International Contracts adopted by the General Assembly of the United Nations on 23rd November 2005)

Document type
Section 26 in Part IV of the Electronic Transactions Act, which was modeled after Art 1 s 5 of the German Federal Law to Regulate Conditions for Information and Communication Services 1997, provides that a “network service provider” shall not be subject to any civil or criminal liability in respect of “third-party material” in the form of electronic records to which it “merely” “provides access." This exemption of liability is extended to cover liabilities in respect of data protection obligations with respect to third party material under the Personal Data Protection Act 2012. However this exemption does not extend to cover any obligations founded on contract, under a licensing or regulatory regime, laws or court orders to remove, block or deny access to material and copyright infringement. Of the key terms in this provision, only the terms ”third-party” (a person over whom the provider has no effective control) and “provides access” (the provision of the necessary technical means by which third-party material may be accessed and includes the automatic and temporary storage of the third-party material for the purpose of providing access) have been defined. Presumably, the term “network service provider” is to be given an expansive interpretation. To date, there have been no decided cases on this provision (previously section 10 of the Electronic Transactions Act 1998, Revised Edition 1998). But the breadth of this exemption is limited by the term “merely." As the Explanatory Statement to the 2010 Bill explains, “The protection under the clause will not apply if the provider does something more than merely providing access to the third-party material.” So the exemption from liability will apply to Internet Service Providers (“ISPs”), hosting and cloud storage providers who provide access and storage services. But the broad exemption will not extend beyond that. Thus network service providers that aggregate or process their users’ personal information, or process the personal information of other service providers would not be regarded as “merely providing access” and would have to observe their data processing obligations under the Personal Data Protection Act 2012.
Topic, claim, or defense
Privacy or Data Protection
Document type
Issuing entity
Legislative Branch
Type of service provider
Host (Including Social Networks)
Web Host (Technical Hosting)
Internet Access Provider (Including Mobile)
Type of law
General effect on immunity
Strengthens Immunity