ICT & Data Protection

General Overview

Fiji does not have specific internet laws unique to the country. Instead, it follows broader legal frameworks that govern online activities, such as the Constitution of Fiji and various legislation related to telecommunications, information technology, and cybercrime as follows:

Constitution of Fiji

The Fijian Constitution guarantees certain fundamental rights, including the right to freedom of expression and access to information. However, these rights may be subject to restrictions imposed by law, such as to protect national security, public order, or public morality.

Telecommunications Act 2008

Fiji has enacted several acts to regulate telecommunications and internet service providers. These acts include provisions related to licensing, spectrum allocation, competition, consumer protection, and the powers and duties of regulatory bodies like the Telecommunications Authority of Fiji (TAF).

Crimes Act 2009

This Act addressed various criminal offences, including those committed using computer systems or the internet. The legislation covered offences such as unauthorised access to computer systems, unauthorised modification of data, to cause impairment, unauthorised impairment of electronic communication, unauthorised modification or access of restricted data, unauthorised impairment of data held on a computer disk, possession or control of data with intent to commit a computer offence, producing, supplying or obtaining data with intent to commit a computer offence under sections 336-346 of the Act. However, these are now repealed, and such offences are now covered under the Cybercrime Act 2021.

Cybercrime Act 2021

Section 5-14 of the Cybercrime Act 2021 deal with offences like unauthorised access to computer systems, unauthorised interception of computer data or computer systems, unauthorised acts in relation to computer data or computer systems, unlawful supply or possession of computer system or other device, or computer data or computer program, computer related forgery, computer related extortion and fraud, Identity theft, theft of telecommunication services. These offences and their penalties are discussed under our Criminal Law product.

Electronic Transactions Act 2008

This Act provides legal recognition and validity to electronic transactions and digital signatures. It establishes the framework for conducting business and other transactions electronically in Fiji.

Data Protection

Fiji does not currently have comprehensive data protection legislation. However, certain provisions within other laws, such as the Constitution of Fiji, Telecommunications Act 2008 and Cybercrime Act 2021, touch on data protection and privacy aspects.

Consumer Protection

Fiji has consumer protection laws that apply to online transactions and e-commerce activities, aimed at safeguarding consumer rights and addressing issues such as fraud, misrepresentation, and unfair trade practices. Fijian Competition and Consumer Commission Act 2010 regulates consumer related practices in Fiji.

Also, the Consumer Council of Fiji is an independent statutory body established under the Consumer Council of Fiji Act 1976 that protects the rights and interest of consumer by overseeing and promoting a fair and just delivery of goods and service.

Content Restrictions

Defamation: the Defamation Act 1971 has provisions that protect individuals from false statements that harm their reputation. Publishing or disseminating defamatory content may lead to legal consequences.

Hate speech: while Fiji does not have specific hate speech laws, the Constitution of Fiji prohibits the incitement of violence, discrimination, or hostility on the grounds of race, religion, ethnicity, gender, or other protected characteristics.

Obscenity and pornography: Fiji has laws that regulate the distribution or production of obscene materials or pornography. The definition of what is considered obscene can vary based on cultural and legal contexts. Such acts are a criminal offence under section 377 of the Crimes Act 2009. Under Section 377, a person commits an offence related to obscene publications if they:

Make, produce, or possess any obscene writings, drawings, prints, paintings, pictures, posters, emblems, photographs, films, or any objects that tend to corrupt morals for trade, distribution, or public exhibition.
import, export, or facilitate the import/export of any such obscene materials.
Circulate or put into circulation any such obscene materials.
Run a business involving these materials, deal in them, distribute them, exhibit them publicly, or lend them as part of a business.
Advertise or promote the circulation or sale of such materials or indicate how or from whom they can be obtained.
Publicly exhibit any indecent show or performance, or any show or performance tending to corrupt morals.

Penalty: up to 5 years imprisonment, a fine of $4,000, or both.

Cybercrime: the Cybercrime Act 2021 covers offences related to computer systems and online activities. Certain activities, such as hacking, unauthorised access to computer systems, and may be subject to legal consequences which are covered under our Criminal Law product.

National security: content that poses a threat to national security, including the dissemination of classified or sensitive information, may be subject to restrictions.

Copyright infringement: intellectual property laws in Fiji protect the rights of creators and copyright holders. Unauthorized use, reproduction, distribution, or sharing of copyrighted material may be subject to legal action. Copyright Act 1999 outlines provision for copyright protection and infringement which are covered under our Intellectual Property product.

Online Privacy

Online privacy is regulated under section 24 and 25 of the Online Safety Act 2018 by the Online Safety Commission. The offences are:

Section 24 – Causing Harm by Posting Electronic Communication

A person commits this offence if they:

Post an electronic communication with the intention to harm someone
Post an electronic communication that would likely harm a reasonable person in the same situation
Post an electronic communication that causes actual harm to the person

Penalties:

Individuals: Fine up to $20,000, imprisonment up to 5 years, or both
Corporations: Fine up to $100,000
Directors/Managers/Officers: Fine up to $50,000, imprisonment up to 7 years, or both

In determining whether posting an electronic communication would cause harm, the Court may take into account the following factors:

Severity of language, images, or videos
Age and characteristics of the victim
Anonymity of the communication
Repetition of the communication
Spread of the communication
Truthfulness of the content
Context of the communication

Section 25 – Posting an Intimate Visual Recording

A person commits this offence if they post or threaten to post an intimate visual recording of an individual.

Penalties:

Individuals: Fine up to $20,000, imprisonment up to 5 years, or both
Corporations: Fine up to $100,000
Directors/Managers/Officers: Fine up to $50,000, imprisonment up to 7 years, or both

Exceptions:

The offence does not apply if the subject of the recording consents to the specific post. Consent must be voluntary, expressed, informed, and does not include consent from a child.

The Fijian Constitution also provides certain privacy rights, including the right to privacy of communications and personal information.

Organisations and businesses in Fiji are expected to handle personal data responsibly and ensure appropriate safeguards are in place to protect individuals’ privacy. The most important legal requirement in Fiji is to seek consent of individuals before collecting and storing their personal information.

Collecting Personal Data

Personal data can be collected in Fiji, but it should be done in accordance with the law and with the consent of the individuals concerned.

The Information Act 2018 aims to regulate the collection, use, and disclosure of personal data by public offices in Fiji. However, this Act had not commenced at the time this information was prepared.

Storing Personal Data

Organisations that collect and store personal data in Fiji are expected to ensure the security and confidentiality of the data. While Fiji does not have specific data localisation requirements, organisations should still take appropriate measures to protect personal data regardless of where it is stored.

Data Processing and Repurposing

Personal data should be processed in accordance with the law and for legitimate purposes. Repurposing personal data for purposes beyond the original intention may require additional consent or compliance with applicable laws.

Transferring Data

The transfer of personal data outside of Fiji is not specifically regulated at present. Organisations should take appropriate measures to ensure that the transfer of personal data complies with applicable privacy laws and safeguards the rights and interests of individuals. Businesses dealing with European Union countries are also expected to comply with the General Data Protection Regulations (GDPR).

Sanctions

The Cybercrime Act 2021 covers offences related to unauthorised access, computer-related fraud, and other cybercrimes. Penalties may be imposed for such offences. The offences and the penalties are discussed further under the commercial crime and criminal law products.

Analytics and Cookies

Fiji does not have specific regulations governing analytics or the use of cookies. However, organisations should still handle analytics and cookies in accordance with privacy best practices and obtain appropriate consent when necessary.

Social Listening

Social listening, the practice of monitoring social media platforms for insights, is regulated by the Online Safety Commission of Fiji under the Online Safety Act 2018.

Compliance, online sales, and domains are also important considerations within the context of internet law in Fiji. Here’s an overview of these topics:

Compliance

Organisations and individuals operating online in Fiji are expected to comply with applicable laws and regulations, including those related to data protection, consumer protection, intellectual property, and cybercrime. Compliance requirements may vary depending on the nature of the business, the industry sector, and the specific activities being conducted online.

Online Sales

Online sales in Fiji are subject to general consumer protection laws and regulations. Businesses engaged in online sales should provide accurate and transparent information about products or services, pricing, delivery, and return policies. It is important to ensure that online transactions are secure and that customers’ personal and financial information is protected.

Domains

Domain registration and management in Fiji is overseen by the University of the South Pacific (USP). Individuals and organisations can register .fj domain names for websites operating in Fiji. Domain name registration may involve specific requirements and fees as determined by USP.

Electronic Transacting

Electronic transacting in Fiji involves conducting various business and commercial activities electronically, including the formation of contracts and the use of electronic signatures.

General Overview and Trends

Fiji recognises the importance of electronic transacting and has taken steps to facilitate and regulate such activities. The adoption of electronic transactions has been growing, driven by advancements in technology and the increasing use of digital platforms and communication channels. The Fijian government has been working to promote e-commerce and encourage businesses to embrace electronic transactions to enhance efficiency and convenience.

Legal Framework

Electronic transactions in Fiji are primarily governed by the Electronic Transactions Act 2008. The Act provides legal recognition and validity to electronic records and signatures, and it facilitates the use of electronic means in various types of transactions.

The Act also sets out provisions related to the formation and validity of electronic contracts, the use of electronic signatures, and the admissibility of electronic records in legal proceedings.

Trends and Practices

Many businesses in Fiji have adopted electronic transacting practices, including online sales, electronic payment systems, and digital communication channels for business transactions.

Government agencies and institutions have increasingly embraced electronic means for issuing licenses, permits, and conducting administrative processes.

E-commerce platforms and online marketplaces have gained popularity, enabling businesses and consumers to engage in electronic transactions.

Electronic Contracts

In Fiji, electronic contracts are generally recognised and enforceable under the Electronic Transactions Act. Contracts formed electronically are treated similarly to traditional paper-based contracts, as long as the essential elements of contract formation are present (offer, acceptance, consideration, etc.). It’s important to ensure that parties’ intentions are clearly expressed and that all necessary terms and conditions are included in the electronic contract.

Contract Formation

Contract formation in electronic transactions follows similar principles as traditional contracts, including the requirement of offer and acceptance. Parties must have a mutual agreement and the intention to create a legally binding relationship. The Electronic Transactions Act 2008 allows for the use of electronic communications to fulfill the requirements of offer and acceptance.

E-Signatures

Electronic signatures have legal recognition and validity in Fiji under the Electronic Transactions Act 2008. An electronic signature can be in various forms, such as a scanned image, a digital signature, or a typed name. The Act provides that an electronic signature will not be denied legal effect solely because it is in electronic form.

Jurisdiction and Governing Law

Parties engaging in electronic transacting should consider jurisdiction and governing law provisions to determine the applicable legal framework and dispute resolution mechanisms. It is common practice to include jurisdiction and choice of law clauses in electronic contracts to specify the courts or laws that will govern disputes.

Data Protection

There is no specific legislation for personal data protection in Fiji. Clause 24 of the Constitution provides the right to personal privacy, including the right to confidentiality of personal information.

Some sector-specific laws criminalise (or expose to other serious action) the unauthorised disclosure by others of personal / client information as follows:

Banking Act 1995 – by central bank personnel (s.27) and licensed financial institution personnel (s.71)
Fiji Revenue and Customs Service Act 1998 – by tax officials (s.52 (2))
Medical and Dental Practitioner Act 2010 – by statutory administrators of any data obtained in the course of their duties (s.126)
Under the Rules of Professional Conduct and Practice (para 1.4) of the Legal Practitioners Act 2009 – information received by legal practitioners from or on behalf of clients
Cybercrime Act 2021 defines ‘computer data’ which is broad enough to capture personal data if it stored in a computer system.

These laws, however, do not directly protect personal information.

In addition, there are sectoral laws regulating electronic transactions, cybercrime, and consumer protection. In particular, obligations for telecommunication service providers regarding customer data confidentiality and consent requirements are outlined under the Telecommunications Act 2008. Additionally, the Online Safety Act 2018 came into effect in January 2019, which aims to, among other things, deter misuse of personal information online.

Furthermore, the Parliament of the Republic of Fiji passed, on 12 February 2021, the National Payment System Act 2021. The Act commenced on 30 September 2022. In particular, the Act aims to empower the Reserve Bank of Fiji to develop and implement a national payment system framework to regulate payment service providers operating wholly or partially in Fiji. More specifically, the Act seeks to promote the stability, safety, efficiency, and competitiveness of the financial system, while also ensuring the effective protection of the users of payment services.

To this end, the Act requires payment service providers to apply for a licence with the Reserve Bank and to fulfil a number of obligations, such as establishing internal rules of governance and only disclosing personal information under strict conditions. Furthermore, it also provides for the establishment of a National Payment System Council that will advise the Reserve Bank on the regulation, oversight, and supervision of the payment system, including operational and technical standards. Notably, the Reserve Bank is authorised to, among other things, issue directives, approve outsourcing of functions, require participants to retain all records for at least seven years via electronic means, and take administrative action in case of non-compliance.

Publication of Information

Freedom of Expression

Freedom of expression is recognised and protected as a fundamental right in Fiji under the Bill of Rights. It allows individuals to express their opinions and ideas without interference, subject to certain limitations for the protection of public order, morality, and the rights of others.

Legal Framework

The Constitution of Fiji guarantees the right to freedom of expression. Additionally, the Media Industry Development Act 2010 provided regulations and guidelines for media and online platforms, respectively, with respect to the publication of information. However, the MIDA Act was repealed by the newly elected Fijian Government in April 2023.

Trends and Practices

Fiji has been working towards enhancing freedom of expression and promoting a vibrant media landscape. The country aims to strike a balance between freedom of expression and the need to prevent the dissemination of false information, hate speech, and incitement to violence. Media outlets, both traditional and digital, play a crucial role in informing the public and facilitating public discourse.

Importance and Limitations

Freedom of expression is crucial for a democratic society, allowing individuals to express their opinions, criticise the government, and participate in public debate. However, there are limitations to protect public order, national security, public health, and the rights and reputations of others. Balancing these interests is important to ensure responsible and ethical journalism.

Defamation

The Defamation Act 1971 protect the reputation and rights of individuals from false statements that harm their reputation. Defamation can be in the form of spoken (slander) or written (libel) communication.

Sanctions

If a person or entity is found guilty of defamation, they may face civil liability, including the payment of damages to the affected party. It’s important to note that specific sanctions and remedies may vary depending on the circumstances and the legal framework.

Marketing and Advertising

Legal Framework

Marketing and advertising activities in Fiji are governed by various laws and regulations, including the Consumer Council of Fiji Act 1976 and Fijian Competition and Consumer Commission Act 2010.

Trends and Practices

Fiji has been focusing on promoting fair and ethical marketing and advertising practices to protect consumers and ensure fair competition. There is an increasing emphasis on transparency, accurate information disclosure, and responsible advertising, especially concerning health claims and consumer protection.

Scope

The legal framework applies to marketing and advertising activities across various sectors and industries in Fiji. It covers both traditional and electronic forms of marketing and advertising.

Electronic Marketing

Electronic marketing, including email marketing and SMS marketing, is subject to the same legal framework as other forms of marketing and advertising. Organisations are required to comply with privacy laws, such as obtaining consent for sending electronic communications and providing an option for recipients to unsubscribe.

Sanctions

Non-compliance with marketing and advertising regulations may result in penalties, fines, or other enforcement actions as determined by the relevant regulatory authorities. The specific sanctions and remedies depend on the nature and severity of the violation.

Cybersecurity and Interception of Information

Fiji has been working towards enhancing cybersecurity practices to protect against cyber threats and ensure the security of information and communication technologies. While specific cybersecurity regulations exist, it’s important to note that the legal framework in Fiji covers a range of laws and regulations that address different aspects of cybersecurity and interception of information.

Legal Framework

The legal framework for cybersecurity and interception of information in Fiji includes various laws, such as:

Cybercrime Act 2021: some of the key changes introduced in this Act include expanded definitions of cybercrime offences, increased penalties for cybercrime offences and enhanced provisions for law enforcement agencies to investigate and prosecute cybercrime cases.
Electronic Transactions Act 2008: this Act provides legal recognition and validity to electronic transactions and electronic records. It also includes provisions related to the security and integrity of electronic communications.
Telecommunications Act 2008: this Act regulates the telecommunications sector in Fiji and includes provisions related to the interception of communications and lawful interception requirements.

Trends and Practices

Fiji is committed to improving cybersecurity practices to protect critical infrastructure, government systems, and personal data. The country is likely to follow global trends in cybersecurity, including implementing stronger security measures, enhancing incident response capabilities, promoting cybersecurity awareness, and fostering public-private partnerships to combat cyber threats.

Scope

The legal framework in Fiji applies to a wide range of cybersecurity-related activities, including the protection of computer systems, data, networks, and electronic communications. It covers both public and private sector entities, as well as individuals, depending on their involvement in cyber-related activities.

Reporting Requirements

There may be reporting requirements for cybersecurity incidents or breaches in Fiji. Organisations may be obligated to report incidents to regulatory authorities or designated agencies responsible for cybersecurity. Specific reporting requirements and procedures may vary depending on the nature and severity of the incident, as well as the sector involved.

State Access

Fiji’s legal framework may allow the government or law enforcement agencies to access and intercept information under certain circumstances, such as for national security purposes, the investigation of serious crimes, or as authorised by law.

Cybercrime

The Cybercrime Act 2021 deals with offences like:

Unauthorised access to computer systems – section 5 of the Cybercrime Act 2021

Maximum Penalty: in the case of an individual, a fine not exceeding $10,000 or imprisonment for a term not exceeding 5 years or both. In the case of a body corporate, a fine not exceeding $50,000.

Unauthorised interception of computer data or computer systems – section 6 of the Cybercrime Act

Maximum Penalty: in the case of an individual, a fine not exceeding $50,000 or imprisonment for a term not exceeding 10 years or both and in the case of a body corporate, a fine not exceeding $100,000.

Unauthorised acts in relation to computer data or computer systems – section 7 of the Cybercrime Act

Unlawful supply or possession of computer system or other device, or computer data or computer program – section 8 of the Cybercrime Act

Computer related forgery – section 9 of the Cybercrime Act

Maximum Penalty: in the case of an individual, a fine not exceeding $10,000 or imprisonment for a term not exceeding 5 years or both and in the case of a body corporate, a fine not exceeding $50,000.

Computer related extortion and fraud – section 10 of the Cybercrime Act

Identity theft – section 11 of the Cybercrime Act

Theft of telecommunication services – section 12 of the Cybercrime Act

Disclosure during an investigation – section 13 of the Cybercrime Act

Failure to provide assistance – section 14 of the Cybercrime Act

Maximum Penalty: in the case of an individual, a fine not exceeding $5,000 or imprisonment for a term not exceeding 2 years or both and in the case of a body corporate, a fine not exceeding $50,000.

Need more information? Contact Lex Connect Legal at https://www.lexconnectfiji.com/lexconnect-legal/

ICT & Data Protection