A REPORT by the United Nations has found that Fiji’s cybersecurity laws are lacking in most areas of online activity monitoring and security.
The Gap Analysis of Cyber Laws in Pacific Small Island Developing States technical and statistical report was compiled by the UN Conference on Trade and Development (UNCTD).
Launched last month, the report examines the state of cyber laws across 15 countries in the Pacific, including Timor-Leste, and provides recommendations to strengthen the ability of governments to effectively prepare, implement and enforce policies, laws and regulations for online activities.
According to UNCTD regional program manager Chad Morris, they found that many countries in the region, including Fiji, have developed or are in the process of developing e-commerce strategies and policies that address consumer protection, data privacy, intellectual property rights and competitions.
“The report highlights that cybercrime, cybersecurity, e-transactions and e-signatures are among the areas with the most comprehensive legislative coverage,” Mr Morris said.
“In these fields, many jurisdictions have established laws and regulations to manage the complexities of the digital environment effectively.
“However, progress has been slower in other areas, such as domain names, e-payments and digital identity. Data protection and privacy laws remain particularly underdeveloped, with no comprehensive legislation currently in place, although some countries are working on drafting laws.”
In Fiji’s case, the report found that the legal system is a blend of common law with customary laws “rooted in indigenous Fijian traditions”.
“The draft Fiji National Digital Strategy outlines a comprehensive roadmap for the country and proposes a holistic approach involving all sectors of government and society to ensure inclusive transformation.”
E-transactions/e-signatures
The use of e-transactions is becoming increasingly common in Fiji through the use of online banking, mobile banking, debit and credit cards, mobile wallets like M-PAiSA, and Electronic Funds Transfer at Point Sale (EFTPOS) for transactions.
With it comes potential risks of fraud, cybersecurity threats and potential financial losses.
Mr Morris said the report identified that Fiji, Kiribati, Papua New Guinea, Samoa, Timor-Leste and Vanuatu have adopted e-transaction laws based on the UN Commission on International Trade Law (UNCITRAL) models.
“Additional, Fiji, Kiribati, Papua New Guinea and Timor-Leste have implemented e-signature provisions following UNICITRAL guidelines.
“For example, in Fiji the Electronic Transactions Act 2008, and subsequent amendments in 2016 and 2017, brought national legislation in line with the UN Convention on the Use of Electronic Communications in International Contracts (2005).”
In the report, Fiji’s Electronic Transactions Act is said to provide comprehensive regulation for matters such as the validity of electronic transactions, time and place of dispatch and receipt, attribution, invitations to make offers in writing requirements and electronic evidence.
“E-signatures are regulated under section 14 of the Electronics Transactions Act, which adopts a technology-neutral approach.
“This allows the use of e-signatures without prescribing detailed requirements for a valid signature.”
For e-signatures, these are mostly used for providing signatures on digital transactions, and here in Fiji, customers use them while signing documents at government offices and/or large institutions and companies.
In other places, traditional wet ink signatures still apply while signing documents.
Consumer protection and online consumer protection
Consumer rights and protection in Fiji are being overlooked by two institutions, namely the Fijian Competition and Consumer Commission (FCCC) and the Consumer Council of Fiji (CCoF).
CCoF was established under the Consumer Council of Fiji Act 1976 and guided by the General Principles and Guidelines for Consumer Protection of the UN, while FCCC was established under section 7 of the Fijian Competition and Consumer Commission Act 2010.
Earlier this year, CCoF raised concerns regarding businesses non-compliance with consumer protection laws which included price gouging, the sale of expired goods and the sale of substandard food and non-food items.
Former CCoF chief executive Seema Shandil said traders were also selling products that did not meet local standards, eroding the trust in the marketplace.
“As far as goods are concerned, consumers may rely on the conditions and warranties of the Sale of Goods Act 1985. However, the most important instrument is the already noted Fijian Competition and Consumer Commission Act 2010,” the report said.
However, when it comes to online consumer protection, the report said that none of the studied jurisdictions have specific laws for consumer protection in e-commerce.
“This pattern is also observed globally. The merit of adopting a technology-agnostic consumer protection law that covers both digital and offline transactions lies in its ability to eliminate the need to define which transactions fall under e-commerce and which do not.
“Although existing consumer law protections in a few Pacific jurisdictions apply to online transactions, there remains some uncertainty about their scope, applicability and enforcement.
“In the majority of jurisdictions, consumer protection is predominantly provided via a patchwork of partially overlapping legislation.”
Data protection and privacy
None of the studied jurisdictions have adopted comprehensive data protection and privacy laws, including Fiji.
Timor-Leste has developed a draft Data Privacy and Protection Law, Vanuatu introduced a draft Bill for a Data Protection and Privacy Act in 2024, and the Solomon Islands has commenced drafting data protections and privacy policies and legislations to align with international standards.
“Fiji does not have specific data protection or privacy laws. However, certain aspects commonly addressed under data privacy laws are regulated by the Information Act 2018. Section 6 provides a right of access to information held by a public agency, which would enable an individual to access their personal data in a manner similar to that under data privacy laws.”
However, section 24 of the 2013 Constitution provides for a right to privacy, including a right to confidentiality of personal information.
The State of Artificial Intelligence in the Pacific Islands report released by the AI Asia Pacific Institute in 2024 states that despite the lack of specific legislation, there are several sector-specific laws addressing the unauthorised disclosure of personal or client information. This includes the Banking Act of 1995, the Fiji Revenue and Customs Service Act of 1998, the Medical and Dental Practitioner Act of 2010, Rules of Professional Conduct and Practice of the Legal Practitioners Act of 2009 and Cybercrime Act of 2021.
Cybercrime and cybersecurity
In Fiji, the Cybercrime Act 2021 provides a comprehensive framework for cybercrime and electronic evidence, covering offences against confidentiality, integrity and availability of computer data and systems.
There’s also the False Information Act 2016 and Online Safety Act 2018 which addresses specific offenses, such as identity theft and theft of telecommunication services.
A Memorandum of Understanding between Australia and Fiji was signed in 2024, outlining areas of cooperation. Fiji also contributes resources and expertise through the Pacific Computer Emergency Response Team (PacCERT).
Currently, there is a National Cybersecurity Strategy being developed to strengthen Fiji’s capacity to combat evolving cyber threats and is working on a broader National Digital Strategy.
Online content regulation
Mr Morris said the regulation of online content in the Pacific was generally based on constitutional provisions that uphold freedom of expression, balanced against rights to privacy and reputation.
However, in Fiji’s case, the Online Safety Act of 2018 exists and plays a central role as it also establishes the Online Safety Commission. Other Acts include the Defamation Act 1971, the Gaming Act 2009 and the Television and Online Streaming Act 1992.
Taxation
The report said Fiji does not have any tax law that is specific to e-commerce, but the Fiji Revenue and Customs Services (FRCS) is working on a draft VAT bill, “which, if approved, will require non-resident providers of digital services to register and collect VAT”.
In conclusion, the report recommends that domestic e-commerce laws be aligned with international standards while adapting them to local contexts is seen as essential.
It also recommends drawing on international experiences and seeking support from development partners for technical experience and funding.
