I.E Data retention and electronic evidence

I.E.1 Does the law set forth general requirements for data retention, including a minimum and maximum retention period? Do they apply to electronically-stored data?

Data retention laws aim to ensure storage of data in a manner that allows its future use, including use as evidence in the context of dispute resolution and (criminal and administrative) law enforcement. The period for which the information should be retained is usually set by other laws, for instance those on the limitation of actions due to the passing of time. That period may be different for different functions of the document (for e.g., as evidence of a contract or as the basis for taxation).

The ETLs may contain a general rule on data retention. Article 10 of the MLEC sets criteria for the retention of electronic data, including the format in which data is to be stored.

10. Retention of data messages

1. Where the law requires that certain documents, records or information be retained, that requirement is met by retaining data messages, provided that the following conditions are satisfied:

a) the information contained therein is accessible so as to be usable for subsequent reference; and

b) the data message is retained in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received; and

c) such information, if any, is retained as enables the identification of the origin and destination of a data message and the date and time when it was sent or received.

Evidence law may contain additional requirements (see I.E.4).

The law may also set specific retention requirements for trade-related information. For instance, Article 5 of the Framework Act on Electronic Documents and Transactions 2016 of the Republic of Korea provides general requirements for retention of electronic documents, including trade documents.

5. Storage of electronic documents

1. Where an electronic document meets the following requirements, the storage of such electronic document may take the place of the storage of the document provided for in the relevant statutes:

a. that the content of the electronic document shall be available for public perusal;

b. that the electronic document shall be kept in the same form as when prepared, transmitted, or received or in a form reproducible same as the aforementioned form;

c. where matters concerning an originator, an addressee, and the time of transmission or receipt of the electronic document are included therein, such matters shall remain therein.

Article 16 of Electronic Trade Facilitation Act 2015 of the Republic of Korea gives legal recognition to electronic documents kept in the national trading platform by reference to the Framework Act on Electronic Documents and Transactions 2016 and the Digital Signatures Act 1999.

16. Validity of electronic trade documents kept by electronic trade infrastructure business entities

1. Where an electronic trade infrastructure business entity keeps electronic trade documents, such electronic trade documents shall be deemed to have been kept pursuant to Article 5 (1) of the Framework Act on Electronic Documents and Transactions.

2. Where an electronic trade infrastructure business entity intends to use its digital signature in order to keep electronic trade documents, it shall use its certified digital signature under subparagraph 3 of Article 2 of the Digital Signature Act.

The retention period for electronic records may also be specified for some purposes by specialized laws. For e.g., in Australia, data submitted for the purpose of customs operations needs to be retained in the single window for five years pursuant to section 126DC of the Customs Act 1901 (Cth).

126DC. Records of certain electronic communication

1. The Comptroller General of Customs must keep a record of each electronic communication made as required or permitted by this Act. The Comptroller General of Customs must keep the record for 5 years after the communication is made.

Additional requirements relevant for data retention may be contained in privacy and data protection law. Those requirements normally align with other obligations to retain information, for instance by not requiring destruction of information that may have legal value.

I.E.2 Does the law require or favour the use of specific trust services or service providers for data retention?

The law may require the use of specific trust services or trust service providers for data retention. The law may also mandate the use of specific technical standards or of technology such as PKI certificates that ensure the integrity of a data message from a certain point in time. Those requirements may be of general application or apply to specific areas and business sectors. Satisfaction of those requirements may be a condition for legal recognition of stored data or could introduce a legal presumption of validity for a given purpose.

For instance, Article 31-6 of the Framework Act on Electronic Documents and Transactions 2016 of the Republic of Korea indicates that storage of data in an electronic document centre designated under Article 31-2 of the same Act is presumed to comply with the general storage requirements contained in Article 5 of that Act (see above).

31-6. Effect of storage through authorized electronic document centers

Where an authorized electronic document center stores electronic documents, such electronic documents shall be deemed stored under Article 5 (1) or (2).

Specific requirements for data retention of trade-related documents may be found in the technical specifications of the facilities used for trade facilitation. In turn, those specifications normally comply with the requirements for data retention set in general law, unless an exception is specified.

I.E.3 Do data custodians, such as data centres, assume liability for loss or damage to electronically stored information? Is such liability contractual, statutory or both?

Agreements with trust service providers offering data storage services may define the liability of those providers in case of loss or other damage to stored data. Those agreements often contain clauses limiting liability.

Moreover, the liability of the trust service providers may be limited by statute, in general terms or with respect to the use of specific service providers, or of specific technologies or solutions. The law may also define other elements of the liability regime such as the allocation of the burden of proof.

For instance, Article 31-16 of the Framework Act on Electronic Documents and Transactions 2016 of the Republic of Korea indicates that, in case of loss arising from storage of electronic documents, a certified electronic document centre operator shall compensate the user who has suffered the loss unless the operator can prove that the loss did not arise from its negligence or wilful misconduct. This provision has the effect of reversing the ordinary rule on burden of proof, which requires that the person who has suffered the loss should prove the negligence or wilful misconduct of the operator.

31-16. Liability for compensation and purchasing insurance

1. When a certified electronic document centre has inflicted a loss on a user in connection with the storage of electronic documents, etc., it shall compensate the user for such loss: provided, that where the certified electronic document centre has proved that there is no intention or negligence on its part, this shall not apply.

The liability regime under contract law aims usually at providing monetary compensation. It does not affect the application of administrative and criminal sanctions.

The liability issues related to operations of cross-border paperless trade systems, including single window, will be discussed in IV.B.

I.E.4 Is electronic evidence admissible in judicial and other proceedings?

The ETLs may provide at a general level for the admissibility of data messages as evidence in legal proceedings and for their evidential value. The evidential value of the data messages may depend on whether they are generated, retained or communicated in a reliable manner.

Article 9(1) of the MLEC extends the principle of non-discrimination against electronic means to the admissibility and evidentiary value of data messages.

9. Admissibility and evidential weight of data message

1. In any legal proceedings, nothing in the application of the rules of evidence shall apply so as to deny the admissibility of a data message in evidence:

a. on the sole ground that it is a data message; or,

b. if it is the best evidence that the person adducing it could reasonably be expected to obtain, on the grounds that it is not in its original form.

Article 9(2) of the MLEC sets general conditions regarding when data messages shall be given due evidential weight.

9. Admissibility and evidential weight of data message

2. Information in the form of data message shall be given due evidential weight. In assessing the evidential weight of data message, regard shall be had to the reliability of the manner in which the data message was generated, stored or communicated, to the reliability of the manner in which the integrity of the information was maintained, to the manner in which its originator was identified, and to any other relevant factor.

Additional rules are often inserted in evidence laws. Those rules may contain presumptions or specify how evidence should be taken. See for e.g., section 161 of the Australian Evidence Act 1995 (Cth).

161. Electronic communications

(1) If a document purports to contain a record of an electronic communication other than one referred to in section 162, it is presumed (unless evidence sufficient to raise doubt about the presumption is adduced) that the communication:

(a) was sent or made in the form of electronic communication that appears from the document to have been the form by which it was sent or made; and

(b) was sent or made by or on behalf of the person by or on whose behalf it appears from the document to have been sent or made; and

(c) was sent or made on the day on which, at the time at which and from the place from which it appears from the document to have been sent or made; and

(d) was received at the destination to which it appears from the document to have been sent; and

(e) if it appears from the document that the sending of the communication concluded at a particular time—was received at that destination at that time.

(2) A provision of subsection (1) does not apply if:

(a) the proceeding relates to a contract; and

(b) all the parties to the proceeding are parties to the contract; and

(c) the provision is inconsistent with a term of the contract.

Also, see section 116A of the Evidence Act 1997 (Cap. 97) (Singapore), See original text for illustrations.

116A. Presumptions in relation to electronic records

(1) Unless evidence sufficient to raise doubt about the presumption is adduced, where a device or process is one that, or is of a kind that, if properly used, ordinarily produces or accurately communicates an electronic record, the court shall presume that in producing or communicating that electronic record on the occasion in question, the device or process produced or accurately communicated the electronic record.

(2) Unless evidence to the contrary is adduced, the court shall presume that any electronic record generated, recorded or stored is authentic if it is established that the electronic record was generated, recorded or stored in the usual and ordinary course of business by a person who was not a party to the proceedings on the occasion in question and who did not generate, record or store it under the control of the party seeking to introduce the electronic record.

(3) Unless evidence to the contrary is adduced, where an electronic record was generated, recorded or stored by a party who is adverse in interest to the party seeking to adduce the evidence, the court shall presume that the electronic record is authentic in relation to the authentication issues arising from the generation, recording or storage of that electronic record.

[(4)]

(5) The Minister may make regulations providing for a process by which a document may be recorded or stored through the use of an imaging system, including providing for the appointment of one or more persons or organisations to certify these systems and their use, and for any matters incidental thereto, and an “approved process” in subsection (6) means a process that has been approved in accordance with the provisions of such regulations.

(6) Where an electronic record was recorded or stored from a document produced pursuant to an approved process, the court shall presume, unless evidence to the contrary is adduced, that the electronic record accurately reproduces that document.

[(7)]

Finally, laws governing paperless trade may have dedicated provisions on evidence. For e.g., section 126DC of the Australian Customs Act 1901 (Cth) makes provision for the evidentiary value of electronic records stored in the single window system.

126DC. Records of certain electronic communications

(1) The Comptroller‑General of Customs must keep a record of each electronic communication made as required or permitted by this Act. The Comptroller‑General of Customs must keep the record for 5 years after the communication is made.

Note: It does not matter whether the communication is made to the Department or by the Department or a Collector.

Evidentiary value of the record

(2) The record kept is admissible in proceedings under this Act.

(3) In proceedings under this Act, the record is prima facie evidence that a particular person made the statements in the communication, if the record purports to be a record of an electronic communication that:

(a) was made to the Department; and

(b) met the information technology requirements that the Comptroller‑General of Customs has determined under section 126DA have to be met to satisfy a requirement that the person’s signature be given to the Department in connection with information in the communication.

(4) In proceedings under this Act, the record is prima facie evidence that the Department or a Collector made the statements in the communication, if the record purports to be a record of an electronic communication that was made by the Department or a Collector.

I.E.5 Is electronic evidence that is generated, stored or collected abroad admissible? If so, under which conditions?

Evidence law seldom has specific rules on the admissibility of evidence generated or stored abroad.

The law may refer to the intrinsic evidentiary value of the data message without discriminating due to foreign elements, akin to what happens with paper-based documents. In that case, the evidentiary value of domestic and foreign data messages will be assessed on the same criteria. Recognition the evidentiary value of foreign data messages may also be possible on the basis of bilateral or multilateral treaties.

On the other hand, the law may set national requirements for the admissibility of electronic evidence that bar the recognition of foreign evidence. This may happen in particular if special evidentiary weight is given to digital signatures that are subject to national regulation. See the discussion of cross-border recognition of electronic signatures in part I.B.4.