It is reported that Algerian foreign exchange regulations prohibit the use of online payment processors for transferring funds between accounts.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is DZD 50,000 (approx. USD 383), above the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

Art. 6 of Decree No. 20-332 establishes that the online information activity is subject to the publication through an electronic site, whose hosting is exclusively domiciled, physically and logically in Algeria, with a domain name extension ".dz".

Art. 8 of the Law No. 18-05 requires any e-commerce activity, which is defined as electronic commerce in goods and services, to have a website hosted in Algeria with a “.com.dz” extension. This requirement applies to both domestic and foreign e-suppliers as clarified in Art. 2, which states the legislation applies to e-commerce transactions where one of the parties to the e-commerce contract is of Algerian nationality, or legally resides in Algeria, or a legal person governed by Algerian law, or if the contract is concluded or performed in Algeria. Effectively, this means that the requirement to have domain names hosted in Algeria also applies to foreign companies.

Pursuant to Art. 4.2 of Law No. 18-07, in the event that the controller is not established in the national territory, a representative located in Algeria must be appointed. This requirement applies to foreign service providers in Algeria, as defined in Art. 3 as any public or private entity that offers users of its services the possibility to communicate by means of a computer system and/or a telecommunications system.

Art. 10 of Decision No. 48/SP/PC/ARPT/17 stipulates that in the course of carrying out the activity covered by its authorisation to establish and operate hosting and storage services for computerised content, the service provider is obliged to establish its infrastructure on national territory and guarantee that it is set up using equipment incorporating the most recent and proven technologies. In addition, the service provider is required to provide services via infrastructures specifically declared for this authorisation. The term "service provider" is defined as any natural or legal person who has been granted authorisation to establish and operate hosting and storage services for computerised content for the benefit of remote users as part of cloud computing services, in compliance with the requirements set out in the legislation and regulations in force.

Art. 6 of Decision No. 48/SP/PC/ARPT/17 provides that any natural or legal person wishing to establish and/or operate a service for the hosting and storage of computerised content for the benefit of remote users, within the framework of so-called cloud computing services, shall submit an application to the Regulatory Authority. Any legal entity wishing to establish and/or operate such a service must be incorporated under Algerian law and have its registered office in Algeria.

Art. 44 of Law No. 18-07 provides that the data controller may only transfer personal data to another foreign state upon authorisation of the data protection authority and if that state ensures an adequate level of protection of the privacy and fundamental rights and freedoms of individuals with regard to the processing to which such data are or may be subject. Art. 45, however, provides that, by way of derogation to Art. 44, the data controller may transfer personal data to a foreign State subject to certain conditions, including: if the data subject has expressly consented to their transfer; if the transfer is made pursuant to a bilateral or multilateral agreement to which Algeria is a party; with the authorisation of the national authority; if the transfer is necessary: (a) to safeguard that person's life; (b) the preservation of the public interest; (c) for compliance with obligations to ensure the recognition, exercise or defence of a legal right; (d) for the performance of a contract between the controller processing and the data subject, or measures pre-contractual agreements taken at the latter's request; (e) for the conclusion or performance of a contract concluded or to conclude, in the interest of the data subject, between the controller and a third party; (f) for the execution of a mutual legal assistance measure international; or (g) for prevention, diagnosis or treatment of medical conditions.

Algeria has not joined any agreement with binding commitments to open transfers of data across borders.

Law 18-07 provides a comprehensive regime of data protection in Algeria. It establishes general personal data protection requirements such as express consent, data processing notifications, data subject rights, and restrictions on direct marketing and data transfers.

Art. 11 of Law No. 09-04 requires communication service providers to store, for a period of one year after the registration, data allowing the identification of users of their services and data enabling the recipient(s) of the communication to be identified as well as the addresses of the sites visited. This requirement covers all service providers, defined in Art. 2 to include any public or private entity which offers users the possibility of communicating by means of a computer system and/or a telecommunications system; and any other entity processing or storing computer data for communication services or their users.

According to Art. 3 of Law No. 09-04, subject to the legal provisions guaranteeing the secrecy of correspondence and communications, implementation of technical devices carrying out operations of surveillance of electronic communications, collection and recording in real time of their content as well as searches and seizures in a computer system may be carried out for purposes of protection of public order, for investigations or after judicial request. Art. 4 lists instances when such surveillance may be carried out, including:
- to prevent offences qualified as terrorist or subversive acts and offences against State security;
- when there is information on a probable attack on a computer system representing a threat to public order, national defence, State institutions or the national economy;
- for the purposes of investigations and judicial information when it is difficult to arrive at results relevant to the research in progress without resorting to electronic surveillance;
- in connection with the execution of requests for international legal assistance.

Law No. 09-04 of 14, laying down special rules relating to the prevention and fight against offences related to information and communication technologies, establishes a safe harbour regime for intermediaries for copyright infringements. According to Art. 12 of the Law, internet service providers are required to intervene, without delay, to remove the content to which they authorise access in the event of a violation of the laws, store it or make it inaccessible as soon as they become aware of it directly or indirectly.

Law No. 09-04 of 14, laying down special rules relating to the prevention and fight against offences related to information and communication technologies, establishes a safe harbour regime for intermediaries for copyright infringements. According to Art. 12 of the Law, internet service providers are required to intervene, without delay, to remove the content to which they authorise access in the event of a violation of the laws, store it or make it inaccessible as soon as they become aware of it directly or indirectly.

Art. 11 of Law No. 09-04 requires communication service providers to store data allowing the identification of users of their services for a period of one year after the registration. This requirement covers all service providers, defined in Art. 2 to include any public or private entity which offers users of its services the possibility of communicating by means of a computer system and/or a telecommunications system and any other entity processing or storing computer data for communication services or their users.