Draft E-Commerce Policy Has a Long Way To Go
The Department for Promotion of Industry and Internal Trade (DPIIT) issued a notification announcing the Draft National E-Commerce Policy on 23rd February, 2019 and inviting comments and suggestions from stakeholders. The Policy recognises the substantial growth of e-commerce and some of the opportunities and regulatory hurdles that accompany it. The Policy addresses the various concerns that have accompanied the rapid digitization of the economy and has chosen certain key areas that needs prioritization. Additionally, the Centre has highlighted the importance of harmonization of e-commerce policies across Ministries and Departments of the Government.
To these ends, the Policy covers certain aspects of data protection, regulation of e-commerce marketplaces, methods to tackle the problem of counterfeiting, and attempts to stimulate the domestic economy through infrastructure and export promotion.
The Policy acknowledges that there is no universally accepted definition of the term ‘e-commerce’, and that it includes transaction where buying, selling, distribution and/or payment for these occurs digitally.
BananaIP has submitted the following recommendations and suggestions to the DPIIT, and awaits positive changes in the proposed Policy.
Protection of Data
The full title of the Policy, which reads “India’s data for India’s development”, rightly points to protection of consumer data as a main focus of the Policy. The Policy acknowledges the importance of data as an economic resource, and the model adopted by companies of monetising data through its analysis, processing and utilisation. The Policy clearly states that an individual owns his/her data, and any use of such data depends on the individual’s consent.
However, the Policy then goes on to state that individual data is best treated as a collective resource that the government holds in trust. The focus of the data protection rules in the Policy, therefore, is on the exploitation of data as a national resource, and consequently on the restriction of cross-border flow of data.
In establishing a data protection framework, the Policy aims to create stricter limits on data sharing than the Data Protection Bill 2018. Thus, where the 2018 Bill allowed sharing with anonymisation and consent, the Policy completely prohibits sharing of individual data even if the business entity has obtained the consumer’s consent. However, the Policy does not specify the penalties or consequences for the failure of a business entity to adhere to these restrictions. Thus, while the Policy claims to favour the protection of consumers’ data, it also does away with the consumer’s freedom and autonomy to determine who may use this data and how it may be used. In our opinion, it is essential to implement strict data protection laws for all business entities, whether domestic or multinational, but treat an individual’s data as belonging to the individual. While information asymmetry may continue to exist, this should be overcome by raising the threshold for consent, not by nationalising it.
Further, the data localisation requirements seem to consider data as a tangible commodity which is safer within a national border, instead of focusing on the measures that must be taken to ensure security of the data. This requirement also fails to account for the fact that it might not only be expensive to store and process the data in India, but also that most parts of India do not have the infrastructure necessary for running large data centres.
It is thus recommended that the Policy be revised to harmonise the data protection obligations of e-commerce entities with those of data fiduciaries in the Data Protection Bill, and remove data localisation requirements in the Bill as well as in the Policy.
The comments with respect to marketplaces are based on the following ground rules:
- Marketplaces are merely neutral enablers/facilitators, and they must stick to that role in order to get the benefit of safe harbours, privilege or immunity provided under the law.
- Marketplaces must not extend their scope of operation to active supervision and/or control with the objective of gaining business or commercial advantage/benefit, or enabling their affiliates to gain such benefit. Courts have held that knowledge, control and financial benefit moves marketplaces out of the scope of privileges as intermediaries.
- Marketplaces must establish a transparent mechanism to handle owner, vendor and consumer issues relating to IP, product liability, privacy, data, and so on in an effective and timely manner. Non-compliance with the said mandate or evasion of the said mandate must move the marketplace out of the safe harbours, privilege or immunity provided under the law, and give rise to liability for their actions as other businesses.
- It is clear that self-regulation does not work with marketplaces and a well-defined regulatory and enforcement mechanism must be established to ensure strict compliance with the law and timely dispute redressal.
Following the aforestated ground rules will create a level playing field and avoid the pitfalls such as abuse of dominance, unfair trade practices, and discrimination by marketplaces. It will also enable entrepreneurship in e-commerce in general and marketplaces in particular, and remove barriers to business and economic growth.
At a general level, the Policy addresses several of the aforestated ground rules and proposes a workable framework for marketplaces in India. The comments hereunder propose additional measures and enhancements to those outlined in the Policy.
- Compliance with Laws in Force in India
Like other businesses, e-commerce marketplaces also have to comply with all laws in force in India. By nature of their business, it is possible for them to create layers around them and abuse their intermediary status for business benefit. This may be done by creating a layer between them and the entity providing goods or services on their platform coupled with exclusivity, preferential treatment and so on. It is recommended that the Policy specifically address the aspect of creating layers around the marketplace business through related entities or affiliates which, when seen on a whole, gives rise to legal non-compliance, and a mechanism to address the same. Evading the law by establishing the stated layers must in general be prohibited in the Policy.
- Intellectual Property
The Policy addresses only two forms of IP, trademarks and copyrights. As products and/or services offered on marketplaces may be covered by other forms of IP also, the Policy may be modified to include appropriate measures and steps on marketplaces for patents, industrial designs, geographical indications and other forms of IP as well. It is recommended that the Policy include facilities for registering the said forms of IP on the marketplace database along with product details and take down Policy/process for the said forms of IP.
Specific emphasis must be laid on marketplaces acting as mere intermediaries and playing only a passive role as neutral entities while dealing with IP. Use of discretion with respect to IP complaints and delaying take down by using frivolous grounds must be specifically prohibited. It is also recommended that the Policy expressly state that marketplaces must not abet, induce, or encourage IP infringement.
- Rogue Websites
The Policy currently proposes the constitution of a voluntary body by the industry to make a list of websites including pirated/infringing content and lays down responsibilities on ISPs, payment gate ways, search engines, etc., to block/remove the said websites. As identification of websites as carrying substantially infringing content is a legal determination and as such websites may be operating based on fair use provisions for education, persons with disabilities, etc., it is recommended that the Policy consider an alternative legal mechanism to address the issue of rogue websites. One option that may be considered is the constitution of a special court to address all e-commerce matters in an effective and timely manner. This court may make decisions on rogue websites within a given framework by following an adversarial process.
- Take Down Process and Consumer Complaints
Prior experience with marketplaces has not been very encouraging with respect to take down process and consumer complaints. Marketplaces have either been washing their hands of all responsibility by wrongfully claiming intermediary status or using their discretion to determine whether a complaint/take down request is valid or not. Irrespective of the contents of the complaint, marketplaces have adopted a mechanism of evading or delaying complaints by stating that sufficient information or data was not provided. In addition to strict timelines for handling take down and consumer complaints, marketplaces must be made responsible for any laxity or evasive behaviour with take down requests and complaints.
- Special E-Commerce Courts
Unlike physical transactions, e-commerce transactions are instant and so is the application of the law applicable for the transaction. The remedy for any illegality, breach or non-compliance with respect to the said transaction must also be quick for it to be meaningful. A special court to deal with e-commerce cases may be set up and details with respect to the same may be provided in the e-commerce Policy. While it is not possible for these courts to decide all disputes involving an e-commerce entity, they must be empowered to decide issues of infringement, data protection, product liability, contracts, and unfair trade practices.
The Policy identifies a few specific regulatory issues, in the areas of data, taxation, consumer protection, etc.
These are as follows:
- Regulation of advertising charges, especially for small enterprises and start-ups such that large firms cannot charge monopoly prices and create entry barriers.
- Keeping network effects in mind while analysing mergers, and preventing practices of selling at a loss.
- Reservation of the government’s right to seek disclosure of source code and algorithms.
- Giving ‘infant industry’ benefits and integrating start-ups and MSMEs in the sector.
- Imposing taxes based on ‘significant economic presence’ and reviewing the possibility of imposing customs duties on electronic transmissions.
- Establishment of online consumer courts and regulation of unsolicited commercial messages to protect consumers.
- Bringing government services online.
- Ensuring genuineness of content on platforms.
The Policy acknowledges the network effect on e-commerce companies, and the barriers it creates for start-ups to enter the sector, as well as the inter-disciplinary nature of the challenges to regulation. However, the Policy still expects regulatory changes to be responsive, and not anticipatory. Thus, despite recognising that e-commerce creates issues governed by the Information Technology Act, the Competition Act, the Consumer Protection Act, and data protection laws, the Policy makes no attempts to harmonise the regulatory mechanism or the channels for raising and settling grievances. Instead, the Policy creates an additional authority, the Standing Group of Secretaries on e-commerce (SGoS) to provide recommendations on Policy changes.
The Policy does not address the need for self-regulation by e-commerce platforms, or estimate any timeline for the necessary amendments to the existing statutes. As discussed above, the potential complexity of e-commerce disputes and the need for speedy resolution may be addressed by the creation of special courts. Other regulatory issues, like mergers between e-commerce entities and criminal liability may continue to be decided in accordance with the existing laws at the appropriate forum.
Similarly, the Policy also acknowledges that it may not be possible to constantly amend all relevant statutes, but still requires changes to be explored under the existing statutes. The Policy also entrusts DPIIT with ensuring the needs of the e-commerce sector are met, such that regulations facilitate e-commerce instead of hindering it. For this reason, it is recommended that, the Policy impose a strict timeline to uniformly amend all applicable statutes and rules to clarify the obligations and compliance requirements of e-commerce entities, and to implement news regulations wherever identified. Uniformity, clarity and certainty in the applicable laws is likely to encourage more innovation and investment in the sector than ambiguity and the possibility of legal loopholes.
The Policy recognises the need to make government departments and services available online, and to collect and analyse data for this purpose. However, it does not address data protection concerns when the Government itself is functioning as the data fiduciary, or the extent to which an individual’s consent is required for data collection and processing by the government. It is recommended that the Policy as well as the Data Protection Bill be amended to impose on the government the same security obligations that are imposed on other data fiduciaries, as the government is likely to posses a greater amount of sensitive information on each individual than any private entity.
The Policy completely fails to address other regulatory issues like environmental compliance, sustainability, labour practices, and safe working conditions for all employees/workers. It also fails to proactively mandate features like accessibility, availability in Indian languages, and ease of submitting grievances, which would help to bring the benefits of e-commerce to a much broader section of society. It is recommended that the Policy be revised to explicitly subject e-commerce entities to these laws, which some entities may be currently evading through lack of physical presence in India.
While the Policy is clearly aimed at creating a level playing field for domestic and multinational companies, the latter of which often have deeper pockets, it fails to recognise that start-ups based outside India may want to enter the market earlier to gain early mover advantages, and that home-grown companies like Flipkart contribute to the ‘deep pockets’ problem instead of solving it. It is recommended that the Policy distinguish between e-commerce entities based not only on the ownership and economic presence, but also based on being recognised as start-ups and the nature of the e-commerce business.
The Policy acknowledges that India has not been a party to multilateral negotiations on the issue, but aims for retention of policy space to grant preferential treatment of digital products created within India and seek disclosure of source code. In various previous negotiations, India has stated that attempts by developed countries to frame rules on e-commerce outside the WTO framework could undermine the consensus principle at the multilateral body. However, the Policy seeks to do precisely that by creating a framework which, while simultaneously trying to attract foreign investments and protect domestic entities, has been framed with little consideration for the long-term impact on the sector.
The Policy manages to identify a few issues that have arisen involving e-commerce entities, the need to create specific regulation due to the nature of e-commerce transactions and the immediate need to ensure the protection of consumer data. However, the lack of clarity and comprehensiveness in the Policy, particularly with respect to e-commerce marketplaces and the framing of regulations, shows there is much work to be done before a detailed and comprehensive legal framework can be put in place.
This post is authored by Dr. Kalyan C. Kankanala (Senior Partner) and Ashwini Arun (Associate), BananaIP Counsels.
We welcome your comments and questions at [email protected]