India had more than 460 million internet users in 2018, which is expected to grow to 635 million. The Indian e-commerce market was $38.5 billion in 2017, which is expected to grow to $150 billion by 2022.
This rapid pace of growth of internet users and e-commerce business in India has bring forward a number of issues that the legal system of the country is required to face.
Hence, an in-depth understanding of the legal regime to effectively manage risks that an e-commerce business may face is very important for the business to thrive in a rapidly growing market.
Foreign Investment in E-Commerce in India
Foreign direct investment (“FDI”) in India is regulated under the Foreign Exchange Management Act 1999 (“FEMA”). The Department of Industrial Policy and Promotion (“DIPP”), Ministry of Commerce and Industry, Government of India makes policy on FDI.
The FDI policy treats two models of e-commerce businesses differently:
- Marketplace model: Under this model, an e-commerce company only offers a platform to registered sellers to sell goods to customers across India. The company is only a facilitator between a seller and a customer and doesn’t have any ownership over the goods sold on its online platform. FlipKart, Snapdeal and Amazon are good examples of this model.
- Inventory model: Under this model, an e-commerce company sells only its own goods to customers across India. The company not only owns the online platform but also is a seller.
While 100% FDI is permitted to marketplace model based e-commerce companies, no FDI is allowed in inventory based e-commerce companies.
There are some additional conditions for marketplace e-commerce companies such as no single vendor can sell more than 25% of total sales on their online platform.
Security Issues in E-Commerce
Here are some applicable Indian laws related to security issues in e-commerce businesses.
- Authentication and Identification: Electronic signature (link to the section above) is used to determine the authority and legitimacy of the person to authenticate an electronic record, such as terms of services in an e-commerce transaction. In case of identity theft or impersonation, i.e., when a person’s electronic signature or password is fraudulently used, the IT Act prescribes a penalty of imprisonment of up to 3 years and a fine of up to Rs 1 lakh.
- Privacy: An e-commerce platform collects users’ data such as identify details, financial information, personal choices and preferences and pattern of search. Unauthorized access and misuse of such personal information would lead to a violation of privacy, which may be dealt by a court under the principles of torts such as defamation, trespass, and breach of confidence as applicable.
- Data Protection: Under section 43A of the IT Act, there are two categories of information for the protection of data in India:
(i) Personal Information: This is defined as any information related to a natural person, which either directly or indirectly, in combination with other information available, is capable of identifying such a person.
(ii) Sensitive personal data/information: This includes a password, bank account, credit/debit card / other payment instrument details, physical/physiological/ mental health conditions, sexual orientation, medical records / history, and biometric information.
For compliance and Data Protection, an e-commerce business has to follow guidelines including:
– Obtaining user consent for collecting the above information
– Having provision for a user to opt out
– Maintaining reasonable security control and measures to prevent unauthorized access and misuse of such data and information
In the case of wrongful disclosure of personal information, the IT Act prescribes a penalty of imprisonment of up to 3 years and a fine of up to Rs 5 lakh.
Consumer Protection Issues in E-Commerce
In e-commerce businesses, liabilities arise when there is a deficiency in service or defects in goods, or there are unfair trade practices.
If an e-commerce platform is not charging the users, the liabilities may not apply.
Otherwise, such liabilities come under the Consumer Protection Act 1986 (“CPA”) that governs the relationship between consumers and services/goods providers and may impose various sanctions such as:
- Removal of defects/deficiencies
- Replacement of goods
- Return of price paid
- Pay compensation as may be awarded, and
- Discontinue the unfair trade practice
Intellectual Property Issues in E-Commerce
Following are the common form of intellectual property in the e-commerce business:
- Copyrights to protect e-commerce software platform and design, content, graphics, music, and videos transmitted over the platform.
- Trademarks to protect the business name, domain name, product name, tagline, and logos that identify the e-commerce business.
- Patents to protect the functionality of the e-commerce software, source code, algorithms, technical description, programs, logic flow charts and database contents. However, In India, there is no patent protection for a computer program, and hence alternate ways should be used to protect the software.
Often e-commerce companies outsource designing, development and content creation of the website to third-party contractors.
- Who owns the intellectual property is a critical legal issue in this case.
- Hence, there should a written agreement that spells out the ownership of the IP including clauses on term, territory and the nature of the right.
- If any third party IP or Open Source software is used in the creation of the website, the company should be aware of the terms and conditions under which such software has been licensed.
The liability for infringement of IP is complicated given the ease of duplication and dissemination of IP protected work on the internet, availability of infringed material for a very short period, for example, a social post shared containing such material, and IP protection is territorial in nature.
The following are the common civil remedies for infringement in India:
- A temporary or permanent injunction against the infringer prohibiting the infringing activity,
- Damage to the extent of lost profit,
- Order for accounts of profits, or
- Order for seizure/destruction of infringing material
In addition to civil remedies for infringement above, there are some criminal provisions of imprisonment of up to three years for
- applying for a false trademark, or
- knowingly infringing a copyright
Content Regulation for E-Commerce Website
For the e-commerce website that acts as a platform to distribute or exchange third-party content, compliance with content regulation is critical as such content might be objectionable under some of the Indian laws.
To further complicate, a plethora of legislation along with judicial interpretations come into play for content regulation in India.
- Obscenity issues: Posting sexual or obscene materials on the website would attract liability under Section 292 of the IPC and includes imprisonment and fine. This liability increases further when such material is made available to young persons. Also, there may be liability under the IT Act and Indecent Representation of Women (Prohibition) Act, 1986.
- Defamation issues: E-commerce websites should ensure that users don’t post defamatory comments. Posting defamatory material about a person with the intention to harm his reputation would attract liability under Section 499 of the IPC and includes imprisonment for up to two years and with fine. Also, selling or advertising such defamatory material through the site would attract liability under Section 500 of the IPC.