This article is written by Kamar Alimi pursuing an MBA with a Specialisation in Data Protection and Privacy Management from the Swiss School of Management. This article has been edited by Zigishu (Associate, Lawsikho).
This article has been published by Sneha Mahawar.
Table of Contents
The Draft National e-Commerce policy (“Draft Policy”) was issued by the Department for Promotion of Industry and Internal Trade (“DPIIT”) on 23 February 2019, This is an exhaustive regulation framework for the already existing and rapidly growing e-commerce industry in India and globally. Statistics show that the e-Commerce market in India is worth $38.5 billion, a 17% growth over the previous year.
The Draft Policy aims to create a framework for achieving holistic growth of the e-commerce sector along with existing policies of Make in India, Startup India, Skill India and Digital India. This is in synchronization with the recently updated industrial policy which regulates the underlying brick-and-mortar economy. Potentially, the inclusive growth of this sector will act as a catalyst for achieving economic growth and other public policy objectives. The Draft Policy is all-encompassing; it covers the various dimensions of e-Commerce, including data, consumer protection, intellectual property and competition, details of which would be discussed subsequently.
The objective of this Draft Policy is to enable India to benefit from digitization by creating a governance framework for various stakeholders and strategies for data localization, consumer protection and promotion of micro, small and medium enterprises (MSMEs) and start-ups. The strategies envisaged should provide a basis for unlocking productivity, generating new-age jobs, protecting critical personal information, enhancing consumer awareness and facilitating the onboarding of domestic producers, manufacturers, traders and retailers.
There are many positive sides of this document. Internationally, the Draft Policy is recognized as the first exclusive E-commerce policy for India. This makes India one of the few countries in the world to be moving toward advanced E-commerce legislation. China and the U.S. have similar legislations and policies.
However, in trying to address all these many aspects of E-commerce, the Draft Policy has become equivocal and vague, raising questions about whether it is intended to be an internet policy or a specific E-commerce policy.
There are several areas of the Draft Policy that reflect these concerns, namely the definition of e-Commerce, data ownership, shortcomings in consumer protection, excessive liabilities on the platform, lack of clarity on implementation and regulation, etc. These areas would be sufficiently addressed and suggestions proffered accordingly.
Overview of the draft National E-commerce policy
The Draft Policy deals with issues in 6(six) broad themes, viz: i) data; (ii) infrastructure development; (iii) e-commerce marketplaces; (iv) regulatory issues; (v) stimulating domestic digital economy; and (vi) export promotion through e-commerce. It critically identifies aspects of the issues listed and lays out strategies to achieve the Government’s vision. These strategies take into account the needs and expectations of all stakeholders and accord the interests of startups, small manufacturing, trading and service enterprises a high consideration.
E-commerce was defined to include buying, selling, marketing or distribution of (i) goods, including digital products and (ii) services; through electronic networks. Delivery of goods including digital products, and services which may be online or through the traditional mode of physical delivery. In the Draft Policy, E-commerce was used interchangeably with ‘digital economy,’ this has been highlighted as one of the major issues of the Draft Policy.
Some major suggestions in the draft policy are as follows:
A significant part of the Draft Policy focuses extensively on data. It identifies data as a critical driver of growth and success in the e-commerce market which will assist the government in creating a strategy to promote electronic commerce in India among vendors, consumers, intermediaries, etc. and integrating existing Indian logistic service providers operating in the physical world with the digital economy.
It also acknowledges access to data as an essential input to competing in the online retail industry. It recognizes the use of data in tailoring online advertisements and understanding consumer preferences. Furthermore, it mentions that the use of artificial intelligence requires access to vast amounts of data, in order to train the algorithm to maximize profits. Without similar access to vast troves of consumer data, Indian businesses would not be able to compete and innovate at the scale achieved by ‘first-movers’ in the business.
The Draft Policy goes a step further to make an analogy with the natural resources, particularly oil. Accordingly, it states that “just like oil or any other natural resource, it is important to protect data, prevent its misuse, regulate the use and processing of data and address the concerns related to privacy and security.” However, unlike in the case of oil, data flows freely across borders. It can be stored or processed abroad and the processor can appropriate all the values. It is proposed that India’s data should be used for the country’s development. Indian citizens and companies should get economic benefits from the monetization of data. Given that India is likely to become one of the largest sources of commercially exploitable data, it seeks to ensure that the benefits to be accrued from such data are available to Indian businesses as well.
On the issue of privacy, which was not broadly talked about under the Draft Policy, as a more comprehensive framework for protecting the privacy of Indian citizens has been given credence under Draft Data Protection Bill, the Draft Policy identifies several forms of commercially exploitable consumer data, such as details of communication over mobile apps, physical location, financial details, browsing and searches history. It states that an individual owns her data and such data cannot be used without the individual’s express consent – citizens must be given control over their data. However, at the same time, the Policy states that “data of a country, therefore, is best thought of as a collective resource, a national asset, that the government holds in trust” and accordingly, non-Indians cannot be allowed the same rights to exploit the data as Indians. As such, the Policy seeks to put in place a legal and technological framework to restrict the cross-border flow of data. First, it proposes the sharing of anonymous community data collected by devices installed in public places, such as traffic monitors, with private entities for research and development.
Secondly, it states that a business entity that collects or processes ‘sensitive data’ in India and stores it abroad, cannot share such data with other business entities not located in India, for any purpose, even if the consumer consents to such data sharing. Thirdly, such data cannot be made available to any foreign government, without the permission of Indian authorities. However, any request for data from any Indian authority must be complied with immediately. If this is interpreted in a broad manner, any data pertaining to Indian individuals or communities or collected in India should be preferentially used by Indian companies (potentially without foreign investment). This would, however, be unnecessarily prohibitive to the operation of business in India, especially by multinational companies. Further, a business entity located outside India can contract to send data to an Indian entity located in India.
This is another very vital policy recommendation on e-commerce; for a digital economy to thrive, a strong physical structure must be put in place to support the country’s development. The Draft Policy recognizes this fact, it therefore proposes that the three core components of the ‘Digital India’ to wit: (i) the development of secure and stable digital infrastructure; (ii) delivering government services digitally; and (iii) universal digital literacy, be taken into cognizance to actualize the policy framework as envisaged in Draft document. Secondly, steps would be taken to develop capacity for data storage in India, this will include creating a time frame of three years to transition to data storage within the country; this would enable industries to adjust to the data storage requirement.
Furthermore, data centers, server farms, towers and tower stations, equipment, optical wires, signal transceivers, antennae etc. will be accorded ‘infrastructure status’, thereby facilitating achieving last mile connectivity across urban and rural India, this is in consonance with the ‘Digital India’ initiative through its medium- The Harmonized Master List of Infrastructure –sectors is specifically meant for that purpose.
The Draft policy acknowledges the numerous benefits e-commerce marketplaces have on both consumers and sellers alike. They have provided sellers with a means to cross geographic boundaries and reach customers in any corner of the country and even across the globe. However, at the same time, it pointed out that there has been large scale ‘capital dumping’ into e-commerce marketplaces, allowing them to sell at losses – threatening the existence of smaller businesses.
Accordingly, the Policy clearly distinguishes what constitutes an ‘inventory-based’ and ‘marketplace’ model of sale and distribution. It therefore recommends prohibiting Foreign Direct Investment (“FDI”) in ‘inventory-based models’ and only allowing FDI in ‘marketplace models.’ An e-commerce platform, in which foreign investment has been made, therefore, cannot exercise ownership or control over the inventory sold on its platform. This part of the Policy has already been implemented with a revision of the FDI rules for E-commerce. The revised policy allows FDI in “an information technology platform by an e-commerce entity on a digital & electronic network to act as a facilitator between buyer and seller” while prohibiting FDI in “an e-commerce activity where inventory of goods and services is owned by e-commerce entities and is sold to the consumers directly.”
It further provides that a vendor’s inventory would be considered to be under the control of a marketplace if the marketplace or its group companies account for 25% of the vendor sales, or if the marketplace or its group companies own equity in the vendor or exercise control over its inventory. Principally, the changes to the FDI policy are aimed at curbing potentially anti-competitive practices by marketplaces such as giving their in-house branded products preferential treatment over third-party seller products, by abusing their market power by their dual role as both a platform and a seller. Finally, the policy also calls for regulating advertising charges imposed by social media platforms and search engines, as a facet of e-commerce. The Policy notes that the market power possessed by such social media platforms and search engines allows them to charge monopoly prices which poses a problem for small businesses and new entrants who are trying to reach customers, and has the potential to become a barrier to entry.
The Draft Policy proposed a mixed bag of strict regulatory and protectionist policies related to data governance and privacy – largely premised on the rationale that “India’s data should be used for the country’s development. Indian citizens and companies should get the economic benefits from the monetization of data.” Thus, the existing statutes and laws especially the Information Technology Act and Rules, the Competition Act, the Consumer Protection Act etc. need to evolve to take into account the changing ways of doing business and changing business models. This includes IoT, network effects, latest technologies, modes of delivery, treatment of data, online placing of orders, online marketplaces, free ancillary services like logistics etc. In like manner, the Standing Group of Secretaries on E-commerce (SGoS) shall give recommendations to address E-commerce policy challenges.
Privacy remains a very important aspect of the Draft Policy. To ensure this, it is imperative that law and order be maintained. Thus, it was suggested that Participants of the digital economy that have access to the data of Indians must nominate a local representative to be responsible for the affairs of the company in India.
For the purpose of integrating small firms and start-ups into the digital sector, it was therefore recommended that they be given ‘infant-industry’ status. By doing so, the benefits of an ‘infant industry’ status could be accorded to such firms and start-ups and access to data could be at the centre of this approach. This would ease the process of onboarding, for MSMEs and to provide the best practices, and platforms, where they already exist.
The concept of ‘significant economic presence’ which was introduced in the 2018 Budget was significantly reiterated in the Draft Policy, the basis for this is to determine the ‘permanent establishment’ for the purpose of allocating profits of multinational enterprises between ‘resident’ and ‘source’ countries and expanding the scope of ‘income deemed to accrue or arise in India’ under Section 9(1) (i) of the Income-tax Act, 1961. Also, the current practice of not imposing custom duties on electronic transmissions must be reviewed in light of the changing digital economy and the increased role that additive manufacturing is expected to take. These regulatory approaches would help prevent the loss of the country’s revenue.
Consumer protection issues
The Draft Policy laid emphasis on the following consumer protection issues:
- genuine reviews and ratings;
- anti-counterfeiting and privacy measures by ensuring disclosures by sellers; and
- e-Courts for grievance redress
From a data collection perspective, the Policy recommends that e-commerce entities should be mandated to disclose the purpose for which data is being collected, in a simple and easy-to-understand manner.
The Draft Policy also mandates that an e-commerce entity operating in India needs to have a business entity registered in India, to ensure compliance with laws in India. Thus they need to ensure that their algorithms are not biased.
To enhance consumer protection on such e-commerce platforms, the Policy also proposes anti-counterfeiting measures and suggests that platforms should take measures to combat fraudulent ratings and reviews, as well as providing speedy redressal of consumer grievances.
Stimulating the domestic digital economy
The key recommendations under this theme are as follows:
- The need to formulate and facilitate domestic industrial standards for smart devices and IoT devices to meet the goals of the country including, inter alia, consumer protection, secured transactions, enhanced interoperability, and ease-of-use interface. National standard-setting organizations will be involved in this exercise along with other stakeholders.
- The incorporation of Artificial Intelligence (AI) into the logistic sector by means of automation, including the services provided by the Department of Post. This would facilitate prompt delivery of Government services digitally.
- Online Customs clearance will be facilitated by adopting Customs Electronic Data Interchange (EDI) platform, integrating all the departments concerned such as the Department of Posts, DGFT and RBI, and other stakeholders, eliminating manual processes under ease of doing business. Additionally, the provision will be made to source Export Data Processing and Monitoring System (EDPMS) data from RBI for confirmation of payments, instead of Bank Realization Certificate.
- Customs validation will be enabled where required to benefit from schemes like duty drawbacks, DGFT being given access to the data, thereby minimizing procedure, documentation and facilitating online processing. This will be supported by permitting all international airports and other export/ manufacturing hubs to accept e-commerce export shipments in order to facilitate and promote e-commerce exports from India.
- Creating awareness on procedural formalities by conducting cluster-specific programmes for exporters (to be undertaken by the Department of Post and DGFT). The following steps were proposed to be taken to prevent the violation of existing rules to circumvent customs duties: – Mandating shipper KYC by providing a unique code and national repository to identify foreign exporters and to track suspicious activities, such as sample shipping, gifting etc.; – Capping samples or gifts to a certain value per shipper per month, with any value above the threshold being subjected to duties.
- The inclusion of E-commerce in the National Integrated Logistics Plan being prepared by the Department of Commerce, which would focus on faster delivery with emphasis on lower costs.
Export promotion through e-commerce
Electronic commerce has been widely considered as an avenue to minimize costs of marketing, advertising and improving outreach. E-commerce provides opportunities to sellers or traders and consumers to communicate and connect beyond the limitations of geography and time. However, most domestic manufacturers, traders, sellers, MSMEs and start-ups, which operate or intend to operate on a digital platform, continue to struggle with compliances and costs which reduce their competitiveness and sustainability in international markets. This is as a result of burdensome administrative compliances and increased costs related to exports especially if the proceeds from exports are insignificant compared to these compliances and costs. To further enhance the outreach of these Indian entities, the promotion of export of their products should be done through E-commerce. The Draft Policy went further to recommend that the proposed National Integrated Logistics Policy must take into account the special needs of the export sector. E-commerce must be dealt with separately under the Logistics Policy.
It further recommended for review by way of increase in the existing limit of RS.25,000 placed on the delivery of consignments through cargo mode. This is aimed at increasing the efficiency of Indian e-commerce exports and making it attractive even for high-value shipments through courier mode. In turn, setting up of Air Freight Stations (AFS) off the air ports has been proposed, where all necessary cargo preparation and documentation can be done. This would help reduce the delay and congestion at air cargo complexes handling in India, especially in Delhi, Mumbai and Kolkata.
In relation to the repatriation of remittances out of exports which has been facilitated by the Online Payment Gateway Service Providers Draft Page 34 of 41 (OPGSPs). It has been suggested by the Draft Policy that the entire processes involved in effecting bank transfers by the exporters to these small businesses be revised and abridged to make room for the production of payment transaction reference numbers or consignment numbers in place of filing the Postal Bill of Exports (PBE). This would help reduce the lengthy documentation procedure involved in evidencing the bank transfer.
For the purpose of reducing transaction costs for MSME and start-ups, it is proposed that the provisions for collecting fees on applications submitted to claim export benefits should be done away with. The purport of this is that it any intended increase in the selling price would be regulated as a result of the reduced transaction costs, this is so because a high selling price could be detrimental on the attractiveness of products in a market.
Issues and challenges
Definition of E-commerce
The Draft Policy used an outdated definition of ‘e-Commerce’ which extends to buying, selling, marketing and distribution of goods and services through the electronic network. It is quite similar to a 1998 World Trade Organization (WTO) definition of E-commerce. This is out of synchronization with newer statutes in India like the FDI Policy, 2017, Central Goods and Services Act, 2017 and the Ministry of Electronics and Information Technology (“MeitY”), whose industries are part of the e-Commerce supply chain.
The definition used in the Draft Policy is too broad, including industries and entities that need not fall under the e-Commerce umbrella. There are various updated definitions of E-commerce existing in India. For instance, the 2018 landmark judgment in the case of Christian Louboutin Sas v. Nakul Bajaj & Ors. The Delhi High Court interprets e-Commerce as simply commerce, the purchase-sale of goods/ services which takes place online, and not from physical brick and mortar shops, malls or kirana stores. The Draft Policy ought to have thrown more light on this regulatory uncertainty. Rather than doing so, the Policy has attempted a conflation of the digital economy (including social media platforms and search engines) with e-commerce, resulting in the creation of new restrictions on foreign investment in India within this sector.
Another confusing issue is that the Draft Policy used the term ‘digital economy’ synonymously with E-commerce. This is against the International recognition of the term “Digital Economy”, wherein E-commerce is seen as a subset of the digital economy. This definition is used nationally and multilaterally, by the G20, the Asian Development Bank, the Organization for Economic Cooperation and Development, the U.S. and China. Even in India, the Trillion Dollar Digital Economy Report, issued by the MeitY in February 2019, includes e-Commerce as a subset of the digital economy.
The Draft Policy recommended data localization requirements that would make it difficult for Indian businesses to work with International data and service platforms. With respect to data ownership, the Draft Policy provides that an “individual consumer/ user who generates data retains ownership rights over his/her data and that the processing of data by corporations without explicit consent must be dealt with sternly”. However, there is no consent requirement for the sharing of sensitive data with third party entities, and for accessing what the Policy terms as “national data”. In fact, the Policy does not define any kind of data – individual data, community data, sensitive data and national data. This is a serious lacuna that must be addressed.
The restriction placed on data transfers out of India from e-commerce platforms, social media, and search engines is a limiting factor on how Indian consumers and businesses can work with those platforms.
The Draft Policy has excluded penal provisioning from its purview. Instead, it refers to penalization by other authorities. This may have been done because the Draft Policy is intended to be an overarching framework with no penal obligation flowing from it. However, this Draft Policy would have been truly comprehensive and rigorous had it provided for civil and/or criminal penalty (corresponding to indicative offences).
In addition, the Draft Policy does an injustice to consumers by imposing a liability on them to be cognizant of unregistered entities (GST non-compliant entities) and barring the making of payment to them. In a fast-moving click-and-buy world, it is simply not possible for consumers to carry out this check themselves.
E-commerce platform and intermediaries
The Draft Policy imposes impractical obligations on the intermediary/ platform on issues of trademark. The responsibility of informing a trademark owner each time his/her trademarked product is placed on the platform rests with the intermediary/ platform. This is a burden on the platform/ intermediary, requiring huge human and capital resources for it to be constantly proactive. This means increased operational costs for the business, and thereby, an increase in the cost of goods and/ or services.
This is not a problem for India alone. The EU Directive on Copyright in the Digital Single Market (approved by the European Parliament on 26 March 2019) imposes similar liabilities on platforms, including provisions for a platform to prevent uploading of unlicensed content. These policies will likely be challenged in the courts.
India’s Draft Policy has the additional problem of multiple legislation on e-Commerce: MeitY is already in the process of amending the current intermediary rules by way of the Draft Information Technology [Intermediary Guidelines (Amendment)] Rules, 2018. Should intermediaries have the power to determine whether content is illegal or if a product is fake?
Also, allowing access to data for broad purposes such as ‘law and order’ could result in a surveillance state which is characterized by intensive watch or observation with little or no freedom to carry out their businesses freely, thereby encroaching on their right to privacy. The term is vague and can potentially provide a very wide ambit to collect data from intermediaries.
More broadly, it suggests that online platforms should be liable for user generated content (and thus safe harbors for internet intermediaries be diluted)- this a threat to free speech and open communication.
The control of the pricing of advertising tools would likely control the business models of digital advertising platforms. Pricing controls take the incentive away from digital platforms to further improve their advertising platforms and offer the various advertising tools they offer to the advertisers.
With the wave of foreign investments in E-commerce largely dominated by India, alongside the new E-commerce policy, this has put India in the advantageous position of being a key global influencer. This, along with a new, dedicated E-commerce policy, puts India in the advantageous position of being a key global influencer. India is one of the few countries to have a well drafted and well implemented Draft Policy. However, the Draft Policy is not completely infallible as some of the key issues and challenges were highlighted in the article. Nevertheless, to address these challenges, few recommendations have been provided below.
- The DPIIT should consider creating a unified definition of e-Commerce and a separate definition for the digital economy in India in line with international norms as these subjects are not constrained by territorial borders. This will help in streamlining regulations in this sector across countries as well as on multilateral platforms.
- The DPIIT should (i) define the various types of data, and (ii) clarify whether it is necessary to cross-reference the Draft Policy with sector-specific laws, especially with regard to data. Without these clarifications, the objective of this Draft Policy will remain unclear.
- The DPIIT must (i) define the offences and the corresponding penalty, and (ii) consider making the e-Commerce platform responsible for hosting only GST and other tax-compliant entities on its site.
- As provided in the Draft Policy, Capital dumping should be certainly discouraged. Due to the monopolistic nature of the market, the best way to tackle this situation is through competition law. It would be hard to legislate against capital dumping, because the legal regime is to liberalize FDI and restricting investments through law would be considered protectionist and contrary to business-friendly policies.
- Clarifying the definition and role of intermediaries and e-commerce platforms in the Draft Policy will be beneficial for all stakeholders and place India in the lead globally on this issue.
- The Draft Policy provides for capacity building by the creation of technology centres in government and regulatory circles. This capacity needs to be extended to the state and the judiciary. For now, the Draft Policy is only a direction; it is not an enforceable document. This must change for it to be able to meet its objectives.
- Regulating the manner in which search engines or social media platforms decide to price advertising charges should be done in a cautious manner. Companies invest capital and resources in building innovative advertising tools. For any regulation to take place, these two factors must be put into consideration: i), the advertising charges should not be capped and should be left to market forces; ii) the principle of fair and non-discriminatory pricing can be adopted as the standard. The same principles which are followed by the Competition Commission in determining abuse of dominant position should be taken as the standard to determine if advertising charges are priced to the detriment of small enterprises or startups.
- The words ‘law and order’ should be amended and restricted to interests such as the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or concerning security of the State or cyber security, as contemplated in the Intermediary Guidelines Proposed Amendment.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: