Legal Issues in E-Commerce – Part 3 of the series

In the earlier posts, Part 1 and 2, we examined a few legal issues related to the business side of e-commerce and conducting business electronically. In this post, we are detailing some of typical questions that e-commerce businesses ask us.

Deep-linking, hyper-linking:  Many a time, the website may provide links to third party websites.  If this link is to the home page (hyper-link), it is not considered as copying the website and therefore is not a copyright infringement.  However, some of the websites expressly prohibit or require permission even for hyper-linking. For example, RBI expressly requires their permission before linking, though it is against the customary practices of internet.

Deep-linking (Courts have in some cases defined it as linking beyond the home-page) is treated differently from hyper-linking.  There are many aspects to this.

Websites which earn revenues through advertisements, object to deep-linking, because the user is directed to an internal page, by-passing the advertisements on the home-page, thereby causing loss of revenue. While this point is a business issue, there are wider legal ramifications as well.

In Bixee versus Naukri.com’s case, since the user was led to the internal pages of Naukri, thereby by-passing the home-page which usually has advertisements, Naukri claimed loss of revenue. There was another aspect to this case as well.  Bixee’s business was enabling users of its website to search for jobs on various other websites.  By deep-linking to Naukri.com’s website, Bixee was using Naukri’s database for its business.  Database is protected through copyright and such deep-linking was considered as copyright infringement.

Incorporating webcontent which is copyright protected by framing, is another point that is usually considered as copyright infringement.   

Related to the above, is where deep-linking is used for comparing prices of different products.  For example: if you want to capture that the price of a mobile phone on your website is cheaper than that offered on, say FlipKart, then in some ways it also gets construed as comparative advertising. While there are no established standards in India, unlike in other geographies, at a minimum it is required to ensure that the information / presentation does not

  • principally capitalize on the reputation of the tradename of the competitor.
  • discredit or denigrate the goods, services, marks or name of the competitor.
  • Mislead the customer or create a risk of confusion.

Courts across various jurisdictions are grappling with issues of infringement of intellectual property rights through deep-linking, meta-tagging.

Another important question that is prominently asked in an e-commerce business is Privacy.

Privacy: In India, though we do not have a separate legislation, Supreme Court has always upheld the Right to Privacy under the Fundamental Rights in the Constitution.  Privacy is very closely linked to Data Protection. Information Technology Act (IT Act) provides for some measures of data protection.

IT Act covers instances such as (i) computer trespass, violation of privacy (ii) unauthorized digital copying, downloading and extraction of data, computer database or information, theft of data held or stored in any media (iii) unauthorized transmission of data or program residing within a computer, computer system or  computer network (cookies, spyware, GUID or digital profiling are not legally permissible) (iv) data loss, data corruption (v) computer data/ database disruption, spamming (vi) denial of service attacks, data theft, fraud, forgery (vii) unauthorized access to computer data / computer databases (viii) instances of data theft (passwords, login IDs) and the like. IT Act also covers instances of cyber offences like hacking, tampering computer source documents. There are both civil and criminal liabilities prescribed in the IT Act.

In an e-com business, quite a few personally identifiable information gets collected, individual’s name, address, telephone numbers, profession, family, educational background, banking details.  Passing on this information to interested parties not only leads to intrusion of privacy but also other legal issues. Many do opine that in the era of social networking, privacy is over-rated.  Try asking them a question if they would like to expose their personal credit card number J

The IT Act does not lay down privacy principle like the Data Protection Act of the EU or the Safe Harbor Principle of the US. But following the highest standards of conducting business, the privacy policy of an e-com businesses need to answer atleast,

  1. What are the ‘personally identifiable information’ that would be collected.
  2. How and when would the information be collected (example, registration process, payment process )
  3. What usage/ analytics / tracking methods would be used (Example cookies, web beacons, IP address, log files)
  4. How and when would the ‘personally identifiable information’ be used. (example, sharing with third parties (banks, courier agents, service providers), to send marketing emails/ newsletters, surveys, contests, polls)
  5. Describe the security measures adopted for protecting the information.

Having a privacy policy is not an end by itself, it has to be honored and adhered to by the companies in spirit.

Trust these posts have been useful. Please do share your comments / questions in the comments section below.

Disclaimer:   This is not a legal opinion and should not be construed as one. Please speak with your attorney for any advice.

Advertisements