Tag Archives: Legal issues


Disclaimer: This is not a legal opinion and should not be construed as one. Please speak
with your attorney for any advice.

Legal Issues in E-commerce – Part 1 of the series

E-commerce has picked up in India and how ! We love when a young e-com business gives a large traditional organization a run, whose competitive advantage is just being big.

Over three posts we plan to present some of the legal issues in an e-com business. Some of these legal issues are applicable because of “e” and then there are those which are very specific to the nature of business itself.

Let us take a few examples of specific business related issues.

FDI in retail: The FDI policy issued by Department of Industrial Policy and Promotion (DIPP) has a separate section for Ecommerce activities and specifies that FDI in e-com is allowed provided such companies would engage only in B2B and not in retail training. i.e. existing restrictions on FDI is applicable to e-commerce as well.

And then there are regulations for the web variation of the business. For example:  Insurance Regulation Development Authority (IRDA) introducing guidelines for the web aggregators.  Any company which maintains/owns a website  which provides information pertaining to insurance products and price comparisons of different insurers and offers leads to an insurer / insurance brokers will have to adhere to some detailed Dos and Don’ts  wef 1 Feb 2012.

Reserve Bank of India (RBI) has very stringent guidelines on pre-paid payment instruments.  For the ones like Itz Cash, the guidelines are clear.  But applicability of the said guidelines for ecom sites which issue vouchers/ coupons/ deal sites are still not very clear.

Recurring payment mechanism, which the Indian SaaS businesses are crying for, is still not available in India because of RBI restrictions and also the guidelines under the Payment and Settlement Systems Act is still expected.

Most young entrepreneurs believe that the only applicable legislation for anything that uses technology is Information Technology Act (IT Act).  While IT Act is an important applicable legislation, this post is meant to illustrate that numerous legislations come into play as well.

Coming up next are legal issues due to the “e” in business.

Disclaimer:    This is not a legal opinion and should not be construed as one. Please speak with your attorney for any advice.

Legal Issues in E-Commerce – Part 2 of the series

In the previous post  (http://novojuris.wordpress.com/2012/01/12/legal-issues-in-e-commerce-part-1-of-the-series/) we provided a glimpse, that based on the specific nature of business, there are various legislations that an e-com business has to comply with.

This post examines some of the ‘core’ legal issues relevant to nature of business being conducted electronically, i.e. the “e” part of the business.

Jurisdiction:  A traditional rule of private international law is that, the jurisdiction of a nation extends to individuals who are within the borders of the nation (location or activities of the parties).  But if parties are interacting in an online environment, then identifying physical location (should it be where the employees reside and operate from, or where the company is incorporated, or where the website is hosted or where the customer received the product / service) and the place where the transaction took place is very hard. The complexity is that the ecom company has to comply with legal requirements of all those jurisdictions and there is a fair chance that it can be sued in any of those jurisdictions.

US Courts have used the concept of “minimum contacts” while determining jurisidiction.  This could be physical presence, financial gains, interactivity of the website, stream of commerce, electing an appropriate forum / court and jurisdiction in the contracts.

Indian Courts under the civil court procedures traditionally use the test of  ‘where the subject matter is situated’ or ‘where defendants reside’ or ‘cause of action arose’  (to put in very very simple words. It is a lot more complicated that this)

Without getting into a legal treatise, a simple way is for the contract between the parties to elect the choice of law, court and jurisdiction.  Courts in the US have upheld the validity of contracts where the parties have agreed to the choice of law and choice of courts. (CompuServe, Inc vs. Patterson). While this is one of the ways to mitigate the question on jurisdiction, it is not conclusive.

Determining jurisdiction is the most important aspect, in any internet related business, such as ecommerce, cloud computing.  Arising from this are tax related questions, applicability of various legislations and compliances required under them.

This then takes us to the next most important aspect of contracts.

Contracts: For a contract to be valid there has to be an offer, acceptance and valid consideration.  In an ecom business most of the contracts are online, where the user of the website ‘clicks to accept’ the terms and conditions/ subscription / pricing and the like.

One of the premise of the Information Technology Act (IT Act) was to provide legal recognition to electronic records and digital signatures, which in turn facilitates conclusion of contracts and creation of legal rights and obligations through electronic communication.

An electronic record means not only data but also includes record, image, sound stored, received or sent in an electronic form.

While the ‘offer’ and ‘consideration’ part of the valid contract requirements can be identified, the ‘acceptance’ of the proposal by the customer in an online contract has to be established. The IT Act provisions on legal recognition of electronic records which states (i) any information rendered or made available in an electronic form ‘and’ accessible so as to be usable for a subsequent reference (ii) should the information require signatures for verification, then the digital signatures (detailed in IT Act) has to be affixed.

The electronic record created upon acceptance by customer has to be retained as per various legislations.  For example, Income Tax Act requires about 8 years, Companies Act mandates that some records be kept for life and the like.

This still leaves one verification aspect, i.e. ensuring the other party is above 18 years old (requirement under Indian Contract Act).  Digital signature is one of the ways that offers verification.

Over the next post, we’ll be examining issues around privacy, caching and deep linking.

Disclaimer This is not a legal opinion and should not be construed as one. Please speak with your attorney for any advice.

Legal Issues in E-Commerce – Part 3 of the series

In the earlier posts, Part 1 and 2, we examined a few legal issues related to the business side of e-commerce and conducting business electronically. In this post, we are detailing some of typical questions that e-commerce businesses ask us.

Deep-linking, hyper-linking:  Many a time, the website may provide links to third party websites.  If this link is to the home page (hyper-link), it is not considered as copying the website and therefore is not a copyright infringement.  However, some of the websites expressly prohibit or require permission even for hyper-linking. For example, RBI expressly requires their permission before linking, though it is against the customary practices of internet.

Deep-linking (Courts have in some cases defined it as linking beyond the home-page) is treated differently from hyper-linking.  There are many aspects to this.

Websites which earn revenues through advertisements, object to deep-linking, because the user is directed to an internal page, by-passing the advertisements on the home-page, thereby causing loss of revenue. While this point is a business issue, there are wider legal ramifications as well.

In Bixee versus Naukri.com’s case, since the user was led to the internal pages of Naukri, thereby by-passing the home-page which usually has advertisements, Naukri claimed loss of revenue. There was another aspect to this case as well.  Bixee’s business was enabling users of its website to search for jobs on various other websites.  By deep-linking to Naukri.com’s website, Bixee was using Naukri’s database for its business.  Database is protected through copyright and such deep-linking was considered as copyright infringement.

Incorporating webcontent which is copyright protected by framing, is another point that is usually considered as copyright infringement.   

Related to the above, is where deep-linking is used for comparing prices of different products.  For example: if you want to capture that the price of a mobile phone on your website is cheaper than that offered on, say FlipKart, then in some ways it also gets construed as comparative advertising. While there are no established standards in India, unlike in other geographies, at a minimum it is required to ensure that the information / presentation does not

  • principally capitalize on the reputation of the tradename of the competitor.
  • discredit or denigrate the goods, services, marks or name of the competitor.
  • Mislead the customer or create a risk of confusion.

Courts across various jurisdictions are grappling with issues of infringement of intellectual property rights through deep-linking, meta-tagging.

Another important question that is prominently asked in an e-commerce business is Privacy.

Privacy: In India, though we do not have a separate legislation, Supreme Court has always upheld the Right to Privacy under the Fundamental Rights in the Constitution.  Privacy is very closely linked to Data Protection. Information Technology Act (IT Act) provides for some measures of data protection.

IT Act covers instances such as (i) computer trespass, violation of privacy (ii) unauthorized digital copying, downloading and extraction of data, computer database or information, theft of data held or stored in any media (iii) unauthorized transmission of data or program residing within a computer, computer system or  computer network (cookies, spyware, GUID or digital profiling are not legally permissible) (iv) data loss, data corruption (v) computer data/ database disruption, spamming (vi) denial of service attacks, data theft, fraud, forgery (vii) unauthorized access to computer data / computer databases (viii) instances of data theft (passwords, login IDs) and the like. IT Act also covers instances of cyber offences like hacking, tampering computer source documents. There are both civil and criminal liabilities prescribed in the IT Act.

In an e-com business, quite a few personally identifiable information gets collected, individual’s name, address, telephone numbers, profession, family, educational background, banking details.  Passing on this information to interested parties not only leads to intrusion of privacy but also other legal issues. Many do opine that in the era of social networking, privacy is over-rated.  Try asking them a question if they would like to expose their personal credit card number J

The IT Act does not lay down privacy principle like the Data Protection Act of the EU or the Safe Harbor Principle of the US. But following the highest standards of conducting business, the privacy policy of an e-com businesses need to answer atleast,

  1. What are the ‘personally identifiable information’ that would be collected.
  2. How and when would the information be collected (example, registration process, payment process )
  3. What usage/ analytics / tracking methods would be used (Example cookies, web beacons, IP address, log files)
  4. How and when would the ‘personally identifiable information’ be used. (example, sharing with third parties (banks, courier agents, service providers), to send marketing emails/ newsletters, surveys, contests, polls)
  5. Describe the security measures adopted for protecting the information.

Having a privacy policy is not an end by itself, it has to be honored and adhered to by the companies in spirit.

Trust these posts have been useful. Please do share your comments / questions in the comments section below.

Disclaimer:   This is not a legal opinion and should not be construed as one. Please speak with your attorney for any advice.