Archive for July 2021


The era of digitization gave birth to entirely new markets which deal with the collection, organization, and processing of personal information, whether directly or as critical component of business. The outburst of Covid-19 and the lock-down has led to several challenges in various sectors regarding data privacy and protection; hence protection of data and privacy plays a much important role now, as there are several loopholes in which data can be breached and its security is at major risk.

Section 2 (o) of Information Technology Act,2000 defines “data” which means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

Data protection is the process of safeguarding important information from corruption, compromise or loss. Through the landmark judgment of Justice K.S Puttaswamy vs Union of India (AIR 2017 SC 4161), the Hon’ble Supreme Court held right to privacy is declared as a fundamental right under Article 21 of Indian Constitution. This judgment made general public realize that their data is intrinsic, important and therefore worthy of protection.

At present India does not have specific legislation in regard to data protections and privacy, although a Personal Data Protection Bill, 2019 was introduced in Lok sabha. There are many ambiguities as to the implementation of this bill, but there are some important enactments which focuses and governs privacy protection and personal data
• Information Technology Act, 2000.
• The Right to Information Act,2005
• Information Technology (Guidelines for intermediaries and digital media ethics code) Rules, 2021

Section 43A of the IT Act 2000 provides that whenever a corporate body possesses or deals with any sensitive personal data or information, and is negligent in maintaining a reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, then such body corporate shall be liable to pay damages to the persons so affected.

Section 72A of the IT Act 2000 provides that any person (including an intermediary) who, while providing services under the terms of a lawful contract, has secured access to any material containing personal information about another person, with the intent of causing or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.

Section 8 (1)(j) of Right to Information Act – This section provides that the authorities are under no obligation to provide information to citizens regarding inter alia information which relates to personal information, the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information.

The Information technology (Guidelines for intermediaries and digital media ethics code) Rules, 2021 have been passed under sections 69A(2), 79(2)(c) and 87 of the Information Technology Act, 2000. Rule 4(2) provides that a significant social media intermediary providing services primarily in the nature of messaging shall enable the identification of the first originator of the information on its computer resource as may be required by a judicial order passed by a court of competent jurisdiction or an order passed under section 69 by the Competent Authority as per the Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009. This rule is clearly a major threat to the privacy of the users and this was challenged by Whatsapp in Delhi High Court to quash a new government rule which is against right to privacy.

India has gone more digital in this covid-19 pandemic era, than ever before. In this digital era, data is a valuable resource that needs to be protected and regulated. Right to privacy cannot be exercised effectively unless data is protected through a legal regime; therefore implementation of personal data protection bill becomes very important.

Authored by



1. Introduction

These rules apply to all goods and services bought or sold over any digital or electronic network. These even apply to an e-commerce entity, not established in India, but systematically offers goods or services to consumers in India.

According to these rules, an e-commerce entity,  means any person who owns, operates or manages a digital or electronic facility or platform for electronic commerce, but does not include a seller using the said platform.

An inventory e-commerce entity is an e-commerce entity which owns the inventory of goods and services and sells such goods or services directly to the consumers.

A market place e-commerce entity is an e-commerce entity which provides an information technology platform on a digital or electronic network to facilitate transactions between buyers and sellers.

2. Duties of E-Commerce Entities:

  1. An E-commerce entity shall be a company incorporated under the Companies Act 1956 or the Companies Act 2013 or a foreign company covered under clause (42) of section 2 of the Companies Act, 2013 or an office, branch or agency outside India, owned or controlled by a person resident in India.
  • E-commerce entities shall appoint a nodal person of  contact who is resident in India, to ensure compliance with provisions of the Consumer protection Act, 2019 or the rules there under.
  • Every e-commerce entities shall provide its legal name, principal geographic address of his headquarters and all branches, names and details of its website, email address and mobile numbers of customer care and grievance officer on its platform.
  • Every e-commerce entity shall establish an adequate grievance redressal mechanism and shall appoint grievance officer for consumer grievance redressal and shall display his name, contact details, designation etc.
  • Grievance officer shall acknowledge the receipt of any complaint within forty-eight hours and redresses the complaint within one month from the date of receipt of the complaint.

  • E-commerce entity cannot impose cancellation charges on consumers, cancelling after confirming purchase, unless they incur similar charges if they cancel the purchase.

3. Liabilities of marketplace e-commerce entities

  1. To require sellers through an undertaking to ensure that descriptions, images etc pertaining to goods or services on their platform is accurate.
  • To provide the details about the sellers offering goods and services including the name of their business, geographic address, customer care number, any rating or feedbacks etc and they shall provide such information to consumer on request.
  • They shall provide ticket number for each complaint lodged, through which the consumer can track the status of the complaint.
  • They shall provide all information relating to return, refund, exchange, warranty, guarantee, delivery, shipment, modes of payment, and grievance redressal mechanism.
  •  They shall also provide information on payment method, security of such payment methods, any fees or charges payable by users, the procedure to cancel regular payments and the contact information of payment service provider.

4. Duties of sellers on marketplace e-commerce entity

  1. Sellers cannot refuse to take back goods or withdraw or discontinue services purchased or refuse to refund consideration, if such goods or services are found to be defective, deficient or spurious, late delivered etc.
  • They shall have a written contract with the respective e-commerce entity in order to undertake or solicit such sale.
  • They shall appoint grievance officer for consumer grievance redressal, who shall acknowledge the receipt of any consumer complaint within forty-eight hours and redresses the same within one month.
  • They shall ensure that the advertisements for marketing of goods or services are consistent with the actual characteristics, access and usage conditions of such goods or services.

  • They shall provide the e-commerce entity their legal name, principal geographic address of their headquarters and all branches, the name and details of their website, their e-mail address, customer care contact details, GSTIN, PAN etc.
  • The seller shall further provide the following information to the e-commerce entity:
  • Price of goods and services with the breakup price, together with delivery charges, handling charges, conveyance charges, applicable tax etc.
  • Expiry date of goods being offered for sale.
  • Details of country of origin of goods.
  • Name and contact details of grievance officer
  • Name and details of importer and guarantees of the imported products.
  • Information related to terms of exchange, returns, refund, delivery, shipment, guarantees, warranties etc.

 5.  Duties and liabilities of inventory e-commerce entities:

  1.  They shall provide accurate information regarding return, refund, exchange, warranty, guarantee, delivery, shipment, mode of payments and grievance redressal mechanism in a clear and accessible manner.
  • They shall also provide information regarding payment methods, procedure to cancel payments, fees or charges payable by users, charge back options etc.
  • They shall provide a ticket number for each complaint lodged through which the consumer can track the status of complaint.
  • They shall provide total price in single figure of any  goods and services along with the  breakup price for the goods and services.
  • They shall ensure that advertisements of goods and services are consistent with actual characteristics, access and usage conditions of such goods or services.
  • They shall not refuse to take back goods or discontinue services or refuse to refund consideration, if such goods or services are defective, deficient etc.,