E-Commerce

E‑Commerce

Introduction
E‑commerce is not merely commerce conducted over the internet; it is a distinct legal ecosystem where technology, commercial practice and regulatory overlays interact constantly. For Indian lawyers, e‑commerce cases typically raise issues across multiple branches — contract, tort (product liability), consumer law, information technology and data protection, taxation, foreign investment and competition law. Mastery of the term therefore means understanding not only the platforms (marketplace v. inventory models) but also how regulatory doctrines (intermediary immunity, product liability, data fiduciary duties, GST/TCS) operate in practice.

Core Legal Framework
– Information Technology Act, 2000 (IT Act)
– Intermediary definition and duties: the IT Act (definition of “intermediary”) and the statutory safe harbour in Section 79 are the starting point for platform liability analysis. Section 79 affords conditional immunity to intermediaries for third‑party content if due diligence is observed and statutory/compliant rules are followed.
– Data security and penalties: Sections dealing with liability for failure to protect data (earlier case law and Section 43A jurisprudence) and offences concerning wrongful disclosure of information (e.g., Section 72A) remain relevant, even as newer statutes develop.
– Intermediary Guidelines & Digital Media Ethics Code Rules, 2021: these Rules prescribe operational obligations for intermediaries — due diligence, grievance redressal officers, takedown procedures and jurisdictional compliances.
– Consumer Protection Act, 2019 and Consumer Protection (E‑Commerce) Rules, 2020
– The CPA 2019 expanded the scope of consumer remedies (deficiency, unfair trade practice) and introduced product liability concepts. The E‑Commerce Rules of 2020 impose specific obligations on e‑commerce entities: full disclosure of seller identity and contact, grievance officer, return/refund timelines, no unilateral unilateral modifications that prejudice consumers, and rules on flash sales and cancellation.
– Digital Personal Data Protection Act, 2023 (DPDP Act) and privacy jurisprudence
– The DPDP Act creates a statutory framework for processing personal data (roles of data fiduciary, obligations, consent, cross‑border transfer restrictions). The Supreme Court’s right to privacy decision (Justice K.S. Puttaswamy v. Union of India) underpins all data‑related litigation and compliance obligations.
– Goods and Services Tax (GST) law (Central/State GST Acts)
– E‑commerce operators carry specific GST obligations — registration for platform operators and TCS (tax collected at source) obligations under Section 52 of the CGST Act (e‑commerce operator must collect TCS on supplies made through its platform, unless otherwise exempt).
– Competition Act, 2002 and FDI policy
– CCI scrutiny has focused on deep discounting, parity clauses, preferential treatment of sellers and tying arrangements. The government’s FDI policy distinguishes marketplace models (generally permitted under conditions) from inventory/first‑party sales, which attract restrictions; these regulatory distinctions materially affect liability and contractual structures.
– Indian Contract Act, 1872; Sale of Goods Act, 1930; Payment & foreign exchange law
– Formation of online contracts, offer/acceptance, risk and transfer of property, payment regulations (RBI/Payment systems guidelines) and FEMA/FDI rules apply depending on transaction structure.

Practical Application and Nuances
1. Marketplace vs Inventory model — the dispositive factual test
– Legal consequence: whether the platform is an “intermediary” (eligible for safe harbour) or a principal/seller (liable as seller/manufacturer) often turns on control and commercial arrangements.
– Practical markers courts examine: ownership of inventory, title transfer, who invoices the consumer, who sets price/discounts, control over cataloguing and advertising, use of proprietary warehousing / fulfilment centers, contract terms with sellers, involvement in returns/refunds and logistics. Documents that decide cases: seller agreements, invoices, API/partner integrations, warehousing contracts, fulfilment/FSAs, pricing algorithms and internal emails.
– Example: A consumer injured by a defective product sold on a platform — if the platform has inventory, invoices in its name or exercises pricing control, it is commonly treated as a seller and can be sued for deficiency/product liability. If it is a pure marketplace with passive listings and clear contracts showing seller identity, it will seek intermediary protection.

1. Intermediary immunity — how to argue it
2. For the platform: demonstrate strict compliance with statutory due diligence, published grievance mechanism, prompt action on takedown notices, and that it merely provided technical infrastructure without editorial control over third‑party content or supply.
3. Evidence to produce: policy documents, logs showing takedown actions, correspondence with complainants, identity of sellers (as disclosed to consumer), technical records (server logs, timestamps), and evidence of contractual limitations with sellers.

4. For the claimant: show the platform’s active role — evidence of pricing control, exclusive agreements with sellers, bundling of payments, uniform return policy implemented by the platform, platform involvement in fulfillment or after‑sales service.

5. Consumer claims and product liability

   Explore More Resources

   • › Read more Government Exam Guru
   • › Free Thousands of Mock Test for Any Exam
   • › Live News Updates
   • › Read Books For Free
6. Claims typically framed under CPA 2019: deficiency in service, unfair trade practice, and product liability. Remedies include refund, replacement, compensation and punitive directions.
7. Evidence: order confirmations, screenshots (with timestamps and device/browser metadata if possible), delivery receipts, package photographs, medical reports if injury occurred, correspondence, returns history and seller/platform contract terms.

8. Practical step: preserve digital evidence immediately (logs, DMARC) — applications for interim preservation orders and disclosure to court/consumer forum may be necessary.

9. Data protection and breaches

10. Any data breach triggers duties under DPDP Act and may invoke consumer and criminal consequences (if wrongdoing). A lawyer must advise clients on breach notification timelines, containment, forensic audit, and communications strategy.

11. In litigation, demonstrate compliance with privacy notices, consent records, DPIAs (where relevant) and DPA (data processing agreements) with third parties.

    Explore More Resources

    • › Read more Government Exam Guru
    • › Free Thousands of Mock Test for Any Exam
    • › Live News Updates
    • › Read Books For Free

12. Taxation and cross‑border supply

13. GST/TCS compliance: ensure registration where required; reconcile marketplace invoices and remittances. For cross‑border supplies, determine whether supply is service/goods and place of supply under IGST rules — affects customs, GST and withholding.

14. RBI/payment compliance: disputes over chargebacks, settlement cycles and escrow accounts should be handled with RBI rules and payment gateway agreements in mind.

15. Takedowns, injunctions and interim relief

    Explore More Resources

    • › Read more Government Exam Guru
    • › Free Thousands of Mock Test for Any Exam
    • › Live News Updates
    • › Read Books For Free
16. Use grievance officer path first (statutory under Intermediary Rules and E‑Commerce Rules) — a notice to grievance officer is often a procedural requirement before court action.
17. For IP or defamatory content, file for urgent takedown under IT Rules and seek court orders or blocking orders (Section 69A and court relief). Courts will balance free speech and reputation; intermediary role and response time are crucial.

Landmark Judgments
– Shreya Singhal v. Union of India, (2015) 5 SCC 1
– Key principle: clarified intermediary liability framework; the constitutional validity of conditional liabilities and the requirement that intermediaries who observe due diligence are not to be made liable without statutory grounds. The judgment emphasises procedural safeguards and narrow construction of criminal liability for online content; it remains the touchstone for platform defence.
– Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1
– Key principle: entrenched right to privacy, which undergirds legal obligations of platforms when processing personal data. Puttaswamy is routinely invoked in disputes over profiling, targeted advertising, data sharing and mandatory KYC.

Strategic Considerations for Practitioners
For plaintiffs/consumers:
– Preserve evidence immediately: take screenshots with timestamps, retain emails/transaction IDs, seek logs and server records via interim orders if necessary.
– Plead granularly: specify the exact contractual relationship (who invoiced, who accepted payment), show how the platform’s role caused or contributed to harm, and plead alternative causes of action (consumer law + contract + tort + DPDP breach).
– Use multiple remedies: combine takedown notices, consumer forum claims and civil suits (or criminal complaints when offences are involved). Rely on product liability provisions in CPA 2019 where applicable.

For e‑commerce platforms / sellers:
– Compliance by design: publish clear T&Cs, seller‑onboarding documents, privacy policy, returns and refund policy; appoint grievance officers and nodal officers; maintain retention policies and audit trails.
– Structure contracts defensibly: clearly articulate marketplace vs inventory roles; ensure seller disclaimers, indemnities and proper distribution of obligations such as fulfilment and after‑sales support.
– Dispute resolution: include clear jurisdiction and arbitration clauses where strategically useful — but beware consumer fora often decline arbitration when consumer statutory protection is invoked.
– React quickly on notices: rapid takedowns and remediation reduce risk of losing safe harbour and mitigate reputational damage.

Common pitfalls to avoid
– Treating the statutory grievance process as optional — courts and regulators expect compliance before launching litigation.
– Failing to segregate seller funds and misrepresenting control over inventory — such operational misstatements can flip a platform from intermediary to seller in litigation.
– Ignoring DPDP obligations — data breaches or opaque consent practices attract as much regulatory scrutiny as consumer complaints.
– Over‑reliance on standard form clauses without ensuring real world practices match stated policies.

Practical checklist for client advisories / pleadings (concise)
– For claimants: collect order ID, invoice, screenshots, delivery proof, seller/platform communications, medical or expert reports (if product defect), and send a legal notice to grievance officer as per Rules before invoking emergency relief.
– For platforms: maintain seller agreements, logs, takedown records, fulfilment contracts, procurement invoices, KYC records for sellers, privacy/consent records, grievance escalation records, and compliance certificates for audits.

Conclusion
E‑commerce disputes are fact‑driven fights about control, disclosure and compliance. The legal map is multi‑layered: intermediary safe‑harbour under the IT Act, sector‑specific obligations under Consumer Protection (E‑commerce) Rules, robust data protection duties under the DPDP Act, and tax/competition constraints. Winning — whether for a plaintiff or an e‑commerce operator — depends on documentary proof of the actual commercial arrangement, swift preservation of digital evidence, and carefully marshalled statutory compliance. Successful practitioners blend technical documentary forensics (logs, APIs, invoices) with precise legal framing (intermediary immunity, product liability, data fiduciary breaches, GST/TCS exposure) to convert a theory of liability into enforceable relief.