Consumer protection rules: E-tailers may need user nod to share data

The Centre is likely to ask e-commerce companies to seek the consumer’s consent before sharing her or his personal data, a move aimed at protecting the person’s privacy as well as preventing information misuse or unauthorised sharing.

The Ministry of Consumer Affairs is working on a detailed set of guidelines regarding seeking consent on data sharing, and they will come as part of the much-awaited Consumer Protection (E-commerce) Rules.

“Apart from the consent factor, e-commerce companies will have to adhere to the personal data protection law, which is being rewritten by the Ministry of Electronics and Information Technology,” a senior government official told Business Standard.

Now there is no law in India related to personal data protection. However, some aspects of it have been put into practice by regulators such as the Reserve Bank of India, through its data localisation norms for fintech companies.

Experts said e-commerce companies would have to be prompt in upgrading their technology for seeking consent from consumers. Or else consumers will have the power to take action, if needed.

If implemented, this will be a good move to prevent misuse of personal data, especially in the absence of a personal data protection law, said Atul Pandey, partner at Khaitan and Co.

“Companies will have to be ready to incur a higher cost for technology upgrade needed for this additional compliance. The government will have to check if e-commerce companies are adhering to the rule,” Pandey said.

In June last year, the Ministry of Consumer Affairs had proposed fresh guidelines for e-commerce companies to tighten the regulatory regime and make them more accountable and protect consumer interests.

The government had sought comments from relevant stakeholders, and the last date of submitting comments on the proposed rules was August 2021.

The revised rules are yet to see the light of day because they faced criticism from the industry and other government departments.

E-commerce behemoths such as Amazon and Flipkart, as well as industry lobby groups, had told the government such rules would affect their business models and the way they managed their operations.

Officials of the ministry said they had several meetings with stakeholders and had done a study of the best practices in developed nations such as Australia and the United States.

Earlier this year, a Parliamentary Standing Committee report on e-commerce had noted that it was “perturbed” at the absence of a policy and regulatory framework around the use of data, which might result in “misuse and exploitation of data by a handful of companies, which when coupled with network effects might distort competition in e-marketplace”.

The committee recommended there was a need for “clear guidelines” regarding the use and sharing of data generated on e-commerce platforms.

PRIVACY SAFEGUARD

• E-commerce firms may have to incur higher costs for upgrading tech to comply with norm
• Details are being worked out and will be part of the Consumer Protection (E-commerce) Rules
• Proposed rule is crucial, especially in the absence of a personal data protection law in India, say experts
• Will be applicable to all e-commerce companies