Mandating e-commerce firms to disclose consumers’ data in the absence of data protection law is perplexing
At a time when the economy is struggling to recover from the catastrophic impact of the coronavirus pandemic, the proposed tougher rules for online retailers have raised fears in industry circles. Both the foreign and domestic e-commerce giants have flagged the controversial issues contained in the draft amendments to the Consumer Protection (E-Commerce) Rules, 2020. There are also concerns over the sweeping powers of the Centre to access data of consumers that could lead to expanded surveillance intruding into consumer data and the right to privacy. New rules limiting flash sales, barring misleading advertisements and mandating a complaints system, among other proposals, could force online retail majors like Amazon and Flipkart to review their business structures, and may increase costs for domestic rivals including Reliance Industries’ JioMart, BigBasket and Snapdeal. The proposed policy states e-commerce firms must ensure none of their related enterprises is listed as sellers on their websites. This could impact Amazon as it holds an indirect stake in at least two of its sellers. Among the proposed rules, the one concerning “related-party clause” is more confusing. This could lead to situations where a last-mile delivery partner of an e-commerce firm is treated like a related party, complicating the regulations further. With the pandemic already hitting the businesses hard, the proposed rules will have a huge impact on its sellers. For instance, Rule 5(18) in the amendments would require any e-commerce entity to provide information under its control to a requesting government agency within 72 hours of receipt of an order.
The information includes data gleaned by tracking the browsing habits, even beyond the e-commerce website itself, and data inferred about personal characteristics and preferences based on what we search for, or purchase and when, where and how we do it. The agencies can make this demand for over-broad purposes devoid of any limitations. The proposed grounds include prevention, detection, investigation, or prosecution of any offence, or identity verification or cybersecurity. It is perplexing why the government is resorting to the intrusive measure of mandating the e-commerce entities to disclose consumers’ data. The absence of any safeguards against arbitrary government action raises a red flag of unwarranted surveillance. Moreover, India has no data protection law at present. The Personal Data Protection Bill is pending and requires significant improvements to make it an effective law. It is, therefore, necessary to restrict the collection of data by government agencies. To enact a provision enabling untrammelled government access to data before the country has a data protection law in place is to place the cart before the horse. It reflects executive overreach and fails the legality test, particularly against the backdrop of the Supreme Court upholding the right to privacy.
Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.