1mg Technologies has asked for lesser regulatory burden on platforms with respect to the takedown procedure, seller undertakings requirements, and response times to complaints, in comments on the draft e-commerce policy to the DPIIT. They also ask for disclosures requirements to be in line with existing ones under Press Note 3 and the IT Rules on sensitive personal information. 1mg Technologies is an e-commerce platform dealing in healthcare services. Their full submission can be accessed here, and is summarised below. We are also compiling a list of submissions made to the DPIIT, accessible here.

Regulatory Burden on Platforms: Seller Undertakings, Disclosures

  • Harmonisation of data disclosure requirements: The submission asks for the policy’s stance on data collection disclosure to mirror the requirements under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 read with Section 43 of the IT Act. This requires any company possessing personal information to maintain a privacy policy. Alternatively, it asks the DPIIT to provide the modalities for making a ‘full disclosure’ regarding data collection.
  • Clarification required on seller disclosures: The submissions asks for harmonisation seller disclosure requirements of the policy with the disclosure requirements applicable to the online marketplaces in Press Note 3 of 2016 and Press Note 2 of 2018 issued by DPIIT. It asks for the phrase ‘contact details including email and phone number’ to be substituted with ‘other contact details’.
  • Simplification of seller undertaking process: The submission recommends a limited requirement of a general undertaking as to the authenticity of all the products of the sellers, owing to the practical hurdles in obtaining separate undertakings by sellers with respect to each of their products to be listed on the platform. The submission asks for a competent authority to set up a repository of all TM owners and licenses in order to remove an onus on platforms to notify or obtain approvals from TM owners for the goods listed on their application.

Counterfeits, Prohibited Items, and ‘Gifting’

  • Greater time limit for customer complaints and counterfeits: Initial response to complaints be provided within a week and, the rest of the complaint redressal procedure should be required only on a best-effort basis. The policy contains exceptions for requirements to display public customer reviews. The time limit for marketplaces to forward customer complaints regarding counterfeit goods to sellers should be set at two business days. Platforms should cooperate with customers who wish to take legal action against sellers.
  • Ease in requirements regarding prohibited items: The submission asks for the obligation on e-commerce platforms be limited to removal of items from listing only when adjudged as counterfeit by order of an authority or presentation of documentary evidence by the TM holder. The submissions asks for a period of seven to ten days for platforms to taken down prohibited items.
  • Restriction only on misuse of gifting route: The submission recommends a clarification to suggest that the restriction on the misuse of the ‘gifting route’ should be explicitly restricted to the sale of products by an overseas seller to an Indian customer as a ‘gift’ with the objective of evading customs and other applicable duties. It asks for the intent of curbing misuse of the provision in terms of import of goods into India by an Indian customer from an overseas seller, to be included in the said section.

Use of Personal and Anonymised Data by Companies

  • Individual rights ownership not applicable to anonymised data: The submission recommends that anonymised data be kept outside the purview policy’s stance on individual ownership of data, in line with the Personal Data Protection Bill, 2018. The Draft Policy recognises the right of an individual over anonymised version of such data, which the submission points out as being excluded from the PDP Bill.
  • Companies have a right to used collected data: The submission asks that the draft policy should clearly mention that an individual consciously agrees to an organisation using her data for a specific purpose while giving consent online. The submission asks for avoidance of confusion on a company’s absolute rights over data received from an individual through express consent, for a said purpose.