Documente Academic
Documente Profesional
Documente Cultură
Today E-Commerce has become an integral part of our lives. It is not a luxury but a necessity
for most people particularly in urban areas nations. It has revolutionized the way goods and
services are bought and sold. They have in most parts of the world almost replaced physical
mode of buying goods and services and in light of the number of Electronic Transactions
increasing at a rapid rate legislatures around the world are evaluating the current legal
framework. Because E-Commerce has the ability to traverse national boundaries it would be
advantageous to do a comparative analysis between the legal frameworks of India where the
E-Commerce Sector has grown rapidly over the last few years and that of the United States
which already has a very well established jurisprudence with regards to e-commerce. This
project seeks to highlight the difference between the two systems as well as the lacunae in the
approach undertaken by both the nations in reforming their legal frameworks in light of
changing business environment. This faulty approach is most apparent in India where sadly
the law has not caught up with the changing times and hence a number of legal loopholes
exist. The United States has perhaps the most advanced jurisprudence in the field of ecommerce. In this project we will endeavour to compare the legislative framework of the two
countries with regards to the e-commerce and how it affects the lives of consumers.
The signature creating data at the time of affixing the signature was under the sole
ii.
at
2 Jonathan D. Bick Cited from Unconscionable Terms Prevent Enforceability Of E-Commerce Contract
Clauses ,18 F. Supp. 2d 1165 (2002).
Position in US
Digital Signatures in the United States are mainly governed under two statutes, the United
States Electronic Signatures in Global and National Commerce (ESIGN) Act and the Uniform
Electronic Transactions Act (UETA). They list down four major requirements that need to
fulfilled if a Digital Signature has to be considered as legally valid.
Intent to Sign Electronic Signatures like their wet ink counter-parts are valid only
Apart from these statutes various other Federal Statutes may also apply.
3
NDA
Hotline,
available
<http://www.nishithdesai.com/fileadmin/user_upload/pdfs/Research%20Papers/ECommerce_in_India.pdf>, last visited on 15th August 2016.
at
Identity theft was made a separate crime against the individual whose identity was
stolen and credit destroyed. Previously, victims were categorized solely on the basis
of financial loss and often the emphasis was on banks and other financial institutions,
rather than on individuals.
It established the Federal Trade Commission (FTC) as the Federal Governments one
central point of contact for reporting instances of identity theft by creating the Identity
fines.
It closed legal loopholes, which previously prohibited a person from producing or
possessing false identity documents, but did not prohibit stealing another personals
personal identifying information8.
Over time, state legislative bodies also started to pass laws that were victim friendly, and
these laws ended up being the basis for many national laws years later. As most crimes are
prosecuted on the state level, these laws came to have a significantly positive impact on
victims.
Other federal laws have also been enacted to address the growing complexities surrounding
identity theft and fraud such as Fair Credit Reporting Act (FCRA) and the Fair and Accurate
Credit Transactions Act (FACTA) of 2003 Identity Theft Penalty Enhancement Act of 2004
and the Identity Theft Enforcement and Restitution Act of 2008. Many other Federal Statutes
also overlap with them9.
Privacy
Almost any e-commerce transaction involves collecting some kind of personal information
from the user. This generally includes details about their personal identity and their financial
information. Apart from this primary data other secondary data in the form of preferences and
patterns of search may also be collected.
Hence it becomes imperative for every e-commerce platform to maintain the privacy of its
users. Generally any user will have two major concerns.
instrument details ;
c. physical, physiological and mental health
condition;
d. sexual orientation;
e. medical records and history;
f. Biometric information
The Data Protection Rules, inter alia, set the rules through which such SPDI is to be
protected.
i. The need to have a privacy policy in accordance with the parameters set out in the Data
Protection Rules;
ii. The need to obtain consent in a specific manner from the provider of SPDI;
iii. The need to provide an opt out option to the provider of SPDI;
iv. The need to maintain reasonable security practices and procedures in accordance with the
requirements of the Data Protection Rules.
Wrongful disclosure of information is punishable under the IT Act with upto 3 years
imprisonment and a fine of upto Rs 5 lakhs.. The It Act also provides for compensation to be
provided to a person who is a victim of such disclosure13.
Position in the US
Unlike other jurisdictions, the US does not have any specific data protection law, but
regulates it by a sector by sector or industry basis. There are a number of legislations that deal
with privacy law in the US, which includes laws both at the Federal and State levels . These
laws and regulations may be enforced by federal and state authorities, and many provide
individuals with a private right to bring lawsuits against organisations they believe are
violating the law14.
As is the case with legislation there is no single regulatory authority overseeing data
protection in the US. The Regulatory authority governing the situation generally depends on
the legislation governing the issue. In the financial services context, for example, various
financial services regulators (as well as state insurance regulators) have adopted GrammLeach-Bliley Act standards that dictate how firms subject to their regulation may collect, use
and disclose non-public personal information. Similarly, in the health-care industry, the
Department of Health and Human Services is responsible for enforcing of the Health
Insurance Portability and Accountability Act of 1996 (HIPAA) against covered entities.
Outside of the regulated industries context, the Federal Trade Commission (FTC) is the
primary federal privacy regulator in the US. Section 5 of the FTC Act, which is a general
consumer protection law that prohibits unfair or deceptive acts or practices in or affecting
commerce, is the FTCs primary enforcement tool in the privacy arena. The FTC has used its
authority under section 5 to bring numerous privacy enforcement actions for a wide-range of
alleged violations by entities whose information practices have been deemed deceptive or
unfair. Although section 5 does not give the FTC fining authority, it does enable the
Commission to bring enforcement actions against alleged violators, and these enforcement
actions typically have resulted in consent decrees that prohibit the company from future
misconduct and often require audits biennially for up to 20 years. Under section 5, the FTC
is able to fine businesses that have violated a consent decree15.
At the state level, attorneys general also have the ability to bring enforcement actions for
unfair or deceptive trade practices, or to enforce violations of specific state privacy laws.
Some state privacy laws allow affected individuals to bring lawsuits to enforce violations of
the law.
In general, violations of federal and state privacy laws lead to civil, not criminal, penalties.
The main exceptions are the laws directed at surveillance activities and computer crimes.
Violations of the federal Electronic Communications Privacy Act (ECPA) (which is
composed of the Wiretap Act, the Stored Communications Act, and the Pen Register Act) or
the Computer Fraud and Abuse Act (CFAA) can lead to criminal sanctions and civil liability.
14ABA Section of International Law, Privacy, E-Commerce & Data Security Committee
Quarterly Newspaper, Volume I, Issue 3, Spring 2013.
15 Lisa J Sotto and Aaron P Simpson, Data Protection and Privacy, available at, <
https://www.hunton.com/files/Publication/1f767bed>, last visited on 15th August 2016.
In addition, many states have enacted surveillance laws that include criminal sanctions, in
addition to civil liability, for violations.
Outside of the surveillance context, the US Department of Justice is authorised to criminally
prosecute serious HIPAA violations. In circumstances where an individual knowingly violates
restrictions on obtaining and disclosing legally cognisable health information, the DOJ may
pursue criminal sanctions.
on term,
territory and the nature of right
If third party IP is used by the contractors, it is important to understand the chain of
title with respect to such third party IP and whether appropriate permissions have been
names but will agree to register two similar names. This leads to a situation where
deceptively
similar
domain
names
can
be
registered
for
example
18 Trade Marks & Emerging Concepts of Cyber Property Rights, V.K.Unni, 1st ed. 2002,
Eastern Law House, p. 15-16.
19 Supra at 3.
20 Yahoo Inc. v.. Aakash Arora & Anr AIR 2000 Bom 27.
21 AIR 2004 SC 3540.
22 See Economic Times 3rd December 2014, available at, <economictimes
.com/industry/services/retail/brands-cry-foul-over-counterfeit-products-on-e-commerce-siteslike-flipkart-snapdeal-amazon-others>, last visited on 15th August 2016.
CONCLUSION
Through this project we have seen that the United States and India have vastly different
frameworks with regards to dealing with the issues faced by consumers when dealing with ECommerce. India as of now has only one legislation i.e IT Act and no specific regulatory
body that deals with consumer complaints and grievances whereas the United States on the
other hand has many different legislations dealing with different sectors and that the
regulatory body changes according to the legislation in question. We have also understood
that there are various kinds of contracts that are being used in the E-Commerce industry but
India does not any legislation or any prior jurisprudence dealing with such kind of contracts
whereas the United States has a reasonably well developed jurisprudence dealing with the
same. At the end we can conclude by saying that India still has a long way to go before its
legal framework dealing E-Commerce comes on par with the system already in place in the
United States.