The COVID-19-related lockdowns and the continuing need to follow social distancing rules even once the lockdowns are lifted, mean that we will not be going back anytime soon to what it was like in the pre-pandemic days. For businesses, this means an urgent re-evaluation and overhaul of business models to meet the many challenges inherent in the post-COVID-19 economic environment, including a seismic shift in consumer behaviour.
What became immediately clear when the dust settled was that the businesses with the existing e-commerce models were uniquely placed to exploit the opportunities presented by this change in consumer behaviour.
The objective of this article is to provide a brief overview of the applicable laws and regulations that apply to and facilitate e-commerce in Sri Lanka.
Business transactions are based on contracts. A contract consists of a set of obligations intended to be legally binding between the parties to such contract. The foundation of all contracts is the ‘offer’ and the ‘acceptance’ of that offer.
The contract comes into existence upon the acceptance of an offer on its terms, provided that the parties have the requisite legal capacity to enter into the contract. The fundamentals of contract law remain the same, whether a transaction takes place physically or virtually.
Electronic Transactions Act, No. 19 of 2006 (as amended)
One of the most important pieces of legislation applicable to e-commerce in Sri Lanka is the Electronic Transactions Act, No. 19 of 2006 (as amended) (the ‘ETA’).
Statutory recognition of electronic contracts
Sections 11-17 of the ETA apply to electronic contracts. Section 11 of the ETA provides that an offer and the acceptance of an offer may be expressed in electronic form and that a contract would not be denied legal validity solely on the ground that it is in electronic form.
Validity of electronic documents
Sections 3-7 of the ETA provide for the electronic equivalent of paper documents.
The ETA expressly confers legal recognition, effect, validity and enforceability on electronic data messages, electronic documents and electronic communications (Section 3).
Notwithstanding the fact that certain laws require particular documents to be in written form, such requirements can be satisfied by data messages, electronic documents, electronic records or other communication in electronic form, provided information contained therein is accessible for subsequent reference (Section 4).
Even where documents are required by certain laws to be in ‘original’ form, such requirement can be satisfied by electronic documents if their integrity is assured (Section 5(1)).
The ETA also gives legal recognition to electronic signatures.
The ETA (as amended) defines an electronic signature as “data in electronic form, affixed to and logically associated with a data message, electronic document, electronic record or communication, which may be used to identify the signatory in relation to the data message, electronic document, electronic record or communication and to indicate the signatory’s intention in respect of the information contained therein”.
This definition appears to be broad enough to cover any forms of electronic authentication now in existence or that may be introduced in the future.
In respect of contracts, Section 17(a) of the ETA specifically provides that a contract would not be denied legal validity solely on the ground that an electronic signature has been attached to it (Section 17(a)).
Goods displayed on a website
It is a well-established principle of contract law that goods displayed for sale do not constitute an offer and that they are merely ‘invitations to treat’. They are treated in the same way as advertisements. This rule is extended to goods displayed on websites and other online platforms.
This is recognised in Section 11A of the ETA (as amended), which provides that a proposal to conclude a contract through electronic means that is generally accessible to parties making use of the information systems, will be generally considered an invitation to make offers, unless it is indicated otherwise.
In other words, the mere display of a product on a website does not constitute an ‘offer’ by the merchant in the legal sense. It is when the customer chooses the product (generally by attempting to add same to his ‘shopping cart’) that an ‘offer’ is made, at which point the merchant can either accept or decline the offer, depending on the availability or other considerations.
It must be noted however that if the merchant’s platform allows the customer to ‘checkout’ the chosen products, the customer’s offer will be deemed accepted and the merchant will then be bound by the resulting contract.
Online business transactions – formation of contracts
E-commerce websites (including mobile applications) use a variety of methods to form contractual relations with their users. For example, where a user is required to register on a website before being able to use its features, the user will generally have to agree to certain terms and conditions at the point of registration.
Registration is conditional on the acceptance of the terms and conditions. These terms and conditions determine the scope of the contract that is formed between the user and the operator of the website. Generally, all ancillary transactions carried out by a registered user on website would be governed by the terms and conditions accepted by that user at the point
Any changes made to the terms and conditions accepted at the point of registration must be duly communicated to the registered user. Where registration is not required, each transaction would be governed by a set of terms and conditions, which the user will have to accept, in order to carry out the transaction. This is often done by requiring the user to accept the terms and conditions prior to checkout.
Clickwrap agreements (i.e. ‘I Agree to the following terms and conditions’ or words to that effect) are the most commonly used method of ensuring that customers are bound by the terms and conditions decided by the business and that they understand the scope of the contract. The contract is formed when the customer accepts the terms and conditions by clicking on ‘I agree’.
Drafting terms and conditions governing e-commerce transactions
The terms and conditions subject to which a user uses a website (the ‘terms and conditions’) are usually non-negotiable and determine the scope of the contract between the business and its customers.
In the online retail trade, the terms and conditions must ideally cover the following areas:
Scope of contractual arrangement
The parties to the contract must be clearly identified and the scope of the contract defined. This is fairly straightforward, where the website operator is selling its own goods.
Problems may arise however where a website allows third party merchants to sell goods and services through the website (e.g. eBay, Amazon and Alibaba and the various online delivery platforms). It is necessary in such cases to clearly state in the terms and conditions whether the business operating the website is acting as the ‘seller’ or whether the website only operates as a conduit through which third party merchants sell their products. In the latter case, it is necessary to specify that the contract of sale would be between the consumer and the third party merchant.
A business operating a platform on or through which third party merchants sell products may not want to assume liability or responsibility for the products sold by such third parties.
From the consumer’s point of view, his only direct dealing will be with the website and not with the third party merchant. It follows that in the event of a dispute, the consumer will rely on redress being provided by the operator of the website.
For websites through which third party merchants sell products, it is imperative that the relevant B2C contract is adequately backed up by a watertight B2B contract with the third party merchant.
Rights, obligations and liabilities
Any contract must clearly identify the respective rights, obligations and liabilities of the parties.
While a business will naturally look at protecting its own interests in the terms and conditions applicable to its website, it must be borne in mind that a consumer’s trust in an e-commerce platform is intrinsically linked to the extent to which the consumer is confident that the platform operator will adequately safeguard the consumer’s interests as well.
It is important therefore when drafting terms and conditions that the businesses also look at the contemplated transactions from the consumer’s perspective and address difficulties that the consumers may face when engaging in such transactions. Looking after consumer interests promotes and safeguards the interests of the business.
It is prudent to adequately address the following aspects of the e-commerce transaction:
- Availability of products displayed on the website (difficulties may arise in particular when third party merchant products are displayed) – generally covered by the general statement ‘all products and services are displayed subject to availability’
- Identification of the parties to the contract of sale – particularly relevant to websites through which third party merchants sell products
- Clear statement of when the contract of sale is formed
- Product liability – warranties, return policy, etc.
- Responsibility for delivery
Where businesses use the services of a courier or delivery partner, delivery times, conditions and fees are not normally within the control of the business and this must be clearly reflected in the terms and conditions.
It may be noted that a business will generally be liable for loss or damage to the goods in transit to the consumer. It is important therefore that adequate contractual protection in the form of indemnity clauses is incorporated in the B2B contract with the courier/delivery partner.
- Pricing and payment modes
- Refund policy
- Rights of the consumer
If a website is only facilitating a contract of sale between an end user and a third party merchant and is not therefore assuming liability or responsibility for the contract of sale, this fact must be clearly and unambiguously stated in the terms
It is good business practice however to ensure that notwithstanding such an exclusion of liability, the website operator proactively facilitates inquiry into and resolution of disputes between end users and third party merchants.
Well-drafted terms and conditions covering rights, obligations and liabilities of parties allow a business to mark precise boundaries and clearly convey to the consumer the scope and limits of their liabilities and the consumer rights in respect of them.
A clearly defined, simple, balanced and transparent dispute resolution mechanism in the terms and conditions goes a long way towards enhancing consumer confidence in e-commerce. Particular attention must be paid when third party merchants are involved.
Most disputes arise in relation to delivery, refunds and returns and can be minimised by having a clear and precise delivery, returns and refunds policies, which contemplate and cover as many scenarios as possible.
Products available through websites may be subject to price variations. Problems may arise when price variations are not reflected on the website, i.e. where the website displays the pre-variation price of the product.
Since goods displayed on the website are not by themselves an offer, a merchant will not be bound to sell goods at the displayed price, provided that the correct price is reflected when the goods are added to the ‘shopping cart’ and at checkout.
As previously noted, the price of the goods as displayed in the cart will be the price the consumer has agreed to pay. If the customer is allowed to checkout, the merchant will be generally bound to sell the goods to the customer at the price shown at checkout.
What if the price shown at checkout is more than the regulated price of the relevant product? The terms and conditions must ideally provide for such situations, ensuring that refunds are provided to the customer expediently.
Businesses that engage in e-commerce should be cognisant of the fact that the general law of the country takes into account the unequal bargaining power between business and consumer and affords statutory protection to consumers in certain circumstances.
Parties are generally precluded from contracting out of a statute and the statutory protection given to consumers would normally override any contractual clauses that seek to protect a business from legitimate consumer claims.
Two such statues presently in operation in Sri Lanka are the Unfair Contract Terms Act, No. 26 of 1997 and Consumer Affairs Authority Act, No. 9 of 2003.
Unfair Contract Terms Act, No. 26 of 1997
Although many consumers would mechanically click on ‘I accept’ without reading and understanding the terms and conditions and thus the scope of the contract, it would not be ethical for businesses to limit liability to an extent that would be deemed unreasonable.
Consumers are statutorily protected against unreasonable exclusion clauses through the provisions of the Unfair Contract Terms Act, No. 26 of 1997 (the UCTA).
The UCTA was enacted to impose limits on the extent to which civil liability for breach of contract, negligence or breach of duty can be avoided by means of contract terms and otherwise.
The UCTA applies to e-commerce contracts in the same way it applies to normal contracts. Section 4 of the UCTA specifically applies to consumer contracts, i.e. where one party deals as the consumer on the standard terms of a business.
Section 4 precludes a party from excluding liability with reference to a contract term as against a party dealing as consumer unless that contract term satisfies the test of reasonableness.
Consumer Affairs Authority Act
The Consumer Affairs Authority Act, No. 9 of 2003 (The CAA Act) provides for the general protection of consumers and affords aggrieved consumers an opportunity to seek redress against unfair trade practices from the Consumer Affairs Authority (CAA).
The sale of goods and services through e-commerce websites operating in Sri Lanka come within the purview of the CAA and consumers procuring goods and services through such websites are able to avail themselves of the protection and redress provided under the CAA Act.
Thus, notwithstanding any limitations of liability businesses may provide for in their terms and conditions, consumers are provided statutory protection against unfair trade practices and even breaches of contract.
Intellectual property issues in e-commerce
Intellectual property rights will subsist in various aspects of a website or mobile application (‘websites’). For example, the business name, mark, logo, device, etc. of the business operating the website may be recognised and protected in law as trade names and trademarks.
The software powering the website, the design features of the website and content uploaded thereon may all be protected by copyright. The owners of any such intellectual property rights are entitled to protect such rights against unlawful and unauthorised use by third parties.
It is advisable therefore for businesses to clearly identify the intellectual property owned by it through clear notices prominently published on the website. The terms and conditions of use may also contain provisions clearly stating ownership of intellectual property and governing the use of same. Intellectual property rights in Sri Lanka are recognised and protected under the Intellectual Property Act, No. 36 of 2003.
Businesses must also be mindful of third-party intellectual property rights, especially when designing and uploading content to websites. It must be noted that the owner of a website will be liable for third party content used and/or published on the website without authorisation. It is prudent therefore that proper authorisation is obtained from the owners of such content prior to use on the website.
Businesses must likewise insist that their web designers and developers use only original and/or owner authorised content in design and development.
Some websites allow users to upload content on to the website or create original content using the features of the website. Copyright, if any, in such content will ordinarily belong to the user. If the website owner intends to use such content for its purposes, it will be necessary to obtain the consent of the copyright owner for such use. This can generally be achieved by inserting a clause in the terms and conditions governing the use of the website, where the user agrees to grant a licence to the website owner to use such content (the scope of the licence or authorised use, should be specified).
On the other hand, since website owners are liable for content published on the website, care must be taken to ensure that content uploaded by users does not infringe upon or violate third party rights, does not include defamatory content and does not violate any applicable law or regulation.
Adequate clauses should be included in the terms and conditions governing content that can be uploaded, created or posted by users. Whenever practically possible, all content posted by users must be reviewed by administrators and steps must be taken to immediately remove any content that violate the terms and conditions or applicable laws and regulations.
Where websites allow users to post views, opinions, comments, reviews, etc. it is prudent to include a disclaimer on the website notifying users that the website owner is not liable or responsible for content posted on the website by users.
Data protection and privacy
Sri Lanka currently does not have any specific laws that deal with privacy and data protection. There are however two bills, the Data Protection Bill and Cyber Security Bill, that are presently at the public consultations stage. If enacted, these bills seek to, inter alia, afford statutory protection for personal data and a regulation of its processing.
It is however prudent to include comprehensive privacy policies on websites, which explain to users the manner in which their data will be used, the steps taken to protect their data and the remedies available to them in the event of a data breach or other misuse of personal data.
It should likewise be borne in mind that companies engaged in cross-border businesses that collect data from customers residing out of Sri Lanka may become subject to data protection laws in other countries and regions.
E-commerce in Sri Lanka is still in its infancy. Current circumstances however have meant that the infant is going to have to mature fast. There are many areas in which the law needs to develop to provide adequate protection to consumers while at the same time facilitating the development of an effective digital marketplace.
Consumer confidence in e-commerce is key to ensuring a sustained shift from the physical to the virtual and effective laws and regulations will go a long way towards enhancing such confidence.
Strengthening e-commerce platforms will also allow for more cross-border transactions and Sri Lankan vendors would be able to enhance their presence in international markets, thereby benefiting the Sri Lankan economy.
Businesses intending to introduce online models or enhance their existing online presence will do well to familiarise themselves with the legal framework within which e-commerce operates. Ideally this should be done at the outset, so that online and mobile platforms and applications can be designed and developed in line with legal requirements. Doing so will minimise disputes and enhance user confidence in the system, ultimately benefiting the business and the entire e-commerce industry.
(Keshan Thalgahagoda is an attorney-at-law and a partner of the firm