11 October, 2018
On 31 August 2018, the Standing Committee of the National People's Congress ("NPC") passed China's first law regulating electronic commerce, the People's Republic of China e- Commerce Law (“e-Commerce Law”). The new law will enter into force on 1 January 2019.
Legislative work for the new, hotly debated law started as far back as in December 2013, and since then, no less than four drafts have been submitted to the NPC for review (several of which were commented on by the public, e.g. see here for our alert on the second draft). This long drawn out process and unusually large number of drafts point to the protracted battles that have taken place behind the scenes between the various stakeholders in this space.
The professed aim of this new law is to regulate China’s rapidly growing e-commerce sector, harmonize its rules with those applicable to brick-and-mortar shops, maintain “market order,” facilitate growth, and eradicate IP infringements, scams and unfair competition.
Reading between the lines, the real aim of the e- Commerce Law is to try and bring some order to what has become a hugely successful, but somewhat unruly sector of the Chinese economy. If you want evidence of the runaway success story that is the China e-commerce market, you need look no further than the last Singles Day (11 November), a sort of anti- Valentine's Day shopping binge in which Alibaba reportedly made a record US$25 billion in sales on the day, a 40% increase on the previous year, involving 140,000 brands, 15 million products, 12 million orders, and 1.48 billion payments processed. US Black Friday and Cyber Monday in 2016, the nearest rough comparable, generated a mere US$6.79 billion in sales.
On the other hand, if you want evidence of how some less scrupulous online operators have scammed, imposed egregious terms on consumers, or otherwise violated consumers' rights, you need look no further than the huge volume of cases blocking up the Chinese courts.
There is, however, no way back now, and online shopping and precariously balanced piles of parcels ready for delivery engulfing electric scooters have become so much a part of the landscape in major cities in China, that they tend to fade into the background.
One of the most striking features of the new e- Commerce Law is its broad scope (Article 2): the law is applicable to all e-commerce activities taking place within the People's Republic of China. e-commerce is broadly defined as the sales of goods or services through the internet or any other information network. Some activities, such as the provision of financial products and services, news, audio or video programs, publication and cultural services are excluded from the scope of the law. Presumably these are sensitive products which will be separately regulated.
The law specifically regulates the conduct of three main types of e-commerce operators (Article 9):
- platform operators (e.g., the large Chinese e- commerce platforms such as Taobao or JD.com
- in-platform operators (e.g., individual e- shops active on those platforms, such as sellers who have T-Mall shops), and
- other operators who conduct their e- commerce business through their own websites or any other network services (e.g., websites of bricks and mortar traditional retailers or those who trade through public accounts on instant messaging apps).
This means that the new law is applicable to both the 'traditional' e-commerce operators (e.g. those active on platforms) and non-traditional e-commerce operators (e.g., those who operate their business through apps).
Business licenses and taxation
One of the more controversial provisions introduced in the second draft of the law has made it into the final version of the law: in principle, all e-commerce operators have to obtain a business license (Article 10). Exceptions to this requirement are only made for providers of certain agricultural by- products, cottage industry products, services to benefit the public, and low-value intermittent transactions.
Moreover, all e-commerce operators have to issue "fapiao" (official tax receipts) and file tax returns (Articles 11 and 14), even those that are exempt from obtaining a business license. The new law explicitly recognizes that electronic invoices have the same legal value as hard-copy tax receipts.
This is a significant and hotly debated change, given the fact that currently small in-platform operators and operators active on social networks often de facto do not need to apply for a business license or file tax returns. The argument in favour of this change is that the online and the offline industries should be subject to the same rules on administrative permits and taxation, and consumers need a minimum level of protection from unscrupulous unregistered operators who can disappear without a trace.
In order to ensure that all in-platform operators obey these rules, the new law obligates platform operators to conduct true identity checks, to verify business licenses and to submit identification and tax information to the tax authorities (Articles 27-28).
The new law reiterates some of the prohibitions under the People’s Republic of China Advertising Law, but tailors them to an online setting: e.g. it is forbidden to fabricate false transaction information, produce false user reviews, delete genuine user reviews and sponsored listings should be clearly marked as such (Articles 17 and 40). The law also contains a general prohibition on misleading and defrauding consumers (Article 17). Moreover, there is an important development tracking China's broader moves towards more comprehensive data protection regulation. e- commerce operators must give consumers the choice as to whether or not they wish to have their search results personalized based on their identifiable traits, personal interests and so forth (Article 18). This will require some search operators to reconfigure their systems.
The e-Commerce Law touches upon antitrust issues, without however adding substantially to the existing legal framework laid out by the People’s Republic of China Anti-Monopoly Law ("AML").
For instance, Article 22 of the e- Commerce Law prohibits abuses of a dominant market position. But the provision seems to merely act as a reference back to the AML, since the e-Commerce Law itself does not provide any sanctions for non-compliance. The only new content relative to the AML is that Article 22 sets out a few factors that may help identify a dominant market position for e-commerce players, namely technological superiority, user numbers, control over the industry or dependence by other businesses on transactions with the player in question.
Furthermore, Article 19 prohibits hidden tie-in activities, for example through tying products or services by default mechanisms. Here, the e- Commerce Law departs from the AML, as it does not require the company at issue to be in a dominant position as a starting point. The same is true for the prohibitions upon online sellers and platforms on imposing unreasonable conditions on consumers (Articles 21 and 35).
The new law provides, in Articles 41-45, a formal framework and detailed rules for the notice-and-take-down procedures that already exist in some form under the existing laws/regulations (e.g. the People’s Republic of China Tortious Liability Law) which many major e-commerce platforms have already adopted in China.
Under the new law, e-commerce platform operators must provide for contradictory notice- and-takedown procedures – somewhat similar to the notice-and-take down procedures under the US Digital Millennium Copyright Act. This means that an IP owner can file an infringement notice with an e-commerce platform, requesting "necessary measures", such as deletion, blocking or disconnection of links and termination of transactions and services of an infringing in-platform operator (Article 42). Such takedown notice must include prima facie evidence of the infringement (we anticipate further implementation rules and judicial guidance on the level of prima facie evidence required). The e-commerce platform must then take appropriate measures (e.g. removing the postings or blocking links to allegedly infringing products etc.) and must forward the notice to the in-platform operator.
The in-platform operator may, in turn, file a notice of non-infringement, which must also include prima facie evidence of non- infringement (Article 43). The platform operator has to forward such notice to the complainant, and must advise that the complainant has to lodge a formal complaint with the authorities or bring suit before court. If no such action follows within 15 days, the platform operator must lift the measures it has adopted.
The new law also contains detailed provisions on liability for IP infringements (Articles 42 and 45). Platform operators that do not take timely and appropriate measures after a notice-and- takedown procedure shall be held jointly and severally liable for additional damages caused by prolonged IP infringement. Platform operators that knew or should have known about IP infringements on their platform are held jointly and severally liable with the infringers. On the other hand, IP owners who erroneously or maliciously initiate a takedown will have to compensate the e-commerce merchants.
Division of liability between platforms and in-platform operators
The e-Commerce Law prescribes a division of liability between platform operators and in- platform operators (Article 38).
On the one hand, the new law provides that a platform operator who knows or should know about defective or harmful products or services being listed on its platform, but who nevertheless fails to take the necessary measures, will be held jointly and severally liable with the infringing in-platform operator.
On the other hand, in respect of goods or services that affect the life and health of consumers (e.g. medical products or treatments), if a platform operator fails to examine the qualifications of its in-platform operators or fails to protect its consumers’ safety, then the platform operator and the in- platform operator must assume their "corresponding liability" towards impacted consumers. The terminology is vague and is capable of numerous interpretations: the simplest of these is that each assumes liability based on its respective degree of fault. A more complicated scenario would be that where the platform operator has not done its due diligence – would it assume either (a) joint and several liability with the in-platform operator; or (b) just the shortfall to the extent not paid by the in- platform operation? It appears that the wording is something of a ‘fudge’, leaving the courts to determine what it actually means. This is a significant change from the third draft of the law, which imposed joint and several liability on platform operators in these situations. This change is widely seen as favouring platform operators rather than consumers. The sensitivity of this area no doubt stems to some degree from the tragic 2016 case of a Chinese student who died after undergoing experimental therapy which came out high in the rankings of a local search engine, which generated a significant public debate in China about the ethics and duties of operators of search engines.
Data protection and cybersecurity
The new e-Commerce Law emphasizes personal information protection and contains several provisions regarding the treatment of personal information of e-commerce users (Article 24): the law introduces a duty for e-commerce platforms to explain how data is gathered and searched. Moreover, similar to EU data protection law, users also enjoy the right to enquire about, correct or delete any of their personal information saved by e-commerce operators, or to deregister altogether.
Continuing the course of a gradual broadening of data protection laws in China, including under consumer rights rules and as encouraged under the new Information Security Technology – Personal Information Specification introduced in May, 2018, the new law requires e-commerce platforms to adopt technical or other measures to protect network security and adopt contingency plans for cybersecurity incidents (Article 30). If a platform's cybersecurity is compromised, it must immediately activate its contingency plan and report the incident to the authorities. In addition, the new law specifically requires that the platform operators must submit relevant e- commerce business data and information when the administrative authorities make such a request in accordance with applicable laws and regulations (Article 25). These provisions are generally consistent with those in the People's Republic of China Cyber Security Law. See also how this parallels China’s moves to require disclosure of scientific data.
The Cyber Security Law and its supporting rules do not include a specific period requirement for data retention (except for the 6-month retention period requirement for web logs). While the new e-Commerce Law requires that platform operators keep the product and service information and transaction information for no less than 3 years and must ensure the completeness, confidentiality and utilization of such information (Article 31). This retention period is in line with the statute of limitation for civil lawsuits stipulated in the new People's Republic of China General Civil Law Rules, effective 1 October 2017.
Shipment risks and liabilities
Under the new e-Commerce Law, e-commerce operators must deliver goods or services to consumers in accordance with what was promised and in the manners or at the time agreed with consumers, and assume the risks and liabilities during the shipment of goods, unless consumers reach an agreement with e- commerce operators to select another logistics service provider (Article 20). This is in line with current practice with major e-commerce operators in China, so confirms market practice.
The new law provides that e-commerce operators must set up straightforward and effective complaint and reporting mechanisms, disclose complaint and reporting channels, and must accept and handle any complaints in a timely manner (Article 59). This aims to address the challenges that consumers may encounter at the time they seek to enforce their rights as consumers.
The new law provides for a range of sanctions for infringements (Articles 74-88). However, the monetary thresholds are generally quite low given the volumes and turnover of the major operators. The maximum penalty is RMB 2 million (around US$300,000) for serious violations such as e-commerce platform operators unreasonably restricting or attaching unreasonable conditions on transactions or transaction price charged by in-platform operators, or platform operators who fail to take necessary steps against in-platform operators who infringe upon rights of consumers or fail in their obligation to review the qualifications of in-platform operators. Most violations are punished by fines between RMB 20,000 and 500,000 (around US$3,000 to 75,000), which are not high amounts, especially for large platform operators. In addition to imposing from monetary sanctions, the new law also prescribes that any infringement of the law will be registered in the infringer's creditworthiness file.
The e-Commerce Law is, all-in-all, largely a reflection of existing practice, but also aims to eliminate some of the more egregious forms of online commercial behaviour. It is a delicate and difficult balancing act, and only time will tell whether the right balance has been struck between all the stakeholders who will all, no doubt, have expressed strong views on how their interests needed protection. It does mean that consumers now have a more comprehensive, single-source set of rules governing the online space, to fill out the piecemeal provisions in, for example, the recently updated People’s Republic of China Law on the Protection of Consumer Rights and Interests, but it does point to the need for the People’s Republic of China Contract Law to undergo an overhaul to reflect the quantum shift towards online transactions since it came into effect on 1 October 1999.
The issue is whether it is still possible to put the genie back in the bottle, the dragon back in the castle (or any other metaphor you care to use) to describe the fact that it is astonishing that we have had to wait until 2018 for the first dedicated law to regulate the largest e- commerce market on the planet (by a country mile).
The focus of the new e-Commerce Law is also firmly on domestic e-commerce, and there is not much in the way of detail on how cross- border e-commerce will be regulated. There are lots of fine words in terms of the State encouraging the development of infrastructure for cross-border e-eommerce and information sharing and mutual recognition of regulation and assistance in law enforcement, but China has yet to agree a set of mutual assistance and recognition of judgments agreements or treaties with many of its key trading partners (other than Hong Kong, which is limited in scope), and the current trade tensions with the US and protectionist tendencies do not provide a favourable backdrop for this to happen.
There is a clear duality to many of the provisions, depending on which side of the fence you sit. One of the most controversial aspects of the new law is the obligation for individual web shops on e-commerce platforms to obtain a business license and pay taxes. It may put many smaller players out of business or force them underground, so is seen as quite harsh in some quarters.
However, this new obligation could have a markedly positive impact for IP owners, as it would make it harder for bad-faith IP infringers to evade enforcement actions by IP owners by simply closing their web shop (or having it taken down by the platform) and opening a new one.
It is that duality that presumably made it so hard to reach consensus on the wording of the e-Commerce Law in the first place.