Category Archives: Digital Marketing Rights

Smart Contracts in IPR Paradigm

Smart Contracts, a concept that was proposed in 1994, with the intention to execute contractual obligations using computer codes has sprung into life after the introduction of blockchain technology in 2008. What blockchain did for smart contracts was to provide by linkage, a far less opaque, verifiable, impenetrable register to keep a record of all the transactions in the execution of the contract. It is important to understand that smart contracts are comprised of relatively simpler situations where on meeting of a certain predefined condition, the computer code triggers the fulfillment of the obligation. Standardized procedures can be made much faster and much more efficient by cutting out the middlemen. More complex parts of a contract like subjective terms cannot be handled solely by a smart contract.

Their role in IPR

Intellectual Property and their rights management comprise of a lot of transactions of a standard form which can be taken care if by the smart contracts and the underlying blockchain technology based on the nature of the Intellectual Property, and from there based on the respective use case. One way in which blockchain technology is looking to make strides in the IPR universe is through maintaining of IP registers   and assignment of rights and licenses to be regulated from the blockchain, as they can be directly entered into by the user and which reduce the time and effort to the absolute minimal.

Blockchain and smart contracts can come into play as repositories of information about Intellectual Properties which do not need a formal registration process for them to be recognized, especially copyright. In Indian Law, the copyright comes into existence as soon as the work is created and not when it is registered. This provides an incredibly difficult and cumbersome task to the authorities to find out when the said work came into existence, and there is always uncertainty about their proof of existence at a certain time. Presence of a blockchain, where some sort of print of the Intellectual Property can be stored in the blockchain, it would act as permanent record for the property and would allow the negotiating parties to have exact knowledge of the creatorship, nature and the time of the creation of the work resolving a lot of disputes at the very embryonic stage.  Also, a ledger with all the information about everyone in the supply chain from the creators to all the licensees would allow everyone in the supply chain to be aware of the genuineness of the product and hence protect the IP rights.

Given that smart contracts are competent to deal with standardized terms and conditions, they and the blockchain mechanism have the potential to become the ideal tools to handle processes like granting of licenses or authorization of access or any such agreement with relatively set terms. A simple example can be when some content over the internet, let’s say and article or a tutorial video can be accessed only after a certain payment that whole mechanism can be shifted over to blockchain to authorize the payment making the whole process much faster, and also leaving behind a trail. A feature of smart contracts is that they are self-executory in nature; the obligations are triggered automatically as soon as the requisite condition is fulfilled. This feature can be put to use in a license agreement which can ensure that all the necessary royalties are paid in accordance with the agreement and based on whatever calculations must be present in the contract code. In projects where a new technology is being developed, smart contracts can be used to automatically release funds when a certain point in the project is reached or a certain objective is accomplished.

Challenges and Potential

But all of these applications do come with their limitations as smart contracts have to be limited to standardized processes and can’t extended to the aspects where an interpretation or an assessment of the terms and conditions might be needed. The conditions and the milestones that have been spoken about in the above paragraph need to be very objective in nature for the mechanism to work. Anything that might not be a binary in nature will make it difficult for the smart contracts to be accepted as a medium of transaction.

There are already examples in the global community with Estonia using a platform called “BITNATION” for all its public notary services related to everything from birth certificates to contracts. Countries like Switzerland and Germany are investing heavily on blockchain based commercial registers while Canada has invested heavily in identity management systems based on blockchain. There is no dearth of application that Smart Contracts might find in IPR Management but that area is yet to be explored owing to the precarious legal position of cryptocurrencies and smart contracts in almost all legislations, and the general lack of understanding that lawmakers seem to have about technologies like these.

It would be remiss to say that Smart Contracts will provide solutions to all problems at once. They are still in a very nascent stage and will undergo a lot of development in the years to come. At the same time, with the digitization of all processes, it is safe to say that smart contracts will become an important business tool sooner rather than later and hence it is important that smart contacts be considered with all seriousness as they might become a part of everyday lives in the near future. It’ll also be seen that as the technology becomes more and more established, participants from the industry and the developers will have to work with each other so as to have systematic protocols for the blockchain. But as long as the law doesn’t address the uncertainties around it, blockchain and Smart Contracts will find it impossible to impregnate Intellectual Property and their rights management.

(For more details on smart contract, you can refer to here)

Author: Anirudha Bhatnagar, at  Khurana&Khurana, Advocates and IP Attorneys. In case of any queries please contact/write back to us at







Smart Contract In The Indian Crucible

Smart Contracts- First Impressions

Few words have caused as much bewilderment in the Indian setup as “blockchain” and “smart contracts” have. Much excitement has been generated by the coverage of cryptocurrencies in mainstream media, and the general aspiration towards digital transactions. But, the lack of understanding of the workings of the systems has stalled the growth rate of these entities. Currently, Ethereum is one of the most popular platforms that are specifically built for creating smart contracts, while bitcoin was only limited to currency usage.

Before we jump into the question of regulation of smart contracts in India, we need to first understand what smart contracts are and how exactly do they function. Smart contracts, just like standard contracts, contain a set of terms and conditions which are encoded, saved and replicated in the system, and by virtue of the blockchain, administered by the network of computers that run it. And smart contracts are garnering as much attention as they are owing to the benefits they bring in. The foremost of those are that they take out the middleman from the transaction and hence lowering the costs, and making a contractual agreement faster. Smart contracts are also much easier to form as they mostly contain standard contingency terms, which are if in case of an event, or fulfilling of a condition, an obligation must be performed, and are automatically performed in exact accordance with how the user formed the contract. As these contracts are self executing, there is no place for indistinct clauses like uncertain jurisdictions. This makes smart contracts perfect for multiple applications. They can act as a standard agreement between a user and a service provider, for example insurance. They can also act as in instrument for multi party agreements, and come into action whenever the requisite amount of signatures are obtained.

Smart Contracts- Global Regulations

How these smart contracts have been regulated and integrated into the market globally brings out some very interesting things. The US, generally the world leader in regulating new technologies has seen a lot of states rapidly tried to codify smart contracts into law. Arizona set the tone by passing laws to legally identify smart contracts and a few other states like Tennessee followed suit, aiding to the already existing Uniform Electronic Transactions Act, 1999. These laws, as has been passed in a haphazard manner, have come under heavy criticism from few of  the corners of the tech community, who believe that these laws only act as a patchwork and different states having different laws is just a facilitator for pandemonium, adding to the already existing confusion. It has also been said in the MIT Technology Review that smart contracts are meant just to facilitate some of the actions of the actual contract, while a contract remains a much more multi faceted instrument, including standards like reasonability which can’t be a part of a smart contract[1].

This is not to say that some participants have accepted blockchain and smart contracts with open arms. Depository Trust and Cleaning Corporation (DTCC), who run the clearing operations for a vast majority of Wall Street Operations declared their plans to handle trade of about 11 Billion USD worth of credit derivatives in blockchain through smart contracts [2]. Barclays Corporate Bank is already using blockchain to digitize transaction documents and use the technology for improving workflow management and moving an asset of value around. They also see the potential of cryptocurrencies being a part of the mainstream banking system in the next 15-20 years [3]. Japanese telecommunications conglomerate KDDI Corporation has joined the Enterprise Ethereum Alliance and are planning to test how blockchain-based smart contracts can be used for facilitating payments between companies.[4]

The Indian Scenario

The situation in India is no less complex. While blockchain as a technology has been accepted with aplomb, with SBI launching ‘BankChain’ for sharing of KYC data among banks using blockchain, and pharmaceutical sector using blockchain to maintain their records [5] amongst several other applications; the acceptance has been limited to maintaining records and information sharing. Cryptocurrencies haven’t had the same level of acceptance as it is neither a recognized currency nor it is illegal, which makes it  a roadblock for smart contracts. The smart contract has a huge potential in India, with regard to the  payments related to household activities and their monitoring like supplies, e-commerce, the something as fast paced as securities markets, where it could work in tandem with algorithms to make trading systems even more efficient, etc. Any relatively straightforward transaction can use smart contracts to make the whole process much faster, bringing down the costs substantially.

There is no clarity regarding how the smart contracts shall be codified in the Indian Law, if at all they are. The most common questions amongst the legal fraternity involve the status of cryptocurrencies being undefined in any law, and the questions of their taxations. It is a pertinent legal question whether cryptocurrencies can be treated as non monetary consideration for a contract, akin to Commodities Futures Trading Commission recognizing bitcoin as commodity and taxing it accordingly. The dispute resolution mechanism and important aspects like the conscionability of the terms, as covered in the 199th report of the Indian Law Commission [6] which are very essential to the Indian Contract Law remain unclear, and the potential of idea of the terms for award and damages be constituted in the smart contract itself might fail the test of conscionability. Further challenges are provided by the system of validation of the smart contract which is to be done through digital signatures. The Indian IT Act, 2000 puts a limitation on obtaining these digital signatures, and provides that they can only be obtained through a government designated certifying authority as per Section 35. This stands in complete variance with blockchain technology as it uses a hash-key for authorization as an individual identifier and authenticator. This disparity is also extended to the Indian Evidence Act, section 85B which states that an electronic agreement would be considered valid only if it has been authenticated with a digital signature. These two legal checkpoints not only corrupt the authentication process in blockchain through hash-key generation but also disallow any admissibility in the court as evidence.

In conclusion, it is undoubted that even though smart contracts aren’t completely self-sustaining systems, they have tremendous potential in reduction of costs and time worth billions, and making the whole process more secure as all the contracts will leave a clear audit trail. This saving shall benefit both the firms and the customers engaging with them. And concerns regarding regulations exist on multiple fronts. The introduction of smart contracts will pose fresh challenges for the legislature and it remains to be seen whether legislature is able to keep pace with the ever expanding paradigm of blockchain and smart contracts.

Author: Anirudhha Bhatnagar, Intern at Khurana & Khurana, Advocates and IP Attorneys. Can be reached at







[6] 199th report of Law Commission of India on Unfair (Procedural & Substantive) Terms of Contract

The Need For A Better Data Visibility- GDPR

On the 26th April, 2016 with the announcement of General Data Protection Regulation or GDPR the European Union shook the entire globe with such stringent privacy policies in an internet revolution world. The main aim with which GDPR was thought of was to empower the users to control their Personal Identifiable Information in terms of regulating to whom it shall be made available to, deleting it, editing it. Most importantly GDPR’s motive was to allow the customers to have an informed choice as to when their data is taken and for what purpose is it being used subsequently.

Though the legal jurisdiction of GDPR spreads only across the entire EU but due to the indispensible and worldwide reach of internet it has impacted all the states and almost every sector which is somehow associated with internet. GDPR being a new legislation, firms/ individuals tend to incur a lot of difficulties in terms of the compliances to be fulfilled. A detailed analysis of GDPR and what regulations have been introduced by way of this regulation can be found here.

GDPR though might seem quiet complex but by following the below mentioned checklist one can prepare their organisation for the GDPR compliances.


STEP I: Segregation

  • The first step is to determine the nature of the organisation that is whether the organisation is a Data controller or a Data processor. Data controllers are the ones who decide upon the purpose of the data and Data processors are the ones who directly are in the act of processing of the data.

STEP II: Data Information

  • Every company should have a complete list of all the personal information that is held by them, the source of information, and what is done with the data, meaning thereby, a complete record of the processing activities have to be maintained [Article 30].
  • This information related to the whereabouts of the personal data should be clearly mentioned in the privacy policy such that the reader gets to know what is being done with his data.
  • The privacy policy should contain a valid reason for data processing and the same should be lawful [Article 6].

STEP III: Accountability and Management

  • A data protection officer is appointed. The appointment of a DPO is required only in three circumstances, first where the processing is being carried out by a public authority except a judicial body; secondly, when the nature itself of the business involves processing activities and; thirdly, when such data is being processed in an extremely large quantity [Article 37]
  • It is the duty of the organisation to make sure that the members of the organisation are aware of the various practices and laws related to GDPR, this can be done by providing training to the staff [Article 25].
  • When processing is to be carried out on behalf of the processor then only the processor providing sufficient guarantees to match the technical requirements of the organisation could be chosen. Furthermore the customer has to give an informed consent as to use of that sub processor [Article 28].
  • For organisations not established within the territory of EU, but dealing in data of EU citizens a representative has to be appointed in any of the EU states and that person should handle all the data processing difficulties [Article 27].
  • Breach of personal data has to be communicated within 72 hours to the local authority as well as the data subjects, that is, the person whose data has been breached [Article 33 and 34].

Consent- was it ever ‘INFORMED’

Consent, which is the most debated topic, has always been questioned as to whether the consent is informed or not. Earlier the organisation used to have complex consent terms which were difficult for the customers to understand and comprehend, or used to have simple cookie pop-up displaying “by entering this website you agree to all the conditions” was this really consent?

The organisations used to trick the customers into giving consent. The new legislation that came into effect on May 2018 however has made it essential for the organisations to have simplified privacy terms, also simple pop up would not be enough the website has to display all the details which are being processed or controlled by it so that the viewer can have a informed choice.

In this era where privacy is supreme GDPR has tried to keep up with it by amending the exiting consent terms which existed as a dotted line contract.

  • Websites which intend to collect any sort of personal information should have a visible privacy policy link and only when the user check into the box shall that be considered accepted. This means that the practice of pre-ticked boxes is a crime now. [Article 7]
  • Simple, clear and understandable language should be used to draft the privacy policy any sort of ambiguity shall render the agreement void. [Article 7.2]
  • The new legislation realised the privacy loss when the data which was once consented to was stuck and could not be withdrawn. Now along with the consent process the data controller has to mention the process by which consent can be withdrawn. [Article 7.3]
  • Consent for children below 16 years will be taken by their legal guardians only. [Article 8]
  • Any change in the privacy policy now requires the data controller to inform all the consented data subjects in simple language as to what changes have taken place. [Article 7]

How Has India Been Impacted By GDPR

Companies all across the world are assessing the impact on their economy. Undoubtedly high fines are one of the driving forces which are compelling industries to look into it. India is having a major structural transition with peculiar change in the information technology sector which is again expected to grow. Major markets for the Indian ITs are the US, UK and Europe. To a large extend the growth of this sector will depend upon how well India has decided to respond to these regulatory changes in order to retain the status of dependable processing destination.

The changing guidelines mean Indian companies will now have to assess and redesign their data-intensive business processes such as data acquisition, processing and data management, in compliance with the guidelines. This transition however is not easy as:

  • Huge Fresh Capital Investment: The quantum of investment needed to gear up for the changes is huge. This investment is not only in terms of money but also the time investment required to comprehend, change, train is huge.
  • India’s weak data protection laws: The already existing weak data protection laws, which led the Supreme Court to deliver S.Puttaswamy v. Union of India judgement makes India less competitive than other outsourcing units in this sector. The recommendation of the Srikrishna Committee have also come up, the question next is whether these recommendations meet the requirement of EU’s regulation or they need to be further amended.
  • Cross Border restrictions: With the introduction of GDPR the extent of business has been reduced in terms of data of the EU citizens, Indian companies have to now adopt the necessary safeguard in order to continue as a master player in this sector.

These challenges however should not hinder if India views GDPR as a business opportunity and not as a compliance burden as this would have a twofold effect, not only will it allow India to stand out in the technology sector but will also strengthen India’s own privacy landscape.

Author: Shrivali Kajaria , Intern at  Khurana&Khurana, Advocates and IP Attorneys. In case of any queries please contact/write back to us at

GDPR- The New Era of Privacy Protection

General Data Protection Regulation or GDPR is the new privacy protection regulation of the European Union which was adopted on 26th April 2016 and has to come into effect on 25th May 2018. The nucleus of the GDPR is to reinforce data protection for individuals not only within the territory of EU but extends to secure export of Personal Identifiable Information (PII) from the territory of EU.

GDPR replaces the existing Data Protection Directive and aims at harmonising laws across the entire EU.

Parties Involved

  • Data Controller that is the ones who decide upon the purpose of the data.
  • Data Processors that is the ones who directly are in the act of processing of the data.
  • Data Subjects that is the citizen’s of EU who takes the services of the data controller.

Within these data controller and processors there are essentially two categories which the new legislation aims to cover:

  • A presence in an EU country of the controller or the processor.
  • Not present in EU but organisation deals in data belonging to the EU citizens.

What ‘Personal Data’ does GDPR covers?

The new legislation by the term personal data means to cover any information which is used to identify a person (natural person) this includes:

  • Basic identity information such as name, email, address, and online ID numbers;
  • Web data such as location and IP address;
  • Health, genetic, mental and biometric data;
  • Racial or ethnic data;
  • Political opinions;
  • Cultural or social identity.

Appointment of a Data Protection Officer

The legislation mandates the appointment of a data protection officer where processing activity is being carried on by public authority except for courts in their judicial capacity, also when the core activity of the controller and the processor is such that it requires systematic monitoring of the data subjects or when the processing of data relates to people involved in criminal convictions.

Key Policies

The focal point of the policy is the consent factor. Companies will now have to take proper and informed consent from the person who is sharing Personally Identifiable Information (PII), any sort of vague or confusing statements cannot be used future onwards in order to extract personal information. This is a major shift from the idea where the companies used to have a single consent box and by checking in the box users tend to consent on a number of things, as now consent has to be taken individually.

Withdrawal from consensual record of the data has to be as easy as consensually submitting the data and this is the point of convergence of the new regulation. The law now mandates the guardian to opt in for a child below 16 years in regard to any sharing of personal information.

Consumers now have enormous control over the data, they will be able to access the personal data being stored in, inspect as to the purpose for which the data is being used and have the ‘right to be forgotten’ that is ask the data controllers at any point of time to erase the data existing with them.

The new law takes into account even the measures to be taken in case of any breaches. The companies will now have to within 72 hours of becoming aware of any data breach inform the protection authority as well as the customer whose data is under threat without any undue delay.

Effect of GDPR on Websites

Websites will need to comply with GDPR in respect of both privacy policy and cookie policy. The websites now ought to have privacy policy which is concisely clear and transparent. Meaning thereby that the policy should be written in plain language rather than complicated and make it easy for the users to understand. The key is that the users have to be well informed of the data which is being collected from them.

Since GDPR covers all forms of personal data, cookie policy has came into picture. Cookies store unique information about the user thereby storing the personal information hence cookie consent has to be enabled.

Implied consent is no longer sufficient that is the users will have to expressly consent to the data which is being collected by cookie. This means that the websites which show pop up stating that ‘by using the website you agree with the cookie policy’ are no longer sufficient.


An organization in breach of GDPR laws will be fined up to 4 percent of annual global turnover or 20 million Euros ($24.6 million), whichever is bigger.

Impact of GDPR on Indian Market

The main question which sails through the mind of most Indians is whether GDPR will apply on Indian Data Processing Companies or is the law restricted to only the EU companies. This question demands looking into Article 3 of the regulation which has laid down the territorial scope of the policy.

Further the definition of data processor has been given a wide connotation in the legislation. It means any operation performed on personal data such as collecting, recording, structuring, storing, using, disclosing by transmission and includes erasing and destroying. Article 3 makes it precise that it shall apply to all companies and organisation whether within EU or not.

The dilemma then arises as to whether in the absence of any sort of treaty can EU legislation have such an extra territorial reach? The answer to this is simple, that the EU legislation intends to apply to only those extra territorial organisations which have EU citizens as their data subjects. The fact that it involves the citizens of their territory the law is binding on the other countries as well including Indian companies which tend to deal with EU as data subjects.

In a nutshell GDPR aims to cover any organisation in the EU that handles personal data and any individual in the EU whose personal data is handled by an organisation, wherever that organisation is based. Europe has always been a substantial marketplace for the IT’s, BPO and Pharma companies. The IT companies estimate for about 155–220 billion USD in the European member states. Thus for an Indian IT company to continue its relations with EU it has to mandatorily follow the GDPR.

Author: Shrivalli Kajaria, Intern at Khurana & Khurana, Advocates and IP Attorneys. In case of any queries please contact/write back to us at

Growth of Digital Economy – A Challenge for Competition Regulators


Competition policy is a public policy which is aimed at ensuring that competition in the marketplace is not restricted in any manner that is detrimental to the society. The most significant goal of competition policy is to shield society from harmful competitive behaviour[1].

Digital economy is dynamic and fundamentally different from other sectors. Digital services have a unique feature of network effects, which means that a product or service gains additional value as more people use it. This, on one hand promotes concentration of markets, but at the same time there are multiple routes through which digital services can be delivered to the end users for example, the daily news can be watched via TV, websites, apps and social media and on devices such as phone, tablet or PC.  This implies that entrants can challenge market power more easily and fast.

The dynamic growth of the digital markets has resulted into competition problems. These arise specifically  in certain areas such as digital monopolies., tax planning, problems with patent etc[2]. Service providers and content developers have myriad options for delivering content or services to end-users, who experience it through different electronic mediums such as phone, TV, social media etc. Once digital companies acquire dominant position, they end up creating a dead lock for users at both ends of the platform and make their intervention indispensable[3].

Pre-emptive mergers are an indication of the same. In this model a merger is made by acquiring a smaller company, so that potential competition that can pose harm to the company’s business model can be thwarted. This set of multiple exclusive agreements are potentially problematic because they hamper competition and innovation[4].

However, it is difficult to make a distinction between anti-competitive motives and normal business strategies in digital commodities as it largely involves future markets. Anti-competitive behaviour refers to rival interactions that are not based on the merits but on collusion or foreclosure and impose harm to competitors and consumers. The dynamic nature of digital markets makes collusion unlikely. The challenges for analysing anticompetitive behaviour in digital markets mainly relate to foreclosure and bottleneck leveraging[5]. An error in labelling such strategies as anticompetitive may adversely impact the market dynamics. Competition authorities should be cautious to not label all acquisitions as anti-competitive, as sometimes these take overs serve as an incentive for smaller firms to innovate[6]. Similarly, traditional methods of assessing relevant market and dominance; which include describing market boundaries, analysing market power, whether the behaviour of the firm is anticompetitive, is not the most pertinent approach now. This is because digital firms have dynamically been redefining the boundaries of markets by competing largely on the basis of innovation, which has redefined the structure of the markets. Therefore, market shares or profit margins are less useful for determining market power.

Challenges in India

Technology companies are generally revered for their innovation and efficiency, however, as highlighted above, such businesses are susceptible to acquisition and abuse of market power. The Indian competition scenario is evolving rapidly and has stared facing these concerns. Apart from acquisition, another way to establish market power is to entice users by subsidising their goods with the help of their financial capital. This strategy is particularly more attractive for big firms having access to larger financial capital, who resort to practices like deep discounting, cash-back offers and other schemes designed to attract new users and establish the network effect[7]. Sometimes, they sustain heavy losses for years on end. Companies such as Uber, Ola and PayTM have adopted this strategy[8].

These practises are now becoming increasingly difficult to be juxtaposed with an introductory offer by a new player, rather they appear to be systematic competitive strategies which are using capital as their competition weapon. This raises the primary concern of market eventually tipping in favour of the player, which might not have the most innovative product or service, but the one that can manage to obtain huge capital and entice as many users as possible through its introductory offers. This might appear to serve interest of both the entities initially but in the longer run, such practises raise concern about competition in terms of market power and then raising prices in following years when losses are recouped.

Such issues have come to the attention of the Competition Commission of India (CCI) recently. The CCI, in April 2015, passed a prima facie order which recommended a detailed investigation into the allegation that Ola had indulged into abusive market practises to garner greater market power in Bengaluru from substantial funding received from various investors[9]. Apart from this, CCI has setup an in-house panel to understand the practise of cash-back incentive that are offered by various online companies from the point of provisions of  predatory pricing under Competition Act, 2002[10].

Strong network effects exist in the market, which result in significant inequalities in profits and market share, even if any specific anti-competitive practise does not exist[11]. In such a situation, if the competition authorities try to influence the market structure in any way, for example by inducing more competition, it might have adverse effect and may diminish overall surplus. Therefore, it is important to distinguish between a situation where a firm has adopted exclusionary practise to turn the market condition in its favour and the natural competition that exists in the market. After the said distinction and subsequent identification, the interventions required by competition authorities to correct these problems must be prompt. It is an established fact that the pace of growth of internet based businesses is much more rapid than the traditional sectors. The Supreme Court of India has noted that in the event of any such delay, the very purpose of the Act shall be defeated and there shall be possibility of great damage to the market, which will inevitably affect the country’s economy[12]. A major requirement for this is the adoption of a robust mechanism of findings by the competition regulation agencies to ensure that they keep abreast with the dynamic market conditions. One way to enforce this is by letting the competent authorities accept commitments from the firms whose conduct hint at possible concerns related to competition and thereby thwart detailed investigation.

In situations where there are instances of competition elimination by dominant players in event of acquiring smaller firms, CCI could follow the approach of European Court of Justice (ECJ)  and review such agreements under section 4 of the Act[13], which deals with abuse of dominant position. In the Continental Can case[14], the ECJ was of the view that Article 102 of the TFEU, which is similar to Section 4 of the Act, can be used to regulate practises of dominant entities acquiring competitors and thus abusing the prerogative of their position. The way to determine this is, if the position of the undertaking in the market is very prominent and acquisitions can have potential to curb consumers’ freedom of action in the market, then irrespective of any fault of the such undertaking, the action would qualify as abuse of dominant power.

Further, while examining the practises of big companies with considerable capital, who eliminate their competitors by luring customers through their practise of below-cost pricing as introductory offers, CCI should give due regard to the economic principles that form rationale of these businesses and the impact their practises are going to give in the long run. This would include focusing not just on market share of these firms but the overall scenario such as status of funding of the industry, whether the primary goal is expansion and existence of incentives for the firm. CCI should also analyse the investment pattern of the firms who invest in these companies that expands their capital pool.

However, substantial funding by companies should not, by default, be assumed to be an indicator of unfair market practises. Such an assumption could severely jeopardise the investment inflow in the most dynamic sector in the country.  Another crucial aspect is to assess the possibility of recoupment in the sense, whether it is feasible for the company to maintain its prices at a level so that it can recover the loss it incurs. It could be useful as it would give idea of the harm that the consumers may incur in the long run, once the company is successful in eliminating its competitors and establishing a monopoly[15]. Due to below cost pricing, firms initially incur losses but then after establishing a monopoly raise the prices, leaving consumers with very little alternatives.  This assessment should also be extended to ‘predatory prices’ even though it is not a requirement as per the provisions of the Act as continued predatory pricing also has the potential to drive the competitors out of the market or could create high entry barriers which makes it unprofitable for new firms to enter the market, which subsequently establishes a monopoly of the firm[16].

In addition to these, CCI should adopt methods that facilitate interoperability between dominant payers that could indulge in anti-competitive practises with other players in the market[17]. This would facilitate access. For instance, if an interoperability requirement is imposed on a dominant payment network, such as PayTM, it will help extend the network effect of this on the whole digital economy, rather than being limited to a network. But this has to be balanced with other factors such as reasonable access fee, the structure of this arrangement; its complexity and impact on future prospects of innovation.

In this fast paced digital economy and emergence of increasingly technical issues, it becomes difficult for authorities to intervene in time and prevent further harm to competition. Therefore, competition authorities should consider a possibility of adopting a system of voluntary settlement of cases[18]. This will encourage the firms indulging or having the potential to indulge in anti-competitive practises to alter their behaviour and avoid a detailed investigation. This would ensure that CCI is in a better position to avert the harm and before market structure has irrevocably moulded in one party’s favour. As for the cases that do go through a detailed investigation, there should be strict time bound periods for both investigation and issuance of final order so that the findings remain uniform and pertinent despite the dynamic economy.

Section 2 of the Sherman Act in the United State recognises an ‘attempt to monopolise’ as an anti-trust violation[19], whereas The Competition Act 2002 requires that there has to be conclusive evidence of dominance before any action is taken. A possibility of adopting such practise in India can be considered by CCI, wherein it should be empowered to look into situations wherein the firm is not presently dominant but has systematically been using benefits of network effects and venturing in the path of dominance. Such a mechanism would enable CCI to implement preventive mechanism from abusive practises but on the other hand may foster a new regime that would deter new entrants from entering the market. This prospective can further be weighed on its merits depending upon the growth of Indian Online sector.


Distinct economic features of high technology businesses should be taken into account and practises like deep discounting, cash back offers, when looking in to the allegations of adoption of anti-competitive practises by them. For this, a robust economic analysis of the impact of increasing returns to scale and network effects is essential for understanding the present and future impact of these practices on competition and consumer interests. There can also be collaboration between the investors in the multiple firms that they invest in.

The gains that the consumers incur from the heavy discounts are short run and there is a need to assess it in a larger context. The recoupment test examines the extent to which market power can be achieved in the future, after which prices can be raised. This test can be used to assess the pattern of behaviour of the firms which are not very big presently but might become dominant in the future after driving out its competitors and would then raise prices and recoup earlier losses.

Further, in appropriate cases, the CCI could rely on the essential facilities doctrine to facilitate interoperability between a dominant player, that is found to be indulging in the abuse of its position, and other operators in the market. This would promote the extension of network effects and would not limit the economy from being a one.

In the fast-changing nature of online businesses, there are concerns that the time taken by detailed investigation would delay the process of determination of violation and taking of subsequent steps to prevent it. CCI needs to work towards adopting stricter time frames for the disposal of cases, particularly those relating to firms forming part of the digital economy. Also, a voluntary settlement process can be adopted that will allow a business that is under investigation to voluntarily alter its market behaviour, so that detailed process of investigation is avoided.

The authorities must follow a future-oriented approach because of the central role that potential competition plays in the process. In practice, this means following an approach that is cautious and relies on power of self-correction of digital markets. There should be greater involvement of external IT experts that can understand the business model of the companies better, so that they can be regulated more efficiently and authorise can understand the future trends better.

There should be a milieu of cooperation with competition authorities from various nations/continents as the digital economy, and thus the relevant geographical market, has become worldwide in scope.

Author: Ms. Simran Jain, intern at  Can be reached at


[1]Motta, M., Competition Policy: Theory and Practice. Cambridge: Cambridge University Press, 2004


[3]Greenhalgh C, Rogers M, ‘ Innovation, Intellectual Property and Economic Growth.’ (2010) Princeton University Press

[4] Ibid

[5]European Parliament(n 3)


[7] C Graham, F Smith (eds.), “Competition, Regulation and the New Economy,”(2014) p. 17 to 53. Hart Publishing


[9]Fast Track Call Cab Private Limited v ANI Technologies Pvt.LimiitedCase No. 6 of 2015, Order dated 3 September 2015

[10]SmritiParsheera, Ajay Shah and Avirup Bose (n 9)


[12]Competition Commission of India v. Steel Authority of India Limited(2010) 10 SCC 744

[13]Section 4, The Competition Act 20012

[14]Europeamballage Corporation and Continental Can Co Inc v. Commission [1973] ECR 215

[15]Rubinfeld DL, ‘Antitrust Enforcement in Dynamic Network Industries.’ The Antitrust Bulletin, Fall-Winter (1998) 859 to 882

[16]SmritiParsheera, Ajay Shah and Avirup Bose (n 9)

[17]Farrel J, Katz ML, ‘The Effects of Antitrust and Intellectual Property Law on Compatibility and Innovation.’ (1998) Antitrust Bulletin, Fall-Winter

[18]SmritiParsheera, Ajay Shah and Avirup Bose (n 9)

[19]United States v. Grinnell Corp. 384 U.S. 563, 57071 (1966)


Digital Rights Management & Its Interaction with Net Neutrality

The online platform offers ample opportunity for infringement of copyrights and it is but natural for copyright holders to react apprehensively and clamor for absolute regulation of the digital copyright market. However, the virtual world is a whole different ball game where standard rules fail to achieve the desired objective. Therefore, a mechanism was developed to counter unauthorized use and give more control to the copyright holder over the categories accessible and the type of usage and modification allowed, called Digital Rights Management (DRM). It was proposed through the WIPO Internet treaties of WIPO Cooperation Treaty (WCT) and WIPO Performers and Phonograms Treaty (WPPT) to provide a flexible and globally enforceable mechanism of governing digital copyrights.


DRM works on the format of a pre-existing contractual relationship where the copyright holder controls the usage of the work even after it has been accessed by the user. It controls the number of copies that can be made, specifies the modifications allowed and how much of the work can be accessed, after its sale to the user.[1] DRMs are a business management model based on a contractual relationship, and serve the interests of the creator or the facilitator of digital content.  They can range from mere content copy regulation to full-fledged management schemes regulating each action in the transaction, all in an encrypted fashion. The material to be accessed can be decrypted through special knowledge which may be acquired by performing certain authorized actions. Some mechanisms supervise and regulate the number of copies that can be made.[2] The machine readable information coded in Rights Expression Languages (REL) is used to control permissions which restrict access and use for certain periods and for certain users as well as influence the quality of the work accessible.[3] DRMs are widely used in e-books, video games, computer software, mobiles etc., and work quite well. However, this mechanism is not suitable for all digital platforms as will be delineated in the following pages.

DRM Provisions in Indian Copyright Act

The Copyright Amendment Act, 2012 incorporated certain DRM provisions in consonance with the WIPO Cooperation Treaty (WCT) and WIPO Performers and Phonograms Treaty (WPPT). India had consistently resisted becoming a contracting party to these TRIPS treaties, however, the incorporation of digital regulatory provisions indicates an alteration of position. Section 65A and 65B comprise the DRM provisions, the former dealing with protection against circumvention of technological measures and the latter with protection of rights management information. Clause 2(a) of section 65A also specifies that nothing in the provision shall prevent the doing of anything referred to therein for the purpose that is not expressly prohibited by the Copyright Act, 2012. Apart from this, the provision also exempts circumvention of technological measures for the purpose of certain activities like encryption research, lawful investigation, security testing of a computer system or a computer network with the authorization of the owner, protection of privacy and measures necessary in the interest of national security.[4] The Indian copyright law permits circumvention with the help of third parties provided certain procedural conditions are satisfied. However, section 65A provides for a criminal penalty of imprisonment for 2 years and a fine, for violation of this provision, which is a rather worrisome development.[5]

DRM and low Net Neutrality: the Unholy Alliance

An adverse impact on fair use is the least of the complications that DRM causes. In retrospect, analyzing the impact of its operation in the US and the EU is proof enough of its draconian and anti-progressive nature. Although the provisions in the Indian Copyright Act are not draconian in nature, DRM has the potential to turn the clock back on any society in which it operates. DRM makes generally legal things illegal, as a consequence of which innocent downloaders – who are free-loaders at best – are prosecuted under laws meant for pirates while the real threat continue to operate. Although India has not adopted such overly stringent enforcement mechanisms, the inclusion of DRM provisions in the Indian Copyright Act has not been founded on any rational basis.[6]Therefore, even a minimalist approach as adopted by India is not in our best interests. This discussion is intimately connected to the recent debates on net neutrality which is another regulatory initiative attempted at price differentiation among different classes of consumers using the internet for various different purposes. This would create inequality among consumers and only serve to benefit telecommunication companies who are lobbying for this initiative. The Free Basics initiative by Facebook which was aggressively advertised was actually against the principle of net neutrality as it sought to provide “certain basic internet services for free”. The problem with such differentiation is not only that there is no clarity as to what these basic services mean, whether they will be uniform across all service providers and is it appropriate for telecom companies to determine what will be available to whom, but there is also a danger of arbitrary decision-making which will ultimately adversely affect the users. This coupled with DRM would make fine potion for a user rights disaster, making a mockery out the whole system of IPR and competition law.

About the Author: Akriti Dhagga, Intern, at Khurana and Khurana Advocates and IP Attorneys

[1]Tarun Krishnakumar and Kaustav Saha, ‘India’s New Copyright Law: The Good, The Bad and the DRM’ 10 JIPR (December 2012).

[2] Arul George Scaria, ‘Does India Need Digital Rights Management Provisions or Better Digital Business Management Strategies?’ JIPR (September 2012) vol 17 pg 467.

[3]Sacha Wunsch-Vincent, ‘The economics of copyright and the internet: Moving to an empirical assessment relevant in the digital age’ Economic Research Working Paper No.9, WIPO Economics and Statistics Series, (July 2013).

[4]Indian Copyright Act, S 65A (2)(b) to 65A (2)(g)(1957).

[5] Arul George Scaria, ‘Does India Need Digital Rights Management Provisions or Better Digital Business Management Strategies?’17 JIPR 464, 463-477 (September 2012).

[6] Charles Bailey, ‘Strong Copyright + DRM + Weak Net Neutrality = Digital Dystopia’ Information Technology and Libraries 116-139 (September 2006).