By; Ruwantha Cooray LL.B (Hons) , Attorney-at-Law, Barrister-at-Law (Lincoln’s Inn)
The present outbreak of COVID-19 epidemic has forced many point of sales businesses to reconsider the mode and the manner they reach out to the end consumer. This phenomenon is not only unique to Sri Lanka but to the whole world. Whilst several countries in the world had already commenced the transition, Sri Lanka is now called upon to make a much-belated entry to seriously look in to ecommerce aspect of business to consumer (B2C) sphere.
In this quest, question arises as to the adequacy of present laws and regulations governing the aspect of online business in Sri Lanka.
At the outset of this paper, first and foremost consideration is to look at the birth of the law dealing with e-commence. This stems with the introduction of the Electronic Transactions Act No. 19 of 2006.
This law which was introduced in year 2006 is based on the standards established by United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce (1996) and Model Law on Electronic Signatures (2001).
The objectives of the introduction of the said Act was to;
- facilitate domestic and international electronic commerce by eliminating legal barriers and establishing legal certainty;
- to encourage the use of reliable forms of electronic commerce to facilitate electronic filing of documents with government and to promote efficient delivery of government services by means of reliable forms of electronic communications and to promote public confidence in the authenticity; and
- integrity and reliability of data messages and electronic communications.
This has ensured that electronic communication is officially and legally accepted as a proper means of communication in Sri Lanka.
The aforesaid law has also provided a useful stepping stone for the law governing online business in Sri Lanka.
While the recognition, use and receipt of electronic records is regulated through the Electronic Transactions Act, No 19, of 2006 as foresaid, it is the Payment Cards and Mobile Payment Systems Regulation No. 1 of 2013, which specifically addresses the guidelines for transacting online.
The said regulations expressly permitted only a limited group of entities to operate as card/ mobile gateway payment providers.  This has provided concrete base for governing card and mobile payments which serves as the catalyst in the emergence of e-commerce in Sri Lanka.
Similarly, a cursory glance at the laws governing online business also sparks a discussion on the consumer protection laws which are also evidently applicable for a business deciding to engage in online business.
Consumer protection law of the country was also repealed in year 2003 by enacting Consumer Affairs Authority Act, No.9 of 2003 (‘CAAA’). This Act brought more modifications to the traditional consumer protection law but, failed to ‘expressly’ address the consumer protection in an online environment.
CAAA provides general protection for consumers and traders by establishing the Consumer Affairs Authority in Sri Lanka. The main objectives of the establishment of the Authority are to promote effective competition and the protection of consumers as well as to regulate internal trade. The introduction of the CAAA is the key consumer legislation which marks a significant legislative development in the area of consumer protection.
Therefore, for businesses engaging in or contemplating on engaging in online business should be mindful of the CAAA and the related regulations which are largely in place for protection of general consumers/ buying public.
According to the Part II of the CAAA, the Consumer Affairs Authority has powers to regulate trade by undertaking on the distribution of goods and services, issuing directions to manufacturers and traders, determining standards and specifications relating to goods and services.
However, the Act does not confer any specific authority to regulate online trade. The silence on the CAAA to specify expressly online trade/ business ‘does not’ prevent the regulation of online related businesses.
In the recent past with the emergence of the need to engage in online delivery services, citizens saw that Consumer Affairs Authority in terms of the CAAA conducting several raids for violation of consumer laws and regulations by online business operators. Therefore, CAAA is definitely a key piece of law which places several checks and fetters on an online business in Sri Lanka.
Moreover, another piece of legislation which is not discussed often but important when it comes to online business is the Computer Crimes Act (CCA) which was enacted in year 2007. This legislation provides for identification of computer crimes and to promulgate the procedures for the investigation and Protection of Consumer Rights on the Internet.
The CCA covers a broad range of computer crimes such as computer hacking, computer cracking, unauthorized modifications, illegal interception and etc.
The CCA is important in online consumer protection, due to Section 10 of the Act. The Section 10 of the CCA recognizes unauthorized disclosure of information as a computer crime“ Therefore CAA is definitely a key piece of legislation which is in place which has to be given sufficient emphasis by online business operators.
Whilst there is room for more specific legislations to be brought in, the prevailing laws discussed above adequately provides for protection of both businesses and consumers in an online business environment.
In conclusion, today a country cannot go forward without embracing the advancement of technology. The e-commerce sector of Sri Lanka is ready to grow in the next few decades. However, the lack of proper laws in place may impede the growth of e-commerce in Sri Lanka.
As an emerging nation it is pivotal to create adequate laws to prevent possible stumbling blocks in the environment for the growth of e-commerce. Therefore, as a developing country, it is necessary to take relevant steps to remove barrier from the e-commerce sector in Sri Lanka. The international and regional developments demonstrate how those barriers could be overcome by enacting strong legislative measures for online businesses and consumers.
 PAYMENT AND SETTLEMENT SYSTEMS ACT, No. 28 OF 2005
 “No person shall engage in the business of or function as a Service Provider except under the authority and in accordance with the terms and conditions of a license issued by the Central Bank”
“licensed commercial banks, licensed specialized banks, finance companies or an operator who provides cellular mobile telephone services under the authority of a license issued in terms of the Sri Lanka Telecommunications Act No. 25 of 1991”.
 Any person who, being entrusted with information which enables him to access any service provided by means of a computer, discloses such information without any express authority to do so or in breach of any contract expressed or implied, shall be guilty of an offence and shall on conviction be liable to a fine not less than one hundred thousand rupees and not exceeding three hundred thousand rupees or to imprisonment of either description for a term not less than six months and not exceeding three years or to both such fine and imprisonment.”