Protection of Consumer Rights on the Internet: Prospects and Challenges for the Sri Lankan Legal System

The development of Internet and e-commerce has tremendously changed the habits and behaviors of consumers. This fast and efficient medium of transaction has been able to overcome many obstacles inherent to offline transactions and as a result, e-commerce and e-transactions have become more popular among consumers who are struggling with hectic lifestyles. However, it is evident that online consumers are exposed to many inevitable challenges on the Internet, more than the offline consumers specifically with regard to violation of their consumer rights. Every consumer is entitled to several rights whether he/she is dealing online or offline, including the right to information, right to redress, right to privacy, etc. *Corresponding should be addressed to Ms. B.A.R. Ruwanthika Ariyaratna, Department of Legal Studies, The Open University of Sri Lanka, Nawala, Sri Lanka Email: ruwanthika.ariyaratna@gmail.com https://orcid.org/0000-0001-6250-3699 (Received 26th February 2018; Revised 04th September 2018; Accepted 20th September 2018) © OUSL This article is published under the Creative Commons Attribution-Share Alike 4.0 International License (CC-BY-SA). This license permits use, distribution and reproduction in any medium; provided it is licensed under the same terms and the original work is properly cited. DOI: http://doi.org/10.4038/ouslj.v13i2.7439 B. A. R. R. Ariyaratna Nonetheless, online consumers are more vulnerable to face the violation of those rights in a virtual market, as they deal with unknown sellers and venders. Therefore, protecting consumer rights in the online marketplace is a timely important topic. At the international and regional level this issue has been discussed and the OECD Guidelines for consumer protection in E-Commerce, the United Nations Guidelines on Consumer Protection and European Union Directive on Consumer Rights are some of the examples for online consumer protection. Currently, Sri Lanka is in the process of developing information and communication technology, as well as ecommerce. In the recent decades, Sri Lankan legislature has paid attention to introducing new laws to facilitate e-commerce and electronic transactions such as the Electronic Transactions Act and the Computer Crime Act. At the same time, in 2003, Sri Lankan consumer protection legal regime was also repealed. As a result, the Consumer Affairs Authority Act was enacted. However, aforementioned legislations fail to specifically address the issue of protecting online consumer rights. Therefore, the aim of this research is to analyze the existing Sri Lankan legal framework and highlight the lacuna relating to online consumer protection. The research will basically use the qualitative approach and extensive literature analysis will be used for collecting primary and secondary data.


Introduction
"The Internet challenges the traditional position of consumers" (Prins, 2003).
As the above statement highlights, the Internet has become one of the most influential factors for the traditional position of the consumers in all over the world. The arrival of the Internet has opened many new doors for commercial transactions and as a result, the Internet has had a significantly impact on the nature and behaviours of traditional offline consumers. As Alsagoff (2006) points out "the advancement of technology and globalisation has moved consumers to a different platform of transactions". Thus, it is obvious that consumers who are engaging with the commercial transactions via online have to face different challenges, other than the traditional consumers.
According to the Guideline 3 of the United Nations Guidelines on Consumer Protection in 2016 (hereinafter referred to as 'UNGCP'), the term 'consumer' is generally referred to as "natural person regardless of nationality, acting primarily for personal, family or household purposes". The rationale behind consumer protection is to make a fair balance between consumer-supplier relationships. Consumers are considered 'weaker' than their contracting partners and due to their inferior bargaining power, they are unable to protect their interests (Ruhl, 2011;Abeysekara, 2013). As mentioned in the UNCTAD Manual on Consumer Protection (2016) consumer protection addresses disparities found in the consumer-supplier relationship, which include bargaining power, knowledge and resources. Furthermore, the Manual highlights that state should intervene to afford consumer protection to assure economic efficiency, protect individual rights and right to development and achieve distributive justice.
In recent decades, global attention was drawn to make separate guidelines and policies for protecting consumer rights on the Internet due to great vulnerabilities which online consumers have to face, other than the offline consumers (El-Gendi, 2017). Information disclosure, online privacy, payment security, online fraud, redress and etc. are some of the problems which online consumers are exposed to when they are engaging in electronic transactions (Sullivan, 2016;Prins, 2003;Waite, 1999). As a result of this vulnerable nature, it is obvious that consumers are somewhat reluctant to engage in and ripe the deserved benefits of online transactions (Lee & Turban, 2001). Therefore, as Prins (2003) aptly argues, "protecting the interests of consumers entering into online transactions is an essential factor in establishing trust in electronic commerce". At the international and regional level, the problem of online consumer protection has been addressed in a progressive manner. Internationally, Organization of Economic Cooperation and Development (hereinafter referred to as the 'OECD') has introduced comprehensive guidelines for consumer protection in the context of electronic commerce in 2000. The UNGCP also addresses common issues in Business to Consumer (hereinafter referred to as 'B2C') transactions. In the European Union (Hereinafter referred to as EU) law, the Consumer Rights Directive 2011/83/EU (hereinafter referred to as CRD) is considered as an umbrella legislation of repealing and replacing several consumer-related Directives. (Sullivan, 2016;McClafferty, 2012). Accordingly, the United Kingdom has implemented the CRD by enacting Consumer Rights Act in 2015 and this piece of legislation is considered as "one stop shop of consumer rights" for both online and offline consumers (El-Gendi, 2017).
Though, online consumer protection mechanisms have rapidly developed at international level, neither Sri Lankan consumer protection law, electronic transaction law nor any other legislation has specifically addressed the online consumer rights in Sri Lanka (Kariyawasam, 2008;Abeyrathna, 2008). Therefore, on the one hand, from the consumer rights perspective, Sri Lankan e-consumers are in great danger in the cyberspace (Fernando, 2013). Moreover, as indicated by the Ceylon Chamber of Commerce (2017), the current online sales are just 1 per cent, when compared to the annual consumer sales in Sri Lanka. Accordingly, this research argues that the absence of the proper online consumer protection mechanism has a negative influential factor in online commerce of Sri Lanka. Therefore, this research emphasises that it is necessary to develop an appropriate legal framework for online consumer protection in Sri Lanka. The suggested model would be enriched with a comparative analysis of the EU approach on e-consumer protection, particularly its implementation in United Kingdom (Hereinafter referred to as UK).

Research Problem
Even though e-commerce and electronic transactions have rapidly developed as a global trend all over the world, it is notable that Sri Lankan consumers are still unwilling to place full trust and confidence on online commercial transactions. Online consumers face greater risk in the cyber space when compared to traditional offline consumers, since they are dealing with unknown sellers and vendors. However, the Electronic Transactions Act, No. 19 of 2006, the Consumer Affairs Authority Act, No. 9 of 2003 or any other legislation in Sri Lanka, do not address any specific issues faced by online consumers. Therefore, in addition to the lack of computer literacy and other reasons related to infrastructure, the absence of proper e-consumer protection law can be identified as the key factors which could reduce the willingness of the consumers' to engaged in online transactions. Nevertheless, it is obvious that, as a developing country, Sri Lanka needs to gain the trust of e-consumers to attract more investments and engage with the global market. Therefore, the research problem focuses on how to develop an appropriate legal framework for online consumer protection to enhance the consumers' trust and confidence in electronic transactions in Sri Lanka.

Methodology
As mentioned above, the main objective of this research is to propose a new legal framework for online consumer protection in Sri Lanka. In order to achieve this, the researcher has selected the qualitative research approach as the main research methodology. Dobinson and Johns (2007) point out that a qualitative legal research could be a doctrinal, theoretical, problem, policy or law reform research. Accordingly, this research is a reform-oriented legal research.
Moreover, this research is a comparative study between Sri Lankan and other two selected jurisdictions. The main research area of the research; namely, 'online consumer protection' is a novel concept for the Sri Lankan legal system. Therefore, in order to develop an effective legal framework for Sri Lanka, the researcher has to compare and contrast the existing Sri Lankan law with the other jurisdictions which have already been developed as an advanced mechanism to protect consumer rights in the online marketplace. As mentioned earlier, the EU has enacted a separate Directive for protecting consumer rights in the EU countries and it is able to provide more advanced protection for offline as well as online consumers. Subsequently, the UK Parliament has enacted The Consumer Right Act (hereinafter referred to as 'CRA') in 2015, implementing the key features of the CRD. El-Gendi (2017) defines the CRA as a "one stop shop" because it has combined many previous Acts and regulations to assure stronger consumer protection in both the online and offline context. Based on these developments the researcher has selected the EU and UK jurisdictions as the main legal paradigms for the comparative analysis. Both primary and secondary sources are used to gather data with regard to existing Sri Lankan legal framework and comparative jurisdictions. As primary legal sources, Sri Lankan legislation such as the Electronic Transactions Act, No. 19 of 2006, Consumer Affairs Authority Act, No. 9 of 2003, Computer Crime Act, No. 24 of 2007 etc., emerging case law jurisprudence and international and regional legal instruments are examined. Journal articles, research papers and reports are studied as secondary legal sources.

Theoretical Framework
Consumer protection is generally justified by considering consumers as weaker than their contracting partners. Therefore, it is accepted that their interests should be protected due to inferior bargaining power. The doctrine of 'inequality of bargaining power' stresses the economically weaker position of the consumer vis-a-vis the suppliers (Haupt, 2003). As Barnhizer (2005) points out from the United Sates case law, "gross inequality of bargaining power could negate the meaningfulness of choices available to the weaker party".
The 'exploitation theory' also provides a similar view to the 'weaker party" argument. According to this theory, consumers are in need of protection for two reasons: first, consumers have few options but to purchase and contract on the terms set by increasingly large and powerful companies; second, companies are able to exploit significant information and sophistication disparities in their favour (Ruhl, 2011).
However, at least several scholars are of the opinion that this traditional theoretical argument on identifying the consumer as the weaker party is no longer valid in the modern context. As Ruhl (2011) argues, "exploitation theory fails to take into account competition between companies and the fact that any bargaining power that companies have vis-a-vis consumer is limited through competition from other companies". Therefore, the author suggests that economic theory is the best theoretical rationale for consumer protection today, because consumers should be protected from the information asymmetry between them and the professionals.
The 'economic theory' of law is mainly concerned with promotion of economic efficiency and the protection of wealth as a value. According to the Posner, a leading scholar of the Chicago School of economic analysis, contractual transactions are the fundamental mechanisms for wealth maximization (Mc Coubrey & White, 1999). As Posner further highlights, "contract law has had to change a great deal since then to cope with modern consumer transactions where there is no delay between agreement and performance" (Mc Coubrey & White, 1999). Therefore, the economic theory justifies the movements of goods and services through electronic transactions, because the flexibilities and opportunities of online markets are larger than the space of face-to-face transactions. Therefore, it can be argued that a strong consumer protection mechanism can be an incentive to develop trustworthiness and confidence on the electronic transaction. Based on that argument, the incentive theory can be applied to justify consumer protection in electronic transactions as well.
Moreover, the concept of trust can be used as another theoretical background for this research. From the behavioural economists' perspective, "trust has long been regarded as a catalyst for buyerseller transactions that can provide consumers with high expectations of satisfying exchange relationships". (Pavlou, 2003). Therefore, Pavlou (2003) argues that the role of trust is of fundamental importance for adequately capturing consumer behaviour in e-commerce. O'Hara (2005) also supports this view by developing an argument which explains the relationship between the law and trust, called "safety net assessment". Accordingly, the law can play a major role to create trust between two parties. Therefore, to the extent that the law works towards decreasing the vulnerability of a contractual relationship, it promotes the parties willingness to enter into a contractual obligation (O'Hara, 2005).
Thus, the aforementioned theoretical approaches are the foundation for this research. The doctrine of inferior bargaining power, exploitation theory and the economic theory provide the theoretical rationale for consumer protection. The economic theory also justifies the electronic transactions and e-commerce activities as tools for wealth maximization. In addition, the trust theory based on behavioural economic conception, builds up the link between the law and consumer trust and thereby increases confidence in online market.

Benefits, Key Legal Issues and Challenges Faced by Online Consumers
"The Internet is becoming an increasingly popular means for the sale of goods and more and more transactions are being made online…The increase in online transactions raises the issue of whether or not there is sufficient protection for the e-consumer. Due to the risks inherent in online transactions there is a need for these types of transactions to be specifically acknowledged and regulated" (McClafferty, 2012) As McClafferty (2012) aptly highlights in the above statement, even though online transactions are becoming more popular, they raise several issues due to the risk inherent to such transactions. Waite (1999) also brings a similar view and opines that "Internet could bring about radical change in distance selling by providing instantaneous, low-cost links for marketing and payment between consumers and suppliers world-wide; that there are resultant risks as well as benefits." When examining the positive factors of the online transactions from the consumers' perspective, it is evident that during the last few decades consumer attractions to e-commerce and online transactions have increased rapidly due to their flexible nature. Looking and comparing goods and products are easier on the Internet than the offline market (Khan, 2016). Therefore, consumers have more opportunities for selection and also enjoy easier access to information. , Moreover, Khan highlights that consumers can save their time by just clicking a button on the Internet from home or work place (Khan, 2016). Thus, some scholars such as Edward (2003) and Prins (2003) argue that online transaction and e-commerce have improved the 'consumer sovereignty' and they regarded it as a positive force for consumer empowerment.
However, it is observed that although online consumers are enjoying significant benefits in the online marketplace, they have to face considerable amounts of risk and vulnerabilities during their transactions such as information disclosure, violations of privacy, lack of systems security, dispute resolution, etc. These issues would negatively impact consumer trust and confidence on e-commerce.
Particularly, in the developing countries, due to technology barriers and other infrastructure problems, consumers express more hesitancy to engage with electronic transactions. Therefore, as mentioned by the UNCTAD, "an adequate and supportive legal environment is essential to create trust online and to secure electronic interaction between enterprises and consumers" (UNCTAD Manual, 2016).

International and European Union Approaches on Online Consumer Protection
At the international level, the OECD has introduced separate guidelines for online consumer protection, namely, the Guidelines for Consumer Protection in the Context of Electronic Commerce, 1999. As Alsagoff (2006) indicates the OECD guidelines "act as platform for its member countries to develop their national law in tandem with the international standards" (p.82). The principle 1 of the OECD Guidelines highlights that, Consumers who participate in electronic commerce should be afforded transparent and effective consumer protection that is not less than the level of protection afforded in other forms of commerce The United Nation Guidelines on Consumer Protection (hereinafter referred to as UNGCP) is the most recent major international step towards consumer protection. As Yu & Galligan (2015) point out, the UNGCP provides an advanced global standard on consumer protection for the purpose of delivering justice to every individual consumer. This opinion is very much highlighted in the objectives of the UNGCP. Accordingly, the main objectives of the UNGCP are "to assist countries in achieving or maintaining adequate protection for their population as consumers, to facilitate production and distribution patterns responsive to the needs and desires of consumers, to encourage high levels of ethical conduct for those engaged in the production and distribution of goods and services to consumers". Among the regional mechanisms the European Union's approach to online consumer protection is significant.
According to the Finocchiaro (2003), the main objective of the European e-commerce legislations is to promote e-commerce. Therefore, he argues that consumer protection in electronic transaction is an indispensable factor from this economic objective. The Consumer Right Directive (CRD) is the recent development of the EU law, which was enacted in 2011 and replaced in 2014. The CRD is considered as an umbrella legislation of repealing and replacing Distance Selling Directive, Doorstop Selling Directive, Unfair Terms in Contracts Directive and the Sale of Consumer Goods and Associated Guarantees (Sullivan, 2016;Mc Clafferty, 2012).
As Article 1 of the CRD indicates, the purposes of the Directive is the achievement of a high level of consumer protection, to contribute to the proper functioning of the internal market. Article 5 and 6 of the CRD provide the information requirement for both contracts other than the distance and off premises contracts. Accordingly, before a consumer is bound by a contract, the trader should provide relevant information such as main characteristic of the goods, identification of the trader, geographical address, and the price of goods in a clear and comprehensive manner.
As Sullivan (2016) opines, the rationale for this information requirement is an attempt to address the inherent information imbalance that exists between consumer and trader who has more knowledge of the market. Therefore, it can be argued that the information provisions of the CRD are a tool to enhance the consumer confidence in the Internet market.
Notably, another new feature of the CRD is the extension of the cooling-off period of a distance contract from seven to fourteen days. Article 9 of the CRD states that consumer should have a period of 14 days to withdraw from a distance or off-premises contract, without giving any reason, and without incurring any costs. As Sullivan (2016) comments, "this extended period from seven to fourteen days was to increase legal certainty and reduce compliance cost for businesses dealing cross broader" The most attractive feature of the CRD is its potential to cover contacts for the supply of digital contents. According to the Racital 19 of the Directive, "digital content means data which are produced and supplied in digital form, such as computer programs, applications, games, music, videos or texts, irrespective of whether they are accessed through downloading or streaming, from a tangible medium or through any other means". Moreover, Recital 19, in connection with Article 6 (1) (2), imposes additional information obligations and requirements on the e-tailors who supply digital content. In particular, these obligations include information on the functionality and the relevant interoperability of digital content (Bezakova, 2013).
Therefore, it can be argued that this prerequirement of information with regard to the digital content makes the consumer more knowledgeable about the goods and services.
Accordingly, it is evident that the OECD Recommendations for Consumer Protection in E-Commerce and the UNGCP provide a comprehensive guidance for member states to adopt and enable consumer protection for online users. Similarly, the EU approach on e-consumer protection is a more solid and broad approach and it can be argued that the EU law has expanded its protection beyond the international legal framework. In 2015 the UK parliament enacted the CRA by implementing the aforementioned key features of the CRD.

Online Consumer Protection in Sri Lanka
During the last few decades, the Sri Lankan E-commerce sector has experienced rapid development. More recently, scholars have paid attention to the study of influential factors for e-commerce growth and its impact on the market economy in Sri Lanka. Arawwawala & Gunawardane (2017) analysed the challenges and barriers of implementing e-commerce among SMEs in Sri Lanka. In this research they have identified that confidentiality issues, privacy of the data, security issues in making the payments in online etc. as some of the challenges which inhibit the e-commerce developments in Sri Lanka. In addition, Kapurubandara (2009) in another research also highlights e-commerce adoption barriers in Sri Lanka such as lack of computer literacy, poor Internet facilities, lack of governmental support, fears and concerns over security. Peris & Kulkarni (2015) also support this view and reveal that one reason for consumer reluctance is their concern about security risks, particularly with regard to the increasing number of security vulnerabilities and poor security measures to protect personal information.
As O'Hara (2005) denotes, "to the extent that the law works towards to decrease the vulnerability of a contractual relationship, it also promotes the parties willingness to enter into a contractual obligation". Therefore, it can be argued that although the aforementioned issues related to infrastructure and other reasons negatively influence the e-commerce growth in Sri Lanka; the absence of proper e-consumer protection law is one of the key factors which leads to the reduction of the willingness of consumers to engage with online transactions. In order to explore more on this argument, it is important to analyze the existing legal framework in Sri Lanka.

Existing Sri Lankan Legal Framework
Sri Lankan legislature stepped into electronic transaction law in 2006 by enacting the Electronic Transactions Act, No. 19 of 2006 (hereinafter referred to as 'ETA'). Since then the Computer Crime Act, No. 24 (hereinafter referred to as 'CCA') was introduced in 2007, in order to strengthen the legal framework. Consumer protection law of the country was also repealed in 2003 by enacting Consumer Affairs Authority Act, No.9 of 2003 (hereinafter referred to as 'CAAA'). This Act brought more modifications to the traditional consumer protection law but, failed to address the consumer protection in online environments.
The ETA was introduced as a significant piece of legislation which broadly addresses the issues in electronic transactions in the country. The Act closely follows the UNCITRAL Model Law on ecommerce and electronic signatures (Kariyawasam, 2008). However, when examining the consumer protection mechanism under the ETA, any direct provision regarding online consumer protection is hardly found. Conversely, it can be argued that the recognition of electronic records, electronic signature and admissibility of electronic evidence may impliedly provide protection for online consumers. Nevertheless, Kariyawasam (2008) makes propound argument that:

"[T]he Electronic Transaction
Act is silent about online consumer protection in relation to, for example, information disclosure, delivery, transaction confirmation, cancellation and refund policy" According to the Kariyawasam's argument, it is evident that the ETA does not expressly deals with the online consumer protection issues. Moreover, the ETA fails to provide adequate data protection mechanism which can secure consumer privacy in the cyberspace.
The CCA was enacted in 2007 to provide identification for computer crimes and to provide the procedures for the investigation and prevention of such crimes. The CCA covers a broad range of computer crimes such as computer hacking, computer cracking, unauthorized modifications, illegal interception and etc. The CCA is important in online consumer protection, due to Section 10 of the Act. The Section 10 of the CCA recognizes unauthorized disclosure of information as a computer crime. Section 10 provides that, "Any person who, being entrusted with information which enables him to access any service provided by means of a computer, discloses such information without any express authority to do so or in breach of any contract expressed or implied, shall be guilty of an offence and shall on conviction be liable to a fine not less than one hundred thousand rupees and not exceeding three hundred thousand rupees or to imprisonment of either description for a term not less than six months and not exceeding three years or to both such fine and imprisonment." This provision affords some basic protection for online privacy issues. However, as Fernando opines, still there is a gap in the Sri Lankan data protection law (Fernando, 2013). Moreover, it can be argued that, though the CCA provide protection for unauthorized information disclosure in online transactions, that single provision cannot address other complicated issues faced by online consumers such as payment security, online fraud, and dispute settlement.
The Consumer Affairs Authority Act (CAAA) provides general protection for consumers and traders by establishing the Consumer Affairs Authority in Sri Lanka. The main objectives of the establishment of the Authority are to promote effective competition and the protection of consumers as well as to regulate internal trade. As Rodrigo (2013) correctly spells out, "the introduction of the CAAA as the key consumer legislation marks a significant legislative development in the area of consumer protection". .
According to the Part II of the CAAA, the Consumer Affairs Authority has powers to regulate trade by undertaking studies on the distribution of goods and services, issuing directions to manufacturers and traders, determining standards and specifications relating to goods and services. However, the Act does not confer any specific authority to regulate online trade and services and most importantly the Act does not deal with some of the major consumer remedies, particularly for granting cooling-off periods (See: Rodrigo, 2013).
Conversely, it can be argued that, although the CAAA is silent about the online consumer, the same provisions in the Act can be applied to online consumers as well. According to the interpretation section of the Act, the term 'service' includes "the provision of the Information Technology and Communications". Therefore, can this interpretation be considered as an adequate initiative for online consumer protection?
It is obvious that the complex nature of the online transactions requires more solid protection, particularly when addressing the online consumer protection.
Therefore, it is notable that, as well as the aforementioned electronic transaction legislations in Sri Lanka, the CAAA has also failed to provide a mechanism for protecting the online consumer rights. Recently, the Consumer Affairs Authority (CAA) and the Information Communication Technology Agency (ICTA) collectively discussed the importance of 'consumer protection in the 'digital age' in order to facilitate policy recommendation for online consumer protection. In this forum Weragoda (2017) has criticized the CPAA for not offering adequate dispute resolution mechanism/s in the current digital era.
Accordingly, it can be reasonably argued that the existing IT law regime or the consumer protection legal regime in Sri Lanka does not adequately address the issues of online consumers.

Conclusion
"Electronic transactions are of growing importance to Governments, enterprises and consumers in most parts of the world. While greater reliance on electronic commerce creates significant opportunities, a lack of security and trust remains a critical barrier to such transactions." (UNCTAD Secretariat, 2015;) As this statement indicates, today a country cannot go forward without embracing the advancement of technology. The e-commerce sector of Sri Lanka is ready to grow in the next few decades. However, the lack of proper consumer protection mechanism in an online environment creates a stumbling block to the growth of e-commerce. Therefore, as a developing country, it is necessary to take relevant steps to remove this barrier from the e-commerce sector in Sri Lanka.
The international and regional developments demonstrate how those barriers could be overcome by enacting strong consumer protection mechanisms for online consumers. Particularly, the EU and UK examples emphasize some progressive mechanisms to regulate online consumer transactions such as information requirement, extension of the cooling-off period, privacy protection, contracts relating to digital contents etc. When comparing the Sri Lankan situation with those advanced mechanisms, it is evident that either Sri Lankan IT law or consumer law does not adequately provide a consumer protection legal framework for online commercial transactions. This research attempts to highlight this gap and further emphasizes the need for an adequate online consumer protection mechanism embedded into the Sri Lankan legal landscape.