Three prominent in-house counsel foretell the risks and opportunities in the pharma, data privacy and e-commerce sectors


Pharma: evolving priorities

The year ahead will see pharma companies and their general counsel (GC) continue to grapple with the demands of the volatile, uncertain, complex and ambiguous (VUCA) business environment they find themselves in. The global marketplace that Indian pharma companies operate in today is far more challenging than it was a decade ago. Companies must navigate a complex maze of interconnected risks – political, macro-economic, technological, tax, financial, legal, regulatory – that run across political borders. A tweet can disrupt a strategy, an alliance between your customers can halve your margins, and regulatory changes can open or close entire markets.

In this VUCA world, an in-house counsel must anticipate, mitigate and live with all kinds of risk, and bring more than mere legal expertise to the table – one must also be a dealmaker, reformer, crisis manager and strategist.

One issue that dominated agendas and management discussions of Indian pharma companies over the last year was the diminishing profitability in the US (a key market where Indian companies together account for around 40% of all generic sales), arising from a combination of mounting competition, channel consolidation, and other discrete events, such as the backlash against opioids.

In the years ahead, margin erosion in the commoditized oral solids (tablets and capsules) sector will drive larger players to focus on higher margin offerings such as complex generics, biosimilars and injectables, while simultaneously looking to offset US revenue loss and reduce dependence on the US market by investing in other geographies (e.g. China, Japan, Europe, the Commonwealth of Independent States (CIS) and Africa). Investments in China will also be driven by a desire to: (a) mitigate dependence on Chinese active pharmaceutical ingredients (APIs), intermediates and key starting materials, and (b) take advantage of recent regulatory developments, including conditional acceptance of foreign clinical data, to access the massive domestic Chinese market.

All of this will mean a renewed focus on strategic acquisitions, divestments and licensing in the years ahead, as companies divest non-core business units (such as Sandoz selling its entire generic oral solids business to Aurobindo Pharma) and acquire or in-license high growth products. The legal department will be a key driver in this process, as the need to execute such deals nimbly while managing risk will be paramount. The deal lawyer sits at the centre of the corporate business development machine, identifying issues, anticipating risks, crafting solutions, seeking and managing feedback from multiple functions, synthesizing the company’s position, and ultimately negotiating and drafting agreements that reflect this position as far as possible. When performed correctly, this function adds tremendous value, and is a role like no other.

SHANTANU MUKHERJEE is legal head, Asia Pacific and Japan, at Lupin. The views expressed are entirely personal.


Data privacy: rethinking compliance

The world is moving towards tougher data privacy laws. The European General Data Protection Regulation (GDPR) is a major leap in this direction. With privacy laws now enacted in over 80 countries, there are a number of rules that Indian businesses have to comply with to do business worldwide.

There are regulations on data transfers outside the country of origin, which may require prior consent of the individual or of the regulators. They may also require negotiation of data transfer agreements or data use agreements that set limits on the permitted uses, and include stringent requirements for confidentiality and security.

There are some laws, like the Chinese Cyber Security law, which consider access of personal information from outside the country of origin to be a transfer. Under Australia’s Privacy Act, the Privacy Commissioner has the power to conduct investigations to ensure compliance and impose civil penalties for an egregious breach or for repeated breaches of Australian Privacy Principles (APPs) where remediation has not been implemented.

Similarly, to do business in Singapore, companies needs to comply with Personal Data Protection Act, 2012, which has extra territorial effect and so the organizations have to comply with the act while collecting personal data from individuals in Singapore whether or not the organization itself has a presence in Singapore. And in the Philippines, the Data Privacy Act, 2012, imposes restrictions on access and use of personal information.

Indian businesses that collect and process personal data of the citizens of these countries do get impacted by these stringent laws. The penalties that the companies are exposed to are as high as 20 million or 4% of its annual worldwide turnover in case of breach of GDPR. Apart from the financial implication and reputation risk, Indian companies also risk losing business in these regions.

Indian companies are now investing in privacy compliance and are tweaking their privacy set up to accommodate these laws and to follow privacy-by-design principles. They have also set up separate privacy departments headed by a chief data protection officer or a privacy officer. Regular training sessions and audits are being held to ensure compliance. Businesses have to now hire local privacy lawyers in other countries to advise on local regulations.

Data breaches continue to be costlier and result in more personal records being lost or stolen year after year. It has been estimated that the average cost per lost or stolen record is about US$150. The average total cost of data breach across the globe is expected to be under US$4 million. These penalties are pretty stiff and companies cannot afford to be non-compliant with privacy laws across the globe.

K SATISH KUMAR is the global head of legal and chief data protection officer at Ramco Systems. He is actively involved in many pro bono activities alongside Chennai lawyers. The author can be reached at



E-commerce: changing rules

Indian e-commerce penetration is predicted to grow to 28% of the forecast over 500 million internet users by 2021. And the tug of war between the bricks-and-mortar store owners and the online retailers is expected to have a bearing on the legislative landscape in years to come.

The seeds of legislative changes were sown in 2014 when 100% FDI was allowed in e-commerce marketplaces. However, a recent clarification issued by the Department of Industrial Policy and Promotion, through Press Note 2, has created tremors.

Although there has been some buzz around a holistic new e-commerce policy to streamline and boost the e-commerce sector, the clarification issued late in December last year, coupled with the unusually short implementation deadline of 1 February 2019 has drawn global attention and criticism on account of the changing nature of regulations in India.

To summarize the key changes, (a) marketplace entities are now restricted from exercising control over the inventory presuming they intend to sell such inventory; (b) automatic conversion of marketplace model into an inventory-based model in case of control over the inventory; (c) for the purpose of creating a level playing field, marketplace entities will not create direct or indirect influence on the sale price of goods or services through their platforms; (d) prohibition on a vendor to sell through a marketplace which has a stake in the vendor; (e) marketplaces or any entity owned or controlled by the marketplaces should provide services to the vendors in a fair and non-discriminatory manner and on an arms-length basis; and (f) marketplace entities will be prohibited from selling goods of a vendor controlled or owned by it.

The Press Note appears to have set the context and created the roadmap for the new draft e-commerce policy. What does this entail for consumers, online retailers and bricks-and-mortar store owner in the future?

Consumers, who seem to have been the biggest beneficiary of the deep discounts, cash back offers and the add-ons will certainly be at the receiving end on account of the limitations imposed on online retailers. Online retailers will have to make appropriate representations to policymakers to accommodate their concerns in the new e-commerce policy. Online retailers will also have to fundamentally alter their group structures/holdings and business strategies to comply with the policy changes.

While bricks-and-mortar store operators seem to be the clear winners in this round, it would be advisable for them to not overlook reasons why millennial consumers prefer shopping online. It is not just discounts and cash backs, but shoppers go online because of the convenience, user experience, and price comparison options.

There is also a possibility of certain domestic players creating various hybrid models that entail the characteristics of the market-based and inventory-based models.

It goes without saying that policymakers will have to walk a tightrope to balance the conflicting interests of physical and virtual retailers. However, policymakers should strive to achieve a consistent and predictable policy landscape by focusing on the basic denominator, i.e. the consumer, who more often than not prefers the multi-channel experience of online and offline retail.

ESHA CHAKRAVARTY is general manager-legal at Datamatics Business Solutions.