Data is a big concern of the draft National e-Commerce Policy. Who controls the personal data that large e-com companies have come to access, can they exploit it, can such data be in non-Indian hands – all these questions have come into focus of the draft policy. And it has proposed setting up of a legal and technological framework for restrictions on cross-border data flow. The personal aspects of data protection and privacy applicable in the realm of e-commerce will be dealt with by the Personal Data Protection law under consideration, while draft national e-com policy looks at the other regulatory issues pertaining to data protection. It has delineated conditions for businesses regarding collection or processing of sensitive data locally and abroad.
The draft policy document repeats the prevalent industry aphorism that data is the new oil and likens data generated in the country to a national asset much like a coal mine or spectrum. Hence, the proposed policy argues that India needs to protect its data to make it available for Indian startups.
The policy proposes that all e-commerce websites, selling to Indian consumers and apps available for downloading in India, have a registered business entity here. These technology companies must provide government access to source code, algorithms of AI systems and are barred from sharing of sensitive data of Indian users with third party entities, even with consent. However, certain categories of data are exempted from restrictions on cross-border data flow.
These companies will have to house their India-specific data in India within three years. This would mean companies such as Amazon and Walmart-Flipkart will need to set up data centers in India, if they do not already have those here.
The 42-page draft addresses six broad issues of the e-commerce ecosystem – data, infrastructure development, e-commerce marketplaces, regulatory issues, stimulating domestic digital economy, and export promotion through e-commerce. The last date for response to the draft policy has been extended till Mar 31, 2019 as e-commerce companies have sought an extension of the deadline for more analysis and assessment. The draft policy follows the issuance of PN-3/2018 which sought to arrest violations, almost a habitual practice in the sector.
However, severe apprehensions abound. The Confederation of All India Traders (CAIT) has pushed for tighter scrutiny and setting up of a regulatory authority. It has termed the move by Amazon of changing the equity structure in certain Indian entities as circumvention, a fact which is not implausible given the track record of the foreign funded e-commerce companies of running crypto-inventory operations and selling online through name-lending companies.