E-commerce: Draft policy suggests periodic audit of storage locations of players like Amazon, Flipkart

The government will set up a regulator and have a new law for the e-commerce sector if a draft policy being finalised by the Department for Promotion of Industry and Internal trade (DPIIT) is finally approved, a source said. Softening its stance on mandatory local data storage proposed in an earlier draft e-commerce policy announced in February 2019, the DPIIT’s new draft policy has suggested a comprehensive, periodic audit of the storage locations of players like Amazon, Flipkart and those that store Indian users’ data abroad, said the source. These players will have to build in adequate safeguards at the specified storage locations as well to ensure privacy of the user isn’t compromised.

But the new draft policy suggests restrictions on cross-border flow of sensitive information, such as those relating to defence or medical records, etc, without formal authorisation. The proposed ecommerce law will likely specify the data these companies can use, store or transfer. The government will have unrestricted access to any data stored by the players or any ecommerce activity on grounds of national security.