The government will set up a regulator and have a new law for the e-commerce sector if a draft policy being finalised by the Department for Promotion of Industry and Internal trade (DPIIT) is finally approved, a source said. Softening its stance on mandatory local data storage proposed in an earlier draft e-commerce policy announced in February 2019, the DPIIT’s new draft policy has suggested a comprehensive, periodic audit of the storage locations of players like Amazon, Flipkart and those that store Indian users’ data abroad, said the source. These players will have to build in adequate safeguards at the specified storage locations as well to ensure privacy of the user isn’t compromised.
But the new draft policy suggests restrictions on cross-border flow of sensitive information, such as those relating to defence or medical records, etc, without formal authorisation. The proposed ecommerce law will likely specify the data these companies can use, store or transfer. The government will have unrestricted access to any data stored by the players or any ecommerce activity on grounds of national security.
Also, the companies would have to provide such data to authorities within three days, failing which penal actions would be initiated against them.
The new draft policy will soon be put up on the public domain for stakeholders’ comments.
Amid unease over inflows of substandard products from China, the draft also makes it more explicit for e-commerce firms to ensure the products sold on their platform adequately specify the country of origin and value addition levels in India.
The new draft policy, however, will likely junk some of the critical — and controversial — suggestions of an earlier draft policy on e-commerce finalised by a taskforce under former commerce secretary Rita Teaotia in 2018. It may scrap the earlier suggestion to tweak policies to enable founders of domestic e-commerce companies to retain control even if their shareholding is small (the suggestion had raised fears of discouraging foreign investments, especially in start-ups).
Similarly, it will remain silent on an earlier draft policy proposal to allow 49% FDI in e-tailers holding inventory of locally-produced goods (apart from food retail).
The draft policy, released last year under then commerce and industry minister Suresh Prabhu, had provided for regulating cross-border data flows, setting up storage facilities locally and establishing a ‘data authority’ to devise a framework for sharing community data.
Asserting that the country and its citizens had a ‘sovereign right’ over data, the 2019 draft policy proposed to disallow sensitive data collected and processed locally but stored abroad from being shared with foreign governments and businesses outside India or any such third party even with the consent of the customer. The policy proposes to grant companies three years to set up storage. It also sought a review of the extant policy of exempting electronic transmission from customs duty “in the light of the changing digital economy and the increased role that additive manufacturing is expected to take”.
However, this draft policy attracted criticism over its rigid data storage norms. Even the US government had expressed its concerns on India’s mandatory data localisation rule.