The government has released the draft national e-commerce policy, proposing to set up a legal and technological framework for restrictions on cross-border data flow, and also laid out conditions for businesses regarding collection or processing of sensitive data locally and storing it abroad.
The draft policy said the framework would be created to provide the basis for imposing restrictions on cross-border data flow from specified sources, including data collected by IoT devices installed in public space, and data generated by users in India by various sources, including e-commerce platforms, social media and search engines.
The 42-page draft addresses six broad issues of the e-commerce ecosystem — data, infrastructure development, e-commerce marketplaces, regulatory issues, stimulating domestic digital economy and export promotion through e-commerce.
According to the draft ‘National e-Commerce Policy — India’s Data for India’s Development’, ‘It is almost a cliche today that data is the new oil. Unlike in the case of oil, data flows freely across borders. It can be stored or processed abroad and the processor can appropriate all the value. Therefore, India’s data should be used for the country’s development and Indian citizens and companies should get the economic benefits from the monetisation of data’.
A business entity that collects or processes any sensitive data in India and stores it abroad, will be required to adhere to the certain conditions, according to the policy draft. The conditions state that all such data stored abroad shall not be made available to business entities outside India, for any purpose, even with the customer’s consent. Further, the data shall also not be made available to a third party for any purpose and it would also not be shared with a foreign government, without the prior permission of Indian authorities, the draft said.