India is currently in the middle of drafting its data protection and localisation norms which would impact all internet-based services in the country, whether homegrown or international. However, the Finance Ministry has now suggested that provisions regarding data protection should not be made part of the new ecommerce policy.
A government official told Livemint that the issue of data protection should instead be handled by the IT Ministry, as it is already drafting the bill for every industry and sector where data storage is involved. An official from the finance ministry told Livemint that the data protection aspects should not be a part of ecommerce policy.
The draft ecommerce policy, which was unveiled on February 23, has data as its focal point and was accepting comments from industry stakeholders till March 31. The Finance Ministry is said to have made the suggestion of excluding data protection from ecommerce policy in its comments. The policy will be finalised once the new government is formed.
The draft for data protection bill is being prepared by the Ministry of Electronics and Information Technology (MeitY) and it contains provisions to protect user privacy when data is involved. The draft ecommerce policy has also proposed constituting a dedicated ‘data authority’ for issues related to sharing of community data which serve the larger public interest with startups and firms.
“The draft ecommerce policy and the data protection bill, both deal with similar issues pertaining to data privacy and protection and therefore, there should not be conflicting provisions under different rules under different legislation. If it is not taken care of appropriately, then when both become a policy and a law, respectively, there could be a possibility of overlap and different interpretations,” Atul Pandey, partner at Khaitan & Co was quoted as saying by Livemint.
Data localisation, as it is called, has become a big talking point since it has barred players such as Facebook, which owns WhatsApp, from launching WhatsApp Payments in India.
The draft data protection policy says that data collected in India should be stored within India. Such data, collected by ecommerce platforms, social media and search engines, should not be transferred abroad without due process.
The policy further notes that if an entity collects or processes any sensitive data in India and stores it outside the country, then such data shall not be made available to other businesses even with the consent of the user.