Online citizens’ forum, LocalCircles, has submitted inputs on the Draft Ecommerce Policy at the stakeholders’ meeting on March 9 called by the Department for the Promotion of Industry and Internal Trade (DPIIT).
The meeting was chaired by the DPIIT additional secretary Shailendra Singh with more than a dozen representatives — Reliance Industries, Microsoft, Amazon, Ola, Uber, Snapdeal, MakeMyTrip, Netflix, CAIT, AIOVA, Vyapari Mandal, UrbanClap — to share their views on the policy.
DPIIT has asked all stakeholders to submit their views on the policy by March 31, 2019.
LocalCircles has recommended the DPIIT to split the policy into two halves — ‘Ecommerce Policy’ and ‘Business Data Policy’.
“While ecommerce policy can cover aspects such as marketplaces, counterfeit, cross-border etc, Business Data Policy can cover all data, for insurance, banking, telecom, including ecommerce data,” LocalCircles founder Sachin Taparia told Inc42.
Within the Ecommerce Policy, Taparia is of the view that the government can also think about how retail, both online and offline, can be integrated as it falls under the DPIIT.
“That way, even the mother dairy store or even BigBazaar’s data would be affected as they store their customer data in some servers located somewhere, and that needs to be treated the same way as Facebook or Amazon’s data,” he said.
Related Article: Keep Data Policy Separate From Ecommerce Policy, Say Startups
DPIIT is in-charge of formulating policies on ecommerce and data.
Partner at a law firm Athena Legal, Siddharth Mahajan, said that while the ecommerce policy should focus on how to develop the sector, all the data-related matter and its monitoring should be left to the data protection laws and legislation the government is proposing.
“Basically, there is proposed data protection and privacy law for which the draft has already been circulated. That legislation and that data protection law should cover the entire data protection framework in the country and without sector-wise differentiation,” Mahajan said.
LocalCircles has also recommended allowing Indian startups and businesses to share their ‘anonymised data’ with their group companies abroad. Taparia explains, “Once a foreign company acquires an Indian startup, the latter will become the former’s group companies, and they should be allowed to share data between them.”
As per the current draft data, it mandates every data fiduciary — in particular, foreign companies — to ensure storage of at least one copy of a user’s personal data on a server or data centre located in India. Taparia is of the view that while personal data can be dealt with MeitY, all business data and the economic value of the data can be covered by DPIIT under Business Data Policy.
LocalCircles has also proposed that the government may ask for company data only for the purpose of law, order, investigation and enforcement.
Further, LocalCircles is currently conducting a survey on the data aspect of the policy and expects to put it out by March 31. Meanwhile, the recommendation to be submitted by the stakeholders is likely to be discussed for the next two months.
“By the next government comes, is when they would be overseeing and will come out with the final policy,” Taparia asserted.
Update 1: [March 11, 5 PM] Post publishing this article, partner at a law firm Indus Law, Namita Viswanath, said:
“One of the common objections to the Draft National E-Commerce Policy by various stakeholders is the need to exclude data protection and regulation from the ambit of the policy. This objection is especially relevant in light of the proposed data protection law in India which provides significant control of the data and also addresses cross-border transfer. Sector-specific guidelines on data privacy along with the provisions of the general data protection law may result in inconsistencies and create a regulatory challenge for ecommerce companies with a global presence.”
Update 2: [March 11, 6.54 PM] Post publishing this article, cofounder of a fashion marketplace Raisin, Vishal Pacheriwal, said:
“The ecommerce policy has been updated considering the changing trends and growing need for data security in the market. However, since a large part of business also happens internationally, there is fairly low clarity on the international exchange of data and security of information pertaining to it. Considering the current business trends and patterns, some changes will have to be made in the processes but the interesting part would be to monitor how many people actually follow the policies and how strict would the implementation be to a large extent.”