In its draft National e-Commerce Policy, India has said that the data generated in the country is a national asset, and citizens and the government have a sovereign right over it.
The policy bars “sensitive” data collected and processed here but stored abroad from being shared with foreign governments and other business entities outside India. It has suggested a three year period for companies to setup data storage here and advocates a review of the current practice of not imposing custom duties on electronic transmissions.
“The draft policy will be made public anytime soon,” said a senior official.
The 40-page policy, which ET has seen, has suggested a ‘data authority’ to oversee restrictions on data collected by IoT devices in public space; and data generated by users in India by e-commerce platforms, social media, and search engines.
“It is hence vital that we retain control of data to ensure job creation within India,” the government said in the draft policy document.
The National e-Commerce Policy addresses six broad issues of the e-commerce ecosystem- data; infrastructure development; e-commerce marketplaces; regulatory issues; stimulating domestic digital economy; and export promotion through e-commerce.
It has favoured retaining policy space to seek disclosure of source code for facilitating transfer of technology and development of applications for local needs as well as for security.
“Policy space to grant preferential treatment of digital products created within India must also be retained,” it said.
Further, has proposed banning all parcels, except life saving drugs, coming in through the ‘gifting’ route, as an interim measure to avoid its misuse.
Cross border data flows
As per the policy, by not imposing restrictions on cross-border data flow, India would itself be shutting the doors for creation of high-value digital products in the country.
However, the draft policy exempts certain categories of data from restrictions on cross-border data flow. This includes data not collected in India, B2B data shared between business entities under a commercial contract, and data flows through software and cloud computing services. Also, data (excluding that generated by users in India from sources like e-commerce platforms, social media activities, search engines) shared internally by multinational companies are exempted from restrictions on cross-border data flows.