Data localisation, an overarching theme across recent government policy proposals, has been a thorny issue with industry
Illustration: Uttam Ghosh/Rediff.com
The Department for Promotion of Industry and Internal Trade’s proposed e-commerce policy has drawn flak from industry as well as civil society for being vague and heightening the uncertainty for the sector.
Also, the draft policy has skirted many existing legal provisions, stakeholders have argued.
In a detailed submission on the proposed policy, the software services industry lobby National Association of Software and Services Companies (Nasscom) said the “policy should limit its scope to cover various e-commerce platforms dealing in sale of goods and services and the sellers on those platforms”.
In its current form, the draft policy includes buying, selling, marketing or distributing goods, including digital products and services, through the electronic network, as part of e-commerce.
“It is important to ensure that there is no policy overlap with other departments.
"The policy impacts a wide range of entities including e-commerce platforms, IoT, search engines, ISPs (Internet service providers), OTT (over the top) services providers, content ecosystem and the larger Indian IT industry which processes data on behalf of clients,” the software association has pointed out.
Expressing similar concerns, legal services organisation Software Freedom Law Centre has said DPIIT has gone beyond its mandate to make policy recommendations on subjects like data ownership, cross-border data flow and intermediary liability, among others…The department has overstepped its jurisdiction and issued recommendations which are not in line with existing statutes and their jurisprudence, it said.
Restricting cross-border data flow
Data localisation, an overarching theme across recent government policy proposals, has been a thorny issue with industry.
Now, the e-commerce policy aims to regulate cross-border data flows, while exempting certain categories such as data collected by IoT devices installed in public spaces and data generated by users in India from various sources, including e-commerce platforms, social media, search engines.
Stating that these issues should be dealt with by the Personal Data Protection Bill, Nasscom has said it’s not clear from the policy how the proposed conditions will promote e-commerce growth in India.
The Software Alliance, also known as BSA, a non-profit that includes members such as Apple, Cisco, IBM and Microsoft, believes the restrictions on flow of “sensitive” data were unclear and undefined in the draft policy.
“Restrictions on the cross-border transfer of data and data localisation requirements do not advance the goals stated in the policy. Instead, they disrupt companies’ operations and make it costlier to provide services in India.
"Studies also indicate that local companies would be required to pay 30-60 per cent more for their computing needs in such cases,” it added.
Source code sharing
The policy states that in order to understand how artificial intelligence algorithms (increasingly used by e-commerce platforms) work, it is important for the government to have the right to seek disclosure of source code and algorithms.
“There are important questions that have not been acknowledged in the draft policy such as who will hold and secure the source code, who will indemnify the commercial entity in case there is a leak of the source code, how the updated source code will be provided to the government, given that there are constant product upgrades, and what kind of market failure or customer concern this is seeking to address.
"This raises concerns for the industry. This kind of policy regime is likely to stifle innovation and deter development of digital tools and disruptive AI solutions,” Nasscom said.
Data as national asset
This is one of the most controversial aspects of the policy, which proposes that the data of a country is a “collective resource, a national asset, that the government holds in trust, but rights to which can be permitted.”
Mozilla, which runs the popular open source web browser Firefox, has raised objections as the draft policy paves the way for proposals ‘’that undermine individual rights and is in stark contrast to the expectations of Indian internet users’’.
This policy conflates the government’s interests with society’s interests, which is a dangerous assumption for the world’s largest democracy, according to Mozilla.
DPIIT has not made the submissions to the e-commerce policy public and there is no clarity yet on whether a revised proposal will be put up later.