The National e-Commerce Policy draft focuses on data localisation, improving safeguards to prevent selling of counterfeit products and increasing safety of digital infrastructure. Draft policy has been shared in public domain inviting comments from stakeholders. It will bans companies from sharing data of Indian users even with their consent. The draft policy aims to regulate the cross-border flow of data.
The National e-Commerce Policy draft, that has been put in the public domain, comes just days after the new e-commerce norms, banning e-retail giants like Amazon and Walmart-owned Flipkart from selling their own goods and offering unfair discounts via exclusive deals, came into effect in India on February 1.
"The National e-Commerce Policy aims to create a framework for achieving holistic growth of the e-commerce sector alongwith existing policies of Make in India and Digital India," the draft policy states.The draft policy aims to regulate the cross-border flow of data. The proposed policy bars sharing of sensitive data of Indian users with third party entities, even with their explicit consent. "An individual consumer/user who generates data retains ownership rights over his/her data. Processing of such data by corporations without explicit consent must be dealt with sternly. Privacy concerns and data security concerns must be given due importance," the draft policy added.
Notably, while it prohibits e-commerce platforms from sharing user data across the border, it allows the cross flow of data under certain circumstances, which include data not collected in India, data shared between businesses under a commercial contract and data (excluding the user data of Indian users) internally by multinational companies.
Additionally, the draft policy makes it mandatory for companies to store their data in India. "Steps will be taken to develop capacity for data storage in India...A period of three years would be given to allow industry to adjust to the data storage requirement," it added.