In the first meeting after the department for promotion of industry and internal trade (DPIIT) came out with its draft e-commerce policy, some stakeholders last week asked the government to relax the data storage rules to allow a company to share data at least with its group companies, some of the participants told FE.
The draft policy says sharing of such data with third party entities, even with customer consent, is barred under the policy . In the absence of a clear-cut definition of the third party, this will mean an Amazon India won t be able to share data with Amazon Inc for business development or better customer satisfaction. This could potentially limit acquisition and investment opportunities for foreign companies in the Indian start-up space.
The stakeholders also suggested a change in the policy stipulation that enables Indian authorities to access all data stored abroad whenever they want; instead, the government must ask for data only in case of a law and order or money laundering issue, and not in all cases, to avoid potential misuse of such powers, they argued. Also, the ambit of the policy should be broadened to include all business data, and not just data relating to e-commerce or cloud computing.
We have suggested DPIIT that the e-commerce policy be split into an e-commerce policy and a business data policy and the business data section should cover all businesses including telecom, banks, offline trade etc. and not just e-commerce, social media and technology, said Sachin Taparia, founder and chairman of LocalCircles, who attended the DPIIT meeting on March 8.
A dozen and a half stakeholders, including Amazon, Microsoft, Netflix, Uber, Ola, Reliance and traders organisations, however, didn’t complain about having to store data locally. The DPIIT has extended the deadline for submission of feedback on the new draft e-commerce policy till March 29 from March 9.
The government had on February 23 released a new draft e-commerce policy that provided for regulating cross-border data flows, setting up storage facilities locally and establishing a data authority to devise a framework for sharing data.
Asserting that the country and its citizens have a sovereign right over data, the draft policy disallows sensitive data collected and processed locally but stored abroad from being shared with foreign governments and businesses outside India or any such third party. The policy proposes to grant companies three years to set up storage. It also says that a request from Indian authorities to have access to all such data stored abroad will have to be complied with immediately.