Indian online shoppers’ data is a “national asset” and a “mine of natural resource,” which the Indian government wants exclusive rights to.
On Feb. 23, the Narendra Modi government released its draft e-commerce policy which, among other things, suggests barring retailers in the country from allowing data access to foreign business entities, even if they have the consent of the user. The 41-page document, which goes as far as comparing data to a coal mine, says:
India and its citizens have a sovereign right to their data. This right cannot be extended to non-Indians (the same way that non-Indians do not have any prima facie right or claim to, say, an Indian coal mine). This understanding flows from the acknowledgement that data about an Indian is his/her own. Even after anonymisation, the interests of the individual cannot be completely separated from the derivatives that may be obtained by analysing and drawing inferences from a certain set of data.
However, Indian authorities will have immediate and unconditional access to user data generated in the country, it states.
Currently, data gathered by e-commerce companies in the country is stored on the private cloud storage capacities of American companies such as Microsoft and Amazon. These servers are typically hosted outside India in countries that have cheaper and better storage infrastructure.
The government has sought feedback on the draft policy from the public by March 09.
The draft policy says “citizens have a sovereign right to their data” and, therefore, all data generated by e-commerce websites must be stored in India. However, much to the relief of e-tailers, it states if this draft policy is implemented, all companies will be given three years to fully comply.
Some other important points that the draft policy makes about data include:
- The government is putting in place a legal framework to deal with violations in data collection, usage, and storage.
- The government has suggested a “data authority” to track data collected by internet of things (IoT) devices in public spaces such as traffic lights, by e-commerce platforms, social media, and search engines.
- The draft policy foresees leveraging the available data to the benefit of micro, small, and medium enterprises (MSMEs) and startups.
“Without access to adequate data, MSMEs and startups remain at a disadvantage to develop a large number of innovative solutions,” the document states. “There have been arguments that data held by large corporations must be made available to other companies, through some sort of ‘compulsory licensing.’”
There are a few caveats to this. The draft policy exempts certain kinds of data from these restrictions, including data not collected in India, business-to-business (B2B) data shared between companies under a commercial contract, and data flowing through software and cloud computing services.
The draft policy comes just a couple of months after the government updated its FDI policy for e-commerce companies. The FDI policy made some damaging changes that forced the likes of Amazon and Walmart-owned Flipkart to make structural changes.
The new draft policy comes down heavily on unauthorised e-commerce websites, especially Chinese firms such as Shein and Club Factory, misusing the “gifting” route to avoid customs duty and goods and services tax (GST). It suggests several operational changes to such portals, including mandatory compliance with GST and routing the parcels through regular customs.
To check the misuse of the gifting route, the draft policy has also suggested some changes for registered e-commerce players in the country. It proposes that all e-commerce websites be mandated to route all their shipments from other countries to India through the customs route. It has suggested that an integrated system is created, connecting India’s central bank (the Reserve Bank of India) and India Post, to better track imports.
Indian customs regulations currently give tax exemption on gifts sent to relatives from Indians living abroad. ”In view of the misuse of the ‘gifting’ route, as an interim measure, all such parcels shall be banned, with the exception of life-saving drugs,” the draft states.
As an additional safeguard, all payments from Indian banks and payment gateways “made to unauthorised and unregistered (GST non-compliant) sites/apps shall be barred.”
In addition, the draft policy makes it mandatory for any e-commerce website that wants to do business in India to have a registered business entity in the country as the importer on record or as the firm through which all sales in India are transacted. “Any non-compliant e-commerce app or website will not be given access to operate in India,” it states.
Under current norms, consumers can shop directly from foreign websites irrespective of whether they are registered in India or not.
Tightening the noose around Chinese e-commerce websites, the government said a body of industry stakeholders will be created that will identify “rogue websites” under the “infringing websites list.” A rogue website would refer to those that host predominantly pirated content. The draft policy also suggests:
- Internet service providers will have to mandatorily remove or disable access to portals listed in the infringing websites list.
- Rogue websites earn their revenues through online payments made based on a subscription or advertisement revenue models. Such payments have to be routed through payment gateways, which shall not permit flow of payments to or from such rogue websites.
- Search engines must take necessary steps to remove websites identified in the list from search results.
- Advertisers or advertising agencies shall not host any content on the websites identified in the list.
The draft policy has also sought to streamline the grievance redressal mechanism in e-commerce firms, especially in the case of counterfeit products.
The final policy may also make marketplaces directly liable to return the amount paid by the customer in case of a consumer complaint regarding a counterfeit product.
Additionally, the draft policy seeks to mandate the following if a seller is caught selling a faulty product:
- The marketplaces shall cease to host the counterfeited product on their platform, thereby taking down every information related to the product.
- It will be mandatory for all e-commerce websites and apps to display phone numbers and email addresses for consumer grievance redressal.
- A system of acknowledgment of consumer complaints must be put in place and there should be clear timelines for their disposal. These timelines are to be displayed prominently on the website or the app.
- The first resolution to all consumer complaints must be provided within a week.