Amazon, Flipkart, Facebook, YouTube and other companies that store or mirror Indian users’ data overseas will be subject to periodic audit, according to a draft ecommerce policy that will soon be made public. Ecommerce companies will have to make available any data the government seeks within 72 hours or pay a penalty, according to the draft, which ET has seen.
“The focus is more on promotion of ecommerce as we have tried to distance from data localisation,” said an official, drawing a distinction with last year’s draft that sought to impose tight controls on user information being stored overseas.
The new draft policy has proposed a regulator for the sector and an ecommerce law that restricts information these firms can store, use, transfer, process and analyse. It also empowers the government to review, investigate and take action against any ecommerce activity that threatens the country’s security. Country of origin and value addition in India will have to be clearly specified by ecommerce entities for imports and exports, respectively.
The Department for Promotion of Industry and Internal Trade (DPIIT) is finalising the new draft ecommerce policy that provides for regulations on issues such as security, law and order, law enforcement, taxation and safety of individuals, to enable the government to have speedy access to data flowing on ecommerce platforms in the country, the official said.
“There is consensus on the broad contours of the draft policy but what shape it takes will be decided after it is okayed from all quarters, and then put up for public consultation,” the official added.
“For those categories of data which can be stored/ mirrored abroad, companies would have to ensure that adequate safeguards are in place at the specified data storage location through a comprehensive periodic audit,” according to the proposed policy.
As per the draft, the government, in consultation with relevant stakeholders, will define the categories of ecommerce that will require mirroring or local storage of data. It proposes to prohibit cross-border flow of information pertaining to defence, medical records, biological records, cartographic data and genome mapping without appropriate authorisation.
The draft policy made public last year had faced flak as it was data-focussed and sought to impose strict conditions on cross-border information flows and payment for and duration of data stored abroad as well as locating computing facilities within the country. It covered individual, national and sensitive data.
New Areas Covered
The new draft policy aims to bring online sellers that are currently offline and supporting them with computerisation and digital payment enablement.
In a radical change from the earlier draft, the new one proposes legislation that protects users under the age of 18 years who are unable to enter into valid contracts with their ecommerce service providers and hence at risk as they cannot enforce their rights against such companies.
As per the draft, payments made through tokens created by foreign ecommerce entities such as those providing live video streaming services will have to be channelled through the Liberalized Remittance Scheme (LRS), prepaid wallets or online payment gateways authorised by the Reserve Bank of India.
“The new regime which emerges may necessitate new insurance offerings in the country that would cover the liability of ecommerce entities,” it said.
The new draft states that individuals cannot be expected to pay companies to access their own data nor should the government be required to do so for accessing such information. The previous draft had asked whether individuals and the government should pay private corporations for such data.
Under the new draft, ecommerce includes buying, selling, marketing, distribution or providing access to goods, including digital products or services through any electronic network for a price. This can be business to consumer (B2C), business to business (B2B), ecommerce marketplaces, internet-based consumer-facing content platforms, app-based ecommerce, internet of things (IoT), connected device-based services and a combination of any of these.
“Platforms for social interaction, searching and sharing information, and providing free-of-cost services, are ecommerce entities if their revenue model involves advertising on such portal or sale, lease or otherwise allowing use of information relating to visitors collected during such service,” it said, adding that the policy shall be equally applicable to entities with foreign and domestic investments.
The earlier draft had defined ecommerce as including buying, selling, marketing or distribution of goods, including digital products and services. This could be through electronic network wherein delivery of goods, including digital products, and services may be online or through traditional banking channels of cheques, demand drafts or cash.
In both drafts, the government reserved the right to seek disclosure of source code and algorithms, and mandates all such firms to have a registered business entity in India as the importer on record or as the entity through which local sales are transacted.
“For products fulfilled by the ecommerce entity, the liability for counterfeit product shall be jointly and severally of the ecommerce entity and the seller,” it said. A grouping of industry stakeholders will be created that will be created that will identify “rogue ecommerce entities”, referring to platforms that host pirated content.
The department recommended that the government establish dedicated ecommerce export promotion cells, ecommerce export zones and a “one-stop shop” for storage (including cold storage facilities), certification, testing labs, in-house customs clearance and features to improve exports through expedited processing of export incentives, goods and services tax, income-tax incentives, input tax credit refunds and duty drawbacks.
States will be encouraged to have institutional tieups with various ecommerce players to enable exports of Indian handicrafts, it said.
Source : Financial Express