By A.A. Ansari, 9.9 Insights

The Draft National E-commerce Policy released by Department of Promotion of Industry and Internal Trade (DPIIT) is currently under discussion and open for stakeholder comments (until March 29, 2019). The policy places an overtly large focus on data and situates e-commerce within the broader context of the digital economy.

Several clauses of the policy have ramifications for not just e-commerce companies but also search engines, social media companies, payment service providers, cloud storage and cloud computing companies, email service providers, and even IoT devices. Due to its implications on almost all facets of the internet ecosystem, it is worth examining: Why does an ‘e-commerce’ policy have such a wide scope and what is it actually seeking to achieve?

The policy’s disproportionate focus on data – Is it a case of India’s WTO compulsions casting a long shadow on the domestic e-commerce policy?

The policy’s priority being ‘data’ is made clear by the subheading on the cover page: “India’s Data for India’s Development”. The notion that data is the most important consideration for India’s e-commerce ambitions and objectives seems to be a residue from an earlier version of the Draft E-commerce Policy that found itself in the public domain in July 2018. WTO discussions had forced the development of this policy in 2018, with the DoC pushing this focus in its initial draft. At the WTO, a group comprising of both developed and developing nations (called Friends of E-commerce for Development) wanted India to join the discussions on e-commerce. This lobby supported a free and open internet, prohibition of digital custom duties, enabling cross border data flows, and restrictions on mandatory data localization norms being mulled over by some nations at that time.

However, India did not budge from its stand and refused to allow the discussions on e-commerce to be a part of the WTO negotiations. In the aftermath of the WTO push, it became imperative for India to define its position on e-commerce and hence, DoC was given the responsibility to draft a national e-commerce policy. While the trigger of this policy was the developments at the WTO, it evolved into something much larger due to the prevailing e-commerce landscape in the country. The subsequent consultation conducted by the DoC left out several ‘foreign’ large e-commerce and internet companies. The exclusion of these companies from the consultations were again motivated by the WTO trigger. The resulting draft which found its way in the public domain in July 30, 2018, was heavily criticized due to its protectionist tone and tenor. What was even more concerning was that this document deviated from the Justice Sri Krishna Committee recommendations on data protection and privacy and sought to define new regulations for data governance in e-commerce. Owing to the heavy criticism, the draft was seemingly shelved and the onus of drafting the e-commerce policy was passed on to the Department of Industrial Policy and Promotion (DIPP) – later renamed as DPIIT.

The DPIIT Draft National E-commerce Policy – is it a step forward from the 2018 version?

Not really. While the government has made a genuine attempt to explain its thinking and position, a closer reading of the policy shows that “the protectionist” perspective of the previous document has found its way into the latest iteration of the policy. Several clauses of the earlier draft that received significant criticism are included almost verbatim in the new policy. Some of these are described in the table below:

Issue Clause: DPIIT Draft DNEP 2019 Clause: Draft DNEP 2018
Restrictions on cross border data flow beyond e-commerce, i.e. on IoT devices, search engines, social media companies

Criticism: Policy overreach; inconsistent with the Draft Data Protection Bill

1.1: A legal and technological framework to be created that can provide the basis for imposing restrictions on cross-border data flow from the following specified sources:

a) Data collected by IoT devices installed in public space; and

  • b) Data generated by users in India by various sources, including e-commerce platforms, social media, search engines etc.

The legal and technological framework would also provide basis for sharing the data collected by IoT devices under (a) above with domestic entities for use in research and development for public policy purposes.

2.3: However, the following categories of data would be required to be stored exclusively in India and suitable framework developed for sharing the data within the country (this would be guided by ongoing exercises, including the forthcoming Report of the Justice Srikrishna Committee):  

  • Community data collected by IoT devices in public space; and
  • Data generated by users in India from various sources including e-commerce platforms, social media, search engines etc. The creation of innovative digital products within India would be promoted, including by fast tracking work on National Encryption Policy
Mandatory sharing of data with start-ups

Criticism: Anti-competitive; conflicting with the Draft Data Protection Bill and Justice Srikrishna Committee recommendations

1.4: Suitable framework will be developed for sharing of community data that serves larger public interest (subject to addressing privacy-related issues) with start-ups and firms. The larger public interest or public good is an evolving concept. The implementation of this shall be undertaken by a ‘data authority’ to be established for this purpose. 2.3: The development of cutting-edge and innovative technologies in India would be promoted by ensuring access to data through the following:

  • The Government would have access to data stored in India for national security and public policy objectives subject to rules related to privacy, consent etc.
  • Data stored in India should be shared with start-ups meeting the stipulated criteria (turnover of Rs.50 crore etc.)  
  • At the request of the consumer, data generated by her in India through various channels, including e-commerce platforms, social media, search engines etc., would be allowed to be portable amongst platforms in India.  
Right to seek disclosure of source code

Criticism: Anti-competitive, will stifle innovation

4.10: In continuation, it is also important for the Government to reserve its right to seek disclosure of source code and algorithms…. 4.9: The grounds for seeking disclosure of source code to government would be expanded to include situations of unfair trade practice, fraud and compliance with domestic regulatory requirements

4.10 The policy space to seek disclosure of source code would be retained, by not taking any commitments on this issue in international trade negotiations.

Indicative mandatory data localization

Criticism: increased cost of operation for start-ups; conflicting with the Draft Data Protection Bill

2.2 …A time-frame would be put in place for the transition to data storage within the country. A period of three years would be given to allow industry to adjust to the data storage requirement… 2.1 ….There could be, say a 2-year, sunset period for industry to adjust before localization becomes mandatory…

 

This indicates that the draft of the e-commerce policy formulated by the DoC in 2018 continues to cast a long shadow on this new draft released by the DPIIT. Since the trigger for the 2018 policy was the WTO discussions, it is worth asking whether such an objective should continue to define the policy for a high-growth sector like e-commerce. Furthermore, many issues described above, particularly relating to cross-border data flow and sharing have already been discussed by the Justice Sri Krishna Committee under the Draft Data Protection Bill. The consultation process adopted by the committee has been hailed for being extremely transparent with the committee report clearly outlining the rationale for the provisions of the bill. Understandably, it is confusing why the DPIIT is rethinking some of these provisions and being inconsistent with the committee’s recommendations on certain aspects.

The need for a new baseline

With the elections on the horizon, the consultation on the policy is unlikely to reach a conclusion in the next two months. However, it is imperative that the DPIIT utilize this downtime to engage on a wider debate and consultation to reexamine India’s objectives for the e-commerce sector.

At the outset, any sound public policy addresses the most basic question – who should be at the center of the policy or what should be the prime objective of the policy? Quite often, a government finds itself managing competing objectives to answer this basic question. A good policy will find a way to manage these competing interests and objectives, while still finding a way to prioritize the growth of the sector.

Applying the above principle on e-commerce, it is worth asking who or what should be at the center of India’s e-commerce policy. E-commerce is not just a sector but an ecosystem. Data is only one part of the ecosystem but characterising it as the most important one could be counterproductive to the growth of the sector.

Furthermore, while it is essential for the government to have an international position on e-commerce, the domestic policy on e-commerce should not be solely governed by these considerations. Therefore, the policymakers should look to define new baselines that balance the interest of the consumers, suppliers, online vendors, e-commerce companies, and other players in the value chain. The policy should be developed over these baselines and the government must focus to maximise the benefits of e-commerce to the Indian economy – how can the policy boost domestic manufacturing, create more jobs, enable growth of e-commerce, and ensure equitable reach of digital services in the country? A policy developed without explicitly seeking to realize this objective is bound to produce suboptimal outcomes.