A draft e-commerce policy wants online retailers such as Amazon.com, search engines like Google and social media platforms to locally store data generated by users in India, with the government having access to such data for national security and public policy objective.
According to the 19-page draft policy, "a level playing field needs to be provided to domestic players by ensuring that foreign websites involved in e-commerce transactions from India also follow the same rules, including procedures for payment systems, such as two-factor authentication, as in case of domestic companies".
The draft policy recommends strengthening regulatory vigilance for payments system, curbing discounts in online retail and a single legislation to encompass all aspects of e-commerce with a single regulator to govern the industry.
The draft has been criticised in some quarters, prompting the commerce ministry to tweet on Saturday that "another round of consultation with stakeholders" will be done to address their concerns. "We would like to discuss and consider the inputs from all stakeholders on the upcoming draft-e-commerce Policy," Commerce Minister Suresh Prabhu had tweeted on August 11.
Stating that data is the oil of the digital economy, the draft policy said that communication over mobile phones using mobile applications and other real-time exchanges, not only generates a vast array of data, including physical location, financial details, and consumer preference but also creates a dynamic profile of the individual user.
"The individual's profile can be used for a variety of commercial purposes, such as precision marketing, targeted advertisements, and creditworthiness assessment. The history of browsing and search by consumers also generates rich information on consumer preferences and, at times, their potential purchasing power.
"By tracking the search history, online retail websites are able to target consumers with tailor-made marketing content. Data generated by activity in one area can provide a competitive edge for a new business in another area," it said, adding that access to data has emerged as one of the main determinants of success of an enterprise in the digital economy.
The draft wants "data generated by users in India from various sources including e-commerce platforms, social media, search engines etc" to be "stored exclusively in India and suitable framework developed for sharing the data within the country".
Such data should be shared with startups, meeting the stipulated criteria. "The Government would have access to data stored in India for national security and public policy objectives subject to rules related to privacy, consent etc," it said.
The draft policy also calls for setting up of a Central Consumer Protection Authority (CCPA) that will register all domestic and foreign e-commerce operators and provide a forum for consumers to registered unresolved complaints.
A law/regulation to govern unsolicited commercial e-mails will be framed, it said, adding the legal redressal mechanism for consumer complaints would be made more effective by assessing the feasibility of establishing e-consumer courts.
"The grounds for seeking disclosure of source code to the government would be expanded to include situations of unfair trade practice, fraud, and compliance with domestic regulatory requirements," it said.