Following the ‘data is oil’ argument often used by businesses, the latest e-commerce policy draft focuses on different aspects of data localisation, while also seeking to establish data as an economic resource, said experts
The government has made its intent to regulate and keep specified data within Indian shores in the draft which the department for promotion of industry and internal trade (DPIIT) issued on Saturday.
According to the draft, the aim is “to streamline protection of personal data and empower the users/consumers to have control over the data they generate and own”.
“Data in economic terms is an ungoverned area. One aspect is the civil and political rights part which relates to privacy. The other is that data is a basic resource in the digital economy. The draft policy only deals with data as an economic resource,” said Parminder Jeet Singh, executive director at Bengaluru-based IT for Change, a non-government entity working on the societal impact of technology.
The draft lays down the conditions under which the government plans to regulate cross-border data flow, while enabling sharing of anonymised community data.
“Data collected for public purposes, for example the collecting of data for smart traffic management by government agencies, should not have to be bought from entities like Uber. They should hand it over because it is for public good,” said Singh.
The policy exempts certain categories from the restrictions on cross-border data flow. Such as data not collected in India, business-to-business data sent to India as part of a commercial contract between a foreign and Indian business entity, and software and cloud computing services involving technology-related data flow which have no personal or community implications.
“From a data perspective, I don’t think the policy will solve the data localisation problem in a significant way. There is no watertight world in data,” said Sanchit Vir Gogia, founder and chief executive of Greyhound Research.
Sector experts have argued against data localisation in the past, since the cost and resources for setting up local infrastructure will lead to business getting costlier for smaller firms and start-ups.
“Instead of a policy to promote e-commerce, DIPP (DPIIT’s earlier nomencalture) has come out with a policy on how to nationalise e-commerce and take control over our data. The message is clear — the Indian tech sector is open only for domestic firms to do business. Unfortunately, it will put India’s growth on the back foot, including some of this government’s key campaigns regarding ‘Digital India’ and promoting start-ups. Some of the stated policies on government controlling data, linking local policies to World Trade Organization negotiations and an overall big-brother attitude towards the industry is worrisome,” said Pratibha Jain, partner at law firm Nishith Desai Associates.
In what is likely to be a controversial move, the policy also asks for the government to be able to access source codes and algorithms of artificial intelligence (AI)-based systems.
“The issue of sharing a source code will be controversial, given that this is the Intellectual Property for a product company,” said Gogia.
Singh from IT for Change disagreed. “Earlier, software was a very small part of our life. If regulators don’t have access to these codes, they won’t be able to determine if fair practices are being used. The Volkswagen emissions scandal, for example, required a look at how the software was tweaked.
The anti-competition concerns can be addressed by using escrow accounts. The explainability of AI, for instance, is important,” he argued.