On 23rd February, 2019, the Department for Promotion of Industry and Internal Trade (“the DPIIT”) released the Draft National E-Commerce Policy (“the Draft Policy”) with the objective to help stakeholders fully benefit from opportunities arising from the progressive digitization of the domestic digital economy.
The Draft Policy addresses a wide range of subjects such as – data protection and ownership; data localization; foreign investment; tax; competition law; intellectual property and intermediary liability. Thus, this policy document reads more like a ‘digital economy’ policy rather than an ‘e-commerce’ policy.
To illustrate the wide ambit of the Draft Policy, we have listed a few questions, which may also serve as a ready reckoner on key issues covered by this policy document. The questions are as follows:
Which subjects does the Draft Policy touch upon?
Apart from addressing issues around e-commerce, the Draft Policy addresses subjects such as data sovereignty, cross-border flow of data, intellectual property, intermediary liability, FDI, tax and competition law.
Can the DPIIT issue a policy on such a wide range of subjects?
As per the Government of India (Allocation of Business) Rules, 1961, the DPIIT can issue policies on matters related to e-commerce, general industrial policy, intellectual property and FDI. But, the Draft Policy goes beyond that remit and delineates policy on data protection, cross-border flow of data and intermediary liability, which are subjects falling under the aegis of the Ministry of Electronics and Information Technology (“MeitY”). MeitY through various public consultations has already addressed issues around these subjects.
What does the Draft Policy say on data sovereignty?
The Draft Policy treats data like oil and other natural resources. It emphasises the importance of protecting data, prevent its misuse and regulate its processing. The policy argues that the data of a country is a collective resource and a national asset, which the government holds in trust, rights to which may be permitted. The document compares data to a resource like a coal mine or telecom spectrum. The policy doesn’t mention how this intersects with the Justice BN Srikrishna Committee Report or the Draft Personal Data Protection Bill, 2018 on the subject of data ownership and sovereignty.
Does the Draft Policy impose restrictions on cross-border data flow?
Yes, the Draft Policy argues that without imposing restrictions on cross-border data flow, India would not be able to create high-value digital products locally. Domestic companies will merely be processing outsourced data, if not for data localisation. According the policy document, data localisation will also lead to job creation.
What about ‘Intermediary Liability’? Does the e-commerce policy comment on that as well?
Yes, the Draft Policy, while recognizing the importance of ‘social media’, states that such organizations have an increasing ‘social responsibility’. It argues that content posted on social media and similar websites cannot be compromised and these platforms must ensure the genuineness of any information posted on their websites.
Does the policy address counterfeit goods/ piracy on e-commerce platforms?
Yes, the Draft Policy gives trade mark owners the right to delist products from e-commerce sites if they are uploaded without their prior concurrence. This may affect transactions such as second-hand sales. The policy also places a requirement on marketplaces to take down counterfeit products at the behest of customers. As per the current jurisprudence on the subject only right holders may demand for product takedowns. For copyrighted content, the policy requires ‘intermediaries’ to put in place measures to prevent online dissemination of pirated content. These issues have been recently addressed as part of a public consultation conducted by MeitY on the publication of the Draft Intermediaries Guidelines (Amendment) Rules, 2018.
Does the policy address artificial intelligence and algorithmic transparency?
To ensure algorithmic transparency and AI explainability, the policy document has suggested that the Government should have a right to seek disclosure of source code and algorithms. The document states that a balance needs to be struck between commercial interests and consumer protection.
Does the Draft Policy disregard customer consent?
Yes and No. While the policy recognizes that data ownership rests with individuals and processing of such data cannot be done without the owner’s explicit consent, it also seeks to bar the sharing of sensitive data by business entities with third parties ‘even with customer consent’. The policy does not explain how this is in consonance with the Supreme Court’s judgment in the case of Justice K.S. Puttaswamy (Retd.) & Anr. v. Union of India & Ors. [W.P. (C) No. 494 of 2012] or the Draft Personal Data Protection Bill, 2018.
Doesn’t the Draft Personal Data Protection Bill, 2018, cover most of these topics such as data ownership, data localization, anonymisation, etc.?
Yes, a number of the subject matters addressed by the Draft Policy have been already discussed in detail by the Justice BN Srikrishna Committee and covered under the Draft Personal Data Protection Bill, 2018. Relevant stakeholders have given their comments to MeitY on the Bill and its contents, covering topics such as data localisation, anonymisation and data ownership.
Does the Draft Policy make arguments already being considered by MeitY under the public consultation on the Draft Intermediaries Guidelines (Amendment) Rules, 2018?
Yes, issues around intermediary liability and content regulation have been addressed in detail during the recently concluded public consultation conducted by MeitY on the Draft Intermediaries Guidelines (Amendment) Rules, 2018. It is unclear from the policy document whether MeitY was consulted by DPIIT in the drafting the policy.
2Justice KS Puttaswamy v. Union of India [WP (Civil) No. 494 of 2012] –