India's draft e-com policy wants to restrict data flow

The draft of India’s soon-to-be-released e-commerce policy has called for creating a legal and technological framework to restrict cross-border data flow from specified sources like data generated by users in India on e-retail platforms and social media. It has also suggested fixing a three year duration for the industry to adjust to the data storage needs.

Steps would be initiated to develop capacity for data storage in the country and the available data storage infrastructure would be assessed, a news agency reported citing the draft.

The framework would also provide a basis for sharing the data collected by Internet of Things (IoT) devices with domestic entities for use in research and development for public policy purposes.

A business entity that collects or processes any sensitive data in India and stores it abroad shall have to adhere to certain conditions, it said.

All such data stored abroad shall not be made available to a third party, for any purpose, even if the customer gives his consent, and also it shall not be made available to a foreign government, without the prior permission of Indian authorities, according to the draft.

The draft also said that restrictions on cross-border flows of data shall not apply to data that is not collected in India, business-to-business data sent to India as part of a commercial contract between a business entity located outside India and an Indian business entity, software and cloud computing services involving technology-related data flows.

It added that suitable framework will be developed for sharing of community data that serves larger public interest—subject to addressing privacy-related issues—with start-ups and firms.

E-commerce companies Amazon and Walmart-backed Flipkart have said they are reviewing the draft policy and will share their inputs on the proposals in due course.