Up until 2018, one would have been hard-pressed to identify whether India had any coherent intent regarding its technology policy. There were question marks on where the government stood with respect to a range of issues — data protection, cross-border data flows, AI, encryption, fintech, and e-commerce. With the coming of the draft e-commerce policy, the good news halfway through 2019 is that India does seem to have a definite plan for all of these pillars of technology. The broader question is: what does this mean for stakeholders across the ecosystem and for India’s digital aspirations?
The draft policy has a lot to say about consumer/citizen data. A lot of which has been mentioned in policies before this one. Data is a national asset, but does that mean it has to be controlled by the state? This question is more relevant now than ever. India does not currently have a data protection law in place. There also isn’t a due process of law for data disclosure. The policy says that data should be stored locally. This is in line with the personal data protection bill and RBI’s directive.
Maybe the plan is that localisation will help transform our digital infrastructure. Across the three policies, there is no roadmap to suggest how localisation will be achieved or why it’s needed (apart from unfettered supervisory access, as stated in the RBI notification). Let’s say that the directive does help build digital infrastructure in India. It will not make India a data centre hub, because of our electricity, bandwidth, and water deficiencies. If the plan is to overcome these deficiencies, there is no course of action attached to it. Storage is not the same as access. People own data. Fiduciaries get access to it by consent. Just because a data centre is located in India may not mean the data belongs to the state. So, the rights to insights generated will stay with fiduciaries as well. If the policy’s plan is to take us to a Digital India, it is unclear how these directives shape the road to it.
Another condition from previous policies is the requirement that operating e-commerce platforms must have a registered business entity in India. The amendments to the intermediary liability guidelines followed the same tone. There are two broad concerns stemming out of this. Firstly, implementation. How do you track that every e-commerce vendor has a business entity in India? The policy suggests nothing in terms of implementation. Second, how do you punish platforms violating the rule? Do you have them removed from the app/play store. What if Google and Apple don’t comply? In which place, why do it in the first place?
Secondly, who are the winners and losers of this measure? The broad answer to this is: foreign e-commerce platforms — specifically, medium to small e-commerce platforms who might not be able to afford to set up registered business entities. At the same time, it is a win for small and medium enterprises at home. They now have lesser competition. They are also enabled through the simplification of export regulation and the raised ceiling on export goods. This makes it relatively easier to look for markets abroad by reducing costs. At the same time, it closes the gifting route for foreign companies to export to India. Bigger foreign companies have the means to comply with the directive, even though it might take a while to adjust organisational structure. This likely means lack of competition for domestic Indian firms. Making it harder for foreign e-commerce firms to compete is somewhat of a theme here.
Ultimately, the draft e-commerce policy leaves us with more questions than answers. Firstly, is there a direct link between localisation and the quest for access to data? Why localise in the first place? If there are objectives behind it, how is localisation part of the roadmap to getting there? Also, how does the government plan to crack down on platforms that do not have the financial resources to have an office in India? Will the administration identify and penalise every foreign player on the app/play stores? While answers to these questions remain unclear, one thing that the draft e-commerce policy does resolve is the perceived absence of cohesive intent. The list of questions and regulations discussed above is by no means exhaustive. There are other components — marketplace models, anti-counterfeiting measures, source code of for advertisements, and so on. The bottom line, however, is that it would now be misleading to say that the Indian government does not have a vision in tech policy. It is one step forward from our late 2017 vision.―The Hindu