Upcoming E-Commerce Policy To Sidestep Personal Data Protection And Data Usage Regulations

New Delhi, Sept 26 (KNN) The National e-Commerce Policy will avoid addressing concerns related to the protection of personal data and will refrain from setting any regulations regarding the utilization of data within the thriving sector, reported Financial Express citing an official familiar with the final drafting of the policy.

As per reports, the policy would not provide for a separate e-commerce regulator either.

An earlier draft of the policy that was released in 2019 had devoted considerable attention to how data collected by e-commerce companies should be allowed to be used.

It had emphasised that an individual consumer who generates data retains ownership rights over his or her data. It had also said that processing of such data by corporations without explicit consent must be dealt with sternly.

These data-related portions have been excluded from the policy, as the Digital Personal Data Protection (DPDP) Act, which was passed by Parliament during the monsoon session, grants users control over their data and establishes explicit boundaries on the usage of personal data.

Under the Act, personal data can be stored in any geography, barring the ones that are in the restricted list. The Act brings within its ambit processing of data outside India in connection with providing goods and services within India.

So all conditions on usage of data generated by Indians while using e-commerce platforms would apply also to companies that process data outside India, the sources explained.

The earlier e-commerce policy draft had also suggested a list of conditions that an e-commerce player should be made to follow in case they store data abroad.

Among conditions listed then were the data should not be shared with third parties and foreign governments. These provisions also haven’t found mention in the final draft, the sources said.

The DPDP Act also empowers the government to restrict transfer of personal data by e-commerce companies to any other country which may be notified in due course.

“The (e-commerce) companies will have to comply with the DPDP. We are not covering the data protection part of it in our policy,” the official said.

Another pillar of the policy will be consumer protection. Updated rules for this would be issued under the Consumer Protection Act of 2019. Already, there are Consumer Protection (e-Commerce) Rules.

The policy would seek to clearly identify different modes of e-commerce models – marketplace or inventory-based model. Other areas that policy would address is development of digital infrastructure, regulatory issues, stimulating digital economy and export promotion through e-commerce.

After the policy is approved the rules will be notified by the Department of Consumer Affairs.  (KNN Bureau)