Cross Border Data Protection and E-Commerce
There has been a consistent increase in e-commerce transactions all across the world and India is not an exception to it. These transactions generate huge amount of data. Such data involves personal as well as the financial data like bank account details. E-commerce industry in India has presence of foreign enterprises like Amazon, e-bay etc. It is a genuine concern for a developing country like India to regulate the cross border data flows with a balanced approach towards the issue. A balance between the privacy of individuals and economic concerns of the stakeholders involved. The Department for Promotion of Industry and Internal Trade released a draft e-commerce policy to address the issue of data protection along with other issues relating to e-commerce. The policy terms data as a new oil and emphasizes upon the need to prevent misuse and regulate the data flows. It places a restriction upon the cross border data flows, seeks to nationalise data and rest the control in hands of the government to utilise the economic benefit derived for the larger public benefit. The draft policy may be termed as extremely protectionist in nature. The method of data localisation adopted to achieve the objective of the policy, suffers from major deficiencies. The cost and risks of hacking involved in local storage of data has been overlooked by the policy. Another aspect of the policy, which favours domestic enterprises over the foreign counterparts is devoid of reasons and may be a ground of challenge under the WTO Agreement for discriminating between local and foreign enterprises. The draft e-commerce policy has been formulated to regulate the e-commerce sector, but has widened its scope by inclusion of an unidentified term like ‘digital economy’ which may include all others aspect relating to information technology like cloud computing services, internet service providers etc. These aspects form a separate field altogether and cannot be regulated along with the e-commerce. The policy must define its scope with clarity so as to avoid uncertainty.