You are browsing > Events >
GSC Statement on The Indian Draft National e-Commerce Policy2019-03-08
GSC Statement on The Indian Draft National e-Commerce Policy
March 8, 2019
The Global Services Coalition (GSC) represents the services sector in Coalition member economies on issues of international trade and investment. We write to offer views on certain aspects of the Indian Department for the Promotion of Industry and Internal Trade (DPIIT) Draft National e-Commerce Policy, particularly its proposals for mandatory data localisation requirements. In the short time during which the Policy has been open for consultation (closing 9 March 2019) the GSC has not been able to consider all aspects of the Policy. This consultation response therefore addresses those aspects that are most relevant to GSC members as India’s trade partners, given their implications for trade in services generally.
The Draft National e-Commerce Policy is comprehensive in scope, covering data (including data privacy and data movement); e-commerce marketplaces; regulatory issues (including competition regulation and consumer protection); stimulation of the domestic digital economy; and export promotion. While noting the case that is made for a comprehensive policy, the GSC would question whether entirely new policy departures are needed in regulatory areas such as competition and consumer protection. It might be preferable to build on existing regulatory safeguards, adapting them as necessary to cater for the changes brought by greater prevalence of e-commerce. Such an approach would offer greater predictability and ease of doing business for India’s global trade and investment partners, facilitating international business and inward investment.
To the extent that new policy departures need to be made, it would be valuable for the relationship between the Draft Policy and other policies to be explained as fully as possible. There are, for instance, adjacent areas of policy in process of formation that appear to overlap with the Draft Policy, such as the upcoming Indian Personal Data Protection Bill (which could itself be amended during its passage). There also appear to be areas where the Draft Policy may be incomplete: for example, “sensitive” data appears to be undefined despite extensive requirements as to how it should be treated. The GSC would value clarifications on such points.
At a global level, all economic sectors rely increasingly on mobile technology, internet platforms and digitally enabled services. This has made cross-border data flows the lifeblood of global trade and investment. Data flows are the building blocks of technological advances such as cloud computing, the Internet of Things, Artificial Intelligence and the rapidly evolving services and technologies of the Fourth Industrial Revolution. It is for this reason that the GSC is concerned above all with the Policy’s proposed restrictions on data movement. GSC members of course acknowledge the challenges of rapidly increasing data flows, and recognise that it is essential to ensure appropriate data security and effective protection of personal data. However, the GSC believes that these legitimate public policy objectives can and should be achieved without impeding cross-border data flows, and that any exceptions should be non-discriminatory in their operation, and comply with the General Agreement on Trade in Services (GATS) Articles XIV and XIV bis.
The GSC would like to draw attention to a number of the Policy’s features. The first of these is the Policy’s apparent implication (Executive Summary, page 6) that cross-border flows of data (including, seemingly, data on Indian data-subjects that is held outside India) would be regulated, and only permitted in defined circumstances. This appears to be a very restrictive approach, not followed by most other countries, and indeed could be at odds with the provisions on cross-border data flows proposed in the Indian Personal Data Protection Bill. It also appears to rely on nationality as the criterion for how data is treated, although as far as the GSC is aware data rules in most jurisdictions apply over geographic regions and are based on legal establishment, rather than nationalities of individuals whose data is being collected. If nationality is indeed the criterion, this would appear likely to lead to the risk that businesses and service providers attempting to comply with the Draft Policy could not know or verify the nationality of data without having to collect additional data from their customers and users, with further risks to their privacy and security.
The GSC would also highlight the description (page 10) of the planned World Trade Organisation (WTO) negotiations on e-Commerce as “intended to create binding obligations on all the WTO member countries, including India.” The GSC would submit that this is not so: the WTO negotiations are expressly designed to produce a voluntary, plurilateral agreement. In addition, the Draft Policy confines its discussion of these negotiations to the question of making permanent the WTO moratorium on imposing customs duties on electronic transmissions. That is however only one of many e-commerce issues potentially coming within the WTO negotiations. The GSC would encourage the Draft Policy to take broader account of the concepts that could form part of this important WTO initiative. As for the moratorium, the GSC acknowledges the challenges posed by digital trade in an era of additive manufacturing and digital printing, but would suggest that the maintenance of a trade-friendly regime for electronic transmissions, as enshrined in the moratorium, is vital for the future of international services trade, in which India has a significant stake.
The GSC also notes the statement (page 10) that “policy space must be retained to seek disclosure of source code for facilitating transfer of technology and development of applications for local needs as well as for security”: this has the potential to bear down on inward investment in services, including the important field of FinTech-based investment in India. The same applies to the further statements (page 10) that “policy space to grant preferential treatment of digital products created within India must also be retained” and the suggestion (page 14) that “the data of a country is best thought of as a collective resource, a national asset, that the government holds in trust, but rights to which can be permitted”. While acknowledging the viewpoint expressed in these statements, the GSC notes that, depending on how they are interpreted and used, they are likely to be viewed as protectionist in tone, giving the government a very broad role in determining access to data (possibly via compulsory licensing) and therefore of concern to India’s trade partners.
The GSC would also point to the implications of the strategies outlined in page 16 of the Policy. A legal and technological framework is set out that would permit the introduction of restrictions on data flows, and the sharing of data with domestic companies, while seeming to forbid the sharing of any sensitive data with business entities outside India, even with customer consent, including for third party processing. There are also stipulations (pages 20 and 27) that a local presence in India would be required for all businesses handling Indian data. While the Policy goes on (page 17) to clarify helpfully the areas in which restrictions on cross-border flows of data would not apply, it would be easy for investors to conclude that the Policy as a whole would lean heavily towards localisation of data and the prevention of cross-border data movement and data processing. Urgent clarification that this is not the intention would be welcomed.
The GSC would also welcome clarification of certain potential effects of the Draft Policy. For instance, as the proposed rules appear capable of applying to all personal data processed within India, could they in fact cover personal data collected from residents of foreign jurisdictions and sent to India for processing? Any uncertainty over this can be expected to impact negatively on the competitiveness and future innovation and growth prospects of India’s own outsourcing industry as well as on Indian businesses’ own investments in commercial presence in offshore markets. And, as many organisations outside India rely on Indian-based companies to process foreign personal data, could the application of Indian privacy rules to the processing of such data in India impose an added layer of regulation, discouraging the use of Indian-based service providers? The GSC suggests that there should be a review of the Draft Policy to allow comparison with the international regulatory standards agreements to which India has committed. Otherwise, in the case of many highly regulated industries, the Draft Policy could carry a strong potential risk of placing businesses in a conflict of laws situation between their home and host supervisors. The Draft Policy could be clarified, with such potential effects in mind.
All in all, the GSC would suggest that the Government of India need not rely on data localisation requirements to address its data privacy and security concerns. For example, the APEC Cross-Border Privacy Rules provide a useful voluntary set of privacy principles that can guide data protection practices and procedures. Major global markets with large digital footprints such as Australia, Japan and Singapore also have a wide range of legal processes to govern cross-border data transfers such as accountability, binding corporate rules, contractual clauses, and consent.
GSC members recognise the importance and growth of the Indian market and its potential to become a vibrant digital hub. We therefore strongly urge that the Draft National e-Commerce Policy is reviewed so that, when implemented, it does not lead to the unnecessary costs and potential adverse impacts of data localisation measures for all businesses, including India’s own exporting sector.
The GSC stands ready to engage in further exchanges with the Indian Department for the Promotion of Industry and Internal Trade, and is at the Department’s disposal for any questions that the Department may wish to put.