The draft e-commerce policy focusses more on data privacy and access than on e-commerce. Not only does it call for the housing of data centres and server farms locally, but it also seeks government access to source code and algorithms of artificial intelligence (AI) systems.
It bars sharing Indian users' sensitive data with third parties even with users' consent and talks of creating a legal and technological framework to restrict cross-border data flow. The new rules once again highlight India's hard stance on data localisation after the draft Personal Data Protection Bill and the Reserve Bank of India's directive last year to payments companies to store all data locally.
Data misuse is a major concern but forced localisation and seeking access to data on the pretext of security and privacy are equally unfair. Instead, the government should incentivise global firms to come, locate, and process their data locally. One can only hope that the actual regulation will consider this.