India’s Quest for Data Sovereignty Needs to Go Beyond Grandstanding Gestures

The draft of the national e-commerce policy instils little faith in the government’s progressiveness in dealing with subtle and complex issues of data governance.

The Indian government wants all of the data, but doesn’t seem to know what to do with it.

This, at least, is what the latest draft of the national e-commerce policy seems to imply. As a document to chart the government’s approach towards ‘e-commerce’ for the future, the draft policy instils little faith in the government’s preparedness and progressiveness in dealing with subtle and complex issues of data governance, and comes off as little more than grandstanding.

The fact that the proposed policy is a non-starter is apparent from its vague scope and lack of a definition over what it seeks to govern or regulate.

Most of the definitions referred to in the policy point towards ‘e-commerce’ covering the market for online goods and services a la marketplaces like Amazon or Flipkart, or digital platforms like Netflix or Spotify. The document also seeks to govern ‘the digital economy’, a vague term which seems to imply nearly all networked communications and relationships, from social media to private communication applications; user-generated content hosts to news blogs.

Indeed, the policy often veers entirely outside the realm of ‘e-commerce’, into issues of law enforcement access to information and regulation of content on social media through placing responsibility on platforms to ensure ‘genuineness’ of content – an ill-defined and potentially dangerous proposal.

In the absence of a clear definition, the draft policy is ineffective in achieving its ambition of charting “a policy framework that will enable the country to benefit from rapid digitalization of the domestic, as well as global economy.”

Also Read: As Push for Global E-Commerce Rules Gain Pace, India Starts Taking a Stand

Even where it identifies issues of concern, the policy has loopholes and contradictions, and fails to provide a comprehensive and practical solution to these issues. For example, where it speaks of regulating online marketplaces, it ignores legal conventions on intermediary liability and proposes heavy handed measures for trademark and copyright protection.

This includes making marketplaces directly liable for counterfeit goods, and creating a private industry-led mechanism for removal of content which is deemed copyright infringing, without any public oversight over the same.

Can protectionism alone achieve data sovereignty?

Perhaps the most obvious objective of the policy is its attempt to redefine the global balance of data politics.

Admittedly, developing countries, including India, have legitimate grievances about the manner in which the global digital economy has evolved. The lack of governmental or societal control over key players in the digital environment – from the practices of Silicon Valley companies that control public speech and exercise functional sovereignty over data; to the international agreements which prevent fair taxation of digital commerce – is a legitimate concern for India’s government and its people.

The draft e-commerce policy does well to note these concerns and approach the issue of data taking into account its political economy. The policy notes that the economic value of non-personalised data should be thought of as a community asset and utilised for the public benefit, preferring an approach where such data is held in ‘public trust’ by the government, instead of by ‘non-Indians’. Commendable as this approach is, there are a two major problems with the manner in which this is articulated in the draft policy.

First, the policy fails to address how such data would be governed or utilised for the public benefit, and whether it entails a form of nationalisation, which it seems to vaguely suggest. The government’s approach to achieving ‘data sovereignty’ is still fixated on data localisation and restrictions on cross-border flows of data – essentially, requiring ‘data’ to be physically stored in servers located in India. Yet, apart from claiming that building server farms can increase job creation, it is unclear whether localisation is a necessary or sufficient condition for genuine data sovereignty.

The government needs to give more thought before encouraging a tactic which raises concerns of ‘Balkanising’ the internet and issues of cyber security and data protection, at least without considering alternative approaches. Moreover, the policy fails to address other, more fundamental flaws in the manner in which data governance takes place in India – from methodological flaws in data collection at all levels of government, to issues with the use and promotion of open data by the government – which are equally critical to ensuring that data can be utilised as a public good.

Second, the policy equates the public interest in ‘community data’ with domestic commercial interests, without outlining genuinely beneficial use cases for community data. While the draft policy sends a clear message of prioritising the use of data for domestic companies over foreign ones, it fails to probe whether this is the most beneficial manner in which community data can be utilised.

Commuters are reflected on an advertisement of Reliance Industries' Jio telecoms unit, at a bus stop in Mumbai, India, February 21, 2017. Credit: Reuters/Shailesh Andrade

It proceeds on the assumption that Reliance Jio, say, is more likely to empower Indians through the use of data than Google. Credit: Reuters/Shailesh Andrade

It proceeds on the assumption that Reliance Jio, say, is more likely to empower Indians through the use of data than Google. This is aptly clear in the way the policy privileges the use of data held by foreign companies for domestic companies through compulsory data sharing, or in the use by domestic companies of ‘community data’ held in IoT devices.  

Also Read: Will India’s Draft E-commerce Policy Help Give it a Firmer Stand in WTO Talks?

In doing so, it fails to articulate any practical applications of community data by domestic companies or otherwise, while distancing the government from its own obligation to use data for improved governance, apart from using speciously defined buzzwords like ‘Artificial Intelligence’. The protectionist bent is apparent even in cases where similar regulatory conditions should logically apply to domestic companies, for example, in transparency and fairness requirements for ‘e-commerce marketplaces’.

In the absence of strong reasoning, the e-commerce policy comes of as grandstanding and strong-arming global technology giants to protect the interests of domestic capital, and not a genuine measure for forward-looking governance of data or e-commerce.

Overall, the policy is not too dissimilar from its previous iteration, which was leaked and subsequently withdrawn after significant criticism. There is still time to go back to the drawing board and meaningfully articulate how e-commerce and the data economy can be made genuinely beneficial to the Indian public.

Divij Joshi is a research fellow at the Vidhi Centre for Legal Policy, Bengaluru.