2020 is going to be a defining year for technology policy in India. We entered into this year with developments expected on several major fronts. There is the long overdue revision to the Intermediary Guidelines, the impending Personal Data Protection Bill, the Cybersecurity Policy, and a new E-commerce policy. Earlier this week, The Economic Times ran a piece stating that the draft of the E-commerce policy was imminent.
The article touched upon what the policy was going to cover, and among other things, that included a new regulator for E-commerce. Since then, we have also had reports claim that a government panel is looking at establishing a regulator for non-personal data. While we need to have regulation for both these spaces (non-personal data and e-commerce), this is the wrong way to go about it.
In the coming year and a half, we can expect a regulator for personal data, non-personal data, and for data related to e-commerce. While on the surface, these divisions seem perfectly logical, the real world is a lot more complex. Would Amazon’s source code be regulated by the regulator for non-personal data or for the e-commerce regulator? Would a breach of Snapdeal’s user base come under the DPA’s ambit or for the e-commerce regulator? In fact, Minister of Commerce, Piyush Goyal has previously claimed that localisation as an issue was going to be kept out of the e-commerce policy. However, not only is it a part of the policy, the mandate also conflicts with the Personal Data Protection Bill, 2019.
We can expect to see thousands of such conflicting issues arise in a year, and this is going to be a source for monumental redundancies. Instead of setting up three regulators around the same time (over a year and a half), it might be better to provide some breathing room for each agency to identify the scope of its work before having to deal with conflicting mandates.
Further, considering the importance data and data processing for the technology sector, data should be under the purview of the Ministry of Electronics and Information Technology (MeitY) and the Joint Parliamentary Committee (JPC) should be allowed to set the course in a consultative manner.
One other thing that took an almost disproportionate amount of space and attention was the policy’s outlook towards data itself. There are multiple points where data is going to be addressed in the new policy. For example, where data should be stored and processed, how speedily law enforcement agencies can get access to it, and whether users (or the Government) should pay private corporations for access to data.
The list above is not exhaustive and you could debate the pros and cons of each of those issues for a really long time. But the fundamental principle at the heart of all of these issues is going to be the Government’s outlook towards data itself. And that has been a subject of concern.
Over the last few years in tech policy, one thing has been clear. There is a strong tendency within the Government to view the data as a national asset, akin to say, the Indian Railways. This has been an inherent line of reasoning in multiple draft and actual policies. Former Foreign Secretary said something similar in a G20 summit last year in a G20 summit, claiming that data is a new form of wealth.
The idea broadly is that data is the new oil (an analogy that I am not a fan of). Thanks to our large population size, India generates a lot of data. Hence, that data must be protected, controlled, and utilised by Indian companies for our development.
But data is fundamentally different from wealth. In one of my conversations with Anupam Manur (economist and professor at Takshashila) when we equate something ephemeral and intangible to a physical tangible good, we tend to think of it in qualities ascribed to the latter. Therefore, we must guard our wealth, store it, etc, when none of that may apply to data. But a lot of value that is derived from data is because it is shared, and that too at lightning speeds. That’s a key reason why technology has evolved into a multi-trillion dollar global industry.
But these analogies matter and can end up dictating policy. So when a wealth-based understanding of data is coupled with a move to protect domestic E-commerce, it can be a dangerous cocktail. It is from this understanding of data that we are likely to get mandates to localise, broad provisions to access commercially useful data, and generally aspects that hurt any foreign competition.
All of this is going to be done under a guise of creating jobs, providing opportunity to the Indian e-commerce ecosystem and so on. But these are grounds that can be contested. You could make the argument that it might be better to not have localisation because data centres consume a disproportionate amount of resources without actually providing a significant number of jobs, or that where companies set up data centres should be based on market forces, or that it is better to keep our local industry competitive rather than altering the playing field in their favour.
But to validate any of these arguments, we need a coherent problem statement, options of policy alternatives, and projected outcomes. None of which have been presented to the public during any stage of the process. We do not know the reasoning that guides this process, and the data which supports this.
The upcoming draft of the e-commerce policy also talks about providing the Government the right to ‘Commercially viable/useful’ information on the grounds of not just law enforcement, but also industry development. This is a troubling position to be in. Especially since this new E-commerce policy is going to have a wide mandate. Since E-commerce is such a broad term, this is going to apply from something as fundamental as advertising, to companies like Amazon and Netflix.
At the risk of using a poor analogy, when the stakes are this high, it is not a good idea to be driving without headlights. There is every chance that the draft e-commerce policy, and the final version, are going to treat data as national wealth. It is hard to tell whether this outlook exists because data is hard to control or whether we do not understand how to use it perfectly. In either case, the need of the hour is to have publicly available cost-benefit analysis to explain why each of these decisions are taken this way. The absence of which might lead to giving up our chance to reach Digital India in a timely manner.