Issues in the Draft National E-commerce Policy

Why in news?

Union government has released Draft National e-Commerce policy with a two-week response deadline ending on March 9.

What are the rulings on data privacy in India?

• In 2018 Supreme Court recognized the ‘Right to Privacy’ as a fundamental right, it underscored the need for a balance between data regulation and individual privacy with an emphasis on protecting the autonomy of the individual.
• The apex court urged the state to put into place a robust regime for data privacy, while acknowledging that there could be several reasons for data mining by the State, such as the implementation of welfare schemes, prevention and investigation of crime and protection of revenue.
• It is recognized that the data which the state collects have to be utilized for legitimate purposes of the state and ought not to be utilized in an unauthorized way for extraneous purposes.

What are the highlights of committee reports on data protection?

• The Supreme Court noted in its order that the union government had constituted a committee chaired by Justice BN Srikrishna (Retd.), to review data protection norms in the country and to make its recommendations.
• The committee submitted its report on July 27, 2018 along with a draft of the Personal Data Protection Bill, 2018.
• The Bill recognizes the ‘personal’ nature of data, allows processing of data by fiduciaries if consent is provided and only recognizes five exceptions to this rule, as follows

1. Where processing is necessary for the state to discharge welfare functions.
2. In compliance with the law or with court orders in India.
3. When necessitated by the requirement for prompt action (medical emergencies, breakdown of law and order, etc.).
4. In employment contracts, in limited situations (such, as where giving the consent requires an unreasonable effort for the employer).
5. Other reasonable purposes such as prevention and detection of any unlawful activity including fraud, whistle blowing, network and information security, etc. provided safeguards to ensure the protection of the rights of data principals are laid down.

What is the new draft e-Commerce policy about?

• Draft National e-Commerce policy discusses the ownership of data in rather alarming terms.
• It states that data about a group of individuals and derivatives from it, is the collective property of the group.
• It is described as “a national asset, that the government holds in trust, but rights to which can be permitted”.

What are the concerns with the policy?

• The policy fails to distinguish between irreversibly anonymized data which ceases to fall within the definition of personal data and personal data, and treats all of it as one whole.
• It furnishes no basis for making a case for “collective” ownership of all data in the form of a ‘societal commons’, nor treating it is a ‘national resource’ or ‘collective resource’ that the ‘government holds in trust’.
• The dangers of treating data as property owned by the state and commercially licensed to those who seek to mine it cannot be emphasized enough.
• The policy also contradicts the July 16 recommendations on Privacy, Security and Ownership of the Data in the Telecom Sector issued by TRAI, which accurately notes that “the individual must be the primary right holder qua his/her data.
• The policy disregards the TRAI recommendations by reclassifying data as a collective resource.

Source: Business Line