The Department for Promotion of Industry and Internal Trade (DPIIT) is giving finishing touches to the policy aimed to protect citizens but not disrupt business, people in the know of the development, said.
“A few changes are being made and then the draft would be opened up for industry feedback. The policy is likely to be finalised by May,” said one person, adding that there is aneed for a regulator for the sector.
The department is examining the Personal Data Protection (PDP) Bill and aspects of non-personal data before it comes out with a policy on e-commerce. The PDP Bill relates to privacy data while a committee of experts under Kris Gopalakrishnan is looking into non-personal data.
The e-commerce policy will be aligned with these issues. “Data mandate is with the ministry of electronics and information technology (Meity). The policy will look at e-commerce only, even the aspect of cross border data flows,” the person said.
The policy will look at cross border data flows with respect to protecting sensitive data and India’s citizens. Each line ministry will decide what is sensitive for them. PDP defines what is sensitive from privacy perspective and spells out a framework for handling of personal data.