The Policy Wrap is ADIF’s weekly newsletter on all things policy in the Indus Valley Ecosystem and beyond. Share your feedback and comments with us at amanat@adif.in.

Data Protection 

United States’ National Trade Estimate (NTE) Report terms India’s Data Protection Bill as a trade barrier

According to the 2022 National Trade Estimate Report on Foreign Trade Barriers (NTE Report), India’s upcoming Data Protection Bill (DPB) is a significant barrier to exports of goods and services, foreign direct investment (FDI), and electronic commerce (e-commerce) in key export markets for the United States of America. 

In particular, it finds that data localisation requirements could “serve as significant barriers to digital trade between the US and India,” impacting a wide range of bilateral goods and services. It also highlights the conditions on the cross-border transfer of sensitive personal data and critical personal data as “onerous”.

Further, the requirements could raise costs for service suppliers that store and process data outside India “by forcing the construction or use of unnecessary, redundant local data centers” in India, potentially serving as market access barriers, especially for smaller firms.

The report also highlights that “in the absence of standalone trade secret legislation, there is little recourse for firms in the event of misappropriation of their sensitive information. These provisions would undermine the ability of foreign firms to supply many services to Indian consumers on a cross-border basis and would not increase the protection of personal information.”

Referring to the Non-Personal Data Governance Framework released by the Committee of Experts constituted by the Ministry of Electronics and IT (MeitY), it states that the framework would “impose burdensome requirements on domestic and foreign firms, including requests for mandatory data sharing, administrative obligations, and extending consent obligations to anonymised data. Additionally, these mandatory data sharing requirements may affect copyrighted content, patent, and trade secret protection.”

The full report can be accessed here.

ServiceNow opens two data centres in India to cater to strong customer growth

Software-as-a-service (SaaS) company ServiceNow has announced the opening of data centres in Mumbai and Bangalore to cater to strong demand from its Indian customers and meet their local data residency preferences. This comes as the government is proposing mandatory storing and processing of certain types of user data, collected by both Indian and foreign companies, in data centres within the country's borders. 

Arun Balasubramanian, managing director of India and the SAARC region highlighted that “India is a top growth market for ServiceNow and we are seeing larger local organisations partnering with us to benefit from the power of our platform to drive their digital transformation need … ServiceNow is committed to manage data locally and meet India’s data protection and sovereignty standards." 

Key highlights of the India-United Kingdom Free Trade Agreement (FTA)

Since January, India and the United Kingdom have completed two rounds of trade negotiations – where the lack of legislation on data protection and an e-commerce policy is being seen as a limiting factor. However, deliberations are set to continue. 

Commenting on the issue, Pradeep S. Mehta, secretary-general, CUTS International, said that “India does not have a comprehensive data protection legislation yet, and has proposed data localization. The draft law provides excessive powers to the government, including an exemption to its agencies from the law (enforcement) and requires companies to provide non-personal data that they possess, without judicial oversight." 

Kevin McCole, managing director, UK India Business Council, added that “If the UK and India can have an alignment of data regulations, it could improve trade relations and a strong investment chapter will also be a positive. This is one of our key asks when we made our submission to both governments."

Appstore Ecosystem 

South Korean regulator says that Google’s billing policy violates law

South Korea’s regulator on network and IT services said that it has reached the conclusion that Google’s new payment policy violates the Korean law that prohibits app store operators from forcing app developers to use in-app payment systems.

Based on its conclusion, the Korea Communications Commission will make a final ruling on whether Google’s new billing system is against the law after reviewing related cases based on the levels of coercion and unfairness. The regulator will also later decide on possible sanctions. 

Under the law, Google could face a fine of up to 50 million Won ($41,000) if it does not submit the documents required by the KCC. The global IT giant could also be penalized with a fine equivalent to 0.2% of its daily sales if it does not comply with orders from the Korean regulator.

Cryptocurrency

United Kingdom government plans to turn nation into a global crypto-asset technology hub

The United Kingdom unveiled a detailed strategy to harness the power of cryptocurrency assets and blockchain technology to ease the process of making payments for customers.

A key part of these plans includes issuing a non-fungible token (NFT) to signal its commitment to a "forward-looking approach" to cryptocurrency technology and investment.

Competition Commission of India (CCI)

CCI findings on Google’s billing system for app developers

The Competition Commission of India (CCI), through its probe, has found that Google’s billing system for app developers is “unfair and discriminatory.” In its preliminary report last month, the competition regulator also highlighted that “Google’s conduct is also resulting in denial of market access to competing UPI apps since the market for UPI enabled digital payment apps is multi-sided, and the network effects will lead to a situation where Google Pay’s competitors will be completely excluded from the market in the long run.” 

Startup ecosystem 

Fintechs remain uncertain about implementing PPI interoperability

A majority of fintech players are uncertain about the level of compliance with the Reserve Bank of India’s interoperability mandate for all full-KYC wallets and prepaid payment instruments (PPIs) even as the deadline to implement it expired. The interoperability mandate announced last year, also increased the permitted limit of balance to Rs 2 lakh from Rs 1 lakh while allowing cash withdrawals from full-KYC non-bank wallets. This technically makes wallets similar to bank accounts in terms of services.

Mehul Mistry, Global Head-Strategy, Digital Financial Services & Partnerships, Wibmo, A PayU Company, stated that “Fintech companies issuing wallets, meal vouchers and acquiring merchants are playing in a semi-closed ecosystem. They are able to charge merchant discount rates (MDR) from them. The moment they make such instruments interoperable especially for cards and wallets, this will automatically involve card networks like Visa and Mastercard or NPCI for UPI. Since payment rails like UPI has zero MDR, and if the fintech player has to follow this, it will impact their revenue significantly.”

Op-Ed Highlights: Global principles must guide messaging interoperability 

Rahul Matthan in an op-ed for Livemint highlights that a key regulatory area of focus for the Digital Markets Act is around ‘interoperability’. By enforcing mandatory interoperability through the Digital Markets Act, European regulators are attempting to loosen the stranglehold of dominant platforms over their customer base in order to at least give smaller companies in adjacent fields a chance to survive.

He also observes that as with all policy choices, there are trade-offs implicit in the decision to enforce mandatory interoperability obligations. While its absence results in customer lock-in, affecting consumer choice and the overall competitiveness of the market, insisting on it makes it hard for messaging services to guarantee the privacy of communication. Moreover, it is also important to note that policy trade-offs are a reflection of national priorities.

Therefore, it is important for all countries of the world to come together to establish common policy principles that they can all agree to implement and then impose on global technology platforms. Until we do this, decisions about what should or should not be done in navigating these complex trade-offs will remain in the hands of the biggest global tech companies.

Government Schemes/Initiatives/Announcements

Testing & Certification of Telecom Products get total exemption of testing and certification fees for their products

To support and encourage the ecosystem for Start-ups and MSMEs in Telecom and related ICT sector, the Telecommunication Engineering Centre (TEC), the technical body under the Department of Telecommunications (DOT) has incentivized the Department for Promotion of Industry and Internal Trade (DPIIT) registered start-ups and registered MSMEs for Testing & Certification of Telecom Products under Voluntary Certification Scheme of TEC by the total exemption of testing & certification fees for their products. This exemption is valid for a period of 5 years and it will also benefit women entrepreneur enterprises.

With inputs from The Quantum Hub.