In 2020, the Indian government banned Shein along with dozens of other Chinese apps under Section 69A of the IT Act, citing national security concerns amid escalating border tensions. The message was clear: Foreign platforms that imperil Indian users’ data sovereignty have no place in the country’s digital ecosystem.
Fast forward to 2025, and Shein is staging a dramatic return — this time, hand-in-hand with Reliance Retail Ventures Limited (RRVL), one of India’s largest corporate powerhouses. Shein’s re-entry, facilitated through this domestic partnership, is being sold as an economic opportunity wrapped in a data localisation bow. RRVL will reportedly oversee all data collection, storage, and processing, ostensibly placing Shein’s compliance within the bounds of India’s evolving digital rules.
But behind the corporate gloss lies a deeper unease: Has India just walked back its principled stand on data sovereignty, without any public deliberation or legal scrutiny?
Executive Fiat as Tech Policy
When the ban on Shein was first imposed, it was described as being in the national interest by invoking Section 69A of the Information Technology Act, 2000. But the ban’s reversal has played out far from public view. The decision to allow Shein to return to India is not the result of a process recognised under the Information Technology Act, a parliamentary discussion, a structured inter-ministerial process or a judicial order. A ministerial reply in Parliament, indicating that the Ministry of Electronics and Information Technology “raised no objections” on this issue, is in sharp contrast to the way in which public discourse was shaped when the order was issued.
Compare this to the United States. There, TikTok has been at the centre of a high-stakes legislative and judicial tug-of-war. Congress held open hearings, considered operational restructuring, and passed legislation requiring a sale or ban, and there is direction from the Supreme Court of the United States measuring the free speech implications of this decision as well. Whatever its flaws, the US approach centres democratic process and public reasoning.
This raises important questions. Are we crafting long-term digital policy or merely responding to global tech volatility with short-term executive deals? And how do we differentiate between strategic national interest and corporate accommodation?
The Mirage of Localisation
India’s data protection law, the DPDPA, has yet to notify its Rules. Nonetheless, Shein’s return is being presented as a milestone for data localisation. But it’s worth asking: Does this signal a broader systemic commitment, or is it a pragmatic arrangement shaped by the current political and commercial landscape?
With Reliance positioned as the domestic partner responsible for data compliance, one might wonder whether similar pathways could emerge for other foreign platforms seeking to re-enter or expand in India. In effect, localisation is being advanced through partnership models, even as the supporting legislative framework remains incomplete. Ironically, even if the legislation framework were to be complete, it does not recognise the process adopted in this scenario.
While this may reflect strategic flexibility, it also raises questions about regulatory clarity and the role of institutional oversight. Relying on private actors to fulfill what are essentially public policy objectives introduces ambiguity about how such goals are defined, enforced, and made accountable to citizens.
What We Should Be Asking
Shein’s return offers us an opportunity — if we are willing to take it — to reflect on the future of India’s tech governance. Three critical questions emerge:
One, where is the user in all this? No market study has been commissioned to assess the impact of Shein’s ban or re-entry on consumer’s digital safety, when the grounds for banning were based on a threat to it. Don’t such processes disenfranchise citizens even further at a time when the digital citizen demands more empowerment?
Two, are executive orders replacing oversight? If bans and re-entries are governed solely through such arrangements, where is the space for public dialogue and legislative or judicial scrutiny?
Three, what precedent does this set for the market? Will the Reliance-Shein playbook become a new template for re-entry for tech giants in India? Already in a flux due to the unenforced data protection law, how will tech companies (the default modern custodians of our data and our free speech) accommodate this new re-entry point/backup in how they operate in India?
India’s digital landscape is growing not only in scale but in complexity. The decisions we make now — on data, platforms, governance — will shape the architecture of our digital future. If tech policy is to retain legitimacy, it cannot be built on opaque reversals and private assurances.
The writer is Research Fellow at Vidhi Centre for Legal Policy
