For Amazon and Flipkart, India's efforts to keep data local could force major changes. The policy calls for more local data centers and server farms, as well as for ways to control how data moves between countries. The policy also outlines a mandate that e-commerce data shared abroad be available to Indian officials whenever it is requested.

"Electronic commerce and data are emerging as key enablers and critical determinants of India's growth and economic development," the policy says, adding that the changes are part of the country's efforts to "realize the potential of the electronic commerce sector."

This policy is not the first of its kind. Last year, global payment companies like MasterCard, Visa and AMEX were required to store transactions made in India on local servers. As Reuters reports, just a couple months ago, Amazon.com Inc and Flipkart were forced to restructure their Indian operations after the country changed regulations governing direct investment in e-commerce.

The policy also calls attention to businesses profiting from user data, saying "the importance of data ownership must not be undermined." Per the policy, users retain ownership of data they generate, and the "processing of such data by corporations without explicit consent must be dealt with sternly." What could that mean for companies like those found to be sharing sensitive data with Facebook?