The Indian government can impose restrictions on cross-border data transfers to foreign nations, entities, or individuals based on concerns related to national security, sovereignty, or privacy, as per the draft rules of the Digital Personal Data Protection (DPDP) Act. These draft rules, released on January 3, are open for public consultation until February 18.
While the explicit Rule 14 of the draft has said that the transfer of data to a territory outside India will be governed by general or special orders by the Central government, it forbids making available personal data to any foreign state, or any person, or entity under the control of a foreign state.
While Rule 14 does not carry the criteria for such restrictions, Section 17(2) of the DPDP Act allows the government to impose restrictions on the ground of sovereignty and national security or other critical concerns. The aforesaid provision empowers the government to restrict or prohibit the transfer at its discretion.
The rules provide flexibility to the government on issuing notifications or orders for disallowing the transfer of data to countries or entities where it deems fit, and this without providing any pre-fixed list of restricted countries. It allows adaptability to changing requirements of national interest.
The government can also notify restrictions on data processing by Data Fiduciaries under Section 16 of the Act, adding another layer of control concerning cross-border transfers. The draft rules will help strengthen India’s data protection framework and in the improvement that equally addresses global and domestic concerns over privacy and data security.
Do you have a news tip for Lakshmishree reporters? Please email us at media@lakshmishree.com
Source: Moneycontrol
News Desk
