The government can, through orders, restrict cross-border data transfer to countries, entities or persons due to national security, sovereignty or privacy concerns, the draft rules of the Digital Personal Data Protection (DPDP) Act says.
The rules will apply to both Indian and global companies. The draft rules were released on January 3 for consultation, and the government is accepting feedback till February 18.
Rule 14 of the draft rules specifically say that the data transfer to any territory outside India will be subjected to general or special orders of the Central government, "in respect of making such personal data available to any foreign State, or to any person or entity under the control of or any agency of such a State".
This means that the rules empower the Central government to regulate or restrict the transfer of personal data.
While, Rule 14, does not specify on what basis or based on which concerns the government may give such orders, Sec 17(2) of the DPDP Act allows the government to impose restrictions based on concerns on sovereignty, security of State etc.
Rule 14 of the rules thus provides flexibility for the government to impose conditions or prohibit transfers to countries through notifications or orders, without predefining a list of blacklisted countries.
This read with the Sec 16 of the DPDP Act, empowers the government when it comes to imposing restrictions on cross-border data transfer. " The Central Government may, by notification, restrict the transfer of personal data by a Data Fiduciary for processing to such country or territory outside India as may be so notified," the DPDP Act says.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
