‘Negative List’ For Cross-Border Data Transfer In Works: MoS IT

‘Negative List’ For Cross-Border Data Transfer In Works: MoS IT

SUMMARY

The government is set to include the change in the upcoming draft Digital Personal Data Protection Bill (DPDP Bill), 2022

The government will have the right to restrict certain geographies and will decide the criteria for restriction: MoS IT Rajeev Chandrasekhar

The draft Digital Personal Data Protection Bill (DPDP Bill), 2022, included provisions for cross-border data transfer

The Centre might notify a ‘negative list’ or a list of disapproved countries, with the government blocking cross-border data transfer to these countries. The government is set to include the change in the upcoming draft Digital Personal Data Protection Bill (DPDP Bill), 2022.

The Minister of State for Electronics and IT, Rajeev Chandrasekhar, told ET that cross-border data flow will be enabled to countries by default. However, the government would block that channel in case the receiving country is on the negative list.

It is prudent to note that the government had already created the idea of trusted geographies in the draft DPDP Bill. In the draft bill, a ‘whitelist’ of countries would have been identified, and the Centre would have allowed cross-border data transfer to these countries by default.

Under Chapter 4 of special provisions in the current draft of the draft DPDP Bill, clause 17 under “Transfer of personal data outside India”, reads, “The Central Government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a Data Fiduciary may transfer personal data, in accordance with such terms and conditions as may be specified.”

The Personal Data Protection Bill has also provided some exemptions to cross-border data transfer, including arbitrations, government interests, research purposes and more.

However, following the consultations on the matter, the consensus is for India to have a ‘default mode’ for cross-border data flow, with some countries on the negative list.

“The government will have the right to restrict certain geographies and will decide the criteria for restriction,” Chandrasekhar said. This allows the government to create a ‘blacklist’ of countries to restrict cross-border data transfer to those countries.

Industry experts think notifying a ‘restricted’ list of countries is a more practical approach. Further, data privacy consultants think that adopting the approach would be more business-friendly.

However, earlier this year, the likes of Jio, Airtel and Paytm opposed the government’s move to include cross-border data transfer in the draft DPDP Bill.

According to these companies, the transfer of data will mean that India’s law enforcement agencies will face difficulties in accessing the data of Indian citizens if it is processed by an overseas telco or a tech company based out of India.

The draft Digital Personal Data Protection Bill, 2022, introduced after the government scrapped the Data Protection Bill in August 2022, has come under intense scrutiny due to certain provisions that give the government huge oversight over certain aspects.

For one, the government has introduced the concept of ‘deemed consent’ in situations which include ‘national security’, without defining what national security meant. This could leave individuals vulnerable to government surveillance.

Industry bodies and experts have also sounded the alarm.

The Consumer Unity & Trust Society (CUTS) International stated late last year that the draft skipped the clause of ‘Right to Privacy’ in its preamble. Thereby, the Bill will provide unrestrained powers to the government since the data protection board will likely be directly in control of the government.

The draft has provided several clauses including the imposition of fines, the set of cross-border data flow, the reduction in compliance burden, the government’s liability in the event of data breaches and more.

Yet, in consensus, most experts, critics and industry bodies have called the Bill ‘vague’, since several parts of the draft Digital Personal Data Protection Bill carry the phrase ‘as may be prescribed’.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

‘Negative List’ For Cross-Border Data Transfer In Works: MoS IT-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

‘Negative List’ For Cross-Border Data Transfer In Works: MoS IT-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

‘Negative List’ For Cross-Border Data Transfer In Works: MoS IT-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

‘Negative List’ For Cross-Border Data Transfer In Works: MoS IT-Inc42 Media
‘Negative List’ For Cross-Border Data Transfer In Works: MoS IT-Inc42 Media
You’re in Good company