top of page

Data Protection And Cross-Border Data Transfer




Priyadharsani Indra R, Vinayaka Mission's Law School


ABSTRACT


India’s Digital Personal Data Protection Act, 2023 (DPDPA), along with the proposed rules for 2025, is the country’s first complete law to protect personal data and regulate how data can be shared with other countries. Under Section 16 of the Act, personal data can usually be transferred outside India unless the Central Government specifically restricts certain countries or entities. This means India follows a more open system, where transfers are allowed unless they are clearly blocked. The draft rules give more clarity, especially for organizations known as Significant Data Fiduciaries (SDFs). These are large or important data handlers. The government, with the help of experts, can identify certain types of sensitive personal data that need stronger protection. For such data, SDFs may have to take permission before sending it abroad or ensure that foreign governments cannot easily access it.


Even though the law generally allows data to move freely, some sectors still follow stricter rules. For example, the Reserve Bank of India1 requires payment data to be stored within India, and the Insurance Regulatory and Development Authority has similar rules for insurance data. This creates a mixed system, where some data can move freely while some must stay within the country.


This approach creates a few challenges. It may be difficult for businesses to clearly understand and follow the rules. It could also affect innovation and increase compliance costs. Compared to the European Union’s GDPR, which uses clear standards and structured methods for data transfers, India’s system gives more power to the government to decide.


As India moves towards full implementation of the law, it is important to maintain a balance. The country must protect people’s privacy and national interests while also supporting business growth and technology development. Clear rules, transparency in decisions, and better guidance on international data transfers will help reduce confusion and support smooth global data flow.



 
 

Indian Journal of Law and Legal Research

Abbreviation: IJLLR

ISSN: 2582-8878

Website: www.ijllr.com

Accessibility: Open Access

License: Creative Commons 4.0

Submit Manuscript: Click here

Licensing: 

 

All research articles published in The Indian Journal of Law and Legal Research are fully open access. i.e. immediately freely available to read, download and share. Articles are published under the terms of a Creative Commons license which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

 

Disclaimer:

The opinions expressed in this publication are those of the authors. They do not purport to reflect the opinions or views of the IJLLR or its members. The designations employed in this publication and the presentation of material therein do not imply the expression of any opinion whatsoever on the part of the IJLLR.

bottom of page