Skip to content
Schedule a Call
Call Now

Cross Border Data Transfers under the Digital Personal Data Protection Bill, 2022

Article by Tsaaro

7 min read

Introduction    

A few of the important elements of the recently updated data protection Bill include easing cross-border data flows, increasing penalties for data breaches and non-compliance, and enabling the government to exclude state institutions from the legislation for the sake of national security.   

Three months after the government retracted an earlier version that had drawn criticism from Big Tech and other segments of civil society, the new draft version was published on the 18th of November 2022. The updated draft, now known as The Digital Personal Data Protection Bill, 2022, includes clauses on “purpose limitations” for data collection, specific grounds for collecting and processing personal data, fines ranging from Rs 50 crore to Rs 500 crore, and a Data Protection Board acting as the adjudicating body to carry out Bill’s provisions.   

The draft is available for public comment until December 17; the final version is anticipated to be introduced during Parliament’s budget session the following year.   

In contrast to the contentious necessity of local storage of data inside India’s geography in the previous Bill, the latest draft makes major allowances for cross-border data transfers. The Central Government will notify areas in due time where Indians’ data may be transmitted, according to the new draft.  

 

Data Localisation   

Data protection laws often require controllers to satisfy special requirements when transferring personal data cross-border.   

For example, the General Data Protection Regulation (GDPR) requires organizations to ensure that transfers of personal data to a country or territory outside the EEA (third country) or an international organization comply with the conditions set out in Chapter 5 of the GDPR (Article 44, GDPR).    

Data localization or data residency laws mandate that information on a country’s inhabitants or citizens be gathered, processed, and/or maintained domestically, frequently before being transmitted overseas. Such information is often only shared after complying with regional privacy or data protection regulations, which may include notifying the user of the information’s intended purpose and gaining their agreement.   

The idea of data sovereignty, which limits some data kinds to those covered by the rules that apply to data subjects or processors, is the foundation for data localization. Data localization takes a step further by demanding that initial collection, processing, and storage occur inside the national boundaries, whereas data sovereignty may just require that records concerning a nation’s inhabitants or residents abide by its personal or financial data processing regulations. In rare situations, it may be necessary to erase data on a nation’s inhabitants or citizens from other systems before doing so in the country where the data subject resides.   

Data Localisation in Other Nations  

The General Data Protection Regulation (GDPR) of the European Union (EU), which sets restrictions on the free movement of data impacting all EU member states, is one of the most significant pieces of legislation on data flows.   

An “Adequacy Decision” process is part of the GDPR and it governs international transfers of personal data. So long as the European Commission has determined that the third country of data destination offers a sufficient level of privacy protection (there are presently 12 countries on the “adequate” list), personal data transfers to another country outside the European Union are permitted.  

The GDPR states that only when an acceptable degree of protection is provided or when safeguards are in place to ensure the level of protection is roughly similar to that now given inside the EU, can personal data transfers to another country outside the EU be made. These protections come in the form of certifications, binding corporate rules (BCRs), codes of conduct, standard contractual clauses (SCCs), and other legally binding documents.   

The GDPR permits data controllers to rely on specific derogations for cross-border data transfers in the event of a data transfer to a non-adequate country and the absence of safeguards. These exceptions can only be used in certain circumstances to send data to a foreign nation.  

When collecting personal information from a data subject, data controllers are required under the GDPR to inform them of any cross-border data transfers they plan to make and to provide the following information:  

  

  1. whether the Commission has made an adequacy decision or not, or  
  2. Referencing the necessary or adequate safeguards, how to receive a copy of them or the locations where they are available in the case of transfers based on derogations or appropriate precautions.  

 

If the data controller plans to use the personal data for a reason other than the one for which it was originally obtained, it is required to inform the data subject of that other purpose and any pertinent information before that further processing. The GDPR’s transparency requirements must typically be met by the data controller.  

  

China, on the other hand, mandates localization of all “essential data” about “vital information infrastructure.” In a similar vein, Russia mandates that all personal information about its inhabitants be kept domestically. Different strategies have been used by various nations. The US mandates that all defense-related data be kept domestically. Indonesia, on the other hand, mandates the localization of all information about governmental services.   

  

The New Provisions  

By dividing the data into several categories according to its nature, such as sensitive or critical, the earlier suggested regulations were said to better secure the residents’ personal information. Businesses were mandated to keep a copy of certain “sensitive personal data” of Indian individuals, such as financial and health information, in India under the previous Bill, and exporting vaguely defined “critical” personal data was forbidden. Additionally, the previous Bill gave the Central government the authority to designate any personal information as “critical personal data” that must be processed only in India. It was one of the most important complaints highlighted by tech businesses, with companies like Meta stating that it would affect its services in India.  

The government had been asked to approve the cross-border transmission of data by the Asia Internet Coalition, a lobbying organization that speaks for Meta, Google, Amazon, and several other internet companies. In a letter to the IT ministry earlier this year, they stated that cross-border transfer decisions should be free from executive or political involvement, and should ideally be minimally controlled. The organization had claimed that limiting cross-border data flows would likely lead to increased rates of company failure, hurdles for start-ups, and more expensive product offers from established market participants. In the end, the aforementioned regulations will have an impact on digital inclusion, Indian customers’ access to a genuinely global internet, and the caliber of services.   

The draft permits cross-border interactions of data with “certain notified countries and territories,” in a move that is seen as a win for tech companies.   

“The Central Government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a Data Fiduciary may transfer personal data, following such terms and conditions as may be specified,” the draft says, without naming the countries.   

Users will have the right to update and erase the personal data that businesses have on them, and companies will be obligated to stop keeping user data if it no longer serves the commercial purpose for which it was gathered.   

Experts’ View   

Experts and analysts have noted that the Bill takes a rather accommodative stance on the need for data localization and allows data flow to specific international locations depending on specified predetermined evaluations. Instead of being forced to build extensive infrastructure in India for the storage and processing of personal data, this is expected to encourage country-to-country trade agreements and make it comparatively easy for multinational corporations to operate and process data with their present set-up.   

Conclusion    

By easing regulations and allowing cross-border data transfers, it would be interesting to see which countries the central government notifies and the rules it lays down for the transfer, storage, and processing of data. While it is certainly advantageous for the Multi-National Corporations carrying out businesses in India, eased data localization regulations should not mean that the personal data of citizens are exploited and safeguards should be placed, complying with principles of data protection, to ensure that the companies do not misuse the collected data.   

We at Tsaaro are conscious of the compliance, unavoidable risk of exploitation and misuse of operational, confidential data that comes along with such involvement and the importance of working with compliance for a firm to run properly. Get in touch with us at info@tsaaro.com If you want to run an audit of your consent practices, check out our Regulatory Compliance Service, and Schedule a call with our experts by clicking here. Take the first step towards a secure your organization’s data by scheduling a call with our privacy expert team at Tsaaro Solutions today.

1,196 thoughts on “Cross Border Data Transfers under the Digital Personal Data Protection Bill, 2022”

  2. Houston to Galveston Shuttles

    Houston to Galveston shuttle services offer a range of options, such as luxury and private cars. Travelers can pick black car, corporate, express VIP, or cruise shuttle services for group transportation or special events, with airport and cruise transfers available for added convenience.

  3. party bus rentals in miami

    Discover the perfect party bus rental in Miami, FL, for your next event. Explore a variety of options for party buses in Miami, Florida, ensuring a memorable and convenient transportation experience tailored to your needs.

  5. Shuttle Bus Services Annapolis

    Choose our bus service in Annapolis, Maryland, for unparalleled transportation options. From charter bus service Annapolis Maryland to shuttle bus services Annapolis, we offer comprehensive group transportation Annapolis, including wedding transportation Annapolis, airport transfer Annapolis, and motor coach bus rental Annapolis.

  9. Limo Service Hamilton to Pearson

    Airport Limo Hamilton is your premier choice for luxury transportation in the Hamilton area. We offer a wide range of limo services, including airport transfers, corporate events, and special occasions. Our fleet of well-maintained limousines and professional chauffeurs ensure a comfortable and reliable journey. Whether you’re heading to Toronto Pearson International Airport (YYZ), Billy Bishop Toronto City Airport (YTZ), or any other destination, our Hamilton to Toronto airport limo service has you covered.

  10. London ON airport transfer

    Experience top-notch London Ontario airport taxi with our London ON airport transfer and YXU taxi service. Enjoy the comfort of our London Ontario airport shuttle and airport cab London Ontario. Secure your taxi to London Ontario airport for an easy travel experience!

  14. Houston Airport Shuttle Service

    Houston Airport Shuttle delivers reliable Houston VIP Shuttle services, covering both IAH and Hobby airports. Their Houston Shuttle Service includes home pickups, round trips, and a free shuttle from IAH to Hobby, ensuring hassle-free transportation.

  15. transportation msp to rochester

    Choose our car service MSP to Rochester, MN, for a smooth journey. We provide transportation from Minneapolis Airport to Rochester, MN, and chauffeur service from Minneapolis to Rochester. Trust our reliable Minneapolis car service to Rochester, MN, for your travel needs.

  16. PDX Airport Shuttle

    Get seamless PDX Airport Shuttle services, available 24/7 for your convenience. Choose our affordable Portland Airport Shuttle for private or large group travel. Experience top-notch PDX Airport Shuttle Service near you with reliable and comfortable transportation options.

  17. Corporate Chauffeur London

    Experience seamless travel with London Chauffeur Service, offering a range of premium options including Luxury Chauffeur Car Hire, London Airport Transfers, and Corporate Chauffeur London. From Wedding Chauffeur Hire to VIP Car Service, our Professional Driver Services guarantee comfort and reliability.

  18. Professional Chauffeur Service

    Gabriel Chauffeurs offers premium London Chauffeur Service, providing Private Chauffeur Services London with Luxury Car Hire. We specialize in VIP Transport, Airport Transfers, Wedding Car Hire, and London City Tours, ensuring Executive, Corporate, and Professional Chauffeur Services for all occasions.

  19. Limousine VIP Winnipeg

    Experience the finest VIP Limousine Winnipeg has to offer with our affordable limousine rentals. Choose from luxury stretch limousines for weddings, corporate events, or parties. Enjoy premium chauffeur service with the best Winnipeg Limo Rentals and VIP Limousine Services.

  20. John Wayne Airport Shuttle Service

    Book your John Wayne Airport Transfer Shuttle today! Our efficient John Wayne Airport Shuttle Service connects you to Los Angeles, Orange, Riverside, and San Bernardino Counties, offering rides from Ontario, Montclair, and La Verne to the airport and beyond.

  21. Dubai Limousine Service Rates

    We maintain proper safety equipments for car hire in Dubai. The initial task is to deeply vacuum the entire interior to remove and remove dirt, sand, dust, hair and all dirt, both on carpets and on seat upholstery. Rubber mats, the easiest to clean, should be removed to wash with water – and soap

  50. Burton Hice

    I like what you guys are up also. Such smart work and reporting! Keep up the superb works guys I have incorporated you guys to my blogroll. I think it’ll improve the value of my website 🙂

  220. Group Transportation Houston to Galveston

    Experience hassle-free travel with our Group Transportation Houston to Galveston. We offer reliable shuttle services from Hobby and George Bush Airports, Downtown Houston, and The Woodlands. Perfect for cruise groups, our transportation ensures everyone arrives comfortably and on time.

  235. Burlington Airport Shuttle Service

    Discover exceptional Airport Shuttle & Transfer Services in Burlington. We provide top-notch Limo and Taxi services from Burlington to Toronto Pearson Airport and Niagara Falls. Our 24/7 executive limo transfers ensure smooth rides, whether traveling to Buffalo Airport or returning from Pearson to Burlington.

  236. Chicago bus tours

    Experience convenience with our Charter Bus Services in Chicago. From group tours to corporate events, we offer spacious coaches and professional drivers for your comfort. Trust us for reliable and efficient transportation solutions in Chicago.

  239. Minneapolis airport limo service

    Travel to MSP with ease using our Minneapolis airport car service. Offering a fleet that includes black cars, limos, SUVs, and shuttles, we provide timely, private transportation that ensures your comfort. Whether for work or leisure, count on our professional service for a smooth, reliable airport journey.

  244. Taxi from Dubai Airport to JBR Hotels

    Book your Dubai Airport to Hotel Transfer for a seamless journey to Atlantis The Palm. Options include Dubai Airport Taxi to Hotel, Private Transfer from Dubai Airport to Hotel, and Dubai Airport Shuttle to City Center Hotels, designed for comfort, luxury, and affordability.

  245. Same Day Washer Dryer Repair Chicago

    For reliable Washer Dryer Repair Chicago, choose our expert Chicago Washer Dryer Repair Service. We offer same day and affordable washer dryer repairs across various locations, including Naperville, Evanston, and Oak Park. Trust our skilled Chicago IL washer dryer technicians for the best service.

  384. humor

    I beloved up to you’ll receive carried out proper here. The comic strip is tasteful, your authored material stylish. nonetheless, you command get bought an shakiness over that you want be handing over the following. sick no doubt come further earlier once more as exactly the similar nearly very steadily inside of case you defend this increase.

  394. dpmvzyhzv

    Antes de aventurar-se no empreendimento de ganhar dinheiro com poker online e saber quanto ganha um jogador de poker online, é importante que saiba um pouco mais sobre as incríveis vantagens e benefícios dessa atividade. Essa é uma característica marcante que faz com que a empresa seja considerada uma das melhores casas de apostas online atualmente – e que também está presente no seu aplicativo. Há variações do jogo como Texas Hold’em, Omaha, Stud, além de outras. E uma vez que você aprende as regras principais, consegue jogar em qualquer outra variação do poker online. Você também pode aprender a jogar poker online por meio de tutoriais online e mesas de prática. Sim, \u00e9 poss\u00edvel ganhar dinheiro no poker online. Primeiro voc\u00ea precisa conhecer a sequ\u00eancia das m\u00e3os de poker e aprender as regras de poker b\u00e1sicas da modalidade que deseja jogar. No entanto, para ganhar dinheiro no poker de forma consistente, voc\u00ea precisa estudar a estrat\u00e9gia do jogo e aprimorar suas habilidades. Mas todo mundo pode ganhar dinheiro no poker, at\u00e9 mesmo os iniciantes, e \u00e9 esse um dos motivos pelos quais o poker atrai tantos novos jogadores.
    https://wool-wiki.win/index.php?title=Jogos_de_casino_a_dinheiro_real
    O poker é um jogo de azar, por mais que haja estratégia envolvida. E, como qualquer jogo, deve ser jogado com responsabilidade. Mantenha seu entretenimento online saudável e use as ferramentas disponíveis nos cassinos online para isso. Defina limites de tempo e de depósito antes de começar a jogar. Nunca aposte mais do que pode perder e nem veja o poker online valendo dinheiro real como uma fonte de renda. In reality, the only real tall urban centers it didn’t brings a visibility inside had been the us, France, Chicken plus the Netherlands. Thread away, the place provides lured the brand new display of modern-go out Blofelds. Philip Eco-friendly has been a regular from the Les Ambassadeurs within the the earlier, apparently effective (and you may losing) hundreds of thousands in to the every night.

  977. Courthouse Runner

    hello there and thank you on your information – I’ve definitely picked up something new from right here. I did however expertise some technical issues using this web site, as I skilled to reload the website a lot of times prior to I may get it to load correctly. I were wondering in case your web host is OK? Now not that I am complaining, but sluggish loading cases times will often have an effect on your placement in google and could harm your high quality rating if advertising and ***********|advertising|advertising|advertising and *********** with Adwords. Anyway I am including this RSS to my email and could look out for much extra of your respective exciting content. Make sure you replace this once more soon..

  1171. carnival rio de janeiro

    A person essentially assist to make seriously posts I might state. That is the very first time I frequented your website page and up to now? I amazed with the research you made to create this particular put up extraordinary. Magnificent process!

Leave a Reply

Your email address will not be published. Required fields are marked *

Eu Ai act
First Rules of the EU AI Act Come into Effect: What Does it Mean?
Tsaaro Consulting

First Rules of the EU AI Act Come into Effect: What Does it Mean?

The evolving digital landscape in the 21st century have placed a challenge for governments and organizations as they attempt to …

March 7, 2025
Digital Personal Data Protection (DPDP) Act
Exemptions Under the Digital Personal Data Protection (DPDP) Act, 2023  
Tsaaro Consulting

Exemptions Under the Digital Personal Data Protection (DPDP) Act, 2023  

Introduction  The Digital Personal Data Protection (DPDP) Act, 2023, and the Digital Personal Data Protection Rules, 2025 establish a comprehensive …

February 27, 2025
cybersecurity,
WHAT DRIVES CYBERSECURITY: A COMPREHENSIVE OVERVIEW 
Tsaaro Consulting

WHAT DRIVES CYBERSECURITY: A COMPREHENSIVE OVERVIEW 

In today’s interconnected world, cybersecurity plays a crucial role in protecting our digital lives. From protecting personal data to safeguarding …

February 21, 2025
Transfer Impact Assessments
Understand Transfer Impact Assessments: Insights from CNIL’s Practical Guide 
Tsaaro Consulting

Understand Transfer Impact Assessments: Insights from CNIL’s Practical Guide 

Introduction  A Transfer Impact Assessment (TIA) is a critical evaluation conducted under the General Data Protection Regulation (GDPR) to assess …

February 20, 2025
Draft DPDP Rules
The DPDP Act, 2023 and the Draft DPDP Rules, 2025: What Do They Mean for India’s AI Start-Ups?
Tsaaro Consulting

The DPDP Act, 2023 and the Draft DPDP Rules, 2025: What Do They Mean for India’s AI Start-Ups?

Introduction The Digital Personal Data Protection Act (DPDPA), 2023 and the Draft DPDP Rules, 2025 have ushered in a new …

February 12, 2025
Recent Comments

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them

© 2024 Tsaaro Consulting. All rights reserved.
Linkedin Instagram Youtube

About Tsaaro

Resources

Other Links

Tsaaro Netherlands Office

Regus Schiphol Rijk Beech Avenue 54-62, Het Poortgebouw, Amsterdam, 1119 PW, Netherlands

Tsaaro Pune Office

Tech Centre, Rajiv Gandhi Infotech Park, Hinjewadi, Pune, Maharashtra

Tsaaro Noida Office

302, Tower C, ATS Bouquet, Noida Sector – 132, Uttar Pradesh, India

Tsaaro Bengaluru Office I

Manyata, Embassy Business Park, Outer Ring Road, Bengaluru, Karnataka

Tsaaro Bengaluru Office II

Second State, CMH Road, Indiranagar, Bengaluru, Karnataka

Call Our Experts:

+91 95577 22103

small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png

We’d love to help your organization achieve your Data Protection goals!

Schedule a complimentary consultation with our Team of Experts.