No change likely in DPDP rules on data storage, cross-border data transfers | Current Affairs | Vision IAS

Daily News Summary

Get concise and efficient summaries of key articles from prominent newspapers. Our daily news digest ensures quick reading and easy understanding, helping you stay informed about important events and developments without spending hours going through full articles. Perfect for focused and timely updates.

News Summary

Sun Mon Tue Wed Thu Fri Sat

No change likely in DPDP rules on data storage, cross-border data transfers

3 min read

Data Storage and Cross-Border Data Transfer Norms

The government of India is unlikely to make any changes to the data storage and cross-border data transfer norms prescribed in the draft of the Digital Personal Data Protection Act (DPDP) Rules. Despite major tech companies expressing concerns during the consultation process, the government maintains its position on these norms.

Consultation Process and Industry Concerns

  • Major tech companies and industry bodies expressed reservations about a clause restricting the transfer of certain data outside India.
  • The clause suggests that data transfer and storage outside India could be restricted based on government committee recommendations.
  • Negotiations between India and the US on non-tariff barriers highlighted the need for liberalizing digital services, including data localization and cross-border data transfer norms.

US-India Trade Negotiations

A US delegation  visited India to discuss trade agreements, including digital service norms, in preparation for a reciprocal tax announcement by the Trump administration.

DPDP Rules and Implementation

The draft DPDP Rules, released in January, aim to provide clarity on the operational guidelines for the DPDP Act, which was passed and ratified in 2023. Although the rules might be notified within six to eight weeks, comprehensive implementation may take up to two years.

  • The construct of the DPDP Act is fixed, with only minor language tweaks possible in specific cases.
  • The data localization clause, often referred to by international companies, is not subject to change.

Clause 14: Data Localization

  • The clause addresses the processing of personal data outside India, emphasizing that domestic data should not be shared with foreign authorities, preserving the sovereign rights of Indian citizens.
  • There could be minor adjustments to Clause 6 and Section 10, focusing on data security measures and consent for processing personal data of children and individuals with disabilities.

Historical Context and Legislative Journey

India's efforts to establish comprehensive regulations for online safety and privacy span nearly 15 years, beginning with the Justice AP Shah committee's report in 2012 and continuing through the Justice B N Srikrishna committee's report in 2018.

  • The Personal Data Protection (PDP) Bill was introduced in 2019 but ultimately withdrawn in 2022 in favor of a simplified privacy bill.
  • The revised DPDP Act was passed in 2023, with operational Rules aimed at ensuring uniformity in digital services.

Geopolitical Considerations

The evolving geopolitical landscape has emphasized digital services as a negotiation tool. In bilateral talks with the US, India proposed eliminating the 6% equalization levy, initially introduced in 2016, to foreign companies providing online advertising services.

Tech Industry Pushback

  • Major tech firms have raised concerns over specific clauses in the draft rules that restrict cross-border data transfer.
  • The need for liberalizing digital services remains a contentious issue in bilateral trade agreement discussions with the US.
  • Tags :
  • Data Protection
Subscribe for Premium Features