DPDPB2022: Negative List for Cross Border Data Transfer..Is it a bad idea?

In a widely circulated media report today, it is indicated that the Government will be following a cross border personal data transfer in DPDPB2022 by indicating a negative list of countries to which data may not be transferred, leaving a large number of countries to which data can be transferred freely.

Identical stories indicating a PR release have appeared in ET, INC42, BS, DH, Telenet, Beamstart, newsncr, shafaqna, cxo-today etc. Most of these articles appear to have originated from ET. It is surprising to see even Business Standard quoting an article from Economic Times. Normally publications like Business Standard publish news directly gathered by them and not repeat the article from their rival publication. But this time it has reproduced the entire article word for word and even acknowledged the source as ET. We are aware that ET has in the past is known to have published planted stories trying to create an opinion convenient to the large industries.

We donot know if this is one such planted story. We need to await the final version from the MeitY to understand if this is the correct version of the Government.

For the records, the Minister has been quoted to have stated as follows:

At one place it refers to the source as a “Top lawmaker” and in another place it quotes the name of “Rajeev Chandrashekar, MOS”.

As could be expected, the move has been welcome by Nasscom and some other experts who hail it as the right move to avoid disruption and improve the ease of doing business.

To me however, this move if it is true, appears to be a retrograde move that shows the colonial subjugative mindset of our Government that accepts the GDPR prescription of “No Transfer without Adequacy” but thinks that we should give a “By Default permission to transfer data”. I donot understand why we should not keep up the earlier version which indicated that there would be a “Whitelist” of countries to which data can be transferred.

“The centre is likely to notify a “negative list” of countries to which data pertaining to Indian users cannot be transferred, a top lawmaker told ET.

This change is being mooted in the upcoming draft of the Digital Personal Data Protection Bill (DPDPB), 2022.

As a result, cross border data flow will be enabled across all countries “by default” unless a nation is on the negative list, the minister of state for electronics and IT, Rajeev Chandrasekhar said.”

Placing any country in a “Negative List” is considered as an “International Sanction” and could be either opposed as a bad foreign policy or countered with reverse sanctions.

On the other hand, a “Positive List” would have enabled India to have an across the table negotiation on equal terms.

It was Mr Rajeev Chandrashekar himself who had told earlier that they would create “Data Trust Zones”. That was a very innovative thought. The current proposal is a dilution of the Cross Border Transfer restrictions and is against the policy that could have encouraged more data storage business in India.

I wish the report in ET is not true. It could be a manipulated report of some remark made by the Minister.


About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.