Implications of US Bill on Cross border data transfer

A Bill has been passed in US to protect the sensitive data of US citizens by restricting cross border data to countries considered as “Adversaries”. To some extent this reflects the thought behind Section 16 of DPDPA 2023 which also has an enabling provision to restrict transfer of personal data collected in India to other countries which may be notified as “Blacklisted Countries”. China, Iran, North Korea, Cuba, Russia and the Maduro government in Venezuela are currently in the list of such adversaries. India is yet to declare the black list of countries under Section 16.

(Refer report in

The bill bans organizations that profit from selling personal data, known as data brokers, from making data accessible to a foreign adversary country or entities controlled by adversaries.

It also authorizes the Federal Trade Commission to seek civil penalties of more than $50,000 for each violation.

India has to keep on guard that this list of countries donot become too flexible to include any country on which adhoc sanctions are imposed. We may recall that in the early days of Ukraine war many US companies cited the US sanctions to threaten stoppage of IT services in India. This makes the dependence of the country on US companies including companies like Microsoft and Google a long term national security risk.


About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.