Planning a 'negative list' of nations for cross border data transfer: Govt

The Centre plans to develop a "negative list" of countries. No data pertaining to Indians could be sent to countries included in this list, according to a report published in The Economic Times (ET). The change is a part of the upcoming Digital Personal Data Protection Bill (DPDPB) 2022.

 

The legislation will empower the cross-border flow of data across all countries "by default" unless a country features on the negative list, minister of state for electronics and IT Rajeev Chandrasekhar was quoted as saying in the report.

 

Earlier, the government was planning on making a "whitelist" of trusted geographies in the draft legislation. This would have meant that India would have allowed cross-border data flow to only countries that are part of the whitelist.

 

The minister said, "The government will have the right to restrict certain geographies and will decide the criteria for that." In other words, the government will have the authority to restrict data flow to a country on the "blacklist".

 

Quoting experts, ET reported that notifying a "list of restricted countries" is a more practical approach. "There will hopefully be no unintended disruption in a restriction-based regime. Existing data flows rely on several contractual (agreements) with both parties (aware) that their customer data is safe. There are also obligations built into this," said Ashish Aggarwal, head of public policy at Nasscom.

 

Elaborating on the earlier approach proposed in the draft DPDPB, Aggrawal said it makes more sense to have a restriction criteria rather than a whitelist. He added, "Roughly some 200 countries have to be evaluated based on a list of criteria, which can be long-winded, how can one do that assessment."