Cross-Border Data Transfers and Data Localization Mandate under the Data Protection Regime

Authors

  • Khushi Malviya Student, Batch of 2026, The West Bengal National University of Juridical Sciences (NUJS), Kolkata, khushi221021@nujs.edu.
  • Eeshaan Singh Student, Batch of 2026, The West Bengal National University of Juridical Sciences (NUJS), Kolkata, eeshaan221055@nujs.edu.

DOI:

https://doi.org/10.2218/scrip.22.2.2025.12003

Keywords:

Personal data, data localization, cross border transfers, onward transfer, social media intermediaries

Abstract

The present paper critiques India's approach to cross-border data transfers under the Draft Digital Personal Data Protection Rules 2025. It highlights concerns with Rule 14 and Rule 12(4), which grant the government broad discretion to impose data localization mandates, potentially restricting the transfer of specific data types regardless of the destination country's safety. This "regressive" approach could stifle innovation and create compliance hurdles for businesses, especially social media intermediaries. The paper also points out the ambiguity in defining restrictions and the lack of provisions for "onward transfers" of data, contrasting it with the more comprehensive GDPR. It advocates for a balanced framework with clear criteria for restrictions and safeguards, aligning with international best practices to ensure both national security and economic viability.

Downloads

Published

18-Dec-2025

Issue

Vol. 22 No. 2 (2025)

Section

Research Article

License

Copyright (c) 2025 Khushi Malviya, Eeshaan Singh

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.