Cross-Border Data Flows and India’s Digital Sovereignty - India’s Draft Data Protection Rules

Cross-Border Data Flows and India’s Digital Sovereignty - India’s Draft Data Protection Rules Gaur, Akriti Author aut Text xx# 2025 Verfassungsblog 2025-03-12 eng India’s data protection framework has been in the making for over a decade. The Digital Personal Data Protection Act was passed by Parliament in 2023, and the draft Digital Personal Data Protection Rules were released in January 2025 for public consultation. In this piece, I argue that the draft Rules do little to clarify India’s murky position on cross-border data flows. The ambiguous wording of the text grants unfettered discretion to the executive in operationalizing the localization mandate. Moreover, the lack of legislative protections for citizen privacy, coupled with missed opportunities to establish robust institutional frameworks undermines India’s own data diplomacy project. CC BY-SA 4.0 Gaur, Akriti Indien data law data protection data sovereignty Indien 342 https://verfassungsblog.de/cross-border-data-flows-and-indias-digital-sovereignty/ Verfassungsblog 2366-7044 Max Steinbeis Verfassungsblog gGmbH 10.59704/82a368a8a6158abf 250312 10.59704/82a368a8a6158abf Converted from MARCXML to MODS version 3.7 using MARC21slim2MODS3-7.xsl (Revision 1.140 20200717)