The Digital Personal Data Protection (DPDP) Bill of 2022 recommended that data should be localized within the country's borders.

This was met with support from security leaders who agreed that data sovereignty was essential for the nation’s growth and for safeguarding data within the country securely.

However, the current DPDP 2023 Bill, which has been passed by both houses of Parliament, contradicts its former guidelines. The bill now allows the transfer of personal data outside India, except to countries restricted by the central government through notification.

Against this backdrop, there have been several questions raised by data privacy and security proponents around the adequate protection provisions for the data residing outside the country.

In this insightful session, Puneet Bhasin, cyber law expert - proprietor/founder, Cyberjure Legal Consulting; Kalpesh Doshi, group CISO, HDFC Life; Shiju Rawther, head - information technology, SBI Mutual Fund; and Anil V. Lole, CISO India GDC, Fujitsu India, discuss:

• Pros and cons of the cross-border transfer of data
• Data localization vs. free data movement
• Ways to protect data outside of the country
• Who is accountable for breaches?