A Bill has been passed in US to protect the sensitive data of US citizens by restricting cross border data to countries considered as “Adversaries”. To some extent this reflects the thought behind Section 16 of DPDPA 2023 which also has an enabling provision to restrict transfer of personal data collected in India to other countries which may be notified as “Blacklisted Countries”. China, Iran, North Korea, Cuba, Russia and the Maduro government in Venezuela are currently in the list of such adversaries. India is yet to declare the black list of countries under Section 16.
The bill bans organizations that profit from selling personal data, known as data brokers, from making data accessible to a foreign adversary country or entities controlled by adversaries.
It also authorizes the Federal Trade Commission to seek civil penalties of more than $50,000 for each violation.
India has to keep on guard that this list of countries donot become too flexible to include any country on which adhoc sanctions are imposed. We may recall that in the early days of Ukraine war many US companies cited the US sanctions to threaten stoppage of IT services in India. This makes the dependence of the country on US companies including companies like Microsoft and Google a long term national security risk.
Naavi
