Any restriction on data movement under the Digital Personal Data Protection (DPDP) Rules will be done after consultation with stakeholders and a Committee (to be constituted) will have external sectoral experts before any final decision, Ashwini Vaishnaw, Minister of Information Technology, said on Tuesday.

“It has been clearly mentioned in the Act… the world over there is a clause in their laws in one form or the other. For example, Reserve Bank of India has been talking about localising payment data for long. The same goes for health data. For its citizens security, the country has to put certain restrictions,” Vaishnaw said.

The Centre will seek sectoral experts’ help for such restrictions on data transfers outside India, he explained.

“We will work as per sectoral requirement as there may be some sectors where there might not be any requirement for restrictions (on transfer of data) and there might be certain sectors where there is an extreme requirement like for financial sectors… therefore there will discussions/consultations with the stakeholders before any decision,” he said.

Under the Act, the government has said that the Centre may, ‘by notification, restrict the transfer of personal data by a Data Fiduciary for processing to such country or territory outside India as may be so notified’.

The Ministry of Electronics and Information Technology (MeitY) had released the long-awaited Digital Personal Data Protection Rules, 2025 (DPDP Rules) for public consultation, on January 3. It has sought for public feedback by February 18, after which the draft rules will be taken into consideration.

On children’s declaration of age for social media, Vaishnaw explained that the government is working on a lot of mechanisms which can be used as per the laws.

Data Fiduciary

According to the Draft Rules, the government has said that a Data Fiduciary should adopt appropriate technical and organisational measures to ensure that verifiable consent of the parent is obtained before the processing of any personal data of a child.

It says that reliable details of identity and age should be available with the Data Fiduciary or they should be voluntarily provided through virtual token mapped to the same, which is issued by an entity entrusted by law or the Centre or a State government.

“India has a vast digital architecture and better than several countries in the world. So we can put to use our digital infrastructure for the verifications,” Vaishnaw added.