## Colophon tags:: [[process]] [[&article]] [[* 2025 DPDPA Rules]] [[* 2025 DPDPA Rules - Data Localisation]] [[* 2025 DPDPA Rules - Data Breaches]] [[* 2025 DPDPA Rules - Parental Verification]] [[* 2025 DPDPA Rules - Consent Manager]] url:: https://exmachina.in/06/01/2025/the-dpdp-rules-first-impressions/ date:: [[2025-01-06]] %% title:: The DPDP Rules: First Impressions type:: [[clipped-note]] file:: published:: 2025-01-06T00:00:00+00:00 author:: [[@Ex Machina]] [Click to Archive](https://web.archive.org/save/https://exmachina.in/06/01/2025/the-dpdp-rules-first-impressions/) %% archive:: ## Notes short:: On Data Localisation: > ==This brings us to Rule 12(4) and the sneaky way in which it is bringing data localization back into consideration. Ever since Justice Srikrishna first included the concept in the 2018 draft of India’s data protection law, I have [argued](https://exmachina.in/31/07/2019/we-need-a-cost-benefit-analysis-of-data-localization/) against this insistence on the physical storage of data in India. Thankfully, each subsequent draft of the law has diluted this concept, and the DPDP Act all but did away with it. With Rule 12(4) suggesting that Significant Data Fiduciaries may have to localize certain categories of personal data, it feels like the government is sneaking in a provision that we all believed we’d seen the back off.== ^7335f4 ## Full text ![[The DPDP Rules First Impressions - 20250106 - fulltext]]