Rule 15 OF DPDP RULES 2025

Transfer of personal data outside the territory of India.


Any personal data processed by a Data Fiduciary under the Act may be transferred outside the territory of India subject to the restriction that the Data Fiduciary shall meet such requirements as the Central Government may, by general or special order, specify in respect of making such personal data available to any foreign State, or to any person or entity under the control of or any agency of such a State.

Rule 2 →
DPDPA
Table of contents


Report error

Legal Interpretation of Rule 15 of DPDP Rules 2025: Exemption for Research, Archiving, and Statistical Purposes

In today’s data-driven world, personal data is not only essential for delivering services but also serves as the backbone of research, historical preservation, and statistical analysis. Rule 15 of the DPDP Rules 2025 carves out a thoughtful exemption under the Digital Personal Data Protection Act (DPDPA) for processing personal data when it is used specifically for research, archiving, or statistical purposes. Let’s delve into what this exemption entails and its implications.

What Does the Rule Say?

Rule 15 provides that the provisions of the DPDPA will not apply to the processing of personal data if such processing is necessary for purposes like research, archival work, or statistical analysis. However, this exemption is conditional—it only applies if the processing aligns with the standards detailed in the Second Schedule of the DPDP Rules. This creates a safeguard to ensure that the exemption isn’t misused.

Why is This Exemption Important?

Imagine the vast amounts of data analyzed every day to uncover patterns, advance scientific discoveries, or preserve history. If every researcher or archivist were held to the same regulatory standards as commercial entities, the red tape could stifle innovation and delay critical findings. Rule 15 recognizes this and ensures that the spirit of discovery and preservation is not hindered while still maintaining accountability.

Breaking Down the Key Elements

  • Processing for Research Purposes: Research often involves analyzing data sets to identify trends, test hypotheses, or develop solutions. Rule 15 ensures that such initiatives can proceed without the procedural bottlenecks of the DPDPA, provided ethical standards are upheld.
  • Processing for Archiving: Archival efforts are crucial for preserving human history, cultural artifacts, and institutional records. This exemption facilitates the long-term preservation of data for future generations.
  • Processing for Statistical Analysis: Statistical analysis enables governments, businesses, and researchers to make informed decisions. Rule 15 ensures that such processing is exempted, fostering evidence-based policymaking.
  • Adherence to the Second Schedule: The exemption isn’t a free pass. The Second Schedule outlines standards that must be met, likely covering aspects such as anonymization, data minimization, and purpose limitation.

Striking a Balance: Privacy vs. Progress

You might wonder: Doesn’t this exemption put personal privacy at risk? Rule 15 cleverly strikes a balance. By requiring adherence to the Second Schedule, it ensures that even exempted data processing is done responsibly. For example:

  • Anonymization: Before personal data is used for research, identifiers are removed to protect individual privacy.
  • Purpose Limitation: Data can only be used for the stated research, archival, or statistical purpose, preventing misuse.

This approach fosters trust while enabling progress.

Implications for Stakeholders

  • For Researchers and Archivists: This exemption provides a streamlined pathway to access and process data critical for their work, with ethical standards being non-negotiable.
  • For Data Fiduciaries: Organizations holding personal data for such purposes are relieved from certain compliance obligations under the DPDPA, allowing them to focus on their core activities.
  • For Data Principals: While their data might be used for research or analysis, the safeguards in the Second Schedule ensure their privacy isn’t compromised.

Real-World Examples of Application

  • Healthcare Research: A university conducting a study on diabetes prevalence across regions can process medical data without needing explicit consent, provided the data is anonymized and standards are met.
  • Cultural Preservation: A national archive digitizing historical documents containing personal information can do so without violating the Act.
  • Government Statistics: Compiling census data or analyzing unemployment trends can proceed efficiently under this exemption.

A Progressive Approach to Data Governance

Rule 15 is a testament to the progressive nature of the DPDP Rules. By carving out this exemption, the framework acknowledges that not all data processing fits neatly into a one-size-fits-all regulatory model. It caters to the unique needs of research, preservation, and statistical endeavors while ensuring privacy safeguards.

At its core, Rule 15 isn’t just about exemptions—it’s about empowering stakeholders to use data responsibly for the greater good. It reflects a modern understanding that privacy and progress can coexist when governed by thoughtful regulations.

Final Thoughts

Rule 15 of the DPDP Rules 2025 exemplifies a balanced approach to data protection. It recognizes the invaluable role of research, archival work, and statistical analysis in advancing society while ensuring that personal data is handled with care and respect. For India, a country on the cusp of becoming a global leader in data governance, this rule sets the tone for a forward-thinking yet responsible regulatory framework.

In essence, Rule 15 is a win-win. It paves the way for innovation and discovery while safeguarding the rights and privacy of Data Principals—a true hallmark of progressive legislation.

© 2025 Advocate (Dr.) Prashant Mali