Image source -

This article is written by Moumita Mondal, pursuing a Certificate Course in Advanced Criminal Litigation & Trial Advocacy from LawSikho.


Crimes such as human trafficking, terrorism and, the smuggling of drugs, etc. are very prevalent all over the world. So, cross-border data helps to procure information that enables itself to trace and obstruct the occurrence of any incident which is dreadful. Cross-border data sharing is the flow of information between two countries where one country seeks information from another country. Certain requirements are fulfilled by them to acquire any detail about the citizens of another country. International cooperation and agreements enable them to share the details with each other. 

This article talks about the concept, strategies, and provisions relating to cross-border data sharing for a criminal investigation.

Download Now

What is Cross-border data sharing?

Cross-border data sharing is the transferor movement of electronic information or data between the countries. Information related to health, economic, criminal matters, etc. is shared between the countries. Cross-border data sharing helps to promote the growth and development of the business as well as e-commerce, develop cyber-security, and also helps to discover the fraud relating to credit cards and online banking. It also helps to keep a track of the health records during pandemic days. It also keeps the health records of the people intact. Thus, cross-border data sharing is important because it builds a sense of cooperation and togetherness among the countries.

What is Data Localization?

Generally, the details relating to the privacy and financial records of the citizens are stored in their respective countries. The Indian government prefers the method of Data Localization which enables them to keep the data of their citizens safe and thus, there are fewer chances of losing the valuable information of their citizens. Certain criteria were also prescribed by the Indian Government while transferring or sharing any details of their citizens. Data can be shared with the permission of the Indian Government if its IT security is strong. Strict measures must also be followed so that the safety of the information can be ensured. The RBI has imposed limitations regarding the bank and card details of its people who are citizens of India. The information relating to the transaction and other details relating to digital payments would not be shared overseas and thus, its details would only be saved within India.

Cross-Border Data Sharing for a criminal investigation


MLATs stands for Mutual Legal Assistance Treaties. The main objectives of MLATs are: 

  • To provide assistance in the investigation of criminal matters.
  • To conduct legal proceedings and also to avert the occurrence of crime.
  • To provide summons and other judicial records.
  • To achieve the effect of the warrant and other orders given by the governing authority.
  • To facilitate the detection, prohibition, seizure and also to lead the execution of the instrument.

India does not need any permission from the parliament to function according to the rules mentioned in the pact and thus, they function according to the aim or objectives of MLATs if it is approved with the signature of the President of India while agreeing to the facts of the Instrument.

India’s Strategies to acquire cross-border data 

India has always preferred MLAT as a suitable option to procure data from any country whereas other countries prefer to share or acquire data directly through bilateral relations or International agreements. The method of acquiring data from other countries is a very long process. None of the countries wants to involve themselves in the prolonged procedure of the authorization or jurisdiction of the other country from where they desire to seek the data. India has observed that authorizing the direct access of the data can consequently lead to hampering the security or protection of the data. The differences also vary among these countries in process of procuring the data such as:

1) the concerning rights of the citizen of that particular country;

2) the contract between the parties;

3) the protective measures in accordance with three pacts.

For example: The CLOUD Act is unheard of when the conditions are prescribed for issuing a notice to the particular person whose the details were asked. The choice of issuing a notice totally depends on the legislation of that country. The scheme of the European Commission regarding the authorization to access e-evidence allows the delay of sending the notice. But, it is compulsory that the person must be informed after such delay. The Cloud Act solves the dispute which is related to the laws and it is not concentrated in the US but is also applicable to all the countries. The European Commission allows one member country to gain e-evidence directly from another member country. 

Provisions relating to cross-border data sharing 

Section 5 of the Information Technology [Intermediaries Guidelines (Amendment) Rules] Rules, 2018 says that when any government of the State establishes a connection with the Indian Government to obtain any details or help regarding the investigation or detection or prosecution or obstructing any offense or query; protective or cybersecurity and issues linked with or the circumstances relating to it, then such details or assistance would be given by the Intermediaries within the 72 hours of the communication. The government of the States makes a request either in writing form or any electronic means but it must mention the purpose while asking for any details. The intermediaries can detect the originator of details if it is needed by the government who is lawfully sanctioned.

Section 40 of the Personal Data Protection Bill,2018 discusses certain limitations imposed on India while sharing any data are as follows:

  1. The keeper of the details will make sure that at least one copy of the details to be saved in the storage on a server or data which is situated in India. (sub-section 1 of Section 40 of the Personal Data Protection Bill, 2018).
  2. The Central Government will inform regarding the classified personal information as crucial which could only be created in a server or data centre situated in India.
  3. The Central government may inform about the classified personal data which is free from the conditions which is mentioned under sub-section 1 on the basis of the requirement or desire of the State.
  4. If the data is delicate in nature, then it would comply regardless of sub-section(3).

Section 41 of the Personal Data Protection Bill, 2018 talks about the prerequisites for Cross-Border Transfer of personal data. Section 41(2) says that the government will transfer the data if it is satisfied with the safety or security of the data while complying with the laws and international consensus. The decision of the transfer of the data will be analyzed and observed whether it meets the required conditions or not.

Case Laws

  • In Justice K.S Puttuswamy (Retd.) v. Union of India And Ors. on 24 August 2017, a writ petition was filed before the Supreme Court by Justice K.S Puttuswamy which opposed the constitutional effectiveness of the Aadhar’s strategy which was launched by the Government. The Supreme Court has held that every person has fundamental liberty of privacy which is assured by the Constitution.
  • In Bhavesh Jayanti Lakhani v. State of Maharashtra and others, 7 August 2009, it was held by the Supreme Court that the Indian Government had already signed a pact with the Government of the United Kingdom on an assurance to help in the investigation and legal proceedings, prevention, and seizure of the items (which includes the currency transfer) and funds of the terrorist organization with the perspective to check the terrorist acts carried in India and the United Kingdom. Certain conditions which were aimed to make changes in the Code of Criminal Procedure, 1973 are as follows:
  1. The movement of the persons would be allowed between the two States for the purpose of helping in the investigation or giving proof in the legal proceedings;
  2. The items which are acquired or seized relating to the offense may be done or caused in the other country;
  3. The administering of the attachment and confiscation order passed by the Court in another country.


Cross-border sharing is a very important concept as it allows the sharing of information among the countries. But on the other hand, cybersecurity must be efficient enough to protect the privacy details of the country. In Bhavesh Jayanti Lakhani v. State of Maharashtra, the Supreme Court held that the Indian laws are always above the agreement between India and another foreign country. The decision that the rule of the agreement must be followed or not lies in the hands of the Executive. The decision regarding the agreement would be enforced if it is approved by the State. Cyber-crime is a world-wide problem that is increasing day by day. So, it is important for the Indian government to be careful while transmission any information to another country. Sufficient steps must be taken by the Indian Government to acquire the data in a fast and efficient method. But it must ensure that sufficient security is framed for the protection of the data so that it is not exposed to an unauthorized entity. 



Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Please enter your comment!
Please enter your name here