In the absence of a dedicated data protection regime, the Information Technology Act, 2000 read with its supplementary Rules [titled the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011] acts as a framework for data protection and privacy in India. This framework is accompanied by a patchwork of guidelines, standards and directives issued by sectoral regulators that specify certain data protection obligations for that sector.
The Personal Data Protection Bill was withdrawn from parliament in August 2022. The government now seeks to replace it with a ‘comprehensive legal framework’ to regulate the
online space, which will include separate laws on data privacy.
Ministry of Home Affairs (MHA)
Ministry of Electronics and Information Technology (MeitY)
Personal Data Protection Bill,2018
Personal Data Protection Bill, 2019
Personal Data Protection Bill, 2021 (Annexure in Report of the Joint Committee OnPersonal Data Protection Bill 2019, 2021)
Report of the Group of Experts on Privacy, 2012
White Paper of the Committee of Experts on a Data Protection Framework for India,
A Free and Fair Digital Economy Protecting Privacy, Empowering Indians:
Committee of Experts under the Chairmanship of Justice B.N. Srikrishna, 2018
Report by the Committee of Experts on Non-Personal Data Governance Framework,2020 (July)
Report by the Committee of Experts on Non-Personal Data Governance Framework(revised), 2020 (December)
Report of the Joint Committee On Personal Data Protection Bill 2019 ,2021
Bureau of Indian Standards Data Privacy Assurance Part 1: Engineering and
Management Requirements, IS 17428, 2020
Bureau of Indian Standards Data Privacy Assurance Part 2: Engineering and
Management Guidelines, IS 17428, 2020
Please provide your contact details to hear from us on IPCIDE's research.