(Draft) Paper on Information Technology Act, 2000 and the Data Protection Rules

16 Pages Posted: 5 Jan 2018

See all articles by Smitha Krishna Prasad

Smitha Krishna Prasad

Georgetown University Law Center; National Law School of India University

Date Written: December 30, 2017


In August 2017, the Supreme Court of India’s landmark judgment in Puttaswamy v. Union of India affirmed that the right to privacy is a fundamental right under the Indian Constitution. In Puttaswamy v. Union of India, the various opinions have observed that informational privacy is an important aspect of such privacy in this day and age.

As arguments were made in this case, the Ministry of Electronics and Information Technology (MEITY), Government of India also set up a Committee of Experts to identify key data protection issues in India and recommend methods of addressing them. MEITY and the Committee of Experts have now issued a white paper which recognises the need for comprehensive data protection regulations that incorporate established data protection principles. Public comments and consultations have been called for on the basis of this paper, as we gear up to build on the fundamental right to privacy and put in place strong data protection laws to protect personal data.

In this paper we analyse the only existing ‘comprehensive’ data protection rules in India, i.e. the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“Rules”), issued under the Information Technology Act, 2000 (“IT Act”). The paper examines the provisions of the IT Act and the Rules that provide for the protection of personal data, the kind of personal data that they apply to, as well as some of the criticisms of these provisions and their enforcement.

Note: This draft has been prepared at the Centre for Communication Governance at National Law University, Delhi, and is currently pending review.

Keywords: data protection, India, privacy, personal information, sensitive personal data or information

Suggested Citation

Krishna Prasad, Smitha, (Draft) Paper on Information Technology Act, 2000 and the Data Protection Rules (December 30, 2017). Available at SSRN: https://ssrn.com/abstract=3094792 or http://dx.doi.org/10.2139/ssrn.3094792

Smitha Krishna Prasad (Contact Author)

Georgetown University Law Center ( email )

National Law School of India University ( email )

Nagarbhavi, PO Box 72
Bangalore, Karnataka 560072

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics