Data Privacy in India: The Information Technology Act

25 Pages Posted: 8 Feb 2019

Date Written: June 1, 2010


India enacted the Information Technology Act, 2000 and added significant amendments in 2008. India does not have a unified data-protection law like the EU. Instead, like the United States, India's privacy laws are scattered among different statutes. But the ITA is the primary law concerning data protection because it addresses itself to electronic commerce. Even after the 2008 amendments, the overall status of data-protection and privacy law remains unclear. According to one commentator, “most of the rules and regulations of data security, as they exist in the American and European countries’ data protection Acts, have been incorporated in the revamped Information Technology Act of 2008.” But Indian attorney Shojan Jacob, upon reviewing the new 2008 amendments, concludes that its provisions are still “not adequate to meet the needs of the corporate India,” and others agree that India still lacks a comprehensive data-protection law.

This paper was written in 2010. I am considering making revisions and updates to reflect to amendments and court decisions.

Keywords: Business Process Outsourcing, BPO, Outsourcing, Offshoring, Offshore Outsourcing, India, Privacy, IT Act, data protection, remedies, cyber crime, hacking, intermediary liability, surveillance

Suggested Citation

Wilson, Benjamin, Data Privacy in India: The Information Technology Act (June 1, 2010). Available at SSRN: or

Benjamin Wilson (Contact Author)

Armstrong Teasdale LLP ( email )

7700 Forsyth Blvd. Suite 1800
St Louis, MO 63105
United States
314-413-7085 (Phone)

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics