Data Protection Laws in India


Data safety and privacy protection are a set of policies, procedures, and cyber laws in India that aim to minimize the incursion into privacy caused by the storage, collection, and dissemination of personal data. 

Personal data is the information and data that is related to a person who can be identified from the information, whether it is collected by any private, government organization, or agency. 

The Constitution of India does not grant the fundamental right to privacy, and the right to privacy has been read into the existing fundamental rights by the courts. Right to life, personal liberty, freedom of speech, and expression of the Constitution of India are subject to reasonable restrictions that the State can impose under Art 19(2) of the Constitution. 

India does not have legislation that governs data safety and protection. Although there aren’t any direct cyber security laws in India, there are laws in India that deal with data protection: the Indian Contract Act, 1872, and Information Technology Act, 2000. There have been a few amendments to the IT act lately, and the law on data protection will be introduced in India shortly.

The Information Technology Act, 2000 takes up the issues related to the payment of Civil compensation and Criminal punishment in case of misuse and false disclosure of personal data and violation in respect of personal data.

The Government of India has notified that the Information Technology (Reasonable Security, Practices, Procedures and Sensitive Personal Data or Information) Rules, 2011 deals with the protection of sensitive and personal information of a person, which includes:

  • Financial information such as bank account or credit/debit card or other payment details,

  • Passwords,

  • Sexual orientation,

  • Physical and mental health conditions,

  • Biometric information

  • Medical records and history

The rules provide the security procedures and practices, which any person collects, receives, deals, possesses, stores, or handles the information that is required to follow while dealing with Personal data. 

Find Cyber and Data Protection Lawyers And Prioritize Your Safety With Rest The Case.

Data Protection Bill 2019:

India stands way behind when it comes the data protection infrastructure. Data Protection Bill 2019, which took five years in the making, was made to safeguard the national privacy issue. However, the government withdrew the bill while assuring a new bill to the table. The reason was the panel's suggestion of 81 amendments and 12 recommendations.

Information Technology Act, 2000

The Information Technology Act, 2000 referred to as the "IT Act," provides legal recognition for the transactions that are carried out through electronic data interchange and other electronic communication known as "electronic commerce," which uses the alternative to paper-based methods and storage of information to facilitate the filing of documents.

Penalty for Damage to Computer Systems under the IT Act

Section 43 of the IT Act penalizes without prescribing any upper limit for doing any of the following acts:

  1. Accesses or secures access to a computer system or computer network;
  2. Downloading, copying, or extraction of any data, or information or computer database from the computer, computer system, or network, including data that is held or stored in any removable storage medium;
  3. Introduce any computer virus or contaminant into any computer system or network;
  4. Damages to any computer system, computer network, computer database, data, or any other programs that reside in such computer system or computer network;
  5. Disrupting any computer system or computer network;
  6. Denies any person authorized to access any computer system or network by any means;
  7. Charging the services that a person avails to another person by tampering or manipulating the computer system or network.
  8. Destroys, deletes, or alters any information that is there is a computer resource or diminishes the value by any means;
  9. Steal, destroy, conceal, or alter any computer source code used for a computer resource to cause damage.

Important Sections in IT Amdendant act 2008

Section 66 states that if any person fraudulently or dishonestly does any act referred to in section 43, the person shall be imprisoned for three years or with a penalty of Rs 5,00,000 or even both.

Amendments as introduced by the IT Amendment Act, 2008

Section 10A was put into the IT Act because it deals with the validity of the contracts that are formed through electronic means that shall not be deemed unenforceable.

The following important sections have been substituted and inserted by the IT Amendment Act, 2008:

  1. Section 43A – Compensation for failure to protect personal and sensitive data.
  2. Section 66 – Computer Related Offences
  3. Section 66A – Punishment for sending offensive messages. 
  4. Section 66B – Punishment for dishonestly receiving the stolen computer resource or any communication device.
  5. Section 66C – Punishment for any kind of identity theft.
  6. Section 66D – Punishment for cheating by using computer resources.
  7. Section 66E – Punishment for violating privacy.
  8. Section 66F – Punishment for cybercrime and terrorism.
  9. Section 67 – Punishment for transmitting or publishing obscene material in electronic form.
  10. Section 67A – Punishment for transmitting of material containing sexually explicit acts in electronic form.
  11. Section 67B – Punishment for publishing or transmitting material that depicts children in a sexually explicit act.
  12. Section 67C – Retention and Preservation of information by intermediaries.
  13. Section 69 – Powers to issue directions to monitor or decrypt any information in computer resources.
  14. Section 69A – Blocking public access to any information in any computer resource.
  15. Section 69B – Power to authorize, monitor, and collect traffic information for cyber privacy and security through any computer resource.
  16. Section 72A – Punishment for disclosure of data in breach of any lawful contract.
  17. Section 84A –Encryption methods.
  18. Section 84B –Punishment for offenses.
  19. Section 84C –Punishment for attempt to commit cyber offenses.


Data Protection is a set of policies, procedures, and privacy laws that aim to minimize the incursion into privacy caused by personal data storage, collection, and dissemination. Personal data is the information and data that is related to a person who can be identified from the information, whether it is collected by any private, government organization, or agency. The laws in India that deal with data protection are the (Indian) Contract Act, 1872, and Information Technology Act, 2000. Law on data protection is going to be introduced in India soon.

Found this interesting? Read more such blogs and improve your legal knowledge with Rest The Case.

Author Bio: Adv. Akshada Thakare & Adv. Ruhi Ahire

Adv. Akshada Thakare

Akshada started her career with leading Indian and International law firms. Currently, she is the founder and partner of AT LEGAL law firm which is the first legal firm led by women. With her immense experience and expertise, Adv. Akshada has proven her strengths in offering world-class services in the field of corporate law. Adv. Akshada has a high level of expertise in Corporate Law and International Business Law, Litigation, Debt Recovery, Arbitration, and Negotiations. Her proficiency lies in corporate legal advisory, employment laws, incorporation of companies general corporate secretarial compliance, and corporate contracts. She has wide experience working on international matters related to the European Union and the United Kingdom. Along with corporate experience, Adv. Akshada also holds rich exposure in representing as an independent lawyer at Bombay High Court, Nagpur Bench. She has participated in the WTO Model 2013 negotiations simulations held in Geneva, Switzerland. 


Adv. Ruhi Ahire

Adv. Ruhi has a wide array of experience in the legal and management field and during her varied career she has gained profound knowledge on Drafting and conveyancing, Arguments and Pleadings, Independent Evaluation, Refined Research; Effective negotiation and communication, Litigation Management as well Client Management. Currently, she is the founder and partner of AT LEGAL firm which is one of its one-of-a-kind law firms led by all women. She is a legal practitioner with practice in civil and criminal litigation matters. Her expertise includes negotiable instruments and personal family law, primarily handling matters about domestic violence, sexual harassment, and divorce. She also holds proficiency in dealing with Litigation and non-litigation matters like Property Matters: Partitions Suits, Declarations, injunctions, land laws, tenancy, title disputes, transfer of property, etc, Commercial Matters, and Arbitration Applications and has garnered a lot of recognition and accolades for the same. She has been part of organizations like ALERT (Association For Leadership Education, Research & Training, Pune and SMILE (Savitri Marketing Institution for Ladies Empowerment) which work towards social issues like Global Warming, Climate change, Women Empowerment, and elevation. Adv Ruhi’s practical knowledge and intention to make a difference in society have enabled her with immense success in legal know-how.