Table 1

Existing framework for data protection in India

DocumentDetailsTypeNature
Puttaswamy versus Union of IndiaJudgement of the Supreme Court of India affirming the right to privacy of all individuals under the Indian Constitution.LawBinding
Information Technology Act, 2000Prescribes security practices for the protection of personal data. Requires that consent must be sought before the collection of any sensitive personal data.LawBinding and enforceable
HIV/AIDS Act 2017, Mental Healthcare Act, 2017, Transplantation of Human Organs and Tissues Act, 1994Sector-specific laws that govern data related to the disease area. The requirements may be different from those under the Information Technology (IT) Act.LawBinding and enforceable
Personal Data Protection Bill, 2019Proposed law that updates the IT Act and protects all personal data, establishes a data protection regulator and prescribes penalties for violations of these rules.Bill; pending in parliamentUnenforceable till passed as law
Data Empowerment and Protection ArchitectureFramework for data management and security issued by NITI Aayog, a government think-tank.Draft reportVoluntary
National Digital Health Blueprint, NDHM Health Data Management Policy, NDHM strategy overviewLays out the architectural framework for the digital health infrastructure under the NDHM.Government reportsVoluntary
Report by the committee of experts on Non-Personal Data Governance FrameworkThis committee of experts was constituted by the Ministry of Electronics and IT to propose a governance framework for non-personal data. It has released a draft report for public comments (July 2020).Draft government reportRecommendations to the government
  • NDHM, National Digital Health Mission.