Existing framework for data protection in India
| Document | Details | Type | Nature |
| Puttaswamy versus Union of India | Judgement of the Supreme Court of India affirming the right to privacy of all individuals under the Indian Constitution. | Law | Binding |
| Information Technology Act, 2000 | Prescribes security practices for the protection of personal data. Requires that consent must be sought before the collection of any sensitive personal data. | Law | Binding and enforceable |
| HIV/AIDS Act 2017, Mental Healthcare Act, 2017, Transplantation of Human Organs and Tissues Act, 1994 | Sector-specific laws that govern data related to the disease area. The requirements may be different from those under the Information Technology (IT) Act. | Law | Binding and enforceable |
| Personal Data Protection Bill, 2019 | Proposed law that updates the IT Act and protects all personal data, establishes a data protection regulator and prescribes penalties for violations of these rules. | Bill; pending in parliament | Unenforceable till passed as law |
| Data Empowerment and Protection Architecture | Framework for data management and security issued by NITI Aayog, a government think-tank. | Draft report | Voluntary |
| National Digital Health Blueprint, NDHM Health Data Management Policy, NDHM strategy overview | Lays out the architectural framework for the digital health infrastructure under the NDHM. | Government reports | Voluntary |
| Report by the committee of experts on Non-Personal Data Governance Framework | This committee of experts was constituted by the Ministry of Electronics and IT to propose a governance framework for non-personal data. It has released a draft report for public comments (July 2020). | Draft government report | Recommendations to the government |
NDHM, National Digital Health Mission.