Internal Security·Legal Reforms
Data Protection Laws — Legal Reforms
Constitution VerifiedUPSC Verified
Version 1Updated 5 Mar 2026
| Entry | Year | Description | Impact |
|---|---|---|---|
| Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 | 2011 | These rules under the IT Act 2000 were India's first comprehensive attempt at data protection regulation, defining sensitive personal data and establishing consent and security requirements for corporate entities. | Created the foundation for India's data protection journey, though limited in scope and enforcement. Established basic principles that influenced the comprehensive 2023 legislation. |
| Personal Data Protection Bill, 2019 (withdrawn) | 2019 | The first comprehensive data protection bill that proposed extensive individual rights, data localization requirements, and a Data Protection Authority. Withdrawn in 2022 for a fresh approach. | Shaped public discourse on data protection and influenced the final 2023 Act, though the final version adopted a more business-friendly and government-accommodating approach. |