India does not have a specific legislation dedicated to data protection and privacy. Presently, the Information Technology Act, 2000 read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 protect the personal information and sensitive personal data or information and to that limited extent govern the aspects of data protection and privacy in India.
Under Indian laws, actions of body corporates dealing with personal and sensitive personal data and the ability to share/transfer the same are both regulated and restricted. Existing legal framework provides for adequate measures to safeguard the interest of data subjects and the contractual and self-regulatory mechanism providing for confidence amongst international investors and corporations about safety and protection of personal data.
The issue of encryption and decryption of data and ability of the Government to seek surveillance continues to be unresolved.