Before the introduction of the Personal Data Protection Bill, India primarily relied on the Information Technology Act, 2000, which was amended in 2008 to include provisions related to data protection and security. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, provided guidelines for protecting sensitive personal data.

Several landmark judgments have also played a pivotal role in shaping data protection and security law in India:

1. Justice K.S. Puttaswamy (Retd.) vs. Union of India (2017): This landmark case, commonly known as the Aadhaar case, upheld the fundamental right to privacy as a constitutional right. It recognized the importance of data protection in safeguarding individual privacy, setting the stage for future data protection regulations.
2. Justice B. N. Srikrishna Committee Report (2018): The committee recommended a comprehensive data protection framework, which laid the foundation for the Personal Data Protection Bill. It suggested principles for data processing, consent, and the establishment of a Data Protection Authority.
3. WhatsApp v. Union of India (2021): This case dealt with WhatsApp’s privacy policy update and data sharing with Facebook. It highlighted the need for transparency and informed consent in data processing, demonstrating the importance of individual rights in the digital realm.
4. Justice Puttaswamy II (2019): This case reaffirmed the importance of privacy in the digital age and addressed the balance between individual privacy and legitimate state interests. It emphasized the need for data protection laws to be consistent with the right to privacy.
5. Justice Srikrishna Committee Report (2018): The committee recommended a comprehensive data protection framework, which laid the foundation for the Personal Data Protection Bill. It suggested principles for data processing, consent, and the establishment of a Data Protection Authority.