This summary has been made based on the submission uploaded on this website and NASSCOM's own website. The author and/or MediaNama have only produced a summary of this document and are not liable for the veracity of the said document. The Personal Data Protection Bill needs to define a minimum compliance period of 24 months from the date of notification of any obligation, standard, code of practice or rule, industry bodies NASSCOM and the Data Security Council of India (DSCI) said in their submission to the Joint Parliamentary Committee on the Bill. It must also define timelines for the formation of the Data Protection Authority (DPA). The Bill must also give data processors that deal with foreign nationals' data additional time so that they can re-negotiate their international contracts. It must clarify the scope of its extra-territorial applicability using examples. NASSCOM is one of the key industry bodies in the Indian regulatory landscape. It set up DSCI to focus on data protection in India. They have also recommended that any exemption granted to a government agency must be subject to a detailed assessment of potential harms to users' rights and freedoms, in consultation with the DPA. Non-Personal Data shouldn't be in the Bill 1. Scrap non-personal data so that it can be dealt with through a separate legislation, If it must be included, the business interests of the companies must be protected and the government needs to be held accountable for asking for such data through safeguards such as: Establish…
