This summary has been made based on the submission uploaded on the BSA website. The author and/or MediaNama have only produced a summary of this document and are not liable for the veracity of the said document. The Personal Data Protection Bill should remove non-personal data from its ambit, BSA, the global software alliance, wrote in its submission to the Joint Parliamentary Committee on the Bill. The clause is too broad and encompasses all data other than non-anonymised personal data, BSA argued. This goes beyond the ambit of Personal Data Protection Bill and there is already a MeitY Committee to deliberate on governance of non-personal data through a "more deliberative and consultative process". BSA, whose members include Cisco, Amazon Web Services, Microsoft, and Salesforce, also recommends the revision of "personal data" to remove inferred data from it. An exhaustive list of sensitive and critical personal data categories needs to be given and any new categories should be added through amendments to the law, not through government notifications. The concept of consent managers should be removed completely. Ease up on data localisation Remove Clause 33 that mandates data mirroring for cross-border flow of sensitive personal data as such restrictions don't help with data protection. They disrupt companies' operations and increase service costs in India. Instead, recognise the role of private contractual arrangements, internationally recognised certification mechanisms, and other transfer mechanisms to promote accountability and cross-border data flows. Define "sensitive personal data" narrowly to mitigate impact on digital payments and healthcare industry.…
