What’s in the news?

• The Mines and Minerals (Development and Regulation) Amendment Bill, 2023 was passed by the Parliament recently. The Bill amends the Mines and Minerals (Development and Regulation) Act, 1957.  
• The Act regulates the mining sector. For regulation, the Act classifies mining-related activities into: (i) reconnaissance, which involves a preliminary survey to determine mineral resources, (ii) prospecting, which includes exploring, locating, or proving mineral deposits, and (iii) mining, the commercial activity of extraction of minerals.

Highlights of the Mines and Minerals Amendment Bill, 2023

Reconnaissance to include sub-surface activities:  

• The 1957 Act defines reconnaissance operations as operations undertaken for preliminary prospecting. The Act prohibits pitting, trenching, drilling, and sub-surface excavation as part of reconnaissance.  
• The amendment Bill allows these prohibited activities.

Exploration licence for specified minerals:  

• The amendment Bill introduces an exploration licence, which will authorise either reconnaissance or prospecting, or both activities for specified minerals.
• The exploration licence will be issued for 29 minerals specified in the Seventh Schedule. These include gold, silver, copper, cobalt, nickel, lead, potash, and rock phosphate. 
• These also include six minerals classified as atomic minerals under the 1957 Act: (i) beryl and beryllium, (ii) lithium, (iii) niobium, (iv) titanium, (v) tantallium, and (vi) zirconium. The Bill declassifies them as atomic minerals. 
• Unlike other minerals, the prospecting and mining of atomic minerals is reserved for government entities under the parent Act, which prevented it from being auctioned to and mined by private companies.
• Upon removal of these minerals from the list of atomic minerals, exploration and mining of these minerals will be open to the private sector.

Auction for exploration licence: 

• The exploration licence will be granted by the state government through competitive bidding. The central government will prescribe details such as manner of auction, terms and conditions, and bidding parameters for exploration licence through rules.

Validity of exploration licence:  

• The exploration licence will be issued for five years. A licencee may request for extension of up to two years by making an application to the state government. 

Maximum area in which activities are permitted: 

• Under the original Act, a prospecting licence allows activities in an area up to 25 square kilometres, and a single reconnaissance permit allows activities in an area up to 5,000 square kilometres.  
• The amendment Bill allows activities under a single exploration licence in an area up to 1,000 square kilometres. 

Submission of geological reports: 

• Within three months of the completion of operations or expiry of the exploration licence, the licencee must submit a geological report regarding findings.

Incentive for exploration licencee: 

• If the resources are proven after exploration, the state government must conduct an auction for mining lease within six months of the submission of the report by the exploration licencee.  
• The licencee will receive a share in the auction value of the mining lease for the mineral prospected by them. The share will be prescribed by the central government.  
• If the state government does not complete the auction of mining lease within the specified period, the state government will pay to the exploration licencee an amount prescribed by the central government.

Auction of certain minerals by the central government:  

• Under the original Act, auction of concessions is undertaken by the state governments, except in certain specified cases.  
• The Bill adds that auction for composite licence and mining lease for specified critical and strategic minerals will be conducted by the central government. These minerals include lithium, cobalt, nickel, phosphate, potash, tin, phosphate, and potash. However, concessions will still be granted by the state government.

 

Digital Personal Data Protection Bill, 2023 

Introduction

• President Droupadi Murmu has granted assent to the Digital Personal Data Protection Bill, 2023 (DPDP Bill) after it was passed by both Houses of Parliament. 

Highlights of the Bill

Applicability:  

• The Bill applies to the processing of digital personal data within India where such data is: 
  • collected online, or 
  • collected offline and is digitised.  
• It will also apply to the processing of personal data outside India if it is for offering goods or services in India.  
• Personal data is defined as any data about an individual who is identifiable by or in relation to such data.  
• Processing has been defined as wholly or partially automated operation or set of operations performed on digital personal data. It includes collection, storage, use, and sharing.

Consent:  

• Personal data may be processed only for a lawful purpose after obtaining the consent of the individual. 
• A notice must be given before seeking consent. The notice should contain details about the personal data to be collected and the purpose of processing.  
• Consent may be withdrawn at any point in time.  
• Consent will not be required for ‘legitimate uses’ including: 
  • specified purpose for which data has been provided by an individual voluntarily, 
  • provision of benefit or service by the government, 
  • medical emergency, and 
  • employment.   
• For individuals below 18 years of age, consent will be provided by the parent or the legal guardian.

Rights and duties of data principal:  

• An individual whose data is being processed (data principal), will have the right to: 
  • obtain information about processing, 
  • seek correction and erasure of personal data, 
  • nominate another person to exercise rights in the event of death or incapacity, and 
  • grievance redressal.  
• Data principals will have certain duties.  
• They must not: 
  • register a false or frivolous complaint, and 
  • furnish any false particulars or impersonate another person in specified cases.
• Violation of duties will be punishable with a penalty of up to Rs 10,000.

Obligations of data fiduciaries:  

• The data fiduciary (persons, companies and government entities who process data), must: 
  • make reasonable efforts to ensure the accuracy and completeness of data, 
  • build reasonable security safeguards to prevent a data breach,
  • inform the Data Protection Board of India and affected persons in the event of a breach, and
  • erase personal data as soon as the purpose has been met and retention is not necessary for legal purposes (storage limitation).  
• In case of government entities, storage limitation and the right of the data principal to erasure will not apply.

Transfer of personal data outside India:  

• The Bill allows transfer of personal data outside India, except to countries restricted by the central government through notification.  

Exemptions:  

• Rights of the data principal and obligations of data fiduciaries (except data security) will not apply in specified cases.  
• These include: 
  • prevention and investigation of offences, and 
  • enforcement of legal rights or claims.  
• The central government may, by notification, exempt certain activities from the application of the Bill.  These include: 
  • processing by government entities in the interest of the security of the state and public order, and 
  • research, archiving, or statistical purposes.

Data Protection Board of India: 

• The central government will establish the Data Protection Board of India.  
• Key functions of the Board include: 
  • monitoring compliance and imposing penalties, 
  • directing data fiduciaries to take necessary measures in the event of a data breach, and 
  • hearing grievances made by affected persons.  
• Board members will be appointed for two years and will be eligible for re-appointment.   
• The central government will prescribe details such as the number of members of the Board and the selection process.  
• Appeals against the decisions of the Board will lie with Telecommunications Dispute Settlement and Appellate Tribunal (TDSAT).
  • TDSAT was established in 2000 as a statutory body to adjudicate disputes and dispose of appeals to protect the interests of service providers and consumers of the telecom sector. 
  • At present, the Tribunal exercises jurisdiction over Telecom, Broadcasting, IT and Airport tariff matters under the TRAI Act, 1997, the Information Technology Act, 2008 and the Airport Economic Regulatory Authority of India Act, 2008. 
  • The Tribunal consists of a Chairperson and two Members appointed by the Central Government. The Chairperson should be or should have been a Judge of the Supreme Court or the Chief Justice of a High Court. 

Penalties: 

• The schedule to the Bill specifies penalties for various offences such as up to: (i) Rs 200 crore for non-fulfilment of obligations for children, and (ii) Rs 250 crore for failure to take security measures to prevent data breaches.  
• Penalties will be imposed by the Board after conducting an inquiry. 

Key Issues and Analysis

• Exemptions to data processing by the State on grounds such as national security may lead to data collection, processing, and retention beyond what is necessary. This may violate the fundamental right to privacy.
• The Bill does not regulate risks of harms arising from processing of personal data.  
• The Bill allows transfer of personal data outside India, except to countries notified by the central government. This mechanism may not ensure adequate evaluation of data protection standards in the countries where transfer of personal data is allowed.
• The members of the Data Protection Board of India will be appointed for two years and will be eligible for re-appointment. The short term with scope for re-appointment may affect the independent functioning of the Board.