ORG policy update/2016-w50

This is ORG's Policy Update for the week beginning 12/12/2016.

If you are reading this online, you can also subscribe to the email version.

This is the last policy update in 2016. Updates will be back in January 2017 after a short Christmas break.

ORG’s work

• We have been busy analysing the leaked e-Privacy Regulation this week. You can read ORG's first take on the leaked regulation here.
• ORG has been doing more work on the DEBill. We have been looking particularly into the blocking of ancillary service providers. Jim Killock explored the issue in a blog.

Local groups news:

• Come to a presentation on data-collection apps with ORG London on Wednesday 21 December. Academic Jennifer Pybus will be holding a presentation on a recent hack day she led, where her students created an app that showed how advertisers collected data.
• Join ORG Aberdeen on Thursday 29th December to discuss digital freedoms and explore the use of cryptographic tools. Take a smartphone or laptop and browse the web anonymously, learn about these technologies and chat about the reasons we need them.
• We now have a ORG Local Group in Leeds! Andy Dunn, the new Local Organiser, and a number of other Leeds supporters are planning to put on a number of privacy workshops for local campaign groups in the coming months.

Get involved with your ORG Local Group! Local Groups are at the heart of our campaigns. They are welcoming communities of ORG supporters in towns and cities across the UK.

Parliament

DEBill

The Digital Economy Bill’s Second Reading in the House of Lords took place on 13 December. Lords discussed their general corners with the Bill.

The full transcript of the debate is available here.

More in-depth discussions will follow in the Committee. The Bill is likely to enter the Committee stage in January, however, the date has not been set yet.

ORG prepared a briefing prior to the debate outlining issues that need to be improved. These relate to:

• Age verification and lack of privacy safeguards
• Web blocking of legal material
• Online copyright infringement
• Data sharing

Age verification and web blocking

Several Lords were concerned with age verification and protection of children during the debate. The vast majority of the Lords concerned by the issue wanted to get more clarification on the enforcement of age verification. Only a small number of Peers raised the issue of privacy related to age-verification systems.

The debate also clarified that ancillary services providing pornography publishers with their service will now include social media sites such as Twitter. This could include any platforms where an account is used to promote a pornographic website. The announced regulator, the British Board of Film Classification, will be able to block specific accounts only if they previously decided to sanction the website for non-compliance.

Jim Killock explores blocking of ancillary providers in more detail here.

ORG's concerns regarding online copyright infringement and the lack of thresholds for sentencing have not been mentioned at all. Data sharing issues, as outlined in the ORG’s briefing, did not appear to gather much prominence in the discussion either. The Committee debate is expected to focus on these issues in more detail.

IPAct

Court judgments, that will likely force parts of the Investigatory Powers Act to be revised and debated further, are due to be given next week on 21 December.

Make sure to follow ORG on Twitter to get the latest updates.

Discussion of EU data protection rules

Daniel Zeichner secured a debate in the House of Commons on the implementation of the European Union data protection rules. Zeichner raised several issues regarding the data protection regulation after the UK exits the EU.

He pointed out that despite the Minister previously clarifying that the Government intends to implement the EU General Data Protection Regulation, after Brexit, Data Protection Act 1998 will be the primary data protection regulation in the UK because the GDPR will not apply to the member states until 25 May 2018.

Furthermore, he pointed out that both Digital Economy Bill and Investigatory Powers Act make little mention to how they would adhere to the GDPR.

Matthew Hancock MP responded that the Government has continuously been making steps to implement the GDPR. He explained that DEBill and IPAct do not refer to the GDPR because it is not possible to mention legislation that is not yet in force.

Question on digital technology

Louise Haigh asked the mInister for the Cabinet Office to list ongoing and planned digital transformation projects.

Ben Gummer MP responded that the Cabinet Office is running these programmes:

• Individual Electoral Registration Digital Service
• GOV.UK Verify
• the Government as a Platform programme

The Government Digital Service is currently developing:

• GOV.UK Pay
• GOV.UK Notify

Question on the National Cyber Security Centre

Chi Onwurah MP asked the Minister for the Cabinet Office, what progress has been made on incorporation of the Cyber Information Sharing Partnership (CiSP) into the remit of the National Cyber Security Centre.

Ben Gummer MP responded that the CiSP was taken over by NCSC on 1 October 2016. The Partnership underwent rebranding and adopted NCSC logo and graphics.

Question on Internet security

Chi Onwurah MP asked the Secretary of State for Culture, Media and Sport, what steps is the Department taking to encourage secure web programming among web developers, vendors and site administrators.

Matthew Hancock MP responded that all Further Education digital courses have a mandatory cyber security component and Computing Science degrees accredited by the British Computer Society must include comprehensive teaching on cyber security.

Question on disclosure of information

Lyn Brown MP asked the Secretary of State for Education, if the Department will work on a policy to make anonymised ward level data on post-16 student work, education and training destinations open data and available through the data.gov.uk website.

Edward Timpson MP responded that the Department is currently exploring the ways to utilise the collected data on education, training and employment outcomes. However, they have no plans to publish this data from local authorities at ward level as it is unlikely to lead to meaningful results for comparison between wards.

Question on Deepmind

Chi Onwurah MP asked the Secretary of State for Health, what discussions Ministers and Department Officials have had with the Royal Free Hospital on its new Streams app.

Nicola Blackwood MP responded that no conversation took place between the Department and the Royal Free Hospital.

Other national developments

DfE-Home Office agreement on sharing pupils’ nationality

The Department for Education (DfE) had an agreement in place to share pupils’ nationality data with the Home Office for immigration purposes. The documents confirming the official agreement were revealed in a freedom of information request. The documents show that the policy was scrapped and bulk information on pupils’ nationality will not be shared.

Nationality data was added to the data sharing agreement between the two departments last year. The documents obtained by Schools Week show that it was not removed until 7 October 2016.

The then-Home Secretary Theresa May wanted teachers to find out information about their pupils’ nationality and birth country. The Home Office is not able to request this information anymore, however they can still request data on pupils’ home or school address on suspicion of an immigration offence, if the Home Office believes there is a significant risk to the child or parent or national security cases.

Europe

Leaked e-Privacy Regulation

A draft of the E-Privacy Directive review was leaked to the public. The leaked version is supposedly still being discussed in the European Commission and should be finalised in January 2017.

The new e-Privacy Regulation will have an impact in the UK - the UK government made a commitment to keep UK data laws compatible with the EU to enable data flows and e-commerce.

The draft is concerned with the confidentiality of electronic communications data. The regulation provides safeguards against interfering with or monitoring electronic communications. It also establishes that metadata will be erased or made anonymous.

The new Regulation puts more emphasis on users’ consent and it is brought in line with the GDPR. It will change the current consent for cookies. Under the new rules, only websites using cookies for tracking purposes will require consent.

Furthermore, Article 7 requires removing of electronic communications metadata after they are no longer needed.

The draft Regulation does not only cover the traditional telcos, but places these rules on over-the-top (OTT) services such as WhatsApp, Skype or Facebook.

The proposal is due to be finalised in the Commission by the end of January 2017. It will then be amended by the European Parliament and the Council of Member States making it very likely that several areas of the final legislation will be different to this draft.

You can find a more detailed analysis by Javier Ruiz here.

Germany’s court ruling on copyright

A Hamburg Court ruled that publishing a link to material that infringes on copyright is a violation by a website operator. Julia Reda, Pirate Party MEP, considers this ruling to go beyond the previous judgments issued by the European Court of Justice (CJEU).

The CJEU previously ruled that posting hyperlinks to pirated copies of material is not illegal if it is done without knowledge of the copies being unauthorised, and posting is not carried out for financial gain.

The recent judgment stated that even though the link was not used to generate revenue directly, it still appeared on a commercial website that generates profit.

Publishers will have to check status of everything they link to if this judgment represents a pattern that other courts follow. This decision does not have a direct impact in the UK but British and other national courts may look to this decision when a similar case will appear before them.

ORG media coverage

See ORG Press Coverage for full details.

2016-12-09-IT Pro-Porn site xHamster protests Snooper's Charter a week too late

Author: Nicole Kobie

Summary: Jim Killock quoted on the IPBill being debated whilst the public, media and politicians were preoccupied by Brexit.

2016-12-12-Ars Technica-Commercial sites must check all their links for piracy, rules Hamburg court

Author: Glyn Moody

Summary: Jim Killock quoted on the German’s court’s decision on copyright that would require publishers to know the licensing status of everything they linked to.

2016-12-12-The Inquirer-What you missed in tech last week: Amazon Go, PowerShell malware, BlackBerry leak

Author: Carly Page

Summary: ORG mentioned in relation to the new Amazon Go concept of checkout-free shopping experience.

2016-12-12-Canadian Lawyer Mag-Not their finest hour: the U.K. surveillance law

Author: Lisa R Lifshitz

Summary: ORG mentioned in relation to the IPBill being a draconian legislation.

ORG Contact Details

Staff page

• Jim Killock, Executive Director
• Javier Ruiz, Policy
• Ed Johnson-Williams, Campaigns
• Pam Cowburn, Communications
• Lee Maguire, Tech
• Myles Jackman, Legal Director
• Charlie Tunmore, Supporter Officer
• Slavka Bielikova, Policy Officer