ORG policy update/2017-w04

This is ORG's Policy Update for the week beginning 23/01/2017.

If you are reading this online, you can also subscribe to the email version.

ORG’s work

• ORG have launched a petition to prevent President Trump from using the data collected by the UK intelligence agencies to strip away basic liberties. Don’t let Trump get his hands on our data, sign our petition now!
• We prepared a briefing on the Digital Economy Bill for the House of Lords before the Bill enters the Committee Stage on Tuesday 31 January. You can read it here.

Planned local group events:

• ORG Aberdeen is organising a Cryptonoise meeting on 26 January. Learn how you protect your rights in a digital world. You do not need to be a tech wizard to attend.
• ORG London will be heading to the Science Museum of 4 February to check out the free exhibition ‘Our Lives in Data’.
• ORG Cambridge is having their monthly meet up on 7 February to discuss the current state of digital rights, what they've done in the past month and what they are planning to do in the upcoming month.

Official meetings

• Jim Killock attended a briefing meeting with Labour Lords - Lord Stevenson, Lord Collins and Baroness Jones.

Parliament

DEBill

The Digital Economy Bill will enter the Committee stage in the House of Lords on Tuesday 31 January. It will continue being debated on 2, 6 and 8 February.

The list of amendments to be discussed in the Committee can be found here.

Only few of these amendments respond to our concerns. Another new worrying amendment was tabled by the Minister, Lord Ashton, on Internet Filtering. The amendment provides a legal cover for Internet service providers for their filtering, for child protection or other unspecified purposes. The amendment does not necessarily relate to pornographic materials.

The amendment allows ISPs to filter their content on the basis of their Terms and Conditions. This approach is a clear breach of EU Net Neutrality regulations. This would put OFCOM in a difficult position of enforcing contradictory legislation.

The DEBill has been scrutinised by two Select Committee - the Delegated Powers and Regulatory Reform Committee and the Committee on the Constitution. They published reports criticising provisions in the Bill on age verification and data sharing.

Summaries of their points can be accessed here:

• Delegated Powers and Regulatory Reform Committee Report on Parts 1-4
• Committee on the Constitution Report
• Delegated Powers and Regulatory Reform Committee Report on Parts 5-7 (blog by Javier Ruiz)

ORG’s briefing to Lords before the Committee

ORG provided a briefing to Lords before the Committee stage outlining our remaining concerns with the Bill.

Our briefing raised issues in these parts of the Bill:

• Age verification (Part 3)
• Web-blocking (Part 3)
• Online copyright infringement (Part 4)
• Data sharing (Part 5)
• Internet filtering (new clause)

You can access the full briefing here.

Question on security, law enforcement and criminal justice post Brexit

Joanna Cherry raised concerns over plans to share data with other countries following the UK’s exit from the European Union. Cherry pointed out that if the UK does not comply with EU law on data sharing and privacy protection, UK’s former partners will not be able to share information with us under the laws by which they are bound.

This would have an impact on the National Crime Agency, Europol and UK’s partnership with the Five Eye’s countries.

Bob Neill MP responded that it is unlikely that the Minister will share the mechanism by which the Prime Minister aims to achieve the Brexit objectives.

Question on CCTV and private property

Steve McCabe MP asked the Secretary of State for Culture, Media and Sport, whether the Department has issued guidance on privately owned and operated CCTV cameras overlooking neighbouring property.

Matthew Hancock MP responded that the Information Commissioner’s CCTV code of practice provides guidance on how to comply with the Data Protection Act 1998.

Question 1 on pupils’ personal records

Lord Storey asked the Government which departments have access to the National Pupil Database.

Lord Nash responded that the Department for Education only shares NPD data where there is a legal basis to do. The Government Departments with access to data extracts from the NPD database are: Home Office, Ministry of Justice, Cabinet Office, Department for Culture, Media and Sport, Department of Health, Department for Work and Pensions, Department for Communities and Local Government and Welsh Government.

Question 2 on pupils’ personal records

Lord Ouseley asked the Government whether schools are required to collect personal data about schoolchildren and pass these onto the Home Office, either directly or through the Department for Education. He further enquired for what purposes such data are collected and transferred.

Lord Nash responded that schools are required to collect and send pupils’ data to the Department for Education via the school census. The school census data is intended to provide a clear picture of how the school system is working.

He further explained that sensitive data held within the National Pupil Database is strictly controlled. This data is only given to the Home Office when there is clear evidence that a child may be at risk or there is evidence of criminal activity, including illegal immigration, limited data including a pupil’s address and school details may be requested from the National Pupil Database.

Question 3 on pupils’ personal records

Jim Cunningham MP asked the Secretary of State for Education, how many applications to extract information from the National Pupil Database were accepted in each of the last five years.

Nick Gibb MP responded that the applications accepted to extract information from the National Pupil Database over the past 5 years are as follows: 2012-328, 2013-311, 2014-380, 2015-396, 2016-380.

Question on terrorism and Internet

Lord Carlile asked the Government, how many Islamist websites suspected of involvement in terrorism were removed from the Internet in 2016 as a result of UK government intervention and policy initiatives.

Baroness Williams responded that since the Counter Terrorism Internet Referral Unit (CTIRU) was established in 2010, over 250,000 pieces of terrorist-related material have been removed.

Question on data protection of medical records

Lord Hunt asked the Government, whether an opt-out “from having their anonymised data used for the purposes of scientific research" still covers hospital episodes statistics.

Lord O’Shaughnessy responded that where a citizen has objected to the disclosure of personal confidential information by NHS Digital, their opt-out is being applied to personal confidential information.

However, data which are anonymised in accordance with the ICO’s Anonymisation Code of Practice are not confidential information. Where Hospital Episode Statistics data are released in a form compliant with the ICO’s code, the opt-outs are not applied.

Other national developments

Search for loopholes in the CJEU judgement on IPAact

It was reported this week that the Home Secretary Amber Rudd MP is actively seeking loopholes to avoid compliance with a ruling from the European Court of Justice (CJEU) on data retention from December 2016.

A case brought forward by Tom Watson MP (and initially David Davis MP), was supported by ORG, Privacy International and Liberty, over legality of bulk data collection. The judgment made it clear that generalised data retention is not acceptable. The judgment originally relates to the Data Retention and Investigatory Powers Act 2014 but the Act has been replaced by the Investigatory Powers Act. The IPAct provides much more intrusive provisions regarding Internet connection records and bulk personal datasets.

The UK High Court is currently in the process of deciding how the CJEU ruling will be interpreted in the IPAct. Reportedly, the Home Office

“is hoping that countries such as Belgium, France and Spain — all of which have suffered terror attacks or are concerned about being targeted — will be natural allies in the effort to find ways around the restrictions imposed by the Luxembourg court.”

ORG media coverage

See ORG Press Coverage for full details.

2016-01-19-Raconteur-Soon your internet history may be public

Author: Charles Orton-Jones

Summary: Jim Killock quoted on privacy concerns of the DEBill and IPAct.

2016-01-19-Business Insider-The open internet is under threat, according to a new report — and it needs your help

Author: Rob Price

Summary: ORG mentioned as one of the organisation advocating privacy and security on the Internet.

2016-01-20-Forbes-Trump Has Huge Powers To Spy On Brits - And They're Not Happy

Author: Emma Woollacott

Summary: Jim Killock quoted on a Trump presidency putting more pressure on the data sharing agreement with the UK.

2016-01-26-The Ferret-New figures prompt claims of ‘no confidence’ in Scots counter terror policy

Author: Ferret journalists

Summary: Pam Cowburn quoted on extremist content filters can easily perpetuate discrimination against students from certain backgrounds.

2016-01-26-Computer Weekly-Microsoft’s cloud privacy battle may go to US Supreme Court

Author: Warwick Ashford

Summary: ORG mentioned in connection with submitting an amicus brief in support of Microsoft’s challenge to the US government to block them from accessing Microsoft servers in Ireland.

ORG Contact Details

Staff page

• Jim Killock, Executive Director
• Javier Ruiz, Policy
• Ed Johnson-Williams, Campaigns
• Pam Cowburn, Communications
• Lee Maguire, Tech
• Myles Jackman, Legal Director
• Charlie Tunmore, Supporter Officer
• Slavka Bielikova, Policy Officer