ORG policy update/2017-w05

This is ORG's Policy Update for the week beginning 30/01/2017.

If you are reading this online, you can also subscribe to the email version.

ORG’s work

ORG launched a new campaign for (spoof) recruitment for millions of posts of Internet porn classifiers. Check out the job description and person specification. We even put together some interview tips for our applicants.
ORG have launched a petition to prevent President Trump from using the data collected by the UK intelligence agencies to strip away basic liberties. Don’t let Trump get his hands on our data, sign our petition now!

Planned local group events:

ORG London will be heading to the Science Museum of 4 February to check out the free exhibition ‘Our Lives in Data’.
ORG Cambridge is having their monthly meet up on 7 February to discuss the current state of digital rights, what they've done in the past month and what they are planning to do in the upcoming month.
Join ORG Birmingham on 22 February to look at how police are covertly using devices to indiscriminately intercept and hack up to 500 phones every minute.
ORG Aberdeen is organising a Cryptonoise meeting on 23 February. Learn how you protect your rights in a digital world. You do not need to be a tech wizard to attend.
Explore the issues surrounding data protection, surveillance and internet identity at the Still immersive theatre piece on 1-2 March.

Parliament

DEBill

The Digital Economy Bill entered the Committee stage in the House of Lords this week. The Committee started by debating broadband and digital infrastructure on 31 January and moved onto online pornography and copyright on 2 February.

All the amendments debated during the first two days can be found here.

Debate transcripts from both days can be found here:

31 January - 1, 2

2 February - 1, 2

Age verification

Peers across the House agreed that Part 3 -Online Pornography of the Bill was poorly thought-out and more should have been done in the House of Commons. For this reason, the Government was not able to answer some of the questions regarding age verification and powers of age-verification regulator. They repeatedly promised to provide more detail and new amendments to tackle issues of appeals and blocking during the Report stage.

The amendment that would improve privacy and anonymity of people subjected to age verification was deemed “unnecessary” by the Government Minister Lord Ashton. Aston explained that such arrangements are to be part of guidance issued by the age-verification regulator and that this amendment would duplicate the regulatory framework.

Note: Precisely this issue of lack of anonymity and non-statutory guidance issued by the age-verification regulator was criticised by the Delegated Powers and Regulatory Reform Committee and the Committee on Constitution in their reports regarding the DEBill. The Government is yet to publish their response to both reports.

Regarding the amendment that would introduce court orders into the process of ISP blocking, several Peers did not consider it an appropriate solution due to the burden it would put on the judicial system.

Baroness Jones outlined her position on ISP blocking in a blog here.

Copyright

Lord Stevenson (Labour) tabled an amendment that is supposed to reflect the digital nature of piracy. The amendment would change the current wording in the Bill using loss and a risk of loss to define online copyright infringement offences. The new wording of the clause supported by Labour resembles the current legislation - section 107 of the Copyright, Design and Patent Act 1988.

The amendment is based on “prejudicially affecting” the rightsholder. ORG criticised this approach to online copyright infringement offences elsewhere. Despite our criticism, Labour and Lib Dem Peers were in support of the amendment. The Government, however, did not consider the amendment necessary because criminal provisions are covered in other legislation already and there is no need to create new ones.

The Committee stage will continue on 6 and 8 February when more concerning copyright and data sharing provisions will be debated.

These will include a government amendment on Internet filters that allows ISP blocking access to online content for the purposes of child protection or any other purposes in accordance with the ISP's terms and conditions.This amendment lacks proper definitions of what materials can be filtered out and places ISPs into a regulatory position.

The Committee will also continue debating provisions regarding duties placed on search engines to minimise their contribution to copyright infringement. This can lead to unreasonable expectations of what search engines are capable of blocking out.

The Report stage is due to take place on 22 February.

Matt Hancock questioned on data protection

The EU Home Affairs Sub-Committee took evidence from the Minister for Digital and Culture Matthew Hancock MP on the EU General data Protection Regulation, Privacy Shield and the EU-US Umbrella Agreement.

The sub-committee enquired about safeguards in the GDPR that will protect people’s fundamental rights (including the right to privacy). The members were also interested to know about the default position for data flows between the UK and the EU since the UK will be treated as third country after Brexit takes place.

Hancock stated that the UK will be fully complying with the GDPR since the UK will still be in the EU when it will apply to member states in May 2018. He avoided providing more detail due to protecting the Government’s negotiating position.

The whole evidence session is available to watch here.

Question on the Information Commissioner’s Office

Louise Haigh MP asked the Secretary of State for Culture, Media and Sport, what estimates have been made of the number of complaints to the Information Commissioner on the sharing of sensitive personal data in each year since 2010.

Matthew Hancock MP responded that the data on complaints to the ICO can be found in the ICO’s annual reports.

Question on data protection and EU law

Baroness Hayter of Kentish Town asked the Government, whether the UK will seek to continue participation in the General Data Protection Regulation (GDPR) since data centres resident in the UK will not be subject to EU data protection rules after Brexit.

Lord Ashton responded that the GDPR will apply to EU member states from 25 May 2018. The Government fully expect to be still in the EU at that point, therefore the GDPR will apply in the UK from then.

Question on data protection and EU trade

Stephen Timms MP asked the Secretary of State for Culture, Media and Sport, what steps the Department is taking to secure a data adequacy decision for the UK from the EU.

Matthew Hancock MP responded that the UK is planning to apply the GDPR from May 2018.

Hancock added that the Government will work to ensure that data flows between the EU and the UK are uninterrupted. He stated it would be inappropriate to speculate as to what arrangements will be put in place since Brexit negotiations had not begun.

Other national developments

IPT judgment on the abuse of RIPA by Cleveland police

The Investigatory Powers Tribunal ruled that monitoring of journalists’ phones by Cleveland police was unlawful.

The police was trying to uncover the source of several leaks. They used the Regulation of Investigatory Powers Act (RIPA) to seize records of calls from journalists, a solicitor and police officers.

The judgment clearly stated that there was no legal basis for monitoring the records and that the scope of monitoring was excessive. The police launched the investigation to uncover the identity of a whistleblower who fed the Northern Echo an internal report on institutional racism within the force.

RIPA allows police to check data from phones where there is a reasonable chance of prosecution. In regards to this particular case, the tribunal found that the decision to access phones was made based on a subjective belief. The judgment further stated that the police failed to have considered that these actions were an infringement of the right of freedom of speech of the Northern Echo reporters.

Europe

Privacy Shield and Trump’s Executive Order

The Executive Order signed by Donald Trump last week denies those who are not US citizens certain rights under the Privacy Act of 1974. The executive order creates issues for data protection of EU citizens.

The order requires enhanced data sharing between Federal Agencies in the US. For this reason, it is unclear whether the Privacy Act of 1974 offers an adequate level of protection for transfers of personal data to the US.

Lack of privacy protections for EU nationals puts the EU-US data sharing deal Privacy Shield in a potential jeopardy. EU data protection laws allow transfers of EU citizens’ personal data only if the destination country meets certain basic conditions for data protection.

The recent executive order could mean that the US does not meet basic data protections anymore. However, the spokeswoman for the European Commission stated that the Privacy Shield does not rely on the protections under the Privacy Act.

You can find a more comprehensive analysis in a blog by Chris Pounder.

ORG media coverage

See ORG Press Coverage for full details.

2017-01-26-ABC News-What is social media's long-term impact on your life? As we document and share our lives, there are implications on the future many aren’t considering.: Author: Justin Boggs, Clint Davis, Alex Hider, and Eric Pfahler; Summary: Jim Killock quoted on social media companies covering lots of purposes for data collection to avoid finding themselves constrained in the future.
2017-01-26-CNS News-Despite UN Criticism, UK Bill Aimed at Protecting Children From Online Porn Advances: Author: Kevin McCandless; Summary: Jim Killock quoted on the age-verification proposals for website blocking being invariably used to censor also other than porn content.
2017-01-26-Alternet-British Companies Are Using a Tracking Device That Monitors Their Workers' Voices, Steps and Stress Levels: Author: Michael Arria; Summary: Pam Cowburn quoted on workplace tracking devices being part of a broader shift to a surveillance culture.
2017-01-30-Business Insider-The UK tech industry reacts to Trump's immigration ban: 'A very dark and worrying time': Author: Rob Price; Summary: Jim Killock quoted on calling on the UK government to limit raw data sharing with the US amidst the ban on Muslims entering the US.
2017-01-30-IT Pro-Travellers to US may be forced to hand over their web data: Author: Jane McCallion; Summary: Jim Killock quoted on Trump failing to uphold democratic values and making the world less safe as a consequence.
2017-01-30-New scientist-AI tracks your every move and tells your boss if you’re slacking: Author: Timothy Revell; Summary: Javier Ruiz quoted on people having the right to privacy against intrusive AI technology at workplace.
2017-01-31-Xbiz-Digital Economy Bill Spoof Campaign Debuts: Author: Rhett Pardon; Summary: ORG mentioned in connection to the spoof campaign for Internet censor recruitment.
2017-02-01-Gizmodo-Apply Now to be the Government's Official Porn Censor: Author: James O Malley; Summary: ORG mentioned in connection to the spoof campaign for Internet censor recruitment.
2017-02-01-The Inquirer-Open Rights Group spectacularly parodies UK attempts to herd online pornography: Author: Dave Neal; Summary: ORG mentioned in connection to the spoof campaign for Internet censor recruitment.
2017-02-01-The Register-UK.gov hiring folk to watch smutty vids? All hail our blind censors…: Author: Alexander J. Martin; Summary: ORG mentioned in connection to the spoof campaign for Internet censor recruitment.
2017-02-01-Mashable-This spoof government job involves watching porn all day: Author: Gianluca Mezzofiore; Summary: ORG mentioned in connection to the spoof campaign for Internet censor recruitment.

ORG Contact Details

Staff page