ORG policy update/2017-w29

This is ORG's Policy Update for the week beginning 17/07/2017.

If you are reading this online, you can also subscribe to the email version or unsubscribe.

ORG’s work

Javier Ruiz ran workshops on social media regulation at the Digital-born Media Carnival, which took place 14-18 July in Kotor, Montenegro. The event was organised by the OSCE Mission to Serbia in partnership with the SHARE Foundation and the Ministry of Foreign Affairs of the Kingdom of the Netherlands.
ORG Scotland, together with medConfidential, submitted a response to the consultation launched by the Scottish Parliament's Health and Sport Committee regarding the NHS Scotland's Digital Strategy. You can read the response in full here.

Planned local group events:

Join ORG Birmingham for a workshop where we'll be offering free practical advice for replacing (or at least supplementing) Google services with independent services which do a better job of respecting your privacy and reduce your dependence on the internet giant. They will be meeting on 24 July.
Join ORG Cambridge on 1 August for their monthly meetup to discuss the current state of digital rights, what they've done in the past month, and what they are planning to do in the upcoming months.

Official meetings

Jim Killock and Pam Cowburn attended meetings with ISPA, BT and TalkTalk regarding the ORG’s project Blocked which provides a tool for people to check whether their website is being blocked by the main UK ISPs.

Parliament

Government has started implementing age verification

The Minister for Digital, Culture, Media and Sport, Matt Hancock, announced this week that they have started takings steps to implement the new age verification requirement for online pornography which was passed in the Digital Economy Act 2017.

Hancock said that the scheme, due to its complexity, will not be fully in place until April 2018. The Government brought into force powers to designate the regulator and powers to allow guidance to be issued.

The Digital Economy Act passed earlier this year, whilst issues around age verification regarding privacy and censorship have not been resolved. Despite several concerns from the Parliament’s Committees, the Government decided not to include requirements for age verification providers to incorporate privacy protections.

Neither the Act nor the Codes of Practice specify what type of age verification method can be used by websites. This can negatively impact the free and fair market for age verification. Such setup would make it possible for bigger pornographic website operators (e.g.MindGeek) to become dominant on the age verification market.

MindGeek, who owns PornHub, YouPorn and other brands, is developing their own age verification tool. Without any meaningful privacy safeguards, there is a risk they would use the data collected through age verification for profiling.

The age verification policy also allows for blocking of non-compliant websites without court orders.

You can find out more about the age verification clauses in the DEAct and remaining issues on our Wiki page.

Lords’ Committee calls for EU data adequacy agreement

The House of Lords EU Home Affairs Sub-Committee presented their report ‘Brexit: The EU data protection package’ earlier this week. In the report, the Committee warns that the UK will be at a competitive disadvantage if legal uncertainty prevents an unhindered flow of data with the EU Member States.

The Government previously stated that they plan to maintain uninterrupted data flows; however the Committee points out that there is an immense lack of detail on how the Government plans to deliver the outcome.

The Committee recommends that the most effective way to achieve it would be through an adequacy decision by the European Commission. The decision would confirm that the UK’s data protection rules are equivalent to the standard protection of the EU. The Peers believe that this would provide stability and certainty for businesses.

It is possible that the UK after leaving the EU will be held to higher data protection standards than a Member State. The European Commission takes into account a broader range of data protection regulations, including national security legislation, for adequacy decisions. Member states can use certain exemptions. The Committee recommends putting in place a transitional arrangement.

Peers also recognised that the EU-US Privacy Shield will not apply to the UK anymore.

”Because of EU rules for onward transfers, securing unhindered flows of data with the EU may require the UK also to demonstrate that it has put arrangements in place with the US that afford the same level of protection as the Privacy Shield and the Umbrella Agreement. As regards data-sharing for commercial purposes, we note the approach taken by Switzerland, which has secured both an adequacy decision from the EU and a mirror of the Privacy Shield agreement with the US.”

The Committee also recognised that national security could be put at risk if the Government fails to obtain an adequacy decision that would authorise data flow. Without an agreement, the UK would need to strike separate deals with individual police forces and intelligence services.

The EU General Data Protection Regulation will come into force in May 2018. The UK will be implementing it and the Government is currently deciding on which derogations they will include. The Government announced in the Queen’s Speech that they will introduce the Data Protection Bill later this year.

Europe

CJEU will decide on the “right to be forgotten”

The French highest administrative court referred the case involving Google and the scope of the application of the right to be forgotten to the European Court of Justice (CJEU).

The CJEU ruled earlier that people in the EU should be allowed to demand search engines remove links to content concerning themselves under certain circumstances, and taking into account the right of others to access information. The French case now seeks a decision on whether search engines should apply the right to be forgotten across all of their searches worldwide.

If the CJEU will rule that the right should not be applied globally, they will also have to determine how the right to be forgotten is to be applied in the EU. In any case, it will be difficult to enforce the ruling outside of the region.

UK Parliament questions

Question on sanctions for cyber attacks

Grahame Morris MP asked the Secretary of State for Foreign and Commonwealth Affairs, if the Government will push for a policy of sanctioning any state actors found to be involved in international cyber attacks in the United Nations.

Alan Duncan MP responded that the UK will consider all options available under international law in responding to cyber attacks by state actors. At the moment, the Government is working with the EU on a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activity. The framework will state the range of diplomatic, political and economic measures available to the EU and the Member States to combat state sanctioned cyber attacks.

Question on public awareness of online risks

Liz Saville-Roberts asked the Secretary of State for Digital, Culture, Media and Sport, what steps they are taking to educate the public of the potential dangers of posting their personal information online.

Matthew Hancock MP responded that a new curriculum was deployed in 2014 teaching pupils how to use technology safely and respectfully. The Government's National Cyber Security Strategy funds the Cyber Aware campaign which works to encourage the public to adopt more secure online behaviour.

Question on extremist propaganda

Greg Knight MP asked the Secretary of State for the Home Department, what the Department has been doing to tackle terrorist and extremist propaganda through social media, the Internet and other online sources.

Sarah Newton responded that the Government continues to work with technology companies to encourage them to be more proactive in tackling terrorist material on the Internet. Some of the largest Internet companies have set up the Global Internet Forum to Counter Terrorism in June 2017. The Government will continue to engage regularly with industry to ensure sustained positive impact in tackling propaganda.

Question on cybercrime

Nick Thomas-Symonds asked the Secretary of State for the Home Department, what steps they have been taking to help the public to protect themselves against the threat of cyber crime.

Ben Wallace MP responded that additionally to the Cyber Aware campaign funded by the National Cyber Security Strategy, the National Cyber Security Centre are also developing a series of Active Cyber Defence measures, to be implemented by the industry that will block, disrupt and neutralise malicious cyber activity before it reaches users.

Question on the Data Ethics Commission

Greg Knight MP asked the Secretary of State for Digital, Culture, Media and Sport, what plans the Department has to set up a Data Ethics Commission.

Matthew Hancock MP responded that the Government is considering the British Academy and Royal Society’s report on the issue at the moment.

Question on the National Cyber Security Centre

Nick Thomas-Symonds asked the Minister for the Cabinet Office, if they will ensure that the activity and work of the National Cyber Security Center is regularly reviewed and whether they plan to measure the effectiveness of the NCSC.

Caroline Nokes responded that the NCSC reports quarterly to the Cyber and Government Security Directorate of the Cabinet Office on the delivery of its objectives against the National Cyber Security Strategy.

Question on cybercrime and local police forces

Alex Norris MP asked the Secretary of State for the Home Department, what targets have been set for the local police forces to tackle cybercrime and how this will be funded.

Ben Wallace MP responded that the Home Office tries to not place unnecessary bureaucratic burdens on the police and for that reason scrapped the central targets. The Strategic Policing Requirement provides a framework for consistent, collective decision making by forces, but leaves the specifics of how this should be achieved to Chief Constable.

Question on social media and children

Chris Elmore asked the Secretary of State for Digital. Culture, Media and Sport, whether they plan to introduce regulation of access to social media by children.

Matthew Hancock MP responded that the forthcoming Data Protection Bill will introduce a set of new rights. This will include consideration of where to set the age at which children can consent to their data being processed on social media sites.

Question on electronic surveillance of persons under 17

Liz Saville-Roberts asked the Secretary of State for Digital, Culture, Media and Sport, what is the Government’s policy on permitting monitoring of a digital device registered to a person aged 17 or less for the purposes of obtaining information about a third person in England and Wales.

Matthew Hancock MP responded that both individuals and organisations monitoring devices registered to persons aged 17 and under must comply with the Data Protection Act’s eight data protection principles.

Question on the EC Directive

Patricia Gibson asked the Secretary of State for Digital, Culture, Media and Sport, what the timetable is for the consultation on amending the Privacy and Electronic Communications Regulation 2003 to introduce director liability for breaches of that regulation.

Matthew Hancock MP responded that they intend to consult over the summer on making the necessary changes to the regulation. The Government intends to introduce the legislation by the end of the year.

ORG media coverage

See ORG Press Coverage for full details.

2017-07-12-Global Comment-The great British firewall: Author: Steve Shaw; Summary: ORG mentioned in relation to the 2013 research into opt-in filters.
2017-07-12-New Statesman-Hate buffering? Love porn? Please care about net neutrality: Author: Amelia Tait; Summary: ORG mentioned in relation to the DEAct’s provisions on online pornography having implications for freedom of expression.
2017-07-17-Alphr-Ashley Madison offers to pay £8.6 million to those exposed in the 2015 dating site hack: Author: Thomas McMullan; Summary: Jim Killock quoted on the hacking of private information about people’s sex lives having huge repercussions for those involved.
2017-07-17-The Sun-Illegally downloading films and TV from the internet could land you TEN YEARS in jail under tough new laws: Author: Guy Birchall; Summary: ORG mentioned in relation to our correspondence with the Intellectual Property Office and online copyright infringement offences in the DEAct.
2017-07-17-Wral-Britain to make porn sites check that users are at least 18: Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-17-The Guardian-Privacy campaigners criticise UK plan for age checks on porn websites: Author: Jamie Grierson; Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-17-The Independent-Porn Websites Could leak Viewing History Because of Government Age Check Plans, Experts Warn: Author: Andrew Griffin; Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-17-IT Pro-Mandatory age checks for UK porn sites to be unveiled today: Author: Thomas McMullan; Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-17-Free Press Series-Powers to enforce age checks by pornography sites a step closer: Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-17-Ars Technica-Porn fan? From next April you’ll have to prove your age with a credit card: Author: Kelly Fiveash; Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-17-Business Insider-The UK's new porn filter could lead to 'Ashley Madison'-style hacks: Author: Rob Price; Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-17-Mirror-Porn websites must introduce compulsory age checks for visitors by April 2018 or face huge fines: Author: Jeff Parsons; Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-18-Telegraph-UK porn websites told to introduce age checks amid warning that users' viewing history could be leaked online: Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-18-Scottish Legal News-Adult websites to introduce age checks by April 2018: Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-18-Reason-Want to Look at Online Porn? The U.K. Gov't Wants to Strip You of Your Privacy: Author: Scott Shackford; Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-18-Sky News-Academics doubt value of online porn age checks: Author: Alexander J Martin; Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-19-Express-PORN WARNING - Your web history could be LEAKED online thanks to new 18+ age checks: Author: Aaron Brown; Summary: Jim Killock quoted on the information collected by the age verification systems being vulnerable to Ashley-Madison style hacks.
2017-07-20-Bloomberg BusinessWeek-World Leaders Seek Broad Powers to Get Around Encryption: Author: Dune Lawrence; Summary: Jim Killock quoted on the Government organising an international consensus to make changes to encryption.

ORG Contact Details

Staff page