ORG policy update/2017-w43

This is ORG's Policy Update for the week beginning 23/10/2017.

If you are reading this online, you can also subscribe to the email version or unsubscribe.

ORG’s work

  • ORG started a petition against the Government’s proposals to criminalise repeated viewing of online terrorist propaganda and compelling internet companies to police their own networks. Sign the petition here!
  • Save the date for ORGCon 2017 - it will take place on Saturday 4 November at Friends House on Euston Road in London. We have a second smaller event planned on Sunday 5 November at Theater Delicatessen. This year is all about the Digital Fightback. Confirmed speakers include Graham Linehan, Noel Sharkey, Helen Lewis, Jamie Bartlett and Nanjira Sambuli. Tickets are on sale now!

Planned local group events:

  • Join ORG Birmingham for a Halloween social on 30 October. Fancy dress is encouraged! They will be organising some spooky games and activities before heading to a pub.
  • Next ORG Glasgow monthly meetup will be on 2 November. The local group will discuss new ideas for public events and presentations.
  • ORG Cambridge will have their monthly meetup on 7 November. Join them for a discussion on the current state of digital rights, what they have done in the past month, and what they are planning to do in the upcoming months.

Official meetings

  • Javier Ruiz attended a VIRT-EU advisory board meeting.
  • Javier Ruiz attended a roundtable meeting with the Cabinet Office to discuss the codes of practice for data sharing in the Digital Economy Act.

UK Parliament

Data Protection Bill will be in the HoL Committee on 30 November

Last week saw the Data Protection Bill 2017 (DPBill) read the second time in the House of Lords. The Bill will continue in the Committee next week (30 November) when Lords will discuss the Bill and amendments in more detail. The up-to-date list of submitted amendments can be found here.

The list includes amendments that would introduce Article 80(2) of the General Data Protection Regulation into to the DPBill. ORG has previously argued for the implementation of the Article in the DPBill. Our briefing has more details.

The article would allow independent privacy bodies to bring complaints on behalf of consumers without the need of a named data subject. This provision could be instrumental in investigating harmful data processing practices.

During the Second Reading, the implementation of Article 80(2) received cross-party support from a number of peers. Both Labour and Lib Dems tabled their amendments allowing for Article 80(2) protections in the DPBill.

The Labour amendment is, however, only for processing that applies to GDPR. This is a good start but it is necessary to get the same power for independent privacy bodies for processing that does not apply to GDPR. ORG intends to work closely with Peers to develop that language.

Lib Dems tabled an amendment proposed by ORG that would cover data processing outside of GDPR.

Other outstanding issues in the Bill that need to be addressed include:

  • Too wide exemption for processing of data for immigration purposes removes any obligation on the collector to provide information to the individual, before during, or after collection, or to abide by the seven data protection principles. The exemption also removes the right for the individual to request the information held about them from a data controller.
  • The lack of a “representative”. Originally, the EU’s General Data Protection Regulation covers the processing of personal data of EU data subjects by data controllers (companies) not established in the EU. In such circumstances, the EU requires companies who are based outside of the EU but wish to offer services to people in the EU to establish a representative in a Member State. Without a “representative” it will be impossible to enforce all rights and obligations on non-UK companies offering services to the people in the UK if something goes wrong.
  • One of the conditions for processing special categories of personal data is “substantial public interest”, however, the Bill does not include a definition of substantial public interest.
  • National Security Certificates - provisions in the Bill include even wider exemptions than those in the current Data Protection Act.
  • Unfettered powers for cross-border transfers of personal data by intelligence agencies without appropriate levels of protection.

An amendment has been tabled by Lib Dems already dealing with the omission of the representative in the UK and should be debated in one of the Committee sittings.

Other national developments

Epson delete competing eBay ink listings citing patent infringement

New reports from affected resellers show that compatible ink cartridges are being removed by Epson from eBay. The eBay’s Verified Rights Owner programme (VeRO) allows rightsholders to remove listings that they “believe may infringe on their intellectual property rights”.

Epson are alleging that certain compatible ink cartridges infringe their patents GB2433473 and amendment GB2465293. The alleged infringement concerns the alignment of chip contacts on their cartridges.

eBay do not appear to require an actual proof of infringement, for example, a decision of the court, but accept Epson’s word as a trusted company.

We are concerned that eBay is allowing rightsholders to easily claim infringement but resellers appear to be unable to assert the legality of their products and listings. It is also concerning that Epson opted to act against resellers and did not contact the manufacturers first.

It is unclear if there is any merit to the Epson’s claim that these compatible cartridges infringe their patents but using patents in this way would undermine the legal regime that protects the production of compatible products such as ink cartridges.

For more information or to get in touch read our blog.


ePrivacy report has been passed by the European Parliament

Last week, the European Parliament’s Committee for Civil Liberties (LIBE) voted on a revised ePrivacy proposal which included new privacy-enhancing amendments. The LIBE’s report was voted on in the Parliament's Plenary by all MEPs.

It is important the revised ePrivacy rules maintain at the minimum the same level of protection that is offered to the EU citizens by the General Data Protection Regulation. The ePrivacy is a specialised legislation which complements the more general GDPR legislation. This means that when the two regulations contain rules for the same situation, the ePrivacy rules should take precedence. If the levels of protection provided by the two legislations differ, the ePrivacy is likely to end up in front of the European Court of Justice which could invalidate the rules.

European Parliament (EP) also decided on a proposal to confirm (or not) the Parliament’s mandate to negotiate the e-Privacy Regulation with the Council of the European Union. The MEPs supported the mandate for trilogues on ePrivacy and endorsed citizens rights: 318 for, 280 against and 18 abstentions.

The date for negotiations with the Council is yet to be confirmed.

Questions in the UK Parliament

Question on data protection

Chris Stephens asked the Chancellor of the Exchequer, what work the Department has been undertaking in respect of the General Data Protection Regulation.

Mel Stride MP responded that the HMRC has a project underway on business readiness for the GDPR. The Department has appointed a Data Protection Officer.

Question on data privacy legislation

Stephen Timms asked the Minister for the Cabinet Office, what assessment they have made of the effect on UK data privacy legislation of not incorporating into UK law Article 8 of the EU Charter of Fundamental Rights.

Caroline Nokes MP responded that the removal of the Charter from UK law should not affect the substantive rights that individuals already benefit from in the UK when their data are processed. Individuals will benefit from the rights set out in the Data Protection Bill and the General Data Protection Regulation.

Question on the US surveillance

Lord Laird asked the Government what steps they have taken in relation to the surveillance of European citizens’ data through the US Prism programme.

Baroness Williams of Trafford responded that Parliament has enacted the Investigatory Powers Act 2016 which completely overhauls and updates the legal regime, safeguards and oversight which govern the intelligence agencies’ use of surveillance powers.

Question on the EU Charter of Fundamental Rights

Tom Brake asked the Secretary of State for Exiting the European Union if they will publish the assessment undertaken by his Department into the areas in EU law which will comprise the Charter of Fundamental Rights.

Robin Walker MP responded that the Department has no plans to publish such an assessment.

Question on pupils’ personal records

Mike Kane MP asked the Secretary of State for Education, how many pupils' data has been (a) requested by and (b) given to the Home Office under the data sharing agreement with her Department for purposes including immigration enforcement in each month in 2017.

Kane further asked when the Department plans to publish the data sharing agreement with the Home Office regarding monthly transfers of national pupil data for purposes of immigration enforcement.

Nick Gibb responded that the Department does not currently routinely publish all underlying data sharing agreements. Where interested parties have specifically requested access to data shares (e.g. under Freedom of Information) they have been provided with the Memorandum of Understanding in place with the Home Office. The Department will be publishing a full overview of all routine personal level data sharing, including the Home Office data sharing in December.

ORG media coverage

See ORG Press Coverage for full details.

2017-10-19-Lexology-House of Lords publishes briefing on Data Protection Bill
Author: Cynthia O’Donoghue & Kirill Albrecht
Summary: ORG mentioned in relation to the Data Protection Bill 2017.
Topics: Data protection
2017-10-23-Newsweek-FBI Chief Says Encryption Is ‘Huge Problem’
Author: Anthony Cuthbertson
Summary: Jim Killock quoted on backdoors being put into encrypted services would make millions of ordinary people less secure online.
Topics: Encryption
2017-10-24-Which? calls for a Data Protection Bill amendment
Author: Gareth Halfacree
Summary: Jim Killock quoted on the UK neglecting consumer protection in the General Data Protection Regulation by not adopting Article 80(2) in the Data Protection Bill 2017.
Topics: Data protection
2017-10-24-IT Pro-Why this missing piece of the UK's Data Protection Bill 'threatens consumer rights'
Author: Dale Walker
Summary: Jim Killock quoted on the UK neglecting consumer protection in the General Data Protection Regulation by not adopting Article 80(2) in the Data Protection Bill 2017.
Topics: Data protection
2017-10-25-The Inquirer-Epson orders resellers to stop selling third-party ink on eBay in patent row
Author: Chris Merriman
Summary: ORG quoted on Epson requesting removal of compatible ink cartridge listings from eBay.
Topics: Copyright, Patent
2017-10-25-EFF-Epson is Using its eBay "Trusted Status" to Make Competing Ink Sellers Vanish
Author: Cory Doctorow
Summary: ORG quoted on Epson requesting removal of compatible ink cartridge listings from eBay.
Topics: Copyright, Patent
2017-10-26-Newsclick-Police Follows Hollywood: Pre-Crime Has Become a Reality
Author: Surangya Kaur
Summary: Jim Killock quoted on pre-crime detection systems fail to meet any test of proportionality and threaten privacy rights.
Topics: Surveillance
2017-10-27-The Real News-British Government Wants to Criminalize Web Use
Author: Aaron Maté
Summary: Interview with Jim Killock on new Government initiatives to censor the Internet.
Topics: Online censorship

ORG Contact Details

Staff page