ORG policy update/2017-w44

This is ORG's Policy Update for the week beginning 30/10/2017.

If you are reading this online, you can also subscribe to the email version or unsubscribe.

ORG’s work

  • ORG is running a petition against the Government’s proposals to criminalise repeated viewing of online terrorist propaganda and compelling internet companies to police their own networks. Sign the petition here!
  • Join us for ORGCon 2017 this weekend - Saturday 4 November at Friends House on Euston Road in London and Sunday 5 November at Theater Delicatessen in Liverpool Street. This year is all about the Digital Fightback. Speakers include Graham Linehan, Noel Sharkey, Helen Lewis, Jamie Bartlett and Nanjira Sambuli. You can buy the tickets here or on the door. We are looking forward to seeing you there!

Planned local group events:

  • ORG Cambridge will have their monthly meetup on 7 November. Join them for a discussion on the current state of digital rights, what they have done in the past month, and what they are planning to do in the upcoming months.

Official meetings

  • Jim Killock and Myles Jackman attended a roundtable on age verification.
  • Javier Ruiz gave evidence to the Parliament’s Committee on Artificial Intelligence on 1 November. You can watch the session here.

UK Parliament

First DPBill debate in the HoL Committee

The Data Protection Bill (DPBill) was debated in the Committee in the House of Lords for the first time this week. The Committee will have six sittings in total and the next one is scheduled for 6 November.

Peers debated the first set of amendments (pdf) and predominantly focused on the impact of Brexit on the Bill. The full transcript is available from here - 1, 2, 3, 4.

Labour and Lib Dem amendments implementing Article 80(2) allowing independent privacy bodies bring complaints on behalf of consumers without the need of a named data subject are likely to be debated in one of the last sessions.

While the Lib Dem amendment would cover both processing of data which applies under the General Data Protection Regulation and outside of it, the Labour amendment only covers the processing of data under the GDPR.

The next Committee session will see the provisions on processing of data for immigration purposes debated. The draft Bill removes any obligation on the collector to provide information to the individual, before during, or after collection, or to abide by the seven data protection principles. The exemption also removes the right for the individual to request the information held about them from a data controller. Amendments (pdf) have been tabled to address these issues.

Clause 15, which would allow the Secretary of State to pass regulations to create new legal bases for sharing personal data about citizens, is likely to be debated too. This fly's in the face of the debates on data sharing during the passage of the Digital Economy Act, and appears to bring back the "information sharing orders" from Labour's Coroners and Justice Bill.

Other issues such as the missing “representative” of foreign companies in the UK will also be debated since an amendment correcting the issue has been tabled already.

Europe

European Parliament calls for protection of whistleblowers

The European Parliament adopted a resolution calling on the European Commission to propose legislation protecting whistleblowersin the European Union.

In the resolution, the European Parliament recognised the essential role that whistleblowers play in our society, as well as the need to protect them. The resolution has been adopted as a result of many EU Member States not offering protection to whistleblowers or the right to preserve their anonymity.


The resolution calls for the adoption of legitimate measures to protect whistleblowers acting in the public interest when disclosing the confidential information of companies and public bodies. It calls on the European Commission to propose an EU Directive by the end of 2017.

The text should grant a high level of protection to whistleblowers, as well as incentivise others to contribute to the fight for transparency and accountability.

The resolution contains a broad definition of “whistleblower”, referring to anybody who reports information in the public interest. It calls on the Commission to establish a system allowing them to expose wrongdoing either within the organisation or directly to the appropriate public authorities, non-governmental organisations or the media.

The Parliament also called for penalties and sanctions for retaliation against whistleblowers. Additionally, MEPs envisaged establishing independent bodies in Member States to advise potential whistleblowers on their legal situation and a similar body at the EU level.

Questions in the UK Parliament

Question on biometrics

Chi Onwurah MP asked the Secretary of State for Digital, Culture, Media and Sport, what guidance the Government has provided on the capture, manipulation and storage of facial images and associated data in facial recognition systems. Onwurah further enquired what regulations cover such capture, manipulation, and storage.

Matthew Hancock MP responded that the Information Commissioner is responsible for administering and enforcing information rights. It is also the Information Commissioner’s Office who issue guidance and advice to individuals and organisations.

Question on intellectual property

Ian Murray MP asked the Secretary of State for Business, Energy and Industrial Strategy, what actions the Department has taken to ensure that owners of registered and unregistered community design rights maintain that protection when the UK leaves the EU.

Jo Johnson MP responded that they are exploring various options and they are discussing them with users of the system to establish the best way forward.

Question pupils’ personal records

Darren Jones asked the Secretary of State for Education, what the criteria are for refusing current and former school pupils subject access requests for personal confidential data in the National Pupil Database. Jones further inquired what steps they are taking to ensure compliance with the General Data Protection Regulation.

Nick Gibb responded that under section 7 of the Data Protection Act 1998 (DPA), an individual has the right to ask an organisation to provide them with personal confidential information they hold which identifies them and, in certain circumstances, a parent can make such a request on behalf of a child.

The Department will review the policies and processes associated with Subject Access Requests.

Question on hate crime

Baroness Gale asked the Government, what work they are doing with industry to tackle hate crime and what measures are being developed to tackle such abuse. She further inquired when such measures will be implemented.

Lord Lee of Trafford responded that the Hate Crime Action Plan was launched in July 2016. This plan sets out a range of non-legislative responses including counter-narrative activity and collaborative work with the Internet industry to identify ways to reduce the harm caused by hate crime online.

The Department for Digital, Culture, Media and Sport are consulting on introducing a social media code of practice as part of the Internet Safety Strategy.

Question on protection of NHS data

Chris Green MP asked the Secretary of State for Health, what steps they are taking to improve the recording and sharing of NHS data to assist to improve care for patients and scientific research.

Jackie Doyle-Price MP responded that NHS England is working with NHS Digital to develop an information governance framework which will help health and social care organisations to clearly describe activities that require data, justify the legal basis underpinning any data sharing, and provide assurance around how the data will be protected.

ORG media coverage

See ORG Press Coverage for full details.

2017-10-26-Wirth Consulting-Epson Said to be Using eBay’s ‘Trusted Status’ to Have Ink Cartridges Removed from Sales Listings
Author: Kathleen Wirth
Summary: ORG quoted on Epson requesting removal of compatible ink cartridge listings from eBay.
2017-10-27-Gizmodo-The Met Police Won't Reveal In Depth Statistics About Online Extremist Takedowns
Author: Tom Pritchard
Summary: Jim Killock quoted on the Met Police refusing to reveal statistics on online takedowns being preposterous.
Topics: Online censorship
2017-10-29-Express-Personal details of 815,000 'vulnerable' Scots held on secret police databases
Author: Alison Preuss
Summary: Matthew Rice quoted on all the people on the database of vulnerable people having the right to request their removal from it.
Topics: Data Protection, Scotland
2017-10-30-The Inquirer-Assassin's Creed Origins is crippling gamers' CPUs due to anti-piracy DRM
Author: Carly Page
Summary: Jim Killock quoted on DRM making users’ lives a misery.
Topics: Copyright, Digital Rights Management
2017-10-30-The Register-Algorithms, Henry VIII powers, dodgy 1-man-firms: Reg strokes claw over Data Protection Bill
Author: Rebecca Hill
Summary: ORG’s briefing on DPBill quoted on the need to implement Article 80(2).
Topics: Data protection
2017-10-30-Gears of Biz-Algorithms, Henry VIII powers, dodgy 1-man-firms: Reg strokes claw over Data Protection Bill
Author: Helen Clark
Summary: ORG’s briefing on DPBill quoted on the need to implement Article 80(2).
Topics: Data protection
2017-11-01-The Register-Competition law could help solve data-slurping monopolies, peers told
Author: Rebecca Hill
Summary: Javier Ruiz quoted on the need for an independent regulator offering advice and help on artificial intelligence.
Topics: Artificial intelligence
2017-11-01-Computer Weekly-UK Data Protection Bill vs EU General Data Protection Regulation
Author: Peter Ray Alison
Summary: Matthew Rice quoted on the other EU Member States incorporating a provision on the need for foreign companies to set up a representative in the UK.
Topics: Data protection

ORG Contact Details

Staff page