ORG policy update/2017-w45

This is ORG's Policy Update for the week beginning 06/11/2017.

If you are reading this online, you can also subscribe to the email version or unsubscribe.

ORG’s work

Planned local group events:

  • Join ORG Birmingham on Monday 20 November to learn more about internet filtering in the UK and how you can use the Blocked! tool to help fight the overblocking of websites.
  • ORG Edinburhgh is organising a social with ORG’s Policy Director Javier Ruiz on Tuesday 21 November. Join them to discuss some of the work he is leading on, catch up on other areas of work, and discuss news and topics of interest.
  • Join ORG Cambridge on Tuesday 5 December for a monthly meetup. They will discuss the current state of digital rights, what they've done in the past month, and what they are planning to do in the upcoming months.
  • ORG Glasgow will hold their monthly meetup on Thursday 7 December at the Electron Club. You will have an opportunity to discuss current affairs and topics of interest and to generate new ideas for public events and presentations.

Official meetings

  • Jim Killock attended a hearing at the European Court of Human Rights in Strasbourg regarding a case started in 2013 challenging the legality of top-secret mass surveillance programs revealed by Edward Snowden. You can watch the hearing here.
  • Matthew Rice attended a meeting with National Records Scotland today about the use of Administrative Data in the Scottish census.

UK Parliament

2nd DPBill debate in the HoL Committee

The Data Protection Bill (DPBill) was debated in the House of Lords during the second Committee sitting this week. The next Committee sitting is scheduled for Monday 13 November.

The full list of amendments to be debated next week can be found here.

Peers started the debate with this set of amendments.

The full transcript is available from here - 1, 2, 3.

This Committee sitting did not include a debate on the processing of data for immigration purposes and it is likely to be debated on Monday. The draft Bill removes any obligation on the collector to provide information to the individual, before during, or after collection, or to abide by the seven data protection principles. The exemption also removes the right for the individual to request the information held about them from a data controller. Amendments (pdf) have been tabled to address these issues.

Amendments regarding other issues raised by ORG, such as the implementation of Article 80(2) allowing independent privacy bodies represent data subject without naming them will be debated in some of the last Committee sittings at the end of the month.

At the moment, Labour and Lib Dems tabled their amendments that would implement Article 80(2).

While the Lib Dem amendment would cover both processing of data which applies under the General Data Protection Regulation and outside of it, the Labour amendment only covers the processing of personal data under the GDPR.

Other issues such as the missing “representative” of foreign companies in the UK will also be debated since an amendment correcting the issue has been tabled already.

Data protection amendment for the DEAct

Lord Lucas tabled an amendment relating to the processing of personal data under Part 3 of the Digital Economy Act 2017. Part 3 of the DEAct deals with online pornography and creates a requirement for a website with pornographic content to implement an age verification method. ORG has raised previously concerns about the lack of privacy safeguards in the DEAct and the lack of regulation of age verification providers.

The amendment submitted by Lord Lucas would amend the DEAct and deal with some of the privacy and data protection issues in it. The amendment allows the age verification regulator to publish a regulation relating to the processing of personal data instead of guidance. This change makes enforcement more straightforward and does not imply that good data protection practice is voluntary.

The amendment should be debated next week.

Other national developments

ECtHR hearing on mass surveillance by the GCHQ

A landmark case was heard this week at the European Court of Human Rights (ECtHR) in Strasbourg challenging the legality of mass surveillance programs revealed by Edward Snowden in 2013.

Three separate legal challenges brought by ORG and other organisations, including Amnesty International, Privacy International, the American Civil Liberties Union, Big Brother Watch, and the Irish Council for Civil Liberties, led to the hearing.

The case was heard by a panel of 10 judges. The case handles complaints related to violations of the European Convention on Human Rights (ECHR). The UK is bound by the decision of the ECtHR even after Brexit because it is not an EU court.

The human rights organisations argued that the British agencies (GCHQ) using the surveillance programs such as Tempora or PRISM violate four key rights protected under the convention: the right to privacy, the right to a fair trial, the right to freedom of expression, and the right not to be discriminated against.

The Government presented arguments to the court that using surveillance systems to collect and store communications is not itself a violation of privacy. They claimed that privacy is only violated when a human analyst reads or listens to individual messages or calls.

The 10 judges will have to assess whether the mass surveillance programs’ invasion of privacy is necessary, proportionate and in accordance with the law.

Judgment is expected to be delivered in six months time.

More on the case can be found out on the Privacy not Prism website.

International developments

Facebook asks for nudes to fight revenge porn

Facebook has revealed that they are piloting a new initiative in Australia to tackle revenge porn. They want their users to submit their nude photographs to Facebook so they could block them if they are posted by someone else.

Facebook users who are worried that their intimate, nude or sexual images will be published by someone else on the platform, can submit these pictures through the Messenger app. The pictures will then be “hashed” - converted into a unique digital fingerprint that can be used to identify and block any attempts to re-upload that same image.

The Australian pilot requires users to first fill in an online form through the e-safety commissioner’s website describing their concerns. Then they will be asked to send the images to themselves on Messenger and the e-safety commissioner notifies Facebook. Following the notification, an analyst will access the image and hash it.

The images are supposed to be stored for a short period of time before Facebook will be deleting them.

Hashing has also been used to stop images relating to child sexual exploitation or extremism. It is unlikely that the use of this technology will stop revenge porn altogether. Often, victims of revenge porn do not have access to images themselves but continue to be threatened by their publication. Likewise, images can be only linked to on Facebook instead of being published there directly.

Users who submit their images are also exposing themselves to a risk of security breaches and having their images leaked that way. It is also unclear how Facebook are processing and storing the images. Facebook should commit to the highest levels of transparency on how they process and store nude images to ensure their users of protecting their privacy.

Questions in the UK Parliament

Question on offensive online content

Alex Chalk MP asked the Secretary of State for Digital, Culture, Media and Sport, what steps the Government is taking to protect people from offensive and defamatory online broadcasting.

Matthew Hancock MP responded that online TV channels which are licensed by Ofcom must comply with rules in the Ofcom Broadcasting Code on harmful or offensive content. Video-on-demand services within UK jurisdiction are subject to higher level rules which focus on the harmful material.

More broadly, the Government intends to implement a range of options to counter internet harms in the Digital Charter.

Question on electronic surveillance

Lord Laird asked the Government, what steps they have taken to examine the legal status of Privacy Shield.

Lord Ashton of Hyde responded that any examination of the legal status of matters concerning the EU-US Privacy Shield would be a matter for the CJEU in the face of a legal challenge being brought against it by Max Schrems.

ORG media coverage

See ORG Press Coverage for full details.

2017-11-07-Sky News-UK pornographers fear age verification laws may harm business
Author: Alexander J. Martin
Summary: Myles Jackman quoted on age verification for porn websites being an enormous privacy risk to viewers.
Topics: Digital Economy Act 2017, Privacy
2017-11-07-The Guardian-UK intelligence agencies face surveillance claims in European court
Author: Owen Bowcott
Summary: ORG mentioned in relation to the ECtHR hearing of a joint case against mass surveillance.
Topics: Surveillance
2017-11-07-The Independent-Safeguards on Britain's mass spying programme 'clearly defective'
Author: Jon Stone
Summary: ORG mentioned in relation to the ECtHR hearing of a joint case against mass surveillance.
Topics: Surveillance
2017-11-07-The Inquirer-ECHR to weigh up lawfulness of UK's 'wide-ranging' surveillance powers
Author: Dave Neal
Summary: ORG mentioned in relation to the ECtHR hearing of a joint case against mass surveillance.
Topics: Surveillance
2017-11-08-Dazed Digital-Facebook wants your nudes to tackle revenge porn
Author: Anna Cafolla
Summary: Myles Jackman quoted on the Facebook’s initiative to tackle revenge porn being riven with privacy and security risks.
Topics:Online censorship, data protection
2017-11-08-The Sun-PORN FEARS Soon you’ll have to enter personal details to watch porn and it could open you up to blackmail, legal expert claims
Author: Margi Murphy
Summary: Myles Jackman quoted on age verification for porn websites being an enormous privacy risk to viewers.
Topics: Digital Economy Act 2017, Privacy
2017-11-09-The Guardian-The Guardian view on data protection: privacy is not enough
Summary: ORG mentioned in relation to the implementation of Article 80(2) in the DPBill.
Topics: Data protection
2017-11-09-Mail on Sunday-Porn websites will soon force users to enter their personal details to prove their age - triggering fears of new blackmail risk
Author: Paddy Dinham
Summary: Myles Jackman quoted on age verification for porn websites being an enormous privacy risk to viewers.
Topics: Digital Economy Act 2017, Privacy

ORG Contact Details

Staff page