ORG policy update/2017-w46

This is ORG's Policy Update for the week beginning 13/11/2017.

If you are reading this online, you can also subscribe to the email version or unsubscribe.

ORG’s work

• ORG is running a petition against the Government’s proposals to criminalise repeated viewing of online terrorist propaganda and compelling internet companies to police their own networks. [ORG started a petition against the Government’s proposals to criminalise repeated viewing of online terrorist propaganda and compelling internet companies to police their own networks. Sign the petition here!
• In case you couldn’t come to ORGCon, you can now watch the talks online! Have a look at our YouTube channel.

Planned local group events:

• Join ORG Birmingham on Monday 20 November to learn more about internet filtering in the UK and how you can use the Blocked! tool to help fight the overblocking of websites.
• ORG Edinburhgh is organising a social with ORG’s Policy Director Javier Ruiz on Tuesday 21 November. Join them to discuss some of the work he is leading on, catch up on other areas of work, and discuss news and topics of interest.
• Join ORG Cambridge on Tuesday 5 December for a monthly meetup. They will discuss the current state of digital rights, what they've done in the past month, and what they are planning to do in the upcoming months.
• ORG Glasgow will hold their monthly meetup on Thursday 7 December at the Electron Club. You will have an opportunity to discuss current affairs and topics of interest and to generate new ideas for public events and presentations.

Official meetings

• Javier Ruiz attended an event on the Current issues in SDO decision-making for the Internet in Parliament.

UK Parliament

DPBill debate in the HoL Committee continues

The Data Protection Bill (DPBill) was debated in the House of Lords again this week during two sittings. The next Committee sittings are scheduled for Monday 20 November and Wednesday 22 November.

The full list of amendments to be debated next week can be found here.

The debate this week started with Lords debating these sets of amendments 1 & 2.

The full transcript is available from here:

• 13 November-

1, 2, 3

• 15 November

This Committee debated an amendment tabled by Lord Lucas relating to the processing of personal data under Part 3 of the Digital Economy Act 2017 (DEAct). ORG has raised previously concerns about the lack of privacy safeguards in the DEAct and the lack of regulation of age verification providers under Part 3.

Lord Stevenson (Labour) pointed out that implementing this amendment would require resolution of many intricacies. He asked the Minister, Lord Ashton of Hyde to clarify the situation on age verification in the DEAct and provide information on the guidance to be issued by the Secretary of State regarding privacy safeguards. The amendment was withdrawn and can still be brought for discussion at later stages.

An amendment that would remove exemption on the processing of data for immigration purposes has gathered a cross-party support during the debate. Baroness Williams of Trafford stated that this provision is a necessary and proportionate measure to protect the integrity of the immigration system. She will provide further information in writing on the application of the clause in practice.

Amendments on the implementation of Article 80(2) allowing independent privacy bodies represent data subject without naming them will likely be debated during the Committee sittings next week.

At the moment, Labour and Lib Dems tabled their amendments that would implement Article 80(2).

Both amendments are supported by Lib Dems and Labour, however Amendment 184 would cover both processing of data which applies under the General Data Protection Regulation and outside of it, but amendment 185 only covers the processing of data under the GDPR.

DPBill scrutiny by the Joint Committee on Human Rights

The Joint Committee on Human Rights is scrutinising the DPBill. The Committee is taking written evidence. You can submit your contribution here.

Other national developments

Consultation on draft codes of practice for RIPA

The Home Office published a consultation of revised codes of practice of the Regulation of Investigatory Powers Act 2000. The consultation relates to Parts 2 and 3 of RIPA.

These codes set out the processes and safeguards governing the use of investigatory powers by public authorities, including the police and security and intelligence agencies. The consultation seeks representation on their revised draft.

The consultation closes on 28 December at 11:45 pm.

Europe

Schrems cannot rely on his consumer status for a class action

The Advocate General Michal Bobek gave his opinion in a case brought forward by Max Schrems against Facebook. Schrems started a legal action against Facebook following Snowden’s revelations of the US surveillance programs.

It became apparent that data transferred by Facebook from their base in Ireland to the US does not have adequate protections in both countries. As a result, the Safe Harbour data sharing agreement was invalidated and replaced by Privacy Shield.

In the current case, Schrems seeks to represent 25,000 of Facebook users in a collective (class) action in an Austrian court demanding 500 euros per person in damages.

The opinion by the Advocate General Bobek says that Schrems can rely on his consumer status to sue Facebook Ireland before the Austrian Courts; however, he

”cannot rely on his consumer status with respect to claims assigned to him by other consumers.”

Opinions of advocate general are not binding for the European Court of Justice (CJEU) but are predominantly followed by the Court. If the court makes a decision in line with the opinion, it is likely that individual privacy suits against Facebook will not be brought forward due to high court costs. However, Schrems would still be able to set a precedent.

Questions in the UK Parliament

Question on Internet and Terrorism

Jim Shannon asked the Secretary of State for Digital, Culture, Media and Sport, what steps they are taking to prevent online subscription to websites with Islamic extremist content.

Matthew Hancock MP responded that they are closely working with industry to encourage companies to develop innovative solutions to tackle online radicalisation. The Department is also setting up a new Commission for Countering Extremism to identify whether more powers are needed.

Question on pupils’ personal records

Darren Jones asked the Secretary of State for Education, what legal advice the Department has received on meeting data protection requirements for data held on the national pupil database that relates to former pupils with whom schools have no contact.

Nick Gibb responded that the Department seeks advice as necessary.

Question on intellectual property

Ben Lake MP asked the Secretary of State for Business, Energy and Industrial Strategy, what representations they have had from the Design, Trade Marks and Brands sectors on the future of the UK’s relationship with the Intellectual Property Office and the EU Intellectual Property Office after Brexit.

Jo Johnson MP responded that they have held extensive discussions with representatives from across the various IP sectors. The future relationship is a matter for negotiation with the EU. In the meantime, the UK will continue to fulfil their obligations under the WIPO Treaties.

Question on patents

Barry Gardiner MP asked the Secretary of State for Business, Energy and Industrial Strategy, whether the UK will participate in the European Unitary Patent and the EU Unified Patent Court after the UK leaves the EU.

Jo Johnson MP responded that The Unified Patent Court (UPC) is an international court. It is not an EU court or an EU institution.

Question on data protection

Paul Blomfield MP asked the Secretary of State for Digital, Culture, Media and Sport, what support the Department is providing for small and medium-sized enterprises to prepare for the implementation of the Data Protection Bill and the General Data Protection Regulation.

Matthew Hancock MP responded that the Information Commissioner’s Office has various resources on their website. This month the ICO has launched a dedicated helpline service for SMEs and has updated its SME toolkit to reflect the requirements of GDPR.

Question on the NHS hack

Emily Thornberry MP asked the Secretary of State for Foreign and Commonwealth Affairs, what assessment they have made of the recent claim by the head of Microsoft that the Government of North Korea was responsible for the WannaCry cyber attack in May 2017.

Boris Johnson MP responded that various sources have attributed the WannaCry campaign to North Korean actors. The National Crime Agency and the National Cyber Security Centre are working with international law enforcement and industry partners to find those responsible.

Question on Internet safety

Lord Alton of Liverpool asked the Government, why the Government’s Internet Security Strategy Green Paper does not address the issue of definitions. Furthermore, he inquired why using the definition of violence against women from the Criminal Justice and Immigration Act 2008 in the Digital Economy Act 2017 is not addressed in the Internet Safety Strategy Green Paper. Lord Ashton of Hyde responded that Part 3 of the Digital Economy Act (2017) requires the Secretary of State for Digital Culture, Media and Sport to produce a report on the effectiveness of age verification measures 12 months after the powers come into force. We will use this review to consider the wider impact and consult on the definitions used in this part of the Act.

ORG media coverage

See ORG Press Coverage for full details.

2017-11-10-Huffington Post-25 Million UK Porn Viewers At Risk Of Their Sexual Preferences Being Leaked

Author: Myles Jackman

Summary: Op-ed by Myles Jackman on age verification and privacy threats.

Topics: Privacy, Data protection, Digital Economy Act 2017

2017-11-14-The Register-Privacy Pass protocol promises private perusing

Author: Rebecca Hill

Summary: Jim Killock quoted on methods to remove cookie tracking being a great idea.

Topics: Privacy

2017-11-15-Business Insider-Two UK supermarkets are trialling facial recognition at the checkout so you can buy alcohol faster

Author: Shona Ghosh

Summary: Jim Killock quoted on the use of biometrics for everyday security being a worrying trend.

Topics: Biometrics

ORG Contact Details

Staff page

• Jim Killock, Executive Director
• Javier Ruiz, Policy
• Ed Johnson-Williams, Campaigns
• Lee Maguire, Tech
• Myles Jackman, Legal Director
• Matthew Rice, Scotland Director
• Slavka Bielikova, Policy Officer
• Mike Morel, Campaigner
• Caitlin Bishop, Campaigns Communication Officer