ORG policy update/2018-w16-17

This is ORG's Policy Update for the two week period beginning 16/04/2018.

If you are reading this online, you can also subscribe to the email version or unsubscribe.

ORG’s work

• Javier Ruiz and Myles Jackman have been invited to attend the House of Lords on 2 May 2018 to answer questions on proposals for internet governance and regulation.
• Ed Johnson-Williams has returned to ORG following a period of paternity leave, and we bid farewell to Caitlin Bishop, who worked for ORG for 6 months as our Campaigns and Communications Officer.

Official meetings

• Javier Ruiz attended the House of Lords to give evidence to the Select Committee on the European Union on the proposed UK-EU Security Treaty.
• The ORG Advisory Council met to discuss current and future plans and strategy for ORG.
• Myles Jackman appeared on Victoria Derbyshire to discuss age verification.
• Myles Jackman and Alex Haydock attended an event hosted by the Society for Computers and Law that discussed the use of evidence from IoT devices during legal proceedings.
• Jim Killock attended a meeting at Google about content takedown requests.
• Mike Morel and Alex Haydock attended and assisted with a variety of local group events on free speech, including: Leeds, Manchester, Edinburgh, Glasgow, Cambridge, and Bristol.
• Javier Ruiz gave a presentation at a workshop on Data Analytics in the Public Sector.
• Javier Ruiz attended a meeting at the University of Essex with IPCO staff.

UK Parliament

Data Protection Bill

The Data Protection Bill continues its way through the House of Commons this week, with the Bill's Report Stage yet to be announced.

The opposition amendment for the Immigration Exemption has support from the Labour, Lib Dem, and Green parties.

The Government currently hasn't conceded on Article 80(2), and suggest that a review is needed before they will consider implementing the power.

A rebel amendment was also tabled by Conservative back-bench MPs, and which also has some support from Labour MPs, was tabled to introduce controls on health data sharing - and to ensure that such data could not be shared with anyone other than the police.

Other national developments

BBFC Consultation on Age Verification

On the 23rd April 2018, the British Board of Film Classification (BBFC) closed their consultation on their age verification guidelines for online pornography. The consultation called for the public’s views on the guidance that the BBFC plan to issue to the providers of age verification tools.

Open Rights Group submitted a response and highlighted a number of issues with the proposed age verification system, and over 500 people used our online tool to submit their own responses.

We raised a number of points for the BBFC to consider:

• The aim of age verification is defined as being for the “protection of children”, however, under scrutiny, it is clear that the scheme will be unable to achieve this aim.
• This consultation indicates that the BBFC intend to consider material which ought to be out-of-scope for an age verification system, such as extreme pornography and child abuse material.
• The BBFC also indicate that they intend to consider the effectiveness of a response to a non-compliant person before issuing it, but do not indicate an intent to consider the proportionality of that response.
• The scheme as a whole lacks any specific and higher level of privacy protection, despite the existence of unique problems. In particular, any data breaches cannot be properly compensated for in terms of reputational, career and relationship consequences.
• The scheme risks infringing free expression rights by granting the BBFC web blocking powers.
• The ability of the BBFC to give notice to ancillary service providers creates legal uncertainty and incentivises disproportionate actions on non-UK persons.
• As a whole, the age verification scheme fails to understand the limitations faced by the BBFC in terms of regulating overseas providers in a fair and proportionate manner.

Our full response has been published here.

Judgment in Liberty's "People v Snooper's Charter" case

The High Court handed down judgment this week in the case of Liberty v Secretary of State for the Home Department. The judgment concerned Part 4 of the Investigatory Powers Act 2016 (IPA), which substantially reimplemented the powers from DRIPA into UK law.

The court confirmed that the current powers outlined in the IPA are incompatible with EU law on the same grounds as the decision given by the Court of Appeal in the case of Secretary of State for the Home Department v Watson & Others, namely the fact that:

• Access to retained data is not limited to the purposes of combating 'serious crime'; and
• Access to retained data is not subject to review by a court or independent body.

The Court provided the Government with a deadline of 1 November 2018 to ensure that the legislation was amended to comply with EU law. The general data retention regime of the IPA remains, as long as the Government can ensure that the law complies with the above requirements by November.

The Court declined to consider some of the grounds presented by Liberty in the case, as a result of a pending reference to the Court of Justice of the European Union in the case of Privacy International v Investigatory Powers Tribunal.

Fundamentally, the Court disagreed with the position that the data retention powers of the IPA amounted to "indiscriminate" or "mass" surveillance. They said: "we reject the Claimant’s contention that Part 4 of the 2016 Act is inconsistent with EU law because it provides for the general and indiscriminate retention of traffic and location data".

ORG media coverage

See ORG Press Coverage for full details.

2018-04-26-Digital Journal-Firm Announces New Solutions to Remove Arrest and Mugshot Records from the Web

Author: DeleteMyMugshot

Summary: Jim Killock quoted in a press release from a company who specialise in removing police mugshots from the internet.

Topics: Data protection

2018-04-23-The Guardian-Home Office data exemption sparks fears of further Windrush scandals

Author: Owen Bowcott

Summary: ORG litigation threats with Leigh Day and the3million against the Immigration Exemption mentioned in a story about the Windrush scandal.

Topics: Data protection

2018-04-18-Engadget-Our democracy is broken. Why can't technology fix it?

Author: Andrew Tarantola

Summary: ORG's 2014 publication about the dangers of electronic voting mentioned.

Topics: Electronic voting

2018-04-16-Digit-Scottish Government Gives Go-Ahead For E-Voting Pilot

Author: Dominique Adams

Summary: Matthew Rice quoted in a story about electronic voting trials.

Topics: Electronic voting

2018-04-13-BBC News-Google loses 'right to be forgotten' case

Author: BBC News

Summary: Jim Killock quoted in a story about the 'right to be forgotten'.

Topics: Data protection

2018-04-13-The Guardian-Google cases are a battle between right to privacy and right to know

Author: Jamie Grierson

Summary: Jim Killock quoted in a story about the 'right to be forgotten'.

Topics: Data protection

2018-04-13-The Telegraph-Criminals can claim 'right to be forgotten' following landmark Google case

Author: Olivia Rudgard

Summary: Jim Killock quoted in a story about the 'right to be forgotten'.

Topics: Data protection

ORG Staff Details

Staff Contact Page

• Jim Killock, Executive Director
• Javier Ruiz, Policy Director
• Martha Dark, Chief Operations Officer
• Matthew Rice, Scotland Director
• Myles Jackman, Legal Director
• Mike Morel, Campaign Manager
• Ed Johnson-Williams, Policy and Research Officer
• Slavka Bielikova, Policy Officer
• Alex Haydock, Legal Officer
• Lee Maguire, Tech