ORG policy update/2018-w21

This is ORG's Policy Update for the week beginning 21/05/2018.

If you are reading this online, you can also subscribe to the email version or unsubscribe.

ORG’s work

  • A huge thank you to everyone who has helped out so far by donating to our CrowdJustice fundraiser to help fight the Immigration Exemption in the Data Protection Act. Our fundraiser is still going and so far we have raised £24,000!
  • In preparation for our judicial review of the Immigration Exemption, ORG have submitted a chasing letter to the Government to follow our letter-before-claim, and have begun receiving letters of support from a number of other NGOs to submit along with our challenge.
  • In preparation for GDPR, ORG made some updates to our Privacy Policy and made the document easier to read. We'll continue to fight for stronger data protection law, and you can count on us to keep your data secure and protected. You can read our updated policy here.
  • Javier Ruiz attended the Data Justice 2018 Conference in Cardiff. Javier is in the advisory board of the DATAJUSTICE project, funded by the European Research Council. The project explores the meaning of social justice in an age of datafication.

Official meetings

  • Jim Killock met with Facebook to discuss CTIRU, and content takedowns on the platform.
  • Jim Killock, Javier Ruiz, Alex Haydock and Mike Morel met with Index on Censorship, Liberty, Big Brother Watch and Article 19 to discuss the Government's Digital Charter and future campaign plans.
  • Arjun Datta Majumdar met with Paul Wiles to discuss his experience as Biometrics Commissioner for England and Wales, and help with ongoing research into building oversight of Biometrics in Scotland.

UK Parliament

Data Protection Act 2018 receives Royal Assent

After the final back and forth debates between the House of Commons and the Lords, the Data Protection Act 2018 was passed and received Royal Assent on 23 May 2018. This was just in time for the General Data Protection Regulation (GDPR) to become directly applicable across the European Union on Friday 25 May 2018.

The Data Protection Act 2018 is part of a package that includes the GDPR and grants increased control for a user over their data. For instance, the new regime requires clearly given and informed consent from users for data processing: hence that inbox clogging that took place around the 23 and 24 May asking for your permission for companies to keep sending you emails.

Despite this increased control, there are some concerning aspects to the UK Government’s Data Protection 2018. The Act still contains the Immigration Exemption that removes most rights for individuals, for example to access their data, if it would prejudice “effective immigration control".

Open Rights Group and the3million, the campaigning organisation for residents from the EU living in the UK, have been calling for the removal of the immigration exemption throughout the Bill’s passage. The organisations intend to take the Government to court over the inclusion of the exemption in the Bill.

Other national developments

Science and Technology Committee publishes report on algorithmic ethics

As the Government continues to work on launching the Centre for Data Ethics & Innovation, the Science and Technology Committee have published a report which calls upon the new body to "examine algorithm biases and transparency tools, determine the scope for individuals to be able to challenge the results of all significant algorithmic decisions which affect them (such as mortgages and loans) and where appropriate to seek redress for the impacts of such decisions."

The report also calls for greater oversight of the private sector's application of algorithms to public sector datasets, and offers a number of further recommendations, suggesting that the Government should:

  • "Continue to make public sector datasets available for both 'big data' developers and algorithm developers through new 'data trusts', and make better use of its databases to improve public service delivery."
  • "Produce, maintain and publish a list of where algorithms are being used within Central Government, or are planned to be used, to aid transparency, and identify a ministerial champion with oversight of public sector algorithm use."
  • "Commission a review from the Crown Commercial Service which sets out a model for private/public sector involvement in developing algorithms."

The report can be downloaded and read from the Parliament.UK site here.

Government publishes Digital Economy Act Draft Codes of Practice

This week, the Government published a series of Draft Codes of Practice covering the sections of the Digital Economy Act 2017 that enable new powers for extensive data sharing in the public sector.

The guidance available covers:

  • draft regulations relating to the Public Service Delivery chapter
  • explanatory memorandum for the draft regulations
  • a Code of Practice on Public Service Delivery, Debt and Fraud
  • a Code of Practice for Civil Registration data, enabling access to Births, Deaths and Marriages across the public sector with very limited safeguards
  • a Code of Practice and accreditation criteria for access to data for research purposes
  • draft statement of principles and draft Code of Practice on the changes to data systems
  • explanatory material relating to the Codes of Practice and Statement of Principles

You can find the page with this guidance on GOV.UK here.

House of Lords Communications Committee publishes new evidence

The House of Lords Communications Committee is still in the process of publishing written evidence they have received as part of their Internet: to regulate or not to regulate? inquiry.

Among others, the Open Rights Group submitted evidence to the inquiry as well as giving oral evidence during earlier stages.

Evidence submissions which have been published so far can be found on the Parliament website here.

International developments

Mark Zuckerberg questioned by MEPs over Cambridge Analytica scandal

CEO of Facebook, Mark Zuckerberg, appeared before MEPs this week to answer questions about Cambridge Analytica, and how Facebook processes user data.

The format of the questioning suffered wide criticism after the session - including from Guy Verhofstadt, the European Parliament member from Belgium that is well known in Britain for his central role in the Brexit negotiations, who noted that of the six yes/no questions he had asked Zuckerberg, he had not received answers to any. MEPs asked questions at the beginning of the session in one large block, without Zuckerberg being expected to respond after each one. Zuckerberg then took time near the end of the session to respond to the questions he was able to address in the short time period available.

Some points from the discussion:

  • Zuckerberg apologised on behalf of Facebook and took responsibility for some of the issues the platform had faced over recent years, saying: “Whether it’s fake news, foreign interference in elections or developers misusing people’s information, we didn’t take a broad enough view of our responsibilities. That was a mistake, and I’m sorry.”
  • German MEP Manfred Weber said it was “time to discuss breaking Facebook’s monopoly”. Weber noted that the company owned a number of other services such as WhatsApp and Instagram, and suggeted that it already had “too much power in one hand”.
  • Zuckerberg answered a question explaining why Facebook keeps "shadow profiles" for users who do not actually have a registered account. He said: “It’s very important that we don’t have people who aren’t Facebook users coming to our service and trying to scrape the public data that’s available. So one of the ways that we do that is that with people who use our service even if they’re not signed in we need to understand how they are using the service to prevent bad activity.”

A full transcript of the session is expected to be published soon, and Facebook is expected to send follow-up answers to questions which were missed due to the format and limited time available during the session.

Questions in the UK Parliament

Question about web blocking for ISIS content

Lord Alton of Liverpool asked the Government "what action they are taking to block access to internet archive sites that disseminate material including ISIS bomb making manuals and videos of the execution of opponents and non-compliant members of minority communities."

Lord Alton also asked "what further action they intend to take in response to the call by Andrew Parker, Director-General of the British Security Service, to secure the support and cooperation of social media firms to combat the spread of ISIS ideology."

Baroness Williams of Trafford replied:

"The UK has been at the forefront of the battle against online terrorist material. We have worked closely with a variety of Communications Service Providers (CSPs), including archive sites, to improve their response to terrorist exploitation of their platforms. This has included helping to set up the Global Internet Forum to Counter Terrorism (GIFCT), an international, industry-led forum to prevent terrorist use of the internet.

We want to see the GIFCT leading the cross industry response to reduce the availability of terrorist content on the internet, so there are no safe places for terrorists online. This includes removing content within one hour of upload; securing the prevention of re-uploads; and ultimately preventing new content being made available to users in the first place. There is still more to be done in engaging smaller platforms, but we have made a good start.

Separately, on behalf of the Home Office, the Metropolitan Police produces a list of URLs of unlawful terrorist content that have not been removed by CSPs. This list is shared with filtering companies whose products are used across the public estate, such as schools, to establish appropriate levels of filtering, thereby limiting access to terrorist and extremist material.

ORG media coverage

See ORG Press Coverage for full details.

2018-05-23-International Observatory of Human Rights-Internet Privacy and Digital Rights
Author: International Observatory of Human Rights
Summary: Jim Killock in an extended 20-minute interview from IOHR covering ORG's work.
Topics: Data protectionCopyrightPrivacy
2018-05-23-CPO Magazine-Love Affair with Facial Recognition Software: What Are the Cybersecurity Risks?
Author: Ana Dascalescu
Summary: Jim Killock quoted in an article about the potential risks of facial recognition software.
Topics: Privacy
2018-05-23-Al Jazeera English (Live)
Author: Al Jazeera English
Summary: Jim Killock appeared live on Al Jazeera English to discuss Mark Zuckerberg's appearance in front of MEPs the preceding evening to be questioned over the Cambridge Analytica scandal.
Topics: Data protectionPrivacy
2018-05-21-PBS News Hour-How Europe’s new online privacy rules could benefit Americans
Author: Malcolm Brabant
Summary: Jim Killock appeared on PBS News Hour to discuss the potential benefits that GDPR may have for Americans.
Topics: Data protection

ORG Staff Details

Staff Contact Page