<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div id="container" class="container font-size5 content-width3">
<div id="reader-header" class="header" style="display: block;"
dir="ltr"><a moz-do-not-send="true"
href="https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2017-w48">https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2017-w48</a><br>
<h1 id="reader-title">ORG policy update/2017-w48<br>
</h1>
</div>
<hr>
<div class="content">
<div id="moz-reader-content" class="line-height4"
style="display: block;" dir="ltr">
<div id="readability-page-1" class="page">
<div id="bodyContent" class="entry-content">
<div id="mw-content-text" dir="ltr" class="mw-content-ltr"
lang="en">
<p>This is ORG's Policy Update for the week beginning
27/11/2017.
</p>
<p>If you are reading this online, you can also
subscribe to the <a rel="nofollow" class="external
text"
href="https://lists.openrightsgroup.org/listinfo/parliamentary.monitor">email
version or unsubscribe</a>.
</p>
<h2><span class="mw-headline" id="ORG.E2.80.99s_work">ORG’s
work</span></h2>
<ul>
<li>ORG have begun to prepare briefings for peers in
the House of Lords for the upcoming Report Stage of
the Data Protection Bill (see below).</li>
<li>ORG is running a petition against the Government’s
proposals to criminalise repeated viewing of online
terrorist propaganda and compelling internet
companies to police their own networks. <a
rel="nofollow" class="external text"
href="https://action.openrightsgroup.org/censorship-and-control-are-not-answer-extremism">Sign
the petition here!</a></li>
<li>In case you couldn’t come to ORGCon, you can now
watch the talks online! <a rel="nofollow"
class="external text"
href="https://www.youtube.com/watch?v=f6VTrBpE_kA&list=PLY9gENnF8uiXdeFQtEA-Ge0pd7DtAsx4T">Have
a look at our YouTube channel</a>.</li>
</ul>
<p>Planned local group events:
</p>
<ul>
<li>Join <a rel="nofollow" class="external text"
href="https://www.meetup.com/ORG-Cambridge/events/244927140/">ORG
Cambridge</a> on Tuesday 5 December for a monthly
meetup. They will discuss the current state of
digital rights, what they've done in the past month,
and what they are planning to do in the upcoming
months.</li>
<li><a rel="nofollow" class="external text"
href="https://www.meetup.com/ORG-Glasgow/events/244234443/">ORG
Glasgow</a> will hold their monthly meetup on
Thursday 7 December at the Electron Club. You will
have an opportunity to discuss current affairs and
topics of interest and to generate new ideas for
public events and presentations.</li>
<li><a rel="nofollow" class="external text"
href="https://www.meetup.com/ORG-Birmingham/events/244943786/">ORG
Birmingham</a> are hosting an introduction to the
Indieweb on Monday 11 December. Tired of Twitter?
Fed up with Facebook? Miss the variety and
quirkiness of the open web? Be the change you want
to see in the world by visiting their introduction
to the Indieweb!</li>
<li><a rel="nofollow" class="external text"
href="https://www.meetup.com/ORG-London/events/243071922/">ORG
London</a> are hosting a presentation on the
'Cryptobar' installation on Tuesday 12 December.
Cryptobar is a project aimed at spreading the word
about privacy (and privacy-enhacing technologies) in
an artistic and accessible way.</li>
</ul>
<h2><span class="mw-headline" id="Official_meetings">Official
meetings</span></h2>
<ul>
<li>Jim Killock, Myles Jackman and Alex Haydock met
with representatives from the Home Office to discuss
potential privacy issues in a proposed redesign of
the <a rel="nofollow" class="external text"
href="https://en.wikipedia.org/wiki/Police_National_Computer">Police
National Computer</a> and <a rel="nofollow"
class="external text"
href="https://en.wikipedia.org/wiki/Police_National_Database">Police
National Database</a>.</li>
<li>Slavka Bielikova gave <a rel="nofollow"
class="external text"
href="https://www.cilip.org.uk/?page=Privacyprogramme">a
presentation to CILIP</a> about Government and
corporate surveillance, and the potential impact to
librarians and library users.</li>
<li>Jim Killock, Myles Jackman and Javier Ruiz met
with Judicial Commissioners outlining civil society
views on their role in relation to the Investigatory
Powers Act. ORG presented on bulk surveillance
powers and internet connection records (ICRs) and
the filter. Other speakers (<a rel="nofollow"
class="external text" href="http://www.fipr.org/">FIPR</a>,
<a rel="nofollow" class="external text"
href="https://bigbrotherwatch.org.uk/">Big Brother
Watch</a>) dealt with topics such as equipment
interference.</li>
</ul>
<h2><span class="mw-headline" id="UK_Parliament">UK
Parliament</span></h2>
<h3><span class="mw-headline"
id="Data_Protection_Bill_continues_to_progress_through_Parliament">Data
Protection Bill continues to progress through
Parliament</span></h3>
<p>No further progress has been made on the Data
Protection Bill since <a rel="nofollow"
class="external text"
href="https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2017-w47#DPBill_debate_in_the_HoL_Committee_continues">last
week</a>. The current full text of the bill, as
amended in the Lords Committee Stage is available <a
rel="nofollow" class="external text"
href="https://publications.parliament.uk/pa/bills/lbill/2017-2019/0074/18074.pdf">here</a>.
</p>
<p>Article 80(2) amendments were debated last week,
which would allow consumer groups like the Open Rights
Group to take independent action against entities who
have been abusing data protection law. If successful,
not for profit bodies could take action on behalf of
data subjects without having to seek their mandate.
The amendment would create similar enforcement powers
for data protection as in others consumer rights like
finance, and competition. The amendment is anticipated
to be one of the main topics of debate in Report
Stage.
</p>
<p>The government also debated a new exemption to data
protection which would remove all rights to personal
data when disclosure would prejudice “effective
immigration controls". Such an exemption has never
existed before. Requests for information under data
protection (subject access requests) are an integral
part of most immigration cases, and will be critical
for anyone going through an immigration process in the
future, such as the three million EU citizens resident
in the UK. The Home Office has a policy of using any
available data for immigration surveillance, such as
the National Pupil Database, which this exemption
would enable without restraint. Open Rights Group are
calling for the removal of the exemption from the
Bill.
</p>
<p>Report sittings will begin in the House of Lords on
11 December and 13 December.
</p>
<h2><span class="mw-headline"
id="Other_national_developments">Other national
developments</span></h2>
<h3><span class="mw-headline"
id="Home_Office_publishes_consultation_on_their_response_to_the_CJEU_judgment_on_data_retention">Home
Office publishes consultation on their response to
the CJEU judgment on data retention</span></h3>
<p>On 30 November, the Government published a public
consultation document proposing changes to the
Investigatory Powers Act to bring it into line with
the <a rel="nofollow" class="external text"
href="http://curia.europa.eu/juris/document/document.jsf?text=&docid=186492&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1949500">December
2016 judgment</a> from the Court of Justice of the
European Union in the Davis/Watson case against mass
surveillance.
</p>
<p>Davis/Watson (officially: Joined Cases C‑203/15 and
C‑698/15) challenged the UK's legislation governing
data retention (the <a rel="nofollow" class="external
text"
href="https://en.wikipedia.org/wiki/Data_Retention_and_Investigatory_Powers_Act_2014">Data
Retention and Investigatory Powers Act 2014</a>, or
'DRIPA'). The judgment set out the safeguards that
need to be in place in order for a data retention
regime to be consistent with EU law. The CJEU did not
consider DRIPA's safeguards to be adequate, and the
legislation was thus deemed incompatible with EU law.
</p>
<p>Since the 2016 judgment, DRIPA has been replaced with
Part 4 of the Investigatory Powers Act, but the
Government accepts that amendments will be required to
the IPA in response to the CJEU's judgment. With this
in mind, the Government published its consultation
paper seeking opinions on their approach to amending
the IPA to comply with the judgment.
</p>
<p>The Government has accepted that the <a
rel="nofollow" class="external text"
href="https://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-act-snoopers-charter-browsing-history-what-does-it-mean-a7436251.html">extensive
list of public bodies</a> originally found in
Schedule 4 of the Act are no longer allowed to
self-authorise requests for communications data as per
the judgment in the CJEU case. A new body, the Office
for Communications Data Authorisation (OCDA), will be
created to handle the authorisation of requests for
stored data. (Consultation p.18)
</p>
<p>Additionally, the CJEU ruling required traffic and
location data to be retained or accessed only in cases
of 'serious crime'. The Goverment sets a particularly
low bar on its test of 'seriousness' in the
consultation, claiming that 'serious' should apply to
crimes for which an adult would be 'capable' of being
imprisoned for six months or more. (Consultation p.14)
ORG does not believe this is adequate to stop blanket
data retention, as this could apply to a significant
number of crimes.
</p>
<p>The CJEU judgment imposed a clear obligation upon
national authorities to notify persons for whom access
to their data has been granted to any relevant
entities "as soon as that notification is no longer
liable to jeopardise the investigations being
undertaken by those authorities". However, the
consultation notes that "the Government’s position is
that a general requirement to notify an individual
that their data has been accessed would unnecessarily
inform criminals, suspected criminals and others of
the investigative techniques that public authorities
use. Simply because an investigation has ceased or an
individual is ruled out of a particular investigation
does not mean that notification would not be
operationally damaging". The Open Rights Group
believes this particular section of the consultation
is in clear breach of the CJEU judgment. (Consultation
p.20)
</p>
<p>The draft Code of Practice published alongside the
consultation makes it clear that the Government
intends to push forward with its 'Request Filter'
initiative (CoP, s.11) - which it claims will help to
safeguard privacy by limiting the amount of
information returned when requests for data are made.
Though there are concerns that this could effectively
amount to a "police search engine", or something
similar in nature to the NSA's XKeyscore system.
</p>
<p>Consultation documents <a rel="nofollow"
class="external text"
href="https://www.gov.uk/government/consultations/investigatory-powers-act-2016">are
available here</a>, and the consultation will close
on 18 January 2018.
</p>
<h3><span class="mw-headline"
id="Government_publishes_interim_cyber_security_science_and_technology_strategy">Government
publishes interim cyber security science and
technology strategy</span></h3>
<p>On 30 November, the Government <a rel="nofollow"
class="external text"
href="https://www.gov.uk/government/publications/interim-cyber-security-science-and-technology-strategy">published
a policy document</a> billed as an "interim strategy
for future-proofing cyber security".
</p>
<p>The policy aims to:
</p>
<ul>
<li> "identify the technology areas that will have
most impact on cyber security</li>
<li> develop the government’s policy response and the
expertise base in government, academia and industry</li>
<li> assess whether we are sufficiently responding to
cyber security science and technology developments"</li>
</ul>
<p>Lauri Love is under prosecution for allagedly hacking
into US Government, Missile Defence Agency and NASA
systems. United States prosecutors feel that the
US-centric nature of Love's alleged hacking targets
mean it would be most appropriate for Love to be
extradited from the UK, to stand trial in US courts.
In September 2016, District Judge Nina Tempia ruled at
Westminster Magistrates' Court in favour of permitting
Love's extradition.
</p>
<p>Love's appeal against this decision was heard this
week in the Royal Courts of Justice in London, on
29-30 November. Defence lawyers for Love argue that he
is at high risk of suicide if extradited, due to
health issus, and being removed from the support of
his family. High Court judges <a rel="nofollow"
class="external text"
href="http://www.bbc.co.uk/news/uk-england-suffolk-42183670">said
they will "take time" to reach a decision</a> in the
case.
</p>
<p>Lauri Love is supported by the Courage Foundation,
who run a site dedicated to his case at <a
rel="nofollow" class="external free"
href="https://freelauri.com/">https://freelauri.com/</a>
</p>
<h3><span class="mw-headline"
id="ICO_publishes_updated_GDPR_guidance_for_businesses">ICO
publishes updated GDPR guidance for businesses</span></h3>
<p>This week, the ICO published <a rel="nofollow"
class="external text"
href="https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/">an
updated compliance guide</a> on the General Data
Protection Regulation, targeted at businesses and
organisations.
</p>
<h2><span class="mw-headline"
id="International_developments">International
developments</span></h2>
<h3><span class="mw-headline"
id="FCC_plans_vote_on_repeal_of_net_neutrality_rules">FCC
plans vote on repeal of net neutrality rules</span></h3>
<p>In the United States, FCC chief Ajit Pai has <a
rel="nofollow" class="external text"
href="https://www.reuters.com/article/us-usa-internet-exclusive/fcc-chief-plans-to-ditch-u-s-net-neutrality-rules-idUSKBN1DL21A">put
forward a plan</a> to "rescind the so-called net
neutrality rules championed by Democratic former
President Barack Obama that treated internet service
providers like public utilities.
</p>
<p>The rules barred broadband providers from blocking or
slowing down access to content or charging consumers
more for certain content. They were intended to ensure
a free and open internet, give consumers equal access
to web content and prevent broadband service providers
from favoring their own content."
</p>
<p>If successful, the FCC vote would clear the way for
ISPs to charge customers more to access certain
content or to throttle and restrict certain traffic as
desired.
</p>
<p>A vote on the repeal is <a rel="nofollow"
class="external text"
href="https://www.nytimes.com/2017/11/21/technology/fcc-net-neutrality.html">expected
on December 14</a>.
</p>
<h2><span class="mw-headline"
id="Questions_in_the_UK_Parliament">Questions in the
UK Parliament</span></h2>
<h3><span class="mw-headline"
id="Question_on_online_bullying">Question on online
bullying</span></h3>
<p>Lord Mancroft asked the Government when they intended
to publish their digtal charter to address online
bullying.
</p>
<p>Lord Ashton of Hyde answered that the Government
published their Internet Safety Strategy on 11
October, "which focuses on keeping all users safe
online. The Strategy covers the responsibilities of
companies to their users, the use of technical
solutions to prevent online harms and Government's
role in supporting users."
</p>
<p>He noted that the strategy involves a consultation on
the Digital Economy Act 2017's social media code of
practice, which aims to "address conduct that involves
bullying or insulting an individual online, or other
behaviour likely to intimidate or humiliate the
individual."
</p>
<p>Lord Ashton confirmed that a Government response to
this consultation is expected in early 2018.
</p>
<h3><span class="mw-headline"
id="Update_on_cyber_security_and_data_protection">Update
on cyber security and data protection</span></h3>
<p>Matthew Hancock gave a statement regarding the
ongoing response of the Government to Uber's October
2016 data breach, which affected approximately 2.7
million user accounts in the UK. He confirmed that the
<a rel="nofollow" class="external text"
href="https://ico.org.uk/">ICO</a> and <a
rel="nofollow" class="external text"
href="https://www.ncsc.gov.uk/">NCSC</a> are working
with Uber to investigate what kind of personal data
about users may have been compromised.
</p>
<p>He also confirmed that the forthcoming Data
Protection Bill aims to "give more powers to the ICO
to defend consumer interests and issue higher fines of
up to £18 million or four per cent of global turnover,
in cases of the most serious data breaches."
</p>
<h2><span class="mw-headline" id="ORG_media_coverage">ORG
media coverage</span></h2>
<p><i>See <a
href="https://wiki.openrightsgroup.org/wiki/ORG_Press_Coverage"
title="ORG Press Coverage">ORG Press Coverage</a>
for full details.</i>
</p>
<dl>
<dt>2017-11-28-Naked Security-<a rel="nofollow"
class="external text"
href="https://nakedsecurity.sophos.com/2017/11/28/age-verification-legislation-will-lead-to-porn-habit-database/">Age
verification legislation will lead to porn habit
database</a></dt>
<dd>Author: Lisa Vaas</dd>
<dd>Summary: Myles Jackman quoted in story about the
potential privacy risks of age verification.</dd>
<dd>Topics: <a
href="https://wiki.openrightsgroup.org/wiki/Data_protection"
title="Data protection">Data protection</a>, <a
href="https://wiki.openrightsgroup.org/wiki/Privacy"
title="Privacy">Privacy</a></dd>
<dt>2017-11-29-Chatter Podcast-<a rel="nofollow"
class="external text"
href="http://www.thejist.co.uk/podcast/matthew-rice-general-data-protection-regulation-online-censorship/">Chatter
Episode 29 – Mathew Rice on The General Data
Protection Regulation and Online Censorship</a></dt>
<dd>Author: The Jist</dd>
<dd>Summary: Matthew Rice appeared on The Jist's
'Chatter' podcast to discuss issues surrounding GDPR
and censorship.</dd>
<dd>Topics: <a
href="https://wiki.openrightsgroup.org/w/index.php?title=Censorship&action=edit&redlink=1"
class="new" title="Censorship (page does not
exist)">Censorship</a>, <a
href="https://wiki.openrightsgroup.org/wiki/Data_protection"
title="Data protection">Data protection</a></dd>
<dt>2017-11-29-FutureScot-<a rel="nofollow"
class="external text"
href="http://futurescot.com/rights-gdpr-open-rights-group/">We're
all data subjects now</a></dt>
<dd>Author: Matthew Rice</dd>
<dd>Summary: Matthew Rice contributed an article on
GDPR and the Data Protection Bill for FutureScot,
highlighting ORG's position on the Bill.</dd>
<dd>Topics: <a
href="https://wiki.openrightsgroup.org/wiki/Data_protection"
title="Data protection">Data protection</a>, <a
href="https://wiki.openrightsgroup.org/wiki/Privacy"
title="Privacy">Privacy</a></dd>
<dt>2017-11-30-Computer Weekly-<a rel="nofollow"
class="external text"
href="http://www.computerweekly.com/news/450431131/Proposed-snoopers-charter-changes-inadequate-says-rights-group">Proposed
snoopers’ charter changes inadequate, says rights
group</a></dt>
<dd>Author: Warwick Ashford</dd>
<dd>Summary: Open Rights Group quoted in an article
about issues with the Home Office consultation on
their response to the Watson CJEU ruling.</dd>
<dd>Topics: <a
href="https://wiki.openrightsgroup.org/wiki/Surveillance"
title="Surveillance" class="mw-redirect">Surveillance</a></dd>
<dt>2017-11-30-The Register-<a rel="nofollow"
class="external text"
href="https://www.theregister.co.uk/2017/11/30/investigatory_powers_act_illegal_under_eu_law/">UK.gov
admits Investigatory Powers Act illegal under EU
law</a></dt>
<dd>Author: Rebecca Hill</dd>
<dd>Summary: Jim Killock quoted in an article about
the Government's recently-released consultation on
their proposed amendments to the Investigatory
Powers Act.</dd>
<dd>Topics: <a
href="https://wiki.openrightsgroup.org/wiki/Surveillance"
title="Surveillance" class="mw-redirect">Surveillance</a></dd>
<dt>2017-11-30-New Statesman-<a rel="nofollow"
class="external text"
href="http://tech.newstatesman.com/guest-opinion/data-protection-bill">Why
the data protection bill must be amended before it
becomes UK law</a></dt>
<dd>Author: Jim Killock</dd>
<dd>Summary: Jim Killock authored an op-ed piece for
the New Statesman about the shortcomings of the Data
Protection Bill.</dd>
<dd>Topics: <a
href="https://wiki.openrightsgroup.org/wiki/Data_protection"
title="Data protection">Data protection</a>, <a
href="https://wiki.openrightsgroup.org/wiki/Privacy"
title="Privacy">Privacy</a></dd>
</dl>
<h2><span class="mw-headline" id="ORG_Contact_Details">ORG
Contact Details</span></h2>
<p><a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff">Staff
page</a>
</p>
<ul>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#jim">Jim
Killock, Executive Director</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#javier">Javier
Ruiz, Policy Director</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#ed">Ed
Johnson-Williams, Campaigns</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#lee">Lee
Maguire, Tech</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#myles">Myles
Jackman, Legal Director</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#alex">Alex
Haydock, Legal Intern</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#matthew">Matthew
Rice, Scotland Director</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#slavka">Slavka
Bielikova, Policy Officer</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#mike">Mike
Morel, Campaigner</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#caitlin">Caitlin
Bishop, Campaigns Communication Officer</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
<div> </div>
</div>
</body>
</html>