<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div id="container" class="container font-size5 content-width3">
<div id="reader-header" class="header" style="display: block;"
dir="ltr"><a moz-do-not-send="true"
href="https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2017-w49">
https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2017-w49</a><br>
<h1 id="reader-title">ORG policy update/2017-w49<br>
</h1>
</div>
<hr>
<div class="content">
<div id="moz-reader-content" class="line-height4" dir="ltr"
style="display: block;">
<div id="readability-page-1" class="page">
<div id="bodyContent" class="entry-content">
<div id="mw-content-text" dir="ltr" class="mw-content-ltr"
lang="en">
<p>This is ORG's Policy Update for the week beginning
04/12/2017.
</p>
<p>If you are reading this online, you can also
subscribe to the <a rel="nofollow" class="external
text"
href="https://lists.openrightsgroup.org/listinfo/parliamentary.monitor">email
version or unsubscribe</a>.
</p>
<h2><span class="mw-headline" id="ORG.E2.80.99s_work">ORG’s
work</span></h2>
<ul>
<li>ORG have begun to prepare briefings for peers in
the House of Lords for the upcoming Report Stage of
the Data Protection Bill (see below).</li>
<li>ORG is running a petition against the Government’s
proposals to criminalise repeated viewing of online
terrorist propaganda and compelling internet
companies to police their own networks. <a
rel="nofollow" class="external text"
href="https://action.openrightsgroup.org/censorship-and-control-are-not-answer-extremism">Sign
the petition here!</a></li>
<li>In case you couldn’t come to ORGCon, you can now
watch the talks online! <a rel="nofollow"
class="external text"
href="https://www.youtube.com/watch?v=f6VTrBpE_kA&list=PLY9gENnF8uiXdeFQtEA-Ge0pd7DtAsx4T">Have
a look at our YouTube channel</a>.</li>
</ul>
<p>Planned local group events:
</p>
<ul>
<li><a rel="nofollow" class="external text"
href="https://www.meetup.com/ORG-Birmingham/events/244943786/">ORG
Birmingham</a> are hosting an introduction to the
Indieweb on Monday 11 December. Tired of Twitter?
Fed up with Facebook? Miss the variety and
quirkiness of the open web? Be the change you want
to see in the world by visiting their introduction
to the Indieweb!</li>
<li><a rel="nofollow" class="external text"
href="https://www.meetup.com/ORG-London/events/243071922/">ORG
London</a> are hosting a presentation on the
'Cryptobar' installation on Tuesday 12 December.
Cryptobar is a project aimed at spreading the word
about privacy (and privacy-enhacing technologies) in
an artistic and accessible way.</li>
</ul>
<h2><span class="mw-headline" id="Official_meetings">Official
meetings</span></h2>
<ul>
<li>Jim Killock gave a lecture on the "Nothing to
Hide, Nothing to Fear" argument to students at
Arcadia University.</li>
<li>Myles Jackman and Alex Haydock attended a Court of
Appeal hearing on Friday 8 December to hear progress
in the Davis/Watson case against DRIPA.</li>
<li>Jim Killock spoke at 89up's Assemble event about
the benefits that GDPR will give campaigners.</li>
<li>Myles Jackman and Alex Haydock met with David
Allen Green to discuss progress in the <a
href="https://wiki.openrightsgroup.org/wiki/Cartier"
title="Cartier" class="mw-redirect">Cartier</a>
case.</li>
<li>ORG Staff attended a preview screening of
forthcoming film <a rel="nofollow" class="external
text" href="http://www.imdb.com/title/tt6294822/">The
Post</a>.</li>
</ul>
<h2><span class="mw-headline" id="UK_Parliament">UK
Parliament</span></h2>
<h3><span class="mw-headline"
id="Joint_Committee_on_Human_Rights_publishes_note_about_Data_Protection_Bill">Joint
Committee on Human Rights publishes note about Data
Protection Bill</span></h3>
<p>On 6 December, the Deputy Counsel to the Joint
Committee on Human Rights <a rel="nofollow"
class="external text"
href="https://www.parliament.uk/documents/joint-committees/human-rights/correspondence/2017-19/Note_Deputy_Counsel_DPBill.pdf">published
a note</a> about the human rights implications of
the Data Protection Bill. Crucially, among the key
considerations they highlight for the Committee to
consider are a number of issues of interest to ORG.
</p>
<p>Article 80(2) amendments were debated two weeks ago,
which would allow consumer groups like the Open Rights
Group to take independent action against entities who
have been abusing data protection law. In their note,
the Counsel addresses Article 80(2), noting that the
Committee:
</p>
<blockquote>may wish to consider whether the
Government's ommission of Article 80(2) may diminish
the protection of privacy rights and, if so, whether
civil society organisations ought to be empowered to
bring complains and seek effective remedies in the
public interest.</blockquote>
<p>The Committee also considered the proposed exemption
to data protection which would remove all rights to
personal data when disclosure would prejudice
“effective immigration controls". Such an exemption
has never existed before. Requests for information
under data protection (subject access requests) are an
integral part of most immigration cases, and will be
critical for anyone going through an immigration
process in the future, such as the three million EU
citizens resident in the UK. The document notes that
the Committee:
</p>
<blockquote>may wish to consider whether an exemption
for effective immigration control is necessary and
proportionate given the broad reach this exemption
would have. The Committee may wish to make further
enquiries of the Government as to the justification
for this exemption.</blockquote>
<p><b>Report sittings on the Data Protection Bill will
be held in the House of Lords on 11 December, 13
December, and 11 January.</b> The most recent
amendments submitted for the Bill's report stage can
be found <a rel="nofollow" class="external text"
href="https://publications.parliament.uk/pa/bills/lbill/2017-2019/0074/18074-I.pdf">here</a>.
The Bill's third reading will be held on 17 January.
</p>
<h3><span class="mw-headline"
id="ICO_publishes_Lords.27_briefing_on_Data_Protection_Bill">ICO
publishes Lords' briefing on Data Protection Bill</span></h3>
<p>In preparation for the upcoming Report stage of the
Data Protection Bill, the ICO have published a
briefing for the House of Lords raising many of the
same issues for consideration as the report published
by the Joint Committee on Human Rights.
</p>
<p>The briefing refers to the immigration exemption,
noting:
</p>
<blockquote>This exemption could potentially render
personal data unobtainable to the data subject and
this could be detrimental to individuals who are
appealing asylum decisions for example. If the
exemption is applied, individuals will not be able to
access their personal data to identify any factual
inaccuracies and it will mean that the system lacks
transparency and is fundamentally unfair.</blockquote>
<p>The ICO also makes reference to Article 80(2), noting
that they support the amendment, which would give
civil interest groups like ORG the right to seek
redress on behalf of data subjects without needing to
be directly instructed by them:
</p>
<blockquote>As was highlighted in the Committee Stage
debate, there are circumstances where data subjects
may not necessarily be aware of what data about them
is held by organisations, and more importantly what is
being done with it. In such instances data subjects
could not be expected to know whether and how they
could exercise their rights under data protection law.
Furthermore, in the context of wider discussion of the
Bill and children’s rights, the relevance of this
point is of particular importance where young and
vulnerable data subjects are involved – these groups
being less likely to have the means and capability to
exercise their rights on their own behalf. The
Commissioner continues to support the derogation at
Article 80(2) being exercised to provide
representative bodies with this right of action.</blockquote>
<h2><span class="mw-headline"
id="Other_national_developments">Other national
developments</span></h2>
<h3><span class="mw-headline"
id="David_Anderson_QC_publishes_report_into_MI5.2FPolice_intelligence-handling_reviews">David
Anderson QC publishes report into MI5/Police
intelligence-handling reviews</span></h3>
<p>This week, the Home Secretary published a report by
David Anderson QC into the internal reviews conducted
by the Police and by MI5, concerning their handling of
intelligence data prior to this year's terrorist
attacks at Westminster, Manchester Arena, London
Bridge and Finsbury Park.
</p>
<p>The full report and accompanying press release can be
accessed <a rel="nofollow" class="external text"
href="https://www.daqc.co.uk/2017/12/05/report-mi5-police-intelligence-handling-reviews/">here</a>.
</p>
<h3><span class="mw-headline"
id="Court_of_Appeal_Hearing_in_Davis.2FWatson_case_against_DRIPA">Court
of Appeal Hearing in Davis/Watson case against DRIPA</span></h3>
<p>The Data Retention and Investigatory Powers Act 2014
(DRIPA) was the predecessor to the Investigatory
Powers Act 2016 and has been subject to a legal
challenge since June 2015, brought by MPs David Davis
and Tom Watson.
</p>
<p>The High Court held in 2015 that portions of the
DRIPA legislation were unlawful. The case then
progressed to the Court of Appeal, which began hearing
the Home Secretary's appeal in 2015.
</p>
<p>Since that time, the European Court of Justice
delivered a judgment (in Joined Cases C203/15 and
C698/15), which supported the High Court's position
that DRIPA was unlawful. The DRIPA legislation expired
at the end of December 2016.
</p>
<p>Despite the above, the Court of Appeal case
continues, as it revolves around points of law which
are relevant to the Investigatory Powers Act, into
Part 4 of which were incorporated many of the
provisions of DRIPA, including some which were under
dispute.
</p>
<p>On Friday 8, a Court of Appeal took place to hear
some final arguments in the Davis/Watson case. The
court is expected to deliver a judgment soon and may
choose to affirm the position of the CJEU, which would
be a victory for ORG.
</p>
<h2><span class="mw-headline" id="Europe">Europe</span></h2>
<h3><span class="mw-headline"
id="EU_regulators_threaten_court_challenge_to_EU-U.S._data_transfer_pact">EU
regulators threaten court challenge to EU-U.S. data
transfer pact</span></h3>
<p><a
href="https://wiki.openrightsgroup.org/wiki/Article_29_Data_Protection_Working_Party"
title="Article 29 Data Protection Working Party">Article
29 Data Protection Working Party</a> adopted an <a
rel="nofollow" class="external text"
href="https://www.huntonprivacyblog.com/wp-content/uploads/sites/18/2017/12/WP-29-Privacy-Shield-Opinion.pdf">opinion
on the review of Privacy Shield</a> agreement this
week. Privacy Shield framework enables cross-border
data transfers between EU and the US in compliance
with EU data protection rules. </p>
<p>Article 29 is an advisory body made up of each Member
State’s data protection authority representative. They
were tasked with a review of the Privacy Shield
framework after one year of being in place since it
replaced the Safe Harbour agreement. </p>
<p>In their opinion, the <a rel="nofollow"
class="external text"
href="https://www.reuters.com/article/us-eu-dataprotection-usa/eu-regulators-threaten-court-challenge-to-eu-u-s-data-transfer-pact-idUSKBN1E01DP">Working
Party 29 has identified a number of significant
concerns</a> that need to be addressed by both the
European Commission and the US authorities. These
include the appointment of an independent Ombudsperson
and members of Privacy and Civil Liberties Oversight
Board in the US. They note that the appointments need
to be in place by 25 May 2018 (date when the General
Data Protection Regulation comes into force). </p>
<p>Further concerns raised by the WP29 include:
</p>
<ul>
<li>Lack of guidance for the companies adhering to the
Privacy Shield</li>
<li>Lack of clear and easily available information for
EU individuals </li>
<li>Lack of oversight and supervision of compliance
with the Principles</li>
<li>Application of the Privacy Shield to data
processors established in the US</li>
<li>Lack of legal guarantees for automated
profiling/decision making</li>
<li>Self-Certification process and cooperation between
US authorities in the Privacy Shield mechanism</li>
</ul>
<p>The data protection authorities expect these concerns
to be resolved by Autumn 2018. If the EU and the US
fail to do so, Article 29: </p>
<blockquote>”will take appropriate action, including
bringing the Privacy Shield Adequacy decision to
national courts for them to make a reference to the
CJEU for a preliminary ruling.”</blockquote>
<h2><span class="mw-headline" id="ORG_media_coverage">ORG
media coverage</span></h2>
<p><i>See <a
href="https://wiki.openrightsgroup.org/wiki/ORG_Press_Coverage"
title="ORG Press Coverage">ORG Press Coverage</a>
for full details.</i>
</p>
<dl>
<dt>2017-12-04-Business Insider-<a rel="nofollow"
class="external text"
href="http://uk.businessinsider.com/ico-making-enquiries-mps-parliament-sharing-email-passwords-staff-2017-12">The
UK's privacy watchdog is 'making enquiries' after
MPs said they hand out passwords to staff</a></dt>
<dd>Author: Shona Ghosh</dd>
<dd>Summary: Jim Killock quoted in a story about
possible data protection breaches by MPs sharing
Parliamaentary logins.</dd>
<dd>Topics: <a
href="https://wiki.openrightsgroup.org/wiki/Data_protection"
title="Data protection">Data protection</a>, <a
href="https://wiki.openrightsgroup.org/wiki/Privacy"
title="Privacy">Privacy</a></dd>
<dt>2017-12-04-BBC News-<a rel="nofollow"
class="external text"
href="http://www.bbc.co.uk/news/uk-politics-42216622">MP
Nadine Dorries defends 'shared password' tweet</a></dt>
<dd>Author: BBC News</dd>
<dd>Summary: Jim Killock quoted in a story about
possible data protection breaches by MPs sharing
Parliamaentary logins.</dd>
<dd>Topics: <a
href="https://wiki.openrightsgroup.org/wiki/Data_protection"
title="Data protection">Data protection</a>, <a
href="https://wiki.openrightsgroup.org/wiki/Privacy"
title="Privacy">Privacy</a></dd>
<dt>2017-12-05-The National-<a rel="nofollow"
class="external text"
href="http://www.thenational.scot/news/15701477.Data_privacy_regulator_warns_MPs_over_sharing_computer_logins/">Data
privacy regulator warns MPs over sharing computer
logins</a></dt>
<dd>Author: Gregor Young</dd>
<dd>Summary: Jim Killock quoted in a story about
possible data protection breaches by MPs sharing
Parliamentary logins.</dd>
<dd>Topics: <a
href="https://wiki.openrightsgroup.org/wiki/Data_protection"
title="Data protection">Data protection</a>, <a
href="https://wiki.openrightsgroup.org/wiki/Privacy"
title="Privacy">Privacy</a></dd>
<dt>2017-12-07-Gizmodo-<a rel="nofollow"
class="external text"
href="http://www.gizmodo.co.uk/2017/12/campaigners-are-asking-the-government-not-to-strip-eu-citizens-of-their-digital-rights/">Campaigners
Are Asking the Government Not to Strip EU Citizens
of Their Digital Rights</a></dt>
<dd>Author: Tom Pritchard</dd>
<dd>Summary: Jim Killock quoted in a story about the
proposed immigration exemption to the forthcoming
Data Protection Bill.</dd>
<dd>Topics: <a
href="https://wiki.openrightsgroup.org/wiki/Data_protection"
title="Data protection">Data protection</a>, <a
href="https://wiki.openrightsgroup.org/wiki/Privacy"
title="Privacy">Privacy</a></dd>
</dl>
<h2><span class="mw-headline" id="ORG_Contact_Details">ORG
Contact Details</span></h2>
<p><a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff">Staff
page</a>
</p>
<ul>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#jim">Jim
Killock, Executive Director</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#javier">Javier
Ruiz, Policy Director</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#ed">Ed
Johnson-Williams, Campaigns</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#lee">Lee
Maguire, Tech</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#myles">Myles
Jackman, Legal Director</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#alex">Alex
Haydock, Legal Intern</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#matthew">Matthew
Rice, Scotland Director</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#slavka">Slavka
Bielikova, Policy Officer</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#mike">Mike
Morel, Campaigner</a></li>
<li> <a rel="nofollow" class="external text"
href="https://www.openrightsgroup.org/people/staff#caitlin">Caitlin
Bishop, Campaigns Communication Officer</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
<div> </div>
</div>
</body>
</html>