<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="container content-width3 font-size5">
<div class="reader-header header" dir="ltr">
<a class="reader-domain domain" href="https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2018-w12">https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2018-w12</a>
<div class="domain-border"></div>
<h1 class="reader-title">ORG policy update/2018-w12</h1>
</div>
<hr class="">
<div class="content">
<div class="line-height4 moz-reader-content" dir="ltr"><div id="readability-page-1" class="page"><div id="bodyContent" class="">
<div id="mw-content-text" dir="ltr" lang="en" class=""><p class="">This is ORG's Policy Update for the week beginning 19/03/2018.
</p><p class="">If you are reading this online, you can also subscribe to the <a rel="nofollow" href="https://lists.openrightsgroup.org/listinfo/parliamentary.monitor" class="">email version or unsubscribe</a>.
</p>
<h2 class=""><span id="ORG.E2.80.99s_work" class="">ORG’s work</span></h2>
<ul class=""><li class="">ORG are fundraising to recruit more permanent members of our legal team. <a rel="nofollow" href="https://www.openrightsgroup.org/join/join-org-and-help-build-our-legal-team" class="">Join ORG today to help out!</a></li>
<li class="">ORG is running a petition against the Government’s misguided
proposals threatening fines for internet companies who do not rapidly
censor extremist material shared on their platforms. <a rel="nofollow" href="https://action.openrightsgroup.org/censorship-and-control-are-not-answer-extremism" class="">Sign the petition here!</a></li>
<li class="">ORG have launched an open <a rel="nofollow" href="https://action.openrightsgroup.org/new-rights-need-new-services-submit-your-ideas-monday-february-12th" class="">call for ideas</a> to develop a tool for consumers to enjoy their stronger rights under GDPR. This is a joint project with <a rel="nofollow" href="https://projectsbyif.com" class="">Projects by IF</a>, funded through a grant from the Information Commissioner Office.</li></ul>
<h2 class=""><span id="Official_meetings" class="">Official meetings</span></h2>
<ul class=""><li class="">Jim Killock attended meetings with Andy Goodman of Bangor
University, and David Gilliam of the Welsh Green Party, to discuss
electronic voting.</li>
<li class="">Jim Killock also hosted presentations at <a rel="nofollow" href="http://mpc.bangor.ac.uk/events.php.en" class="">Bangor University</a> and <a rel="nofollow" href="https://abersrg.wordpress.com/2018/03/08/security-and-elections-the-use-of-online-voting/" class="">Aberystwyth University</a> about the issue of electronic voting.</li>
<li class="">Slavka Bielikova attended a Copyright Action Day in Brussels organised by C4C.</li>
<li class="">Javier Ruiz participated in several research workshops in Amsterdam
as part of our VIRTEU project, together with colleagues from the
Copenhagen Institute for Interaction and Design (CIID) and the IT
University of Copenhagen (ITU).</li></ul>
<h2 class=""><span id="UK_Parliament" class="">UK Parliament</span></h2>
<h3 class=""><span id="Labour_MPs_table_amendment_to_DP_Bill_requiring_development_of_a_code_of_practice_for_ANPR" class="">Labour MPs table amendment to DP Bill requiring development of a code of practice for ANPR</span></h3><p class="">The Data Protection Bill Committee stage in the House of Commons continued this week on 20 (<a rel="nofollow" href="https://hansard.parliament.uk/commons/2018-03-20/debates/1c2cf90d-f85b-4724-af4b-bf05bb7be630/DataProtectionBill(Lords)(FifthSitting)" class="">1</a>, <a rel="nofollow" href="https://hansard.parliament.uk/commons/2018-03-20/debates/a63a34d7-d41c-44bf-ac8a-e497c3b79808/DataProtectionBill(Lords)(SixthSitting)" class="">2</a>) and 22 (<a rel="nofollow" href="https://hansard.parliament.uk/commons/2018-03-22/debates/30c2a977-fd14-41a1-bcc0-50325fe3efd6/DataProtectionBill(Lords)(SeventhSitting)" class="">1</a>, <a rel="nofollow" href="https://hansard.parliament.uk/commons/2018-03-22/debates/c3469c0f-c1c1-4af7-8e41-3242be5504f7/DataProtectionBill(Lords)(EighthSitting)" class="">2</a>)
March. The Committee discussed a code on processing personal data in
education, personal data ethics advisory board and ethics code of
practice, bill of Data Rights in the Digital Environment and review of
Electronic Commerce (EC Directive) Regulations.
</p><p class="">During this week's proceedings, Labour MPs <a rel="nofollow" href="https://www.theyworkforyou.com/pbc/2017-19/Data_Protection_Bill/08-0_2018-03-22a.332.2" class="">tabled an amendment to the Bill</a>
that would require the Secretary of State to issue a code of practice
in relation to automated number plate recognition (ANPR) systems.
</p><p class="">This development comes out of a concern about a current lack of regulation around ANPR systems and privacy. <a rel="nofollow" href="https://www.theregister.co.uk/2018/03/16/labour_amendment_anpr_surveillance_oversight_code/" class="">According to The Register</a>,
"widespread use of ANPR means cameras across the country submit between
25 million and 35 million read records to the national ANPR data centre
each day. There are more than 22 billion records in the database."
</p><p class="">The Committee concluded their debate one day earlier than
originally expected. The Bill as amended by the Committee will now be
discussed during the Report stage, most likely after the Easter recess.
</p>
<h2 class=""><span id="Other_national_developments" class="">Other national developments</span></h2>
<h3 class=""><span id="Cambridge_Analytica_data_misuse_scandal" class="">Cambridge Analytica data misuse scandal</span></h3><p class="">This week saw a number of news stories about the misuse of Facebook
users' data for psychological profiling purposes by a company called
Cambridge Analytica (CA). Among other things, CA offered services to
political candidates - claiming to be able to use their psycho-graphic
approach to precisely target the specific interests of individual social
media users with political advertisements that they are likely to
respond well to.
</p><p class="">On 16 March, Facebook <a rel="nofollow" href="https://newsroom.fb.com/news/2018/03/suspending-cambridge-analytica/" class="">publicly announced</a>
that it was suspending CA from the platform, over controversy that CA
had received data from a third-party app developer in violation of the
Platform Policy that Facebook publishes for app developers.
</p><p class="">Former CA employee and whistleblower Christopher Wylie <a rel="nofollow" href="https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election" class="">revealed</a> how the firm used third-party apps to harvest data from 270,000 users and their friends, totaling around 50 million users.
</p><p class="">After news of the above broke, it was also publicly confirmed
that Facebook's Chief Information Security Officer Alex Stamos had <a rel="nofollow" href="https://www.nytimes.com/2018/03/19/technology/facebook-alex-stamos.html" class="">quit the company back in December</a>
over disagreements around how Facebook was handling Russian influence
on the platform. Though Stamos is still employed whilst finishing up his
contract with the company, new reports suggest that department has been
reduced from 120 staff to just three. Stamos famously quit <i class="">Yahoo!</i>
back in 2015 over the company's compliance with a classified US
Government directive that ordered them to build software that allowed
them to scan all users' incoming emails in realtime.
</p><p class="">The Information Commissioner's Office is <a rel="nofollow" href="https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/03/ico-statement-investigation-into-data-analytics-for-political-purposes/" class="">aiming to acquire a warrant to investigate the activities of Cambridge Analytica</a>, but this has been adjourned until at least Friday 23 March. Facebook <a rel="nofollow" href="https://newsroom.fb.com/news/2018/03/forensic-audits-cambridge-analytica/" class="">confirmed in a press release</a> that it had contracted the services of forensic auditing firm <i class="">Stroz Friedberg</i>,
and auditors had been collecting data and records on-site at CA
headquarters on 19 March, before the ICO were able to successfully gain a
warrant to enter the building.
</p>
<h3 class=""><span id="Markus_Meechan_.28aka_Count_Dankula.29_guilty_of_posting_.22grossly_offensive.22_video_to_YouTube" class="">Markus Meechan (aka Count Dankula) guilty of posting "grossly offensive" video to YouTube</span></h3><p class="">Previous policy updates have <a rel="nofollow" href="https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2018-w11#.27Nazi_Dog.27_Threatening_Communications_Trial_Resumes" class="">discussed</a> the trial of YouTube performer Markus Meechan. On 20 March, Meechan was <a rel="nofollow" href="http://www.bbc.co.uk/news/uk-scotland-glasgow-west-43478925" class="">found guilty</a> of an offence under <a rel="nofollow" href="https://wiki.openrightsgroup.org/wiki/Communications_Act_2003/Section_127" class="">Section 127</a>
of the Communications Act 2003, which prohibits the sending of a
message that is "grossly offensive or of an indecent, obscene or
menacing character" using an electronic communications network.
</p><p class="">Previously, the court had attempted to trial Meechan under the Scottish-only <a rel="nofollow" href="https://www.legislation.gov.uk/asp/2012/1/crossheading/threatening-communications" class="">"threatening communications"</a> offence. This offense is much more narrowly applicable, but carries a stronger penalty, of up to 5 years imprisonment.
</p><p class="">Meechan is due to be sentenced on 23 April, and faces a penalty of up to 6 months imprisonment, or an unlimited fine.
</p>
<h2 class=""><span id="Questions_in_the_UK_Parliament" class="">Questions in the UK Parliament</span></h2>
<h3 class=""><span id="Question_about_bias_in_Police_biometric_scanning" class="">Question about bias in Police biometric scanning</span></h3><p class="">David Lammy asked the Secretary of State for the Home Department,
"what assessment her Department has made of the potential for bias
against people on the basis of (a) gender and (b) ethnicity of the
automated facial recognition software used by the (i) Metropolitan
Police and (ii) South Wales Police".
</p><p class="">Nick Hurd <a rel="nofollow" href="https://www.theyworkforyou.com/wrans/?id=2018-03-15.132771.h" class="">responded</a>
that "facial recognition software for which the Home Office has
reviewed Privacy Impact Assessments compares images of members of the
public captured by surveillance cameras with images of persons on a
watch list". He also confirmed that potential matches found by the
software were reviewed by a police officer before any action was taken,
and that "people are not arrested solely on the basis of matches made by
facial recognition software."
</p>
<h3 class=""><span id="Question_on_NHS_security_following_the_WannaCry_cyber_attack" class="">Question on NHS security following the WannaCry cyber attack</span></h3><p class="">Keith Vaz asked the Secretary of State for Health and Social Care,
"what steps his Department has taken to improve the security of the IT
systems in the NHS since the cyber attack of May 2017".
</p><p class="">Jackie Doyle-Price <a rel="nofollow" href="https://www.theyworkforyou.com/wrans/?id=2018-03-15.132912.h" class="">responded</a>,
noting that the department had taken a number of different steps to
improve security since the attack, and that many of these steps were
documented in the report <a rel="nofollow" href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/678484/Securing_cyber_resillience_in_health_and_care.pdf" class="">"Securing Cyber-Resilience in Health and Care"</a>, published on 1 February.
</p>
<h2 class=""><span id="International_developments" class="">International developments</span></h2>
<h3 class=""><span id="US_Congress_passes_law_restricting_intermediary_liability_protections_for_site_operators" class="">US Congress passes law restricting intermediary liability protections for site operators</span></h3><p class="">This week, the US Senate passed the <i class="">Stop Enabling Sex Traffickers Act</i>
(SESTA) in a 97-2 vote. The Act had already been passed by the House of
Representatives. As both Congressional Houses have now passed the Act,
its final step is to receive approval from the President.
</p><p class="">The Act, which is also sometimes referred to as the <i class="">Allow States and Victims to Fight Online Sex Trafficking Act</i>
(FOSTA), amends Section 230 of the Communications Decency Act 1996.
This section provides protections for site operators from being held
directly responsible for the content that users post using their
service. The Act <a rel="nofollow" href="https://www.law.cornell.edu/uscode/text/47/230" class="">states</a>
that "No provider or user of an interactive computer service shall be
treated as the publisher or speaker of any information provided by
another information content provider". This allows sites hosting any
kind of user-generated content to be protected from laws which they
would otherwise be subject to.
</p><p class="">According to the EFF's Elliot Harmon:
</p>
<blockquote class="">SESTA/FOSTA undermines Section 230, the most important law
protecting free speech online. Section 230 protects online platforms
from liability for some types of speech by their users. Without Section
230, the Internet would look very different. It’s likely that many of
today’s online platforms would never have formed or received the
investment they needed to grow and scale—the risk of litigation would
have simply been too high. Similarly, in absence of Section 230
protections, noncommercial platforms like Wikipedia and the Internet
Archive likely wouldn’t have been founded given the high level of legal
risk involved with hosting third-party content.</blockquote><p class="">You can read more about SESTA/FOSTA on the <a rel="nofollow" href="https://www.eff.org/deeplinks/2018/03/how-congress-censored-internet" class="">EFF's blog post</a>, or <a rel="nofollow" href="https://arstechnica.com/tech-policy/2018/03/congress-oks-sex-trafficking-bill-that-critics-say-will-censor-the-internet/" class="">Ars Technica</a>. The EFF also have a general <a rel="nofollow" href="https://www.eff.org/issues/cda230" class="">overview of Section 230</a> available on their site.
</p>
<h2 class=""><span id="ORG_media_coverage" class="">ORG media coverage</span></h2><p class=""><i class="">See <a href="https://wiki.openrightsgroup.org/wiki/ORG_Press_Coverage" title="ORG Press Coverage" class="">ORG Press Coverage</a> for full details.</i>
</p>
<dl class=""><dt class="">2018-03-22-The Register-<a rel="nofollow" href="https://www.theregister.co.uk/2018/03/22/uk_smut_age_check_deep_dive/" class="">El Reg deep dive: Everything you need to know about UK.gov's pr0n block</a></dt>
<dd class="">Author: Rebecca Hill</dd>
<dd class="">Summary: Myles Jackman quoted in a story about the current status of online age verification plans for pornographic content.</dd>
<dd class="">Topics: <a href="https://wiki.openrightsgroup.org/wiki/Online_age_verification" title="Online age verification" class="">Online age verification</a></dd>
<dt class="">2018-03-21-Sky News-<a rel="nofollow" href="https://news.sky.com/story/cambridge-analytica-mark-zuckerberg-to-break-silence-on-facebook-data-scandal-11299126" class="">Cambridge Analytica: Mark Zuckerberg 'to break silence' on Facebook data scandal</a></dt>
<dd class="">Author: David Mercer</dd>
<dd class="">Summary: Jim Killock quoted in a story about Facebook's response to the Cambridge Analytica scandal.</dd>
<dd class="">Topics: <a href="https://wiki.openrightsgroup.org/wiki/Data_protection" title="Data protection" class="">Data protection</a>, <a href="https://wiki.openrightsgroup.org/wiki/Privacy" title="Privacy" class="">Privacy</a></dd>
<dt class="">2018-03-21-The Telegraph-<a rel="nofollow" href="https://www.telegraph.co.uk/technology/2018/03/21/obama-tinder-cambridge-analytica-wasnt-first-wont-last-exploit/" class="">From Obama to Tinder: Cambridge Analytica wasn't the first and won't be the last to exploit our data</a></dt>
<dd class="">Author: Eleanor Steafel, Guy Kelly, and Helena Horton</dd>
<dd class="">Summary: Alex Haydock quoted in a story about Cambridge Analytica and third-party apps' use of Facebook data.</dd>
<dd class="">Topics: <a href="https://wiki.openrightsgroup.org/wiki/Data_protection" title="Data protection" class="">Data protection</a>, <a href="https://wiki.openrightsgroup.org/wiki/Privacy" title="Privacy" class="">Privacy</a></dd>
<dt class="">2018-03-21-The Telegraph-<a rel="nofollow" href="https://www.telegraph.co.uk/technology/2018/03/21/protect-data-facebook/" class="">How to protect your data on Facebook</a></dt>
<dd class="">Author: Matthew Field</dd>
<dd class="">Summary: Alex Haydock quoted in a story giving practical advice to
users about how to limit the sharing of their data on Facebook.</dd>
<dd class="">Topics: <a href="https://wiki.openrightsgroup.org/wiki/Data_protection" title="Data protection" class="">Data protection</a>, <a href="https://wiki.openrightsgroup.org/wiki/Privacy" title="Privacy" class="">Privacy</a></dd>
<dt class="">2018-03-20-The Ferret-<a rel="nofollow" href="https://theferret.scot/electronic-voting-could-pose-security-risk-in-scotland-claim-campaigners/" class="">Electronic voting could pose security risk in Scotland, claim campaigners</a></dt>
<dd class="">Author: Karin Goodwin</dd>
<dd class="">Summary: Matthew Rice quoted in a story about the potential risks of electronic voting.</dd>
<dd class="">Topics: <a href="https://wiki.openrightsgroup.org/wiki/Data_protection" title="Data protection" class="">Data protection</a></dd>
<dt class="">2018-03-20-The Independent-<a rel="nofollow" href="https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-cambridge-analytica-latest-data-breach-privacy-explained-a8265601.html" class="">Facebook's latest data scandal is just the beginning – and not even the worst of it, warn privacy experts</a></dt>
<dd class="">Author: Andrew Griffin</dd>
<dd class="">Summary: Javier Ruiz quoted in a story about Cambridge Analytica and third-party apps' use of Facebook data.</dd>
<dd class="">Topics: <a href="https://wiki.openrightsgroup.org/wiki/Data_protection" title="Data protection" class="">Data protection</a>, <a href="https://wiki.openrightsgroup.org/wiki/Privacy" title="Privacy" class="">Privacy</a></dd></dl>
<h2 class=""><span id="ORG_Contact_Details" class="">ORG Contact Details</span></h2><p class=""><a rel="nofollow" href="https://www.openrightsgroup.org/people/staff" class="">Staff page</a>
</p>
<ul class=""><li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#jim" class="">Jim Killock, Executive Director</a></li>
<li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#javier" class="">Javier Ruiz, Policy Director</a></li>
<li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#martha" class="">Martha Dark, Chief Operations Officer</a></li>
<li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#matthew" class="">Matthew Rice, Scotland Director</a></li>
<li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#myles" class="">Myles Jackman, Legal Director</a></li>
<li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#slavka" class="">Slavka Bielikova, Policy Officer</a></li>
<li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#alex" class="">Alex Haydock, Legal Officer</a></li>
<li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#ed" class="">Ed Johnson-Williams, Campaigns</a></li>
<li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#mike" class="">Mike Morel, Campaigns</a></li>
<li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#caitlin" class="">Caitlin Bishop, Campaigns Communication Officer</a></li>
<li class=""> <a rel="nofollow" href="https://www.openrightsgroup.org/people/staff#lee" class="">Lee Maguire, Tech</a></li></ul>
</div>
</div></div></div>
</div>
<div class="">
</div>
</div></body></html>