[ORG PM] ORG policy update 01 December 2017
Alex Haydock
alex.haydock at openrightsgroup.org
Fri Dec 1 15:44:09 GMT 2017
https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2017-w48
ORG policy update/2017-w48
------------------------------------------------------------------------
This is ORG's Policy Update for the week beginning 27/11/2017.
If you are reading this online, you can also subscribe to the email
version or unsubscribe
<https://lists.openrightsgroup.org/listinfo/parliamentary.monitor>.
ORG’s work
* ORG have begun to prepare briefings for peers in the House of Lords
for the upcoming Report Stage of the Data Protection Bill (see below).
* ORG is running a petition against the Government’s proposals to
criminalise repeated viewing of online terrorist propaganda and
compelling internet companies to police their own networks. Sign the
petition here!
<https://action.openrightsgroup.org/censorship-and-control-are-not-answer-extremism>
* In case you couldn’t come to ORGCon, you can now watch the talks
online! Have a look at our YouTube channel
<https://www.youtube.com/watch?v=f6VTrBpE_kA&list=PLY9gENnF8uiXdeFQtEA-Ge0pd7DtAsx4T>.
Planned local group events:
* Join ORG Cambridge
<https://www.meetup.com/ORG-Cambridge/events/244927140/> on Tuesday
5 December for a monthly meetup. They will discuss the current state
of digital rights, what they've done in the past month, and what
they are planning to do in the upcoming months.
* ORG Glasgow <https://www.meetup.com/ORG-Glasgow/events/244234443/>
will hold their monthly meetup on Thursday 7 December at the
Electron Club. You will have an opportunity to discuss current
affairs and topics of interest and to generate new ideas for public
events and presentations.
* ORG Birmingham
<https://www.meetup.com/ORG-Birmingham/events/244943786/> are
hosting an introduction to the Indieweb on Monday 11 December. Tired
of Twitter? Fed up with Facebook? Miss the variety and quirkiness of
the open web? Be the change you want to see in the world by visiting
their introduction to the Indieweb!
* ORG London <https://www.meetup.com/ORG-London/events/243071922/> are
hosting a presentation on the 'Cryptobar' installation on Tuesday 12
December. Cryptobar is a project aimed at spreading the word about
privacy (and privacy-enhacing technologies) in an artistic and
accessible way.
Official meetings
* Jim Killock, Myles Jackman and Alex Haydock met with representatives
from the Home Office to discuss potential privacy issues in a
proposed redesign of the Police National Computer
<https://en.wikipedia.org/wiki/Police_National_Computer> and Police
National Database
<https://en.wikipedia.org/wiki/Police_National_Database>.
* Slavka Bielikova gave a presentation to CILIP
<https://www.cilip.org.uk/?page=Privacyprogramme> about Government
and corporate surveillance, and the potential impact to librarians
and library users.
* Jim Killock, Myles Jackman and Javier Ruiz met with Judicial
Commissioners outlining civil society views on their role in
relation to the Investigatory Powers Act. ORG presented on bulk
surveillance powers and internet connection records (ICRs) and the
filter. Other speakers (FIPR <http://www.fipr.org/>, Big Brother
Watch <https://bigbrotherwatch.org.uk/>) dealt with topics such as
equipment interference.
UK Parliament
Data Protection Bill continues to progress through Parliament
No further progress has been made on the Data Protection Bill since last
week
<https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2017-w47#DPBill_debate_in_the_HoL_Committee_continues>.
The current full text of the bill, as amended in the Lords Committee
Stage is available here
<https://publications.parliament.uk/pa/bills/lbill/2017-2019/0074/18074.pdf>.
Article 80(2) amendments were debated last week, which would allow
consumer groups like the Open Rights Group to take independent action
against entities who have been abusing data protection law. If
successful, not for profit bodies could take action on behalf of data
subjects without having to seek their mandate. The amendment would
create similar enforcement powers for data protection as in others
consumer rights like finance, and competition. The amendment is
anticipated to be one of the main topics of debate in Report Stage.
The government also debated a new exemption to data protection which
would remove all rights to personal data when disclosure would prejudice
“effective immigration controls". Such an exemption has never existed
before. Requests for information under data protection (subject access
requests) are an integral part of most immigration cases, and will be
critical for anyone going through an immigration process in the future,
such as the three million EU citizens resident in the UK. The Home
Office has a policy of using any available data for immigration
surveillance, such as the National Pupil Database, which this exemption
would enable without restraint. Open Rights Group are calling for the
removal of the exemption from the Bill.
Report sittings will begin in the House of Lords on 11 December and 13
December.
Other national developments
Home Office publishes consultation on their response to the CJEU
judgment on data retention
On 30 November, the Government published a public consultation document
proposing changes to the Investigatory Powers Act to bring it into line
with the December 2016 judgment
<http://curia.europa.eu/juris/document/document.jsf?text=&docid=186492&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1949500>
from the Court of Justice of the European Union in the Davis/Watson case
against mass surveillance.
Davis/Watson (officially: Joined Cases C‑203/15 and C‑698/15) challenged
the UK's legislation governing data retention (the Data Retention and
Investigatory Powers Act 2014
<https://en.wikipedia.org/wiki/Data_Retention_and_Investigatory_Powers_Act_2014>,
or 'DRIPA'). The judgment set out the safeguards that need to be in
place in order for a data retention regime to be consistent with EU law.
The CJEU did not consider DRIPA's safeguards to be adequate, and the
legislation was thus deemed incompatible with EU law.
Since the 2016 judgment, DRIPA has been replaced with Part 4 of the
Investigatory Powers Act, but the Government accepts that amendments
will be required to the IPA in response to the CJEU's judgment. With
this in mind, the Government published its consultation paper seeking
opinions on their approach to amending the IPA to comply with the judgment.
The Government has accepted that the extensive list of public bodies
<https://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-act-snoopers-charter-browsing-history-what-does-it-mean-a7436251.html>
originally found in Schedule 4 of the Act are no longer allowed to
self-authorise requests for communications data as per the judgment in
the CJEU case. A new body, the Office for Communications Data
Authorisation (OCDA), will be created to handle the authorisation of
requests for stored data. (Consultation p.18)
Additionally, the CJEU ruling required traffic and location data to be
retained or accessed only in cases of 'serious crime'. The Goverment
sets a particularly low bar on its test of 'seriousness' in the
consultation, claiming that 'serious' should apply to crimes for which
an adult would be 'capable' of being imprisoned for six months or more.
(Consultation p.14) ORG does not believe this is adequate to stop
blanket data retention, as this could apply to a significant number of
crimes.
The CJEU judgment imposed a clear obligation upon national authorities
to notify persons for whom access to their data has been granted to any
relevant entities "as soon as that notification is no longer liable to
jeopardise the investigations being undertaken by those authorities".
However, the consultation notes that "the Government’s position is that
a general requirement to notify an individual that their data has been
accessed would unnecessarily inform criminals, suspected criminals and
others of the investigative techniques that public authorities use.
Simply because an investigation has ceased or an individual is ruled out
of a particular investigation does not mean that notification would not
be operationally damaging". The Open Rights Group believes this
particular section of the consultation is in clear breach of the CJEU
judgment. (Consultation p.20)
The draft Code of Practice published alongside the consultation makes it
clear that the Government intends to push forward with its 'Request
Filter' initiative (CoP, s.11) - which it claims will help to safeguard
privacy by limiting the amount of information returned when requests for
data are made. Though there are concerns that this could effectively
amount to a "police search engine", or something similar in nature to
the NSA's XKeyscore system.
Consultation documents are available here
<https://www.gov.uk/government/consultations/investigatory-powers-act-2016>,
and the consultation will close on 18 January 2018.
Government publishes interim cyber security science and technology
strategy
On 30 November, the Government published a policy document
<https://www.gov.uk/government/publications/interim-cyber-security-science-and-technology-strategy>
billed as an "interim strategy for future-proofing cyber security".
The policy aims to:
* "identify the technology areas that will have most impact on cyber
security
* develop the government’s policy response and the expertise base in
government, academia and industry
* assess whether we are sufficiently responding to cyber security
science and technology developments"
Lauri Love is under prosecution for allagedly hacking into US
Government, Missile Defence Agency and NASA systems. United States
prosecutors feel that the US-centric nature of Love's alleged hacking
targets mean it would be most appropriate for Love to be extradited from
the UK, to stand trial in US courts. In September 2016, District Judge
Nina Tempia ruled at Westminster Magistrates' Court in favour of
permitting Love's extradition.
Love's appeal against this decision was heard this week in the Royal
Courts of Justice in London, on 29-30 November. Defence lawyers for Love
argue that he is at high risk of suicide if extradited, due to health
issus, and being removed from the support of his family. High Court
judges said they will "take time" to reach a decision
<http://www.bbc.co.uk/news/uk-england-suffolk-42183670> in the case.
Lauri Love is supported by the Courage Foundation, who run a site
dedicated to his case at https://freelauri.com/
ICO publishes updated GDPR guidance for businesses
This week, the ICO published an updated compliance guide
<https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/>
on the General Data Protection Regulation, targeted at businesses and
organisations.
International developments
FCC plans vote on repeal of net neutrality rules
In the United States, FCC chief Ajit Pai has put forward a plan
<https://www.reuters.com/article/us-usa-internet-exclusive/fcc-chief-plans-to-ditch-u-s-net-neutrality-rules-idUSKBN1DL21A>
to "rescind the so-called net neutrality rules championed by Democratic
former President Barack Obama that treated internet service providers
like public utilities.
The rules barred broadband providers from blocking or slowing down
access to content or charging consumers more for certain content. They
were intended to ensure a free and open internet, give consumers equal
access to web content and prevent broadband service providers from
favoring their own content."
If successful, the FCC vote would clear the way for ISPs to charge
customers more to access certain content or to throttle and restrict
certain traffic as desired.
A vote on the repeal is expected on December 14
<https://www.nytimes.com/2017/11/21/technology/fcc-net-neutrality.html>.
Questions in the UK Parliament
Question on online bullying
Lord Mancroft asked the Government when they intended to publish their
digtal charter to address online bullying.
Lord Ashton of Hyde answered that the Government published their
Internet Safety Strategy on 11 October, "which focuses on keeping all
users safe online. The Strategy covers the responsibilities of companies
to their users, the use of technical solutions to prevent online harms
and Government's role in supporting users."
He noted that the strategy involves a consultation on the Digital
Economy Act 2017's social media code of practice, which aims to "address
conduct that involves bullying or insulting an individual online, or
other behaviour likely to intimidate or humiliate the individual."
Lord Ashton confirmed that a Government response to this consultation is
expected in early 2018.
Update on cyber security and data protection
Matthew Hancock gave a statement regarding the ongoing response of the
Government to Uber's October 2016 data breach, which affected
approximately 2.7 million user accounts in the UK. He confirmed that the
ICO <https://ico.org.uk/> and NCSC <https://www.ncsc.gov.uk/> are
working with Uber to investigate what kind of personal data about users
may have been compromised.
He also confirmed that the forthcoming Data Protection Bill aims to
"give more powers to the ICO to defend consumer interests and issue
higher fines of up to £18 million or four per cent of global turnover,
in cases of the most serious data breaches."
ORG media coverage
/See ORG Press Coverage
<https://wiki.openrightsgroup.org/wiki/ORG_Press_Coverage> for full
details./
2017-11-28-Naked Security-Age verification legislation will lead to porn
habit database
<https://nakedsecurity.sophos.com/2017/11/28/age-verification-legislation-will-lead-to-porn-habit-database/>
Author: Lisa Vaas
Summary: Myles Jackman quoted in story about the potential privacy
risks of age verification.
Topics: Data protection
<https://wiki.openrightsgroup.org/wiki/Data_protection>, Privacy
<https://wiki.openrightsgroup.org/wiki/Privacy>
2017-11-29-Chatter Podcast-Chatter Episode 29 – Mathew Rice on The
General Data Protection Regulation and Online Censorship
<http://www.thejist.co.uk/podcast/matthew-rice-general-data-protection-regulation-online-censorship/>
Author: The Jist
Summary: Matthew Rice appeared on The Jist's 'Chatter' podcast to
discuss issues surrounding GDPR and censorship.
Topics: Censorship
<https://wiki.openrightsgroup.org/w/index.php?title=Censorship&action=edit&redlink=1>,
Data protection <https://wiki.openrightsgroup.org/wiki/Data_protection>
2017-11-29-FutureScot-We're all data subjects now
<http://futurescot.com/rights-gdpr-open-rights-group/>
Author: Matthew Rice
Summary: Matthew Rice contributed an article on GDPR and the Data
Protection Bill for FutureScot, highlighting ORG's position on the Bill.
Topics: Data protection
<https://wiki.openrightsgroup.org/wiki/Data_protection>, Privacy
<https://wiki.openrightsgroup.org/wiki/Privacy>
2017-11-30-Computer Weekly-Proposed snoopers’ charter changes
inadequate, says rights group
<http://www.computerweekly.com/news/450431131/Proposed-snoopers-charter-changes-inadequate-says-rights-group>
Author: Warwick Ashford
Summary: Open Rights Group quoted in an article about issues with
the Home Office consultation on their response to the Watson CJEU
ruling.
Topics: Surveillance
<https://wiki.openrightsgroup.org/wiki/Surveillance>
2017-11-30-The Register-UK.gov admits Investigatory Powers Act illegal
under EU law
<https://www.theregister.co.uk/2017/11/30/investigatory_powers_act_illegal_under_eu_law/>
Author: Rebecca Hill
Summary: Jim Killock quoted in an article about the Government's
recently-released consultation on their proposed amendments to the
Investigatory Powers Act.
Topics: Surveillance
<https://wiki.openrightsgroup.org/wiki/Surveillance>
2017-11-30-New Statesman-Why the data protection bill must be amended
before it becomes UK law
<http://tech.newstatesman.com/guest-opinion/data-protection-bill>
Author: Jim Killock
Summary: Jim Killock authored an op-ed piece for the New Statesman
about the shortcomings of the Data Protection Bill.
Topics: Data protection
<https://wiki.openrightsgroup.org/wiki/Data_protection>, Privacy
<https://wiki.openrightsgroup.org/wiki/Privacy>
ORG Contact Details
Staff page <https://www.openrightsgroup.org/people/staff>
* Jim Killock, Executive Director
<https://www.openrightsgroup.org/people/staff#jim>
* Javier Ruiz, Policy Director
<https://www.openrightsgroup.org/people/staff#javier>
* Ed Johnson-Williams, Campaigns
<https://www.openrightsgroup.org/people/staff#ed>
* Lee Maguire, Tech <https://www.openrightsgroup.org/people/staff#lee>
* Myles Jackman, Legal Director
<https://www.openrightsgroup.org/people/staff#myles>
* Alex Haydock, Legal Intern
<https://www.openrightsgroup.org/people/staff#alex>
* Matthew Rice, Scotland Director
<https://www.openrightsgroup.org/people/staff#matthew>
* Slavka Bielikova, Policy Officer
<https://www.openrightsgroup.org/people/staff#slavka>
* Mike Morel, Campaigner
<https://www.openrightsgroup.org/people/staff#mike>
* Caitlin Bishop, Campaigns Communication Officer
<https://www.openrightsgroup.org/people/staff#caitlin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openrightsgroup.org/pipermail/parliamentary.monitor/attachments/20171201/0a422f22/attachment.html>
More information about the Parliamentary.monitor
mailing list