[ORG PM] ORG policy update 13 October 2017
Slavka Bielikova
policy.monitoring at openrightsgroup.org
Fri Oct 13 12:44:20 BST 2017
https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2017-w41
ORG policy update/2017-w41
This is ORG's Policy Update for the week beginning 09/10/2017.
If you are reading this online, you can also subscribe to the email
version or unsubscribe
<https://lists.openrightsgroup.org/listinfo/parliamentary.monitor>.
ORG’s work
* We’ve launched a new action asking people to email their MEP about
the ePrivacy Regulation. We are concerned about pressure from
Facebook and Google to water down the regulation. You can get in
touch with your MEP here
<https://action.openrightsgroup.org/tell-your-mep-strengthen-digital-privacy?pk_campaign=Email-MEP-about-ePrivacy-one>.
* ORG submitted a briefing to the House of Lords before the Second
Reading of the Data Protection Bill. Read about our concerns here
<https://www.openrightsgroup.org/ourwork/reports/open-rights-group-briefing-on-the-data-protection-bill-hol-second-reading>.
* Save the date for ORGCon 2017 - it will take place on Saturday 4
November at Friends House on Euston Road in London. We have a second
smaller event planned on Sunday 5 November in a different location
(TBC). This year is all about the Digital Fightback. Confirmed
speakers include Graham Linehan, Noel Sharkey, Helen Lewis, Jamie
Bartlett and Nanjira Sambuli. Tickets are on sale now
<https://orgcon.openrightsgroup.org/>!
Official meetings
* Jim Killock attended a roundtable meeting about the Internet
Commission 2020.
UK Parliament
Government is against Article 80(2)
The Data Protection Bill went through its Second Reading in the House of
Lords on 10 October. Lords predominantly outlined their positions on the
Bill and indicated areas they would like to amend.
Transcripts of the debate: 1
<https://www.theyworkforyou.com/lords/?id=2017-10-10a.123.3&s=%28internet+OR+cyber+OR+computer+OR+web+OR+surveillance+OR+copywrite+OR+%22data+sharing%22%29#g156.0>, 2
<https://www.theyworkforyou.com/lords/?id=2017-10-10a.169.3&s=%28internet+OR+cyber+OR+computer+OR+web+OR+surveillance+OR+copywrite+OR+%22data+sharing%22%29#g212.0>
The Bill will be discussed by peers in Committee on 30 October
<https://services.parliament.uk/bills/2017-19/dataprotection.html>.
ORG prepared a briefing
<https://www.openrightsgroup.org/ourwork/reports/open-rights-group-briefing-on-the-data-protection-bill-hol-second-reading> prior
to the debate. We have argued for the need of implementing the General
Data Protection Regulation
<https://wiki.openrightsgroup.org/wiki/General_Data_Protection_Regulation> Article
80(2). The article would allow independent privacy bodies to bring
complaints on behalf of consumers without the need of a named data
subject. This provision could be instrumental in investigating harmful
data processing practices.
During the debate, Article 80(2) received cross-party support from
various peers, however, the Government indicated that they do not intend
to implement the Article into the DPBill. Instead, Baroness Williams (on
behalf of the Government) said that
“It is important to note that not-for-profit organisations will be
able to take action on behalf of data subjects where the individuals
concerned have mandated them to do so. This is an important new
right for data subjects and should not be underestimated.”
Other issues discussed during the debate included:
* Age of consent - difference between Scotland and the rest of UK
* Post-Brexit data flows and adequacy
* Henry VIII clauses and impossibility of making the Bill future-proof
* Need for transparent and effective regime for assessment of the
right to be forgotten requests
* Bill’s interaction with blockchain
* Call for NHS patient data to be protected as a national asset
* Limitation for single processing for special purposes
There is a number of other issues
<https://privacyinternational.org/node/1524> in the Bill that need to be
addressed:
* The lack of a “representative”
<http://amberhawk.typepad.com/amberhawk/2017/10/dp-bills-new-immigration-exemption-can-put-eu-citizens-seeking-a-right-to-remain-at-considerable-dis.html>.
Originally, the EU’s General Data Protection Regulation covers the
processing of personal data of EU data subjects by data controllers
(companies) not established in the EU. In such circumstances, the EU
requires companies who are based outside of the EU but wish to offer
services to people in the EU to establish a representative in a
Member State. Without a “representative” it will be impossible to
enforce all rights and obligations on non-UK companies offering
services to the people in the UK if something goes wrong.
* Conditions for processing special categories of personal data - one
of the conditions for processing is “substantial public interest”,
however, the Bill does not include a definition of substantial
public interest.
* National Security Certificates - provisions in the Bill include even
wider exemptions than those in the current Data Protection Act.
* Unfettered powers for cross-border transfers of personal data by
intelligence agencies without appropriate levels of protection.
Other national developments
Government set up a new national hate crime hub
The Government has announced a new national hub to tackle online hate
crime
<https://www.gov.uk/government/news/home-secretary-announces-new-national-online-hate-crime-hub>.
The hub’s primary aim is to improve the police response to the problem
of hate crime online.
The Government aims to provide better support for victims and increase
the number of prosecutions. Specialist officers are supposed to advise
victims on how to report online hate speech to platforms hosting
external content online
<http://www.telegraph.co.uk/news/2017/10/08/police-tell-social-media-firms-take-hate-posts-major-government/>.
The hub will allow people to report online hate crime cases to police
who will then assess them and assign them to local forces. They will
also refer appropriate cases to online platforms hosting external
content so that hateful material can be removed. This change comes after
the Crime Prosecution Service recently committed to treating online hate
crime
<https://www.theguardian.com/commentisfree/2017/aug/20/hate-crimes-online-abusers-prosecutors-serious-crackdown-internet-face-to-face> as
seriously as offline hate crime.
The issue of removing online hate crime has been more prominent in the
EU where the European Commission already passed new rules applying to
social media and Internet companies
<http://europa.eu/rapid/press-release_IP-16-1937_en.htm>. The rules
require them to remove hateful online content and terrorist material
within 24 hours of being notified. The UK Government has not made an
official statement on online hate content regulation but will likely
follow the example set by online terrorist propaganda.
UK to become the safest place in the world to be online?
The Government launched a new Internet Safety Strategy
<https://www.gov.uk/government/news/making-britain-the-safest-place-in-the-world-to-be-online>.
The Strategy corresponds to the announcements of the Digital Charter
made in the Conservative manifesto as well as the Queen’s Speech. The
strategy is to mostly regulate social media companies. The Government
intends to:
* Create a code of practice for social media companies to remove or
address bullying, intimidating or humiliating online content;
* Propose an industry-wide levy on social media companies and
communication service providers to raise awareness and counter
Internet harms.
These measures are voluntary; however, if the targeted companies do not
get involved the Government will consider implementing legislative measures.
In order to form the strategy, the Government launched a consultation
<https://www.gov.uk/government/consultations/internet-safety-strategy-green-paper> that
seeks views on a social media code of practice, transparency reporting
and a social media levy, technological solutions to online harms,
developing children’s digital literacy, support for parents, and the
experience of online abuse and dating.
The implementation of a social media levy appears to be problematic. The
Government will run into issues when trying to define who will have to
pay and who doesn't, how the rate is calculated, or enforcement of a
non-UK domiciled company. The launch of the new initiative tightening
the rules for social media companies comes at the same time as the calls
from Ofcom
<https://www.theguardian.com/media/2017/oct/10/ofcom-patricia-hodgson-google-facebook-fake-news> to
reclassify social media companies as publishers in regards to the spread
of fake news. The reclassification would make them directly responsible
and liable for the content on their platforms.
Europe
Internet companies lobby against ePrivacy
The ePrivacy rules were updated in 2016 but the EU is
currently reviewing them again following pressure
<http://www.politico.eu/wp-content/uploads/2016/12/POLITICO-e-privacy-directive-review-draft-december.pdf>from
the online advertising industry, including corporate powerhouses such as
Facebook and Google. ePrivacy regulation is supposed to complement
the General Data Protection Regulation
<https://wiki.openrightsgroup.org/wiki/General_Data_Protection_Regulation> which
is due to be implemented by the Member States by 25 May 2018.
The original proposal from the European Commission
<https://wiki.openrightsgroup.org/wiki/European_Commission> is a good
starting point; however, there are still issues that need to be fixed
<https://edri.org/dear-meps-we-need-you-to-protect-our-privacy-online/>.
Internet and advertising companies (which profit from tracking) are
trying to lobby the EU to water down these changes.
The revised ePrivacy rules are currently debated by the European
Parliament and MEPs will vote on them soon (date to be announced). The
ePrivacy is a specialised legislation while the GDPR is a general
legislation. This means that when the two regulations contain rules for
the same situation
<https://iapp.org/news/a/will-the-eprivacy-reg-overshadow-the-gdpr-in-the-age-of-iot/>,
the ePrivacy rules should take precedence. However, the ePrivacy
Regulation should not lower the level of protection given to people
under the GDPR. If this is the case, it is likely that the issue will
have to be resolved by the European Court of Justice
<https://wiki.openrightsgroup.org/wiki/European_Court_of_Justice> (CJEU).
The CJEU <https://wiki.openrightsgroup.org/wiki/CJEU> could then
potentially invalidate the provisions.
It is important the revised rules:
* maintain the use of privacy features in browsers and apps by default;
* ban cookie walls preventing people from accessing websites if they
do not consent to being tracked;
* close the loophole for collecting data by third parties for analytics;
* remove any language legitimising corporate surveillance.
You can contact your MEP here
<https://action.openrightsgroup.org/tell-your-mep-strengthen-digital-privacy?pk_campaign=Email-MEP-about-ePrivacy-one>.
Questions in the UK Parliament
Question on catfishing
Ann Coffey MP
<https://wiki.openrightsgroup.org/wiki/Ann_Coffey_MP> asked
<https://www.theyworkforyou.com/wrans/?id=2017-09-14.105382.h&s=%28internet+OR+cyber+OR+computer+OR+web+OR+surveillance+OR+copywrite+OR+%22data+sharing%22%29#g105382.r0> the
Secretary of State for Digital, Culture, Media and Sport, what
discussions the department has had on measures dealing with catfishing
in the Internet Safety Strategy.
Matthew Hancock MP
<https://wiki.openrightsgroup.org/wiki/Matthew_Hancock_MP> responded
that they will consider ways in which we can ensure Britain is the
safest place in the world to be online.
Question on cybercrime
John Trickett asked
<https://www.theyworkforyou.com/wrans/?id=2017-09-14.105229.h&s=Digital+Government#g105229.r0> the
Secretary of State for Health, whether the department requires
contractors to have obtained a certificate from the Government Cyber
Essentials scheme.
Phillip Dunne responded that suppliers are only required to demonstrate
that they meet the technical requirements prescribed by Cyber Essentials
for those contracts involving the transfer of sensitive data. There is
no general requirement for all suppliers to achieve Cyber Essentials
certification.
Question on “denial of service” attacks
Chi Onwurah MP
<https://wiki.openrightsgroup.org/wiki/Chi_Onwurah_MP> asked
<https://www.theyworkforyou.com/wrans/?id=2017-09-14.105256.h&s=Digital+Government#g105256.q0> the
Secretary of State for Digital, Culture, Media and Sport, what steps
they have been taking to improve public and private sector
organisations' protection against distributed “denial of service” attacks.
Matthew Hancock MP
<https://wiki.openrightsgroup.org/wiki/Matthew_Hancock_MP> responded
that the department is considering the need for the right incentives to
be in place to build security into internet-connected products and
services to help protect devices from being hijacked.
ORG media coverage
/See ORG Press Coverage
<https://wiki.openrightsgroup.org/wiki/ORG_Press_Coverage> for full
details./
2017-10-07-FACTS Chronicle-Uber app can secretly spy on your iPhone and
you won’t know!
<https://factschronicle.com/uber-app-can-secretly-spy-on-your-iphone-and-you-wont-know-5029.html>
Author: Mike Hardy
Summary: Jim Killock quoted on Uber not proving itself a trustworthy
company either to regulators or consumers.
Topics: Surveillance
<https://wiki.openrightsgroup.org/wiki/Surveillance>
2017-10-10-World Socialist Web Site-British government prepares further
draconian legislation to censor Internet
<https://www.wsws.org/en/articles/2017/10/10/rudd-o10.html>
Author: Steve James
Summary: ORG mentioned in relation to our concerns about the Law
Commission’s new proposals for the Espionage Act.
Topics: Online censorship
<https://wiki.openrightsgroup.org/wiki/Online_censorship>
2017-10-10-Wired-Theresa May's next cunning plan? A levy on technology
firms
<http://www.wired.co.uk/article/uk-regulate-internet-safety-regulation>
Author: Matt Burgess
Summary: Jim Killock quoted on the need for the police to police the
Internet, not the Internet companies.
Topics: Online censorship
<https://wiki.openrightsgroup.org/wiki/Online_censorship>
ORG Contact Details
Staff page <https://www.openrightsgroup.org/people/staff>
* Jim Killock, Executive Director
<https://www.openrightsgroup.org/people/staff#jim>
* Javier Ruiz, Policy
<https://www.openrightsgroup.org/people/staff#javier>
* Ed Johnson-Williams, Campaigns
<https://www.openrightsgroup.org/people/staff#ed>
* Lee Maguire, Tech <https://www.openrightsgroup.org/people/staff#lee>
* Myles Jackman, Legal Director
<https://www.openrightsgroup.org/people/staff#myles>
* Matthew Rice, Scotland Director
* Slavka Bielikova, Policy Officer
* Mike Morel, Communications Officer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openrightsgroup.org/pipermail/parliamentary.monitor/attachments/20171013/13a19cad/attachment.html>
More information about the Parliamentary.monitor
mailing list