[ORG PM] ORG policy update 20 October 2017
Slavka Bielikova
policy.monitoring at openrightsgroup.org
Fri Oct 20 13:33:28 BST 2017
https://wiki.openrightsgroup.org/wiki/ORG_policy_update/2017-w42
ORG policy update/2017-w42
This is ORG's Policy Update for the week beginning 16/10/2017.
If you are reading this online, you can also subscribe to the email
version or unsubscribe
<https://lists.openrightsgroup.org/listinfo/parliamentary.monitor>.
ORG’s work
* Save the date for ORGCon 2017 - it will take place on Saturday 4
November at Friends House on Euston Road in London. We have a second
smaller event planned on Sunday 5 November in a different location
(TBC). This year is all about the Digital Fightback. Confirmed
speakers include Graham Linehan, Noel Sharkey, Helen Lewis, Jamie
Bartlett and Nanjira Sambuli. Tickets are on sale now
<https://orgcon.openrightsgroup.org/>!
Planned local group events:
* ORG Aberdeen
<https://www.meetup.com/ORG-Aberdeen/events/244227806/> and FSFE
Aberdeen are organising a Cryptonoise event on 26 October. Join them
to discuss current digital rights issues and learn how you can help
to protect your rights.
* Join ORG Birmingham
<https://www.meetup.com/ORG-Birmingham/events/244094596/> for a
Halloween social on 30 October. Fancy dress is encouraged! They will
be organising some spooky games and activities before heading to a pub.
* Next ORG Glasgow
<https://www.meetup.com/ORG-Glasgow/events/243941706/> monthly
meetup will be on 2 November. The local group will discuss new ideas
for public events and presentations.
Official meetings
* Jim Killock attended an introductory meeting with the Investigatory
Powers Commissioner.
UK Parliament
Labour tabled an amendment implementing Article 80(2)
The Data Protection Bill will be scrutinised in the Committee in the
House of Lords on 30 October.
Last week, the Bill was read the second time
<http://www.ukauthority.com/data4good/entry/7562/data-protection-reform-faces-rough-parliamentary-ride> in
the HoL (transcripts 1
<https://www.theyworkforyou.com/lords/?id=2017-10-10a.123.3&s=%28internet+OR+cyber+OR+computer+OR+web+OR+surveillance+OR+copywrite+OR+%22data+sharing%22%29#g156.0>, 2
<https://www.theyworkforyou.com/lords/?id=2017-10-10a.169.3&s=%28internet+OR+cyber+OR+computer+OR+web+OR+surveillance+OR+copywrite+OR+%22data+sharing%22%29#g212.0>).
ORG prepared a briefing
<https://www.openrightsgroup.org/ourwork/reports/open-rights-group-briefing-on-the-data-protection-bill-hol-second-reading> prior
to the debate. We have argued for the need of implementing the General
Data Protection Regulation
<https://wiki.openrightsgroup.org/wiki/General_Data_Protection_Regulation> Article
80(2). The article would allow independent privacy bodies to bring
complaints on behalf of consumers without the need of a named data
subject. This provision could be instrumental in investigating harmful
data processing practices.
The debate showed cross-party support for the implementation of the
article in order to improve consumer rights. However, the Government
indicated that they do not intend to bring the provision forward.
Labour have already tabled an amendment
<https://publications.parliament.uk/pa/bills/lbill/2017-2019/0066/18066-RL.pdf> that
would make it possible for independent privacy bodies to raise
complaints on behalf of users without having a named data subject.
This amendment is only for processing that applies to GDPR, which is a
good start. However, it is necessary to get the same power for
independent privacy bodies for processing that does not apply to GDPR.
ORG intends to work closely with Peers to develop that language
The Bill, however, has more issues that need to be addressed. These include:
* The lack of a “representative”
<http://amberhawk.typepad.com/amberhawk/2017/10/dp-bills-new-immigration-exemption-can-put-eu-citizens-seeking-a-right-to-remain-at-considerable-dis.html>.
Originally, the EU’s General Data Protection Regulation covers the
processing of personal data of EU data subjects by data controllers
(companies) not established in the EU. In such circumstances, the EU
requires companies who are based outside of the EU but wish to offer
services to people in the EU to establish a representative in a
Member State. Without a “representative” it will be impossible to
enforce all rights and obligations on non-UK companies offering
services to the people in the UK if something goes wrong.
* Too wide exemption for processing of data for immigration purposes
removes any obligation on the collector to provide information to
the individual, before during, or after collection, or to abide by
the seven data protection principles. The exemption also removes the
right for the individual to request the information held about them
from a data controller.
* One of the conditions for processing special categories of personal
data is “substantial public interest”, however, the Bill does not
include a definition of substantial public interest.
* National Security Certificates - provisions in the Bill include even
wider exemptions than those in the current Data Protection Act.
* Unfettered powers for cross-border transfers of personal data by
intelligence agencies without appropriate levels of protection.
Other national developments
MI5 & MI6 might be sharing bulk data illegally
A challenge brought to the Investigatory Powers Tribunal
<https://wiki.openrightsgroup.org/wiki/Investigatory_Powers_Tribunal> by Privacy
International
<https://wiki.openrightsgroup.org/wiki/Privacy_International> alleges
that MI5 and MI6 sharing bulk personal data with their foreign partners
is illegal
<https://www.theguardian.com/technology/2017/oct/17/uk-spy-agencies-intelligence-mi5-mi6-law-data-sharing-tribunal>.
The argument behind the challenge is that most of the bulk personal
datasets relate to UK citizens who are not of legitimate intelligence
interest. GCHQ requires its foreign partners to adopt the equivalent
level of safeguards but MI5 and MI6 do not follow the same practices.
Documents revealed that the agencies did not inform watchdogs of sharing
bulk personal datasets and bulk communications data with third parties.
The letter from the newly appointed Investigatory Powers Commissioner
Lord Justice Fulford
<https://www.theregister.co.uk/2017/10/18/spy_agencies_kept_oversight_bodies_in_the_dark_over_datasharing_with_industry/> declares
that his predecessors he Intelligence Services Commissioner (ISCom) and
the Interception of Communications Commissioner (IOCCO) were informed of
such practice.
The Tribunal hearing continues.
Europe
LIBE Committee maintains good levels of privacy protection in
ePrivacy Regulation
The European Union has been in the process of updating the ePrivacy
regulation. The new proposal from the European Commission
<https://wiki.openrightsgroup.org/wiki/European_Commission> was voted on
in the leading Committee for Civil Liberties (LIBE).
LIBE passed the Report on the ePrivacy Regulation and voted in favour of
all the compromise amendments from the opposition MEPs. In this
instance, compromise amendments have improved the level of privacy
offered to the EU citizens.
The report as amended by the LIBE Committee will next be voted on in
Plenary of the European Parliament
<https://wiki.openrightsgroup.org/wiki/European_Parliament> by all MEPs.
Then the ePrivacy Regulation will be discussed with the Member States in
the Council.
Prior to the vote in the Committee, various Internet companies who
benefit from tracking their users were heavily lobbying the EU
officials. This report by the Corporate Europe Observatory
<https://corporateeurope.org/power-lobbies/2017/10/big-data-watching-you> shows
in detail which companies were in touch with the European Commission
about their proposals.
It is important the revised ePrivacy rules maintain at the minimum the
same level of protection that is offered to the EU citizens by the
General Data Protection Regulation. The ePrivacy is a specialised
legislation which complements the more general GDPR legislation. This
means that when the two regulations contain rules for the same situation
<https://iapp.org/news/a/will-the-eprivacy-reg-overshadow-the-gdpr-in-the-age-of-iot/>,
the ePrivacy rules should take precedence. If the levels of protection
provided by the two legislations differ, the ePrivacy is likely to end
up in front of the European Court of Justice
<https://wiki.openrightsgroup.org/wiki/European_Court_of_Justice> which
could invalidate the rules.
Civil rights groups sign an open letter against Article 13 of
Copyright Reform
ORG together with other organisations signed an open letter to President
of the European Commission Jean-Claude Juncker
<https://www.eff.org/files/2017/10/16/openletteroncopyrightdirective_final.pdf> and
other EU officials regarding the proposals for compulsory proactive
copyright filters.
The plans to modernise the European copyright (as part of the Digital
Single Market strategy) include new proposals (Article 13 of the
Copyright Reform) that would require some online service providers to
proactively detect and filter allegedly infringing copyright works,
uploaded to their platforms by users.
The letter emphasises that the obligations placed on Internet companies
<https://torrentfreak.com/abandon-proactive-copyright-filters-huge-coalition-tells-eu-heavyweights-171017/> and
Internet service providers will inevitably lead to mistakes made due to
caution. Upload filter, as defined by Article 13, does not allow for the
application of any of the exceptions to copyright.
This provision requires Internet companies to police copyright
infringement. This approach will lead to overblocking since the
companies will face fines if they fail to remove infringing content.
The letter also warns that Article 13 could also be illegal since it
contradicts case law of the European Court of Justice
<https://wiki.openrightsgroup.org/wiki/European_Court_of_Justice>. The
e-Commerce Directive already requires Internet companies to remove
infringing content once they have been notified of its existence.
Article 13 would force the monitoring of uploads. This would go against
the ‘no general obligation to monitor‘ rules present in the Directive
and would violate freedom of expression set out in Article 11 of the
Charter of Fundamental Rights.
Previously, six Member States
<https://edri.org/six-states-raise-concerns-about-legality-of-copyright-directive/> (Belgium,
Czech Republic, Finland, Hungary, Ireland and the Netherlands) submitted
their questions on proportionality and compatibility of the new clauses
with the existing law.
The vote in the European Parliament on the Copyright Reform is scheduled
for November.
EU approves Privacy Shield in the annual review
The European Commission
<https://wiki.openrightsgroup.org/wiki/European_Commission> conducted
the first annual review of the EU-US Privacy Shield agreement. The
review was assessing whether the US commitment to the protection of the
European citizens’ data is sufficiently protected when transferred from
the EU to the US.
The results of the review show that the Commission believes the data
sharing agreement continues to ensure adequate protection of Europeans’
personal data.
However, it has been reported that the Commission will make some
recommendations
<http://www.euractiv.com/section/data-protection/news/eu-us-privacy-shield-pact-to-pass-first-annual-review/>.
Among others, the Commission wants to suggest to the US improvements
regarding the practical implementation of the Privacy Shield through a
tougher monitoring of the compliance of companies with its privacy rules.
The EU Commissioner Věra Jourová previously stated that she wants the US
to appoint a privacy ombudsperson who would deal with complaints from EU
citizens about the US.
Questions in the UK Parliament
Question on the responsibility of Internet companies
Wendy Morton MP asked
<https://www.theyworkforyou.com/debates/?id=2017-10-16a.575.0&s=%28internet+OR+cyber+OR+computer+OR+web+OR+surveillance+OR+copywrite+OR+%22data+sharing%22%29#g575.6> the
Minister of State for the Home Department, whether he agrees that some
of the world’s leading Internet companies could do more to ensure that
extremist propaganda is taken down immediately.
Ben Wallace MP
<https://wiki.openrightsgroup.org/wiki/Ben_Wallace_MP> responded that
Internet companies could do more with their technology, could do much
more to recognise that they have a responsibility for content that is
hosted on their sites, and they could do more to take it down.
Question on Equifax
Jon Trickett asked
<https://www.theyworkforyou.com/wrans/?id=2017-10-06.105514.h&s=%22data+protection%22#g105514.r0> the
Secretary of State for Digital, Culture, Media and Sport, what steps the
Government is taking to improve protection for people's private data and
finances as a result of the Equifax data breach.
Matthew Hancock MP
<https://wiki.openrightsgroup.org/wiki/Matthew_Hancock_MP> responded
that the National Cyber Security Centre (NCSC) published updated advice
on its website, advising members of the public on password re-use,
avoiding related phishing emails and fraudulent phone calls, as well as
giving information on how to report a cyber incident to Action Fraud.
Question on personal data
Stephen Gethins asked
<https://www.theyworkforyou.com/wrans/?id=2017-10-06.106383.h&s=%22data+protection%22> the
Secretary of State for Exiting the European Union, whether it is his
policy to refrain from entering any UK-EU model for exchanging and
protecting personal data if the framework requires oversight from the
European Court of Justice.
Robin Walker MP
<https://wiki.openrightsgroup.org/wiki/Robin_Walker_MP> responded that
they will bring an end to the direct jurisdiction of the CJEU. Walker
said that they will respect the internal judicial processes of the EU
just as we respect the internal judicial processes of our other
international partners.
Question on data protection
Darren Jones asked
<https://www.theyworkforyou.com/wrans/?id=2017-10-09.106646.h&s=Digital+Government#g106646.q0> the
Secretary of State for Digital, Culture, Media and Sport, what oversight
and powers the Government will have in relation to guidance issued by
the Information Commissioner on the application of the General Data
Protection Regulation.
Matthew Hancock MP
<https://wiki.openrightsgroup.org/wiki/Matthew_Hancock_MP> responded
that the Data Protection Bill will require the Information Commissioner
to prepare statutory data sharing and direct marketing codes of
practice. The Secretary of State may also require the Commissioner to
prepare additional codes giving guidance on good practice in other data
processing areas.
Question on counter-terrorism
Jim Cunningham MP
<https://wiki.openrightsgroup.org/wiki/Jim_Cunningham_MP> asked
<https://www.theyworkforyou.com/debates/?id=2017-10-17a.702.5&s=%28internet+OR+cyber+OR+computer+OR+web+OR+surveillance+OR+copywrite+OR+%22data+sharing%22%29#g702.9> the
Secretary of State for Foreign and Commonwealth Office, what recent
steps they have taken to support the implementation of the Government’s
counter-terrorism strategy overseas.
Boris Johnson MP
<https://wiki.openrightsgroup.org/wiki/Boris_Johnson_MP> responded that
the Prime Minister has been leading in countering online radicalisation
and taking more than 270,000 pieces of illegal terrorist material off
the internet.
Question on pupils’ personal records
Darren Jones asked
<https://www.theyworkforyou.com/wrans/?id=2017-10-10.106877.h&s=%28internet+OR+cyber+OR+computer+OR+web+OR+surveillance+OR+copywrite+OR+%22data+sharing%22%29#g106877.r0> the
Secretary of State Education, whether third party organisations have
access to data on the National Pupil Database (NPD).
Nick Dibbs responded that the Department may legally share the NPD, or
parts of it, with third parties, using powers set out in Section 537A of
the Education Act 1997 and the Education (Individual Pupil Information)
(Prescribed Persons) (England) Regulations 2009. Organisations
requesting access under those powers must show how it will be used to
promote pupils’ education, through evidence or research.
Dibbs said that where the police or Home Office have evidence that a
child may be at risk or evidence of criminal activity, limited data
including a pupil’s address and school details may be requested from the
NPD.
ORG media coverage
/See ORG Press Coverage
<https://wiki.openrightsgroup.org/wiki/ORG_Press_Coverage> for full
details./
2017-10-13-ISP Review-UK ISP Filters Criticised for Blocking Lots of
Safe and Legal Websites
<https://www.ispreview.co.uk/index.php/2017/10/uk-isp-filters-criticised-blocking-lots-safe-legal-websites.html>
Summary: ORG mentioned in relation to Blocked - project identifying
unjustly blocked websites by ISPs.
Topics: Online censorship
<https://wiki.openrightsgroup.org/wiki/Online_censorship>
2017-10-14-Breitbart-British Police Arrest At Least 3,395 People for
‘Offensive’ Online Comments in One Year
<http://www.breitbart.com/london/2017/10/14/british-police-arrest-at-least-3395-people-for-offensive-online-comments-one-year/>
Author: Jack Montghomery
Summary: Jim Killock quoted on “offensive” comments being an
insufficient ground for prosecution.
Topics: Online censorship
<https://wiki.openrightsgroup.org/wiki/Online_censorship>
2017-10-16-Huge power imbalance between firms and users whose info they
grab
<https://www.theregister.co.uk/2017/10/16/power_imbalance_between_companies_and_users_poses_risk_to_people_and_society_report/>
Author: Rebecca Hill
Summary: Jim Killock quoted on mass data gathering to have huge
effects on things like competition between companies and access to
services.
Topics: Data protection
<https://wiki.openrightsgroup.org/wiki/Data_protection>
2017-10-17-IPPro-Article 13 of DSM proposals should be deleted, says the
EFF
<http://www.ipprotheinternet.com/ipprotheinternetnews/article.php?article_id=5670>
Author: Barney Dixon
Summary: ORG mentioned in relation to a letter against Article 13
signed by civil liberties organisations.
Topics: Copyright <https://wiki.openrightsgroup.org/wiki/Copyright>
2017-10-19-Complete Music Update-Now the digital rights groups write to
the EU about safe harbour reform
<http://www.completemusicupdate.com/article/now-the-digital-rights-groups-write-to-the-eu-about-safe-harbour-reform/>
Author: Chris Cooke
Summary: ORG mentioned in relation to a letter against Article 13
signed by civil liberties organisations.
Topics: Copyright <https://wiki.openrightsgroup.org/wiki/Copyright>
2017-10-19-Torrent Freak-Anti-Piracy Group Joins Internet Organization
That Controls Top-Level Domain
<https://torrentfreak.com/anti-piracy-group-joins-internet-organization-that-controls-top-level-domain-171019/#comment-3574676736>
Author: Andy
Summary: ORG mentioned in relation to a letter against Article 13
signed by civil liberties organisations.
Topics: Copyright <https://wiki.openrightsgroup.org/wiki/Copyright>
ORG Contact Details
Staff page <https://www.openrightsgroup.org/people/staff>
* Jim Killock, Executive Director
<https://www.openrightsgroup.org/people/staff#jim>
* Javier Ruiz, Policy
<https://www.openrightsgroup.org/people/staff#javier>
* Ed Johnson-Williams, Campaigns
<https://www.openrightsgroup.org/people/staff#ed>
* Lee Maguire, Tech <https://www.openrightsgroup.org/people/staff#lee>
* Myles Jackman, Legal Director
<https://www.openrightsgroup.org/people/staff#myles>
* Matthew Rice, Scotland Director
* Slavka Bielikova, Policy Officer
* Mike Morel, Communications Officer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openrightsgroup.org/pipermail/parliamentary.monitor/attachments/20171020/0444e7ac/attachment.html>
More information about the Parliamentary.monitor
mailing list