Created page with "==ORG's work== *ORG submitted our response to the E-privacy consultation that closed on Tuesday this week. *We were gathering information together with the [https://www.donts..."
New page
==ORG's work==
*ORG submitted our response to the E-privacy consultation that closed on Tuesday this week.
*We were gathering information together with the [https://www.dontspyonus.org.uk/investigatory-powers-bill-make-a-statement-to-the-house-of-lords Don’t Spy On Us] coalition for the Lords to brief them before the IPBill goes to the Committee stage. ORG has also been working on amendments to be discussed in the Committee.
*[https://www.dontspyonus.org.uk/ Don’t Spy On Us] coalition started a new campaign letting people to sign our statement to the House of Lords pointing out what parts of the IPBill need amending. You can sign the statement on the [https://www.dontspyonus.org.uk/investigatory-powers-bill-make-a-statement-to-the-house-of-lords website]!
*We were preparing a talk with Naomi Colvin, from the [https://www.couragefound.org Courage Foundation], about Lauri Love and his extradition case (read more on the story further down). The talk is today, starting at 6.30pm. You are very welcome to join in. Please sign up on [http://www.meetup.com/ORG-London/events/231846862/ Meetup ORG London]!
==Official meetings==
*Jim Killock attended a meeting at Home Office.
*Ed Johnson-Williams attended a screening of the Haystack documentary in Edinburgh earlier this week, where he sat on a panel discussing the IPBill.
*Javier Ruiz attended a meeting in the Cabinet Office for mutual legal assistance treaty on mobile data.
==Parliament==
===IPBill===
The IPBill is going to be discussed in the Committee next week. The first sitting is scheduled for [http://services.parliament.uk/bills/2016-17/investigatorypowers.html 11 July] with following sittings on 13, 18 and 20 July. The Committee stage follows the [https://hansard.parliament.uk/lords/2016-06-27/debates/1606278000466/InvestigatoryPowersBill Second Reading] of the Bill in the House of Lords last week. The debate in the Lords did not show any surprises, Conservative and Labour Lords pointed out only minor changes that need to be done on the Bill and most of the Lib Dem peers expressed their opposition.
[http://www.publications.parliament.uk/pa/bills/lbill/2016-2017/0040/17040(c).pdf Amendments] submitted this week to be discussed in the Committee included:
1. Lord Paddick & Baroness Hamwee
*creating a Privacy and Civil Liberties Board
*warrants and authorisations for interception should be only approved for serious crimes
*provisions on interception in psychiatric hospitals and immigration detention facilities should be removed from the Bill
*test for the intrusion of privacy
*forbidding retention of internet connection records by a public authority
2. Lord Lucas
*keeping a detailed record of all authorisations granted (including names, reasos for actions and results)
*the appropriateness of actions of the Secretary of State has to be independently inspected
*communications data and bulk acquisition warrants are considered proportionate and necessary to be obtained for the purpose of suppressing less serious crimes perpetrated on a large scale using the internet
3. Earl Howe
*restrictions in relation to internet connection records
*protection for trade unionists
*time limitations on warrants
*specifications for operational purposes in warrants
*appointments of the Investigatory Powers Commissioner
*Referrals by the Intelligence and Security Committee of Parliament
===UK data protection legislation post Brexit===
Baroness Neville-Rolfe, Minister for Data Protection, revealed the [https://www.gov.uk/government/speeches/the-eu-data-protection-package-the-uk-governments-perspective Government's perspective on the EU data protection package] at the annual conference on data protection.
Baroness pointed out that it is unclear at the moment what the UK's position will be in regards to the EU regulation on data protection post Brexit. There are different scenarios according to what type of involvement with the EU the UK will have. It is possible, if the UK remains in the single market, that the data protection regulation will still apply. Alternatively, the UK would need to replace all EU rules with national ones.
For the UK, or any other state, to interact with EU citizens' data, they will need to provide adequate level of data protection. The post-Brexit situation is not clear either for EU-US Privacy Shield. Both sides are in final stages of validating the deal and it is expected to be agreed on by the end of July.
Regarding the Internet of Things, Neville-Rolfe said the UK's strength in digital will create more opportunities in the country thanks to devices increasingly having a digital element. The Government's approach will be outlined in more detail in Digital Strategy in due course.
===Written question on the costs of the IPBill===
[[Roger Godsiff MP]] [http://www.theyworkforyou.com/wrans/?id=2016-06-27.41293.h&s=%22investigatory+powers%22#g41293.r0 asked] the Secretary of State for the Home Department about the potential costs of compliance with measures contained in the IPBill to the public purse and private companies.
[[John Hayes MP]] responded that most of the powers contained in the Bill already exist and therefore they will not incur additional costs. The government's estimate of costs is £247 million, including costs for increased compliance and authorisation of warranty and costs to the justice system for offences and changes to the Investigatory Powers Tribunal.
===Written question on National Cyber Security Centre===
[http://www.theyworkforyou.com/mp/25347/david_mackintosh/northampton_south David Mackintosh] [http://www.theyworkforyou.com/wrans/?id=2016-06-28.41399.h&s=cyber#g41399.r0 asked] the Cabinet Office about powers the National Cyber Security Centre will have to ensure that key infrastructure providers act on the advice it gives.
[[Matthew Hancock MP]] responded that the Centre will be a source of advice for business in general and will work with government departments and regulators responsible for ensuring that the risks against critical infrastructure are appropriately managed.
==Other national developments==
===IOCCO report on granting bulk data collection powers===
The [[Interception of Communications Commissioner’s Office]] report published this week show the Telecommunications Act 1984 [https://www.theguardian.com/law/2016/jul/07/fifteen-secret-warrants-in-force-granting-bulk-data-collection-in-the-uk enabling the intelligence services to collect bulk data] about online and phone traffic.
The [http://www.iocco-uk.info/docs/56208%20HC33%20WEB.pdf report] published the number of orders imposed on telecommunication companies under section 94 of the Act. Parliament does not have to be notified of emergency services being provided with the powers. This is due to change under the IPBill. Following their report, the [[IOCCO]] will push for stricter oversight of bulk communications data collection.
It is made clear in the report that the UK government has been collecting all domestic communications data without any safeguards. The situation did not improve even after the introduction of safeguards under [[RIPA]].
===Google DeepMind accessing NHS data to fight blindness===
Google [https://www.theguardian.com/technology/2016/jul/05/google-deepmind-nhs-machine-learning-blindness?CMP=Share_iOSApp_Other DeepMind is collaborating] with NHS again. This time the company has partnered up with Moorfields Eye Hospital to create a machine learning system able to recognize sight-threatening conditions from a digital scan of the eye.
Previously, DeepMind were [https://techcrunch.com/2016/06/08/nhs-memo-details-googledeepminds-five-year-plan-to-bring-ai-to-healthcare/ criticised for their work] with the NHS when they were obtaining patients’ data from the Royal Free hospital without patients’ consent. The collaboration with the Moorfields hospital involves anonymised data and DeepMind obtained permission through research collaboration agreement. The privacy concerns are not as serious as they were during their previous work with NHS data.
The company’s director, Mustafa Suleyman, [https://medium.com/@mustafasul/deepmind-health-our-commitment-to-the-nhs-ac627c098818#.lplee2bla explained in more detail] how the research is conducted and what purpose it will serve. However, what is not clear from his statement is [https://www.newscientist.com/article/2096328-googles-new-nhs-deal-is-start-of-machine-learning-marketplace/ what happens with the insights generated from patients’ data] created with publicly funded infrastructure. The business model involving AI and personal data does not operate under rules clear to public. To secure public benefit, it is necessary DeepMind embrace transparency and openness.
===Online copyright infringement numbers are down===
The [[Intellectual Property Office]] revealed the results of the commissioned research showing decline in online infringement and rise in consumer online streaming.
The streaming services such as Spotify and Netflix have a positive impact on illegal copyright infringement. The [https://www.gov.uk/government/news/online-copyright-infringement-down-as-people-turn-to-streaming research] conducted by Kantar Media's Online Copyright Infringement Tracker has shown that 52% of internet users consuming online content use streaming services. At the same time, the popularity of content downloads is decreasing.
The reasons behind the rise appear to be convenience and cost of streaming services. More information on the research details can be accessed [https://www.gov.uk/government/publications/online-copyright-infringement-tracker-survey-6th-wave here].
===Health and care data security measures===
The State Secretary for Health Department, Jeremy Hunt, [https://www.gov.uk/government/speeches/review-of-health-and-care-data-security-and-consent received two independent reviews] with new recommendations about health and care system in England.
The Care Quality Commission (CQC) and the National Data Guardian for Health and Care (NDG) reviewed data security and consent, with the [https://www.gov.uk/government/news/new-safeguards-and-public-conversation-about-health-and-care-data-proposed purpose of]:
*developing new data security standards
*devising a method of testing compliance with the new standards
*proposing a new consent/opt-out model for data sharing in health and so-cial care
The [https://www.gov.uk/government/publications/review-of-data-security-consent-and-opt-outs NDG report] recommends to improve dialogue with the public about how their health and care data is used, as well as new ap-proach to opt-outs. It should be made clear to patients in what circum-stances they can opt out of their information being shared.
Similar narrative, concentrating more on trust between public and authori-ties can be found in the [http://www.cqc.org.uk/content/safe-data-safe-care CQC report] as well.
The reports offer answers to several questions that were brought to the public’s attention after Google DeepMind’s collaboration with NHS was re-vealed. Their involvement with patients’ data shows need for adjusting consent practices.
==Europe==
===Privacy Shield===
http://ec.europa.eu/transparency/regcomitology/index.cfm?do=search.documentdetail&cOyF081yA755t+BfiGC9hOCpsZ9hd4hw+Gv4e3u7yhYXV3U4/r7rgJvJWdYwELHg
The Article 31 Committee received the draft Privacy Shield and held a [http://ec.europa.eu/transparency/regcomitology/index.cfm?do=search.documentdetail&cOyF081yA755t+BfiGC9hOCpsZ9hd4hw+Gv4e3u7yhYXV3U4/r7rgJvJWdYwELHg meeting] to discuss the deal in detail.
<blockquote>“Some of the Members of the Committee asked the Commission to provide further explanations and clarifications, both on sustenance and as regards procedures. A number of them asked for more time to study the texts before delivering their opinion. Therefore, the Commission will only seek the opinion of the Committee Members on 8 July 2016. At the next meeting on 4 July, Members will have another opportunity to raise questions and discuss the texts.” </blockquote>
Following the Committee's meeting, the [[Article 29 Data Protection Working Party]] issued a statement reiterating its [http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2016/wp238_en.pdf position] from April on the agreement. The Working Party expects their concerns on safeguards regarding automated processing, further restrictions on access by public authorities and effective independent redress to be addressed by the Committee before they reach the final decision on the draft agreement.
===Cybersecurity===
The [[European Parliament]] approved [http://www.europarl.europa.eu/news/en/news-room/20160701IPR34481/Cybersecurity-MEPs-back-rules-to-help-vital-services-resist-online-threats new rules] on cyber security this week. The cybersecurity standards and improving cooperation among EU countries will aid firms in protecting themselves and EU infrastructure.
In line with the Digital Single Market strategy, the EU [http://www.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2013/0027(COD)&l=en network and information security (NIS) directive] is the first legislative framework applying to platforms. The sectors affected by the new rules include energy, transport, health, banking and drink water supply. To a lesser extent, the rules are affecting digital service providers (online marketplaces, search engines and cloud services) as well. They are required to report major incidents to national authorities. These requirements do not concern micro- and small digital companies.
The directive is due to be introduced in the EU Official Journal. Member states will have 21 months to implement the directive into their national laws. They will have additional time of six months to identify operators of essential services.
The [[European Commission]] allocated €450 million to [http://www.euractiv.com/section/innovation-industry/news/cybersecurity-research-fund-accused-of-protectionism/ fund companies working on cybersecurity]. More than 100 companies pledged to pay into a fund for cybersecurity research. However, several arguments were raised against companies outside of Europe being allowed to join. This requirement would exclude all the companies that do not have their headquarters within the EU, including Google, IBM and Microsoft. Even though any company can sign on to join, the programme is supposed to help home-grown European firms develop better security technology.
===Debate on protection of whistleblowers===
The [[European Commission]] two weeks ago called for submission of evidence to the consultation tackling media freedom, censorship, free speech, hate speech, democracy and fundamental rights. The [[European Parliament]] [http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+CRE+20160706+ITEM-017+DOC+XML+V0//EN&language=EN debated] the issue this week.
The Commission specifically called for a submission from Edward Snowden on whistleblowing and protection of journalistic sources. He submitted [http://www.europarltv.europa.eu/en/player.aspx?pid=75306a8c-6186-4453-b75d-a2eb01228a78 his evidence] this week. The proceeding of the debate between MEPs can be found [http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+CRE+20160706+ITEM-017+DOC+XML+V0//EN&language=EN#top here].
==International developments==
===UN online human rights===
The UN Human Rights Council [http://motherboard.vice.com/en_uk/read/the-un-would-really-appreciate-it-if-countries-stopped-turning-off-the-internet passed a resolution promoting an open and free internet]. The [https://www.article19.org/data/files/Internet_Statement_Adopted.pdf resolution] specifically states that freedom of expression is a universal right that knows no borders or the type of medium used for expression. It makes a special mention of state actions against dissident bloggers and efforts to prevent access to the internet, condemning these actions.
The resolution is a response to the increasing online censorship by countries shutting down access to the internet (Turkey, Brazil, Tunisia). Countries such as China, Russia and India unsurprisingly showed some opposition to the resolution. The resolution is generally pleasing internet rights groups; however they would like to see more detailed language in future charters.
==Media coverage==
''See [[ORG Press Coverage]] for full details.''
;2016-07-06- The Inquirer-[http://www.theinquirer.net/inquirer/news/2463975/porn-sites-will-require-age-verification-checks-in-the-uk-by-2017 Porn sites will require age verification checks in the UK by 2017]
:Author: Dan Worth
:Summary: ORG quoted on age verification for porn sites bringing difficulties for privacy and free expression.
;206-07-06-New Scientist-[https://www.newscientist.com/article/2096328-googles-new-nhs-deal-is-start-of-machine-learning-marketplace/ Google’s new NHS deal is start of machine learning marketplace]
:Author: Hal Hodson
:Summary: Javier Ruiz quoted on the lack of transparency from DeepMind on what public benefit they are bringing with their research.
;2016-07-06-IP Watch-[http://www.ip-watch.org/2016/07/06/uk-high-court-upholds-blocking-of-infringing-websites-in-trademark-cases/ UK High Court Upholds Blocking Of Infringing Websites In Trademark Cases]
:Author: Dugie Standefort
:Summary: ORG mentioned in relation to the case Cartier International AG et al. v. British Sky Broadcasting Limited et al.
==ORG Contact Details==
[http://www.openrightsgroup.org/people/staff Staff page]
* [http://www.openrightsgroup.org/people/staff#jim Jim Killock, Executive Director]
* [http://www.openrightsgroup.org/people/staff#javier Javier Ruiz, Policy]
* [http://www.openrightsgroup.org/people/staff#ed Ed Johnson-Williams, Campaigns]
* [http://www.openrightsgroup.org/people/staff#pam Pam Cowburn, Communications]
* [http://www.openrightsgroup.org/people/staff#lee Lee Maguire, Tech]
*[http://www.openrightsgroup.org/people/staff#myles Myles Jackman, Legal Director]
*[http://www.openrightsgroup.org/people/staff#margarida Margarida Silva, Supporter Officer]
[[Category: Policy updates]]