Opinion of the EDPS on ePrivacy Directive
← Older revision
Revision as of 10:43, 29 July 2016
(5 intermediate revisions by the same user not shown)
Line 14:
Line 14:
The IPBill's passage through the House of Lords is taking a break for the summer recess and will be back in September. The next Committee sitting will take place on 5 September with a follow-up sitting on 7 September.
The IPBill's passage through the House of Lords is taking a break for the summer recess and will be back in September. The next Committee sitting will take place on 5 September with a follow-up sitting on 7 September.
−
The Lords will discuss provisions on bulk powers after the summer recess after David Anderson submits his independent review on the topic. You can find a brief summary of what happened at the latest Committee sitting in the House of Lords on ORG's [https://www.openrightsgroup.org/blog/2016/ipbill-committee-stage-latest-sitting blog].
+
The Lords will discuss provisions on bulk powers after the summer recess after David Anderson submits his independent review on the topic. You can find a brief summary of what happened at the
[https://hansard.parliament.uk/Lords/2016-07-19/debates/16071944000567/InvestigatoryPowersBill
latest Committee sitting
]
in the House of Lords on ORG's [https://www.openrightsgroup.org/blog/2016/ipbill-committee-stage-latest-sitting blog].
−
In the meantime, the Press Gazette started a petition addressed to the Home Secretary Amber Rudd on protection of journalistic sources and whistleblowers in the IPBill. You can find the petition [https://www.change.org/p/amber-rudd-mp-protect-journalistic-sources-from-state-surveillance?recruiter=1471510&utm_source=share_petition&utm_medium=twitter&utm_campaign=share_twitter_responsive here].
+
In the meantime, the
[http://www.pressgazette.co.uk
Press Gazette
]
started a petition addressed to the Home Secretary
[[
Amber Rudd
MP]]
on protection of journalistic sources and whistleblowers in the IPBill. You can find the petition [https://www.change.org/p/amber-rudd-mp-protect-journalistic-sources-from-state-surveillance?recruiter=1471510&utm_source=share_petition&utm_medium=twitter&utm_campaign=share_twitter_responsive here].
===Question on data protection===
===Question on data protection===
Line 40:
Line 40:
===Written question on Internet bullying===
===Written question on Internet bullying===
−
[
[
Anna Turley MP
]
] [https://www.theyworkforyou.com/wrans/?id=2016-07-18.42962.h&s=%22internet%22 submitted] a written question to the Secretary of State for Justice, if plans to consolidate existing legislation on online abuse and malicious communication will be brough forward.
+
[
http://www.parliament.uk/biographies/commons/anna-turley/4449
Anna Turley MP] [https://www.theyworkforyou.com/wrans/?id=2016-07-18.42962.h&s=%22internet%22 submitted] a written question to the Secretary of State for Justice, if plans to consolidate existing legislation on online abuse and malicious communication will be brough forward.
−
[[Oliver Heald MP]], the Minister of Justice, responded that the Government believes current legislation is sufficient and does not intend to consolidate existing legislation on online abuse and malicious communication.
+
[[Oliver Heald MP]], the Minister of Justice, responded that the Government believes current legislation is sufficient and does not intend to consolidate existing legislation on online abuse and malicious communication.
===Written question on biometrics and police===
===Written question on biometrics and police===
Line 76:
Line 76:
Love's [https://www.theguardian.com/technology/2016/may/10/court-refuses-request-force-alleged-hacker-lauri-love-hand-over-passwords civil suit against NCA] was supposed to be heard on 28 July but has been postponed for now. The new date will be announced on 16 September, when extradition ruling will be issued.
Love's [https://www.theguardian.com/technology/2016/may/10/court-refuses-request-force-alleged-hacker-lauri-love-hand-over-passwords civil suit against NCA] was supposed to be heard on 28 July but has been postponed for now. The new date will be announced on 16 September, when extradition ruling will be issued.
+
+
===Named persons scheme===
+
The [https://www.theguardian.com/society/2016/jul/28/scotland-child-named-person-ruled-unlawful-supreme-court?CMP=fb_gu Supreme Court has ruled] that the Scottish proposal for “[https://en.wikipedia.org/wiki/Getting_It_Right_for_Every_Child named person]” scheme undermines rights to privacy and family life (Article 8 under ECHR). The scheme provides children with access to a named person (health worker, teacher) who acts as a single point of contact. It was intended to help parents access services and to identify children in need of protection.
+
+
The ruling says that information-sharing provisions in the scheme can possibly lead to disproportionate interference with the Article 8 under the European Convention on Human Rights. The judges pointed out that the scheme lacks safeguards for protection of privacy and confidentiality.
+
+
The Scottish government plans to start work immediately on the amendments to the legislation to still implement the scheme nationally as soon as possible.
===“Domestic extremist” suing UK police===
===“Domestic extremist” suing UK police===
Line 85:
Line 92:
The case could have some implications for the IPBill in regards to the protection of journalists, their sources and whistleblowers.
The case could have some implications for the IPBill in regards to the protection of journalists, their sources and whistleblowers.
−
−
===Named persons scheme===
−
The [https://www.theguardian.com/society/2016/jul/28/scotland-child-named-person-ruled-unlawful-supreme-court?CMP=fb_gu Supreme Court has ruled] that the Scottish proposal for “[https://en.wikipedia.org/wiki/Getting_It_Right_for_Every_Child named person]” scheme undermines rights to privacy and family life (Article 8 under ECHR). The scheme provides children with access to a named person (health worker, teacher) who acts as a single point of contact. It was intended to help parents access services and to identify children in need of protection.
−
−
The ruling says that information-sharing provisions in the scheme can possibly lead to disproportionate interference with the Article 8 under the European Convention on Human Rights. The judges pointed out that the scheme lacks safeguards for protection of privacy and confidentiality.
−
−
The Scottish government plans to start work immediately on the amendments to the legislation to still implement the scheme nationally as soon as possible.
===Amazon testing drones===
===Amazon testing drones===
Line 105:
Line 105:
Currently, the [https://www.caa.co.uk/Consumers/Model-aircraft-and-drones/Flying-drones/ UK legislation does not allow drones] to be flown within 50 meters of a building or a person, or within 150 metres of a built-up area. They are required to remain in line of sight and within 500 metres of the pilot.
Currently, the [https://www.caa.co.uk/Consumers/Model-aircraft-and-drones/Flying-drones/ UK legislation does not allow drones] to be flown within 50 meters of a building or a person, or within 150 metres of a built-up area. They are required to remain in line of sight and within 500 metres of the pilot.
−
Despite the testing, commercial use of drones is not very likely to become commonplace any time soon.
+
Despite the testing, commercial use of drones is not very likely to become commonplace any time soon.
==Europe==
==Europe==
Line 126:
Line 126:
The [[Article 29 Data Protection Working Party]] is now looking into practices of Microsoft in other member states. In the UK, the [[Information Commissioner's Office]] has made enquiries with Microsoft. Microsoft vowed to work with CNIL to resolve the issues and to release an updated privacy statement next month. They also intend to sign up to Privacy Shield.
The [[Article 29 Data Protection Working Party]] is now looking into practices of Microsoft in other member states. In the UK, the [[Information Commissioner's Office]] has made enquiries with Microsoft. Microsoft vowed to work with CNIL to resolve the issues and to release an updated privacy statement next month. They also intend to sign up to Privacy Shield.
−
===Privacy Shield===
+
===
Article 29 on
Privacy Shield===
The [[Article 29 Data Protection Working Party]] issued a [http://arstechnica.co.uk/tech-policy/2016/07/eu-privacy-shield-test-coming-next-year-say-dpas/ statement revealing] their plans to scrutinise the newly adopted EU-US Privacy Shield agreement. The new framework will be up for annual reviews.
The [[Article 29 Data Protection Working Party]] issued a [http://arstechnica.co.uk/tech-policy/2016/07/eu-privacy-shield-test-coming-next-year-say-dpas/ statement revealing] their plans to scrutinise the newly adopted EU-US Privacy Shield agreement. The new framework will be up for annual reviews.
The national data protection watchdogs agreed that Privacy Shield is an improvement on safe Harbour; however they still share concerns about commercial aspects of the framework and access by public authorities to data transferred to the US.
The national data protection watchdogs agreed that Privacy Shield is an improvement on safe Harbour; however they still share concerns about commercial aspects of the framework and access by public authorities to data transferred to the US.
−
The first annual [http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/2016/20160726_wp29_wp_statement_eu_us_privacy_shield_en.pdf review will] <blockquote> “assess if the remaining issues have been solved but also if the safeguards provided under the EU-U.S. Privacy Shield are workable and effective. The results of the first joint review regarding access by U.S. public authorities to data transferred under the Privacy Shield may also impact transfer tools such as Binding Corporate Rules and Standard Contractual Clauses.” </blockquote>
+
The first annual [http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/2016/20160726_wp29_wp_statement_eu_us_privacy_shield_en.pdf review will] <blockquote> “assess if the remaining issues have been solved but also if the safeguards provided under the EU-U.S. Privacy Shield are workable and effective. The results of the first joint review regarding access by U.S. public authorities to data transferred under the Privacy Shield may also impact transfer tools such as Binding Corporate Rules and Standard Contractual Clauses.” </blockquote>
−
===Opinion of the EDPS on
ePrivacy
Directive===
+
===Opinion of the EDPS on
E-Privacy
Directive===
−
[https://en.wikipedia.org/wiki/Giovanni_Buttarelli Giovanni Buttarelli], the [https://secure.edps.europa.eu/EDPSWEB/edps/EDPS European Data Protection Supervisor], published his [https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2016/16-07-22_Opinion_ePrivacy_EN.pdf official opinion on the review] of the [[
ePrivacy
Directive]] earlier this week.
+
[https://en.wikipedia.org/wiki/Giovanni_Buttarelli Giovanni Buttarelli], the [https://secure.edps.europa.eu/EDPSWEB/edps/EDPS European Data Protection Supervisor], published his [https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2016/16-07-22_Opinion_ePrivacy_EN.pdf official opinion on the review] of the [[
E-Privacy
Directive]] earlier this week.
The Directive is being reviewed in order to bring it into line with the new General Data Protection Regulation (GDPR). The opinion commented on such issues as encryption and interception and surveillance of communications.
The Directive is being reviewed in order to bring it into line with the new General Data Protection Regulation (GDPR). The opinion commented on such issues as encryption and interception and surveillance of communications.
Line 144:
Line 144:
“In addition, the use of end-to-end encryption should also be encouraged and when necessary, mandated, in accordance with the principle of data protection by design.” </blockquote>
“In addition, the use of end-to-end encryption should also be encouraged and when necessary, mandated, in accordance with the principle of data protection by design.” </blockquote>
−
In his opinion, Butarelli also stated that the [http://arstechnica.co.uk/tech-policy/2016/07/encryption-backdoors-edps-ban-wishlist/ ePrivacy Directive should continue to ban interception] and surveillance of communications, including content and metadata. He further proposed a new requirement for organisations to disclose numbers of EU and non-EU law enforcement and government requests for information.
+
In his opinion, Butarelli also stated that the [http://arstechnica.co.uk/tech-policy/2016/07/encryption-backdoors-edps-ban-wishlist/ ePrivacy Directive should continue to ban interception] and surveillance of communications, including content and metadata. He further proposed a new requirement for organisations to disclose numbers of EU and non-EU law enforcement and government requests for information.
==International developments==
==International developments==