call +44 20 7096 1079

Blog


April 25, 2013 | Peter Bradwell

Naked Citizens campaign launch

Today we visited Facebook in London, launching a new campaign for a strong Data Protection Regulation.

This afternoon Open Rights Group headed over to Facebook's offices in Covent Garden, London. We delivered a new report about the Data Protection Regulation. We were there to launch a campaign to make sure this proposed law strengthens our privacy rights.

ORG at Facebook launching Naked Citizens campaign

(More pictures are up on our Flickr site.)

The Data Protection Regulation was proposed by the European Commission last year and is currently being discussed by Members of the European Parliament (MEPs). It could give us more control over what happens to our personal information and make sure those that use it are help to account.

But a number of the changes that MEPs are currently discussing could instead strip us of our privacy rights. Many of these stem from an unprecedented lobbying effort by big US tech companies, the US Government and the advertising industry.

NakedCitizens.eu is a response to this, put together by a coalition of privacy groups from across the EU including ORG, Privacy International, EDRi and Bits of Freedom. 

Our report, put together by privacy experts from this coalition, features new analysis of proposed amendments to the Regulation and reveals how many of these threaten to critically undermine the privacy of EU consumers and citizens. 

Together, the amendments are an effort to strip EU citizens 'naked' by making it almost impossible for them to control who sees their personal information and how it is used.

Instead of empowering users to take control of their information, we may end up with a Regulation that would allow businesses, institutions or organisations to collect and share personal information in opaque, unaccountable ways.

Visit the website NakedCitizens.eu and write to your MEP. Ask them to make sure we get stronger privacy rights and more control over how our personal information is used. Don't let corporations strip us of our privacy rights!

[Read more] (1 comments)


April 25, 2013 | Jim Killock

Fatal Blow to the Snoopers' Charter?

Nick Clegg this morning announced on London's LBC radio that “What people dub the Snoopers' Charter, that's not going to happen”. He went on to say that mass snooping on citizens was “not either necessarily workable nor proportionate”. Your persistent campaigning has paid off and it looks like many of the proposals in the Communications Data Bill should be dropped from whatever emerges in the Queen's Speech.

 

We hope it is an end to the latest tranch of mass surveillance, however we are not going to let anything else slip in in a new form as it is clear the Home Office and the Conservatives still wish to see a watered down version of the Communications Data Bill appear.

If new proposals appear we'll be looking to check:

  1. That the request filter and data trawling engine is dropped
  2. That the data ISPs and CSPs are compelled to collect will be minimal
  3. That there is no easy way for the Government to compel new data sets to be created

We'll be keeping a close eye on the Queen's Speech to see if anything tries to be pushed through and we will not drop our close scrutiny.

This is a massive victory for Open Rights Group and our allies, and a great day to be an ORG supporter! Thank you for all your help in writing to MPs, challenging the Home Office and keeping the pressure on, making the campaign to stop the Snoopers' Charter a success.

We hope to see you at ORGCon!

[Read more] (5 comments)


April 15, 2013 | Ruth Coustick-Deal

ORGConNorth: Reporting back from Manchester's digital rights conference

Our first ORGConNorth was a great success! Here's a round up of all the panels and unconference topics.

ORG Con North logoAround 70 people attended ORGConNorth at the Friends Meeting House on Saturday April 13th,  It was a really lively event – the first of many more local conferences we hope.

ORGConNorth had a great range of speakers who provided a lot of thoughtful commentary and we would like to thank them all once again for giving up their time, and joining us on the day! You can see the full list of speakers here and take a look at the programme on the event page.

So what happened?

The day began with a great keynote from John Buckman, chair of EFF, entitled 'Britain, under the thumb of...' which set the framework for the day and is available for download here.

The post-keynote first half of the day covered ORG's four big topics of the moment in a series of panel debates: Copyright reform, freedom of speech, online surveillance and data protection.

 
Our session on copyright looked at why there has been such a tension between copyright and the Internet, and what we might do about it. Jez Collins noted the history of music sharing, Loz Kaye talked about access to culture and educational resources, and Robin Gower set out why data from trading funds, such as the Met Office or Ordnance Survey, should be released as open data.
 
 
The panel on Data Protection focused on the corporate lobbying to water down new European legislation. We looked at the key issues at stake, including the right to control your data through stronger consent, data 'portability' and the right to delete your data. ORG is heavily involved in a joint campaign to ensure the European Parliament sides with citizens in the forthcoming votes. (We've produced a short briefing on the Regulation.)
 
In the Snooper's Charter talk, James Baker from No2ID gave an impassioned summary of the history of Internet snooping and data retention. Jamie Bartlett from Demos outlines the view that accepts a capability gap does exist, and tried to explain why the Home Office and others are motivated to try these policies.
 
I sat in on the panel on the right to be offensive which discussed freedom of speech issues. Ben Zevenbergen, the panel chair, took its subject matter to heart with the questions quickly moving to the floor for an open discussion. It covered whether Twitter, Facebook and other online platforms are now so much part of public infrastructure that perhaps they should they be nationalised (like trains!), also whether deleting agressive comments is a form of censorship - and the thin line between offensive speech and harassment.

In the afternoon we broke up into unconference sessions where some great debates were led by attendees. In my group at least we all could have talked forever and it was good to keep the discussion going in the pub afterwards! Here's a summary of the unconference discussions:

  • MedConfidential - Phil Booth presented on the MedConfidential campaign and how changes in the NHS threaten the fundamental basis of medical confidentiality. Without medical confidentiality people will hold back important information from their doctors creating health harms.

  • The FISA Amendment Act - Caspar Bowden put in a brief presentation on the the provisions of FISAA (the Foreign Intelligence Amendments Act) - see http://euobserver.com/justice/118857 He talked about how it allows US intelligence the legal ability to snoop on any data in the cloud handled by US companies relating to foreign citizens. Caspar is trying to place amendments into the Data Protection Regulation which would force US companies to place EU data under some protection from this.

  • Bursting the Bubble - led by Pirate Party UK's Campaigns Officer Andy Halsall this group talked about how both the Pirate Party and ORG need to expand the discussion to show how digital issues relate to everyone. Although the group agreed that ORG 'punches above its weight' there is a digital bubble we remain within. ORG Supporter Miljenko Williams wrote a further review of the discussion which you can read on his blog.

  • Password Security – Sam Hogarth led a group discussion on the best methods for password security, sharing tips and knowledge, tools and techniques to keep your data safe after recent scandals like the LinkedIn password loss.

  • Opinionated Software – This group talked about common concerns about software selling people short - for example when terms & conditions are ammended and curtailed after purchase. They compared public vs private providers and open vs closed software, concluding in a call for a standard or badge that ORG could perhaps provide to mark software that met requirements such as fair use, good T&Cs and so on.

  • Freedom of Information Requests - This workshop looked at how to do Freedom of Information requests. They also discussed the current threats to the FOI Act, which are very real despite some good moves towards better 'Open Data' policies. The coalition is considering allowing public bodies to group requests by the same organisations for cost calculations, for example. This could devastate local press and advocacy groups. They are also rejecting calls to expand FOI to private providers of public services.

Want more?

If you missed out on ORGConNorth or want a re-cap there are lots of other ways you can go over the material:

You can pick up the tweets of the day at the Eventify page or see the pictures on the ORG Flickrpages. Videos will be up very soon so watch this space!

Brian Pellot wrote a review of ORGConNorth on Index on Censorship's blog.

If you have written a blog or report on ORGConNorth we would like to link to it here, so let us know.

If you have any feedback you would like to give such as: Where should the next ORGConNorth take place? What talks / sessions should we have included? Please email events@openrightsgroup.org

See you at the next ORGCon! 

[Read more]


April 08, 2013 | Claudia Mateus

Data Protection Regulation Debate

By the summer, Europe will have decided on some of the most far-reaching and controversial privacy legislation in the world, that is the Data Protection Regulation. ORG have invited some experienced personalities to give us a professional opinion about the most controversial issues around the draft.

Part 1

In the first part of the podcast, the discussion focus in two of the most controversial issues around the draft: the definition of personal data and consent.

In order of appearance: Anna Fielder (consumer rights advocate), Nick Stringer (director of Regulatory Affairs of the Internet Advertising Bureau), Jan Philipp Albrecht (Group of the Greens Member of European Parliament), Jeffrey Chester (the executive director of the Center for Digital Democracy) and Axel Voss (Group of the European People's Party Member of European Parliament).

 

Follow this link to go to the podcast and download it.

Music:
Bored on Your Backside by Trifonic
cc-nc-sampling+

 

Part 2

In the second part of the podcast, the debate goes through the proposal's balance between the different interests implied in the legislation and the massive lobbying campaign that the issue has arised.

In order of appearance: Nick Stringer (director of Regulatory Affairs of the Internet Advertising Bureau), Jan Philipp Albrecht (Group of the Greens Member of European Parliament), Jeffrey Chester (the executive director of the Center for Digital Democracy), Axel Voss (Group of the European People's Party Member of European Parliament) and Anna Fielder (consumer rights advocate).

Follow this link to go to the podcast and download it.

Music:
Bored on Your Backside by Trifonic
cc-nc-sampling+

Jan Philipp Albrecht's photography: by Fritz Schumann

[Read more]


March 27, 2013 | Jim Killock

Lords mistaken in their calls for Ofcom Internet regulation

The Lords often make very helpful contributions to legislative debates, but this really isn't one of them. There are huge amounts of regulation constraining Internet providers, from eCommerce to copyright, that cover the necessary ground already.

These are the key paragraphs:

204.  Ofcom should investigate the option of non-broadcast providers of TV-like services, such as Netflix and the content providers mentioned in Box 1, being invited to comply with an appropriate set of standards (the Broadcasting Code suitably amended for their environment) in return for some form of public recognition or kitemark. (Para 53)

211.  We urge the Government to ensure that cooperation on the regulation of converging media content, such as the category of TV and TV-like material, is included as part of the discussions between the EU and the US about the establishment of a free trade agreement. (Para 94)

221.  Specifically, Ofcom should be required, in dialogue with UK citizens and key industry players, to establish and publish on a regular basis the UK public's expectations of major digital intermediaries such as ISPs and other digital gateways, specifically with regard to protecting UK audiences and their families when accessing content through digital intermediaries' services, covering for example:

  • ·  The scope of their responsibilities (given they are not always in direct control of the content to which they provide access);
  • ·  Appropriate processes for receiving complaints and subsequent redress;
  • ·  Any specific measures, such as access controls, content classification systems, or other actions which the UK public might expect them to take in protecting children from harmful material. (Para 141)

In other words, the Lords' Communications Committee are looking for ‘voluntary’ participation in Ofcom's content regulation, (para 204) but these kinds of voluntary arrangement are rarely truly voluntary. Usually the government threatens legislation if the required ‘volunteering’ doesn't take place.

This makes these kinds of ‘voluntary’ arrangement particularly un-transparent and open to abuse. The Communications Act discussions, around child safety and copyright enforcement reflect this dynamic. Similar concerns have been raised about parallel EU processes.

The call for Ofcom to co-ordinate child safety policy also seems unfounded, given the work already taking place (para 221).

The call to include 'regulation of converging media content' in the Trans-Atlantic Free Trade Agreement is also very dangerous. Intellectual property laws should be kept out of TAFTA. (para 211) The reasons, following ACTA, are simple: IP laws are complex, need public scrutiny, and their effects on the Internet can be severe. TAFTA should not be a vehicle for pushing the Internet towards a broadcast model, which is what the Lords appear to be inviting.

 

[Read more]


March 26, 2013 | Jim Killock

Will bloggers be protected? Maybe – if your blog is “small”

We had a tactical victory yesterday: the Lords passed a government “holding amendment” to exclude ‘small blogs’ but didn’t decide what that might mean.

Lord McNally, for the government, said:

we do not want to draw in too broad a range of publishers. Our aim has been to capture the main elements of the press, as well as what I find it helpful to refer to as "press-like" activity online.

I recognise that people have been seeking clarification on how the legislation could apply to small-scale bloggers, and how the interlocking tests work. This is reflected in some of the amendments before us, and includes the suggestion that there may be a case for making an express exemption in respect of small-scale blogs in the new schedule inserted by Commons Amendment 131.

To allow a period of reflection in advance of the next round of ping-pong in another place after the Easter Recess, the Government have tabled manuscript Amendment 131BA in recognition of the concerns over Amendment 131. As part of this, my right honourable friend the Secretary of State for Culture, Media and Sport has agreed that her officials will collate and engage with any issues that are raised before submitting a view on how the test will operate and whether there is a need for a further amendment.

The amendment was

[As an amendment to Commons Amendment 131]

131BA* Line 29, at end insert—

“Small-scale blogs

7A A person who publishes a small-scale blog.” 

But what is “small scale”? Lord Lucas’ amendment to base the question on the Companies Act’s definition of a small or medium size enterprise was rejected, but it seems the most plausible definition to us. What other options are there?

Readership is hard to measure.

Pixel size, maybe? Blogs of less than 500px wide?

There are other problems, too. Publishing “in the course of a business” covers a very large number of possible blogs. The proposals need a blanket exclusion for all publishers that are not a company or limited liability partnership.

The "incidental nature" qualification to each of the protected exclusions for hobbyist, industry, professional, social club or other web sites needs to go. None of these sites should be prevented from regularly and routinely covering the news that it interesting to them for fear of the “costs clause” stick. It's hard too see why MumsNet wouldn't be caught, as its articles are about citizenship in general.

Given we have breathing room, now, we will push for whatever improvements we can get to avoid the Bill being a train-wreck for the Internet and UK bloggers.

If you spot problem, let us know here. Meanwhile: please email David Cameron, Harriet Harman and Nick Clegg about this.

 

[Read more] (5 comments)


March 25, 2013 | Peter Bradwell

Privacy groups urge Baroness Ludford to support stronger data rights

In response to her letter to the Financial Times, ORG and Privacy International have written to Liberal Democrat MEP Baroness Sarah Ludford urging her to support stronger privacy rights in the upcoming and crucial LIBE Committee vote.

We have joined up with Privacy International to send a joint letter to Baroness Sarah Ludford about the Data Protection Regulation, urging her to support a strong law that gives people meaningful control over their personal information. You can read our letter below.

This is a response to a letter Baroness Ludford wrote to the Financial Times on March 10th.  In it she suggests that aspects of the Regulation are 'inflexible, bureaucratic or not user-friendly', suggesting that she is sympathetic to the voices of industry and would like to see important bits of the proposed law weakened. As we explain in the letter, we believe this would severely undermine people's privacy and take control over data away from individuals. 

This is important because Baroness Ludford sits on the crucial LIBE Committee, which is the lead committee for the Data Protection Regulation in the European Parliament. LIBE will vote on an opinion soon, and this will be a crucial factor in what sort of Regulation we end up with. So Baroness Ludford's position is extremely important.

Baroness Ludford is a Liberal Democrat MEP for London. If you live in London, please write to her now and ask her to vote for a Regulation that gives people meaningful control over their information, and which makes sure those who collect and use it play by the rules.  

You can contact Baroness Ludford using our easy email tool. For more background on the key issues, see our short briefing. We have also analysed why some of the amendments proposed by organisations such as Amazon would be bad news for our privacy rights. For more information on the process, see EDRi's excellent guide to the Regulation. If you would like more information please contact me at peter@openrightsgroup.org

 

Dear Baroness Ludford,

We are writing to you regarding the draft Data Protection Regulation and in particular your response to the article in the Financial Times (‘Privacy need not be compromised', March 10th).

We represent two leading London-based organisations – Privacy International and the Open Rights Group – that promote the privacy interests of citizens in the UK and internationally. We have been deeply involved in the proposed change of legislation right from its consultation stages back in 2009, and are pleased to see a proposal that could help give people more control over how their information is used, as well as ensure that those collecting and using it play by the rules.

Yet in your letter in the Financial Times, consumers and citizens, the so-called ‘data subjects’ do not merit a mention; instead you quote only the opinions of those that make use their data.

We believe most of the concerns of the constituencies you cite in the letter can be addressed without broad amendments that undermine the principle of giving people more meaningful control over their data.

More fundamentally, however, there is a large body of evidence that demonstrates why stronger privacy rights for people across the EU are needed. This evidence shows that current laws are left behind by unprecedented developments in data mining technologies, and that the attitudes and lack of trust of consumers and citizens can act as a real barrier to innovation and further development of online business.

For example: a Eurobarometer survey found that 70% of Europeans are concerned about companies using information for a purpose different to the one it was collected for. The UK was highest at 80%. An Ovum study found that only 14 percent of respondents believe that Internet companies are honest about their use of consumers’  personal data.That is having a stunting effect on Internet markets. A study for the EU Executive Agency for Health and Consumers in 2011 found that 29% of people say concerns about the misuse of personal data or payment details is a key factor in them not shopping online.

This is a regulatory regime not fit for the digital age.

This is why we are dismayed at efforts in the European Parliament Committees to weaken the Regulation by narrowing the scope, weakening the definition of consent, undermining the rights to erasure and 'portability' and creating broad 'legitimate interest' carve outs. Some of the committees have weakened the rights to the extent that we are convinced their redrafted Regulation would not stand the test of Article 8 of the EU Charter of Fundamental Rights.

Personal data is increasingly used as the basis for decisions by institutions and organisations that affect people in myriad ways - our profiles affect everything from the marketing offers we receive through to the credit ratings and insurance decisions we are subject to. Putting people in control of their data is to give them a meaningful stake in those decisions. It should be an integral part of a liberal democratic digital economy.

We urge you to put the interests of citizens at the heart of your thinking in the upcoming LIBE Committee vote. We have asked for meetings with you in person, and would request so again either during our forthcoming visit to Brussels in the week of the 8th of April, or here in London at your convenience.

 

Yours sincerely,

 

Anna Fielder, Privacy International, anna@privacy.org
Peter Bradwell, Open Rights Group, peter@openrightsgroup.org


[1] Our detailed positions and blogs on the EU data protection legislative package are available on www.privacyinternational.org and www.openrightsgroup.org
[2] See also this privacy manifesto published in January 2013 by Europe’s most prominent civil society organisations and leading academics: http://brusselsdeclaration.net/

[Read more]


March 23, 2013 | Jim Killock

“Gaming” can be avoided: bloggers can be protected from the Crime and Courts Bill

We’re told that politicians are concerned, exempting small and medium size businesses from the Bill could lead to “gaming”. That is, a large publisher could create small subsidiaries to avoid the Leveson sticks applying to them. We believe this can be avoided. The Companies Act anticipates “gaming”, and includes protections against it.

We believe this can be avoided. The Companies Act anticipates “gaming”, and includes protections against it.

To recap, the Bill provides sticks and carrots to persuade publishers to join a self regulator.

They are the threat of all costs being awarded against you, even if you win your defence against a claim of libel; and the threat of exemplary damages. There is also a carrot of protection against costs if you have joined a self-regulator, and your accuser could have chosen arbitration.

The sticks apply, under the Courts and Crimes Bill, if you are a “relevant publisher”. This currently is anyone publishing about current affairs, with multiple authors, as a business. Thus small, semi-commercial blogs (like Labour List or Conservative Home for instance) may need to shelter under the 'voluntary' self regulation.

The proposal we and Big Brother Watch proposed (after the meeting we held with Hacked Off) is that small and medium size (news publishing) companies are also exempted. BBW drafted an amendment that has been tabled by Lord Lucas:

Insert into New Schedule 5 of the Crime and Courts Bill ‘Exclusions from definition of “relevant publisher”

9) “A publisher who does not exceed the definition of a small or medium-sized enterprise as defined in Section 382 and 465 Companies Act 2006.”

ORG asked for advice about the gaming question yesterday, after it was raised with us. Francis Davey suggested to us that the amendment could read:

Insert into New Schedule 5 of the Crime and Courts Bill ‘Exclusions from definition of “relevant publisher”

9) “A publisher, which is a company, such that either: (i) the small companies regime, defined in Section 381 of the Companies Act 2006, applies to it; or (ii) the company qualifies as medium-sized as in accordance with Section 465 of the Companies Act 2006 and which is not excluded from taking advantage of the provisions of Part 15 of the Companies Act 2006 relating to companies qualifying as medium-sized by Section 467 of that Act."

His reasoning – on a very quick, few minutes reading of the Act – is that it already anticipates that “gaming” may occur, and provides protections.

There is always a risk of gaming with these sorts of provisions, but in the case of the SME definitions in the Companies Act 2006, there is some protection.

Taking "S" companies first. Section 381 defines a small company as one that meets conditions in s.382 subject to various exclusions found in s.384. Those exclusions include being in the same group as a public company. The definition of "group" is pretty robust (and can be amended for anti-avoidance purposes). It means that if one of the large media companies created a subsidiary it could not be an "S" company.

But this only works if you use the definition in s.381 not s.382.

The drafters of the companies act must have decided to define "M" companies differently. Here s.465 is like s.382 - it has no exclusions in it. The exclusions - much like the "S" exclusions - are found in s.467. They too prevent a company from taking advantage of the rules on M companies if they are in the same group as a public company.

But this requires another tweak to the definition so that s.467 is brought in. I think that was the intention but hasty drafting is very error prone.

The message here is that we can exclude small publishers without a significant risk of “gaming”. The Companies Act anticipates this.

The very hasty process that the Courts and Crimes Bill is undergoing means that there is little time to correct the mistakes in the new clauses introduced this week. The new suggestions (others include excluding non-profits, for instance) need to be worked on by the three parties. Every effort must be made to make sure these obligations are not imposed, inappropriately, on smaller web publishers.

Take our action to let the leaders know! Over 1500 emails have been sent to David Cameron, Nick Clegg and Harriet Harman so far

Update: how the Bill might exclude non-corporate businesses: 

For a non-corporate business, an easy solution (without the anti-avoidance provisions) would be to add another excluded category:
 
"Any business that, if it were a company, would meet the qualifying conditions in section 465(3) of the Companies Act 2006." 
 
That has a turnover/employee/balance sheet set of conditions which are amended to keep in line with inflation. All you are doing is using a statutory set of numbers that already exist. They are quite large (eg c.£25 million for turnover).

You could instead use the small business definition:
 
"Any business that, if it were a company, would meet the qualifying conditions in section 382(3) of the Companies Act 2006." 
 
There is no point using *both* because the medium-sized limits are larger than the small limits so one implies the other.

 

[Read more] (2 comments)


google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail