Press releases

Press releases


UK mass surveillance ruled unlawful in landmark judgment

The European Court of Human Rights (ECtHR) today ruled that the UK’s mass interception programmes have breached the European Convention on Human Rights.

The Court found that the UK’s mass surveillance programmes, revealed by NSA whistleblower Edward Snowden, did ‘not meet the “quality of law” requirement’ and were  ‘incapable of keeping the “interference” to what is “necessary in a democratic society”’.

The landmark judgment marks the Court’s first ruling on UK mass surveillance programmes revealed by Mr Snowden. The case was started in 2013 by campaign groups Big Brother Watch, English PEN, Open Rights Group and computer science expert Dr Constanze Kurz following Mr Snowden’s revelation of GCHQ mass spying.

Documents provided by Mr Snowden revealed that the UK intelligence agency GCHQ were conducting “population-scale” interception, capturing the communications of millions of innocent people. The mass spying programmes included TEMPORA, a bulk data store of all internet traffic; KARMA POLICE, a catalogue including “a web browsing profile for every visible user on the internet”; and BLACK HOLE, a repository of over 1 trillion events including internet histories, email and instant messenger records, search engine queries and social media activity.

The applicants argued that the mass interception programmes infringed UK citizens’ rights to privacy protected by Article 8 of the European Convention on Human Rights as the “population-level” surveillance was effectively indiscriminate, without basic safeguards and oversight, and lacked a sufficient legal basis in the Regulation of Investigatory Powers Act (RIPA). 

In its judgment, the ECtHR acknowledged that ‘bulk interception is by definition untargeted’[2]; that there was a ‘lack of oversight of the entire selection process’,[3] and that safeguards were not ‘sufficiently robust to provide adequate guarantees against abuse’.[4]

In particular, the Court noted ‘concern that the intelligence services can search and examine “related communications data” apparently without restriction’ – data that identifies senders and recipients of communications, their location, email headers, web browsing information, IP addresses, and more. The Court expressed concern that such unrestricted snooping ‘could be capable of painting an intimate picture of a person through the mapping of social networks, location tracking, Internet browsing tracking, mapping of communication patterns, and insight into who a person interacted with’.[5]

The Court acknowledged the importance of applying safeguards to a surveillance regime, stating: ‘In view of the risk that a system of secret surveillance set up to protect national security may undermine or even destroy democracy under the cloak of defending it, the Court must be satisfied that there are adequate and effective guarantees against abuse.’[6]

The Government passed the Investigatory Powers Act (IPA) in November 2016, replacing the contested RIPA powers and controversially putting mass surveillance powers on a statutory footing.

However, today’s judgment that indiscriminate spying breaches rights protected by the ECHR is likely to provoke serious questions as to the lawfulness of bulk powers in the IPA. 

Jim Killock, Executive Director of Open Rights Group said:

  • “Viewers of the BBC drama, the Bodyguard, may be shocked to know that the UK actually has the most extreme surveillance powers in a democracy. Since we brought this case in 2013, the UK has actually increased its powers to indiscriminately surveil our communications whether or not we are suspected of any criminal activity.
  • “In light of today’s judgment, it is even clearer that these powers do not meet the criteria for proportionate surveillance and that the UK Government is continuing to breach our right to privacy.

Silkie Carlo, director of Big Brother Watch said:

  • “This landmark judgment confirming that the UK’s mass spying breached fundamental rights vindicates Mr Snowden’s courageous whistleblowing and the tireless work of Big Brother Watch and others in our pursuit for justice. 
  • Under the guise of counter-terrorism, the UK has adopted the most authoritarian surveillance regime of any Western state, corroding democracy itself and the rights of the British public. This judgment is a vital step towards protecting millions of law-abiding citizens from unjustified intrusion. However, since the new Investigatory Powers Act arguably poses an ever greater threat to civil liberties, our work is far from over.”

 Antonia Byatt, director of English PEN said:   

  • This judgment confirms that the British government’s surveillance practices have violated not only our right to privacy, but our right to freedom of expression too. Excessive surveillance discourages whistle-blowing and discourages investigative journalism. The government must now take action to guarantee our freedom to write and to read freely online.

Dr Constanze Kurz, computer scientist, internet activist and spokeswoman of the German Chaos Computer Club said:

  • “What is at stake is the future of mass surveillance of European citizens, not only by UK secret services. The lack of accountability is not acceptable when the GCHQ penetrates Europe’s communication data with their mass surveillance techniques. We all have to demand now that our human rights and more respect of the privacy of millions of Europeans will be acknowledged by the UK government and also by all European countries.

Dan Carey of Deighton Pierce Glynn, the solicitor representing the applicants, stated as follows:    

  • "The Court has put down a marker that the UK government does not have a free hand with the public's communications and that in several key respects the UK's laws and surveillance practices have failed. In particular, there needs to be much greater control over the search terms that the government is using to sift our communications.  The pressure of this litigation has already contributed to some reforms in the UK and this judgment will require the UK government to look again at its practices in this most critical of areas."

Notes to Editor

The ECtHR case brought together three challenges being heard simultaneously, with the following titles:

  • Big Brother Watch and Others v United Kingdom (no. 58170/13)
  • 10 Human Rights Organisations and Others v United Kingdom (no. 24960/15)
  • Bureau of Investigative Journalism and Alice Ross v United Kingdom (no. 62322/14)

For further information about these cases: https://wiki.openrightsgroup.org/wiki/10_Human_Rights_Organisations_v_United_Kingdom

Foototes

[1] Para. 387

[2] Para. 317

[3] Para. 387

[4] Para. 347

[5] Para. 356

[6] Para. 307


 

[Read more]


MEPs advance Article 13 of EU Copyright Directive

Members of European Parliament today voted to adopt amendments to the European Commission’s draft EU Copyright Directive. This followed a vote in July where MEPs voted down plans to fast-track the Copyright Directive and Article 13.M

Open Rights Group has been campaigning against Article 13 over concerns that free speech will be impacted through the large scale removal of material without adequate review.

Reacting to the vote in the EU Parliament in favour of Article 13 of the Copyright Directive, Jim Killock, executive director of Open Rights Group said:

“Article 13 creates a Robo-copyright regime that would zap any image, text, meme or video that appears to include copyright material whether it is legally used or not. This is disappointing and will open the door to more demands for Robocop censorship.

The Directive is not yet law and could improve during trilogue negotiations. We will keep opposing these measures which will lead to legal material being removed in this way.”

ENDS

Open Rights Group is a non-profit company limited by Guarantee (05581537) based in London and Edinburgh.

Notes:

More information can be found here: https://saveyourinternet.eu

 

[Read more]


Open Rights Group and the3million launch judicial review challenging the Data Protection Act's immigration exemption

Human rights organisations have launched a judicial review challenging the UK Government over the inclusion of a specific clause in the Data Protection Act 2018 which, they argue, would unnecessarily restrict the rights of millions of people across the country for the purpose of ‘effective immigration control’.

The challenge has been brought by Open Rights Group (ORG) - a UK based digital campaigning organisation working to protect the rights to privacy and free speech online and the3million - the largest grassroots organisation of EU citizens living in the UK.

ORG and the3million, represented by the law firm Leigh Day, argue the exemption undermines the principles of the General Data Protection Regulation, which the Act was designed to implement. The exemption removes the long standing rights of access to personal data which has been available for decades, with no evidence offered by the Government why the exemption is necessary now when it wasn’t in the past.

The grounds go on to argue that the exemption would apply to a wide range of Government and non-government bodies. This includes NHS, DVLA, employers, landlords, banks and others. The organisations argue there is no justification for such bodies to be able to derogate from the vast majority of fundamental data protection rights.

The two groups are calling for the courts to declare the immigration exemption incompatible with the General Data Protection Regulation, and Charter of Fundamental Rights.

Rosa Curling, a human rights solicitor from law firm Leigh Day who are acting on behalf of the3million and Open Rights Group, said:

“Our clients warned the government that if the Immigration Exemption was written into law, it would be contrary to the General Data Protection Regulations (GDPR) as well as incompatible with EU law generally and the European Convention on Human Rights.

Unfortunately the concerns of our clients were ignored and they have been left no option but to launch this legal challenge. It cannot be correct that a two-tier system is created for data rights, distinguishing those who become subject to immigration control from British citizens.”

Jim Killock, executive director of Open Rights Group said:

“The Government’s hostile environment may have been renamed, but its policies are clearly still here. Restricting the rights of millions to their personal data in immigration processes risks inaccurate data being used to make life altering decisions. Open Rights Group can’t allow that to pass without challenge.

The Government is trying to avoid necessary accountability, and remove responsibilities to treat people fairly. This challenge aims to keep fairness and accountability in the immigration system.”

Nicolas Hatton, co-founder and co-chair of the3million said:

“the3million and Open Rights Group's legal challenge matters to all 3.6 million EU citizens - who will have to apply for settled status to stay in their own homes after Brexit - no applicant should be prevented from accessing the data the Home Office holds about them. This is 2018, not 1984.”

 
Ends.

Notes for editors:

Open Rights Group is a non-profit company limited by guarantee; Registered Company No. 05581537 (England) Registered Office: 12 Duke's Road, London WC1H 9AD  Contact: Martha@openrightsgroup.org

the3million is the largest grassroots organisation of EU27 citizens in the UK, campaigning to protect citizens’ rights together with their sister group British in Europe. Contact: luke.piper@the3million.org.uk or maike.bohn@the3million.org.uk

Open Rights Group and the3million funded the case via a Crowdjustice fundraiser which raised £40,300.

[Read more]


Online tool helps public find out how data is being used by Fintech companies

A new tool which will make it easier for the public to find out how organisations use data and help them to exercise their GDPR rights

 
  • Data Rights Finder will make it easier for people to request, change and delete the data that companies hold about them.
  • The free tool features over 30 fintech companies including Barclays, HSBC, Lloyds and Royal Bank of Scotland.
  • It’s one of the first online tools designed to help the British public exercise their GDPR rights.

Open Rights Group (ORG) and IF (projectsbyif.com) have launched Data Rights Finder, a new tool which will make it easier for the public to find out how organisations use data and help them to exercise their GDPR rights.

The tool analyses the privacy policies of over 30 fintech organisations, including major banks, Barclays, HSBC, Lloyds and the Royal Bank of Scotland, and comparison websites such as Compare the Market and Money Saving Expert.

It was developed to help people exercise some of the new rights given to them through the General Data Protection Regulation (GDPR), which came into force in May this year. These include the rights to see data that companies hold, amend it, delete it, limit it, challenge it and export it. Even when people are aware of their rights, the information they need to exercise them is often buried in long privacy policies. Data Rights Finder makes it quick and easy to search for an organisation, see an overview of its privacy policy and find the information needed to exercise a GDPR right.

The data the tool uses is open source, and IF and Open Rights Group are looking for partners to help them expand the organisations represented. They also plan to extend the coverage to other sectors in the future.

The data can be easily reused by anyone, so IF and ORG hope that organisations will come forward with ideas to use the data to support individuals in their complaints, or analyse what companies are doing with data.

Richard Pope, COO at IF said: “Recent events have shown that the way companies use data affects people’s trust in them. As well as helping people exercise their rights, we believe Data Rights Finder is an opportunity for companies to be more transparent about how they use and manage data.”

Jim Killock, Executive Director at Open Rights Group said: “Everyone has new and stronger rights since GDPR kicked in. Data Rights Finder can help you find out what financial companies know about you and why they’ve decided to offer or decline certain products. Your data increasingly defines you and your life chances, which is why we’ve built this tool.”

ENDS

Notes:

  • IF (projectsbyif.com) is a specialist digital rights consultancy founded by Sarah Gold in 2015. IF designs and builds services that respect people's rights, and its Data Ethics Toolkits help companies improve how they manage data.
  • Open Rights Group campaigns for the rights to privacy and free speech online. Founded in 2005, it is the UK’s only grassroots digital rights organisation.
  • Data Rights Finder is a joint initiative by Open Rights Group and IF, with funding from the Information Commissioner's Office.

[Read more]


Open Rights Group victory in Supreme Court web blocking challenge

The Supreme Court has today ruled that trade mark holders are not able to compel Internet service providers to bear the cost of implementing orders to block websites selling counterfeit goods.

Jim, Alex and Myles at the Supreme CourtOpen Rights Group acted as an intervener in this case. We argued that Internet service providers (ISPs) as innocent parties should not bear the costs of website blocking, and that this was a long-standing principle of English law.

Jim Killock, Executive Director of Open Rights Group said:

“This case is important because if ISPs paid the costs of blocking websites, the result would be an increasing number of blocks for relatively trivial reasons and the costs would be passed to customers.

“While rights holders may want websites blocked, it needs to be economically rational to ask for this.”

Solicitor in the case David Allen Green said:

"I am delighted to have acted, through my firm Preiskel, successfully for the Open Rights Group in their intervention.

"We intervened to say that those enforcing private rights on internet should bear the costs of doing so, not others. This morning, the UK Supreme Court held unanimously that the rights holders should bear the costs."

[Read more]


Nearly 40% of court order blocks are in error, ORG finds

Open Rights Group today released figures that show that High Court injunctions are being improperly administrated by ISPs and rights holders.

A new tool added to its blocked.org.uk project examines over 1,000 domains blocked under the UK’s 30 injunctions against over 150 services,

ORG found 37% of those domains are blocked in error, or without any legal basis. The majority of the domains blocked are parked domains, or no longer used by infringing services.  One Sci-Hub domain is blocked without an injunction, and a likely trademark infringing site, is also blocked without an injunction.

However, the list of blocked domains is believed to be around 2,500 domains, and is not made public, so ORG are unable to check for all possible mistakes.

Jim Killock, Executive Director of Open Rights Group said:

“It is not acceptable for a legal process to result in nearly 40% maladministration. These results show a great deal of carelessness.

“We expect ISPs and rights holders to examine our results and remove the errors we have found as swiftly as possible.

“We want ISPs to immediately release lists of previously blocked domains, so we can check blocks are being removed by everyone.

“Rights holders must make public exactly what is being blocked, so we can be ascertain how else these extremely wide legal powers are being applied."

ORG’s conclusions are: 

  1. The administration process of adding and subtracting domains to be blocked is very poor
  2. Keeping the lists secret makes it impossible to check errors
  3. Getting mistakes corrected is opaque. The ISP pages suggest you go to court.

Examples

Some are potential subject to an injunction, which has not been sought, for instance:
 
 
One directs to a personal blog: 

http://kat.kleisauke.nl 

Full results and statistical breakdowns 

https://www.blocked.org.uk/legal-blocks/errors 

Export full results

https://www.blocked.org.uk/legal-blocks 

For a list of UK injunctions, see: 

The UK has 30 copyright and trademark injunctions, blocking over 150 websites. 

https://wiki.451unavailable.org.uk/wiki/Main_Page

[Read more]


Rights groups to take Government to court over shocking immigration exemption

Today the House of Commons is likely to pass a Data Protection Bill. The Bill includes an immigration exemption that denies people access to their data exactly when they need it the most. The Open Rights Group and the3million are launching a legal challenge to force the Government to remove this exemption, and are asking for support to fund this claim.

This exemption will affect everyone involved in an immigration case, for example: those seeking refuge in the UK, those affected by the Windrush scandal, the three million EU citizens who will have to submit their applications for a new immigration status after Brexit. If this Bill becomes law, people won’t have the right to access their personal data held by the Home Office.

According to the Chief Inspector of Borders and Immigration, the Home Office has a ten percent error rate in immigration status checks. This exemption would allow these mistakes to go unchallenged. These errors could lead to an application being refused or even deportation. 

We are asking people to pledge to support our legal case against the Government so everyone can have equal access to their data and properly access justice. 

To support our legal challenge we are fundraising via Crowdjustice:

www.crowdjustice.com/case/immigrationexemption

Jim Killock Executive Director of Open Rights Group said 

“People will need their personal records to prove that they are entitled to live in the UK. This is a matter of natural justice. Using medical and educational records to trawl for potential suspects is equally worrying, as the government seeks to surveil the population in every way it finds convenient. Mistakes will be made, and lives disrupted or worse.” 

Co-founder of the3million Nicolas Hatton said: 

"The Data Protection Bill is supposed to be about giving people greater control over their data, but it contains an exemption for immigration cases that does exactly the opposite. Everyone should be entitled to know how the Home Office and other government agencies are using their records, and that is why the3million support removing this shocking exemption." 

Rosa Curling, a human rights solicitor from law firm Leigh Day who are acting on behalf of the3million and ORG, said:

 “The immigration exemption creates a discriminatory two-tier system for data protection rights. The clause is incompatible with GDPR, as well as EU law generally and the European Convention on Human Rights. If the exemption is made law, our clients will apply for judicial review. They have spent months trying to persuade the government to remove the exemption from the bill. If they continue to refuse, our clients will have no option but to request the court’s intervention in this matter.”

[Read more]


Age Verification pushed back

The deadline for the implementation of the Government’s potentially disastrous Age Verification scheme has officially been pushed back to ‘before the end of the year’.

The deadline for the implementation of the Government’s potentially disastrous Age Verification scheme has officially been pushed back to ‘before the end of the year’.

Whilst we welcome the delay, Age Verification remains a huge threat to privacy for millions across the UK.

Myles Jackman, ORG’s legal director said:

“This is a chance for the government to rethink the absence of safeguards for privacy and security, but it is frightening to consider that this policy was two weeks away from launch before it was pulled.

“Matt Hancock needs to introduce powers to safeguard privacy immediately before this scheme causes real damage.”

Notes to Editors

The announcement can be found in this press release: https://www.gov.uk/government/news/25m-for-5g-projects-on-the-anniversary-of-the-uks-digital-strategy (ctrl+f - BBFC)

For more information and to contact the Open Right Group, please contact Caitlin Bishop at: caitlin@openrightsgroup.org or on: 0207 0961079 

[Read more]


Government Warned Legal Action Coming if Immigration Exemption Enacted

Formal legal action has been launched against the UK Government today over the inclusion of a specific clause in the new Data Protection Bill which means at least three million people across the country would be unable to find out what personal data the Home Office or other related organisations hold on them under a clause the government claims is needed for ‘effective immigration control’.

Formal legal action has been launched against the UK Government today over the inclusion of a specific clause in the new Data Protection Bill which means at least three million people across the country would be unable to find out what personal data the Home Office or other related organisations hold on them under a clause the government claims is needed for ‘effective immigration control’.

Lawyers from Leigh Day, who are acting on behalf of the3million the largest grassroots organisation of EU citizens living in the UK and the Open Rights Group (ORG) the UK's only digital campaigning organisation working to protect the rights to privacy and free speech online have written to Home Secretary Amber Rudd outlining their concerns and asking for the clause to be removed from the bill.

The3million and ORG are very concerned by the proposed inclusion of the exemption clause, which if it remains, would represent the first time that an immigration exemption has been included in UK data protection laws.

Both groups argue the exemption clause is incompatible with the principles of the General Data Protection Regulation (GDPR), which the bill is designed to implement. Leigh Day’s clients believe the bill, which is intended to strengthen people’s data rights, will have the opposite effect and will create a discriminatory twotier system.

The bill is due to be heard in the House of Commons today.

ORG and the the3million are calling on those who support the campaign to write to their MPs, using the form at openrightsgroup.org, to tell them that the immigration exemption must go.

Rosa Curling, a human rights solicitor from law firm Leigh Day who are acting on behalf of the3million and ORG, said:

“The immigration exemption creates a discriminatory twotier system for data protection rights. The clause is incompatible with GDPR, as well as EU law generally and the European Convention on Human Rights. If the exemption is made law, our clients will apply for judicial review. They have written to the government today to urge it to reconsider and to remove the immigration exemption from the bill without further delay.”

Jim Killock, Executive Director of Open Rights Group, said:

"This is an attempt to disguise the Home Office's mistakes by making sure that their errors are never found. When people are wrongly told to leave, they would find it very hard to challenge.

"Data protection is a basic safeguard to make sure you can find out what organisations know about you, and why they make decisions. Sometimes, during criminal investigations, that isn't appropriate: but immigrants aren't criminals, nor should they be treated as such."

Nicolas Hatton, Chairman of the3million, said:

"The UK Government has proposed setting up a new registration system for EU citizens after the UK leaves the EU, and this will potentially create a database with the personal details of over three million people.

“We need safeguards in place to ensure that these citizens have access to the information held about them, so they are able to appeal Home Office decisions or correct mistakes.

“Everyone should be entitled to know how the Home Office and other government agencies are using their records, and that is why we want this exemption removed."

Notes to editors:

We would be grateful if you could include a hyperlink to the online form to contact your MP in any online coverage.

For more information or to talk to the solicitor leading the case please contact Neil Wardley, PR Manager of Leigh Day, on: 07775 713725 or email nwardley@leighday.co.uk.

For more information or to talk to a member of the3million please contact Maike Bohn, Director of Communications, on 07967 627808 or email maike.bohn@the3million.org.uk.

For more information and to contact the Open Rights Group, please contact Caitlin Bishop at: caitlin@openrightsgroup.org or on: 020 7096 1079.

[Read more]


Open Rights Group respond to court ruling that government surveillance regime unlawful

“Once again, another UK court has found another piece of Government surveillance legislation to be unlawful. The Government needs to admit their legislation is flawed and make the necessary changes to the Investigatory Powers Act to protect the public’s fundamental rights.”

“The Investigatory Powers Act carves a gaping hole in the public’s rights. Public bodies able to access data without proper oversight, and access to that data for reasons other than fighting serious crime. These practices must stop, the courts have now confirmed it. The ball is firmly in the Government’s court to set it right.”

- Matthew Rice, Open Rights Group

 NOTES FOR EDITORS

The Court of Appeal have today announced that, as expected, the mass retention of public data was unlawful. Allowing for public bodies to access retained data without proper oversight, and to do so for reasons other than fighting serious crime is inconsistent with EU law.

Court of appeal ruling

The Open Rights Group intervened in the case in 2014 and have been acknowledged by the Blackstone’s Guide to the IPA Act 2016 as an important factor in the case.

Government consultation

Government consultation response

The case was based on the Data Retention and Investigatory Powers Act (2014) which was replaced by the Investigatory Powers Act in 2016. Whilst DRIPA itself is no longer in force the court of appeal ruling demonstrates the fundamental flaws in the current legislation. The government opened a consultation on the current legislation recently, ceding that independent authorisation was a necessary update, but refusing to engage with our serious concerns in regards to mass retention of data. This ruling is vindication of our position that this retention needs to stop. 

[Read more]