Press releases

Press releases

Home Office tender suggests Government has accepted CJEU ruling on independent authorisation for retained data

The Home Office appears to have acknowledged that it will have to make changes to its surveillance capabilities by posting a tender on the UK Government Digital Marketplace, which calls on businesses to help develop a new “independent communications data authorising body”.

The invitation acknowledges a 2016 judgment by the Court of Justice of the European Union (CJEU or ECJ), stating that:

“The ECJ has recently upheld an appeal which challenges the current UK communications data retention and acquisition regime.”

The judgment set criteria for data retention in national law, requiring independent authorisation. The judgment also stated that blanket data retention is not permissible, and that those whose data had been accessed should be notified.

Executive Director Jim Killock said:

“The Government is still silent on what it expects to do after the CJEU ruling explained that limits must be placed on the retention of our phone and email records.

“The government now needs to explain what changes it proposes. The Home Office must be fairly clear about what it thinks it needs to do, as it is busy lining up IT firms to move authorisation from the police to a new independent body.

“This change would be welcome, but we would expect this to be a matter for Parliament to hear about first, rather than IT contractors.

“Perhaps the government is embarrassed about admitting its years of errors in allowing internal police sign off for people’s phone and email records, however, MPs and the public need to hear exactly what is proposed and why it is needed.”

The CJEU set several criteria for access to communications data data: independent authorisation, circumscribed to serious crime, notification to those affected and restrictions on data being sent outside the EU.

The CJEU also said that there should be notifications to people whose data has been accessed after an investigation is completed.

More fundamentally, the court set out that blanket generalised data retention is unlawful, and should be targeted, possibly to particular time periods, geographical areas or groups likely to be involved in serious crime. The Government must explain how it plans to ensure that UK legislation meets all of these criteria.

Notes to Editors

More information about the CJEU ruling is available here:

The Home Office tender is available here:

[Read more]

Scottish Government drops controversial ID database proposals

Open Rights Group welcomes the Scottish Government’s decision to drop proposals that would have paved the way for a national ID register in Scotland.

Executive Director Jim Killock said:

"We are delighted that the Scottish Government has listened to the concerns of Open Rights Group and our supporters. If these plans had gone ahead, Scotland would have introduced a national ID database that would have tracked Scottish citizens through the public services they use. This would have fundamentally changed the relationship between Scottish citizens and the state. 

“We are very keen to work with the Scottish Government on any future plans to allow Scottish citizens to make accessing services online easier. Privacy must be at the heart of such a system.

“The Scottish Entitlement Card scheme which also links people’s behaviour through the UCRN remains in place and both should be included in the future review.“

The 2015 consultation

The Scottish Government announced the original plans in a consultation that took place in early 2015. The proposal was to use the NHS Central Register to verify personal details as people started to use “myaccount” online government services, and to tie people’s details to the single identifiers in the NHS system as well as the Scottish UCRN (Unique Citizen Reference Number).

If the proposals had been adopted, the UCRN would tie people’s data across 120 other Scottish public bodies – including Glasgow Airport, the Royal Botanical Gardens and the Caledonian Maritime Assets Ltd. Scottish residents could then be tracked across all their interactions with public bodies, including your benefits, bus pass travel or library usage.

After ORG raised awareness of the proposals, over 200 of our supporters made submissions to the consultation. Liberal Democrat and Green MSPs also voiced their concerns and asked questions of the Scottish Government in relation to the proposals.

Notes to Editors

The Scottish Government’s announcement about the dropping of the proposals is here

ORG’s response to the consultation is here.

[Read more]

Digital Economy Bill could make UK citizens vulnerable to blackmail

Changes to the penalties for online copyright infringement could leave UK citizens vulnerable to blackmail by unscrupulous companies that demand payment for alleged copyright infringements.

Proposals in the Digital Economy Bill would mean that anyone found guilty of online copyright infringement could now get up to ten years in prison. These changes could be misused by companies, such as Goldeneye International, which send threatening letters about copyright infringement. Typically, the letters accuse the recipients of downloading files illegally and demand that they pay hundreds of pounds or be taken to court.

Often they refer to downloaded pornographic content, to shame the recipients into paying rather than challenging the company in court. The Citizens Advice Bureau has criticised “unscrupulous solicitors and companies acting on behalf of copyright owners” who take part in such “pay up or else schemes”. It advises people who receive such letters to seek legal advice rather than simply paying them.

How do copyright trolls get ‘evidence'?
Copyright trolls compel Internet Service Providers to hand over the personal contact details of the account holder whose IP addresses are associated with illegal file downloads. However, this in itself is not evidence that the illicit downloading observed is the responsibility of the person receiving the letter.

Common problems include:
• Sharing wifi with family, friends or neighbours who may be the actual infringer

• Errors with timestamps and logs at the ISP

Why the Digital Economy Bill will make this worse
The Government has argued that it is increasing prison sentences to bring the penalties for online copyright infringement in line with copyright infringement in the real world. It also insists that it is not trying to impose prison sentences for minor infringements such as file sharing. However, the loose wording of the Bill means that it could be interpreted in this way, and this will undoubtedly be exploited by unscrupulous companies.

Executive Director Jim Killock said:

“Unscrupulous companies will seize on these proposals and use them to exploit people into paying huge fines for online infringements that they may not have committed.

“The Government needs to tighten up these proposals so that only those guilty of serious commercial copyright infringements receive prison sentences.

“Helping companies send threatening letters to teenagers is in no one's interest.”

What does the Government need to do?
ORG has asked the Government to amend the Digital Economy Bill to ensure that jail sentences are available for serious online copyright infringement. While this will not put an end to the dubious practices of copyright trolls completely, it will prevent them from taking advantage of the law.

Notes to Editors

It isn’t known how many people have been incorrectly targeted by copyright trolls but threads such as the following from suggest that it is common.

The Citizens Advice Bureau gives advice on how to deal with scam copyright claims here.

For further information and interviews, contact:

Notes to Editors

It isn’t known how many people have been incorrectly targeted by copyright trolls but threads such as the following from suggest that it is common. 

The Citizens Advice Bureau gives advice on how to deal with scam copyright claims here

[Read more]

Espionage law would criminalise journalists

ORG condemns one sided Law Commission “consultation”

Reacting to the consultation to create a new “Espionage Act”, Jim Killock, Executive Director of the Open Rights Group said: 

“This is a full frontal attack on journalism, recommending criminalising even examining at secret services' material. The intention is to stop the public from ever knowing that any secret agency has ever broken the law.

“What editor would risk a 12 year sentence for looking at documents?

“It is squarely aimed at future whistleblowers, who would reveal government wrongdoing."

Investigative Journalist Duncan Campbell said:

"It appears the Commission took their instructions solely from the Cabinet Office and did not thoroughly check the history of the Acts. If they had, they would have known that all major parties, in and out of government, agreed that the "mere receipt" of official information should not be a criminal offence—and enacted this in law almost 30 years ago.” 


  1. The current espionage law with the Official Secrets Act under Section 1 does not criminalise receiving government data,even before an editor has had the chance to look at the information and consider the security and public interest issues involved.  
    Although there is not a specific “public interest” defence to current section 1 offences, they requires the accused to be proven to acting against British interests, which in all but one case has been against foreign agents.
  2. Section 2 of the old Official Secrets Act (1911) had to be repealed in 1989 after it was repeatedly used to try and criminalise journalists
  3. Major changes envisaged in the consultation are:
    1. To criminalise getting or publishing any government data leaks, if the govenment claims it will be damaging.  The previous requirement that the government would have to prove that there would be damage has been thrown away.
    2. To make it a criminal offence for non British subjects, or people overseas to undertake any leaking, handling or publication
    3. To reject any public interest defence.
    4. Increase all sentences from 2 years to a suggested 14 years


and particularly the summary of the provisional conclusions at

[Read more]

Stop Trump getting our data

Open Rights Group has called on the Prime Minister to ensure that the UK is not complicit with human rights abuses if President Trump keeps his promises to reinstate waterboarding and torture

Executive Director Jim Killock said:

“MPs endorsed bulk data collection when they passed the Investigatory Powers Act last year. Bulk data about UK and other citizens is freely shared with the US.

“Now, we have a US President who has proposed torturing suspects. The UK Government needs to clarify whether data sharing arrangements will continue if the President Trump acts on these comments.

“It is illegal for the UK to share intelligence if it can be used for torture but, given the close integration of the US and UK intelligence agencies, it is difficult to see how the UK could take a moral stand.”

Trump has threatened to use torture, ban Muslims from entering the US, and expand use of the death penalty. It has been reported that he will ban most refugees and suspend visas for people coming from majority-Muslim countries until an extreme vetting process has been put in place.

US/UK intelligence integration

In 2015, ORG published a report into mass surveillance, which outlined the US and UK’s intelligence agencies close integration: “The five eyes countries share raw data from bulk collection, hacking technology and tools for analysis. However, the Snowden leaks give the firm impression that the UK is the partner in the alliance that works the most closely with the US. The NSA and GCHQ have many joint programmes, including a programme for joint experiments to break encryption.” (2)

According to a Guardian report, the US Government paid at least $100 million to GCHQ between 2010-2013. (3) However, the most significant contribution is the sharing of US technologies to enable UK surveillance to take place. In return, the UK shares bulk data that it would be illegal for the US to collect. For example, in the US it was ruled illegal to do full takes of Internet data going in and out of the country. However, it is legal for GCHQ to collect data in this way, which it then shares with the NSA who are free to search and process it.

Members of the public can sign ORG’s petition to the Prime Minister here.


[Read more]

Parliament must change the Investigatory Powers Act in response to CJEU ruling

The Court of Justice of the European Union (CJEU) has issued a judgment that could force the Government to change the Investigatory Powers Act – just weeks after the surveillance law received royal assent.

The judgment relates to a case brought by Deputy Leader of the Labour Party, Tom Watson MP, over intrusive data retention powers.

The ruling says that:

• Blanket data retention is not permissible 

• Access to data must be authorised by an independent body

• Only data belonging to people who are suspected of serious crimes can be accessed

• Individuals need to be notified if their data is accessed.

At present, none of these conditions are met by UK law.

Open Rights Group intervened in the case together with Privacy International, arguing that the Data Retention and Investigatory Powers Act (DRIPA), rushed through parliament in 2014, was incompatible with EU law. While the Judgment will no longer affect DRIPA, which expires at the end of 2016, it has major implications for the Investigatory Powers Act.

Executive Director Jim Killock said:

“The CJEU has sent a clear message to the UK Government: blanket surveillance of our communications is intrusive and unacceptable in a democracy.  

“The Government knew this judgment was coming but Theresa May was determined to push through her snoopers’ charter regardless. The Government must act quickly to re-write the IPA or be prepared to go to court again.”

Data retention powers in the Investigatory Powers Act will come into effect on 30 Dec 2016. These mean that ISPs and mobile phone providers can be obliged to keep data about our communications, including a record of the websites we visit and the apps we use. This data can be accessed by the police but also a wide range of organisations like the Food Standards Agency, the Health and Safety Executive and the Department of Health.

Notes to Editors

MPs Tom Watson and David Davis challenged the Government over the powers within the Data Retention and Investigatory Powers Act, which was rushed through parliament in July 2014. David Davis MP withdrew from the case after being appointed Minister for Brexit. In 2015, the High Court found that parts of DRIPA were unlawful and incompatible with EU law. The Government appealed and the case was referred to the CJEU for clarification of an earlier judgment, which saw the Data Retention Directive struck down.

DRIPA expires at the end of December 2016 but will be replaced by data retention obligations in the IPA, which come into effect on Dec 30.

For more information, email



[Read more]

Government admits that Twitter could be forced to block accounts for UK users

Social media platforms such as Twitter could be forced to block accounts that are linked to porn sites that don’t verify the age of their users.

Please sign the petition against these proposals

Proposals in the Digital Economy Bill will allow the BBFC to compel Internet Service Providers to block websites that don’t comply with age verification.

Ancillary services - such as payment providers or advertisers - will also be forced to stop providing services to these sites. The Government has confirmed that the term “ancillary services” can include any service that facilitates a non-compliant publisher, including social media platforms such as Twitter.

This would mean that a Twitter account that links to a non-compliant porn site could be blocked to UK users. However, accounts from BBFC compliant sites won’t be blocked and will be able to post pornography to their Twitter feeds even if under 18s can see it.

Executive Director Jim Killock said:

“The Government started with age verification, moved onto web censorship and now wants to block Twitter accounts."

“While these proposals are damaging for free speech, they are also absurd. Some Twitter accounts could be blocked for being associated with a porn site while others will be freely able to share pornography to Twitter users of any age.”

It has been estimated that one in every thousand tweets is porn.

Notes to Editors

From the Digital Economy Bill second reading

Lord Ashton of Hyde Parliamentary Under-Secretary (Department for Culture, Media and Sport): “The Government believe that services, including Twitter, can be classified by regulators as ancillary service providers where they are enabling or facilitating the making available of pornographic or prohibited material. This means that they could be notified of commercial pornographers to whom they provide a service but this will not apply to material provided on a non-commercial basis.”

Baroness Benjamin: “I was particularly delighted that the noble Baroness, Lady Shields, confirmed to the Lords Communications Committee on 29 November that: “The Bill covers ancillary services. There was a question about Twitter. Twitter is a user-generated uploading-content site. If there is pornography on Twitter, it will be considered covered under ancillary services”.

For more information, contact

[Read more]

Investigatory Powers Act is UK's most extreme surveillance law

Digital rights campaigners, Open Rights Group has responded to the announcement that the Investigatory Powers Bill has received royal assent.

Executive Director Jim Killock said:

“Amber Rudd says the Investigatory Powers Act is world-leading legislation. She is right, it is one of the most extreme surveillance laws ever passed in a democracy. Its impact will be felt beyond the UK as other countries, including authoritarian regimes with poor human rights records, will use this law to justify their own intrusive surveillance regimes.

“Although there are some improvements to oversight, the Bill will mean the police and intelligence agencies have unprecedented powers to surveil our private communications and Internet activity, whether or not we are suspected of a crime.”

“Theresa May has finally got her snoopers’ charter and democracy in the UK is the worse for it.”

In recent weeks 130,000 people have signed a parliament petition calling for the Bill’s repeal which means parliament must consider debating it again.

A ruling by the Court of Justice of the European Union, expected next year, may mean that parts of the Bill are shown to be unlawful and need to be amended.

For more information, contact







[Read more]

MPs vote for a national censor

MPs have voted to allow a new regulator - expected to be the BBFC - to censor legal porn websites.

Amendments to the Digital Economy Bill were accepted by MPs during its third reading yesterday. This will mean that the the BBFC in its new role can instruct Internet Service Providers to block access to porn websites that don’t verify the age of their users, even though their content is legal in the UK.

In addition, sites that are not sanctioned must obey the regulator’s instructions and censor what is deemed unacceptable. The BBFC has indicated that:

  • Porn websites must censor ‘non-conventional sex acts’ that are unclassified in the UK. This could include whipping that causes marks, female ejaculation, acts involving urination and sex during menstruation.

  • Sites that do not censor according to the BBFC’s instructions could be sanctioned and blocked.

Executive Director, Jim Killock said:

“If the Digital Economy Bill is passed, the BBFC will have the power to instruct ISPs to block thousands of websites. This is unprecedented in the UK and the developed world.

“In the short term, this is likely to disproportionately affect sexual minorities. However, there are wider implications for free speech. Once this administrative power to block websites is in place, it will invariably be used to censor other content. MPs have already asked why other material that is unsuitable for children is not being censored.”

In addition, the proposals to demand that pornographic websites use age verification technology still have no privacy safeguards. Labour tabled an amendment outlining privacy duties for the regulator, but this was not adopted. The Government did not table any alternative privacy amendments.

Killock added: “Websites could choose age verification tools that cause risk data leaks, tracking and even encourage credit card fraud unless the government place privacy standards into the bill. “This is incredibly irresponsible.”

More than 11,000 people have signed an Open Rights Group petition calling for parliament to reject these plans.

For more information, contact

[Read more]

Petition means that parliament must consider IP Bill debate

Over 110,000 people have signed a parliament UK petition calling for the repeal of the Investigatory Powers Bill. This means that it will be considered for a debate by parliament.

Executive Director Jim Killock said:

“The IP Bill was debated and passed while the public, media and politicians were preoccupied by Brexit. Now that the Bill has passed, there is renewed concern about the extent of the powers that will be given to the police and security agencies.

"In particular, people appear to be worried about new powers that mean our web browsing activity can be collected by Internet Service Providers and viewed by the police and a whole range of government departments.

"Parliament may choose to ignore calls for a debate but this could undermine public confidence in these intrusive powers.

"A debate would also be an opportunity for MPs to discuss the implications of various court actions, which are likely to mean that the law will have to be amended. ”

Legal challenges to the IP Bill

The Court of Justice of the European Union (CJEU) is due to clarify its rulings on data retention in a case brought by Labour MP Tom Watson, which ORG intervened in. The CJEU’s judgment could mean that parts of the IP Bill are shown to be unlawful and need to be amended. This could mean further restrictions around the data that is collected, how it can be used, and how it is accessed.

ORG is also one of a number of organisations who have brought a case to the European Court of Human Rights, arguing that the UK’s surveillance regime breaches our right to privacy.

Notes to Editors

The IP Bill has been passed by MPs and peers and is awaiting royal assent, which is expected to take place before the end of 2016.

The IP Bill will mean that:

  • Internet Service Providers could be obliged to store their customers’ web browsing history for a year. The police and government departments will have unprecedented powers to access this data through a search engine that could be used for profiling.
  • The security services will continue to have powers to collect communications data in bulk.
  • The police and security services will have new hacking powers.
  • The security services can access and analyse public and private databases, even though the majority of data will be held about people who are not suspected of any crimes.

The IP Bill petition is here



[Read more]