Press releases

Press releases

Dropping Privacy and Civil Liberties Board highlights need for judicial authorisation

Open Rights Group has responded to the announcement in today's Terrorism Acts report that plans for a Privacy and Civil Liberties Board have been dropped.

Policy Director, Javier Ruiz said:

"While Open Rights Group did not feel the proposals for a Privacy and Civil Liberties Board went far enough, its removal highlights the need for more, not less, input from civil society on the reform of surveillance oversight.  ORG is calling for prior authorisation of surveillance decisions by judges, not limited reviews after the event."

The Privacy and Civil Liberties Board was proposed in July 2014 as one of the concessions for the fast-tracking of the Data Retention and Investigatory Powers Act through Parliament.

The Terrorism Acts report is available here.

[Read more]

HIV clinic data breach

Noting the release of hundreds of the 56 Dean Street HIV clinic patients’ names and emails Jim Killock, Executive Director of the Open Rights Group said:

“Incidents like this are all too common and harmful. Organisations need to understand and manage their risks much better. 

“The ICO needs to properly enforce the law. Data breaches create victims and risks that are often impossible to control, once they have occurred.

“EU needs to finish its work on data protection so that better enforcement and fines of 2% of turnover make this a board room issue for every organisation."


[Read more]

10 years for copyright infringement should be limited to criminals causing serious harm

Open Rights Group (ORG) has responded to an Intellectual Property Office (IPO) consultation on proposals to increase the maximum prison sentence for criminal online copyright infringement to 10 years. The would bring sanctions for online copyright infringement in line with those for physical copyright infringement.

ORG agrees with the IPO that the online environment should not confer less protection for copyright holders. However, the IPO's proposals could mean that people who share links and files online without any financial gain could be punished more severely than criminals who commit physical theft, which has a maximum penalty of seven years.

Executive Director, Jim Killock said: 

“The key problem is that copyright infringement requires no ‘intent’ to harm. Someone who shares copyrighted files can face a criminal charge because of the apparent value of the copies shared. The value of share files is hard to estimate and can easily be exaggerated. This makes the criminal copyright offence very wide and could mean heavy-handed sentences for ordinary people and businesses.

“We are asking the IPO to narrow the criminal charge to businesses and people intending to cause serious harm. Ten years in jail is a very harsh punishment, which should be reserved for real criminals who are making financial gains from copyright infringement.”

More information is available here

ORG has created an online form to allow people to respond to the IPO consultation, which closes on August 17.

[Read more]

David Cameron calls to shut down porn sites without age-restricted controls

Open Rights Group has responded to David Cameron’s call to shut down porn sites that don’t have age-restricted controls.

Executive Director, Jim Killock said:

“While the government can shut down UK-based sites, these are few in number and represent a tiny proportion of the global porn industry. Cameron needs to clarify how he wishes to achieve his goals, given that most porn sites are hosted abroad. To block them, the government would have to introduce a national firewall, which would censor sites for everyone, and would likely be widely circumvented.

"While we understand the government’s concern about children accessing pornography, there are no simple tech solutions. We need to make sure that children are being educated by their parents and schools in how to navigate the web safely."

[Read more]

High Court rules that DRIPA is unlawful

Open Rights Group welcomes today's High Court Judgment that the key parts of the Data Retention and Investigatory Powers Act 2014 (DRIPA) are inconsistent with European Union law.

ORG intervened in the successful judicial review brought by David Davis MP and Tom Watson MP, who were represented by Liberty. ORG emphasised the important EU legislation regulating the retention of communications data and the clear legal requirements laid down by the judgment of the Court of Justice of the EU (CJEU) in the Digital Rights Ireland case that struck down the Data Retention Directive.

ORG’s Executive Director Jim Killock said:

“When the Government forced DRIPA through Parliament a year ago, they denied our parliamentarians and the British public a proper debate about how our personal data is being kept by telecoms companies and accessed by the state.

“As many of us pointed out at the time, this was inconsistent with the findings of the CJEU that blanket data retention intruded on our right to privacy. Now that the High Court has agreed that DRIPA does not comply with EU law, we hope that the Government will listen to these concerns.

“In autumn, the Government will present the Investigatory Powers Bill to parliament. This should not be, as rumoured, an attempt by the Home Secretary to re-introduce the Snoopers' Charter, but an opportunity to introduce an effective surveillance law that is compatible with human rights.”

While ORG welcomes Lord Justice Bean and Mr Justice Collins’s judgment, we disagree with their intrepretation of the CJEU ruling. They claim that this ruling did not seek to constrain the retention of communications data. ORG disagrees. We believe that the CJEU was clear that blanket data retention severely interferes with the fundamental rights to respect for private life and to the protection of personal data.

The government is expected to lay a new Bill before Parliament in autumn 2015. It is believed that this Bill may call for an increase in the kinds of data that ISPs will be expected to keep about their customers, including weblogs. ORG believes that this would also be incompatible with EU law.

DRIPA will remain in force until the end of March 2016.

For more information, email or call 020 7096 1079.

[Read more]

ORG response to the RUSI review

Open Rights Group has responded to the Report of the Independent Surveillance Review by the Royal United Services Institute (RUSI).  

ORG’s Executive Director Jim Killock said:

"We’re unsurprised that RUSI has condoned mass surveillance, which now seems to be termed ‘bulk collection’ to disguise the real and disturbing practices of blanket collection, trawling and analysing that create a regime of mass surveillance."

"However, we welcome RUSI's acknowledgement of the need to reform both surveillance laws and the current system for authorising warrants.  We hope that in the Investigatory Powers Bill, the Government will address these serious flaws, raised in both the RUSI and Anderson reviews, rather than extending police and state powers and limiting encryption, as rumoured.”


[Read more]

Open Rights Group files amicus brief in Hungarian data retention case

Open Rights Group, Privacy International and a group of internationally acknowledged experts have filed amicus curiae briefs with the Hungarian Constitutional Court. The case has been brought by the Hungarian Civil Liberties Union (HCLU) against two major service providers, in an attempt to force the Hungarian Constitutional Court to repeal the Hungarian Electronic Communications Act.  

Legal Director of Open Rights Group Elizabeth Knight said: 

"A year ago, the Court of Justice of the European Union ruled that blanket data retention interferes with our fundamental rights to privacy and the protection of our personal data. ORG has already intervened in a case challenging data retention in the UK and hope to see other European countries repeal national legislation that forces companies to keep everyone's personal communications data."

The submissions focus on the importance of EU law and why the Hungarian law does not comply with it. In particular Open Rights Group and Privacy International emphasise: the carefully calibrated EU rules in the field of data retention and data protection; the importance of the retention of ‘communications data’ or ‘metadata’; the seriousness of data retention as an interference with human rights; and the need for effective remedies in national legal systems to address breaches of EU law.

The final ruling of the Hungarian Constitutional Court is expected in one month.

The amicus brief of ORG and PI can be read here.

The amicus brief of the group of international scholars can be read here.

We would like to express special thanks to the barristers Jessica Simor QC (Matrix Chambers), Alison Pickup (Doughty Street Chambers) and Ravi S. Mehta (Blackstone Chambers) who kindly prepared the ORG/PI”s submission pro bono, and to the signatories of the other amicus brief: Kristina Irion, (Central European University and Marie Curie fellow, University of Amsterdam), Franziska Boehm, University of Münster), Nico van Eijk (University of Amsterdam), Eleni Kosta (Tilburg University), Judith Rauhofer (University of Edinburgh), TJ McIntyre (Sutherland School of Law, University College Dublin and Chair, Digital Rights Ireland), Douwe Korff (London Metropolitan University), Ian Brown (University of Oxford), Marie-Pierre F. Granger (Central European University), Natali Helberger (University of Amsterdam), Egbert Dommering (University of Amsterdam (NL), Serge Gutwirth (Vrije Universiteit Brussel), Paul de Hert (Vrije Universiteit Brussel).

For more information, email

[Read more]

Open Rights Group response to ISC Privacy and Security report

The Intelligence and Security Committee (ISC) today released the results of their inquiry into GCHQ's surveillance.

Open Rights Group has responded to the Intelligence and Security Committee’s report into Security and Privacy.

Executive Director, Jim Killock said:

“The ISC's report should have apologised to the nation for their failure to inform Parliament about how far GCHQ’s powers have grown. This report fails to address any of the key questions apart from the need to reform our out-of-date surveillance laws. This just confirms that the ISC lacks the sufficient independence and expertise to hold the agencies to account."

A report published by Open Rights Group, has called for the reform of oversight mechanisms, including the Intelligence and Security Committee, so that they are truly independent, accountable to Parliament and have sufficient technical expertise to tackle the technical, legal and ethical issues around surveillance. We also call for reform of the laws that allow surveillance to be replaced by new comprehensive surveillance legislation that complies with human rights law and reflects the current technical landscape. 

These would mean:

  • Targeted surveillance not mass surveillance
  • Prior judicial authorisation for all surveillance decisions
  • Increasing the legal protection for communications data so that it is the same as for the content of communications
  • Ending statutory definitions that are out outdated in the digital age – such as the current distinctions between 'internal' and ‘external' communications.

ORG’s report is available here: 

[Read more]

Swinney fails to address privacy concerns over Scottish NHS database proposals

Deputy First Minister John Swinney today failed to address the concerns of privacy campaigners over Scottish government  proposals  to expand Scotland’s NHS Central Register. Leader of the Green party MSP Patrick Harvie had asked the Minister about concerns raised by the Open Rights Group (ORG) that the proposals could pave the way for a national ID register in Scotland.  

Executive Director of ORG, Jim Killock said:

’The Minister claims that they are not creating a new database but they are converting the NHS database into a national identity register. He did not explain why there is a need to create a unique identifier to be used across government databases. This is the crucial question that the Scottish Government must answer.'

About the proposals

The National Health Service Central Register (NHSCR) currently holds the names and addresses of around 30% of Scottish residents. Under the proposals, each resident would also be given a unique citizen reference number (UCRN). This number and the data would be made available to around 100 public organisations across Scotland. These range widely in their remit from health, housing, education and the police to Glasgow Airport and the Forestry Commission. The UCRN could be used to track individuals across different public services.

A unique identifier would allow the bulk processing of vast amounts of personal data across agencies, using the UCRN. This would enable data mining, profiling or other techniques that would require the whole population’s personal information to be examined more or less simultaneously.  The consultation is not clear about these activities.  It also doesn’t appear to take into account the many risks that such a database could pose - it could be open to misuse for identity theft or tracking people who for their own security don’t want to be traced - for example victims of domestic violence. 

ORG believes that these are significant changes that would pave the way for a national ID register and put responsibility for such an important database in the hands of National Records Scotland and the NHS. 

We believe that any proposals on this scale should be introduced as primary legislation not as statutory instruments, which would allow a proper public and parliamentary debate.

For more information:

FAQs about the proposals:

ORG’s full response to the consultation:

How people can contact their MSPs about the proposals:  

The NHS Central Register consultation is open to the public until February 25:

[Read more]

NHS database proposals could pave way to ID register in Scotland

Government proposals to expand the National Health Service Central Register (NHSCR) will pave the way for a national ID register in Scotland. The proposals have been made public in a little-known consultation that closes at the end of February. Digital rights campaigners, the Open Rights Group (ORG) believe that the consultation is flawed, misleading and could fundamentally change the relationship between citizen and state.

Open Rights Group Executive Director, Jim Killock said:

“Government proposals that jeopardise our right to privacy need proper consideration. The SNP rejected a national ID register when the UK government tried to introduce ID cards. These proposals could pave the way for a similar scheme in Scotland and are being introduced without a proper debate by the public or MSPs. ”

Most Scottish citizens already have a unique identity number in the NHS system. This plan is to share this unique identifier with up to 120 other Scottish public bodies - including Glasgow Airport, the Royal Botanical Gardens and the Caledonian Maritime Assets Ltd. Scottish residents could then be tracked across all their interactions with public bodies, including your benefits, bus pass travel or library usage.

ORG believes that this is building an ID card system in Scotland and that any such changes should be introduced as primary legislation, which would allow a proper public and parliamentary debate.

ORG has published its response to the consultation here:

ORG is also urging its supporters in Scotland to contact their MSPs about the proposals:

[Read more]