Category Archives: Freedom of expression

Communicating Responsibilities: The Spanish DPA targets Google’s Notification Practices when Delisting Personal Information

In this guest post, David Erdos, University Lecturer in Law and the Open Society, University of Cambridge, considers the 2016 Resolution made by the Spanish Data Protection Authority in relation to Google’s approach to de-listing personal information. 

Spanish Data protection authorityThe Court of Justice’s seminal decision in Google Spain (2014) represented more the beginning rather than the endpoint of specifying the European data protection obligations of search engines when indexing material from the web and, as importantly, ensuring adherence to this.

In light of its over 90% market share of search, this issue largely concerns Google (even Bing and Yahoo come in a very distant second and third place).  To its credit, Google signalled an early willingness to comply with Google Spain.  At the same time, however, it construed this narrowly.  Google argued that it only had to remove specified URL links following ex post demands from individual European citizens and/or residents (exercising the right to erasure (A. 12c) and or objection (A. 14)), only as regards searches made under their name, only on European-badged search searches (e.g. .uk, .es) and even if the processing violated European data protection standards not if the processing was judged to be in the ʻpublic interestʼ.

It also indicated that it would inform the Webmasters of the ʻoriginalʼ content when de-listing took place (although it signalled that it would stop short of its usual practice of providing a similar notification to individual users of its services, opting instead for a generic notice only).

In the subsequent two and a half years, Google’s approach has remained in broad terms relatively stable (although from early 2015 it did stop notifying Webmasters when de-listing material from malicious porn sites (p. 29) and from early 2016 it has deployed (albeit imperfect) geolocation technology to block the return of de-listing results when using any of version of the Google search engine (e.g. .com) from the European country from where the demand was lodged).

Many (although not all) of these limitations are potentially suspect under European data protection, and indeed private litigants have (successfully and unsuccessfully) already brought a number of challenges.  No doubt partly reflecting their very limited resources, European Data Protection Authorities (DPAs) have adopted a selective approach, targeting only those issues which they see as the most critical.  Indeed, the Article 29 Working Party November 2014 Guidelines focussed principally on two concerns:

  • Firstly, that the geographical scope of de-listing was too narrow. To ensure “effective and complete protection” of individual data subjects, it was necessary that de-listing be “effective on all relevant domains, including .com”.
  • Secondly, that communication to third parties of data concerning de-listing identifiable to particular data subjects should be both very limited and subject to strong discipline. Routine communication “to original webmasters that results relating to their content had been delisted” was simply unlawful and, whilst in “particularly difficult cases” it might in principle be legitimate to contact such publishers prior to making a de-listing decision, even here search engines must then “take all necessary measures to properly safeguard the rights of the affected data subject”.

Since the release of the Guidelines, the French DPA has famously (or infamously depending on your perspective!) adopted a strict interpretation of the first concern requiring de-listing on a completely global scale and fining Google €100K for failing to do this.  This action has now been appealed before the French Conseil d’État and much attention has been given to this including by Google itself.  In contrast, much less publicity has been given to the issue of third party communication.

Nevertheless, in September 2016 the Spanish DPA issued a Resolution fining Google €150K for disclosing information identifiable to three data subjects to Webmasters and ordered it to adopt measures to prevent such practices reoccurring.  An internal administrative appeal lodged by Google against this has now been rejected and a challenge in court now seems inevitable.  This piece explores the background to, nature of and justification for this important regulatory development.

The Determinations Made in the Spanish Resolution

Apart from the fact that they had formally complained, there was nothing unusual in the three individual cases analysed in the Spanish Resolution.  Google had simply followed its usual practice of informing Webmasters that under data protection law specified URLs had been deindexed against a particular (albeit not directly specified) individual name.  Google sought to defend this practice on four separate grounds:

  • Firstly, it argued that the information provided to Webmasters did not constitute personal data at all. In contrast, the Spanish regulator argued that in those cases where the URL led to a webpage in which only one natural person was mentioned then directly identifiable data had been reported, whilst even in those cases where several people were mentioned the information was still indirectly identifiable since a simple procedure (e.g. conducting a search on names linked to the webpage in question) would render the information fully identified.  (Google’s argument here in any case seemed to be in tension with its practice since September 2015 of inviting contacted Webmasters to notify Google of any reason why the de-listing decision should be reconsidered – this would only really make sense if the Webmaster could in fact deduce what specific de-listing had in fact taken place).
  • Second, it argued that, since its de-listing form stated that it “may provide details to webmaster(s) of the URLs that have been removed from our search results”, any dissemination had taken place with the individual’s consent. Drawing especially on European data protection’s requirement that consent be “freely given” (A. 2 (h)) this was also roundly rejected.  In using the form to exercise their legal rights, individuals were simply made to accept as a fait accompli that such dissemination might take place.
  • Third, it argued that dissemination was nevertheless a compatible” (A. 6 (1) (b)) processing of the data given the initial purpose of its collection, finding a legal basis as necessary” for the legitimate interests (A. 7 (f)) of Webmasters regarding this processing (e.g. to contact Google for a reconsideration). The Spanish DPA doubted that Webmasters could have any legitimate interest here since “search engines do not recognize a legal right of publishers to have their contents indexed and displayed, or displayed in a particular order”, the Court of Justice had only referenced that the interests of the search engine itself and Internet users who might receive the information were engaged and, furthermore, had been explicit that de-listing rights applied irrespective of whether the information was erased at source or even if publication there remained lawful.  In any case, it emphasized that any such interest had (as article 7 (f) explicitly states) to be balanced with the rights and freedoms of data subjects which the Court had emphasized must be “effective and complete” in this context.  In contrast, Google’s practice of essentially unsafeguarded disclosure of the data to Webmasters could result in the effective extinguishment of the data subject’s rights since Webmasters had variously republished the deindexed page against another URL, published lists of all URLs deindexed or even published a specific news story on the de-listing decision.
  • Fourth, Google argued that its practice was an instantiation of the data subject’s right to obtain from a controller “notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking” carried out in compliance with the right to erasure “unless this provides impossible or involves a disproportionate effort” (A. 12 (c)). The Spanish regulator pointed out that since the data in question had originally been received from rather than disclosed to Webmasters, this provision was not even materially engaged.  In any case, Google’s interpretation of it was in conflict with its purpose which was to ensure the full effectiveness of the data subject’s right to erasure.

Having established an infringement of the law, the Spanish regulator had to consider whether to pursue this as an illegal communication of data (judged ʻvery seriousʼ under Spanish data law) or only as a breach of secrecy (which is judged merely as ʻseriousʼ).  In the event, it plumped for the latter and issued a fine of €150K which was in the mid-range of that set out for ʻseriousʼ infringements.  As previously noted, it also injuncted Google to adopt measures to prevent re-occurrence of these legal failings and required that these be communicated to the Spanish DPA.

Analysis

This Spanish DPA’s action tackles a systematic practice which has every potential to fundamentally undermine practical enjoyment of rights to de-listing and is therefore at least as significant as the ongoing regulatory developments in France which relate to the geographical scope of these rights.  It was entirely right to find that personal data had been disseminated, that this had been done without consent, that the processing had nothing to do with the right (which, in any case, is not an obligation) of data subjects to have third parties notified in certain circumstances and that this processing was “incompatible” with the initial purpose of data collection which was to ensure data subject’s legal rights to de-listing.

It is true that the Resolution was too quick to dismiss the idea that original Webmasters do have “legitimate interests” in guarding against unfair de-listings of content.  Even in the absence of a de jure right to such listings, these interests are grounded in their fundamental right to “impart” information (and ideas), an aspect of freedom of expression (ECHR, art. 10; EU Charter, art. 11).   In principle, these rights and interests justify search engines making contact with original Webmasters, at the least as the Working Party itself indicated in particularly difficult de-listing cases.

However, even here dissemination must (as the Working Party also emphasized) properly safeguard the rights and interest of data subjects.  At the least this should mean that, prior to any dissemination, a search engine should conclude a binding and effectively policeable legal contract prohibiting Webmasters from disseminating the data in identifiable form.  (In the absence of this, those Webmasters out of European jurisdiction or engaged in special/journalistic expression cannot necessarily be themselves criticized for making use of the information received in other ways).

In stark contrast to this, Google currently engages in blanket and essentially unsafeguarded reporting to Webmasters, a practice which has resulted in a breakdown of effective protection for data subjects not just in Spain but also in other European jurisdictions such as the UK – see here and here.  Having been put on such clear notice by this Spanish action, it is to be hoped the Google will seriously modify its practices.  If not, then regulators would have every right to deal with this in the future as a (yet more serious) illegal and intentional communication of personal data.

Future Spanish Regulatory Vistas

The cases investigated by the Spanish DPA noted in this Resolution also involved the potential dissemination of data to the Lumen transparency database (formally Chilling Effects) which is hosted in the United States, the potential for subsequent publication of identifiable data on its publicly accessible database and even the potential for a specific notification to be provided to Google users conducting relevant name searches detailing that “[i]n response to a legal requirement sent to Google, we have removed [X] result(s) from this page.  If you wish, you can get more information about this requirement on LumenDatabase.org.

This particular investigation, however, failed to uncover enough information on these important matters.  Google was adamant that it had not yet begun providing information to Lumen in relation to data protection claims post-Google Spain, but stated that it was likely to do so in the future in some form.  Meanwhile, it indicated that the specific Lumen notifications which were found on name searches regarding two of the claimants concerned pre-Google Spain claims variously made under defamation, civil privacy law and also data protection.  (Even putting to one side the data protection claim, such practices would still amount to a processing of personal data and also highlight the often marginal and sometimes arbitrary distinctions between these very related legal causes of action).

Given these complications, the Spanish regulator decided not to proceed directly regarding these matters but rather open more wide-ranging investigatory proceedings concerning both Google’s practices in relation to disclosure to Lumen and also notification provided to search users.  Both sets of investigatory proceedings are ongoing.  Such continuing work highlights the vital need for active regulatory engagement to ensure that the individual rights of data subjects are effectively secured.  Only in this way will basic European data protection norms continue to ʻcatch upʼ not just with Google but with developments online generally.

David Erdos, University Lecturer in Law and the Open Society, Faculty of Law & WYNG Fellow in Law, Trinity Hall, University of Cambridge.

(I am grateful to Cristina Pauner Chulvi and Jef Ausloos for their thoughts on a draft of this piece.)

This post first appeared on the Inforrm blog. 

Media Freedom: ‘Without action the Commonwealth’s fine words will fail to impress.’

ICommonwealth flagn this guest post, journalist and Africa analyst Martin Plaut, calls on the Commonwealth to take a more robust view on new threats to journalistic independence. Do they challenge democracy and human rights as much as freedom of speech?

The Commonwealth has a problem: it has little credibility on the question of media freedom. Its members adopted a Human Rights Charter in March 2013 which stated plainly that: ‘We are committed to peaceful, open dialogue and the free flow of information, including through a free and responsible media, and to enhancing democratic traditions and strengthening democratic processes.’ Yet many of them have a less than savoury record in this area.

Out of 180 states assessed by Reporters Without Borders, Brunei is 155th, Singapore 154th and Swaziland 153rd. This is the summary of Brunei’s media offered by the BBC: ‘Brunei’s media are neither diverse nor free. The private press is either owned or controlled by the royal family, or exercises self-censorship on political and religious matters.’ Much the same could be said of Swaziland, while in Singapore the media is largely state-owned and journalists are restricted by rigorous defamation and contempt laws (The Guardian).

Where there has been dissent and opposition they have been suppressed. Consider the case of the Gambia, which left the Commonwealth in 2013. The newly installed President, Adama Barrow, has announced that it will return. In the upheaval and tension surrounding his election and the refusal of his processor, Yahya Jammeh, to accept the result, social media were disrupted. Twitter and WhatsApp, which had been used to organise resistance to President Jammeh’s rule, were unavailable, as the internet was cut. The return of social media was hailed as an indication that his 22 year rule was finally over.

Commonwealth journalists have now begun agitating for the organisation to take a more robust view. A Centre for Freedom of the Media has been established, led by William Horsley (another former BBC journalist). He welcomed the call by the new Commonwealth secretary-general, Patricia Scotland, for a ‘vibrant and responsible media’ and her claim that this is ‘vital to advancing our Commonwealth goals of democracy, development, rule of law and respect for diversity.’

But, as William Horsley points out, warm words are not enough. He called for action to support the declarations: ‘Journalists in the Commonwealth Journalists Association (CJA), together with the Commonwealth Press Union Media Trust and some experienced lawyers and members of other professional groups associated with the Commonwealth, argue that it is high time for that to change. We are putting forward draft proposals for a Commonwealth Charter on the media and good governance, to be accompanied by effective mechanisms for assessing and helping to deliver remedies for serious and persistent violations.’

The media is a vital watchdog across the developing world. In many countries it is among the last effective forms of resistance to corruption and misrule. One only has to think of the role of the independent media in curbing the abuses of the Zuma government to see that this is the case. Yet they pay a high price for this work.

As William Horsley rightly observes: ‘The reality is that many journalists or bloggers have been attacked or even killed for their work in recent years in Sri Lanka, Pakistan, India, Bangladesh, Nigeria and Uganda, all Commonwealth states,’ (Time for a new Commonwealth initiative on media freedom).

It is time that these abuses end and that the perpetrators of these attacks are tried for their crimes. Without action the Commonwealth’s fine words will fail to impress.

This post first appeared on the School of Advanced Studies, Talking Humanities blog

Martin Plaut is a journalist and senior research fellow at the Institute of Commonwealth Studies at the School of Advanced Study, University of London. 

He will be speaking at The Commonwealth and Challenges to Media Freedom conference (4–5 April at Senate House), organised by the Institute of Commonwealth Studies.

It’s the inaugural event of the School’s Centre of Commonwealth and Media Freedom, and will bring together leading Commonwealth journalists, academics, lawyers, magistrates, judges, policymakers and human rights practitioners. Advance registration is required. Tickets: standard (£40), concessions (£15).

Conference: The Commonwealth and Challenges to Media Freedom

Media freedom 250pxDate
4 Apr 2017, 10:00 to 5 Apr 2017, 18:00

Venue
Institute of Advanced Legal Studies
17 Russell Square, London WC1B 5DR

Book Online: SAS Events Calendar

Description: Convenor: Sue Onslow, ICwS Senior Lecturer and Co-Investigator, The Oral History of the Commonwealth Project

This conference will draw together members of the Commonwealth Journalists Association, the Commonwealth Lawyers and Magistrates and Judges Association, as well as journalists and policy makers. The two day meeting will address government channels and information flows (looking at the examples of government interference and restrictions in Malaysia, South Africa, Botswana and Sri Lanka); media, elections and post-election contests (with East and Central African case studies of Uganda, Kenya and Rwanda); and the particular challenges facing journalists, bloggers and social media in low-intensity conflict zones (Kashmir, Pakistan and Bangladesh).  The Institute feels strongly there is no room for complacency in the UK in the post-Leveson environment, nor should the Indian government and society feel itself immune from regional manifestations of threats and personal violence. Therefore these aspects will also be included in the discussion.

Confirmed Speakers:

Kishali Pinto Jayawardena
Gwen Lister, Executive Chair: Namibia Media Trust (NMT)
Irene Ovonji Odida, Exec. Director, Uganda Assoc. of Women Lawyers
Dan Branch, University of Warwick
William Crawley, ICwS
Kiran Hassan, SOAS
Kayode Samuel
Nupur Basu

Kindly sponsored by SAS, the Commonwealth Press Union Media Trust, The Round Table and Asian Affairs

Registration Fee: Standard – £40, Concessions – £15

Further Information: Speaker BiosConference Outline

Signed Statement Condemns DHS Proposal to Demand Passwords to Enter the U.S.

A group of 50 organisations and nearly 90 individual experts have signed a statement against the US Department of Homeland Security’s (DHS) proposal to ask non-citizens to provide the passwords to their social media accounts in order to enter the United States.

The social media password proposal was raised by Secretary John Kelly at the House Homeland Security Committee hearing on 7th February.

The signed statement, which has been organised by the Center for Democracy & Technology, recognises the United States Government’s need to protect its borders but argues that a “blanket policy of demanding passwords” would “undermine security, privacy, and other rights”.

To view the full statement with list of signatories please click here.

Call for papers: Critical Research in Information Law

Deadline 15 March 2017

The Information Law Group at the University of Sussex is pleased to announce its annual PhD and Work in Progress Workshop on 3 May 2017. The workshop, chaired by Professor Chris Marsden, will provide doctoral students with an opportunity to discuss current research and receive feedback from senior scholars in a highly focused, informal environment. The event will be held in conjunction with the Work in Progress Workshop on digital intermediary law.

We encourage original contributions critically approaching current information law and policy issues, with particular attention on the peculiarities of information law as a field of research. Topics of interest include:

  • internet intermediary liability
  • net neutrality and media regulation
  • surveillance and data regulation
  • 3D printing
  • the EU General Data Protection Regulation
  • blockchain technology
  • algorithmic/AI/robotic regulation
  • Platform neutrality, ‘fake news’ and ‘anti-extremism’ policy.

How to apply: Please send an abstract of 500 words and brief biographical information to Dr Nicolo Zingales  by 15 March 2017. Applicants will be informed by 30 March 2017 if selected. Submission of draft papers by selected applicants is encouraged, but not required.

Logistics: 11am-1pm 3 May in the Moot Room, Freeman Building, University of Sussex.

Afternoon Workshop: all PhD attendees are registered to attend the afternoon workshop 2pm-5.30pm F22 without charge (programme here).

Financial Support: Information Law Group can repay economy class rail fares within the UK. Please inform the organizers if you need financial assistance.

Your next social network could pay you for posting

In this guest post, Jelena Dzakula from the London School of Economics and Political Science considers what blockchain technology might mean for the future of social networking. 

You may well have found this article through Facebook. An algorithm programmed by one of the world’s biggest companies now partially controls what news reaches 1.8 billion people. And this algorithm has come under attack for censorship, political bias and for creating bubbles that prevent people from encountering ideas they don’t already agree with.

blockchainNow a new kind of social network is emerging that has no centralised control like Facebook does. It’s based on blockchain, the technology behind Bitcoin and other cryptocurrencies, and promises a more democratic and secure way to share content. But a closer look at how these networks operate suggests they could be far less empowering than they first appear.

Blockchain has received an enormous amount of hype thanks to its use in online-only cryptocurrencies. It is essentially a ledger or a database where information is stored in “blocks” that are linked historically to form a chain, saved on every computer that uses it. What is revolutionary about it is that this ledger is built using cryptography by a network of users rather than a central authority such as a bank or government.

Every computer in the network has access to all the blocks and the information they contain, making the blockchain system more transparent, accurate and also robust since it does not have a single point of failure. The absence of a central authority controlling blockchain means it can be used to create more democratic organisations owned and controlled by their users. Very importantly, it also enables the use of smart contracts for payments. These are codes that automatically implement and execute the terms of a legal contract.

Industry and governments are developing other uses for blockchain aside from digital currencies, from streamlining back office functions to managing health data. One of the most recent ideas is to use blockchain to create alternative social networks that avoid many of the problems the likes of Facebook are sometimes criticised for, such as censorship, privacy, manipulating what content users see and exploiting those users.

Continue reading

Implementing Leveson, how the national newspaper groups use the local press as “human shields” – Hugh Tomlinson QC

In this guest post, Hugh Tomlinson QC, Chair of Hacked Off, considers the press’s response to the Government’s consultation on the implementation of Section 40 of the Crime and Courts Act 2013 – a significant component in the Leveson system of press regulation.   

nottingham-postThe local press has, over the past few weeks, been running an anti-Leveson campaign in response to the Government’s unfair and unbalanced consultation on the implementation of Leveson. The themes are familiar: local newspapers are the life blood of democracy, they didn’t do phone hacking but they will be financially ruined if section 40 is implemented.

The first two points are true but the third is not. The innocent and popular local press is being used by its guilty and unpopular national big brothers to defend the indefensible – as a “human shield” against proper regulation.

Let’s take the example of the response of the Nottingham Post. This is a daily newspaper with a circulation of 18,000 in Nottingham and the surrounding area. It provides a valuable service to the local community and is, indeed, essential to local democracy. But it is not a plucky little independent paper struggling to survive. It is owned by Trinity Mirror, a profitable newspaper group with an annual turnover of around £200 million.

It should be remembered that although there are over 1,000 distinct daily and weekly newspapers in the UK, five publishers own 80% of these titles. In other words, the typical local newspaper is not a struggling small business, but part of a larger media corporation. Many of these local newspaper owning groups are profitable, despite the severe pressures on the local press resulting from the decline in classified advertising.

Back to the Nottingham Post. This local newspaper – along with all the others owned by Trinity Mirror – has refused to submit itself to independent regulation but, instead, has joined the body created by the national newspapers, IPSO. This has, of course, not carried out meaningful regulation of any kind.

So why will the Nottingham Post not join an independent regulator? After all, it is something that opinion poll evidence shows is overwhelming favoured by the public.

The Nottingham Post gives its readers two reasons.

First, it says that if it had to sign up to a recognised regulator such as Impress it would be forced to

“commit to a potentially expensive compulsory arbitration process They could well have to find thousands of pounds to contest every case heard, as complainants queued up to cash in on minor errors when a swift apology would suffice”.

So, it is said, “potentially” a local newspaper “could well” face additional expenditure under the arbitration system offered by Impress to readers. This is, of course, not an argument available to the big national newspaper groups. An arbitration system would save them large sums in court costs – their concern is not low cost arbitration but avoiding independent and effective regulation.

The local press is being used to advance an argument against section 40 to shield the national press from the full operation of the balanced Leveson for audited self-regulation. But the argument does not work, even for the local press. There are four reasons for this:

  • As the use of the word “potentially” shows, there is no evidence whatever that the arbitration process will be expensive for the local press. The claim is pure scaremongering. Of the 140 IPSO complaints brought against local newspapers over the past 2 years only 14 could even theoretically give rise to a legal claim – at most there are likely to be a handful of arbitration claims against the local press. Bad claims would be weeded out by the arbitrator at an early stage. The likely additional cost to local newspapers would be negligible.
  • The suggestion that “minor errors” would give rise to arbitration claims is a deliberate misrepresentation – an arbitration claim can only be brought if there is a legal “cause of action” such as defamation or privacy. “Minor errors” do not give rise to legal claims.
  • Arbitration is cheap. That is its most obvious virtue. At Impress a claimant will pay less than £100, while a newspaper’s costs need not rise above a few thousand – a tiny fraction of court costs.
  • The Royal Charter contains specific provision to protect local newspapers against even the costs of arbitration – where they have been caused serious financial harm the PRP can allow a recognised regulator to proceed on the basis that that the local and regional press need not participate in the arbitration system. This provision was inserted into the Royal Charter specifically to assist the local press – but they never mention it.

Second it is said, that IPSO has refused to seek recognition by the PRP

“for the simple reason that it believes it would be submitting to state regulation”.

This is nonsense. The PRP is not a “regulator” at all – it is simply a body that audits regulators to determine whether they come up to proper standards. Seeking recognition from the PRP is not, in any sense, “submitting to state regulation”. What is more, the national press (who control IPSO) have no principled objection to “state recognition”. As Lord Justice Leveson pointed out, the Irish Press Council is underpinned by statute and has “been accepted without demur” by the leading UK newspaper publishers, including Trinity Mirror. There is no “objection of principle”

The Nottingham Post, dancing to the tune of its Trinity Mirror masters, has no proper arguments against the implementation of section 40. Although the Post did not engage in phone hacking and the wholesale abuse of victims, its ultimate owners did. The Post is one of many local and regional papers acting as “human shields” – providing the excuses to justify a last-ditch attempt by the national newspaper groups to avoid participating in a proper system of regulation.

Hugh Tomlinson QC is the Chair of Hacked Off, the campaign for a free and accountable press which is urging supporters to respond to the Leveson implementation consultation.

This post first appeared on the Inforrm blog. It does not represent the views of the Information Law and Policy Centre or the Institute of Advanced Legal Studies. 

Information Law and Policy Centre’s annual workshop highlights new challenges in balancing competing human rights

dsc_0892  dsc_0896  dsc_0898

Our annual workshop and lecture – held earlier this month – brought together a wide range of legal academics, lawyers, policy-makers and interested parties to discuss the future of human rights and digital information control.

A number of key themes emerged in our panel sessions including the tensions present in balancing Article 8 and Article 10 rights; the new algorithmic and informational power of commercial actors; the challenges for law enforcement; the liability of online intermediaries; and future technological developments.

The following write up of the event offers a very brief summary report of each panel and of Rosemary Jay’s evening lecture.

Morning Session

Panel A: Social media, online privacy and shaming

Helen James and Emma Nottingham (University of Winchester) began the panel by presenting their research (with Marion Oswald) into the legal and ethical issues raised by the depiction of young children in broadcast TV programmes such as The Secret Life of 4, 5 and 6 Year Olds. They were also concerned with the live-tweeting which accompanied these programmes, noting that very abusive tweets could be directed towards children taking part in the programmes.

Continue reading

Open letter in the Daily Telegraph: Concerns with ‘information sharing’ provisions in the Digital Economy Bill

Associate research fellow at the Information Law and Policy Centre and lecturer in media and information law at the University of Sussex, Dr Judith Townend, is among the signatories of this letter published on the letters page of the Telegraph on 25/11/2016 [subscription required].

SIR – We wish to highlight concerns with “information sharing” provisions in the Digital Economy Bill.

The Bill puts government ministers in control of citizens’ personal data, a significant change in the relationship between citizen and state. It means that personal data provided to one part of government can be shared with other parts of government and private‑sector companies without citizens’ knowledge or consent.

Government should be strengthening, not weakening, the protection of sensitive information, particularly given the almost daily reports of hacks and leaks of personal data. Legal and technical safeguards need to be embedded within the Bill to ensure citizens’ trust. There must be clear guidance for officials, and mechanisms by which they and the organisations with whom they share information can be held to account.

The Government’s intention is to improve the wellbeing of citizens, and to prevent fraud. This makes it especially important that sensitive personal details, such as income or disability, cannot be misappropriated or misused – finding their way into the hands of payday-loan companies, for example. Information sharing could exacerbate the difficulties faced by the most vulnerable in society.

The Government should be an exemplar in ensuring the security and protection of citizens’ personal data. If the necessary technical and legal safeguards cannot be embedded in the current Bill and codes of practice, we respectfully urge the Government to remove its personal data sharing proposals in their entirety.

Dr Jerry Fishenden
Co-Chairman, Cabinet Office Privacy and Consumer Advisory Group (PCAG)

Renate Samson
Chief Executive, Big Brother Watch

Ian Taylor
Director, Association of British Drivers

Jo Glanville
Director, English PEN

Jodie Ginsberg
Chief Executive Officer, Index on Censorship

Dr Edgar Whitley
Co-Chairman, Cabinet Office PCAG and London School of Economics and Political Science

David Evans
Director of Policy, BCS – The Chartered Institute for IT

Dr Gus Hosein
Executive Director, Privacy International and Member of Cabinet Office PCAG

Rachel Coldicutt
Chief Executive Officer, Doteveryone

Roger Darlington
Chairman, Consumer Forum for Communications

Dr Kieron O’Hara
Associate Professor Electronics and Computer Science, University of Southampton.

Professor Angela Sasse
Head of Information Security Research, University College London and Member of Cabinet Office PCAG

Dr Judith Townend
Lecturer in Media and Information Law, University of Sussex

Dr Louise Bennett
Chairman, BCS Security Group and Member of Cabinet Office PCAG

StJohn Deakins
Chief Executive Officer, CitizenMe

Rory Broomfield
Director, The Freedom Association

Sarah Gold
Director and Founder, Projects by IF

Jim Killock
Director, Open Rights Group

Guy Herbert
General Secretary, NO2ID and Member of Cabinet Office PCAG

Dr George Danezis
Professor of Security and Privacy Engineering, University College London and Member of Cabinet Office PCAG

Jamie Grace
Senior Lecturer in Law, Sheffield Hallam University

Eric King
Visiting Professor, Queen Mary University

Josie Appleton
Director, Manifesto Club

Jen Persson
Co-ordinator, Defend Digital Me

Dr Chris Pounder
Director, Amberhawk and Member of Cabinet Office PCAG

Sam Smith
medConfidential and Member of Cabinet Office PCAG

Full Programme: Annual Workshop and Evening Lecture

Restricted and Redacted: Where now for human rights and digital information control?

The full programme for the Information Law and Policy Centre’s annual workshop and lecture on Wednesday 9th November 2016 is now available (see below).

For both events, attendance will be free of charge thanks to the support of the IALS and our sponsor, Bloomsbury’s Communications Law journal.

To register for the afternoon workshop please visit this Eventbrite page.
To register for the evening lecture please visit this Eventbrite Page.

Please note that for administrative purposes you will need to book separate tickets for the afternoon and evening events if you would like to come to both events.

PROGRAMME

10.45am: REGISTRATION AND COFFEE 

11.15am: Welcome

  • Judith Townend, University of Sussex
  • Paul Wragg, University of Leeds
  • Julian Harris, Institute of Advanced Legal Studies, University of London

11.30am-1pm: PANEL 1 – choice between A and B

Panel A: Social media, online privacy and shaming

Chair: Asma Vranaki, Queen Mary University of London

  1. David Mangan, City, University of London, Dissecting Social Media: Audience and Authorship
  2. Marion Oswald, Helen James, Emma Nottingham, University of Winchester, The not-so-secret life of five year olds: Legal and ethical issues relating to disclosure of information and the depiction of children on broadcast and social media
  3. Maria Run Bjarnadottir, Ministry of the Interior in Iceland, University of Sussex, Does the internet limit human rights protection? The case of revenge porn
  4. Tara Beattie, University of Durham, Censoring online sexuality – A non-heteronormative, feminist perspective

Panel B: Access to Information and protecting the public interest

Chair: Judith Townend, University of Sussex

  1. Ellen P. Goodman, Rutgers University, Obstacles to Using Freedom of Information Laws to Unpack Public/Private Deployments of Algorithmic Reasoning in the Public Sphere
  2. Felipe Romero-Moreno, University of Hertfordshire, ‘Notice and staydown’, the use of content identification and filtering technology posing a fundamental threat to human rights
  3. Vigjilenca Abazi, Maastricht University, Mapping Whistleblowing Protection in Europe: Information Flows in the Public Interest

1-2pm: LUNCH 

2-3.30pm: PANEL 2 – choice between A and B

Panel A: Data protection and surveillance

Chair: Nora Ni Loideain, University of Cambridge

  1. Jiahong Chen, University of Edinburgh, How the Best Laid Plans Go Awry: The (Unsolved) Issues of Applicable Law in the General Data Protection Regulation
  2. Jessica Cruzatti-Flavius, University of Massachusetts, The Human Hard Drive: Name Erasure and the Rebranding of Human Beings
  3. Wenlong Li, University of Edinburgh, Right to Data Portability (RDP)
  4. Ewan Sutherland, Wits University, Wire-tapping in the regulatory state – changing times, changing mores

Panel B: Technology, power and governance

Chair: Chris Marsden, University of Sussex

  1. Monica Horten, London School of Economics, How Internet structures create closure for freedom of expression – an exploration of human rights online in the context of structural power theory
  2. Perry Keller, King’s College, London, Bringing algorithmic governance to the smart city
  3. Marion Oswald, University of Winchester and Jamie Grace, Sheffield Hallam University, Intelligence, policing and the use of algorithmic analysis – initial conclusions from a survey of UK police forces using freedom of information requests as a research methodology
  4. Allison Holmes, Kent University, Private Actor or Public Authority? How the Status of Communications Service Providers affects Human Rights

3.30-5pm: PANEL 3 – choice between A and B

Panel A: Intermediary Liability

Chair: Christina Angelopoulos, University of Cambridge

  1. Judit Bayer, Miskolc University, Freedom and Diversity on the Internet: Liability of Intermediaries for Third Party Content
  2. Mélanie Dulong de Rosnay, Félix Tréguer, CNRS-Sorbonne Institute for Communication Sciences and Federica Giovanella, University of Trento, Intermediary Liability and Community Wireless Networks Design Shaping
  3. David Rolph, University of Sydney, Liability of Search Engines for Publication of Defamatory Matter: An Australian Perspective

Panel B: Privacy and anonymity online

Chair: Paul Wragg, University of Leeds

  1. Gavin Phillipson, University of Durham, Threesome injuncted: has the Supreme Court turned the tide against the media in online privacy cases?
  2. Fiona Brimblecombe, University of Durham, European Privacy Law
  3. James Griffin, University of Exeter and Annika Jones, University of Durham, The future of privacy in a world of 3D printing

5-6pm: TEA BREAK / STRETCH YOUR LEGS

6-8pm: EVENING LECTURE AND DRINKS

Lecture Title: Heads and shoulders, knees and toes (and eyes and ears and mouth and nose…): The impact of the General Data Protection Regulation on use of biometrics.

Biometrics are touted as one of the next big things in the connected world. Specific reference to biometrics and genetic data has been included for the first time in the General Data Protection Regulation. How does this affect existing provisions? Will the impact of the Regulation be to encourage or to restrict the development of biometric technology?

  • Speaker: Rosemary Jay, Senior Consultant Attorney at Hunton & Williams and author of Sweet & Maxwell’s Data Protection Law & Practice.
  • Chair: Professor Lorna Woods, University of Essex
  • Respondents: Professor Andrea Matwyshyn, Northeastern University and Mr James Michael, IALS