Category Archives: Government policy

ILPC launches new report: ‘Protecting Sources and Whistleblowers in a Digital Age’

front-page-snippet-download-the-reportThe emergence of an everyday digital culture and the increasing use of legal instruments by state actors to collect and access communications data has led to growing concern about the protection of journalistic sources and whistleblowers.

With the support of Guardian News and Media, the Information Law and Policy Centre has published a new report to consider these developments entitled ‘Protecting Sources and Whistleblowers in a Digital Age’. The report is open access and available for download.

Authored by Dr Judith Townend and Dr Richard Danbury, the report analyses how technological advances expose journalists and their sources to interference by state actors, corporate entities or individuals.

The report also looks at how journalists can reduce threats to whistleblowing; examines the rights and responsibilities of journalists, whistleblowers and lawmakers; and makes a number of positive recommendations for policymakers, journalists, NGOs and researchers.

The report’s findings are based on discussions with 25 investigative journalists, representatives from relevant NGOs and media organisations, media lawyers and specialist researchers in September 2016.

Protecting Sources and Whistleblowers in a Digital Age was officially launched on 22 February 2017 at the House of Lords.

Alongside the report, the Information Policy Law and Policy Centre has also published a range of open access resources on journalistic sources and whistleblowing which are available here.

Open letter in the Daily Telegraph: Concerns with ‘information sharing’ provisions in the Digital Economy Bill

Associate research fellow at the Information Law and Policy Centre and lecturer in media and information law at the University of Sussex, Dr Judith Townend, is among the signatories of this letter published on the letters page of the Telegraph on 25/11/2016 [subscription required].

SIR – We wish to highlight concerns with “information sharing” provisions in the Digital Economy Bill.

The Bill puts government ministers in control of citizens’ personal data, a significant change in the relationship between citizen and state. It means that personal data provided to one part of government can be shared with other parts of government and private‑sector companies without citizens’ knowledge or consent.

Government should be strengthening, not weakening, the protection of sensitive information, particularly given the almost daily reports of hacks and leaks of personal data. Legal and technical safeguards need to be embedded within the Bill to ensure citizens’ trust. There must be clear guidance for officials, and mechanisms by which they and the organisations with whom they share information can be held to account.

The Government’s intention is to improve the wellbeing of citizens, and to prevent fraud. This makes it especially important that sensitive personal details, such as income or disability, cannot be misappropriated or misused – finding their way into the hands of payday-loan companies, for example. Information sharing could exacerbate the difficulties faced by the most vulnerable in society.

The Government should be an exemplar in ensuring the security and protection of citizens’ personal data. If the necessary technical and legal safeguards cannot be embedded in the current Bill and codes of practice, we respectfully urge the Government to remove its personal data sharing proposals in their entirety.

Dr Jerry Fishenden
Co-Chairman, Cabinet Office Privacy and Consumer Advisory Group (PCAG)

Renate Samson
Chief Executive, Big Brother Watch

Ian Taylor
Director, Association of British Drivers

Jo Glanville
Director, English PEN

Jodie Ginsberg
Chief Executive Officer, Index on Censorship

Dr Edgar Whitley
Co-Chairman, Cabinet Office PCAG and London School of Economics and Political Science

David Evans
Director of Policy, BCS – The Chartered Institute for IT

Dr Gus Hosein
Executive Director, Privacy International and Member of Cabinet Office PCAG

Rachel Coldicutt
Chief Executive Officer, Doteveryone

Roger Darlington
Chairman, Consumer Forum for Communications

Dr Kieron O’Hara
Associate Professor Electronics and Computer Science, University of Southampton.

Professor Angela Sasse
Head of Information Security Research, University College London and Member of Cabinet Office PCAG

Dr Judith Townend
Lecturer in Media and Information Law, University of Sussex

Dr Louise Bennett
Chairman, BCS Security Group and Member of Cabinet Office PCAG

StJohn Deakins
Chief Executive Officer, CitizenMe

Rory Broomfield
Director, The Freedom Association

Sarah Gold
Director and Founder, Projects by IF

Jim Killock
Director, Open Rights Group

Guy Herbert
General Secretary, NO2ID and Member of Cabinet Office PCAG

Dr George Danezis
Professor of Security and Privacy Engineering, University College London and Member of Cabinet Office PCAG

Jamie Grace
Senior Lecturer in Law, Sheffield Hallam University

Eric King
Visiting Professor, Queen Mary University

Josie Appleton
Director, Manifesto Club

Jen Persson
Co-ordinator, Defend Digital Me

Dr Chris Pounder
Director, Amberhawk and Member of Cabinet Office PCAG

Sam Smith
medConfidential and Member of Cabinet Office PCAG

Whistleblowers and journalists in the digital age

Snowden

Dr Aljosha Karim Schapals, research assistant at the Information Law and Policy Centre, reports on a research workshop hosted by the University of Cardiff on Digital Citizenship and the ‘Surveillance Society’.

A workshop led by researchers at the Cardiff School of Journalism, Media and Cultural Studies (JOMEC) on 27th June in London shared the findings of an 18 month ESRC funded research project examining the relationships between the state, the media and citizens in the wake of the Snowden revelations of 2013.

It was the concluding event of a number of conferences, seminars and workshops organised by the five principal researchers: Dr Arne Hintz (Cardiff), Dr Lina Dencik (Cardiff), Prof Karin Wahl-Jorgensen (Cardiff), Prof Ian Brown (Oxford) and Dr Michael Rogers (TU Delft).

Broadly speaking, the Digital Citizenship and the ‘Surveillance Society’ (DCSS) project has investigated the nature, opportunities and challenges of digital citizenship in light of US and UK governmental surveillance as revealed by whistleblower Edward Snowden.

Touching on more general themes such as freedom of expression, data privacy and civic transparency, the project aligns with the research activities of the Information Law and Policy Centre, which include developing work on journalism and whistleblower protection, and discussions and analysis of the Investigatory Powers Bill. Continue reading

What is the impact of Brexit on data protection and the GDPR?

A consensus already appears to be emerging among legal commentators that many UK organisations will need to comply with the provisions of the European Union’s General Data Protection Regulation regardless of the progress of the UK’s path to Brexit.

The GDPR was due to be adopted by the UK in May 2018 after a long process of EU legislative reform. As soon as the UK officially leaves the EU, in theory it is possible that the GDPR could be ignored – data protection is already written into UK law in the Data Protection Act 1998. In practice, however, if the UK continued to be part of the European Economic Area then the UK would have to abide by GDPR.

Moreover, as Andrew Cormack points out, any organisation outside the EU that wishes to process the data of “data subjects who are in the Union” will also have to abide by GDPR (Article 3(2)). This would be relevant to a number of UK organisations who need to process the data of EU clients, customers, students etc.

Further, any EU organisation sending personal data to the UK as a non-member state would no longer be able to guarantee that there was “adequate protection” of data in the UK, unless the UK sought to obtain a declaration to the contrary.

The position of the UK vis-à-vis GDPR was summarised by the ICO in a statement published in response to the referendum result:

“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

It is likely, therefore, that elements of the GDPR will be incorporated into UK law however Brexit progresses. Both Anya Proops QC and Eduardo Ustaran argue that any UK business which provides services into the EU will need to understand and comply with GDPR.

Exploring the potential impact of Brexit from the EU on the UK’s Communication Industries

The Information Law and Policy Centre is contributing to an Exeter University project which considers the impact of a possible Brexit from the EU on the UK’s communication industries. The Centre has assisted two stakeholder workshops with the project team, led by Professor Alison Harcourt.

On 21 June, a data protection symposium will communicate two policy briefings on EU data protection legislation to stakeholders in the field. It will also create a forum for scenario building exercises to gauge how stakeholders will react to policy-making alternatives.

You can read Alison Harcourt’s briefing paper on ‘Cross-border data transfer‘ which will form the basis of the symposium discussion on the project’s website.

Last month, a similar symposium considered the theme of cross-border broadcasting. The event focused on scenario building exercises, with John Howell leading SWOT analyses of the key factors affecting the cross-border broadcasting sector.

Catherine Barnard (Professor of European Union Law at the University of Cambridge) also gave a presentation to stakeholders about the implications of invoking Article 50 in the scenario of the UK voting to leave the EU.

You can read Alison Harcourt’s three policy briefings about Cross border television, the UK’s role in EU policy-making, and How Brexit might affect EU AVMS policy-making. You can also read a report of the Workshop Findings.

The project is part of the UK in a Changing Europe initiative.

Lorna Woods: An overview of the Investigatory Powers Bill report by the Joint Committee on Human Rights

In this post, Professor Lorna Woods, University of Essex and Senior Associate Research Fellow at the Institute of Advanced Legal Studies, considers a report by the Joint Committee on Human Rights on the Investigatory Powers Bill.

The Joint Committee has reported on the IPB. In doing so, it has made clear that this is an expedited report to aid the bill’s hasty progress through Parliament. The Joint Committee does not suggest that its review covers all the issues, nor that it might not come back to issues. The Joint Committee discussed issues arising under seven headings: bulk powers; thematic warrants; modifications; MPs and the Wilson Doctrine; legal professional privilege (LPP); journalists’ sources; and oversightContinue reading

News: CMS committee approves Elizabeth Denham’s appointment as Information Commissioner

s300_denham_headOn Wednesday 27 April the government’s preferred candidate for the new Information Commissioner appeared in front of the Culture, Media and Sport select committee, whose remit now extends to this post. Video here.

The CMS committee has now published its report, announcing:

On the basis of the evidence presented, we approve Elizabeth Denham’s appointment as Information Commissioner. We wish Elizabeth Denham well in her new post and look forward to working with her in the future.

Elizabeth Denham will replace outgoing Information Commissioner Christopher Graham who has served since 2009 (a five year term extended by two years – he cannot be re-appointed under the Protection of Freedoms Act 2012). A further statement from the committee is available here, which includes a statement from committee chair Jesse Norman MP:

“The Committee noted with interest Ms Denham’s views on a range of topics, including the possible retention of emails as official records, the extension of FOI and directors’ liability for data breaches, in particular.

We also noted Ms Denham’s track record on data protection with Government in British Columbia, and her proactive approach to protection of privacy with major international technology companies.”

The committee reports:

[12] Elizabeth Denham has held senior leadership positions in the field of information rights in Canada over the last 12 years. Since 2010 she has been the Commissioner at the Office of the Information and Privacy Commissioner for British Columbia, Canada, where she is responsible for enforcing the Canadian Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Information Protection Act (PIPA), and the Lobbyists Registration Act (LRA). Previously (2007–10) she was the Assistant Privacy Commissioner of Canada in Ottawa; having been a Director at the Office of the Information and Privacy Commissioner of Alberta (2003–7) …

[13] Ms Denham gave oral evidence to us on 27 April. We questioned her on the following topics:

  • A comparison of the British and Canadian FoI and data protection regimes
  • Her understanding of the EU Framework underpinning UK data protection law
  • Whether and how the powers of the UK ICO might be extended in relation to FoI
  • The application of FoI to all forms of communication, including social media, whenever any government information was under consideration
  • Whether FoI should apply to non-Government entities delivering public services
  • The application of the commercial confidentiality exemption from FoI to government contracts
  • Issues of victims’ access to information highlighted by the Hillsborough inquiry
  • The responsibility that company directors should have for cyber security
  • Tackling nuisance calls
  • The implications of amending the Regulation of Investigatory Powers Act to extend data retention
  • Press Regulation: Lessons to be learned from Operation Motorman and the Leveson inquiry
  • The ICO’s relations with Parliament
  • The management challenge of moving from a relatively small state system to a national regulator
  • Funding of the ICO
  • The challenge of relocating to the UK

Cultural cold wars: The risk of anti-‘extremism’ policy for academic freedom of expression

Universities risk ignoring laws about protecting freedom of speech in their attempt to protect students against being radicalised, argue Professor Alison Scott-Baumann and Hugh Tomlinson QC. This post first appeared on Research Professional.

Universities are under increasing pressure from government to prevent students coming into contact with “extreme” ideas. The view is that students exposed to any kind of views designated “extreme” could be drawn into terrorism. But the risk to freedom of speech and academic freedom is obvious. Society needs to avoid a climate in which ideas are seen as dangerous, deviant and extremist if they differ from views that are believed to be held by the majority. Many university administrators now appear to believe that in order to prevent terrorism, the law requires them to curtail the freedom of academic debate. This approach is not only wrong in principle and in practice but also illegal.

The Counter Terrorism and Security Act 2015 places certain duties on higher education authorities but, contrary to what is often assumed, it does not place a statutory duty on universities to monitor or record information or to ban certain kinds of lawful speech. It merely imposes a duty to “have due regard” to the need to prevent people from being drawn into terrorism. The act gives the business secretary the power to issue guidance about how the duty should be exercised. Universities must “have regard” to such guidance. But it nevertheless remains just that―guidance.

And the official guidance intended to clarify the 2015 act is unclear and potentially misleading. Broad definitions of extremism seem to be linked to equally imprecise definitions of “terrorism”, “non-violent extremism”, “radicalisation” and “fundamental British values”. These definitions could be understood to mean that people who are, for example, critical of British foreign policy, are at risk of radicalisation and to suggest that academics and students accustomed to expressing personal views at university would need to be warned of the risks of discussing certain issues. But this is not correct, and universities should not let the imprecise and unclear language of the guidance draw them into placing unlawful restrictions on academic freedom and freedom of speech.

It is crucial to understand that in addition to imposing the Prevent duty to “have due regard” to the need to prevent people from being drawn into terrorism, the 2015 act also emphasizes freedom of academic expression. A university is also under a duty to “have due regard” to the duty to ensure freedom of speech.

The “duty to ensure freedom of speech” is found in the Education Act 1986 and is expressed in the widest terms. The 1986 act confers on universities not just a duty to “have regard” to freedom of speech but a much stronger duty to “take such steps as are reasonably practicable to ensure that freedom of speech within the law is secured for members, students and employees… and visiting speakers”. Universities must ensure, insofar as is reasonably practicable, that no individual is denied use of their premises on any ground connected with “the beliefs or views of that individual”. The only basis on which the duty to ensure freedom of expression can be overridden is if what a visiting speaker is likely to say is not “within the law” or it is not “reasonably practicable” to allow use of university premises (because, for example, no room is available or there is likely to be disorder at the public meeting).

In other words, a university cannot, lawfully, ban a speaker just because he or she says something opposed to “fundamental British values”. Those defined as “extremists” in the guidance have to be given a platform unless they are advocating violence or some other illegal conduct.

And there is more. Universities are public authorities and, as such, it is illegal under the Human Rights Act 1998 for them to act in a way that is incompatible with the European Convention on Human Rights. This includes a right to freedom of expression that can only be restricted if the restriction is legal, for a proper purpose and if the restriction is necessary and proportionate to achieve that purpose. Restrictions on visiting speakers or on the expression of ideas by students or staff are only legal if they comply with these rules. The fact that a speaker may say something provocative or offensive does not mean that his or her rights can lawfully be interfered with. Provided that what is said does not incite, threaten or provoke violence or is otherwise contrary to the criminal law, it would be illegal for a university to prohibit or restrict it.

It is important to remember that the provisions of the Counter Terrorism and Security Act 2015 do not place any strict or absolute duties on universities. They require a university to do three things: to take reasonably practicable steps to secure freedom of speech for students, staff and visiting speakers; to take into account the need to prevent people from being drawn into terrorism; and to take into account the guidance issued by the business secretary. A university would need to consider how far people risk being drawn into terrorism or being upset about any issues (including gender and politics and international relations) by the views likely to be expressed. But if the speaker is going to stay within the law then the event must be allowed to proceed, even if there is no opposing speaker. Any restrictions or prohibitions on speech that does not break the criminal law are likely to be illegal.

The message is clear. Universities need carefully to monitor events, considering each one individually, and they must keep proper records. They should record the fact that they have considered the risks and explain why they have decided that a particular event should proceed. But they would be in breach of their duty to ensure freedom of speech and of duties under the 2015 act if they adopted rigid rules and applied them to every situation without specific consideration of individual circumstances. And they would be acting illegally if they refused a platform to speakers whose actions were unlikely to break the law.

In short, the guidance cannot set down any hard and fast rules. Other factors to be taken into account are existing “duty of care” criteria and the criminal law. Both are already well understood and implemented by universities and should be sufficient to safeguard university staff and students. Every university has a well-developed duty of care policy.

University life is being depicted as fraught with danger―potential and actual―because of a perceived terrorist threat and also the implication that many ideas are dangerous, deviant and extremist. There is a risk that this depiction will eventually have a real and detrimental effect on university culture. These phenomena form part of a new cultural cold war in which universities are at risk of mirroring the deviance that they are tasked with monitoring. It is urgent to consider what can be done in the interests of freedom of speech and academic freedom, before universities are told that thought itself is too radical.

Alison Scott-Baumann is professor of society and belief in the Centre of Islamic Studies at SOAS, University of London. Hugh Tomlinson QC is a practising barrister at Matrix Chambers who specialises in human rights and freedom of expression.

This post first appeared on Research Professional and is re-published with the kind permission of the authors. Resources from the School of Advanced Study’s ‘Prevent in Practice’ conference in October 2015 can be found at this link.

Please note: This site provides general information only and does not contain legal advice. It is not responsible for the content of third party sites. Posts reflect the views of individual authors.

New report: The impact of charity and tax law/regulation on not-for-profit news organizations

A new report on the impact of charity and and tax law/regulation on not-for-profit news organisations has been published by the Reuters Institute for the Study of Journalism at the University of Oxford, and the Information Society Project at Yale University.

It compares the regulatory systems of Australia, Canada, Ireland, the UK and the US and documents the challenges for not-for-profit organizations involved in the production of news and journalism.

The UK (England and Wales) chapter was written by the director of the IALS Information Law and Policy Centre, Dr Judith Townend, partly based on her previous work for the University of Westminster’s AHRC funded project on media power and plurality.

The report can be downloaded in PDF format at this link.

About the report

The advent of digital media means that many news organisations are re-thinking their business models, and facing new challenges.

But one sector which has seen growth, is the not-for-profit start up industry. In a new report, published jointly by the Reuters Institute and the Information Society Project at Yale University, Robert G. Picard, the RISJ’s North America Representative and colleagues examine the legal framework in which these operate in.

Picard, along with Valerie Belair-Gagnon and Sofia Ranchordás (both Yale University), studies the challenges thrown up by legal systems which don’t include journalistic activities within the concept of ‘charitable status’.

“Legal and regulatory definitions of charitable purposes hinder news organisations from achieving charitable and tax exempt status and receiving the associated benefits in Australia, Canada, Ireland, the United Kingdom, and the United States,” says Picard.

Drawing on the regulatory systems of Australia, Canada, Ireland, the UK and the US, the report sets out to gain a clearer understanding of the legal frameworks for charitable and tax exempt status for news organisations and the distinct challenges that may hinder their development.

See more at this link.

Update on Information Law and Policy Centre’s contribution to Investigatory Powers debate

As previously reported on this blog, our Information Law and Policy Centre (ILPC) at IALS has facilitated an ad hoc research group of academics and practitioners to contribute to the ongoing policy debate on surveillance following publication of the government’s Draft Investigatory Powers Bill. Members of this group published a clause-by-clause review examining their provenance – that is, whether the clauses come from existing legislation, or are newly introduced.

Lorna Woods, IALS senior associate research fellow and professor in law at the University of Essex, then submitted a revised version in her evidence to the joint select committee scrutinising the Bill. The committee used her evidence in its report published in February, for a table describing each investigatory capability in the draft bill (pp.32-37).

Separately, members of the Information Law and Policy Centre’s advisory board including Professor Lilian Edwards, Strathclyde University and Dr Lawrence McNamara, Bingham Centre for the Rule of Law, have signed an open letter published in the Telegraph calling on the government to give the Investigatory Powers Bill, which was introduced to the House of Commons on 1st March, the time it needs and not rush it through Parliament.

Members of the Centre have also participated in related events: Information Law and Policy Centre director Dr Judith Townend spoke at a symposium on the Bill at the University of Cambridge on 5 February 2016, and on 8th March, acted as discussant in an event on surveillance and human rights at Senate House, as part of a Seminar Series organised by the Institute of Commonwealth Studies and the Human Rights Consortium.  Other speakers included Kirsty Brimelow QC and Silkie Carlo, policy officer in technology and surveillance at Liberty.