Money, law and courage: the varied roles of the UK Information Commissioner

Information Commissioners' Office

This post is re-posted from the ICO’s website with kind permission. Original web entry available here

Original script may differ from delivered version

Elizabeth Denham delivered the CRISP (Centre for Research into Information, Surveillance and Privacy) annual lecture 2018 at the University of Edinburgh on 14 March.

She spoke about the many roles she must play as UK Information Commissioner and set out the challenges and opportunities ahead.

Introduction

Many thanks for the invitation to speak today. I have a connection with CRISP and William Webster, Kirstie Ball and Charles Raab that predates my time in the UK – British Columbia OIPC is a partner in Big Data Surveillance Project with David Lyon and others in Canada. I have long been aware of the importance of the CRISP doctoral training school.

One of the wonderful aspects of privacy and data protection is the extremely rich and interdisciplinary scholarly research community.

Data Protection raises questions of law, politics, sociology, computer science, communications studies, business and management, psychology, urban studies, geography, and so many other areas of scholarship.

For all the regulatory and legal challenges, privacy and data protection continue to raise fascinating intellectual issues.

CRISP is a wonderful model of interdisciplinary research and training for young researchers.

I am very glad to have received the support of the broad and vibrant academic community involved in research on privacy and surveillance since taking up this job.

I am also proud to have launched a new program to fund independent research and help consolidate the network of privacy researchers in the UK.

I am hopeful that this will continue for many years.

Money, law, courage

The title, Money, Law and Courage – signifies, of course, that the contemporary data protection authority (DPA), of which the ICO is the largest in the world in terms of personnel and budget, cannot do its work without a clear legislative framework, the necessary technical and financial resources and the courage to do our jobs well. My office is responsible for the effective enforcement of no fewer than eleven statutes and regulations.

They say: “Money makes the world go around . . .”

Well, we have a budget of £24 million pounds, following the introduction of the new funding model this will be £34m in 2018/19. We’ve been busy over the last year recruiting more staff and currently have a headcount of around 500.

We expect staffing numbers to continue to increase, passing 600 by 2019 increasing to an approximate FTE of 650 during 19/20.

We will be assessing demand as the GDPR goes live and beyond, adjusting our plans accordingly. To give you a sense of we are fixed now, we’ve got around 200 case-workers working on issues raised by the public, a 60-strong enforcement department taking forward our investigations and a similar number charged with developing our information rights policies and engaging with the stakeholders and organisations that need to implement them.

Coming from an office of under 40 in British Columbia, the scale of the management tasks is obviously far more complex and challenging.

Expectations

I had – I have – Great Expectations for this job.

But there’s one aspect of the job that I did not expect, and it stems from the very governance structure of the ICO.

My job combines the role of Commissioner, which has a variety of regulatory and quasi-judicial functions, with that of a CEO. It is based on the “Corporation Sole” Model.

That’s highly unusual for a large regulatory body like the ICO.

The implications of this model are that I perform a wide range of management functions in my capacity as the ICO’s CEO.

I would say that as well as my regulatory role, I must also work alongside my excellent staff on administrative duties involving organisation, finance, human resources, and negotiations with the unions.

Much activity of late has been about recruitment and retention issues. I am pleased to report that the Treasury has given me pay flexibility to address the gap in wages when compared to the external market.

Everyone is looking for data protection expertise.

I am also looking at new ways to bring in talent – through secondments from the private and government sectors, and through technology fellowships for post-doctoral experts. 

Toolbox

It’s not just about the money, it’s also about the resources. And I have many tools in the toolbox. 20 years ago, the toolbox was not global.

Now there is a common recognition that all DPAs need to make creative use of all the tools in the toolbox.

And as in a toolbox, each tool (the hammer, the drill, the screwdriver, the chisel) is suited to a different purpose.

But most of these tools can be used separately, and not in conjunction with another. Throw away the screwdriver or the drill, and the hammer still remains and is still capable of driving in the nail.

At the same time, it cannot drill the hole, or screw in the screw – assuming, of course, that the user can tell the difference.

For the person with the hammer, everything can tend to look like a nail, right?

The tools in the privacy toolbox, however, are designed to be used in conjunction with one another. They do form an integrated package, all of which are now necessary and none sufficient on their own.

Of course the tools are all for nothing if the Commissioner and her team don’t have a good plan for what we are building and why.

The Law

So now to the law. This global repertoire of instruments is reflected in the General Data Protection Regulation (GDPR), that will apply in the UK from May: privacy by default and design; codes of practice; privacy seals; Data Protection Impact Assessments (DPIA); data protection officers; accountability mechanisms for good privacy management.

The Europeans have made vigorous efforts to learn from abroad and to embrace policy instruments that were pioneered in other countries, such as Canada, and to incorporate them into the GDPR.

Positive results in data protection are not just attributable to decisions from the top.

They are “co-produced” by a widespread network of actors (regulators, businesses, consumer organisations, media, researchers, and individuals).

I see the ICO as the facilitator of this network, a convener as much as the regulator.

My varied roles

Over ten years ago, Charles Raab and Colin Bennett published The Governance of Privacy: Policy Instruments in Global Perspective1.

In that book, they defined the contemporary roles of the DPA as: ombudspersons, auditors, consultants, educators, policy advisers, negotiators, enforcers, and international ambassadors.

Different authorities played these roles in different ways and with shifting emphasis over time. I, and my staff, also play these roles.

Data Protection “Ombudsman”

Any DPA has to be attentive to its main clients – the citizenry who may have concerns and questions about how their personal data is captured and processed.

We all play the classic role of the “ombudsperson.”

Demand for this role is high and increasing. In 2016-17, the ICO received and dealt with over 18000 data protection complaints, 90% of which were resolved within three months of receipt.

This year we will be over the 21,000 mark and next year we expect over 24,000 complaints as people become more aware of their rights.

Prominent concerns include complaints about timely and comprehensive access to personal information, about the use of CCTV, and take-down requests from search engines. We are dealing with a wide range of complaints, most relate to general business, including the financial and insurance sectors, but they also cover the important relationship and services between the state and the citizen, including local and central government, health, policing and education.

Auditor

The auditing role is central, and will become more so under GDPR. That embraces more proactive assessments of organisational accountability and expands our work to the private sector in a way not seen before. But we now also have a more nuanced understanding of what a data protection audit actually entails, and make important distinctions between full-blown audits, risk reviews and advisory audits.

In 2017-18, we delivered 24 full audits providing advice and recommendations, 37 information risk reviews, 18 follow-up audits, and 47 advisory audits to SMEs.

Consultant

We are also consultants and often give advice to organisations that come to us with requests to comment on new products and services.

We are happy to hear of new developments and to give advice about whether new systems are compliant with the law, and about how to minimize risks to privacy. This role too will increase under the GDPR – organisations will be increasingly pressured to get the advice of regulators before systems are developed and services are launched.

They will be expected to implement privacy by design, and by default, and will need advice about how to accomplish those goals.

In this regard, my office is establishing a regulatory “sandbox” that provides beta testing of new initiatives in private and public sectors.

This strategy allows us to keep up with new technological developments, and at the same time ensure that appropriate protections and safeguards are built-in.

This is what the law requires.

The strategy is based on the strong belief that privacy and innovation are not mutually exclusive. New technology is both a risk and an opportunity. The strategy also allows us to boost the technical expertise of our staff.

Educator

I spend a lot of my time in education – both of the general public and of organisations. We have launched a guide to the GDPR, which has had over 3 million hits since publication.

I have given several dozen speeches to organisations over the last two years, and use those as an opportunity to spread the word to key audiences. We are also active in social media, and broadcast podcasts on significant questions. I also write blogs on key issues – including a series of GDPR myth busting blogs.

In April, we will launch a public education campaign, Your Data Matters, to educate the public on their new rights under the law.

The campaign is the ICO’s but we are collaborating with private sector and civil society partners to assist us in disseminating information about the use of personal data in everyday life, complete with real-life scenarios and story-telling content. The aim is to increase the public’s trust and confidence in how organisations use their data. And that’s my priority.

Policy Adviser 

With the GDPR, and Brexit, I have spent a lot of time with parliamentary committees, ministerial staff in giving policy advice about legislative and regulatory change. I spend around 2-3 days a week in London since I took up the position because of heavy parliamentary and Whitehall business. We have opened a London office and formed a parliamentary team.

Negotiator

My staff and I need strong negotiation skills staking out principled positions, but being prepared to compromise. We negotiate with government agencies, and with corporations. We negotiate, for instance, over codes of practice, such as the one currently being developed on direct marketing.. The role of negotiator is critical in an area of law where there are often no clear black and white answers, and few “bright-line” rules.

We are also involved in negotiation with other regulators and oversight agencies. There are many other players in this space – from the NCSC in matters of cyber security, the Surveillance Camera Commissioner to the Childrens’ Commissioners. In fact I met with Bruce Adamson the Children and Young People’s Commissioner Scotland just this morning.

We work hard to develop a framework that allows us to work in a co-ordinated manner in the best interest of UK citizens.

I played all those roles in Canada (in Ottawa and in British Columbia). But they are now played out on a bigger stage, and with far greater implications.

There are two roles I’ve yet to speak about – the enforcer and the international ambassador.

These are far more prominent in my role as UK Information Commissioner than they ever were in Canada. And these are the ones that I would like to discuss in greater detail in the rest of this talk.

Enforcement

My office possesses a greater range of enforcement and sanctioning powers than those in Canada.

As an illustration, companies could find themselves subject to severe penalties for not complying with the GDPR, which states the maximum amounts that companies could be liable to as £17m, or 4% of the organisation’s total annual worldwide turnover in the preceding year, whichever is higher.

We also have powers to suspend or amend processing or transfers.

The enforcement notice can be more intrusive than the fine. These are significant fining and directing powers, and they have to be to be used predictably, consistently and judiciously.

To that end, my office is developing a Regulatory Action Policy to provide greater clarity and focus to our roles.

So, when I look at the contemporary inventory of regulatory tools at my disposal, it is now a long list that operates on a sliding continuum, or hierarchy of regulatory action.

That’s quite a list, right?

We aspire to select the most appropriate regulatory instrument based on a risk assessment of the nature and seriousness of the breach, the sensitivity of the data, the number of individuals affected, the novelty and endurance of the concerns, the larger public interest, and whether other regulatory authorities are already taking action in respect of the matter.

We also reserve the right to take into account the attitude and conduct of the organisation, whether relevant advice has been heeded, and whether accountability measures have been taken to mitigate risk.

Now might be a good time to tell you about our ongoing investigation into the use of personal data by political parties and campaigns. The use of data analytics for political purposes has not been examined by any other DPA.

It is a complex investigation involving over 30 organisations including political parties, data analytics companies, and social media platforms.

We hope to shed light on the mysteries and complexities of the data driven campaign and election. And we hope that our work will be an important contribution to the wider legal and ethical discussions about the use of personal data to mobilize voters.

International

All privacy and data protection commissioners are increasingly international ambassadors for their domestic data protection regimes and approaches.

We advance the interests of our citizens, and also to some extent our businesses, in a variety of regional and international forums.

As UK Information Commissioner, I am now of course on a far more visible international stage then I ever was in Canada.

To help navigate these uncertain international waters, my office has published an international strategy that recognizes the importance of agility in an ever changing world.

As you know, the GDPR will apply in the UK as of May 25th 2018. We have been giving guidance to British businesses on how to comply with the GDPR, on issues such as automated decision-making, profiling, personal data breach notification, and the processing of data on children.

We have also tried to explode some of the unfortunate myths concerning compliance.

As we have a more longstanding experience with some of the instruments in the GDPR, we hope that our practical guidance can have an influence beyond the UK.

At the same time, we have been trying to influence the new Data Protection Bill, which had its Second Reading debate in the Commons last week, and which aims to align UK law with the GDPR.

Overall, I am encouraged that the interests of the government, UK industry and civil society are broadly aligned around the need to apply the provisions of the GDPR within the UK with minimum divergence. The government has prioritised the issue of data protection and data flows in the Brexit negotiations because data underpins the digital economy, trade and criminal justice.

I am striving for what I have called a “holy trinity of outcomes”: uninterrupted data flows to Europe and the rest of the world; high standards of data protection for UK citizens and consumers, wherever their data resides; and legal certainty for business.

Brexit

We intend to play a full role in EU institutions until the UK leaves the EU, we are preparing for the post-Brexit environment in order to ensure that the information rights of UK citizens are not adversely affected.

But several questions remain, and which will be inescapably determined by the final contours of the relationship between the UK and the European trading bloc. There is agreement that there will be a transition period – necessary to untangle a 40-year regulatory regime. During the transition period, to avoid a cliff edge harmful for business and citizens, the intent is that the regulatory regimes – from data protection to aviation, food standards and the environment will be maintained.

When it comes to the arrangements post-Brexit for international transfers, achieving a bespoke agreement on data flows in the commercial and security sectors, or an adequacy finding from the European Commission may be the most elegant ways of ensuring the continued frictionless flow of data between the EU and the UK.

And there is no doubt that having domestic laws that achieve a high standard of data protection, harmonized with those of the EU, will be a significant advantage in a special arrangement.

Should the UK leave the EU without a data deal in place, EU organisations will need to have binding contractual arrangements in place every time they wish to share new information and data with their UK partners.

Even with the GDPR translated into UK law, interpretation of the law is the responsibility of the ICO, and the UK courts.

Our interpretation might be influenced by decisions made through consistency mechanisms within the GDPR and the European Data Protection Board, but there is no guarantee – leading to possible divergences of interpretation and confusion for companies that do business in the UK and the EU.

Perhaps the most significant “unknown” from my point of view is the exact nature of relationship with our DPA colleagues across Europe.

Is the ICO going to have a seat on the European Data Protection Board with voting rights or will we be an observer without voting rights; or not even allowed to have a seat around the table? Is the UK going to be a partner, helping to set policy, or will we have the status of a third country – like Canada or Japan?

And then there is the “onward transfer” problem of how to protect the data of EU citizens exported from UK organisations to other areas of the world, and which will be a critical issue in the determination of adequacy. Will the UK have a mirror agreement, similar to that enjoyed currently by Switzerland? Or will UK businesses have to default to various accountability mechanisms, such as binding corporate rules.

And what, then, of data flows from the UK to the United States? Will there be a separate UK-US Privacy Shield arrangement?

There is uncertainty over the legal arrangements in the transition period and the repercussions of this unprecedented process, but the one certainty is that the European Union will continue to advance the highest standards of protection for the personal data of people in the EU, and the UK shares and has committed to maintain these high standards.

I expect that when it comes to rights such as the right to privacy and data protection, the EU and the UK will continue to pursue common strategies; and I expect to maintain substantial dialogue and work with my EU colleagues. The ICO is the largest DPA in Europe and contributes heavily to the work of the Article 29 Working party. Its influence should, and will, continue to be felt post-Brexit.

Courage

But none of those resources, legal tools and relationships are sufficient, unless the Commissioner has the courage of leadership and inspires teamwork to advance the rights of UK citizens in the face of some strong global, technological and organisational pressures. But courage is not just manifested in enforcement – in using the legal powers of the office to punish and sanction.

It is also a matter of hard work, commitment, perseverance and a skill in knowing what instrument to use, at what time.

Any data protection or privacy Commissioner has to be pragmatic, and be aware of the various policy tools and instruments at his or her disposal. At a superficial level, the job does involve knowing when to use the ‘carrot’ or ‘the stick’. But those choices are now more complex.

So that simple distinction may be misleading – there are now many types of ‘carrot’ and many types of ‘stick’.

At the end of the day, all privacy and data protection commissioners are looking for an ounce of prevention.

That has been generally argued by observers of the work of privacy commissioners, going back to David Flaherty’s 1989 pioneering book, Protecting Privacy in Surveillance Societies2.

Offices like mine, like the ICO are more effective when they can act proactively, and can give general policy guidance to minimize the needs for complaints, and for enforcement actions.

Prevention is better than cure.

But this is a goal that is not easy to realise, when the office is continually expected to respond to the unexpected: the data breach, the high-profile media story, the sudden policy initiative from government, the significant court decision and so on.

We do try to operate an intelligence function that gathers data on the implementation of data protection, surveys companies and monitors practices.

We have a new team that focuses on priority files, and these cases, investigations or audits are run by cross office groups directed by the senior leadership team. We are then able to understand any general patterns and take proactive measures accordingly.

We also work with civil society and consumer groups – and take their complaints about systemic issues.

GDPR will give us more tools for education, for encouraging accountability, for building in privacy by design and by default. Of course, it is essential to keep the legal sanctions in the background, be ready to use them, and make organisations aware that we are ready to use them.

That general conclusion about the importance of the proactive and general policy work, over the more reactive enforcement work, was also true of my work in Canada and BC.

It is just that I now have more money, more staff, more laws, more tools in my toolbox, a larger audience, a brighter media spotlight and a more extensive range of organisations to regulate.

So, I have the resources to do the job and the law to back me up.

I’ll let you be the judge as to whether I and my team have the courage!

References

C.J Bennett and C.D Raab, The Governance of Privacy: Policy Instruments in Global Perspective (Cambridge MA: MIT Press, 2006).

D.H Flaherty, Protecting Privacy in Surveillance Societies: The Federal Republic of Germany, Sweden, France, Canada and the United States (Chapel Hill: University of North Carolina Press, 1989).

Event: Joining The Circle: capturing the zeitgeist of ‘Big Tech’ companies, social media speech and privacy

Privacy, Social Media

Event: Joining The Circle: capturing the zeitgeist of ‘Big Tech’ companies, social media speech and privacy

Professor Robin Barnes (Global Institute of Freedom and Awareness) and Peter Coe (Aston University) have organised a panel session at the Inner Temple, London, on Wednesday 23 May 2018. The session is entitled: ‘Joining The Circle: capturing the zeitgeist of ‘Big Tech’ companies, social media speech and privacy’.

It is based on Dave Egger’s book, The Circle, which tells the story of an all-powerful new media company that seeks to totally monopolize its market place and remake the world in its image. Although fictional, the book captures the zeitgeist surrounding ‘Big Tech’ companies exerting ever-increasing influence over our lives by altering our perceptions and expectations of the media (including citizen journalists), free speech and privacy, and how our personal information is used and protected.

The panel consists of seven experts from academia and practice who are currently engaging with these issues, including: Peter Coe, Professor Barnes; Dr Paul WraggRebecca Moosavian (both University of Leeds), Dr Paul Bernal (University of East Anglia), Dr Laura Scaife (BBC) and Jacob Rowbottom (University of Oxford). Professor Ian Cram (University of Leeds) will open the conference. These experts will present and discuss their thoughts on these issues, and their potential implications, both now and in the future.

This event will be of interest to practising and academic lawyers with expertise in Media Law generally (including free speech, privacy and data protection), journalists and other media professionals, and those engaged in research and teaching relating to journalism and the wider media.

The event is free to attend, and includes lunch and refreshments. Registration will begin at 9.00am and the panel will finish at around 4.00pm. Following the close of the panel session there will be an opportunity to network with the panel members and other delegates.

Delegate places are limited. Therefore, places are available on a first come first served basis. If you would like to attend, please email Peter Coe as soon as possible: p.coe@aston.ac.uk.

 

New approach to media cases at the Royal Courts of Justice is a welcome development

News media, Uncategorized

Guest post by Dr Judith Townend.

This is an edited version of an article which first appeared in Communications Law journal, volume 23, issue 1 (Bloomsbury Professional) and PA Media Lawyer.

In 2012 Mr Justice Tugendhat, ahead of his retirement in 2014, made a plea for more media specialist barristers and solicitors to consider a judicial role: “As the recruiting posters put it: Your country needs you.”

#
He emphasised the particular burden of freedom of expression cases, which require judges, for example, to consider the rights of third parties, “even if those third parties choose not to attend court” and to provide reasons for the granting of injunctions at very short notice.

Without expert knowledge of the applicable law, this is no easy task. Fortunately, media law cases have not fallen apart with the respective retirements of Sir Michael Tugendhat and Sir David Eady, and recent specialists to join the High Court include Mr Justice Warby in 2014, and Mr Justice Nicklin in 2017 – both formerly of 5RB chambers.

The arrival of Mr Justice Warby, who was given the newly created role of Judge in charge of the Media and Communications List, has provided a welcome opportunity to propose changes to the procedure of media litigation in the Queen’s Bench Division, where the majority of English defamation and privacy claims are heard.

Since taking on responsibility for the cases involving one or more of the main media torts – including defamation, misuse of private information and breach of duty under the Data Protection 1998 – Mr Justice Warby has spoken about his hopes and plans for the list, and also conducted a consultation among those who litigate in the area, as well as other interested parties.

The consultation considered the adequacy of Civil Procedure Rules and Practice Directions; the adequacy of the regime for monitoring statistics on privacy injunctions; and support for the creation of a new committee.

As a socio-legal researcher rather than legal practitioner, my interest was piqued by the latter two questions.

For some time, I have been concerned that efforts by the Judiciary and the Ministry of Justice to collect and publish anonymised privacy injunction data have been insufficient, and also that the availability of information about media cases could be improved more generally.

My own efforts to access case files and records in 2011-13, to update research conducted by Eric Barendt and others in the mid 1990s, and to interrogate assertions of defamation’s “chilling effect”, proved largely unsuccessful and I was astonished how rudimentary and paper-based internal systems at the Royal Courts of Justice appeared to be.

Although public observers are entitled to access certain documents – such as claim forms – the cost and difficulty in locating claim numbers prohibits any kind of useful bulk research which would allow more sophisticated qualitative and quantitative analysis of media litigation.

I jumped, therefore, at the opportunity of the consultation to raise my concerns about the injunctions data, and to support the creation of a new user group committee.

My submission, with Paul Magrath and Julie Doughty, on behalf of the Transparency Project charity, made suggestions for revising the injunctions data collection process, including the introduction of an audit procedure to check information was being recorded systematically and accurately.

Following the consultation, Mr Justice Warby held a large meeting at the Royal Courts of Justice for all respondents and other interested parties at which he shared a table of proposals from the consultation, provisionally ranked as “most feasible”, “more difficult” and “most difficult”.

The last category also included proposals which would require primary legislation, which would be a matter for Parliament rather than the Judiciary.

I was pleased that our initial proposals on the transparency of injunctions data have been deemed practical and feasible in the first instance.

Also considered achievable are some of the proposals related to case management and listings, updating the pre-action protocol (PAP), the Queen’s Bench Guide, and civil practice directions in light of developments in privacy, data protection and defamation litigation and press regulation (not least to reflect the Defamation Act 2013).

This meeting also established the creation of a new Media and Communications List User Group (MACLUG) to which a range of representatives have been appointed.

The group comprises members of the Bar and private practice solicitors (including both claimant and defendant specialists), in-house counsel, clerks, and a costs practitioner.
Additionally, I have joined as a representative of public interest groups – i.e. those engaged in academic research and third sector work. The new committee met for the first time at the end of 2017, and members have formed smaller working groups to take forward the “feasible” proposals, which will be discussed with our respective constituencies in due course, and where relevant, eventually proposed to the Civil Procedure Rule Committee to consider.

In a speech to the Annual Conference of the Media Law Resource Center in September last year Mr Justice Warby identified his overall aims for the “big picture” and landscape of media litigation: to resolve disputes fairly, promptly, and at reasonable cost.

All of which were “easier said than done”, in his words. Quite so. But it is right that it should be attempted, and with judicial input where appropriate.

Mr Justice Warby’s efforts to date are to be applauded, and in particular, his open approach in addressing some of the flaws and inconsistencies of current practice, and evaluating structural and systemic issues.

That said, a committee formed by the judiciary is constrained in its remit, quite rightly. The consideration of changes to primary legislation should fall to Parliament.

It is therefore important that media law practitioners and other stakeholders should also work with the Ministry of Justice and HM Courts and Tribunals Service to inform ongoing work on courts modernisation, and push for wider consultation and involvement in reforms. A further challenge is to persuade government and parliamentarians to take on any issues requiring changes to legislation.

Part I of the Leveson Inquiry addressing, in part, the relationship between media proprietors, editors and politicians showed that the process of consultation on public policy affecting the news media has been subject to undue influence by certain private interests, and insufficiently transparent.

To this end, perhaps the new Lord Chancellor and Secretary of State for Justice, David Gauke MP, and the new Secretary of State for Digital, Culture, Media and Sport, Matt Hancock MP, might consider ways in which they can consult more openly and fairly in their development of policy and draft legislation on freedom of expression, reputation and privacy.

Dr Judith Townend is lecturer in media and information law at the University of Sussex and a member of the Queen’s Bench Division Media and Communications List User Group Committee.

Featured image: courtesy of Dave Pearce (@davebass5) on Flickr.

LSE Experts on T3: Omar Al-Ghazzi

Ethics, fake news

This post is re-posted from the LSE Media Policy Project Blog.

As part of a series of interviews with LSE Faculty on themes related to the Truth, Trust and Technology Commission, Dr Omar Al-Ghazzi  talks to LSE MSc student Ariel Riera on ‘echo chambers’ in the context of North Africa and the Middle East.

AR: The spread of misinformation through social media is a main focus of the Commission. Are there similar processes in the Middle East and in the North Africa region?

OA: Questions about trust, divisions within society, and authoritarian use of information or what could be called propaganda are very prevalent in the Middle East and North Africa. So in a way a lot of the issues at hand are not really new if we think about communication processes globally. Much of the attention that misinformation has been getting is in relation to Trump and Brexit. But Syria, for instance, is actually a very productive context to think through these questions, because with the uprising and the war, there was basically an information blackout where no independent journalist could go into the country. This created an environment where witnesses and citizen journalists and activists fill that gap. So it is now a cliché to say that the war in Syria is actually the most documented war. But all that information has not led to a narrative that people understand in relation to what’s happening. And that has to do with trust in digital media and the kind of narratives that the government disseminates. The echo chamber effect in the way people access information from online sources they agree with is also as prevalent in the Middle East as it is globally.

AR: And in these countries, who are the perpetrators of fake news and misinformation and what are the channels?

OA: It is a complicated question because if we talk about the war in Syria, the communication environment is much more complex than the binary division between fake and real. For instance, I am interested in the reporting on the ground in areas that are seeing or witnessing war and conflict. I will give you an example. Now in the suburbs of Damascus, where there is a battle between rebels and the government, there are several cases of children and teenagers doing the reporting. So how should this be picked up by news organisations, and what are the consequences? CNN recently called one of the teenagers based in Eastern Ghouta, Muhammed Najem, a ‘combat reporter’. What are the ethical considerations of that? Does that encourage that teenager to take for instance more risks to get to that footage? How is what he produces objective if first he has obviously no journalism training as a very young person and second he is in a very violent context where his obvious interest lies in his own survival and in getting attention about his and his community’s suffering. He has a voice that he wants to be heard and which should be heard. But why is the expectation, if he is dubbed a ‘combat report’, that what he produces should be objective news reporting?

Beyond this example of the complex picture in war reporting, I think the Middle East region also teaches us that when there is a lack of trust in institutions of any country in the world, when there is division in society about a national sense of belonging, about what it means to be a patriot or a traitor, that would produce mistrust in the media. Basically, a fractured political environment engenders lack of trust in media, and engenders that debate around fake or real. So there is a layer beyond the fakeness and realness that’s really about social cohesion and political identity.

AR: Nationalist politicians all over the world have found in social media a way to bypass mainstream media and appeal directly to voters. What techniques do they use to do this?

OA: Perhaps in the Middle East you don’t find an example of a stream of consciousness relayed live on Twitter like the case is with President Trump, but, like elsewhere in the world, politicians are on Twitter and even foreign policy is often communicated there. Also, a lot of narratives that feed into conflicts, like the Arab-Israeli conflict, take shape on social media. So without looking at social media you certainly don’t get the full picture even of the geopolitics in the region. Without social media, one would not grasp how government positions get internalised by people and how people contribute- whether by feeding into government policies, or maybe resisting them as well.

AR: Based on your observations in North Africa and the Middle East, can mistrust or even distrust of mainstream media outlets be a healthy instinct? For example, if mainstream media is a place where only one voice is heard.

OA: Even though a lot of the media are politicised in the Arab world because they are government owned, people have access to media other than their own governments because of a common regional cultural affiliation, a shared language and the nature of the regional media environment. So actually people in the Arab world are sophisticated media users because they have access to a wide array of media outlets. Of course, there are outlets that are controlled by governments wherever one may be situated and things vary between different countries, but audiences can access pan-Arab news media such as Al Jazeera, Al Arabiya and Al Mayadeen. They have access to a wide array of online news platforms as well as broadcast news. So you really have a lot of choices. If you are a very informed audience member you would watch one news outlet to know, let’s say, what the Iranian position on a certain event is, and then you watch a Saudi funded channel to see the Saudi. But of course, most people don’t do that because you know they just access the media that offers the perspective they already agree with.

We have to remember that in the context of the Middle East there is a lot of different conflicts, there is war, which obviously heightens the emotions of people and their allegiances and whatever their worldview is. So we are also talking about the context that, because of what is happening on the ground, people feel strongly about their political positioning which feeds into the echo chamber effect.

AR: You wrote that, at least linked to the Arab Spring, there was a ‘diversity of acts referred to as citizen journalism’. What differentiates these practices from the journalism within established media?

OA: Basically, in relation to the 2011 Arab uprisings, there were a lot of academic and journalistic approaches that talked about how these uprisings were Facebook or Twitter revolutions, or only theorising digital media practices through the lens of citizen journalism. But I argued that we cannot privilege one lens to look at what digital media does on the political level because a lot of people use digital media, from terrorist organisations to activists on the ground to government agents. So one cannot privilege a particular use of digital media and focus on that and make claims about digital media generally, when actually the picture is much more complicated and needs to be sorted out more.

Of course the proliferation of smartphones and social media offered ordinary people the opportunity to have their own output, to produce witness videos or write opinions. It is a very different media ecology because of that. However, we cannot take for granted how social media is used by different actors. In social science we have to think about issues of class, literacy, the urban rural divide, the political system, the media system. And, within that complexity, locate particular practices of social media rather than make blanket statements about social media doing something to politics generally and universally.

Dr Omar Al-Ghazzi is Assistant Professor in the Department of Media and Communications at LSE. He completed his PhD at the Annenberg School for Communication, the University of Pennsylvania, and holds MAs in Communication from the University of Pennsylvania and American University and a BA in Communication Arts from the Lebanese American University.

 

 

Recent developments on freedom of expression, Dr David Goldberg

Freedom of expression

This post brings us some recent developments on freedom expression from Dr David Goldberg, Senior Visiting Fellow, Institute of Computer and Communications Law in the Centre for Commercial Law Studies, Queen Mary, University of London, and member of the Information Law and Policy Centre’s Advisory Board.

Dr Goldberg has recently co-organised a symposium at the Southwestern Law School, Los Angeles, on “Fake News and Weaponized Defamation”. The event took place on the 26th January 2018. Further information on the event can be found at: https://www.swlaw.edu/curriculum/honors-programs/law-review-journals/journal-international-media-entertainment-law/global. Photos from the event are available at https://flic.kr/s/aHsmfxk8dL.

Dr Goldberg delivered a presentation at the event calling for enhancing media literacy, and cautioning against over-relying on the law to deal with the so-called phenomenon of fake news. Dr Goldberg’s presentation will be available in a forthcoming publication.

In addition, Dr Goldberg has recently published a chapter entitled ‘Dronalism, Newsgathering Protection and Day-to-day Norms’ in Responsible Drone Journalism (2018) edited by Astrid Gynnild and Turo Uskali. The book is available at https://www.crcpress.com/Responsible-Drone-Journalism/Gynnild-Uskali/p/book/9781138059351.

Lastly, following up on the ‘Freedom of Information at 250’ event held at the Free Word Centre in December 2016 with the support of the Information Law and Policy Centre at the Institute of Advanced Legal Studies, and the Embassies of Sweden and Finland, the publication Press Freedom 250 Years: Freedom of the Press and Public Access to Official Documents in Sweden and Finland – A Living Heritage from 1766 is now available in English. The publication of this translation has been in large part due to the efforts of Dr David Goldberg, Mark Weiler and Staffan Dalhoff. The book was launched on 2nd December 2016 at the Swedish Parliament, and the free PDF is available at http://www.riksdagen.se/globalassets/15.-bestall-och-ladda-ned/andra-sprak/tf-250-ar-eng-2018.pdf.

To order the book for libraries, contact:
Riksdag Printing Office, SE 100 12 Stockholm
E-mail: ordermottagningen@riksdagen.se

ILPC Annual Conference and Annual Lecture 2017 Children and Digital Rights: Regulating Freedoms and Safeguards

Children, Data Protection, Events

Download (PDF, 639KB)

ILPC Annual Conference and Annual Lecture 2017
Children and Digital Rights: Regulating Freedoms and Safeguards

The Internet provides children with more freedom to communicate, learn, create, share, and engage with society than ever before. Research by Ofcom in 2016 found that 72 percent of young teenagers in the UK have social media accounts. Twenty percent of the same group have made their own digital music and 30 percent have used the Internet for civic engagement by signing online petitions or by sharing and talking about the news.

Interacting within this connected digital world, however, also presents a number of challenges to ensuring the adequate protection of a child’s rights to privacy, freedom of expression, and safety, both online and offline. These risks range from children being unable to identify advertisements on search engines to being subjects of bullying or grooming or other types of abuse in online chat groups.

Children may also be targeted via social media platforms with methods (such as fake online identities or manipulated photos and images) specially designed to harm them or exploit their particular vulnerabilities and naivety.

These issues were the focus of the 2017 Annual Conference of the Information Law and Policy Centre (ILPC) based at the Institute of Advanced Legal Studies, University of London. The ILPC produces, promotes, and facilitates research about the law and policy of information and data, and the ways in which law both restricts and enables the sharing and dissemination of different types of information.

The ILPC’s Annual conference was one of a series of events celebrating
the 70th Anniversary of the founding of the Institute of Advanced Legal Studies. Other events included the ILPC’s Being Human Festival expert and interdisciplinary panel discussion on ‘Co-existing with HAL 9000: Being Human in a World with Artificial Intelligence’.

At the 2017 ILPC Annual Conference, leading policymakers, practitioners, regulators, key representatives from industry and civil society, and academic experts examined and debated the opportunities and challenges posed by current and future legal frameworks and the policies being used and developed to safeguard these freedoms and rights.

These leading stakeholders included Rachel Bishop, Deputy Director of Internet Policy at the Department of Digital (DCMS); Lisa Atkinson, the Information Commissioner’s Office (ICO) Head of Policy; Anna Morgan, Deputy Data Protection Commissioner of Ireland; Graham Smith, Internet law expert at Bird & Bird LLP), Renate Samson, former CEO of privacy advocacy organisation Big Brother Watch, and Simon Milner, Facebook’s Policy Director for the UK, Africa, and Middle East.

The legal systems under scrutiny included the UN Convention on the Rights of the Child and the related provisions of the UK Digital Charter, and the UK Data Protection Bill, which will implement the major reforms of the much anticipated EU General Data Protection Regulation (2016/679) (GDPR) which will soon enter into force on 25 May 2018. Key concerns expressed at the conference by delegates included the effectiveness in practice and lack of evidence-based policy for the controversial age of consent for children and their use of online information services provided for under the GDPR.

Further questions were raised with respect to what impact in practice will there be for children’s privacy, their freedom of expression, and their civil liberties as a result of the new transparency and accountability principles and mechanisms that must be implemented by industry and governments when their data processing involves the online marketing to, or monitoring, of children.

Given the importance and pertinence of these challenging and cutting-edge policy issues, the Centre is delighted that several papers, by regulators and academic experts from institutions within the UK, the EU, and beyond, which were presented, discussed, and debated at the conference’s plenary sessions and keynote panels, feature in a special issue of the leading peer-review legal journal of Communications Law, published by Bloomsbury Publishers.

This special issue also includes the Centre’s 2017 Annual Lecture delivered by one of the country’s leading children’s online rights campaigners, Baroness Beeban Kidron OBE, also a member of the House of Lords and film-maker, on ‘Are Children more than Clickbait in the 21st Century?’

For IALS podcasts of the 2017 ILPC Annual Lecture delivered by Baroness Kidron and presentations from the Annual Conference’s Keynote Panel, please see the IALS website at: http://ials.sas.ac.uk/digital/videos.

Nora Ni Loideain
Director and Lecturer in Law,
Information Law and Policy Centre,
IALS, University of London.

5th Winchester Conference on Trust, Risk, Information and the Law Wednesday 25 April 2018, Winchester, UK

Access to information, Announcements, Events

5th Winchester Conference on Trust, Risk, Information and the Law Wednesday 25 April 2018, Holiday Inn, Winchester, UK

Theme: Public Law, Politics and the Constitution: A new battleground between the Law and Technology?

Keynote speakers will be Michael Barton, Chief Constable of Durham Constabulary who has spoken recently about the need to reclaim ‘sovereignty’ over the Internet, and Jamie Bartlett, Director of the Centre for the Analysis of Social Media for Demos in conjunction with the University of Sussex, and author of several books including ‘Radicals’ and ‘The Dark Net’.  Breakout sessions will explore fake news, the use of algorithms in the public sector, infringements over the Internet and other issues.  The conference will include the launch of the University of Winchester’s new Centre for Parliament and Public Law, with a presentation highlighting the ongoing work of the Department of Culture, Media & Sport in the area of Data Ethics & Innovation.

 

For the full conference programme, please visit https://www.winchester.ac.uk/news-and-events/events/event-items/the-5th-winchester-conference-on-trust-risk-information-and-the-law-trilcon18.php

 

To book, please go to https://store.winchester.ac.uk/conferences-and-events/academic-conferences/faculty-of-business-law-sport/winchester-conference-on-trust-risk-information-and-the-law-2018

British government’s new ‘anti-fake news’ unit has been tried before – and it got out of hand

Access to information, Government policy, Guest post
File 20180125 107940 14x31mj.jpg?ixlib=rb 1.1
 

In this guest post, Dan Lomas, Programme Leader, MA Intelligence and Security Studies, University of Salford, explores the British government’s new ‘anti-fake news’ unit.

The decision to set up a new National Security Communications Unit to counter the growth of “fake news” is not the first time the UK government has devoted resources to exploit the defensive and offensive capabilities of information. A similar thing was tried in the Cold War era, with mixed results.

The planned unit has emerged as part of a wider review of defence capabilities. It will reportedly be dedicated to “combating disinformation by state actors and others” and was agreed at a meeting of the National Security Council (NSC).

As a spokesperson for UK prime minister Theresa May told journalists:

We are living in an era of fake news and competing narratives. The government will respond with more and better use of national security communications to tackle these interconnected, complex challenges.

 

Continue reading

Annual Conference 2017 Resources

Children, Data Protection, Events, Information law and policy, , , ,

The Information Law and Policy Centre held its third annual conference on 17th November 2017. The workshop’s theme was: ‘Children and Digital Rights: Regulating Freedoms and Safeguards’.

The workshop brought together regulators, practitioners, civil society, and leading academic experts who addressed and examined the key legal frameworks and policies being used and developed to safeguard children’s digital freedoms and rights. These legislative and policy regimes include the UN Convention on the Rights of the Child, and the related provisions (such as consent, transparency, and profiling) under the UK Digital Charter, and the Data Protection Bill which will implement the EU General Data Protection Regulation.

The following resources are available online:

  • Full programme
  • Presentation: ILPC Annual Conference, Baroness Beeban Kidron (video)
  • Presentation: ILPC Annual Conference, Anna Morgan (video)
  • Presentation: ILPC Annual Conference, Lisa Atkinson (video)
  • Presentation: ILPC Annual Conference, Rachael Bishop (video)

Co-existing with HAL 9000: Being Human in a World with AI

Artificial Intelligence, Data Protection, Events

This event will focus on the implications posed by the increasingly significant role of artificial intelligence (AI) in society and the possible ways in which humans will co-exist with AI in future, particularly the impact that this interaction will have on our liberty, privacy, and agency. Will the benefits of AI only be achieved at the expense of these human rights and values? Do current laws, ethics, or technologies offer any guidance with respect to how we should navigate this future society?

Organisations:
Institute of Advanced Legal Studies
Event date:
Monday, 20 November 2017 – 5:30pm
Visit the event page