This is ORG's Policy Update for the week beginning 13/03/2017.

If you are reading this online, you can also subscribe to the email version or unsubscribe.

ORG’s work

Following our response to a consultation on the Scottish ID Database, the Scottish Government decided to drop their proposals which would have turned the NHS central register into a national identity database. We are pleased to say these proposals now have been dropped. However the ID system is still in place and we will continue to fight for a review of the whole Scottish ID policy.

We published a briefing on the Digital Economy Bill before the final week of the Report stage in the House of Lords.

We launched a campaign asking supporters to email Jo Johnson MP, the Minister for Universities, Science, Research and Innovation, and ask him to fix threats posed by offences for copyright infringement in the Digital Economy Bill. Let's stop copyright trolls threatening ordinary Internet users with 10 years in prison. Email the Government.

ORG have been working on our submission for the consultation on the Espionage Act. The threat of 14 years in prison for handling classified and secret documents could stop journalists and whistleblowers from exposing corruption and government wrongdoing. Sign the petition!

Planned local group events:

You seal your letters but send your mails unencrypted? You want to protect your privacy online but don't know how to do it? Join ORG Manchester on Friday 17 March to learn how to protect your communications and content over the Internet.

Join ORG London on Monday 20 March to find out from Sarah Kavanagh (NUJ) and Pam Cowburn (ORG) what the Espionage Act means for journalists and whistleblowers and what you can do to stop the Law Commission's proposals.

Join ORG Birmingham on Tuesday 21 March to find out more about the Espionage Act and what you can do to stop the Law Commission criminalising journalists and public-interest whistleblowers.

Join ORG Oxford on Wednesday 22 March to discuss the current state of digital rights. This will be an informal meeting for everyone to get to know each other and talk about ideas for future ORG Oxford meetings.

Official meetings

Jim Killock attended a meeting with Privacy International to discuss the Espionage Act.

Parliament

DEBill

The Digital Economy Bill will be debated again in the House of Lords on 20 and 22 March. These dates mark the last discussions of the Report stage.

A list of all amendments to be discussed is available here.

The Bill is scheduled to enter the Third Reading stage on 29 March.

ORG prepared a briefing for the House of Lords before the next week’s debates. You can read it here.

We still have concerns regarding age verification, online copyright infringement and data sharing.

Age verification

Last week the Government announced changes to age verification, following criticism made by the Delegated Powers and Regulatory Reform Committee. However, these new amendments will not sufficiently improve the policy so it will protect children and protect web users' privacy.

More details can be found in a blog by Jim Killock.

Online copyright infringement

The Government responded last week to our calls to include thresholds of seriousness for offences related to online copyright infringement. These would prevent casual file-sharers from being caught by the criminal offence who could be prosecuted in a civil court instead.

The current wording of offences is still too vague. Read more on why the Government’s stance to not include thresholds is not adequate in a response by Jim Killock.

Data sharing

Several new amendments were introduced to improve Part 5 on data sharing. We welcome the Government’s amendments:

limiting powers of Ministers by narrowing down objectives for data sharing,

creating a closer link with functions of public authorities,

limiting definitions of “specified persons” able to share data for public service delivery and fraud and debt purposes,

making codes of practice statutory,

removing powers to repeal and amend the Bill without prior scrutiny.

However, there are still some issues in Part 5 on data sharing that should be addressed. These include intrusive powers in Chapter 2 on civil registration data and review of all powers in Part 5.

More detailed analysis can be found in a blog post here.

Question on national security

Anna Turley asked the Secretary of State for the Home Department, if there are plans to bring forward legislative proposals to require social media platforms to report communications sent via their service if they could be reasonably interpreted as containing content posing an imminent threat to the national security.

Turley further inquired, what the Department’s policy is on social media platforms which operate in the UK but are based in the US.

Ben Wallace MP responded that social media companies should proactively prevent their services from being abused by terrorists and other individuals posing a threat to national security. They should also report any such content to the UK intelligence agencies and law enforcement.

Question on data protection and motor vehicles

Chi Onwurah MP asked the Secretary of State for Business, Energy and Industrial Strategy, what assessment the Department has made on the implications for competition in the motor industry of potential restrictions on data collected by automobiles for car manufacturers and independent repair providers.

Nick Hurd MP responded that the Department is currently assessing the framework for governance of vehicle data more broadly. They are already engaged with industry bodies and EU forums and are developing policy in this area.

Question on data protection and consumers

Chi Onwurah MP asked the Secretary of State for Culture, Media and Sport, what the Department’s policy is on the ownership of data by consumers with respect to the control of that data by those consumers.

Matthew Hancock MP responded that consumers’ rights with regard to the collection, processing and disclosure of their personal data are governed by the Data Protection Act of 1998.

Question on data protection and employment

Chi Onwurah MP asked the Secretary of State for Culture, Media and Sport, whether the Government plans to retain the regulation of transparency of workplace data collection contained in the General Data Protection Regulation after the UK has left the EU.

Matthew Hancock MP responded that the Government is considering all options for the most beneficial way of ensuring that the UK’s data protection regime continues to build a culture of data confidence and trust after the UK has left the EU.

Question on identity cards

Lord Campbell-Savours asked the Government, what representation they received from public authorities since 1 January 2017 on the case for introducing national identity cards in the UK.

Baroness Williams of Trafford responded that the Government are not aware of receiving any representations from public authorities to introduce national identity cards. She added that the Government will have to think about identity post Brexit, but that will be the subject of discussions and negotiations.

Question on social networks and harassment

Anna Turley asked the Secretary of State for the Home Department, whether they will bring forward legislative proposals to require social media platforms to report communications containing content that would constitute an offence under Section 1 of the Malicious Communications Act 1988 or section 127 of the Communications Act 2003.

Brandon Lewis MP responded that the Government expects social media companies to have robust processes in place and to act promptly when abuse is reported. The Government works closely with social media companies and other relevant actors and experts to make sure they are committed to protecting their users.

Other national developments

Dropped ID plans in Scotland

The Scottish Government decided to drop plans to turn the NHS central register into a national identity database.

The current Scottish ID system is similar to the already abandoned model introduced by Labour in 2010. It links personal data across government through a single identifying number.

The newly dropped plans involve the universal identity register, and the roll out of the system to encompass everyone who pays tax and uses the health service.

The original plans for an ID database were introduced by the Scottish Government in a consultation in 2015. The database would use the Unique Citizen Reference Number (UCRN) assigned to everyone born in Scotland along with the NHS ID number to tie people’s data across up to 120 other Scottish public bodies. The NHS Central Register would have been used to validate people’s identity through comparing details such as a person’s address as held by the NHS.

The wider UCRN and identity system also includes National Entitlement Cards used to identify people for some government and council services. These two components are also used by "MyAccount" initiative to access Scottish online services.

Using of these parts of the ID system means that anyone using MyAccount could be linked to any MyAccount service and services accessed via the Entitlement Card.

ORG submitted a response to the consultation. Following our criticism and concerns, 200 of our supporters made submissions to the consultation. Liberal Democrat and Green MSPs also raised their concerns before the Government decided to drop the proposals.

ORG welcomes the Scottish Government's decision to drop their plans to turn the NHS central register into a national identity database. The proposals would have fundamentally changed the relationship between Scottish citizens and the state if Scotland would have introduced a national ID database that would have tracked Scottish citizens through the public services they use.

However, the ID system is still in place and its particular components (UCRN, Entitlement Card and MyAccount system) continue to pose risks and lack a firm legislative basis. The whole policy should now be reviewed.

Read more in a blog by Jim Killock here.

New national surveillance camera strategy

The Surveillance Camera Commissioner Tony Porter launched a new national surveillance camera strategy this week.

The strategy aims to provide a framework for the surveillance camera community to understand good practice and their legal obligations. A draft strategy was published in October 2016 and was followed by a consultation.

The new strategy consists of 11 objectives. These include:

improvements in certification of recognisable standards for the industry delivering surveillance camera solutions

information freely available to the public about the operation of surveillance camera systems

police and local authorities to pro-actively share information about their own use of camera systems and data

encouragement of the voluntary surveillance camera code compliance

operation of surveillance cameras critical for national infrastructure to be in compliance with the surveillance camera code

organisations involved in surveillance camera industry to be able to demonstrate they understand and follow good practice and legal obligations

information to be freely available about training requirements who deal with camera systems

development of a digital portal containing information on (among other things) individual’s rights.

The Commissioner considers these to be long-term objectives but he also developed delivery plans for the first three-year period (2017-2020). He admitted that regulators and the government were struggling to keep up with the pace of technological change.

Porter pointed out that an overwhelming majority of people currently support the use of CCTV in public places. He also noted that surveillance is changing and often merges with the use of open data and it is likely to influence the support for surveillance.

NCA & NCSC report

The National Crime Agency and the National Cyber Security Centre published a joint report on cyber threats to UK businesses.

The report highlights that devices such as smart TVs, watches, televisions and fitness trackers could be subject to ransomware. By accessing personal data on these devices, criminals could stop people from using them until they pay to unlock them.

The report stated that

"this data may not be inherently valuable, and might not be sold on criminal forums but the device and data will be sufficiently valuable to the victim that they will be willing to pay for it.”

The two agencies aim to encourage engagement and an active partnership between government, industry and law enforcement to significantly enhance the levels of cyber security across UK networks.

Premier League injunction

The Premier League obtained a High Court injunction that will allow the blocking of unauthorised live streams of their matches.

The injunction targets servers streaming the live content. This will involve blocking the IP addresses of servers, which are often based overseas.

The injunction will be carried out live as soon as the matches are broadcasted online. It will require the Premier League to monitor the Internet and gather IP addresses that they will ask the ISPs to block in real time. This process will not be regulated by the courts.

Despite the five biggest UK ISPs being the “defendants” in this case, they are happy to carry out the injunction and block IP addresses. They have been doing so in other copyright infringement cases already.

The injunction comes into force on 18 March and lasts until 22 May.

International developments

Germany to fine social media companies for hate speech

A new draft German law would impose fines on social media companies if they fail to remove hate speech. The fines could go up to €50 million.

Under the new law, social media platforms would be required to remove “obviously” illegal hate speech within 24 hours and less obvious hate speech within seven days. Also individual people working for social media platforms could face fines of up to €5 million.

The draft bill still has to be approved by the Government and Bundestag.

For now, the European Union does not have plans to introduce a similar law. The European Commission signed a voluntary agreement with Google, YouTube, Facebook, Twitter and Microsoft last year to remove posts within 24 hours.

The EU arrangements will be reviewed in May followed by an announcement on whether a law is needed.

ORG media coverage

See ORG Press Coverage for full details.

Staff page