This is ORG's Policy Update for the week beginning 08/05/2017.

If you are reading this online, you can also subscribe to the email version or unsubscribe.

ORG’s work

ORG submitted a response to a consultation on derogations for the General Data Protection Regulation (GDPR) to the Department of Culture, Media and Sport. The full submission can be found here.

We also asked people to respond to the GDPR consultation to enforce Article 80(2) that allows certain organisations to represent people in complaints to the Information Commissioner’s Office when GDPR rules have been breached.

ORG have been running a petition to prevent President Trump from using the data collected by the UK intelligence agencies to strip away basic liberties. Don’t let Trump get his hands on our data, sign our petition now!

Planned events:

OpenTech 2017 is an informal, low cost, one-day conference on slightly different approaches to technology, experience and democracy. Come and hear ORG and others speak on 13 May in London.

General Election Hustings: Bermondsey & Old Southwark. This is a great opportunity to ask the candidates what their proposals for human rights and digital rights under Brexit are, and also to ensure that issues around surveillance, privacy and censorship are included in the debate - Monday 15 May.

ORG Brighton: Digital rights, civil liberties and Brexit hustings. Quiz your candidates on what they will do to protect rights online. Find candidates that will ensure Brexit does not mean losing your civil liberties - Tuesday 16 May.

National developments

Rushed GDPR consultation includes crucial choices for defence of privacy rights

The Department of Culture, Media and Sport concluded a consultation on derogations for the General Data Protection Regulation (GDPR) this week. The public consultation is another in what appears to be a series of badly run consultations. It calls for evidence and views, but sets out no background for the consultation, meaning that only experts can practically respond.

Jim Killock took a closer look at how this consultation was run in a blog.

ORG submitted a response to the consultation. The full text is available here.

In our response, we particularly highlighted the option given by the EU to member states to allow non-profit privacy groups to launch complaints without having to find specific individuals who have been directly affected, and to help people sue companies for compensation. We believe this should be provided for in UK legislation.

Among other things, the GDPR will bring changes to consent to data processing and the way children can exercise their consent. It expands rights of data subjects by giving them an opportunity to object to data processing and to ask to have data hold on them erased. Data subjects will have more control over their data and will be able to carry them over with them from one service provider to another.

The regulation also puts more responsibilities on organisations processing data by making it mandatory to conduct Privacy Impact Assessments, audits, policy reviews, activity records and appoint a data protection officer in certain cases. They will face fines of up to €20 million or 4% of global yearly turnover if they breach the rules or show neglect in protecting subject’s data.

The GDPR will come into force in May 2018 whilst the UK is still a member of the EU. The lack of detail on the government’s analysis and approach to the derogations shows a severe lack of resources for key privacy laws like the GDPR. The post-Brexit UK will need to demonstrate that our data protection laws are adequate to those of the European Union. It is crucial that implementation of this legislation is not rushed through and derogation options are thoroughly examined.

FOI reveals MindGeek lobbying for site blocking of competitors

A Freedom of Information request to the Department of Culture, Media and Sport revealed that porn company MindGeek suggested blocking of millions of porn sites if they fail to comply with age verification requirements.

MindGeek were involved in the policy-making process for age verification for online pornography during the passage of the Digital Economy Bill in Parliament and attended several meetings with the department.

In an email to a DCMS official, a MindGeek representative stated that they would like to show their support for “hopefully an effective Bill”.

An attachment includes a note on the effectiveness and proportionality issues posed by the age-verification policy. In their opinion, this policy cannot be both effective and proportionate. The note says that the DEAct will only stop children from seeking out the known porn websites and will not prevent them from stumbling on porn online.

MindGeek quote the policy goals of the Conservative Party's 2015 manifesto to protect children, and argue that the policy goal should therefore be efficacy rather than proportionality.

In their proposed solution MindGeek pointed out that Sky is currently blocking 4,653,074 pornographic webpages. To improve effectiveness of the age-verification policy, their representative suggested that these websites should be greylisted.

"From the law passing to enforcing, let’s assume that’s 12 months. A greylist of 4M URLs already exists from Sky, but lets assume that’s actually much smaller as these URLs will I suspect, be pagelevel blocks, not TLDs. The regulator should contact them all within that 12 months, explaining that if they do not demonstrate they are AV ready by the enforcement date then they will be enforced against."

The approach advocated by MindGeek directly encourages blocking of pornographic sites that do not employ age verification.

MindGeek are creating their own widely available and cheap age-verification tool. Age-verification regulator (BBFC) blacklisting non-compliant websites would, in essence, tag the market for the new MindGeek’s age-verification tool, and push many providers towards adopting it.

Police to use artificial intelligence to make custody decisions

Durham Constabulary introduced plans to use an artificial intelligence system the Harm Assessment Risk Tool (HART) to decide whether suspects should be kept in custody. They expect to start using the system within the next three months.

The system classifies suspects in a new criminal database as being at low, medium or high risk of offending if released. HART is supposed to provide transparent decision support, not to replace the role of custody sergeants in decision-making.

Results of the system trial should be published in a peer-reviewed journal.

When a similar system was used in the US it showed an apparent bias. Analysis of the system results demonstrated that in assessments that turned out to be mistaken, black people were almost twice as likely as white people to be falsely labelled at high risk. On the other side, white people were more likely to be mislabelled as low risk.

Europe

MEPs set to amend the "upload filter" in the Copyright Directive

It has been reported that MEPs will be submitting numerous amendments to the European Commission’s draft of the new Copyright Directive. The majority of these amendments relate to Article 13, also dubbed as an “upload filter”.

Article 13 regulates under what circumstances online platforms can be required to remove what their users post. The aim of the article is to reduce copyright infringement but in practice it is likely to impose obligations on such online video-sharing platforms to monitor what users post and automatically block any copyrighted material even if it is used legally. The current wording of the article does not offer any means of appeal.

This article was previously heavily criticised in the report authored by the Legal Affairs Committee (JURI) rapporteur Therese Comodini Cachia who called for it to be scrapped it completely. Committee members are expected to vote on the report in July.

Several amendments were tabled by MEPs asking to remove the requirement that Article 13 should apply to online platforms that give access to large numbers of copyright works. They also want to change parts of Article 13 detailing the role of the member states in making sure platforms offer the possibility of redress so that users can complain if their posts are wrongly removed.

EU agrees to adopt the Marrakesh Treaty facilitating access for blind persons

This week the representatives of the European Parliament, the Council and the Commission agreed on draft legislation to implement the Marrakesh Treaty in the European Union. The treaty allows for copyright exceptions to facilitate the creation of accessible versions of books and other copyrighted works for visually impaired persons.

The Marrakesh Treaty was adopted at the World Intellectual Property Organisation (WIPO) in 2013. Its adoption by the EU is part of the new strategies under the Digital Single Market. It will allow for cross-border exchange of copies under exceptions and limitations to copyright.

The EU law will contain a mandatory exception to copyright rules allowing for making and dissemination of special formats of print materials for people with disabilities. The exception will also apply to dissemination in third countries.

The agreed text will now be formally confirmed by the European Parliament and the Council.

ORG media coverage

See ORG Press Coverage for full details.

Staff page