Wednesday, 9 August 2017

Queen's Speech and the promised “Data Protection (Exemptions from GDPR) Bill” - Hawktalk

Queen's Speech and the promised “Data Protection (Exemptions from GDPR) Bill” - Hawktalk: "There is no "phasing in" leeway and the GDPR becomes directly applicable next May, except in the areas where Member States are permitted by the GDPR to enact variations.  It follows that there is no need to legislate for the GDPR except to implement such variations and exclusions. The Bill should therefore not be called the “Data Protection Bill”; a more accurate Short Title would be the “Data Protection (Exemptions from the GDPR) Bill”." 'via Blog this'

Friday, 4 August 2017

China’s Unprecedented Cyber Law Signals Its Intent to Protect a Precious Commodity: Data - MIT Technology Review

China’s Unprecedented Cyber Law Signals Its Intent to Protect a Precious Commodity: Data - MIT Technology Review: "Among them is a requirement that certain companies submit their products to the government for cybersecurity checks, which may even involve reviewing source code. How often it would be required, and how the government will determine which products must be reviewed is unknown. This could come into play as part of China’s broader regulatory push to expand law enforcement’s power to access data during criminal investigations.

Another vague directive calls for companies to store certain data within the country’s borders, in the interest of safeguarding sensitive information from espionage or other foreign meddling. The government has delayed the implementation of this change until the end of 2018, however.

The reason for the delay seems to be that China wants its laws governing the cross-border flow of data to be “consistent with accepted international practices,” according to the authors of a recent research brief from the Eurasia Group, a political risk consultancy." 'via Blog this'

SCL: Digital Economy Act Commencement

SCL: Digital Economy Act Commencement: "The first commencement instrument under the Digital Economy Act 2017 has now been published. The Digital Economy Act 2017 (Commencement No. 1) Regulations 2017 (SI 2017/765) provide separate commencement dates for various provisions. The para numbering that follows reflect the content of the statutory instrument" 'via Blog this'

Thursday, 3 August 2017

Annual country reports on open internet from national regulators - 2017 | Digital Single Market

Annual country reports on open internet from national regulators - 2017 | Digital Single Market: "Annual reports of the national regulatory authorities (NRAs) on compliance with the provisions on open internet in their respective countries.

Today the Commission makes available on its website annual country reports from national regulators on open internet.

The reports were prepared by the national regulatory authorities (NRAs) and sent to the Commission and BEREC.

[Note - Germany and Sweden detail infringement proceedings in English - others are problematic unless you read Slovenian, Hungarian and Dutch]

They cover the first 12 months after the open internet rules became applicable on 30 April 2016.

The reports will serve as a basis for BEREC's Report on the implementation of the net neutrality rules expected by the end of the year. The reports will also be used by the Commission in the next Europe's Digital Progress Report in 2018." 'via Blog this'

Tuesday, 1 August 2017

Look out Silicon Valley, here comes Brit bruiser Amber Rudd to lay down the (cyber) law • The Register

Look out Silicon Valley, here comes Brit bruiser Amber Rudd to lay down the (cyber) law • The Register: "But for all her bluster, whenever it has come down to actual action, Rudd has backtracked from her bold position demanding changes to arguing that the internet giants need to "work with" the government.

A meeting between the Home Office and representatives of Facebook, Google, Microsoft and Twitter back in March was pushed by the UK government – and Rudd herself – as some kind of showdown.

 But in the end, all that emerged from the meeting was the weakest of promises that the companies would "look at all options for structuring a forum" where they would discuss the issues.

That outcome was called "a bit lame" by chair of the Home Affairs Select Committee Yvette Cooper, who complained: "All the government and social media companies appear to have agreed is to discuss options for a possible forum in order to have more discussions. Having meetings about meetings just isn't good enough."" 'via Blog this'

Pornography and digital rights | openDemocracy

Pornography and digital rights | openDemocracy: "UK society has been wrestling with moral and political questions of how to deal with pornography for nearly 400 years. In the intervening period it’s an issue which has been subject to numerous pieces of legislation regulating access to pornographic material in all its forms, from the Licensing Act 1737 (for plays) to the Obscene Publications Acts and the Video Recordings Act 1984. Such legislation has tended both to delimit what can be published and to set (age-limited) conditions for who can access it.

In this context, the UK government’s efforts to introduce household-level filtering could be seen as no more than appropriate efforts to ensure consistent application of already-agreed principles. There are, however, some crucial differences which make the question of how best to balance individual rights and interests far more difficult in the case of digital content.

The most important point concerns access to information." 'via Blog this'

No, the internet is not actually stealing kids’ innocence | Information Law & Policy Centre

No, the internet is not actually stealing kids’ innocence | Information Law & Policy Centre: "The evidence in support of effective public interventions is as limited as evidence of the harm these are designed to alleviate.

Still, the precautionary principle provides some legitimation for intervention – and there are solutions to be tried.

For example:

In a recent report, my colleagues and I proposed a series of possible legislative and industry strategies. Several have potential to reduce harm without unduly restricting either adults’ or children’s online freedoms.

In another report, we focused on the importance of better digital literacy and sexual education in schools, as well as constructive awareness-raising and support for parents.

In the 2017 report by the House of Lords, the focus was on improving the co-ordination of strategies across society, along with learning from the evaluation of what works and, more radically, introducing ethics-by-design into the processes of content and technological production to improve children’s online experiences in the first place." 'via Blog this'

Monday, 24 July 2017

Meet the man keeping 8chan, the world's most vile website, alive

Meet the man keeping 8chan, the world's most vile website, alive: "2channel is the forebear of all the other "chan" sites. It inspired a similarly-named imageboard called 2chan, that in turn inspired a 15-year old Poole to create 4chan in 2003. And then 4chan gave birth to 8chan. Such is the way of the internet: easily copied ideas and constant, but shallow, innovation." 'via Blog this'

Thousands march through Moscow for internet freedom as Russia cracks down ahead of election - ABC News

Thousands march through Moscow for internet freedom as Russia cracks down ahead of election - ABC News (Australian Broadcasting Corporation): "With presidential elections due in just eight months, the Kremlin is playing catch-up, introducing a flurry of new laws designed to bring the online space under its control.

 Draft legislation currently being pushed through parliament aims to force VPNs to block sites on a black list drawn up by the federal media watchdog, Roskomnadzor.

The new bill would outlaw VPN providers refusing to do so, and attempt to block them.

 Another law, now being put in place, demands internet providers keep a six-month record of all sites visited by users, and that all metadata be saved for three years.

It also requires messenger services to provide their encryption keys to allow the authorities access to private communications." 'via Blog this'

Tuesday, 18 July 2017

Cyberleagle: Worldwide search de-indexing orders: Google v Equustek

Cyberleagle: Worldwide search de-indexing orders: Google v Equustek: "The path that led to the SCC judgment was factually convoluted and dominated by the behaviour of the underlying defendant. The central role played by the pre-existing, apparently worldwide, order requiring Datalink to cease doing business on the internet is striking. If for no other reason, the case may come to be seen as one very much on its own facts.

 Where an apparent bad actor thumbs its nose at the court’s authority it is perhaps unsurprising that if a well-resourced global intermediary is haled into court, apparently able to take steps to mitigate damage to the plaintiff at little inconvenience to itself, the tribunal may (if satisfied that it has the power) be inclined to enlist its assistance.

 Nevertheless if a future court should contemplate a similar order then a more detailed identification of the rights and interests involved, analysis of any territorial aspects of those rights and consideration of the freedom of speech rights of internet users separate from the sensibilities of states may be key to arriving at an appropriate outcome." 'via Blog this'

Tuesday, 27 June 2017

Justice down the rabbit-hole: Fulford LJ on the Rise of the Cyber Judge - ICLR

Justice down the rabbit-hole: Fulford LJ on the Rise of the Cyber Judge - ICLR: "It is clear from as much of Lord Justice Fulford’s talk as I have been able to capture, and from his answer to Prof Marsden’s question, that little thought has been given either to the idea of open justice, or to any equivalent, for the online court, of the press bench and public gallery in a traditional bricks-and-mortar courtroom.

This is a major oversight, and one about which ICLR, as official publishers of The Law Reports, should be very concerned. " 'via Blog this'

Monday, 26 June 2017

SCL: Autonomous Vehicles: An Ethical and Legal Approach

SCL: Autonomous Vehicles: An Ethical and Legal Approach: "This is the essay from Lottie Michael which won the SCL Essay Prize for 2017 "Further to the consultation paper issued by the Department of Transport ‘Pathway to Driverless Cars: Proposals to Support Advanced Driver Assistance Systems and Automated Vehicle Technologies’ consider the legal implications of autonomous vehicles, and associated ethical issues." " 'via Blog this'

Tuesday, 13 June 2017

Two leading ladies of Europe warn that internet regulation is coming • The Register

Two leading ladies of Europe warn that internet regulation is coming • The Register: "Merkel has been pushing for a Europe-wide series of laws and rules to clamp down on such content. Over the weekend, she used her speech in Mexico to argue for global restrictions.

"We still have no international rules," she said, standing next to Mexican president Enrique Peña Nieto, warning that standards have been introduced erratically across the globe.

She spoke in favor of "sensible rules" and said that Germany would use its presidency of the G20 to develop a concrete set of digital policies at the forthcoming summit in Hamburg next month.

She drew parallels with a G20 agreement to deal with cyber attacks on the global banking system, and noted that Europe and the United States need to work together on new common standards." 'via Blog this'

Thursday, 1 June 2017

SCL: SCL Student Essay Prize 2017 Winner

SCL: SCL Student Essay Prize 2017 Winner: "Lottie is in her final (4th) year studying for a Law with European Legal Systems degree at the University of East Anglia. She is very interested in international security, counter-terrorism, technology and the law, and will be looking for a career path in this direction.

The two runners-up, Daniel Zwi and Ella Castle, both addressed the set question concerning the CJEU’s Mc Fadden judgment. Their
essays will be published on the SCL website." 'via Blog this'

Saturday, 27 May 2017

Bank of Canada says won't use blockchain for interbank payment system By Reuters

Bank of Canada says won't use blockchain for interbank payment system By Reuters: ""The bottom line is that a stand-alone DLT wholesale system is unlikely to match the efficiency and net benefits of a centralized system," wrote Carolyn Wilkins, senior deputy governor of the Bank of Canada, and Gerry Gaetz, Payments Canada president.
"At its heart, there exists a fundamental inconsistency or tension between a centralized wholesale interbank payment system, as we have now, and the decentralization inherent in DLT."" 'via Blog this'

Thursday, 25 May 2017

Audiovisual Media Services Directive reform: Document pool - EDRi

Audiovisual Media Services Directive reform: Document pool - EDRi: "On 25 May 2016, the European Commission proposed to reform the Audiovisual Media Services Directive (the “AVMS Directive” or “AVMSD”). The current AVMS Directive (2010) is the European Union (EU) legal framework that regulates traditional TV broadcasters and on-demand services in the EU Member States.

The AVMSD contains rules on audiovisual advertising; jurisdiction over providers; promotion of European works; and on providers’ obligations with regards to commercial communications, protection of minors from potentially harmful content, fight against “incitement to hatred”, among other measures. The new proposal broadens the scope of the Directive to cover the regulation of video-sharing platforms and potentially even other social media companies." 'via Blog this'

Cyberleagle: Time to speak up for Article 15

Cyberleagle: Time to speak up for Article 15: "The peculiar vice of compelled general monitoring, however, is that we never get to that point. If the filtered and blocked speech doesn’t see the light of day it never gets to be debated, prosecuted, tested, criticised or defended. To some, that may be a virtue not a vice" 'via Blog this'

SCL: Res Robotica! Liability and Driverless Vehicles

SCL: Res Robotica! Liability and Driverless Vehicles: "English lawyer Andrew Katz[17] suggests that robotic technology could be given an authenticated identity through the use of a trust scheme, one that is not mandatory, but failure to be party to it would render the owner of the technology strictly liable for its actions or omissions. As with Pagallo, Katz suggests that the peculium should be backed by an insurance policy.

Introducing the idea of a peculium linked to insurance could provide the legal flexibility required to accommodate the evolving technology[18] and tackling the problem of apportioning blame to a traditional legal person." 'via Blog this'

Sunday, 14 May 2017

Open Rights Group - NHS ransom shows GCHQ putting us at risk

Open Rights Group - NHS ransom shows GCHQ putting us at risk: "GCHQ are normally responsible for ‘offensive’ operations, or hacking and breaking into other networks. They also have a ‘defensive’ role, at the National Cyber Security Centre, which is meant to help organisations like the NHS keep their systems safe from these kinds of breakdown.

GCHQ are therefore forced to trade off their use of secret hacking exploits against the risks these exploits pose to organisations like the NHS.

They have a tremendous conflict of interest, which in ORG’s view, ought to be resolved by moving the UK defensive role out of GCHQ’s hands.

Government also needs to have a robust means of assessing the risks that GCHQ’s use of vulnerabilities might pose to the rest of us. At the moment, ministers can only turn to GCHQ to ask about the risks, and we assume the same is true in practice of oversight bodies and future Surveillance Commissioners. The obvious way to improve this and get more independent advice is to split National Cyber Security Centre from GCHQ." 'via Blog this'

Thursday, 11 May 2017

SCL: Smart and Connected Cities: Surmounting the Challenges

SCL: Smart and Connected Cities: Surmounting the Challenges: "The European Commission's Directorate-General for Energy recently published its final report on the study on ‘Smart Cities and Communities’, which looked at the opportunities and challenges faced when attempting to connect a city's infrastructure with the internet through the Internet of Things. The Report found that city-wide integration was rare in the majority of the sample cases it looked at. Instead, what was found were examples of ‘smart’ districts and specific sectors. 

While the Report suggested that there were not many examples of city-wide ‘smart’ initiatives, there are places where this is being attempted." 'via Blog this'

Copyright: blocking order against live streaming - FA Premier League Ltd v BT [2017] EWHC 480 (Ch)

Copyright: blocking order against live streaming - Lexology: "This is the first time that a blocking order has been ordered in respect of streaming servers. Therefore, while the decision involved the application of well-established principles since Football Association, the modification of the factors to be taken into account to address the different context is interesting. The order contained additional safeguards over and above those previously adopted in the context of website-blocking, notably the short duration of the order.

Case: Football Association Premier League Ltd v British Telecommunications Plc and others [2017] EWHC 480 (Ch)." 'via Blog this'

Tuesday, 9 May 2017

BBC iPlayer - Panorama - What Facebook Knows About You

BBC iPlayer - Panorama - What Facebook Knows About You: "Facebook is thought to know more about us than any other business in history, but what does the social network that Mark Zuckerberg built do with all of our personal information?
Reporter Darragh MacIntyre investigates how Facebook's powerful algorithms allow advertisers and politicians to target us more directly than ever before, and he questions whether the company's size and complexity now makes it impossible to regulate" 'via Blog this'

Saturday, 6 May 2017

First comprehensive map of the ‘dark web’ reveals a remarkably antisocial corner of the internet | Science | AAAS

First comprehensive map of the ‘dark web’ reveals a remarkably antisocial corner of the internet | Science | AAAS: Beyond the “surface web”—the parts accessible to search engines—there is a “deep web” containing (by one estimate) 500 times the content, secured in databases and hidden behind login screens. And within this deep web is a tiny corner known as the “dark web,” which requires special, anonymizing software such as the Tor Browser to access and contains everything from black markets selling drugs and counterfeit IDs to whistleblowing forums.

 Researchers have just conducted a comprehensive mapping of the dark web and found that it’s not much of a web at all. They started with a few central hubs in the “.onion” domain (sort of like .com on the surface web) and used an algorithm to crawl along links from site to site, finding only 7178 sites, connected to each other through 25,104 links. (Sites with no inbound links couldn’t be counted.)

Their key finding is that 87% of these dark web sites don’t link to any other sites. The dark web is more of a set of “dark silos,” they write in a preliminary paper posted on arXiv yesterday. Dark websites linked to surface websites and to other dark websites at the same rate, ruling out dark sites’ ephemerality as an explanation for their scant interconnections." 'via Blog this'

Wednesday, 3 May 2017

European Union Serious and Organised Crime Threat Assessment | Europol

European Union Serious and Organised Crime Threat Assessment | Europol: "Serious and organised crime in the EU features a great variety of criminal activities, which are increasing in complexity and scale. 

Criminals quickly adopt and integrate new technologies into their modi operandi or build brand-new business models around them. The use of new technologies by organised crime groups (OCGs) has an impact on criminal activities across the spectrum of serious and organised crime.

This includes developments online, such as the expansion of online trade and widespread availability of encrypted communication channels." 'via Blog this'

European Commission Mergers: Commission approves acquisition of LinkedIn by Microsoft, subject to conditions

European Commission - PRESS RELEASES - Press release - Mergers: Commission approves acquisition of LinkedIn by Microsoft, subject to conditions: "The Commission analysed potential data concentration as a result of the merger with regard to its potential impact on competition in the Single Market. Privacy related concerns as such do not fall within the scope of EU competition law but can be taken into account in the competition assessment to the extent that consumers see it as a significant factor of quality, and the merging parties compete with each other on this factor. In this instance, the Commission concluded that data privacy was an important parameter of competition between professional social networks on the market, which could have been negatively affected by the transaction.

The proposed commitments

To address the competition concerns identified by the Commission in the professional social network services market, Microsoft offered a series of commitments. These commitments include:

  • ensuring that PC manufacturers and distributors would be free not to install LinkedIn on Windows and allowing users to remove LinkedIn from Windows should PC manufacturers and distributors decide to preinstall it. 
  • allowing competing professional social network service providers to maintain current levels of interoperability with Microsoft's Office suite of products through the so-called Office add-in program and Office application programming interfaces. 
  • granting competing professional social network service providers access to "Microsoft Graph", a gateway for software developers. 
It is used to build applications and services that can, subject to user consent, access data stored in the Microsoft cloud, such as contact information, calendar information, emails, etc. Software developers can potentially use this data to drive subscribers and usage to their professional social networks.

The commitments will apply in the EEA for a period of five years and will be monitored by a trustee." 'via Blog this'

Tuesday, 2 May 2017

The Internet of Things | Digital Single Market

The Internet of Things | Digital Single Market: "The recently proposed "European data economy" initiative (January 2017) also contributes to the creation of a European single market for IoT. This initiative proposes policy and legal solutions concerning the free flow of data across national borders in the EU, and liability issues in complex environments such as the IoT one. Especially, liability is decisive to enhance legal certainty around the IoT products and services." 'via Blog this'

Thursday, 27 April 2017

Vietnam says Facebook commits to preventing offensive content | Reuters

Vietnam says Facebook commits to preventing offensive content | Reuters: "In February, communist Vietnam complained about "toxic" anti-government and offensive content on Facebook and Google Inc.'s YouTube and pressured local companies to withdraw advertising until the social media firms found a solution.

 Facebook's commitment came during a meeting between its Head of Global Policy Management Monika Bickert and Vietnamese information and communication minister Truong Minh Tuan in Hanoi on Wednesday, a statement on the government's website said.

 "Facebook will set up a separate channel to directly coordinate with Vietnam's communication and information ministry to prioritize requests from the ministry and other competent authorities in the country," the statement said.

 The firm will also remove fake accounts and fake content about senior government officials, it said.

A Facebook representative said the company had a clear and consistent process for governments to report illegal content." 'via Blog this'

Digital Economy Bill rubberstamped by MPs—broadband speed demand squished | Ars Technica UK

Digital Economy Bill rubberstamped by MPs—broadband speed demand squished | Ars Technica UK: "Earlier in the debate, Labour's Chi Onwurah flagged up the rights of citizens on the government's grand data sharing plans contained within the bill—which have undergone some amendments. Hancock snapped back: "the electioneering must have got into her."

He added that, "yes, there's more work to do" and referenced the EU's upcoming General Data Protection Regulation, which will come into force next year when the UK will still be a member of the bloc.

 But when pressed by Onwurah on whether "citizens own and control their own data," the minister responded: "Citizens elect the government and in many cases the government is responsible for the data, and having democratic legitimacy behind the control of data is critical to a functioning democracy."

 The Digital Economy Bill debate lasted less than 90 minutes, after which MPs waved through the government's amendments" 'via Blog this'

Court to Facebook: Stop harvesting users' WhatsApp personal data without consent | ZDNet

Court to Facebook: Stop harvesting users' WhatsApp personal data without consent | ZDNet: "Facebook wanted the Hamburg administrative court to suspend the privacy regulator's order while the case, which will need to decide jurisdictional issues, runs its course. The court largely refused to do so, for now. WhatsApp may not transfer the data of its 35 million German users to Facebook.

"This is good news for the many millions of people who use the WhatsApp messenger service in Germany every day," said Caspar in a statement. "They are not defenceless."

 Facebook told ZDNet it intends to appeal this part of the court's ruling. The company said it has paused the use of WhatsApp users' data across Europe, while it discusses the matter with regulators.

However, there was another element to Tuesday's decision that went in Facebook's favour: Caspar had also ordered the social media company to immediately delete the data of German WhatsApp users that it had already imported, but the court decided that Facebook could hold off doing so for now.

 In a separate case, Germany's consumer watchdogs in January sued Facebook over the data transfers, this time in Berlin. The associations' umbrella body, the VZBV, had issued a cease-and-desist order around the same time that Caspar made his order, but Facebook had refused to comply. 

The UK data-protection authority also told Facebook to cut it out in November, and the European Commission's antitrust department charged Facebook over the matter in December." 'via Blog this'

Hey, Computer Scientists! Stop Hating on the Humanities | WIRED

Hey, Computer Scientists! Stop Hating on the Humanities | WIRED: "There are many steps tech companies should take as well. Organizations should explore the social and ethical issues their products create: Google and Microsoft deserve credit for researching algorithmic discrimination, for example, and Facebook for investigating echo chambers. Make it easier for external researchers to evaluate the impacts of your products: be transparent about how your algorithms work and provide access to data under appropriate data use agreements. (Researchers also need to be allowed to audit algorithms without being prosecuted.) Ask social or ethical questions in hiring interviews, not just algorithmic ones; if hiring managers asked, students would learn how to answer them. (Microsoft’s CEO was once asked, in a technical interview, what he would do if he saw a baby lying in an intersection: the obvious answer to pick up the baby did not occur to him)." 'via Blog this'

Police around the world learn to fight global-scale cybercrime

Police around the world learn to fight global-scale cybercrime: "The multinational cooperation involved in successfully taking down the Avalanche network can be a model for future efforts in fighting digital crime.

Coordinated by Europol, the European Union’s police agency, the plan takes inspiration from the sharing economy.

Uber owns very few cars and Airbnb has no property; they help connect drivers and homeowners with customers who need transportation or lodging. Similarly, while Europol has no direct policing powers or unique intelligence, it can connect law enforcement agencies across the continent.

This “uberization” of law enforcement was crucial to synchronizing the coordinated action that seized, blocked and redirected traffic for more than 800,000 domains across 30 countries.

Through those partnerships, various national police agencies were able to collect pieces of information from their own jurisdictions and send it, through Europol, to German authorities, who took the lead on the investigation. Analyzing all of that collected data revealed the identity of the suspects and untangled its complex network of servers and software. The nonprofit Shadowserver Foundation and others assisted with the actual takedown of the server infrastructure, while anti-virus companies helped victims clean up their computers." 'via Blog this'

Wednesday, 26 April 2017

AI report fed by DeepMind, Amazon, Uber urges greater access to public sector data sets | TechCrunch

AI report fed by DeepMind, Amazon, Uber urges greater access to public sector data sets | TechCrunch: "Ultimately, the report does call for “urgent consideration” to be given to what it describes as “the ‘careful stewardship’ needed over the next ten years to ensure that the dividends from machine learning… benefit all in UK society.” And it’s true to say, as we’ve said before, that policymakers and regulators do need to step up and start building frameworks and determining rules to ensure machine learning technologists do not have the chance to asset strip the public sector’s crown jewels before they’ve even been valued (not to mention leave future citizens unable to pay for the fancy services that will then be sold back to them, powered by machine learning models freely fatted up on publicly funded data).

 But the suggested 10-year time frame seems disingenuous, to put it mildly. With — for instance — very large quantities of sensitive NHS data already flowing from the public sector into the hands of one of the world’s most market capitalized companies (Alphabet/Google/DeepMind) there would seem to be rather more short-term urgency for policymakers to address this issue — not leave it on the back burner for a decade or so. Indeed, parliamentarians have already been urging action on AI-related concerns like algorithmic accountability." 'via Blog this'

Tuesday, 25 April 2017

These internet firsts will remind you how far we've come - Business Insider

These internet firsts will remind you how far we've come - Business Insider: "In October 1969, UCLA student Charley Kline was attempting to send the word “login” over to the Stanford Research Institute using the internet’s precursor: ARPANET.

At first, the system crashed, only managing to send the letters “i” and “o”. But an hour or so later, the full message was successfully sent and history was made:" 'via Blog this'

Monday, 24 April 2017

SCL: European Net Neutrality, at last?

SCL: European Net Neutrality, at last?Luca Belli and Chris Marsden review the long history of developments, and the latest position, on net neutrality in Europe, amid some hopeful signs. 

Net neutrality is the principle mandating that internet traffic be managed in a non-discriminatory fashion, in order to fully safeguard internet users' rights. On 30 August 2016, all EU and EEA members finally obtained guidance on how to implement sound net neutrality provisions. The path has been tortuous and uneasy, starting from 'not neutrality', reaching an open Internet compromise and, finally, attaining net neutrality protections. In this article, we aim briefly to recount how net neutrality evolved in Europe and how much significant progress has been made by the recently adopted net neutrality Guidelines. 'via Blog this'

Saturday, 15 April 2017

The Low-Down: Streaming Now Makes Most of the US Music Industry's Revenue

The Low-Down: Streaming Now Makes Most of the US Music Industry's Revenue: "Overall last year, retail revenues from recorded music in the US grew 11.4 percent to $7.7 billion, the biggest gain since 1998, according to the RIAA. Even with such growth the industry is still licking its wounds from the last decade and a half -- sales remain about half what they were in 1999, the heyday of the CD.
Subscriptions, like the monthly fees for Apple Music or Spotify's paid tier, were the biggest money maker at $2.3 billion, and they basically doubled from a year earlier, the RIAA said." 'via Blog this'

Thursday, 13 April 2017

FCA Publishes Discussion Paper on the Regulation of DLT (blockchains)

FCA Publishes Discussion Paper on the Regulation of DLT: "The FCA continues its ‘wait-and-see’ approach before considering changes to its framework. It will instead explore emerging business models and continue to help innovators test-bed solutions in its regulatory sandbox.

 The FCA remains technology neutral/ agnostic but it is encouraging to note its approach to resilience and openness to regulating on technology outcomes, in line with statutory objectives.

The paper also recognises that DLT is not a panacea and that market outcomes like faster payments could be delivered by other technologies. It is indicative however of an increasingly mature approach to technology risk and the paper does recognise DLT’s innovative potential for record-keeping and efficiency.

 With a voluntary standards process also underway and increasing regulatory accommodation, end-users will be more accepting of the increasing trust that DLT affords, allowing benefits around efficiency, transparency and provenance to be fully realised. This much is very encouraging for UK DLT and cements the UK’s position as a global fintech hub with a forward-looking regulatory regime." 'via Blog this'

Wednesday, 12 April 2017

Where to after Watson: The challenges and future of data retention in the UK (BIICL)

Where to after Watson: The challenges and future of data retention in the UK (BIICL): "The judgment of the CJEU in the Watson case was handed down shortly before the year's end in 2016. The determination that member states may not impose on communications providers a general obligation to retain data was applauded by privacy groups and has undoubtedly caused disquiet among those involved policing and intelligence. What parliamentarians and judges will make of it in the coming months - and, post-Brexit, years - is both uncertain and important.

In this event experts will examine the strengths, weakness and implication of the decision, with an eye to rights protections, the need to combat serious crime, and the practicalities of managing both in light of the European Court's decision." 'via Blog this'

Monday, 10 April 2017

Balkinization: Assessing Algorithmic Authority

Balkinization: Assessing Algorithmic Authority: "Compared to these examples, the obscurity at the heart of our "cultural voting machines" (as I call dominant intermediaries) may seem trivial. But when a private entity grows important enough, its own secret laws deserve at least some scrutiny.

 I have little faith that such scrutiny will come any time soon. But until it does, we should not forget that the success of algorithmic authorities depends in large part on their owners' ability to convince us of the importance--not merely the accuracy--of their results. A society that obsesses over the top Google News results has made those results important, and we are ill-advised to assume the reverse (that the results are obsessed over because they are important) without some narrative account of why the algorithm is superior to, say, the “news judgment” of editors at traditional media.

(Algorithmic authority may simply be a way of rewarding engineers (rather than media personalities) for amusing ourselves to death.) " 'via Blog this'

Data Ethics Group - The Alan Turing Institute

Data Ethics Group - The Alan Turing Institute: "Made up of academics specialising in ethics, social science, law, policy-making, and big data and algorithms, the Data Ethics Group will drive the Institute’s research agenda in data ethics, and work across the organisation to provide advice and guidance on ethical best practice in data science.

The Group will work in collaboration with the broader data science community, will support public dialogue on relevant topics, and will set open calls for participation in workshops, as well as public events.

In a connected project, The Alan Turing Institute is participating in the Royal Society and British Academy project on data governance." 'via Blog this'

Do robots have rights? The European Parliament addresses artificial intelligence and robotics

Do robots have rights? The European Parliament addresses artificial intelligence and robotics: "The European Parliament has put forward initial proposals in its resolution on legal rules for machines that are able to act with a high degree of autonomy and take their own decisions through being equipped with AI and having physical freedom of movement.

This will not be the final word on the matter from a legal perspective, and we are still some years away from corresponding laws being enacted. In the meantime, technical development in the field of AI and robotics will not wait for national or European lawmakers and is set to continue unabated. It remains to be seen whether technical progress might not soon overtake the legal discussion.

 Aside from the legal issues surrounding robotics, lawyers will be interested to see how AI finds its way into our own professional lives. There has been a lot of talk recently about legal tech and digital transformation in relation to legal advice. Yet just looking at the numerous new legal issues that arise in connection with AI and robotics, robots appear to be creating as much new work for us on the one hand as intelligent assistants will be able to take over on the other." 'via Blog this'

Sunday, 9 April 2017

International stakeholder engagement - Ofcom

International stakeholder engagement - Ofcom: "Ofcom hosts an International Stakeholders Forum (ISF) every 4 months. This is the primary means through which we aim to update UK stakeholders on our international activities. We also use these as an opportunity to share information, as well as impressions, on international policy developments.  As well as this forum, we hold dedicated spectrum briefing sessions, details of which can be found here.

 For further information on these meetings and if you want to be added to the circulation list please email" 'via Blog this'

The ongoing war on encryption – TechnoLlama

The ongoing war on encryption – TechnoLlama: "Calls to have technology firms offer backdoor access to private and encrypted communications must be read as a call to endanger everyone’s communications by making them easier to read by hackers. Moreover, encryption is not proprietary, it is just a clever use of maths, and there is no way that governments will ever be able to ban that.

If somehow an app is made vulnerable, terrorists will move to another method, and we the public will still be left vulnerable.

But you may argue that we should never give up, and that the fight against terrorism is a worthy cause. It certainly is, but we cannot give up our expectations of security on the assumption that somewhere a terrorist is using an encrypted tool to communicate with one another. There is little evidence that this is the case, and even strong evidence to the contrary. The Paris terrorists used unencrypted burner mobile phones to communicate, and also favoured face to face contact.

 We cannot give away our rights based on fables and ignorance." 'via Blog this'

From Smart Cities 1.0 to 2.0: it's not (only) about the tech

From Smart Cities 1.0 to 2.0: it's not (only) about the tech: "Today’s Internet of Things technologies, data analytics platforms and sensor-enabled services are sure to deliver new ways to understand, visualise and analyse the nature and scale of many of our most pressing urban challenges.

 But solving challenges such as waste management, urban liveability and land-use planning will require more than technology investments, data-capture services or digital prototypes. Solutions will also depend on effective long-term partnerships within and beyond government.

While the digital infrastructure is no doubt important, it will be the city governments that invest in new ways to collaborate and co-innovate that will ultimately lead the way in delivering the smarter, more responsive services our cities so desperately need." 'via Blog this'

Saturday, 8 April 2017

Bundeskartellamt 18th Conference on Competition, Berlin, 16 March 2017 | European Commission

Bundeskartellamt 18th Conference on Competition, Berlin, 16 March 2017 | European Commission: "The challenges that automated systems create are very real. If they help companies to fix prices, they really could make our economy work less well for everyone else.

So as competition enforcers, we need to keep an eye out for cartels that use software to work more effectively. If those tools allow companies to enforce their cartels more strictly, we may need to reflect that in the fines that we impose.

And businesses also need to know that when they decide to use an automated system, they will be held responsible for what it does. So they had better know how that system works.

 In The Hitchhiker's Guide to the Galaxy, the Guide in question was a sort of electronic book. Although it was often wildly inaccurate, it was also a huge success. That was partly because of the words printed in big, friendly letters on the cover: “Don't Panic”.

I think that's good advice. We certainly shouldn't panic about the way algorithms are affecting markets." 'via Blog this'

The IPKat: First live blocking order granted in the UK

The IPKat: First live blocking order granted in the UK: "This is an important order that demonstrates how technological advancement prompts a re-consideration of traditional approaches, including whether intermediary injunctions should be only aimed at blocking access to infringing websites [the answer appears to be no, and this order may pave the way to even more creative enforcement strategies in the future].

 Arnold J's decision shows how the law - including the one on blocking orders - is subject to evolution. This is so also to permit that the 'high level of protection' that the InfoSoc Directive [from which s97A CDPA derives] intends to provide is actually guaranteed.

 As far as the GS Media 'profit-making intention' is concerned, to some extent the view of Arnold J appears somewhat narrower (but practically not dissimilar) than that of other courts, eg the District Court of Attunda in Sweden [here, here, and here] that have applied GS Media so far. Further applications of GS Media by UK courts are however keenly awaited." 'via Blog this'

Wednesday, 5 April 2017

Finding Proportionality in Surveillance Laws – Andrew Murray, Inforrm's Blog

Finding Proportionality in Surveillance Laws – Andrew Murray | Inforrm's Blog: "Much of the Bill’s activity is to formalise and restate pre-existing surveillance powers. One of the key criticisms of the extant powers of the security and law enforcement services is that the law lacks clarity. Indeed it was this lack of clarity which led the Investigatory Powers Tribunal to rule in the landmark case of Liberty v GCHQ that the regulations which covered GCHQ’s access to emails and phone records intercepted by the US National Security Agency breached Articles 8 and 10 of the European Convention on Human Rights.

Following a number of strong critiques of the law including numerous legal challenges the Government received three reports into the current law: the report of the Intelligence and Security Committee of Parliament, “Privacy and Security: A modern and transparent legal framework”; the report of the Independent Reviewer of Terrorism Legislation. “A Question of Trust”; and the report of the Royal United Services Institute: “A Democratic Licence to Operate”. All three reported deficiencies in the law’s transparency.

 As a result the Bill restates much of the existing law in a way which should be more transparent and which, in theory, should allow for greater democratic and legal oversight of the powers of the security and law enforcement services. In essence the Bill is split into sections: interception, retention, equipment interference and oversight, with each of the three substantive powers split again into targeted and bulk." 'via Blog this'

Tim Berners-Lee: selling private citizens' browsing data is 'disgusting' Guardian

Tim Berners-Lee: selling private citizens' browsing data is 'disgusting' | Technology | The Guardian: "The Twitter folks, who crowed about how great anonymity was for the “Arab spring” – never say that without quotes – then suddenly they find that this anonymity is really not appreciated when it’s used by nasty misogynist bullies and they realize they have to tweak their system to limit not necessarily behavior but the way it propagates. They’ve talked about using AI to distinguish between constructive and unconstructive comments; one possibility is that by tweaking the code in things, you can have a sea change in the way society works." 'via Blog this'

Final Programme: PhD WIP workshop 3 May 11am-1pm

Elif Mendos Kuşkonmaz (Queen Mary University of London): The EU-US PNR Agreement under EU Privacy & DP law
-  Paul Pedley (City, University of London): Protecting the privacy of library users
-  Maria Bjarnadottir (Sussex): Who is the guarantor of human rights on the internet?
Chair: Chris Marsden (Sussex)
Discussants: Nico Zingales (Sussex), Andres Guadamuz (Sussex). 
Logistics: 11am-1pm 3 May in the Moot Room, Freeman Building,University of Sussex.
Afternoon Workshop: all PhD attendees are registered to attend the afternoon workshop 2pm-5.30pm F22 without charge (programme here), the evening lecture by the Europol Director, and the drinks reception in Fulton B at 6.30pm.

UPDATE: Special guest speaker and drinks reception for Annual WIP Seminar

In addition to a packed afternoon of talks - and a morning PhD WIP workshop - we will also be able to attend the Annual Lecture by Rob Wainwright, Director of Europol, whose talk is likely to touch on issues of cybercrime and online liability. This will run 5.30-6.30pm - the afternoon concludes with a free drinks reception outside Fulton B from 6.30pm onwards.

Tuesday, 4 April 2017

Minister explains Rudd's 'necessary hashtags' after week of confusion | Technology | The Guardian

Minister explains Rudd's 'necessary hashtags' after week of confusion | Technology | The Guardian: "PhotoDNA has been successfully used in the fight against online child abuse imagery, but is less well suited to extremist content due to the broader nature of such material. Nonetheless, in December 2016, social media firms including Facebook, Twitter, Google and Microsoft committed to contribute image and video hashes of terrorist content to a shared database, to speed discovery and takedown of material that breaches each site’s terms of service." 'via Blog this'

2016 No.607: The Open Internet Access (EU Regulation) Regulations 2016

"19.—(1) Where OFCOM determine that there are reasonable grounds for believing that a person
is breaching, or has breached an obligation under Articles 3, 4 or 5 of the EU Regulation or under
these Regulations they may give that person a notification under this regulation.

21.—(1) The amount of a penalty notified under regulation 19 (other than a penalty falling
within regulation 20(5)) is to be such amount as OFCOM determine to be—
(a) appropriate; and
(b) proportionate to the breach in respect of which it is imposed,
but in the case of a breach of an information requirement not exceeding £2,000,000, and in the
case of any other breach of the EU Regulation or these Regulations, not exceeding ten per cent. of
the turnover of the notified person’s relevant business for the relevant period.
'via Blog this'

Tuesday, 28 March 2017

A Longitudinal Measurement Study of 4chan’s Politically Incorrect Forum and its Effect on the Web – Bentham’s Gaze

A Longitudinal Measurement Study of 4chan’s Politically Incorrect Forum and its Effect on the Web – Bentham’s Gaze: "Ultimately, 4chan and /pol/ are continuously evolving.  Over the past year, the sale of 4chan to Hiroyuki Nishimura, recent rumors of the site struggling with monetization, the introduction of very mild moderation by so-called janitors, or other controversial events like the #GamerGate incident, naturally create shifts in topics and activities, as well as users moving to other, somewhat similar sites (e.g. 8chan). But as the world increasingly looks at 4chan, 4chan will not so silently be looking back — a fact that we can personally attest to." 'via Blog this'

Populism and Privacy - UN Special Rapporteur on Privacy

2015-2017 have seen agrowing tendency, especially though not exclusively in Europe, to indulge in “gesture-politics”. In other words, the past eighteen months have seen politicians who wish to be seen to be doing something about security, legislating privacy-intrusive powers into being – or legalise existing practices – without in any way demonstrating that this is either a proportionate or indeed an effective way to tackle terrorism.
b.      The new laws introduced are predicated on the psychology of fear: the disproportionate though understandable fear that electorates may have in the face of the threat of terrorism. The level of the fear prevents the electorate from objectively assessing the effectiveness of the privacy-intrusive measures proposed.
c.       There is little or no evidence to persuade the SRP of either the efficacy or the proportionality of some of the extremely privacy-intrusive measures that have been introduced by new surveillance laws in France, Germany, the UK and the USA. Like Judge Robart in the recent case on the immigration ban in the USA, the SRP must seek evidence for the proportionality of the measures provided for by law[1]s. In the same way as Judge Robart asked as to precisely how many cases of terrorism were carried out since 2001 by nationals of the states subjected to the immigration ban, the SRP must ask as to whether it would not be much more proportional, never mind more cost-effective and less privacy-intrusive if more money was spent on the human resources required to carry out targeted surveillance and infiltration and if less effort were expended on electronic surveillance. This, in a time when the vast majority of all terrorist attacks were carried out by suspects already known to the authorities prior to the attacks.
d.      There is also growing evidence that the information held by states, including that collected through bulk acquisition or “mass surveillance” is increasingly vulnerable to being hacked by hostile governments or organised crime. The risk created by the collection of such data has nowhere been demonstrated to be proportional to the reduction of risk achieved by bulk acquisition.
e.       Furthermore, the abuse of data collected by bulk acquisition remains a primary source of concern. Without necessarily casting aspersions on the incoming US administration, the concerns expressed in that context by a senior HRW researcher are worth reproducing: “In the US, the National Security Agency continues its information dragnet on millions of people every day, despite modest reforms in 2015. Now the keys to the world’s most sophisticated surveillance apparatus have been handed over to a candidate (who) threatened to imprison his political opponent, register and ban Muslims, deport millions of immigrants, and menace the free press.”[2] While the checks and balances existing in the USA or indeed the ethical standards of the Executive itself may hopefully push the US away from the realisation of such risks, the point being made here by the SRP is that once the data sets produced by mass surveillance or bulk acquisition exist and a new unscrupulous administration comes into power anywhere in the world, the potential for abuse of such data is such so as to preclude its very collection in the first place.
f.       RECOMMENDATION: Desist from playing the fear card, and improve security through proportionate and effective measures not with unduly disproportionate privacy-intrusive laws “I don’t believe that any form of leadership is best exercised by using fear. True political leadership does not play the fear card” [3]

                    [2]   Cynthia Wong, Surveillance in the age of populism” Human Rights Watch last accessed on 12th Feb 2017 at
                    [3]   Cardinal Vincent Nichols speaking to the BBC on Sunday 05 February 2017 –Westminster hour website 

Monday, 27 March 2017

Europe will fine Twitter, Facebook, Google etc unless they rip up T&Cs • The Register

Europe will fine Twitter, Facebook, Google etc unless they rip up T&Cs • The Register: "An official from the EC's consumer protection authorities confirmed it intends to "take action to make sure social media companies comply with EU consumer rules."

 Today's crackdown follows a letter sent to tech giants at the end of last year pointing out that the rules users sign up to when they use their services are not consistent with European law and need to be changed.

Those letters resulted in a flurry of activity by the US-based companies, introducing new policies and processes in an effort to head off a formal investigation.

But, as the German government made clear earlier this week when it announced plans to fine them up to €50m for not taking down illegal content within 24 hours, those efforts were not sufficient.

Germany – which remains the most powerful member of the European Union – promised it would also push its efforts to make Facebook, Twitter and friends more accountable in Europe. The decision to push for changes to their terms and conditions appears to be the first stage of that.

 As for the changes requested by the EC, they appear to be focused on pulling out the legal language that the companies use to avoid liability as far as possible.

In particular, the requirement for any user of the services worldwide to sue the company in the state of California – where most of the companies are based and which has a tech-friendly legal system – is top of the list, with the EC saying it needs to be changed so users can sue the company in their home country.

 There is also a push to remove or reform language over consumers waiving their rights, including the ability to cancel a contract – something that would likely change social media companies' ability to claim that anything posted to their networks is their property. And changes have been requested over how the companies determine what is suitable content submitted by users." 'via Blog this'

Sunday, 26 March 2017

European Parliament offers scathing criticism of EU-US Privacy Shield

European Parliament offers scathing criticism of EU-US Privacy Shield: "Af­ter the vote, Claude Moraes, the Civil Lib­er­ties Com­mit­tee Chair­man, said that “the Civil Lib­er­ties Com­mit­tee res­o­lu­tion adopted to­day sends a clear mes­sage that, while the Pri­vacy Shield con­tains sig­nif­i­cant im­prove­ments com­pared to the for­mer EU-US Safe Har­bour, key de­fi­cien­cies re­main to be ur­gently re­solved”.

The par­lia­ment res­o­lu­tion thus ac­knowl­edges sig­nif­i­cant im­prove­ments along with of­fer­ing scathing crit­i­cism of the new agree­ment. The lack of ef­fec­tive ju­di­cial re­dress for EU cit­i­zens in the US is among the is­sues high­lighted. Specif­i­cally, the res­o­lu­tion states that “nei­ther the Pri­vacy Shield Prin­ci­ples nor the let­ters of the U.S. ad­min­is­tra­tion pro­vid­ing clar­i­fi­ca­tions and as­sur­ances demon­strate the ex­is­tence of ef­fec­tive ju­di­cial re­dress rights for in­di­vid­u­als in the EU whose per­sonal data are trans­ferred to an U.S. or­gan­i­sa­tion un­der the Pri­vacy Shield Prin­ci­ples”.

The res­o­lu­tion also crit­i­cises the fact that “the Om­budsper­son mech­a­nism set up by the U.S. De­part­ment of State is not suf­fi­ciently in­de­pen­dent”." 'via Blog this'

Friday, 24 March 2017

Senate votes to let ISPs sell your Web browsing history to advertisers | Ars Technica

Senate votes to let ISPs sell your Web browsing history to advertisers | Ars Technica: "The rules were approved in October 2016 by the Federal Communications Commission's then-Democratic leadership, but are opposed by the FCC's new Republican majority and Republicans in Congress. The Senate today used its power under the Congressional Review Act to ensure that the FCC rulemaking "shall have no force or effect" and to prevent the FCC from issuing similar regulations in the future.

 The House, also controlled by Republicans, would need to vote on the measure before the privacy rules are officially eliminated. President Trump could also preserve the privacy rules by issuing a veto. If the House and Trump agree with the Senate's action, ISPs won't have to seek customer approval before sharing their browsing histories and other private information with advertisers." 'via Blog this'

Free Speech and Protected Privacy: Balancing Two Human Rights 5 April 1pm

Free Speech and Protected Privacy: Balancing Two Human Rights : News and events : ... : Law : University of Sussex: "Free Speech and Protected Privacy: Balancing Two Human Rights
Wednesday 5 April 13:00 until 14:30
Ashdown House, Room 101

Speaker: Hugh Tomlinson QC, Matrix Chambers

Part of the series: Sussex Centre for Human Rights Research

Hugh Tomlinson QC, a member of Matrix Chambers, is a noted specialist in media and information law including defamation, confidence, privacy and data protection. " 'via Blog this'

Thursday, 23 March 2017

Thank heavens the wrangling over BT's Openreach separation has ended • The Register

Thank heavens the wrangling over BT's Openreach separation has ended • The Register: "What hasn’t changed under the legal separation, as opposed to a structural one, is where Openreach’s profits go, with Shurmer noting they "will flow back to the BT Group”. The group's budget will also be controlled by BT.  In terms of investment, the announcement will make no difference to BT’s current broadband roll-out plans. “This agreement is based on the guidance we have already given the city around our investment plans, so there is no change there."

The biz is currently connecting 10 million customers to its ultrafast hybrid fibre and copper G.Fast and 2 million "pure fibre" connections by 2020. Critics have said the biz is relying too much on G.Fast over full fibre.

 However, Shurmer hinted the new structure could help boost further investment. "But what we do have now with this new consultation process is this new approach to developing a business case for future network investment." 'via Blog this'

Home Office admits it's preparing to accept EU ruling on surveillance • The Register

Home Office admits it's preparing to accept EU ruling on surveillance • The Register: "Other than the notable omission of a draft code of practice on communications data alongside the other draft codes published last month, it has been unclear whether the Home Office had paid any attention to the ruling at all – until last Friday, when an IT tender relating to the Investigatory Powers Act made mention of a "a new communications data independent authorising body", which was spotted by the Open Rights Group.

 Regarding the new authorising body, a Home Office spokesperson repeated to The Register that it was "disappointed" and "carefully considering [the ruling's] implications".

"The government will vigorously defend the fundamental powers in the Investigatory Powers Act because they are vital to the police and intelligence agencies in arresting criminals, prosecuting paedophiles and preventing terrorist attacks," the spokesperson added. "We will provide Parliament and the courts with an update on our response to the judgment in due course."

 While the ambiguity of "in due course" has become something of a running joke for those asking questions of the department, it did also inform us that although the CJEU ruling was specifically directed at a previous bit of legislation which the Investigatory Powers Act replaced, DRIPA, it was currently considering how the ruling would affect the new Snoopers' Charter. 'via Blog this'

Wednesday, 22 March 2017

The world's leading privacy pros talk GDPR with El Reg • The Register

The world's leading privacy pros talk GDPR with El Reg • The Register: "The European Court of Justice ultimately conceded that Safe Harbor was indeed invalid, and suddenly there was no legal basis for American megacorps to continue quaffing Europeans' data. Not that those companies cared, or agreed even. Facebook, Microsoft, and Salesforce have continued to shuttle Zuckabytes back home through "model clauses" contracts, a measure which is again being challenged by Schrems.

 Even if this workaround is shot down during the ongoing court case in Dublin, however, both the EU and US share much about privacy in terms of cultural values regarding privacy, suggested Hughes." 'via Blog this'

Monday, 20 March 2017

Selling your soul while negotiating the conditions: from notice and consent to data control by design | SpringerLink

Selling your soul while negotiating the conditions: from notice and consent to data control by design | SpringerLink: "This article claims that the Notice and Consent (N&C) approach is not efficient to protect the privacy of personal data. On the contrary, N&C could be seen as a license to freely exploit the individual’s personal data. For this reason, legislators and regulators around the world have been advocating for different and more efficient safeguards, notably through the implementation of the Privacy by Design (PbD) concept, which is predicated on the assumption that privacy cannot be assured solely by compliance with regulatory frameworks. In this sense, PbD affirms that privacy should become a key concern for developers and organisations alike, thus permeating new products and services as well as the organisational modi operandi.

Through this paper, we aim at uncovering evidences of the inefficiency of the N&C approach, as well as the possibility to further enhance PbD, in order to provide the individual with increased control on her personal data. The paper aims at shifting the focus of the discussion from “take it or leave it” contracts to concrete solutions aimed at empowering individuals. As such, we are putting forth the Data Control by Design (DCD) concept, which we see as an essential complement to N&C and PbD approaches advocated by data-protection regulators. The technical mechanisms that would enable DCD are currently available (for example, User Managed Access (UMA) v1.0.1 Core Protocol).

We, therefore, argue that data protection frameworks should foster the adoption of DCD mechanisms in conjunction with PbD approaches, and privacy protections should be designed in a way that allows every individual to utilise interoperable DCD tools to efficiently manage the privacy of her personal data. After having scrutinised the N&C, PbD and DCD approaches we discuss the specificities of health and genetic data, and the role of DCD in this context, stressing that the sensitivity of genetic and health data requires special scrutiny from regulators and developers alike. In conclusion, we argue that concrete solutions allowing for DCD already exist and that policy makers should join efforts together with other stakeholders to foster the concrete adoption of the DCD approach." 'via Blog this'

Co-regulation in EU personal data protection: the case of technical standards and the privacy by design standardisation 'mandate' | Kamara | European Journal of Law and Technology

Co-regulation in EU personal data protection: the case of technical standards and the privacy by design standardisation 'mandate' | Kamara | European Journal of Law and Technology: "The recently adopted General Data Protection Regulation (GDPR), a technology-neutral law, endorses self-regulatory instruments, such as certification and technical standards. Even before the adoption of the General Data Protection Regulation, standardisation activity in the field of privacy management and data security had emerged.

In 2015, the European Commission issued the first standardisation request to the European Standardisation Organisations to develop privacy management standards based on art. 8 of the EU Charter of Fundamental Rights.

There is a rising shift from command-and-control regulation to the inclusion of co-regulation tools in the EU data protection legislation. The aim of this article is to provide insights on the role of standardisation as a form of co-regulation in the data protection context. " 'via Blog this'

Cyberleagle: The Investigatory Powers Act - swan or turkey?

Cyberleagle: The Investigatory Powers Act - swan or turkey?: "Over 300 pages make up what then Prime Minister David Cameron described as the most important Bill of the last Parliament. When it comes into force the IP Act will replace much of RIPA (the Regulation of Investigatory Powers Act 2000), described by David Anderson Q.C.’s report A Question of Trust as ‘incomprehensible to all but a tiny band of initiates’. It will also supersede a batch of non-RIPA powers that had been exercised in secret over many years - some, so the Investigatory Powers Tribunal has found, on the basis of an insufficiently clear legal framework. 

None of this would have occurred but for the 2013 Snowden revelations of the scale of GCHQ’s use of bulk interception powers. Two years post-Snowden the government was still acknowledging previously unknown (except to those in the know) uses of opaque statutory powers. 

Three Reviews and several Parliamentary Committees later, it remains a matter of opinion whether the thousands of hours of labour that went into the Act have brought forth a swan or a turkey. If the lengthy incubation has produced a swan, it is one whose feathers are already looking distinctly ruffled following the CJEU judgment in Watson/Tele2, issued three weeks after Royal Assent. That decision will at a minimum require the data retention aspects of the Act to be substantially amended. " 'via Blog this'

YouTube Censors Everyone: Feminists, LGBT Vloggers, Pundits and Gamers | Heat Street

YouTube Censors Everyone: Feminists, LGBT Vloggers, Pundits and Gamers | Heat Street: "YouTube has caved in to calls for content restrictions and censorship on its platform, implementing an optional new feature called “restricted mode”.

It’s designed to censor indecent material — the kind that advertisers do not wish to be associated with.

According to Google, the optional feature “uses community flagging, age-restrictions, and other signals to identify and filter out potentially inappropriate content.”

It’s a feature that’s been around for at least a year, but YouTube producers haven’t been feeling the hurt until now.

Since YouTube ramped up the mode’s restrictions, several LGBT bloggers discovered that their content was blocked, and accused the platform of hiding their videos." 'via Blog this'

Friday, 17 March 2017

Algorithms in decision-making inquiry launched - UK Parliament

Algorithms in decision-making inquiry launched - News from Parliament - UK Parliament: "The Committee would welcome written submissions by Friday 21 April 2017 on the following points:

 The extent of current and future use of algorithms in decision-making in Government and public bodies, businesses and others, and the corresponding risks and opportunities;

Whether 'good practice' in algorithmic decision-making can be identified and spread, including in terms of:
—  The scope for algorithmic decision-making to eliminate, introduce or amplify biases or discrimination, and how any such bias can be detected and overcome;

Whether and how algorithmic decision-making can be conducted in a ‘transparent’ or ‘accountable’ way, and the scope for decisions made by an algorithm to be fully understood and challenged;

The implications of increased transparency in terms of copyright and commercial sensitivity, and protection of an individual’s data;

Methods for providing regulatory oversight of algorithmic decision-making, such as the rights described in the EU General Data Protection Regulation 2016.

The Committee would welcome views on the issues above, and submissions that illustrate how the issues vary by context through case studies of the use of algorithmic decision-making." 'via Blog this'

DeepMind AI faces privacy questions about its data deal with the NHS | WIRED UK

DeepMind faces privacy questions about its data deal with the NHS | WIRED UK: "The mostly-silent centre of arguments is the Information Commissioner's Office (ICO), which oversees data protection issues in the UK. The body has been investigating the DeepMind and NHS deal since initial complaints were made.

The ICO confirmed to WIRED that its investigations into the sharing of patient information was close to finishing.

"We continue to work with the National Data Guardian and have been in regular contact with the Royal Free and Deep Mind who have provided information about the development of the Streams app," the ICO said. "This has been subject to detailed review as part of our investigation. It’s the responsibility of businesses and organisations to comply with data protection law.”" 'via Blog this'

Thursday, 16 March 2017

Advertisers look forward to buying your Web browsing history from ISPs | Ars Technica

Advertisers look forward to buying your Web browsing history from ISPs | Ars Technica: "If no agency enforces privacy rules, "consumers will have no ability to stop Internet service providers from invading their privacy and selling sensitive information about their health, finances, and children to advertisers, insurers, data brokers or others who can profit off of this personal information, all without their affirmative consent," Sen. Edward Markey (D-Mass.) said last week.

 Acting FTC Chairwoman Maureen Ohlhausen said last year that the FTC recommends getting opt-in consent for "unexpected collection or use of consumers’ sensitive data such as Social Security numbers, financial information, and information about children," and an opt-out system for other data, she wrote. Under that scenario, ISPs apparently would not need opt-in consent from customers before sharing Web browsing history." 'via Blog this'

Wednesday, 15 March 2017

Data hungry gov’t vows to eyeball data offences in woolly digital pledge | Ars Technica UK

Data hungry gov’t vows to eyeball data offences in woolly digital pledge | Ars Technica UK: "Digital minister Matt Hancock has previously said that the government would implement the GDPR "in full"—a vow repeated in the DCMS' digital strategy, which highlights concerns about the transfer of data between the UK and European Union once Brexit kicks in.

"As part of our plans for the UK’s exit from the EU, we will be seeking to ensure that data flows remain uninterrupted, and will be considering all the available options that will provide legal certainty for businesses and individuals alike," it said.

 Britain's data watchdog, the Information Commissioner's Office, told Ars that the DCMS was leading a review of data protection offences. It declined to comment, however, on how such a review might affect the controversial Part 5 of the Digital Economy Bill." 'via Blog this'

Tuesday, 14 March 2017

GDPR, the proposed Copyright Directive and intermediary liability: one more time! | Peep Beep!

The GDPR, the proposed Copyright Directive and intermediary liability: one more time! | Peep Beep!: "One way to make sense of the GDPR could be to say that it implicitly acknowledges that the E-Commerce Directive liability exemptions should apply even in situations in which the service provider is (primarily) liable as a data controller.

 Note that the Court of Appeal in Northern Ireland did not wait for the GDPR to hold that Facebook, as a data controller and an information society provider, could avail itself of the national transposition of Article 14 of the E-Commerce Directive in CG v Facebook Ireland Ltd & Anor [2016] NICA 54 (21 December 2016).

 Such an interpretation is sensible, although if the characterisation of data controller is retained it would seem logical [but who is interested in logic?] to conclude after Google Spain that the processing performed by Facebook should therefore be distinct from the processing performed by the uploader of the information.

 However because Articles 12-14, strictly speaking, only target one specific situation: liability for the (unlawful) information transmitted or stored by their users, a cumulative application of EU data protection law and e.g. Article 14 of the E-Commerce Directive could appear odd in some instances, e.g. in the case of a search engine referencing content lawfully published." 'via Blog this'

AI, machine learning and personal data | ICO Blog

AI, machine learning and personal data | ICO Blog: "When the General Data Protection Regulation (GDPR) comes into force in 2018, the regulatory toolkit will be sharpened. Some key changes will be:

  1.  more powerful rights for individuals, including rights in relation to automated decisions and profiling; 
  2. new accountability provisions, including the implementation of codes of conduct and certification mechanisms that will help to improve standards and hold organisations to account in areas such as automated decision making; 
  3. and
    increased enforcement powers for the ICO, including the ability to issue fines of up to €20,000,000 or 4% of annual worldwide turnover for infringements of the of the regulation. 

These changes, and more, will contribute towards a relevant and effective regime for the regulation of personal data in the world of big data, AI and machine learning." 'via Blog this'

Monday, 13 March 2017

I invented the web. Here are three things we need to change to save it: Tim Berners-Lee

I invented the web. Here are three things we need to change to save it | Tim Berners-Lee | Technology | The Guardian: "Through collaboration with – or coercion of – companies, governments are also increasingly watching our every move online and passing extreme laws that trample on our rights to privacy. In repressive regimes, it’s easy to see the harm that can be caused – bloggers can be arrested or killed, and political opponents can be monitored. But even in countries where we believe governments have citizens’ best interests at heart, watching everyone all the time is simply going too far. It creates a chilling effect on free speech and stops the web from being used as a space to explore important topics, such as sensitive health issues, sexuality or religion." 'via Blog this'

ICO Upholds £1,000 Fine Against TalkTalk for Personal Data Breach

ICO Upholds £1,000 Fine Against TalkTalk for Personal Data Breach - ISPreview UK: "ICO then raised the issue with TalkTalk on 20th November and the ISP confirmed reception of that letter. However it then took until 27th November before TalkTalk’s Information Security Officer, Mike Rabbitt, was able to confirm that an investigation had been started, although they didn’t officially confirm that a data breach had occurred until 1st December.

TalkTalk claims that the delay in reporting the breach was because “the incident had not been reported to either [TalkTalk’s] Information Security or Fraud team.”

In February 2016 the ICO informed TalkTalk that they intended to impose a fine for the reporting failure, which TalkTalk opposed and ultimately the case went to appeal.

 Suffice to say that the Tribunal was unanimous in dismissing TalkTalk’s appeal." 'via Blog this'

Sunday, 12 March 2017

Video of ICO Elizabeth Denham discusses GDPR | ICAEW

Information commissioner Elizabeth Denham discusses GDPR | ICAEW: "In a wide-ranging speech, the commissioner noted that however fast regulation moves, technology moves faster. She outlined the new General Data Protection Regulation (GDPR) which will be with us in May 2018 and the important role that ICAEW members have to play in spreading the word about the new requirements" 'via Blog this'

CJEU judgment in Watson « Independent Reviewer of Terrorism Legislation

CJEU judgment in Watson « Independent Reviewer of Terrorism Legislation: "The CJEU considered that DRIPA 2014 “exceeds the limit of what is strictly necessary and cannot be considered to be justified, within a democratic society“: para 107.  But it referred the case back to the English Court of Appeal for a decision on the extent to which UK law is consistent with EU requirements (para 124).  The  battle will resume there in the New Year.

The case (Case C-698/15) was joined with a Swedish case brought by Tele2 Sverige AB (Case C-203/15)." 'via Blog this'

Wednesday, 8 March 2017

Dubliner who is the CIA's go-to smart guy for cyber security tech start-ups

Meet the Dubliner who is the CIA's go-to smart guy for cyber security tech start-ups - "Paladin is focused on several aspects of cyber security, he says. "If you think about it, we've benefited enormously from the internet in a very short space of time, and as cyber security threats grow, we're only perhaps now realising the true cost of that. The Internet of Things brings a whole new set of security concerns, so that's one obvious area we're looking at. Blockchain - a system for permanently storing transaction records on networks of unrelated computers permanently and verifiably - is another area of interest, particularly for 'know your client' functions and how it may provide greater security for customers.

"Enterprise IT and its operation of secure transactions is another one. A key one is threat analysis - the use of data to understand what's going on that might threaten a company's IP and operations. It's about how data is analysed, used and protected; how do transactions take place, is it seamless and who is storing data. The final one is how secure information interfaces with genomic or gene sequencing in the diagnostics and therapeutics functions related to health.

 "What we know for certain is that there's a constantly evolving set of threats against our personal data and that of corporates and governments. The reaction to that is a set of innovations, we want to invest in that innovation and the market is large and growing. The threat faced by businesses is often existential. This isn't just an IT problem, it's one of which a CEO is now constantly aware."" 'via Blog this'