Tuesday, March 19, 2019

Response from MEP on copyright directive

I've had a response from Labour MEP, John Howarth to my email yesterday asking him to oppose the article 13 provisions in the proposed EU copyright directive.
"Dear Ray Corrigan
Thank you for your email regarding Copyright legislation.
Just to let you know before I was an MEP I ran a business in the creative sector developing copy, images, brands and content. When I am not doing my day job I play music - though I don’t get a lot of time to perform right now. I started my business career in the software development sector and have worked with aspects of the internet since the days of green screens. Not exactly typical for a politician, I agree, but you will forgive me if my experience informs my thinking.
For far too long people who work in the creative sector have been ripped off by the monopolistic internet platforms who place their work on line and use their content to make their services credible and to attract advertising revenue yet fail properly to reward the creators. Musicians and performers generally consider themselves lucky to do what they do but they also deserve fair reward for their work. The audience see a performance or hear a three minute song - but those things are built over years of learning a craft and endless hours practicing and rehearsing. Images can be created in a couple of hours but ideas and concepts take time and collaborative effort to develop. The internet has created new jobs and made some people very rich indeed but it has also destroyed value and exploited the skills and creativity of many others.
So as well as people who write to me demanding that we “save the internet” I also receive representations from the National Union of Journalists, the Musicians’ Union, publishers’ group’s, media organisations and creative industries representatives putting their side of the story.
Among all of this claims have been made about the proposed legislation that are wildly exaggerated or simply untrue. The implementation of updated copyright legislation will NOT end the internet as we know it. It will NOT constrain or unduly limit ‘free speech’, it will NOT place an unreasonable burden on the internet giants who have put significant time and effort into misleading people because they believe it threatens their super profits. It will not “outlaw memes”, it protects and defines the notion of satire and parody (which, by the way, were not in any way protected in the outdated copyright regimes that have applied till now). Exceptions set out in the legislation protect free academic enquiry, small businesses and bloggers.
I do not believe that the legislation in any way limits the ability of the open source software community to continue to trade on the business model it has operated for some time - in other words the ‘sharing economy’ will continue to do just fine. The monopolistic platforms benefit from this “free internet”, however the fact is nothing is “free” - someone always pays, whether through collection of personal data in exchange for access or by the exploitation of their work.
During the debate and before the first round of votes on the Copyright Directive I thought long and hard about how to approach the issue. While I have a degree of sympathy for the arguments about freedom of expression I am also concerned that the ‘free internet’ currently operates in an environment where the strong and powerful exert their influence without check and individuals are frequently bullied and victimised and the platform is exploited by peddlers of hate. As a local public representative I had to address several cases of unchecked systematic bullying over the internet and all of the evidence suggests that these problems had got worse, particularly in the public space and it is my firm view this is poisoning public discourse. I fail to see why the right to free expression should apply to people hiding behind cloaks of anonymity while others who express opinions in their own name are subjected to aggression in spaces into which the public have been invited. This concept of “freedom” is essentially a right-libertarian view and not one I share. The internet is the Wild West and, if it is not to become a tool of repression, must before long become civilised and subject to the rule of law where members of the public are able to participate on the same basis as any physical public space.
So I will be supporting the compromise reached between the Parliament and the Council on the Copyright Directive, because of the above and not least, because addressing the ‘value gap’ between platforms and creatives was part of Labour’s 2017 election manifesto in the UK.
Thank you again for contacting me.    
With best wishes,
John Howarth MEP On your side in Europe.www.johnhowarthmep.uk"
My further response to Mr Howarth was as follows:
"Dear John,
 Thanks for the considered response. You might be surprised to learn that I agree with your concerns about the disproportionate power of the big tech industry, particularly the big five, Google, Facebook, Amazon, Apple and Microsoft. You’ll no doubt be aware of the recommendations of the recent report of the House of Lords Communications Committee 
- https://www.parliament.uk/business/committees/committees-a-z/lords-select/communications-committee/news-parliament-2017/internet-regulation-report-publication/  
and the Disinformation and Fake News report of the Commons Digital Culture Media and Sport Select Committee -  
https://www.parliament.uk/business/committees/committees-a-z/commons-select/digital-culture-media-and-sport-committee/news/fake-news-report-published-17-19/  
which make well intentioned efforts to reign in the big technology monopolies. What you cannot do, however, is fix a disproportionate monopolies problem with automated upload filters, which is what the most recent version of Article 13 of the copyright directive that we are aware of attempts to do 
 https://juliareda.eu/wp-content/uploads/2019/02/Art_13_unofficial.pdf  
However, software is generations away from being able to make the kind of nuanced assessment of what might constitute copyright infringement that is required. If you get two copyright experts to assess whether something is infringing or not you’d get two (or more) different views in each case. What experts cannot agree on, you will never teach software to come to an appropriate conclusion on. Yet the problem with article 13 is not just automated prior restraint of speech, in the name of preventing copyright infringement but that the very companies it is professed to protect creators and the creative sector from will be the ones building and operating the filters. Article 13 will incentivise big tech to continue to develop, refine, implement and operate content filters – like YouTube’s Content ID system – and will add to their monopoly portfolios the realm of internet censors. It will also stifle innovation as small start-ups will not have the resources to develop or operate the required software filters.  
Though it’s not directly related to the copyright question, you raise the issue of the misuse of the internet for nefarious activity. The internet is already a tool of repression and oppression, aggression, bullying and hate mongers, shysters and criminals, unethical human behaviour of every variety. In that it is a mirror of human nature and we should not confuse the tool with our inherent psyche. It is also the greatest engine for mass communication and creativity in the history of the planet. As for poisoning public discourse, certain prominent members of your own profession and the popular mainstream media have a less than pristine record – it is and has long been virtually impossible to conduct an informed and nuanced public debate about any complex socioeconomic matter, without being vilified by someone taking words or phrases out of context or distorting what was said to pursue a particular agenda.  
On the question of the rule of law, is not true that activity on the internet is not subject to the rule of law. Just to start with, consider –  
The Public Order Act 1986 
The Copyright, Designs and Patents Act 1988 
The Malicious Communications Act 1998 
The Copyright and Related Rights Directive 2001 
The Communications Act 2003 
The Digital Economy Act 2010 
The Counter Terrorism and Security Act 2015 
The Investigatory Powers Act 2016 
The Digital Economy Act 2017  
S127 of the Communications Act 2003, s4 & 5 of the Public Order Act and s1 of the Malicious Communications Act have been used to convict someone of a criminal offence for making a joke on Twitter, in addition to prosecuting people spreading hate speech and racist comments for which the offenders were jailed.  
If your goal is genuinely an internet “subject to the rule of law where members of the public are able to participate on the same basis as any physical public space” then there is a fundamental principle of law that is the presumption against prior restraint of speech. Not all restrictions on free speech are a breach of the prior restraint doctrine – e.g. in relation to national security matters – but the long standing principle is that it is safer to impose penalties after publication. So automated upload filters, mandated by article 13 of the copyright directive, will not only hand the global censorship keys to the big tech monopolies but will undermine your stated intention in relation to the rule of law.  
Finally in relation to the ‘value gap’, it would be better described as a revenue gap. It’s been crafted as a value gap by public relations people attempting to influence legislators, like your good self, in order to get laws like article 13 passed that impose liabilities on internet intermediaries. What the commercial sector supporting article 13 are saying is they would like a bigger slice of the revenues currently going to big tech. Google already has licences with the music industry. Not a lot of the revenues arising from these flow to the individual creators. It has always been so. Prior to our information age, if I may borrow your own words, “for far too long people who work in the creative sector have been ripped off” by the oligopolistic creative commercial sectors. The fundamental problem of the imbalance in power will not be solved by copyright law and the revenue flow issue is more of a competition law problem. 
The creative industries are more economically buoyant than they have been in a generation and the EU is proposing to pass a law to leverage big tech into giving them more money. The collateral damage will be significant.  
It will damage the internet as we know it in the EU.  
It will mandate automated software filter prior restraint on speech, with the keys to those filters controlled by the very big tech monopolies it is proposed to reign in.  
It is irrelevant whether the intention is not to outlaw memes, to include exceptions for satire, parody, free academic enquiry, small businesses and bloggers – the big tech software filter operators will be police, judge, jury and censor.  
Like you, my experience informs my thinking.  I am an academic writer, teacher, manager, blogger with a long standing interest in technology policy. For years, Yahoo! search labelled my blog with a red warning triangle and a note in red font “Warning! Dangerous Download!” If this Article 13 filter had been in place the 4700+ articles I’ve written on that blog might never have seen the light of day.  
My son works occasionally for a small roving theatre company, a charity, producing videos and other multimedia works for them. Towards the end of last year one their videos was taken down by YouTube for alleged copyright infringement, despite the charity having paid for and cleared the licence for the background music used. He spent weeks getting YouTube to re-instate the video, including dealing with threats that the charity would have their account suspended permanently. That charity might not have an outlet on the world wide web at all, if the article 13 filters had been in place. 
 It’s a fallacy to believe the future monopolistic wielders of article 13 censorship keys – Google and the other big technology companies amongst them – will protect the interests of a single academic or small enterprise, other creators or the creative industries. They will not focus on anything other than their own economic interests.  
It is clear from your response that you are unlikely to change your mind on the copyright directive. I trust you won’t mind if I publish this correspondence on my blog in the hope of reaching a wider audience, before an article 13 software filter takes a dislike to my words and engages in some routine prior restraint.  
Regards,  
Ray Corrigan"
Update 22/3/'19:

Mr Howarth's  Political & Staff Manager Jim Robbins has kindly acknowledged my response and explained Brexit is pretty much getting in the way of everything at the moment; but that they will consider my perspective seriously.
Ray,

John has asked me to let you know that he really values your response and will consider it fully and speak to colleagues who have been involved with the debates on Article 13 and copyright.

He will respond fully in due course but, as you can imagine with the Brexit situation, things are pretty hectic here at the moment so I’m not quite sure when that will be.

Thanks for your email and the response.

Kind Regards,

Jim

Jim Robbins
Political & Staff Manager
Office of John Howarth MEP for South East England
Entirely understandable.
Many thanks Jim. I appreciate the acknowledgement. Good luck to John and those of you working with him in making a constructive contribution to finding a way out of the appalling Brexit chaos. Given the news from BMW recently that they will consider shutting down the Mini factory in Oxford, should Brexit go badly, you and John will be acutely aware of the deep concern it is causing in my area of the country. 
Regards,
Ray 

Monday, March 18, 2019

Note to MEPs on proposed copyright directive article 13

At the prompting of the Open Rights Group I have written to my MEPs asking them to vote against the proposed copyright directive coming before the European parliament next week.
UK Members of European Parliament (MEPs), for a short time longer, have the power to stand against digital censorship by opposing Article 13 of the proposed EU Copyright Directive. This provision of the directive would introduce automated systems to filter what can be seen and said online. In an age as dependent on information flows as ours is, information laws can have crucial consequences for markets and politics. Actions taken to protect copyright can reshape politics by giving both the responsibility and power to control information flows to a small number of key economic actors. Article 13 of the proposed copyright directive would completely change the politics of who controls information, and hence who controls the public narrative.

The subtlest argument in favour of the directive is that all creators should be remunerated for their work and any use of that work online. This is a commendable sentiment and an easier argument to make than asking for an additional slice of monopoly rent for copyright industries. However, the copyright directive itself says nothing directly about remunerating creators. Mostly it refers to “rightsholders”. Ironically, with the stated intention of wrestling control from the giant US technology behemoths and improving protections for creators and the creative industries, it will concentrate the power of algorithmic, automated censorship in the hands of those very same companies.

What is perhaps more informative is that many, many publishers, journalists, libraries, scientific & research institutions, universities, civil society human rights & media freedom groups, small independent publishers, consumers, tech cos and even the UN Special Rapporteuron Freedom of Opinion and Expression are strongly opposed to it.

I highly recommend the empirical research of the CREATe copyright consortium if you are looking for a more detailed and informed perspective on the copyright directive as a whole, available at


The latest incarnation of Article 13 of the Copyright in the digital single market directive, developed through the trialogue (sic) process, is a really bad idea and I would request, as my MEPs, that you vote against it when it comes before the European parliament next week.

Regards,

Ray Corrigan

Wednesday, January 16, 2019

EU member states attempt to circumvent CJEU rulings on data retention

One of the things the UK government is going to miss desperately, once Brexit deal is done, is the monumental amount of policy washing they have been able to drive though the EU in the past four plus decades. Not that this will prevent future UK governments from blaming the EU for whatever their prevailing set of woes happens to be.

Case in point.

The Court of  Justice of the EU has repeatedly ruled that blanket data retention is a breach of the  Charter of Fundamental rights of the EU, most notably in the Digital Rights Ireland case in April 2014 and the Tele2 case in December 2016.

Ever since, EU member state governments and various branches of EU institutions have been furiously trying to find ways to circumvent the Court's judgments and continue and expand data retention practices. They are very happy, thank you very much, with their current illegal data retention regimes.

The contortionist wordplay at large in some of the forums considering the issue is bordering on awe inspiring.

The current great hope of those working to maintain, enhance and expand data retention practices is that the planned new e-Privacy directive can be constructed in such a way as to pretend that data retention is not really data retention. In diplomatese they are working towards a more “favourable” environment for data retention than the current ePrivacy Directive of 2002. Article 15(1) of that directive when read in conjunction with the EU Charter of Fundamental Rights, rather irritatingly, for its supporters and according to the CJEU, prohibits blanket data retention. It requires data retention to be
"a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system"
Thank you to the excellent crew at EDRi for the update on the ongoing shenanigans on this today.

Government defeat on the EU withdrawal agreement

In the wake of the historic defeat of Theresa May's UK-EU withdrawal agreement in the House of Commons last night, my MP, Layla Moran contacted me:
"I am writing to you, and other residents who contacted me in opposition to Brexit, to let you know that I have just left the House of Commons after voting against Theresa May’s Brexit deal.
 The vote was an overwhelming, with 432 against and 202 MPs in favour.

432 MPs of all parties voting against Theresa May’s deal is far more than even my wildest predictions. It shows that there is no version of this Brexit deal that will get past Parliament. The only way to break the impasse is to hold a People’s Vote.

Following the vote, Liberal Democrat Deputy Leader Jo Swinson spoke in the House of Commons and urged the Prime Minister to let Parliament have a vote on putting the issue back to the people - so that the electorate can have the final say on Brexit, including the option to stay in the EU. This remains my top priority, and I will spend the next few days fighting harder than ever for a People’s Vote on the Brexit deal.

We are also looking at how we can extend or delay Article 50 to allow time for Parliament to assess and vote on alternative courses of action. We cannot allow the Government to run down the clock in an attempt to crash out of the EU in a ‘no deal’ scenario.

Tomorrow there will be a vote of no confidence in the Government. If this passes, it could lead to a General Election. In that event, I am ready to fight to make sure that people in Oxford West and Abingdon, and the whole country, have the final say on Brexit.

I’ll keep you updated as things develop.

With best wishes, Layla
Layla Moran MP Liberal Democrat, Oxford West and Abingdon"
My response:
Thanks for the update, Layla. 
I watched the vote live last night and it was indeed an historic defeat for the government.   
The government will survive the vote of confidence today, another wasted day of parliamentary time, so we’re left with – 
• No deal 
• Extension of article 50 
• Revocation of article 50 
• Parliament voting for some alternative Brexit deal that the EU 27 would accept
• Parliament voting to remain in the EU 
• A second referendum with no guarantee of a decisive outcome 
Mrs May is obsessed with immigration and appeasing her extreme right wingers, the right wing media and the DUP. Mr Corbyn is obsessed with triggering a general election which, even if he succeeded, he would not win. Both of them are determined to drive a UK exit from the EU for reasons of their own. 
Parliament is deadlocked and cannot agree on anything. 
The signs are not promising that a constructive way out of this mess can be found or enacted. Nevertheless unlikely alliances do occasionally arise in the midst of crises and, as Margaret Mead said, “Never doubt that a small group of thoughtful, committed, citizens can change the world. Indeed, it is the only thing that ever has.” I wish you and your fellow thoughtful, committed parliamentarians good luck in the days and weeks ahead. 
My preference, for what it is worth, would be for the UK to remain in the EU and drive reform of its myriad of deep flaws from within the (still) 28 member state alliance. 
Regards, 
Ray"

Wednesday, December 12, 2018

CJEU on Article 50

On the day the European Court of Justice Advocate General, Campos Sanchez-Bordona, issued his opinion in Case C-621/18, Wightman & ors v Secretary of State for Exiting the EU, stating the UK government could unilaterally revoke the Article 50 TEU notification, I wrote to my MP, Layla Moran, at the behest of Jolyon Maugham QC's Good Law Project.
Dear Layla Moran MP, 
I wanted to tell you about an important development. This morning the Advocate General of the Court of Justice of the European Union, Campos Sanchez-Bordona, ruled that the United Kingdom can decide to remain in the EU. And that we don’t need the consent of the other member states. That puts the decision about our future back into the hands of MPs – where it belongs. You can find the opinion at  
 http://curia.europa.eu/juris/document/document.jsf?text=&docid=208385&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first?=1&cid=169620http://curia.europa.eu/juris/document/document.jsf?text=&docid=208385&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first?=1&cid=169620 [sic this link is timed out] 
I realise that you understand that Parliament in 2015 opted for an advisory referendum in the European Union Referendum Act. The form in which that Act was adopted requires MPs to reflect on what we now know about unlawful conduct during the referendum and whether it has been possible to strike a deal which meets the promises made by Leavers to the British people.  
I appreciate your efforts in opposing the government's shambolic management of the Brexit process.

For my own part, I want you to know that the proven illegality of the Leave campaign and the fact the deal falls so far short on what was promised leaves us without a proper mandate for Brexit.  
Thank you for taking the time to read this email.  
Yours sincerely,  
 Ray Corrigan
 Ms Moran responded positively.
"Dear Ray, Corrigan
Thank you for taking the time to e-mail me following the recent course case in which is was decided that Parliament can cancel the Article 50 Notice, effectively meaning a 'no deal' scenario is ruled out. I very much welcome this development.
I believe that Theresa May's deal would be disastrous and that Parliament should reject it. We have a deal that is a world away from what was promised in the Leave campaign, that would leave the UK worse off and with no influence in Europe, and which literally no-one wants. I will not be supporting it.
I am completely behind the campaign for the people, not politicians, to be given the final say on this deal. It is vital that we have a People's Vote - a referendum on the final deal giving the country a choice between Theresa May's botched Brexit deal and the current deal we have at the moment in the EU. 
This is something that the Liberal Democrats have campaigned on for months. I was part of the cross-party People's Vote campaign earlier in the year. I tried to amend the EU Withdrawal Bill to provide for a referendum on the deal, and I have consistently argued for one in Parliament.
It remains my top priority as your MP to secure a People's Vote. It was so uplifting to be one of the hundreds of thousands of people marching through London recently to demand that the country has a say on the final Brexit deal, with the option to remain in the EU. I am determined to keep working both inside and outside Parliament and across party lines to secure a fair referendum on the deal, with the option to remain in the EU.
I spoke on behalf of the Liberal Democrats at the recent cross-party rally calling for a People's Vote - you can see my speech on YouTube here:  
https://www.youtube.com/watch?v=6wfTr0mXK1A&t=1s
Thanks for your support for the campaign and for taking the time to contact me. Please rest assured that I will keep up the fight on your behalf until we secure a People's Vote. I hope that's helpful, but if you'd like to discuss things further or if there's anything else that I can assist with please don't hesitate to get in touch.
With best wishes, Layla  Layla Moran MP"
The Full Court, on Monday 10 December, ruled that
"Article 50 TEU must be interpreted as meaning that, where a Member State has notified the European Council, in accordance with that article, of its intention to withdraw from the European Union, that article allows that Member State — for as long as a withdrawal agreement concluded between that Member State and the European Union has not entered into force or, if no such agreement has been concluded, for as long as the two-year period laid down in Article 50(3) TEU, possibly extended in accordance with that paragraph, has not expired — to revoke that notification unilaterally, in an unequivocal and unconditional manner, by a notice addressed to the European Council in writing, after the Member State concerned has taken the revocation decision in accordance with its constitutional requirements. The purpose of that revocation is to confirm the EU membership of the Member State concerned under terms that are unchanged as regards its status as a Member State, and that revocation brings the withdrawal procedure to an end."
The UK government had spent hundreds of thousands of pounds paying lawyers to oppose this ruling and repeatedly tried to have it thrown out of court at every stage of the proceedings.

A UK government that has specialised in endlessly parroting the phrase 'taking back control', shelled out substantial amounts of public funds, trying to stop anyone finding out if they have control over Article 50.

The Court of Justice of the European Union, one of the most pilloried and hated institutions of the Westminster elite and UK media, a court from which the government claims they are trying to 'take back control', has declared, as a matter of EU law, that the UK government has unilateral control, as a sovereign state in the EU, of the revocation of Article 50.

The government is outraged and has declared they will appeal to the Scottish court, the one that asked the CJEU to let it know if the UK government has control over Article 50, to declare the CJEU is wrong. The interference of the Court in declaring that EU law gives the UK government complete control over Article 50 is disgraceful and unacceptable.  Meddlesome CJEU sticking its nose in where it's not wanted

On the day of the CJEU judgment, having insisted a vote would happen on Tuesday 11 December come hell or high water, the UK prime minister, in full Maybotics mode, transfixed Parliament by postponing the vote on her Brexit withdrawal agreement, potentially indefinitely and nobody in parliament seemed to be able to or prepared to do anything about it.

When the Speaker of the House declared there were two ways to avoid the vote - an honourable procedure and a dishonourable procedure and suggested the government take the former route, he was ignored by practically everyone on all sides. Theresa May was only seemingly embarrassed when directly asked by staunch Brexiteer, Peter Bone MP, whether she'd use the honourable procedure or dishonourable procedure to avoid the vote. Mrs May mumbled disconnected soundbites whilst staring at her feet. No aspect of that abuse of process was reported in any of the media reports I've come across to date. Her plan now was to go back to EU leaders and get "assurances" on what she declared to be the sole sticking point preventing an avalanche of support in her favour - the Irish border backstop, or more specifically article 20 in the Protocol on Ireland/Northern Ireland.
ARTICLE 20 
Review 
If at any time after the end of the transition period the Union or the United Kingdom considers that this Protocol is, in whole or in part, no longer necessary to achieve the objectives set out in Article 1(3) and should cease to apply, in whole or in part, it may notify the other party, setting out its reasons. Within 6 months of such a notification, the Joint Committee shall meet at ministerial level to consider the notification, having regard to all of the objectives specified in Article 1. The Joint Committee may seek an opinion from institutions created by the 1998 Agreement.
If, following the consideration referred to above, and acting in full respect of Article 5 of the Withdrawal Agreement, the Union and the United Kingdom decide jointly within the Joint Committee that the Protocol, in whole or in part, is no longer necessary to achieve its objectives, the Protocol shall cease to apply, in whole or in part. In such a case the Joint Committee shall address recommendations to the Union and to the United Kingdom on the necessary measures, taking into account the obligations of the parties to the 1998 Agreement.
Article 1(3) of the Protocol on Ireland/Northern Ireland referred to says:
"This Protocol sets out arrangements necessary to address the unique circumstances on the island of Ireland, maintain the necessary conditions for continued North-South cooperation, avoid a hard border and protect the 1998 Agreement in all its dimensions"
The main opposition Labour party, having planned to propose a vote of no confidence in the prime minister, decided against it.

Yesterday the prime minster took a quick trip round various corners of Europe to get some words of assurance from fellow EU leaders. Irish and German governments, the President of the European Commission Jean-Claude Junker and others said there would be no renegotiation of the withdrawal agreement or the Irish border backstop. Mrs May reported back today that she is making progress.

Meanwhile the plotters in her own party back home finally gathered enough signatures to trigger a vote on her leadership which will take place this evening. The plotters, however, are infuriated that now they have inveigled enough Tory MPs to ask for the vote that they are not being given until Monday to rouse further opposition to the PM. The PM for her part continues to chant all her old worn platitudes and soundbites at every available opportunity, whilst politicians who oppose her do likewise, in a dialogue of the deaf.

The ruling party of government has gone insane (or as Guy Verhofstadt, Brexit coordinator for the EU Parliament, puts it Brexit is an emergent property of a "catfight in the Conservative party that got out of hand"), the main opposition is inept and we move inexorably towards a destructive Brexit.

Prediction - May will survive the leadership vote and she'll be immune from another leadership challenge for a year. It does seem unlikely, however, that she will get her withdrawal agreement through parliament, if she ever deigns to chance a vote on it.

Tuesday, August 21, 2018

The unconscionable immigration exemption in the UK DPA

Whilst I'm on the subject of Brexit, may I commend the effort of the Open Rights Group and the 3 million to launch a https://www.crowdjustice.com/case/immigrationexemption/ the immigration exemption in the UK's recently passed Data Protection Act. Schedule 2, paragraph 4 of the Act basically strips key GDPR protections from all UK immigrants in relation to anything to do with their immigration status. It needs to be read to be believed -
"Immigration

4(1)The GDPR provisions listed in sub-paragraph (2) do not apply to personal data processed for any of the following purposes—

(a)the maintenance of effective immigration control, or

(b)the investigation or detection of activities that would undermine the maintenance of effective immigration control,

to the extent that the application of those provisions would be likely to prejudice any of the matters mentioned in paragraphs (a) and (b).

(2)The GDPR provisions referred to in sub-paragraph (1) are the following provisions of the GDPR (the rights and obligations in which may be restricted by virtue of Article 23(1) of the GDPR)—

(a)Article 13(1) to (3) (personal data collected from data subject: information to be provided);

(b)Article 14(1) to (4) (personal data collected other than from data subject: information to be provided);

(c)Article 15(1) to (3) (confirmation of processing, access to data and safeguards for third country transfers);

(d)Article 17(1) and (2) (right to erasure);

(e)Article 18(1) (restriction of processing);

(f)Article 21(1) (objections to processing);

(g)Article 5 (general principles) so far as its provisions correspond to the rights and obligations provided for in the provisions mentioned in sub-paragraphs (a) to (f).

(That is, the listed GDPR provisions other than Article 16 (right to rectification), Article 19 (notification obligation regarding rectification or erasure of personal data or restriction of processing) and Article 20(1) and (2) (right to data portability) and, subject to sub-paragraph (2)(g) of this paragraph, the provisions of Article 5 listed in paragraph 1(b).)

(3)Sub-paragraph (4) applies where—

(a)personal data is processed by a person (“Controller 1”), and

(b)another person (“Controller 2”) obtains the data from Controller 1 for any of the purposes mentioned in sub-paragraph (1)(a) and (b) and processes it for any of those purposes.

(4)Controller 1 is exempt from the obligations in the following provisions of the GDPR—

(a)Article 13(1) to (3) (personal data collected from data subject: information to be provided),

(b)Article 14(1) to (4) (personal data collected other than from data subject: information to be provided),

(c)Article 15(1) to (3) (confirmation of processing, access to data and safeguards for third country transfers), and

(d)Article 5 (general principles) so far as its provisions correspond to the rights and obligations provided for in the provisions mentioned in paragraphs (a) to (c),

to the same extent that Controller 2 is exempt from those obligations by virtue of sub-paragraph (1). "
So let's be clear of the GDPR rights, in full, that this provision of a UK act of parliament is denying immigrants to the UK -

Article 13(1) to (3)
Information to be provided where personal data are collected from the data subject
1.  Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
(a) the identity and the contact details of the controller and, where applicable, of the controller's representative;
(b) the contact details of the data protection officer, where applicable;
(c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
(d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
(e) the recipients or categories of recipients of the personal data, if any;
(f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
2.  In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:
(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
(c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
(d) the right to lodge a complaint with a supervisory authority;
(e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
(f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
3.  Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
Article 14(1) to (4) 
Information to be provided where personal data have not been obtained from the data subject
1.  Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information:
(a) the identity and the contact details of the controller and, where applicable, of the controller's representative;
(b) the contact details of the data protection officer, where applicable;
(c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
(d) the categories of personal data concerned;
(e) the recipients or categories of recipients of the personal data, if any;
(f) where applicable, that the controller intends to transfer personal data to a recipient in a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means to obtain a copy of them or where they have been made available.
2.  In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing in respect of the data subject:
(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(b) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
(c) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability;
(d) where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
(e) the right to lodge a complaint with a supervisory authority;
(f) from which source the personal data originate, and if applicable, whether it came from publicly accessible sources;
(g) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
3.  The controller shall provide the information referred to in paragraphs 1 and 2:
(a) within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed;
(b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or
(c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
4.  Where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2. 
Article 15(1) to (3)
Right of access by the data subject
1.  The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2.  Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3.  The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
Article 17(1) and (2)
Right to erasure (‘right to be forgotten’)
1.  The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2.  Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Article 18(1)
Right to restriction of processing
1.  The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Article 21(1)
Right to object
1.  The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Article 5 (general principles) so far as its provisions correspond to the rights and obligations provided for in the provisions mentioned in sub-paragraphs (a) to (f).
Principles relating to processing of personal data
1.  Personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
2.  The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).
Seriously. Read all of those schedule 2 part 4 provisions and re-read them. Then look at the GDPR protections they are denying your colleagues, friends, neighbours, family, community. Yes, that last one really means that UK law specifically denies immigrants the protection of the general principles relating to the processing of personal data.

There is no possibility this could withstand legal scrutiny whilst the UK is still in the EU but all bets are off come 29 March 2019.

Brexit Support for Open University Staff who are EU Nationals

The Open University's HR director sent the following message to all staff this morning.


Since the publication of the Brexit White Paper (which outlines the UK’s five key objectives once the UK leaves the European Union on 29 March 2019) my team and I have been giving considerable thought as to what we, the University, can do to support any colleagues who may be affected by changes to the UKs migration policies after this date.
We are in the privileged situation at the OU where we have a diverse range of staff working here, who have made, and who continue to make, an enormous contribution to the University across a range of roles and disciplines. We recognise that the diversity of our colleagues is one of our greatest assets so, despite the current uncertainty that Brexit has brought to many of our colleagues we want to encourage and support anyone who is an EU national to stay working with the OU, regardless of their role or length of service.
In order to do this we will:
  • Wherever possible, support our employees who are either directly or indirectly affected by these policy changes to stay in the UK and stay working with the OU
  • Support affected colleagues through any process they may need to participate in, in order for them to stay living and working within the UK, and provide them with any documentation or other resources to assist with this
We have engaged with the OU International Community Support Network  to understand the issues and what support is likely to be needed to ensure the delivery of this commitment and will be able to provide more information once we have the detail of this.
As a priority, we will start by looking at very practical support such as:
  • The provision of legal briefing sessions so staff can understand the implications for them and their families (both face to face and online for those who can’t attend in person)
  • We are looking at how we can assist employees with financial support for application fees for the EU Settlement Scheme and reviewing existing processes for those applying for British Citizenship.
  • A direct line to HR support to speed up the issuing of any required information. This can be accessed by emailing: staff-brexit-enquiries@open.ac.uk
  • A central shared area where all documents and communications can be accessed easily for reference
  • The creation of a bank of useful resources for international staff (including reference letters and practical support)
I understand that this is an incredibly unsettling time for anyone who could be affected by the UK’s decision to leave the EU and I know that we have colleagues who are worried and anxious about their futures in the UK. Whilst I can’t alleviate this with one message, I want to reassure anyone impacted by Brexit that the OU is totally committed to the principles I have outlined above and as an organisation will do all that we can to support you and your family members and/or dependants over the forthcoming months.  
Additional support can be accessed through the OU International Community Support Network. This is a self-organised staff diversity network which is open to everyone (regardless of nationality) which has been set up to support staff and students who are affected by the results of the EU Referendum. Support and advice can also be accessed through the Employee Assistance Programme. This is a free and confidential service, available to all OU employees and their immediate family members. It offers expert advice, information, counselling and support and is available 24 hours a day, 7 days a week.
You can also access the government website for the latest information.
We have committed to keep you updated and there will be a series of further communications leading up to March to ensure you are informed and supported. In the meantime, if you have any questions or concerns please contact: staff-brexit-enquiries@open.ac.uk