Tuesday, August 21, 2018

The unconscionable immigration exemption in the UK DPA

Whilst I'm on the subject of Brexit, may I commend the effort of the Open Rights Group and the 3 million to launch a https://www.crowdjustice.com/case/immigrationexemption/ the immigration exemption in the UK's recently passed Data Protection Act. Schedule 2, paragraph 4 of the Act basically strips key GDPR protections from all UK immigrants in relation to anything to do with their immigration status. It needs to be read to be believed -
"Immigration

4(1)The GDPR provisions listed in sub-paragraph (2) do not apply to personal data processed for any of the following purposes—

(a)the maintenance of effective immigration control, or

(b)the investigation or detection of activities that would undermine the maintenance of effective immigration control,

to the extent that the application of those provisions would be likely to prejudice any of the matters mentioned in paragraphs (a) and (b).

(2)The GDPR provisions referred to in sub-paragraph (1) are the following provisions of the GDPR (the rights and obligations in which may be restricted by virtue of Article 23(1) of the GDPR)—

(a)Article 13(1) to (3) (personal data collected from data subject: information to be provided);

(b)Article 14(1) to (4) (personal data collected other than from data subject: information to be provided);

(c)Article 15(1) to (3) (confirmation of processing, access to data and safeguards for third country transfers);

(d)Article 17(1) and (2) (right to erasure);

(e)Article 18(1) (restriction of processing);

(f)Article 21(1) (objections to processing);

(g)Article 5 (general principles) so far as its provisions correspond to the rights and obligations provided for in the provisions mentioned in sub-paragraphs (a) to (f).

(That is, the listed GDPR provisions other than Article 16 (right to rectification), Article 19 (notification obligation regarding rectification or erasure of personal data or restriction of processing) and Article 20(1) and (2) (right to data portability) and, subject to sub-paragraph (2)(g) of this paragraph, the provisions of Article 5 listed in paragraph 1(b).)

(3)Sub-paragraph (4) applies where—

(a)personal data is processed by a person (“Controller 1”), and

(b)another person (“Controller 2”) obtains the data from Controller 1 for any of the purposes mentioned in sub-paragraph (1)(a) and (b) and processes it for any of those purposes.

(4)Controller 1 is exempt from the obligations in the following provisions of the GDPR—

(a)Article 13(1) to (3) (personal data collected from data subject: information to be provided),

(b)Article 14(1) to (4) (personal data collected other than from data subject: information to be provided),

(c)Article 15(1) to (3) (confirmation of processing, access to data and safeguards for third country transfers), and

(d)Article 5 (general principles) so far as its provisions correspond to the rights and obligations provided for in the provisions mentioned in paragraphs (a) to (c),

to the same extent that Controller 2 is exempt from those obligations by virtue of sub-paragraph (1). "
So let's be clear of the GDPR rights, in full, that this provision of a UK act of parliament is denying immigrants to the UK -

Article 13(1) to (3)
Information to be provided where personal data are collected from the data subject
1.  Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
(a) the identity and the contact details of the controller and, where applicable, of the controller's representative;
(b) the contact details of the data protection officer, where applicable;
(c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
(d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
(e) the recipients or categories of recipients of the personal data, if any;
(f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
2.  In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:
(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
(c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
(d) the right to lodge a complaint with a supervisory authority;
(e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
(f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
3.  Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
Article 14(1) to (4) 
Information to be provided where personal data have not been obtained from the data subject
1.  Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information:
(a) the identity and the contact details of the controller and, where applicable, of the controller's representative;
(b) the contact details of the data protection officer, where applicable;
(c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
(d) the categories of personal data concerned;
(e) the recipients or categories of recipients of the personal data, if any;
(f) where applicable, that the controller intends to transfer personal data to a recipient in a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means to obtain a copy of them or where they have been made available.
2.  In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing in respect of the data subject:
(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(b) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
(c) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability;
(d) where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
(e) the right to lodge a complaint with a supervisory authority;
(f) from which source the personal data originate, and if applicable, whether it came from publicly accessible sources;
(g) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
3.  The controller shall provide the information referred to in paragraphs 1 and 2:
(a) within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed;
(b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or
(c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
4.  Where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2. 
Article 15(1) to (3)
Right of access by the data subject
1.  The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2.  Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3.  The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
Article 17(1) and (2)
Right to erasure (‘right to be forgotten’)
1.  The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2.  Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Article 18(1)
Right to restriction of processing
1.  The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Article 21(1)
Right to object
1.  The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Article 5 (general principles) so far as its provisions correspond to the rights and obligations provided for in the provisions mentioned in sub-paragraphs (a) to (f).
Principles relating to processing of personal data
1.  Personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
2.  The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).
Seriously. Read all of those schedule 2 part 4 provisions and re-read them. Then look at the GDPR protections they are denying your colleagues, friends, neighbours, family, community. Yes, that last one really means that UK law specifically denies immigrants the protection of the general principles relating to the processing of personal data.

There is no possibility this could withstand legal scrutiny whilst the UK is still in the EU but all bets are off come 29 March 2019.

Brexit Support for Open University Staff who are EU Nationals

The Open University's HR director sent the following message to all staff this morning.


Since the publication of the Brexit White Paper (which outlines the UK’s five key objectives once the UK leaves the European Union on 29 March 2019) my team and I have been giving considerable thought as to what we, the University, can do to support any colleagues who may be affected by changes to the UKs migration policies after this date.
We are in the privileged situation at the OU where we have a diverse range of staff working here, who have made, and who continue to make, an enormous contribution to the University across a range of roles and disciplines. We recognise that the diversity of our colleagues is one of our greatest assets so, despite the current uncertainty that Brexit has brought to many of our colleagues we want to encourage and support anyone who is an EU national to stay working with the OU, regardless of their role or length of service.
In order to do this we will:
  • Wherever possible, support our employees who are either directly or indirectly affected by these policy changes to stay in the UK and stay working with the OU
  • Support affected colleagues through any process they may need to participate in, in order for them to stay living and working within the UK, and provide them with any documentation or other resources to assist with this
We have engaged with the OU International Community Support Network  to understand the issues and what support is likely to be needed to ensure the delivery of this commitment and will be able to provide more information once we have the detail of this.
As a priority, we will start by looking at very practical support such as:
  • The provision of legal briefing sessions so staff can understand the implications for them and their families (both face to face and online for those who can’t attend in person)
  • We are looking at how we can assist employees with financial support for application fees for the EU Settlement Scheme and reviewing existing processes for those applying for British Citizenship.
  • A direct line to HR support to speed up the issuing of any required information. This can be accessed by emailing: staff-brexit-enquiries@open.ac.uk
  • A central shared area where all documents and communications can be accessed easily for reference
  • The creation of a bank of useful resources for international staff (including reference letters and practical support)
I understand that this is an incredibly unsettling time for anyone who could be affected by the UK’s decision to leave the EU and I know that we have colleagues who are worried and anxious about their futures in the UK. Whilst I can’t alleviate this with one message, I want to reassure anyone impacted by Brexit that the OU is totally committed to the principles I have outlined above and as an organisation will do all that we can to support you and your family members and/or dependants over the forthcoming months.  
Additional support can be accessed through the OU International Community Support Network. This is a self-organised staff diversity network which is open to everyone (regardless of nationality) which has been set up to support staff and students who are affected by the results of the EU Referendum. Support and advice can also be accessed through the Employee Assistance Programme. This is a free and confidential service, available to all OU employees and their immediate family members. It offers expert advice, information, counselling and support and is available 24 hours a day, 7 days a week.
You can also access the government website for the latest information.
We have committed to keep you updated and there will be a series of further communications leading up to March to ensure you are informed and supported. In the meantime, if you have any questions or concerns please contact: staff-brexit-enquiries@open.ac.uk

Friday, July 20, 2018

PIPCU takedown of 50,000 sites

The Police Intellectual Property Crime Unit (PIPCU), a department of the City of London Police, noted on Twitter that it has taken down 50,000 websites since its inception in 2013. On asking for further details, they advised I send in a freedom of information request which the information officer has now kindly responded to.

My email went to 'foi@city-of-london.pnn.police.uk'

The Freedom of Information Officer
City of London Police
PO Box 36451
182 Bishopsgate
London EC2M 4WN

Transcript of the response (I've put the extracts from my email in italics) -
Dear Mr Corrigan, 
REQUEST FOR INFORMATION REF: COL/18/618 
I write in connection with your request for information dated 04 July 2018 in which you seek access to the following information: 
I was really interested to discover, via your Twitter account, that since your inception in 2013, you have taken down 50,000 websites that you believe were committing IP crime.
https://twitter.com/CityPolicePIPCU/status/1014434074289635328 
I have been advised by the people behind your Twitter account that I should contact you for further details. I would, therefore, be grateful for further information and a breakdown of the detailed statistics you have in relation to these 50,000 websites. 
In particular – 
What proportion of these 50,000 websites proved to be engaged in criminal activities? 
All but one of the sites showed significant evidence of being engaged in criminality. 
What proportion of the 50,000 were not involved in crime and were eventually cleared and re-instated? 
One site has been reinstated as it was not involved in crime. 
How many police officers and police hours were engaged in the investigations that led to the take down of these 50,000 sites? 
The majority of the work is undertaken by one officer working full time (i.e. 40 hours per week since 2014, excluding leave, courses etc). It is impossible to calculate the exact number of hours, particularly as the officer has support from others in the unit. 
Statistics on the extent and seriousness of these crimes. 
No information held. 
The estimated economic impact on affected parties and industries. 
No information held. 
Estimates of the detrimental impacts on the public of the effects of the sale of counterfeit goods through any of these 50,000 websites. 
No information held. 
A demographic breakdown of the geographic locations of the most serious offenders e.g. by jurisdiction (in the assumption that there will be a significant impact from offenders outside of the UK). 
No information held. 
A demographic breakdown of the nature of the offenders e.g. were they organised criminal gangs or individuals? 
No information held. 
The proportion of offenders who were eventually prosecuted and in which jurisdictions. 
Operation Ashiko has not been directly responsible for any prosecutions. 
The proportion of offenders who were eventually convicted and in which jurisdictions. 
Operation Ashiko has not been directly responsible for any prosecutions. 
The proportion of the sites that were involved in selling counterfeit goods.

All sites in respect of this operation are involved in the sale of counterfeit goods. 
The proportion of the sites that were involved in copyright infringement. 
None. 
The proportion of the sites that were involved in patent infringement. 
None. 
The proportion of the sites that were involved in trademark infringement. 
All sites in respect of this operation are involved in trademark infringement. 
Should you have any further questions regarding your request, please contact me via e-mail, letter or telephone, quoting the reference number above. 

Friday, July 06, 2018

EU copyright directive exchanges with MEPs

Ahead of the EU parliament vote on the proposed copyright directive yesterday I wrote to my 10 MEPs asking they vote against articles 11 and 13, the link tax and the upload filter. Janice Atkinson had indicated in advance of the vote she would be opposing the measures so I thanked her for her stance. The text of my email to the other 9 was -
"I am constituent of yours resident in [redacted]. I also work for The Open University and write about technology policy, though my views below are mine alone and do not purport to represent the position of my employer.

I wanted to briefly encourage you to vote against the copyright directive coming before the EU parliament tomorrow, 5 July, 2018. I have particular concerns about the text of articles 11 and 13 of the directive adopted by the JURI (Legal Affairs) committee on 20 June.

On article 11, you will be aware that this is a new press publishers’ copyright which lasts for 20 years. It has been called a link tax, a snippet tax, a publishers’ right, a neighbouring right and an ancillary copyright. The idea is that anyone linking to and using snippets from news articles would be required to pay the publisher for a licence first. Similar provisions were introduced in Brazil, Germany and Spain and failed to address the serious issue of declining revenues for press organisations. The German law has been referred to the European Court of Justice and in Spain it resulted in a drop in internet traffic to news websites, particularly small and medium newspaper sites, after Google shut down Google news in Spain.

Article 13 is more serious and amounts to implementation of an upload filter for the internet. In principle, one can see why this could be attractive, if it could work as advertised, blocking all the bad things from the internet and letting through all the good. The problem is that there is no magical computer software that can tell the difference between copyright infringing and non-infringing material, except at the crudest level. Computers are good at many things but making decisions about the subtleties of what does and does not constitute copyright infringement is not one of them. Under any plausible filtering requirement, online material which has not usually been thought of as invading copyright would be automatically removed. A software filter is not going to be able to make fair and reliable decisions about what should be permitted to be published. The certain consequence of deploying “effective content recognition technologies”, in the wording of article 13, is that legal material will be blocked and/or taken down.

There has been a lot of heat and not much light generated in the public debate on articles 11 and 13 but in their current form neither is fit for purpose. So I would ask you, as a constituent and an academic who has worked on technology policy for over two decades, to encourage your MEP peers to remove them both from the proposed copyright directive.

Thank you for your time and consideration and if you need any further information do not hesitate to get in touch. In the meantime might I recommend this Statement from European Academics
to Members of the European Parliament in advance of the Plenary Vote on the Copyright Directive on 5 July 2018 https://www.create.ac.uk/wp-content/uploads/2018/06/Academic_Statement_Copyright_Directive_29_06_2018.pdf"
I have had responses from Janice Atkinson, Catherine Bearder and John Howarth. Ms Atkinson confirmed she was doing her best to oppose the article 11 and 13 measures. Mr Howarth's response was thoughtful.
"Dear Ray,

Thank you for writing to me on the changes to Copyright legislation currently before the European Parliament.

I am closely following the debate on copyright which, as someone who ran a creative business for many years, this issue is of long-standing interest to me. I can also tell you, based on my experience, that copyright law with the advent of the digital economy is simple not working.

The debate is complex but the current situation is serving nobody’s interests other than those of the large internet platforms. This is not in any way a sustainable situation and change is clearly needed. In my view that change must address two particular problems and must ensure that several key principles are protected.

It is right that artists and creators are rewarded for their work. This is both a principle and a practical problem with the way the internet has destroyed value in a number of industries. Recording artists in particular but also other creatives have been severely impacted by a ‘sharing economy’ which essentially rips-off their work. In this case the recording companies are also badly affected and the winners are the likes of YouTube. Of course there are also contradictions - recording artists benefit in terms of profile and exposure but ‘profile’ alone does not pay the bills. These concerns are shared by written word publishers and those in other creative fields, though it is also fair to say that I have had representations taking a different view.

Journalism and a free press has to be paid for. Professional journalism, on which a free press depends, is not ‘free’. The decline of newspaper circulation, the changes facing broadcasting organisations and the emergence of news aggregators and search have rendered unviable the business model on which pre-internet media was based. The contradiction is that more people than ever see newspapers in their on-line form, yet again it is the platforms and search organisations that benefit in terms of advertising revenue. If professional journalism is to survive in a sufficiently diverse form to feed a free press (with all its failings) then news organisations need to be able to benefit from their readership. Article 11 would appear to help this situation somewhat.

Free academic enquiry is essential. Academic enquiry necessarily involves the citation of other works. I would be unhappy with any proposition that constrained the ability of academics and researchers to publish and share works and references. Changes have gone some way to assure me that the proposals would not threaten this area, however, their ‘over implementation’ conceivably could. I am concerned that we could exchange one inadequate situation for something even worse.

I have grave reservations about the notion of policing the internet through the application of algorithm and content recognition. I would also be unhappy with the notion of ‘link taxes’ applied indiscriminately.

These are the principles around which I will make a judgement, however, it is fair to say that there are a whole range of other issues that impinge upon the digital economy that cut across the debate on modernising Copyright. The interests of consumers are also important, looking after local cultures and languages have depended upon a localised broadcasting framework matter to many people. The current legislation cannot be reduced to a simple choice.

I am not involved directly with the committees considering this legislation and so have not, as yet, been able to look at the modification made this week in detail. I was far from convinced by what had originally been presented. I would assure you that before I come to vote on this matter I will be discussing the matter with colleagues and considering the implications carefully.

Thanks again for getting in touch.


With best wishes,

John Howarth MEP
On your side in Europe.
www.johnhowarthmep.uk"
I have further responded as follows -
"Dear John,


Thank you for your thoughtful response. It is quite unusual to see a politician showing a nuanced understanding of the complexities of the modern copyright landscape. Though I suspect we might disagree on some of the detailed practicalities, if the public debate on the matter could be conducted at this level, we would all be better informed and the pipe dream of developing evidence based copyright policy might begin to become a remote possibility.

Regards,

Ray"
Ms Bearder is keen to find a way to address the issue of fair remuneration for creators -
"Dear Constituent,


Thank you for your email about European Union (EU) rules on copyright.

As you can imagine, I have received thousands of emails about the issue and voted against the copyright proposals because I wanted the European Parliament to better scrutinise them.  I think it is really important the whole Parliament has a real in depth say on this proposal.

My Alliance of Liberals and Democrats in Europe (ALDE) colleagues and I have been concerned about these new Internet copyright rules from the European Commission for some time.  That is why well before the vote I co-signed a cross-party letter about copyright reform and impact on access to news.  The letter voiced concern about the impact of a new neighbouring right for press publishers on access to news and information.  It calls for replacing the current proposal of the Commission by an alternative, less invasive, and more proportionate solution which would continue to support quality journalism and freedom of the press in the digital age.

However, I do think the time has come for creators to get fair remuneration for their work.  That is why the Parliament’s Legal Affairs Committee has backed an update on the current EU’s copyright rules.  The ALDE group managed to secure better protection for right holders’ works and therefore a fair remuneration for creators.  We definitely need to make copyright rules fit for the digital age and should harmonise rules across our Union.  At the same time, we have to make sure that authors’ or performers’ works will be better protected when uploaded on big platforms.  The European Parliament wants to make it now possible to better identify protected works online and therefore ensure that creators receive a fair share for the use of their content.

I do hope the EU does not implement the current copyright proposals and takes time to draft a sensible and measured review of our copyright rules that do not censor the Internet.

Yours sincerely,

Catherine Bearder


Catherine Bearder | Lib Dem member of the European Parliament for the South East of England"
I have further responded -
"Dear Catherine,

Thank you for responding to my email when you have had thousands to deal with.
Ensuring creators receive a fair share for the use of their content is a commendable aim we can all sign up to.
How we go about doing that is the complicated question.
I suspect the regulation of imbalanced industry contracts with creators may be a more effective measure for addressing this problem.
Sensible and measured review of copyright rules is, I agree, overdue and copyright proposals that censor the internet are a destructive option on multiple fronts.
Thank you again.
Regards,
Ray"
I wrote an analysis, ahead ahead of the vote, for Crooked Timber, of the proposed articles 11 and 13.

Thankfully the EU parliament, yesterday, essentially rejected the proposed JURI (Legal Affairs) Committee text for the copyright directive. The vote was 318 against to 278 in favour, with 31 abstentions. The Parliament’s position will now be up for debate, amendment and another vote in September.

Tuesday, June 26, 2018

US Supreme Court upholds Trump Muslim ban

The US Supreme Court, in Trump v. Hawaii, has determined, by a slim 5-4 majority, that Trump has the power to ban Muslims entering the US and the ban is justified by legitimate national security concerns.

Justice Kennedy reluctantly went along with the majority opinion, noting that even if the courts didn't have power to review every action of a public official, such officials still have have an obligation to conduct themselves in accordance with their oath to uphold the constitution.
"There are numerous instances in which the statements and actions of Government officials are not subject to judicial scrutiny or intervention. That does not mean those officials are free to disregard the Constitution and the rights it proclaims and protects. The oath that all officials take to adhere to the Constitution is not confined to those spheres in which the Judiciary can correct or even concurring comment upon what those officials say or do. Indeed, the very fact that an official may have broad discretion, discretion free from judicial scrutiny, makes it all the more imperative for him or her to adhere to the Constitution and to its meaning and its promise. 
The First Amendment prohibits the establishment of religion and promises the free exercise of religion. From these safeguards, and from the guarantee of freedom of speech, it follows there is freedom of belief and expression. It is an urgent necessity that officials adhere to these constitutional guarantees and mandates in all their actions, even in the sphere of foreign affairs. An anxious world must know that our Government remains committed always to the liberties the Constitution seeks to preserve and protect, so that freedom extends outward, and lasts."
Justice Sotomayor with whom Justice Ginsburg joined in dissenting, was scathing of the majority, accusing them of ignoring the facts, misconstruing legal precedent and turning a blind eye to the suffering Trump's ban inflicts on countless families and individuals, many US citizens.
"The United States of America is a Nation built upon the promise of religious liberty. Our Founders honored that core promise by embedding the principle of religious neutrality in the First Amendment. The Court’s decision today fails to safeguard that fundamental principle. It leaves undisturbed a policy first advertised openly and unequivocally as a “total and complete shutdown of Muslims entering the United States” because the policy now masquerades behind a fa├žade of national-security concerns. But this repackaging does little to cleanse Presidential Proclamation No. 9645 of the appearance of discrimination that the President’s words have created. Based on the evidence in the record, a reasonable observer would conclude that the Proclamation was motivated by anti-Muslim animus. That alone suffices to show that plaintiffs are likely to succeed on the merits of their Establishment Clause claim. The majority holds otherwise by ignoring the facts, misconstruing our legal precedent, and turning a blind eye to the pain and suffering the Proclamation inflicts upon countless families and individuals, many of whom are United States citizens. Because that troubling result runs contrary to the Constitution and our precedent, I dissent."

Wednesday, June 20, 2018

Tech stole the broadcasters' audience

Dr Johnny Ryan speaking to European broadcasters at EGTA CEO's Summit in Madrid, 2018 from Johnny Ryan on Vimeo.

Johnny Ryan's presentation to the CEO's of Europe's large broadcasters, on the legal risk inherent in their current websites' use of adtech, and how they can join together to use the EU General Data Protection Regulation (GDPR) to grow their businesses, is worthy of a wide audience.

The operation of the hidden personal data processing adtech architecture behind most websites is unlawful. Even though it was largely conceived and deployed surreptitiously, I only hope that history will judge it nothing short of astonishing that we, the general public, technologists, commerce, industry and governments enabled it; and even now continue to do so.

In this regard I also highly recommend Cracked Labs' report on corporate surveillance.
"In recent years, a wide range of companies has started to monitor, track and follow people in virtually every aspect of their lives. The behaviors, movements, social relationships, interests, weaknesses and most private moments of billions are now constantly recorded, evaluated and analyzed in real-time. The exploitation of personal information has become a multi-billion industry. Yet only the tip of the iceberg of today’s pervasive digital tracking is visible; much of it occurs in the background and remains opaque to most of us. 
This report by Cracked Labs examines the actual practices and inner workings of this personal data industry. Based on years of research and a previous 2016 report, the investigation shines light on the hidden data flows between companies. It maps the structure and scope of today’s digital tracking and profiling ecosystems and explores relevant technologies, platforms and devices, as well as key recent developments. While the full report is available as PDF download, this web publication presents a ten part overview. 
Contents
I. Analyzing people 
II. Analyzing people in finance, insurance and healthcare 
III. Large-scale collection and use of consumer data 
IV. Data brokers and the business of personal data 
V. Real-time monitoring of behaviors across everyday life 
VI. Linking, matching and combining digital profiles 
VII. Managing consumers and behaviors, personalization and testing 
VIII. Dragnet – everyday life, marketing data and risk analytics 
IX. Mapping the commercial tracking and profiling landscape 
X. Towards a society of pervasive digital social control?"
See also Networks of Control by Wolfi Christl and Sarah Spiekermann, a report on corporate surveillance, digital tracking, big data & privacy. Wolfie Christl is the co-founder of Cracked Labs. Sarah Spiekermann chairs the Institute for Management Information Systems at the Vienna University of Economics and Business.
"The collection, analysis and utilization of digital information based on our clicks, swipes, likes, purchases, movements, behaviors and interests have become part of everyday life. While individuals become increasingly transparent, companies take control of the recorded data in a non-transparent and unregulated way.
In their report, Wolfie Christl and Sarah Spiekermann explain how a vast number of companies have started to engage in constant surveillance of the population. Without peoples’ knowledge a network of global players is constantly tracking, profiling, categorizing, rating and affecting the lives of billions – across platforms, devices and life contexts. While special interest groups have been aware of the corporate use of personal data for a while now, the full degree and scale of personal data collection, use and – in particular – abuse has not been scrutinized closely enough. This gap is closed with this book entitled “Networks of Control – A Report on Corporate Surveillance, Digital Tracking, Big Data & Privacy”.
Based on detailed examples “Networks of Control” answers the following questions:
  • Who are the players in today’s personal data business? How do online platforms, tech companies and data brokers really collect, share and make use of personal information?
  • Which data is recorded by smartphones, fitness trackers, e-readers, smart TVs, connected thermostats and cars? Will the Internet of Things lead to ubiquitous surveillance?
  • What can be inferred from our purchases, calls, messages, website visits, web searches and likes?
  • How is Big Data analytics already used in fields such as marketing, retail, insurance, finance, healthcare and work to treat us differently?
  • What are the societal and ethical implications of these practices? And how can we move forward?
Their investigation not only exposes the full degree and scale of today’s personal data business, but also shows how algorithmic decisions on people lead to discrimination, exclusion and other social implications. Followed by an ethical reflection on personal data markets the authors present a selection of recommended actions."