This blog shares research and discussion from the Information Law and Policy Centre, based at the Institute of Advanced Legal Studies, which launched in spring 2015. The Centre is concerned with the law and policy of information and data, and explores the ways in which law both restricts and enables the sharing and dissemination of different types of information.
The ILPC have submitted a piece of written evidence in response to the recent call for evidence on ‘The Internet: To Regulate or Not to Regulate’ from the House of Lords Select Committee on Communications.
The written evidence outlines four key issues of internet regulation: the protection of human rights, the protection of freedom of expression, the use of deceased’s data and the role of the UK as a world leader in internet regulation.
Transforming Cities with Artificial Intelligence: Law, Policy, and Ethics
We are pleased to announce this call for papers for the Information Law and Policy Centre’s Annual Conference on 23 November 2018 at IALS in London, this year supported by Bloomsbury’s Communications Law journal. You can read about our previous annual events here.
We are looking for high quality and focused contributions that consider information law and policy within the context of improving the governance of the public interest within cities through the use of AI-based systems. Whether based on doctrinal analysis, or empirical research, papers should offer an original perspective on the implications posed by the use of algorithms and data-driven systems for improving the effectiveness of the public sector whilst also ensuring that such processes are governed by frameworks that are accountable, trustworthy, and proportionate in a democratic society.
Topics of particular interest in 2018 include:
Explainability and transparency of algorithms
Data privacy and ethics
Internet of Things
Open Data and Data Sharing
AI and Digital education
The EU General Data Protection Regulation
The conference will take place on Friday 23rd November 2018 and will include the Information Law and Policy Centre’s Annual Lecture and an evening reception.
The ILPC is delighted to announce that Baroness Onora O’Neill, a leading philosopher in politics, justice, and ethics, who is also a Crossbench Member of the House of Lords and Associate Fellow of the University of Cambridge Leverhulme Centre for the Future of Intelligence (CFI) will deliver this year’s Annual Lecture.
Attendance will be free of charge thanks to the support of the IALS and our sponsors, although registration is required as places are limited. Registration to the Annual Conference is available here.
The best papers will be featured in a special issue of Bloomsbury’s Communications Law journal, following a peer-review process. Those giving papers will be invited to submit full draft papers to the journal by 1st November 2018 for consideration by the journal’s editorial team.
How to apply:
Please send an abstract of between 250-300 words and some brief biographical information to Eliza Boudier, Fellowships and Administrative Officer, IALS: email@example.com by Friday 13th July 2018 (5pm, BST).
Abstracts will be considered by the Information Law and Policy Centre’s academic staff and advisors, and the Communications Law journal editorial team.
About the Information Law and Policy Centre at the IALS:
The Information Law and Policy Centre (ILPC) produces, promotes, and facilitates research about the law and policy of information and data, and the ways in which law both restricts and enables the sharing, and dissemination, of different types of information.
The ILPC is part of the Institute of Advanced Legal Studies (IALS), which was founded in 1947. It was conceived, and is funded, as a national academic institution, attached to the University of London, serving all universities through its national legal research library. Its function is to promote, facilitate, and disseminate the results of advanced study and research in the discipline of law, for the benefit of persons and institutions in the UK and abroad.
About Communications Law (Journal of Computer, Media and Telecommunications Law):
Communications Law is a well-respected quarterly journal published by Bloomsbury Professional covering the broad spectrum of legal issues arising in the telecoms, IT, and media industries. Each issue brings you a wide range of opinion, discussion, and analysis from the field of communications law. Dr Paul Wragg, Associate Professor of Law at the University of Leeds, is the journal’s Editor in Chief.
The term “fake news” has become a prominent nomenclature in public discourse. Indeed, the idea of “fake news” has brought to the fore a number of key concerns of modern global society, including if and how social media platforms should be regulated, and more critically, the potentially subversive role of online disinformation (and its spread on such platforms) to undermine democracy and the work of democratic institutions.
In response to the growing concerns over “fake news” and online disinformation, the European Union established an independent High Level Expert Group in early 2018 to establish policy recommendations to counter online disinformation. In March 2018, the HLEG published a report entitled ‘A Multidimensional Approach to Disinformation’ which sets out a series of short and longer term responses and actions for various stakeholders, including media practitioners and policymakers, to consider in formulating frameworks to effectively addressing these issues. The report recognises that online disinformation is both a complex and multifaceted issue, but is also a symptom of the broader social move toward globalised digitalism.
The Information Law and Policy Centre (ILPC) at the Institute for Advanced Legal Studies, University of London, convened a seminar at the end of April to discuss the report of the HLEG and the phenomenon of “fake news”. The seminar forms part of the ILPC’s public seminar series where contemporary issues regarding various aspects of information law and policy are discussed and deliberated with key stakeholders and experts in the field. Held on the evening of the 30th April 2018, the seminar consisted of an expert panel of discussants from both academia and the media.
After an introduction and overview of the report by the Chair, Professor Nielsen (speaking in his personal capacity) began the panel discussion by noting that “fake news” is part of a broader crisis of confidence between the public, press and democratic institutions. Professor Nielsen cautioned against the use of the term “fake news”, highlighting that it is dangerous and misleading, having been sensationalised for political use. Stressing that the HLEG has taken deliberate steps to quell the further populism of the term by not using it in reports and policy documents, he also pointed out that significant steps to redress the issue cannot take place until we have a deeper understanding of just how widespread the problem is or is not. That being said, Professor Nielsen emphasised that in addressing such issues, we must start from the principles we seek to protect, and particularly, freedom of expression and open democracy.
Accordingly, Professor Nielsen set out what he saw to be the six key recommendations from the HLEG’s report, noting that these recommendations come as a package to be realised and implemented together.
Abandon the term “fake news”;
Set aside funding for independent research in order to develop a better understanding of the scope and nature of the issue, noting too that little is known about the issue outside of the West and Global North countries;
Call for platform companies to share more data with fact checkers, albeit privacy complaint;
Call for public authorities at all level to share machine readable data to better enable professional journalists and fact-checkers;
Invest in media literacy at all levels of the population; and
Develop collaborative approaches between stakeholders.
Our second discussant, Dr Xenos, offered a light critique of the HLEG’s report. He agreed with the HLEG group’s focus on ‘disinformation’ relating to materials and communications that can cause ‘public harm’, and its contextual targets involving parliamentary elections and important ‘sectors, such as health, science, finance’, etc. He pointed out that as the institutions of powers (such the EU’s organs) are very often the original sources of such information that is subsequently treated by various media organisations and communicative platforms, the same standards and safeguards should apply to the communications and materials that are produced and published by the institutions. Dr Xenos referred to his contribution and the recent reports of the EU Ombudsman, involving the EU Commission, the EU Council and their very wide range of experts which highlight serious deficiencies in decision and policy-making, undermining the basic democratic safeguards which the HLEG’s report targets, such as transparency, accountability, avoidance of conflicts of interests, and access to relevant information. In this respect, Dr Xenos argues that the proposal for a fact-checking system of media communications covering decisions and policies of the institutions of power is unrealistic when such a system and safeguards do not apply to the original communications, materials and decisions of these institutions that the media may (if and when) subsequently cover. He emphasised the need for an independent academic insight that can offer analysis of events ex ante, in contrast to the traditional ex post analysis of journalism. However, Dr Xenos also said that the role of academics is undermined if appropriate research focus is lacking or there is a conflict of interest – an issue, he believes, concerns also those media organisations and platforms controlled by private corporations. In support of his claims, he referred to a recent study and its subsequent coverage by both the UK and US media. He welcomed the HLEG’ suggestions for access and analysis of platforms’ data and algorithm accountability in the dissemination of information.
Responding to Dr Xenos, Dr Ni Loideain noted that the report consistently emphasised the need for evidence-based decision- and policy-making.
Following from Dr Xenos’ remarks, Matt Rogerson from the Guardian Media Group emphasised the critical role online disinformation can play in determining the outcome of elections. Matt noted that current politics are marginal, with over a hundred constituencies won or lost with a swing vote of under 10%, which Facebook, for example, can greatly influence, given the high numbers of people who gain their news updates only from this source. Matt noted, too, how in the wake of the Cambridge Analytica scandal, tech companies are becoming increasingly hesitant to be open about their policies and activities. Matt further highlighted that the knowledge and understanding of citizens of the various news agencies and news brands varies, pointing to a study which demonstrated how citizens had a greater trust for the news items offered in certain broadsheet newspapers as opposed to particular tabloid presses.
Recognising, therefore, that there is strong media diversity and pluralism of news brands at present, Matt spoke of how this must be preserved and protected. One important issue, Matt noted, was the need for stronger visual queues on platforms such as Facebook, so users could readily distinguish between the branding of the Guardian news items, in comparison to other less-trusted news sources. Matt also raised concerns about the impact of programmatic digital advertising, which effectively decouples brand advertising from the context in which it is seen via online platforms, reducing the accountability of the advertiser as a result.
In terms of how to create trust between news organisations and the wider public, Matt drew our attention to the importance of diversity within media houses and social media platforms. Highlighting the lack of gender and ethnic diversity within the tech industry, as well as the related monopoly of Silicon Valley companies over the industry as a whole, Matt noted how the effect of this meant that there was little competition between platforms to raise standards and do the right thing by society. Matt recommended revisiting competition regulation to drive competition and diversity.
Martin Rosenbaum from the BBC and speaking in his personal capacity was the final discussant to offer their response on the report. Martin echoed the sentiments of Matt and Professor Nielsen in cautioning against downplaying the issue of disinformation and the effect it can have on society. Martin made note of the fact that disinformation can occur in various forms, including users sharing information despite not knowing or caring whether it is true or otherwise. Moreover, Martin emphasised how disinformation more broadly can foster a lack of trust in trusted news agencies and public institutions by generating, as Professor Nielsen spoke of too, a general crisis of truth.
Martin additionally mentioned how the ready consumption and splurge of news users receive on Facebook represents a divorce between the source of the information (for example, the BBC) and the way in which it is distributed and reaches the consumer. Martin explained how this works to undermine the trustworthy-ness of certain kinds of media and information.
In speaking of mechanisms through which to counter disinformation, Martin noted the BBC’s code on journalism that is accurate, fair and impartial, which underlies its position as one of the most trustworthy news sources globally. He further noted how the BBC has put in place various accountability mechanisms to handle complaints effectively. Martin additionally spoke of the need for media literacy and involving younger generations in news-making, reporting, and spotting “fake news”.
Responding to the claims made earlier by Dr Xenos, Martin assuaged that specialist journalists are most often best placed to fact-check news stories. And lastly, Martin also pointed out how chat apps were also complicit in the dissemination of “fake news” items, and that these platforms were much harder to regulate and monitor in terms of the content they handle.
Following from Martin’s contribution, the discussion opened up and various questions were posed to the panel regarding the scope and definition of disinformation and how this issue overlaps the fundamental principle of freedom of expression. There was a broad consensus to steer away from unnecessary government regulation that may impact upon free speech. Other issues raised included the tension between the call for open data and data sharing and the coming into effect of the GDRP this month.
This post is re-posted from the ICO’s website with kind permission. Original web entry available here.
Original script may differ from delivered version
Elizabeth Denham delivered the CRISP (Centre for Research into Information, Surveillance and Privacy) annual lecture 2018 at the University of Edinburgh on 14 March.
She spoke about the many roles she must play as UK Information Commissioner and set out the challenges and opportunities ahead.
Many thanks for the invitation to speak today. I have a connection with CRISP and William Webster, Kirstie Ball and Charles Raab that predates my time in the UK – British Columbia OIPC is a partner in Big Data Surveillance Project with David Lyon and others in Canada. I have long been aware of the importance of the CRISP doctoral training school.
One of the wonderful aspects of privacy and data protection is the extremely rich and interdisciplinary scholarly research community.
Data Protection raises questions of law, politics, sociology, computer science, communications studies, business and management, psychology, urban studies, geography, and so many other areas of scholarship.
For all the regulatory and legal challenges, privacy and data protection continue to raise fascinating intellectual issues.
CRISP is a wonderful model of interdisciplinary research and training for young researchers.
I am very glad to have received the support of the broad and vibrant academic community involved in research on privacy and surveillance since taking up this job.
I am also proud to have launched a new program to fund independent research and help consolidate the network of privacy researchers in the UK.
I am hopeful that this will continue for many years.
Money, law, courage
The title, Money, Law and Courage – signifies, of course, that the contemporary data protection authority (DPA), of which the ICO is the largest in the world in terms of personnel and budget, cannot do its work without a clear legislative framework, the necessary technical and financial resources and the courage to do our jobs well. My office is responsible for the effective enforcement of no fewer than eleven statutes and regulations.
They say: “Money makes the world go around . . .”
Well, we have a budget of £24 million pounds, following the introduction of the new funding model this will be £34m in 2018/19. We’ve been busy over the last year recruiting more staff and currently have a headcount of around 500.
We expect staffing numbers to continue to increase, passing 600 by 2019 increasing to an approximate FTE of 650 during 19/20.
We will be assessing demand as the GDPR goes live and beyond, adjusting our plans accordingly. To give you a sense of we are fixed now, we’ve got around 200 case-workers working on issues raised by the public, a 60-strong enforcement department taking forward our investigations and a similar number charged with developing our information rights policies and engaging with the stakeholders and organisations that need to implement them.
Coming from an office of under 40 in British Columbia, the scale of the management tasks is obviously far more complex and challenging.
I had – I have – Great Expectations for this job.
But there’s one aspect of the job that I did not expect, and it stems from the very governance structure of the ICO.
My job combines the role of Commissioner, which has a variety of regulatory and quasi-judicial functions, with that of a CEO. It is based on the “Corporation Sole” Model.
That’s highly unusual for a large regulatory body like the ICO.
The implications of this model are that I perform a wide range of management functions in my capacity as the ICO’s CEO.
I would say that as well as my regulatory role, I must also work alongside my excellent staff on administrative duties involving organisation, finance, human resources, and negotiations with the unions.
Much activity of late has been about recruitment and retention issues. I am pleased to report that the Treasury has given me pay flexibility to address the gap in wages when compared to the external market.
Everyone is looking for data protection expertise.
I am also looking at new ways to bring in talent – through secondments from the private and government sectors, and through technology fellowships for post-doctoral experts.
It’s not just about the money, it’s also about the resources. And I have many tools in the toolbox. 20 years ago, the toolbox was not global.
Now there is a common recognition that all DPAs need to make creative use of all the tools in the toolbox.
And as in a toolbox, each tool (the hammer, the drill, the screwdriver, the chisel) is suited to a different purpose.
But most of these tools can be used separately, and not in conjunction with another. Throw away the screwdriver or the drill, and the hammer still remains and is still capable of driving in the nail.
At the same time, it cannot drill the hole, or screw in the screw – assuming, of course, that the user can tell the difference.
For the person with the hammer, everything can tend to look like a nail, right?
The tools in the privacy toolbox, however, are designed to be used in conjunction with one another. They do form an integrated package, all of which are now necessary and none sufficient on their own.
Of course the tools are all for nothing if the Commissioner and her team don’t have a good plan for what we are building and why.
So now to the law. This global repertoire of instruments is reflected in the General Data Protection Regulation (GDPR), that will apply in the UK from May: privacy by default and design; codes of practice; privacy seals; Data Protection Impact Assessments (DPIA); data protection officers; accountability mechanisms for good privacy management.
The Europeans have made vigorous efforts to learn from abroad and to embrace policy instruments that were pioneered in other countries, such as Canada, and to incorporate them into the GDPR.
Positive results in data protection are not just attributable to decisions from the top.
They are “co-produced” by a widespread network of actors (regulators, businesses, consumer organisations, media, researchers, and individuals).
I see the ICO as the facilitator of this network, a convener as much as the regulator.
My varied roles
Over ten years ago, Charles Raab and Colin Bennett published The Governance of Privacy: Policy Instruments in Global Perspective1.
In that book, they defined the contemporary roles of the DPA as: ombudspersons, auditors, consultants, educators, policy advisers, negotiators, enforcers, and international ambassadors.
Different authorities played these roles in different ways and with shifting emphasis over time. I, and my staff, also play these roles.
Data Protection “Ombudsman”
Any DPA has to be attentive to its main clients – the citizenry who may have concerns and questions about how their personal data is captured and processed.
We all play the classic role of the “ombudsperson.”
Demand for this role is high and increasing. In 2016-17, the ICO received and dealt with over 18000 data protection complaints, 90% of which were resolved within three months of receipt.
This year we will be over the 21,000 mark and next year we expect over 24,000 complaints as people become more aware of their rights.
Prominent concerns include complaints about timely and comprehensive access to personal information, about the use of CCTV, and take-down requests from search engines. We are dealing with a wide range of complaints, most relate to general business, including the financial and insurance sectors, but they also cover the important relationship and services between the state and the citizen, including local and central government, health, policing and education.
The auditing role is central, and will become more so under GDPR. That embraces more proactive assessments of organisational accountability and expands our work to the private sector in a way not seen before. But we now also have a more nuanced understanding of what a data protection audit actually entails, and make important distinctions between full-blown audits, risk reviews and advisory audits.
In 2017-18, we delivered 24 full audits providing advice and recommendations, 37 information risk reviews, 18 follow-up audits, and 47 advisory audits to SMEs.
We are also consultants and often give advice to organisations that come to us with requests to comment on new products and services.
We are happy to hear of new developments and to give advice about whether new systems are compliant with the law, and about how to minimize risks to privacy. This role too will increase under the GDPR – organisations will be increasingly pressured to get the advice of regulators before systems are developed and services are launched.
They will be expected to implement privacy by design, and by default, and will need advice about how to accomplish those goals.
In this regard, my office is establishing a regulatory “sandbox” that provides beta testing of new initiatives in private and public sectors.
This strategy allows us to keep up with new technological developments, and at the same time ensure that appropriate protections and safeguards are built-in.
This is what the law requires.
The strategy is based on the strong belief that privacy and innovation are not mutually exclusive. New technology is both a risk and an opportunity. The strategy also allows us to boost the technical expertise of our staff.
I spend a lot of my time in education – both of the general public and of organisations. We have launched a guide to the GDPR, which has had over 3 million hits since publication.
I have given several dozen speeches to organisations over the last two years, and use those as an opportunity to spread the word to key audiences. We are also active in social media, and broadcast podcasts on significant questions. I also write blogs on key issues – including a series of GDPR myth busting blogs.
In April, we will launch a public education campaign, Your Data Matters, to educate the public on their new rights under the law.
The campaign is the ICO’s but we are collaborating with private sector and civil society partners to assist us in disseminating information about the use of personal data in everyday life, complete with real-life scenarios and story-telling content. The aim is to increase the public’s trust and confidence in how organisations use their data. And that’s my priority.
With the GDPR, and Brexit, I have spent a lot of time with parliamentary committees, ministerial staff in giving policy advice about legislative and regulatory change. I spend around 2-3 days a week in London since I took up the position because of heavy parliamentary and Whitehall business. We have opened a London office and formed a parliamentary team.
My staff and I need strong negotiation skills staking out principled positions, but being prepared to compromise. We negotiate with government agencies, and with corporations. We negotiate, for instance, over codes of practice, such as the one currently being developed on direct marketing.. The role of negotiator is critical in an area of law where there are often no clear black and white answers, and few “bright-line” rules.
We are also involved in negotiation with other regulators and oversight agencies. There are many other players in this space – from the NCSC in matters of cyber security, the Surveillance Camera Commissioner to the Childrens’ Commissioners. In fact I met with Bruce Adamson the Children and Young People’s Commissioner Scotland just this morning.
We work hard to develop a framework that allows us to work in a co-ordinated manner in the best interest of UK citizens.
I played all those roles in Canada (in Ottawa and in British Columbia). But they are now played out on a bigger stage, and with far greater implications.
There are two roles I’ve yet to speak about – the enforcer and the international ambassador.
These are far more prominent in my role as UK Information Commissioner than they ever were in Canada. And these are the ones that I would like to discuss in greater detail in the rest of this talk.
My office possesses a greater range of enforcement and sanctioning powers than those in Canada.
As an illustration, companies could find themselves subject to severe penalties for not complying with the GDPR, which states the maximum amounts that companies could be liable to as £17m, or 4% of the organisation’s total annual worldwide turnover in the preceding year, whichever is higher.
We also have powers to suspend or amend processing or transfers.
The enforcement notice can be more intrusive than the fine. These are significant fining and directing powers, and they have to be to be used predictably, consistently and judiciously.
To that end, my office is developing a Regulatory Action Policy to provide greater clarity and focus to our roles.
So, when I look at the contemporary inventory of regulatory tools at my disposal, it is now a long list that operates on a sliding continuum, or hierarchy of regulatory action.
That’s quite a list, right?
We aspire to select the most appropriate regulatory instrument based on a risk assessment of the nature and seriousness of the breach, the sensitivity of the data, the number of individuals affected, the novelty and endurance of the concerns, the larger public interest, and whether other regulatory authorities are already taking action in respect of the matter.
We also reserve the right to take into account the attitude and conduct of the organisation, whether relevant advice has been heeded, and whether accountability measures have been taken to mitigate risk.
Now might be a good time to tell you about our ongoing investigation into the use of personal data by political parties and campaigns. The use of data analytics for political purposes has not been examined by any other DPA.
It is a complex investigation involving over 30 organisations including political parties, data analytics companies, and social media platforms.
We hope to shed light on the mysteries and complexities of the data driven campaign and election. And we hope that our work will be an important contribution to the wider legal and ethical discussions about the use of personal data to mobilize voters.
All privacy and data protection commissioners are increasingly international ambassadors for their domestic data protection regimes and approaches.
We advance the interests of our citizens, and also to some extent our businesses, in a variety of regional and international forums.
As UK Information Commissioner, I am now of course on a far more visible international stage then I ever was in Canada.
To help navigate these uncertain international waters, my office has published an international strategy that recognizes the importance of agility in an ever changing world.
As you know, the GDPR will apply in the UK as of May 25th 2018. We have been giving guidance to British businesses on how to comply with the GDPR, on issues such as automated decision-making, profiling, personal data breach notification, and the processing of data on children.
We have also tried to explode some of the unfortunate myths concerning compliance.
As we have a more longstanding experience with some of the instruments in the GDPR, we hope that our practical guidance can have an influence beyond the UK.
At the same time, we have been trying to influence the new Data Protection Bill, which had its Second Reading debate in the Commons last week, and which aims to align UK law with the GDPR.
Overall, I am encouraged that the interests of the government, UK industry and civil society are broadly aligned around the need to apply the provisions of the GDPR within the UK with minimum divergence. The government has prioritised the issue of data protection and data flows in the Brexit negotiations because data underpins the digital economy, trade and criminal justice.
I am striving for what I have called a “holy trinity of outcomes”: uninterrupted data flows to Europe and the rest of the world; high standards of data protection for UK citizens and consumers, wherever their data resides; and legal certainty for business.
We intend to play a full role in EU institutions until the UK leaves the EU, we are preparing for the post-Brexit environment in order to ensure that the information rights of UK citizens are not adversely affected.
But several questions remain, and which will be inescapably determined by the final contours of the relationship between the UK and the European trading bloc. There is agreement that there will be a transition period – necessary to untangle a 40-year regulatory regime. During the transition period, to avoid a cliff edge harmful for business and citizens, the intent is that the regulatory regimes – from data protection to aviation, food standards and the environment will be maintained.
When it comes to the arrangements post-Brexit for international transfers, achieving a bespoke agreement on data flows in the commercial and security sectors, or an adequacy finding from the European Commission may be the most elegant ways of ensuring the continued frictionless flow of data between the EU and the UK.
And there is no doubt that having domestic laws that achieve a high standard of data protection, harmonized with those of the EU, will be a significant advantage in a special arrangement.
Should the UK leave the EU without a data deal in place, EU organisations will need to have binding contractual arrangements in place every time they wish to share new information and data with their UK partners.
Even with the GDPR translated into UK law, interpretation of the law is the responsibility of the ICO, and the UK courts.
Our interpretation might be influenced by decisions made through consistency mechanisms within the GDPR and the European Data Protection Board, but there is no guarantee – leading to possible divergences of interpretation and confusion for companies that do business in the UK and the EU.
Perhaps the most significant “unknown” from my point of view is the exact nature of relationship with our DPA colleagues across Europe.
Is the ICO going to have a seat on the European Data Protection Board with voting rights or will we be an observer without voting rights; or not even allowed to have a seat around the table? Is the UK going to be a partner, helping to set policy, or will we have the status of a third country – like Canada or Japan?
And then there is the “onward transfer” problem of how to protect the data of EU citizens exported from UK organisations to other areas of the world, and which will be a critical issue in the determination of adequacy. Will the UK have a mirror agreement, similar to that enjoyed currently by Switzerland? Or will UK businesses have to default to various accountability mechanisms, such as binding corporate rules.
And what, then, of data flows from the UK to the United States? Will there be a separate UK-US Privacy Shield arrangement?
There is uncertainty over the legal arrangements in the transition period and the repercussions of this unprecedented process, but the one certainty is that the European Union will continue to advance the highest standards of protection for the personal data of people in the EU, and the UK shares and has committed to maintain these high standards.
I expect that when it comes to rights such as the right to privacy and data protection, the EU and the UK will continue to pursue common strategies; and I expect to maintain substantial dialogue and work with my EU colleagues. The ICO is the largest DPA in Europe and contributes heavily to the work of the Article 29 Working party. Its influence should, and will, continue to be felt post-Brexit.
But none of those resources, legal tools and relationships are sufficient, unless the Commissioner has the courage of leadership and inspires teamwork to advance the rights of UK citizens in the face of some strong global, technological and organisational pressures. But courage is not just manifested in enforcement – in using the legal powers of the office to punish and sanction.
It is also a matter of hard work, commitment, perseverance and a skill in knowing what instrument to use, at what time.
Any data protection or privacy Commissioner has to be pragmatic, and be aware of the various policy tools and instruments at his or her disposal. At a superficial level, the job does involve knowing when to use the ‘carrot’ or ‘the stick’. But those choices are now more complex.
So that simple distinction may be misleading – there are now many types of ‘carrot’ and many types of ‘stick’.
At the end of the day, all privacy and data protection commissioners are looking for an ounce of prevention.
That has been generally argued by observers of the work of privacy commissioners, going back to David Flaherty’s 1989 pioneering book, Protecting Privacy in Surveillance Societies2.
Offices like mine, like the ICO are more effective when they can act proactively, and can give general policy guidance to minimize the needs for complaints, and for enforcement actions.
Prevention is better than cure.
But this is a goal that is not easy to realise, when the office is continually expected to respond to the unexpected: the data breach, the high-profile media story, the sudden policy initiative from government, the significant court decision and so on.
We do try to operate an intelligence function that gathers data on the implementation of data protection, surveys companies and monitors practices.
We have a new team that focuses on priority files, and these cases, investigations or audits are run by cross office groups directed by the senior leadership team. We are then able to understand any general patterns and take proactive measures accordingly.
We also work with civil society and consumer groups – and take their complaints about systemic issues.
GDPR will give us more tools for education, for encouraging accountability, for building in privacy by design and by default. Of course, it is essential to keep the legal sanctions in the background, be ready to use them, and make organisations aware that we are ready to use them.
That general conclusion about the importance of the proactive and general policy work, over the more reactive enforcement work, was also true of my work in Canada and BC.
It is just that I now have more money, more staff, more laws, more tools in my toolbox, a larger audience, a brighter media spotlight and a more extensive range of organisations to regulate.
So, I have the resources to do the job and the law to back me up.
I’ll let you be the judge as to whether I and my team have the courage!
1 C.J Bennett and C.D Raab, The Governance of Privacy: Policy Instruments in Global Perspective (Cambridge MA: MIT Press, 2006).
2 D.H Flaherty, Protecting Privacy in Surveillance Societies: The Federal Republic of Germany, Sweden, France, Canada and the United States (Chapel Hill: University of North Carolina Press, 1989).
Event: Joining The Circle: capturing the zeitgeist of ‘Big Tech’ companies, social media speech and privacy
Professor Robin Barnes (Global Institute of Freedom and Awareness) and Peter Coe (Aston University) have organised a panel session at the Inner Temple, London, on Wednesday 23 May 2018. The session is entitled: ‘Joining The Circle: capturing the zeitgeist of ‘Big Tech’ companies, social media speech and privacy’.
It is based on Dave Egger’s book, The Circle, which tells the story of an all-powerful new media company that seeks to totally monopolize its market place and remake the world in its image. Although fictional, the book captures the zeitgeist surrounding ‘Big Tech’ companies exerting ever-increasing influence over our lives by altering our perceptions and expectations of the media (including citizen journalists), free speech and privacy, and how our personal information is used and protected.
The panel consists of seven experts from academia and practice who are currently engaging with these issues, including: Peter Coe, Professor Barnes; Dr Paul Wragg, Rebecca Moosavian (both University of Leeds), Dr Paul Bernal (University of East Anglia), Dr Laura Scaife (BBC) and Jacob Rowbottom (University of Oxford). Professor Ian Cram (University of Leeds) will open the conference. These experts will present and discuss their thoughts on these issues, and their potential implications, both now and in the future.
This event will be of interest to practising and academic lawyers with expertise in Media Law generally (including free speech, privacy and data protection), journalists and other media professionals, and those engaged in research and teaching relating to journalism and the wider media.
The event is free to attend, and includes lunch and refreshments. Registration will begin at 9.00am and the panel will finish at around 4.00pm. Following the close of the panel session there will be an opportunity to network with the panel members and other delegates.
Delegate places are limited. Therefore, places are available on a first come first served basis. If you would like to attend, please email Peter Coe as soon as possible: firstname.lastname@example.org.
This is an edited version of an article which first appeared in Communications Law journal, volume 23, issue 1 (Bloomsbury Professional) and PA Media Lawyer.
In 2012 Mr Justice Tugendhat, ahead of his retirement in 2014, made a plea for more media specialist barristers and solicitors to consider a judicial role: “As the recruiting posters put it: Your country needs you.”
He emphasised the particular burden of freedom of expression cases, which require judges, for example, to consider the rights of third parties, “even if those third parties choose not to attend court” and to provide reasons for the granting of injunctions at very short notice.
Without expert knowledge of the applicable law, this is no easy task. Fortunately, media law cases have not fallen apart with the respective retirements of Sir Michael Tugendhat and Sir David Eady, and recent specialists to join the High Court include Mr Justice Warby in 2014, and Mr Justice Nicklin in 2017 – both formerly of 5RB chambers.
The arrival of Mr Justice Warby, who was given the newly created role of Judge in charge of the Media and Communications List, has provided a welcome opportunity to propose changes to the procedure of media litigation in the Queen’s Bench Division, where the majority of English defamation and privacy claims are heard.
Since taking on responsibility for the cases involving one or more of the main media torts – including defamation, misuse of private information and breach of duty under the Data Protection 1998 – Mr Justice Warby has spoken about his hopes and plans for the list, and also conducted a consultation among those who litigate in the area, as well as other interested parties.
The consultation considered the adequacy of Civil Procedure Rules and Practice Directions; the adequacy of the regime for monitoring statistics on privacy injunctions; and support for the creation of a new committee.
As a socio-legal researcher rather than legal practitioner, my interest was piqued by the latter two questions.
For some time, I have been concerned that efforts by the Judiciary and the Ministry of Justice to collect and publish anonymised privacy injunction data have been insufficient, and also that the availability of information about media cases could be improved more generally.
My own efforts to access case files and records in 2011-13, to update research conducted by Eric Barendt and others in the mid 1990s, and to interrogate assertions of defamation’s “chilling effect”, proved largely unsuccessful and I was astonished how rudimentary and paper-based internal systems at the Royal Courts of Justice appeared to be.
Although public observers are entitled to access certain documents – such as claim forms – the cost and difficulty in locating claim numbers prohibits any kind of useful bulk research which would allow more sophisticated qualitative and quantitative analysis of media litigation.
I jumped, therefore, at the opportunity of the consultation to raise my concerns about the injunctions data, and to support the creation of a new user group committee.
My submission, with Paul Magrath and Julie Doughty, on behalf of the Transparency Project charity, made suggestions for revising the injunctions data collection process, including the introduction of an audit procedure to check information was being recorded systematically and accurately.
Following the consultation, Mr Justice Warby held a large meeting at the Royal Courts of Justice for all respondents and other interested parties at which he shared a table of proposals from the consultation, provisionally ranked as “most feasible”, “more difficult” and “most difficult”.
The last category also included proposals which would require primary legislation, which would be a matter for Parliament rather than the Judiciary.
I was pleased that our initial proposals on the transparency of injunctions data have been deemed practical and feasible in the first instance.
Also considered achievable are some of the proposals related to case management and listings, updating the pre-action protocol (PAP), the Queen’s Bench Guide, and civil practice directions in light of developments in privacy, data protection and defamation litigation and press regulation (not least to reflect the Defamation Act 2013).
This meeting also established the creation of a new Media and Communications List User Group (MACLUG) to which a range of representatives have been appointed.
The group comprises members of the Bar and private practice solicitors (including both claimant and defendant specialists), in-house counsel, clerks, and a costs practitioner.
Additionally, I have joined as a representative of public interest groups – i.e. those engaged in academic research and third sector work. The new committee met for the first time at the end of 2017, and members have formed smaller working groups to take forward the “feasible” proposals, which will be discussed with our respective constituencies in due course, and where relevant, eventually proposed to the Civil Procedure Rule Committee to consider.
All of which were “easier said than done”, in his words. Quite so. But it is right that it should be attempted, and with judicial input where appropriate.
Mr Justice Warby’s efforts to date are to be applauded, and in particular, his open approach in addressing some of the flaws and inconsistencies of current practice, and evaluating structural and systemic issues.
That said, a committee formed by the judiciary is constrained in its remit, quite rightly. The consideration of changes to primary legislation should fall to Parliament.
It is therefore important that media law practitioners and other stakeholders should also work with the Ministry of Justice and HM Courts and Tribunals Service to inform ongoing work on courts modernisation, and push for wider consultation and involvement in reforms. A further challenge is to persuade government and parliamentarians to take on any issues requiring changes to legislation.
Part I of the Leveson Inquiry addressing, in part, the relationship between media proprietors, editors and politicians showed that the process of consultation on public policy affecting the news media has been subject to undue influence by certain private interests, and insufficiently transparent.
To this end, perhaps the new Lord Chancellor and Secretary of State for Justice, David Gauke MP, and the new Secretary of State for Digital, Culture, Media and Sport, Matt Hancock MP, might consider ways in which they can consult more openly and fairly in their development of policy and draft legislation on freedom of expression, reputation and privacy.
Dr Judith Townend is lecturer in media and information law at the University of Sussex and a member of the Queen’s Bench Division Media and Communications List User Group Committee.
Featured image: courtesy of Dave Pearce (@davebass5) on Flickr.
As part of a series of interviews with LSE Faculty on themes related to the Truth, Trust and Technology Commission, Dr Omar Al-Ghazzi talks to LSE MSc student Ariel Riera on ‘echo chambers’ in the context of North Africa and the Middle East.
AR: The spread of misinformation through social media is a main focus of the Commission. Are there similar processes in the Middle East and in the North Africa region?
OA: Questions about trust, divisions within society, and authoritarian use of information or what could be called propaganda are very prevalent in the Middle East and North Africa. So in a way a lot of the issues at hand are not really new if we think about communication processes globally. Much of the attention that misinformation has been getting is in relation to Trump and Brexit. But Syria, for instance, is actually a very productive context to think through these questions, because with the uprising and the war, there was basically an information blackout where no independent journalist could go into the country. This created an environment where witnesses and citizen journalists and activists fill that gap. So it is now a cliché to say that the war in Syria is actually the most documented war. But all that information has not led to a narrative that people understand in relation to what’s happening. And that has to do with trust in digital media and the kind of narratives that the government disseminates. The echo chamber effect in the way people access information from online sources they agree with is also as prevalent in the Middle East as it is globally.
AR: And in these countries, who are the perpetrators of fake news and misinformation and what are the channels?
OA: It is a complicated question because if we talk about the war in Syria, the communication environment is much more complex than the binary division between fake and real. For instance, I am interested in the reporting on the ground in areas that are seeing or witnessing war and conflict. I will give you an example. Now in the suburbs of Damascus, where there is a battle between rebels and the government, there are several cases of children and teenagers doing the reporting. So how should this be picked up by news organisations, and what are the consequences? CNN recently called one of the teenagers based in Eastern Ghouta, Muhammed Najem, a ‘combat reporter’. What are the ethical considerations of that? Does that encourage that teenager to take for instance more risks to get to that footage? How is what he produces objective if first he has obviously no journalism training as a very young person and second he is in a very violent context where his obvious interest lies in his own survival and in getting attention about his and his community’s suffering. He has a voice that he wants to be heard and which should be heard. But why is the expectation, if he is dubbed a ‘combat report’, that what he produces should be objective news reporting?
Beyond this example of the complex picture in war reporting, I think the Middle East region also teaches us that when there is a lack of trust in institutions of any country in the world, when there is division in society about a national sense of belonging, about what it means to be a patriot or a traitor, that would produce mistrust in the media. Basically, a fractured political environment engenders lack of trust in media, and engenders that debate around fake or real. So there is a layer beyond the fakeness and realness that’s really about social cohesion and political identity.
AR: Nationalist politicians all over the world have found in social media a way to bypass mainstream media and appeal directly to voters. What techniques do they use to do this?
OA: Perhaps in the Middle East you don’t find an example of a stream of consciousness relayed live on Twitter like the case is with President Trump, but, like elsewhere in the world, politicians are on Twitter and even foreign policy is often communicated there. Also, a lot of narratives that feed into conflicts, like the Arab-Israeli conflict, take shape on social media. So without looking at social media you certainly don’t get the full picture even of the geopolitics in the region. Without social media, one would not grasp how government positions get internalised by people and how people contribute- whether by feeding into government policies, or maybe resisting them as well.
AR: Based on your observations in North Africa and the Middle East, can mistrust or even distrust of mainstream media outlets be a healthy instinct? For example, if mainstream media is a place where only one voice is heard.
OA: Even though a lot of the media are politicised in the Arab world because they are government owned, people have access to media other than their own governments because of a common regional cultural affiliation, a shared language and the nature of the regional media environment. So actually people in the Arab world are sophisticated media users because they have access to a wide array of media outlets. Of course, there are outlets that are controlled by governments wherever one may be situated and things vary between different countries, but audiences can access pan-Arab news media such as Al Jazeera, Al Arabiya and Al Mayadeen. They have access to a wide array of online news platforms as well as broadcast news. So you really have a lot of choices. If you are a very informed audience member you would watch one news outlet to know, let’s say, what the Iranian position on a certain event is, and then you watch a Saudi funded channel to see the Saudi. But of course, most people don’t do that because you know they just access the media that offers the perspective they already agree with.
We have to remember that in the context of the Middle East there is a lot of different conflicts, there is war, which obviously heightens the emotions of people and their allegiances and whatever their worldview is. So we are also talking about the context that, because of what is happening on the ground, people feel strongly about their political positioning which feeds into the echo chamber effect.
AR: You wrote that, at least linked to the Arab Spring, there was a ‘diversity of acts referred to as citizen journalism’. What differentiates these practices from the journalism within established media?
OA: Basically, in relation to the 2011 Arab uprisings, there were a lot of academic and journalistic approaches that talked about how these uprisings were Facebook or Twitter revolutions, or only theorising digital media practices through the lens of citizen journalism. But I argued that we cannot privilege one lens to look at what digital media does on the political level because a lot of people use digital media, from terrorist organisations to activists on the ground to government agents. So one cannot privilege a particular use of digital media and focus on that and make claims about digital media generally, when actually the picture is much more complicated and needs to be sorted out more.
Of course the proliferation of smartphones and social media offered ordinary people the opportunity to have their own output, to produce witness videos or write opinions. It is a very different media ecology because of that. However, we cannot take for granted how social media is used by different actors. In social science we have to think about issues of class, literacy, the urban rural divide, the political system, the media system. And, within that complexity, locate particular practices of social media rather than make blanket statements about social media doing something to politics generally and universally.
Dr Omar Al-Ghazzi is Assistant Professor in the Department of Media and Communications at LSE. He completed his PhD at the Annenberg School for Communication, the University of Pennsylvania, and holds MAs in Communication from the University of Pennsylvania and American University and a BA in Communication Arts from the Lebanese American University.
This post brings us some recent developments on freedom expression from Dr David Goldberg, Senior Visiting Fellow, Institute of Computer and Communications Law in the Centre for Commercial Law Studies, Queen Mary, University of London, and member of the Information Law and Policy Centre’s Advisory Board.
Dr Goldberg delivered a presentation at the event calling for enhancing media literacy, and cautioning against over-relying on the law to deal with the so-called phenomenon of fake news. Dr Goldberg’s presentation will be available in a forthcoming publication.
Lastly, following up on the ‘Freedom of Information at 250’ event held at the Free Word Centre in December 2016 with the support of the Information Law and Policy Centre at the Institute of Advanced Legal Studies, and the Embassies of Sweden and Finland, the publication Press Freedom 250 Years: Freedom of the Press and Public Access to Official Documents in Sweden and Finland – A Living Heritage from 1766 is now available in English. The publication of this translation has been in large part due to the efforts of Dr David Goldberg, Mark Weiler and Staffan Dalhoff. The book was launched on 2nd December 2016 at the Swedish Parliament, and the free PDF is available at http://www.riksdagen.se/globalassets/15.-bestall-och-ladda-ned/andra-sprak/tf-250-ar-eng-2018.pdf.
ILPC Annual Conference and Annual Lecture 2017 Children and Digital Rights: Regulating Freedoms and Safeguards
The Internet provides children with more freedom to communicate, learn, create, share, and engage with society than ever before. Research by Ofcom in 2016 found that 72 percent of young teenagers in the UK have social media accounts. Twenty percent of the same group have made their own digital music and 30 percent have used the Internet for civic engagement by signing online petitions or by sharing and talking about the news.
Interacting within this connected digital world, however, also presents a number of challenges to ensuring the adequate protection of a child’s rights to privacy, freedom of expression, and safety, both online and offline. These risks range from children being unable to identify advertisements on search engines to being subjects of bullying or grooming or other types of abuse in online chat groups.
Children may also be targeted via social media platforms with methods (such as fake online identities or manipulated photos and images) specially designed to harm them or exploit their particular vulnerabilities and naivety.
These issues were the focus of the 2017 Annual Conference of the Information Law and Policy Centre (ILPC) based at the Institute of Advanced Legal Studies, University of London. The ILPC produces, promotes, and facilitates research about the law and policy of information and data, and the ways in which law both restricts and enables the sharing and dissemination of different types of information.
At the 2017 ILPC Annual Conference, leading policymakers, practitioners, regulators, key representatives from industry and civil society, and academic experts examined and debated the opportunities and challenges posed by current and future legal frameworks and the policies being used and developed to safeguard these freedoms and rights.
The legal systems under scrutiny included the UN Convention on the Rights of the Child and the related provisions of the UK Digital Charter, and the UK Data Protection Bill, which will implement the major reforms of the much anticipated EU General Data Protection Regulation (2016/679) (GDPR) which will soon enter into force on 25 May 2018. Key concerns expressed at the conference by delegates included the effectiveness in practice and lack of evidence-based policy for the controversial age of consent for children and their use of online information services provided for under the GDPR.
Further questions were raised with respect to what impact in practice will there be for children’s privacy, their freedom of expression, and their civil liberties as a result of the new transparency and accountability principles and mechanisms that must be implemented by industry and governments when their data processing involves the online marketing to, or monitoring, of children.
Given the importance and pertinence of these challenging and cutting-edge policy issues, the Centre is delighted that several papers, by regulators and academic experts from institutions within the UK, the EU, and beyond, which were presented, discussed, and debated at the conference’s plenary sessions and keynote panels, feature in a special issue of the leading peer-review legal journal of Communications Law, published by Bloomsbury Publishers.
This special issue also includes the Centre’s 2017 Annual Lecture delivered by one of the country’s leading children’s online rights campaigners, Baroness Beeban Kidron OBE, also a member of the House of Lords and film-maker, on ‘Are Children more than Clickbait in the 21st Century?’
For IALS podcasts of the 2017 ILPC Annual Lecture delivered by Baroness Kidron and presentations from the Annual Conference’s Keynote Panel, please see the IALS website at: http://ials.sas.ac.uk/digital/videos.
Nora Ni Loideain
Director and Lecturer in Law,
Information Law and Policy Centre,
IALS, University of London.
5th Winchester Conference on Trust, Risk, Information and the Law Wednesday 25 April 2018, Holiday Inn, Winchester, UK
Theme: Public Law, Politics and the Constitution: A new battleground between the Law and Technology?
Keynote speakers will be Michael Barton, Chief Constable of Durham Constabulary who has spoken recently about the need to reclaim ‘sovereignty’ over the Internet, and Jamie Bartlett, Director of the Centre for the Analysis of Social Media for Demos in conjunction with the University of Sussex, and author of several books including ‘Radicals’ and ‘The Dark Net’. Breakout sessions will explore fake news, the use of algorithms in the public sector, infringements over the Internet and other issues. The conference will include the launch of the University of Winchester’s new Centre for Parliament and Public Law, with a presentation highlighting the ongoing work of the Department of Culture, Media & Sport in the area of Data Ethics & Innovation.