Category: Digital Rights

Reality and Illusion in EU Data Transfer Regulation post-Schrems

Crhis KunerOn the first anniversary of the judgment of the Court of Justice of the European Union in Case C-362/14 Schrems, Professor Christopher Kuner (pictured left), Professor of Law at the Vrije Universiteit Brussels, will give a public lecture on

Reality and Illusion in EU Data Transfer Regulation post-Schrems

The lecture will be held in the Neill Theatre, Trinity Long Room Hub, Trinity College Dublin, on Thursday 6 October 2016, at 1:00pm.

In Case C-362/14 Schrems v Data Protection Commissioner [2015] ECR I-nyr (Grand Chamber, 6 October 2015), the Court of Justice of the European Union invalidated the EU-US Safe Harbour arrangement allowing personal data to be transferred to the US. The judgment is a landmark in the Court’s data protection case law, and illustrates the tension between the high level of legal protection for data transfers in EU law and the illusion of protection in practice. The judgment has undermined the logical consistency of the other legal bases for data transfer besides the Safe Harbour, and reactions to it have largely been based on formalism or data localization measures that are unlikely to provide real protection. Schrems also illustrates how many legal disagreements concerning data transfers are essentially political arguments in disguise. The EU and the US have since agreed on a replacement for the Safe Harbour (the EU-US Privacy Shield), the validity of which will likely be tested in the Court. It is crucial for data transfer regulation to go beyond formalistic measures and legal fictions, in order to move regulation of data transfers in EU law from illusion to reality.

Professor Christopher Kuner is a leading expert on the law of data protection and, in particular, the law governing the international transfer of data. He is Professor of Law and Co-Chairman of the Brussels Privacy Research Hub at the Vrije Universiteit Brussel and Senior Privacy Counsel in the Brussels office of Wilson Sonsini Goodrich & Rosati. He is also a Visiting Professor in the Department of Law in the London School of Economics and Political Science, an associate professor in the Law Faculty of the University of Copenhagen and an affiliated lecturer and Honorary Fellow of the Centre for European Legal Studies of the University of Cambridge. He is the author of Transborder Data Flows and Data Privacy Law (OUP, 2013) and Editor-in-Chief of the Journal of International Data Privacy Law (also published by OUP).

ADAPT centre logoAttendance is free, and all are welcome to attend, but booking is essential, so please register at eventbrite.

The lecture is organised by the Ethics & Privacy Working Group of the ADAPT Centre, TCD, in conjunction with the Trinity Long Room Hub, TCD School of Law, TCD School of Religions, Peace Studies and Theology, TCD Library and DCU Institute of Ethics.

Some forthcoming legislation on the administration of justice, cybercrime, education, intellectual property, and privacy

Government Buildings by night, via Wikipedia

Government Buildings,
Merrion Square, Dublin.
Image via wikipedia
Government Chief Whip Regina Doherty has announced the Government’s Legislation Programme for the Autumn Session 2016 (pdf). It is a considerable update of the programme published last June (pdf) when the government came into office.

The June programme had the feel of a holding document, published to get a new government to the Summer Recess. This programme has a far more substantial feel about, published to demonstrate the government’s confidence in its capacity to promote and enact legislation.

After the publication of the June programme, I examined proposed legislation from the Department of Education and Skills (here; and see also here), the Department of Jobs, Enterprise and Innovation (here; and see also here and here), and the Department of Justice and Equality (here and here). Under those headings, very little has changed. But there are some notable additions, not least of which is the Interception of Postal Packets and Telecommunications Messages (Regulation) (Amendment) Bill. All we are told is that work is underway on a Bill to “amend various pieces of legislation in respect of electronic communications”. There is no further explanation. This is probably the Bill to provide for further covert surveillance of electronic communications promised by the Minister earlier this Summer. It is also likely to cover incoming requests from overseas to access to data held in Ireland. It may also include preparatory work for the response to the investigations being carried out by retired Chief Justice John Murray and retired Supreme Court judge Nial Fennelly. However, at present, this is just speculation, so we shall have to wait and see what the Department has in mind.

As to the administration of justice, priority legislation to be published by the Department of Justice and Equality this session includes a Bill to make provision for periodic payment orders to replace lump sum damages, and a (hastily-promoted?) Bill to establish the long-awaited Judicial Council. Indeed, that Bill is expected to undergo pre-legislative scrutiny this session, as is a Bill to replace the Judicial Appointments Advisory Board with a new Judicial Appointment Commission – indeed, the cabinet agreed yesterday to bring forward the heads of such a Bill by November. All of these developments are very welcome – provided that the Appointments Bill permits legal academics to apply for appointment to be bench, especially at appellate level. It would not be difficult to draft the necessary legislative provisions, and there is no reason in principle not to do so.

As to cybercrime, first, the busy Department of Justice and Equality is promoting the Criminal Justice (Offences Relating to Information Systems) Bill 2016, to implement Directive 2013/40/EU on attacks against information systems. It is on the Dáil Order Paper, awaiting Second Stage. Second, in the ‘I’ll believe it when (if) I see it’ category is the long-promised and almost long-forgotten Cybercrime Bill to give effect to the Council of Europe Convention on Cybercrime 2001. Yes, you read that right, it’s a 2001 Convention. It is 15 years old, which is a lifetime online.

As to education, legislation envisaged at some stage from the Department of Education, but probably not in this session, includes the Higher Education (Reform) Bill and the longer-threatened Universities (Amendment) Bill (critiqued here, here, here, and here). And the Technological Universities Bill 2015 remains on the Dáil Order Paper, awaiting Committee stage.

As to intellectual property, pre-legislative scrutiny is expected shortly on the Knowledge Development Box (Certification of Inventions) Bill. Heads of a Bill to amend Article 29 of the Constitution to recognise the Agreement on a Unified Patent Court were approved on 23 July 2014, though, in the light of Brexit, a cautious approach for the time being may mean that other Bills may progress ahead of it from the Department of Jobs, Enterprise and Innovation to the Oireachtas. Finally, the Copyright and Related Rights (Amendment) (Miscellaneous Provisions) Bill has been “referred to committee” pre-legislative scrutiny. This is presumably the Joint Committee on Jobs, Enterprise and Innovation. However, the Bill is not in the pre-legislative scrutiny list for this session, so we probably won’t see it in committee before Christmas.

As to privacy, the most important piece of legislation mentioned in the Programme is the Data Protection Bill, to transpose the EU Directive 2016/680 and give full effect to the General Data Protection Regulation (Regulation 2016/679). Heads are expected before the end of 2016 (but I’m not holding my breath). A Data Sharing and Governance Bill will be published and sent for pre-legislative scrutiny, to mandate and facilitate lawful data-sharing and data-linking for all public bodies, and a Health Information and Patient Safety Bill go further in the context of health information. In both cases, the drafting will be tricky, not least because the Bills will have to be compliant with the decision of the Court of Justice of the European Union in Case C?201/14 Bara. The Criminal Records Information System Bill and the Passenger Name Record Bill implement EU obligations. However, in the case of the latter, since there is a challenge before the CJEU in respect of a related measure, a cautious approach for the time being may mean that other Bills may progress ahead of it from the Department of Justice and Equality to the Oireachtas.

Finally, it is heartening to see that work has commenced on a Bill to remove blasphemy from the Constitution, and interesting to see active proposals to establish an Electoral Commission and to amend the transfer of records in the National Archives from 30 years to 20 years.


The Ethics of Security and Surveillance Technologies

Professor Hille Haker will deliver a public lecture on

The Ethics of Security and Surveillance Technologies

in the Trinity Long Room Hub, on Thursday 22 January 2015, at 18:30. In this public lecture, organised by the Confederal School of Religions, Peace Studies and Theology at Trinity College Dublin, and the Ethics and Privacy Working Group of the ADAPT centre at TCD, Prof Haker will outline her thoughts on the ethics of surveillance technologies. In particular, she will address the key questions:

Security and freedom: do we need both?
And can we enjoy both without the pursuit of one jeopardising the other?

Prof Haker is a member of the European Group on Ethics in Science and New Technologies (EGE), which advises the European Commission on ethical issues. On 20 May 2014, the EGE submitted to the Commission their Opinion no 28 on “Ethics of Information and Communication Technologies”. In an era where rapid advances in telecommunications and computing have enabled the data of billions of citizens around the globe to be tracked and scrutinized on an unprecedented scale, the Opinion aims to provide a reference point for the Commission regarding the ethics of security and surveillance measures.

Building upon the Opinion, in this lecture, Prof Haker considers the tensions between security and freedom. After broadening the concept of security to describe the general human needs and rights to secure their well-being (UN), ‘security’ has recently been narrowed down again, in light of terrorist and criminal activities. One area of concern is the expansion of surveillance technologies. The ‘re-turn’ to the narrow security concept has been framed as a necessary ‘trade off’ between security and freedom.

Prof Haker will consider whether this ‘framing’ appropriate, whether surveillance undermines trust as a condition for social cooperation, and whether surveillance technologies will affect us both in our personal relationships and in our presence in the public sphere. And she will argue that a new ‘social contract’ is needed that not only readjusts the political control of individuals but also critically examines the role of companies promoting security and surveillance technologies in comparison with other socio-economic efforts to create security for human beings.

Professor Hille Haker holds the Richard McCormick S.J. Chair of Ethics at Loyola University Chicago. She is a member of the EGE. From 2003-2005, she was Associate Professor of Christian Ethics, Harvard University, Cambridge, USA and from 2003 – 2009 Chair of Moral Theology and Social Ethics at the University of Frankfurt, Germany.

Pornography, cyberbullying, and internet regulation PollThe image, left, shows the result of a poll on which ran last Tuesday: the question was whether Ireland follow the UK’s lead in blocking online porn? And the results show a slight majority (54%) against doing so. This comes in the wake of proposals from UK Prime Minister David Cameron to compel internet service providers to block pornographic material by default.

To the age old question “will no-one please think of the children?“, Cameron (perhaps rather cynically) rushes to answer: “I will”:

I want Britain to be the best place to raise a family. … Where children are allowed to be children. … Protecting the most vulnerable in our society; protecting innocence; protecting childhood itself. … I will do whatever it takes to keep our children safe.

Predictably, there were calls for similar Irish developments. The Minister for Communications, Energy and Natural Resources, Pat Rabbitte, has blown cold then hot then cold again on the issue. Writing in, Ashley Balbirnie, Chief Executive of the Irish Society for the Prevention of Cruelty to Children (the ISPCC), is very critical of Rabbitte’s vacillation, and makes the case for following Cameron’s lead:

… viewing graphic and violent pornographic material online is extremely harmful to children and we believe strongly that introducing such filters in Ireland is an option worth at least some serious consideration.

We have been here before with calls that “something must be done” and doubtless we will be again. But many of Cameron’s legislative proposals may be neither necessary nor possible, whether in the UK or in the Ireland. In the UK, section 63 of the Criminal Justice & Immigration Act 2008 already goes a long way to doing what Cameron said he wants; in Ireland, the Child Trafficking and Pornography Act, 1998 is similar; European Union case-law seems to prevent the kind of filtering upon which the detail of some of Cameron’s proposals rely, detail which it is notoriously difficult to get right. However, beyond the headline, Cameron’s plan is authoritarian and ill-conceived; the reach of this kind of technology can be extended and over-extended very quickly and easily to other content; it will simply drive the already-illegal material further underground; and it probably won’t work in its avowed aim to help children.


YouTube, Facebook, and the responsibilities of intermediary gatekeepers

YouTube logo, via YouTubeIn my previous post, I argued that, as a matter of principle, the controversial American anti-Islamic video should not be censored. The most obvious form of censorship comes from government action, such as legislation banning speech, but that does not arise in this case. Less obvious, but no less insidious, was the White House request to Google to re-consider whether the video breached YouTube rules. This was not a formal ban, and Google declined to take the video down in the US, but it did block access to it in in Egypt and Libya. This raises two important questions about the structure of free speech. First, in the online world, where most of us access the internet through a range of intermediaries, government censorship does not necessarily need to target the disfavoured speech; it need only target the intermediaries. Very few US companies would feel able to decline a request like that from the White House, and Google are to be commended for standing firm in those circumstances. Second, these intermediaries now have a great deal of practical power over online expression – not only can they be co-opted by government as agents of state censorship, but they also have the capacity to act as censors in their own rights, as Google did in their unilateral action to block access in the Middle East.

Such intermediaries are effectively gatekeepers are those who enable – and control – our access to that information, and this raises profound issues of principle about the role of intermediary gatekeepers in the structure of free speech about which I have written on this blog (here | here | here). At present, such intermediary gatekeepers are all private entities, operating to their own rules, and it is not at all clear how they can be made accountable to their users or the wider public for their private actions. Given the practical, social and legal issues that arise in policing content in such a quasi-public sphere (pdf), it has been argued that search engines and other intermediaries should have public interest obligations, perhaps by analogy with common law duties that govern public utilities (pdf). In particular, free speech norms should not only be about protecting speakers against a heavy-handed state but also about protecting speakers and readers against heavy-handed intermediate gatekeepers. (more…)

The Digital Consequences of Death (or Disability) — Slaw

What happens when people with a presence in cyberspace (really) die? Does the presence become an absence? What do their survivors do about their activities in cyberspace? How do they deal with online assets, or even discover real-world assets that may be locatable only online? How do estate trustees and executors carry out their legal duties with respect to these assets, and the liabilities as well? Many people get most of their bills in electronic form. How can an executor see to paying the debts of the deceased? …

Slaw has dealt with these matters before, in November 2009 and in February 2010. The questions are worth another review.

Is internet access a human right?

A recent United Nations Human Rights Council report examined the important question of whether internet access is a human right.  

Whilst the Special Rapporteur’s conclusions are nuanced in respect of blocking sites or providing limited access, he is clear that restricting access completely will always be a breach of article 19 of the International Covenant on Civil and Political Rights, the right to freedom of expression.

But not everyone agrees with the United Nations’ conclusion. Vinton Cerf, a so-calledfather of the internet” and a Vice-President at Google, argued in a New York Times editorial that internet access is not a human right:

 The best way to characterize human rights is to identify the outcomes that we are trying to ensure. These include critical freedoms like freedom of speech and freedom of access to information — and those are not necessarily bound to any particular technology at any particular time. Indeed, even the United Nations report, which was widely hailed as declaring Internet access a human right, acknowledged that the Internet was valuable as a means to an end, not as an end in itself.

See also the excellent post by Paul Barnal:

First of all, and perhaps most importantly, I didn’t like the headline, which stated baldly and boldly that ‘Internet Access is not a Human Right’. Regardless of whether you agree or disagree with that statement, the piece said a great deal more than that …

Secondly, I think the point that he makes leading to this headline, and to his conclusions, reflects a particularly US perspective on ‘human rights’ – a minimalist approach which emphasises civil and political rights and downplays (or even denies) economic and social rights amongst others. … We need to be very careful about the assumptions we make about any human right – and that, in practice, many of what we consider to be human rights are instrumental, qualified, or contextual rather than absolute, pure and simple.

… another thing that disappoints me about Cerf’s Op Ed piece [is that he] doesn’t mention privacy, he doesn’t mention freedom from censorship, he doesn’t mention freedom from surveillance – I wish he would, because next after access these are the crucial enablers to human rights, to use his terms.

Frank Pasquale has also added to this commentary:

I wish Cerf had seen the excellent presentation at AALS on cyberlaw and the internet kill switch, which was organized by Annemarie Bridy and included fellow bloggers Rob Heverly, Michael Froomkin, and Jack Balkin. As Balkin noted, “new school censorship” is constantly shifting; Cerf’s confidence that abstract categories like “freedom of speech” could identify it all is more blinkered than the rapporteur’s endorsement of concrete modes of realizing communicative autonomy. Heverly drew on the literature of cyborgs to demonstrate how intimately connected personal identities can be with the machines and technologies in which they are embedded. As Julie Cohen argues, we are “networked selves,” and need “greater control over the boundary conditions that govern flows of information to, from, and about” us them.