Included in this issue: Investigatory Powers Tribunal delivers spy agency verdict; Article 29 Working Party attempts to put the brakes on WhatsApp data share arrangement; Chancellor outlines Britain's cyber security plan and more… 

United Kingdom

Investigatory Powers Tribunal delivers spy agency verdict

The Investigatory Powers Tribunal (IPT), a UK judicial body, which was established in 2000 to hear complaints about Intelligence Services, has delivered its verdict on a number of complaints put forward by human rights charity, Privacy International.

The hearing concerned complaints made by the London-based charity regarding the manner in which UK intelligence agencies collected and processed the personal data of UK citizens, specifically, under section 94 of the Telecommunications Act 1984.

It was found that, from 1998 to 4 November 2015, the framework under which intelligence agencies collected the "who, where, when and what" of phone calls and online interactions between members of the public, and therefore the datasets themselves, did not comply with Article 8 of the European Convention on Human Rights (the right to a private and family life).

The IPT did, however, confirm that the legality of the data collected is in accordance with the new regime for the collection of bulk communications data and personal datasets, which came into force in February 2015.

To see a copy of the judgement please click here

Article 29 Working Party attempts to put the brakes on WhatsApp data share arrangement

The Article 29 Working Party (WP29) has requested that WhatsApp temporarily stops sharing user data with parent company Facebook.

The pause has been requested to enable WP29, which is comprised of members of data watchdogs from across the EU, to assess whether the legal safeguards necessary to regulate the social media giant's data policy are in place and, if so, have been complied with.

WP29 has expressed serious concerns about the changes, which entail the sharing of WhatsApp users' phone numbers with Facebook to enable better targeted adverts and friend suggestions.

A spokesperson for WhatsApp commented, “We're working with data protection authorities to address their questions. We’ve had constructive conversations, including before our update, and we remain committed to respecting applicable law.”

Coverage from the BBC

Chancellor outlines Britain's cyber security plan

Britain's Chancellor of the Exchequer, Philip Hammond, has outlined how he plans to use the £1.9 billion of funding that has been set aside to invest in the UK's cyber security plan. The fund, which was announced last year, will be used to deliver the five-year National Cyber Security Strategy and is aimed at protecting individuals and companies alike.

Amongst other things, the sum will be used to fund the recruitment of more than 50 security specialists to the NCA's cybercrime unit, to grow specialist cyber-crime police units and to bankroll a new Cyber Security Research Unit.

The strategy will also see the introduction of an innovation fund, designed to offer financial support to security tech start-ups.

Philip Hammond commented on the strategy, "If we do not have the ability to respond in cyberspace to an attack which takes down our power network - leaving us in darkness or hits our air traffic control system grounding our planes - we would be left with the impossible choice of turning the other cheek, ignoring the devastating consequences, or resorting to a military response."

Cyber security has been on the government's radar for some time, with interest peaking in light of a number of high profile data breaches which have affected millions of consumers in the UK to a rise in cyber terrorism which has seen the like of Isis threatening to launch attacks in cyberspace against Britain. Large scale investment in cyber security is needed to combat the cyber-attacks which have become more co-ordinated and the malware more sophisticated.

Full coverage from the BBC

For a list of cyber-attacks for the period 1 – 15 October click here


FCC moves to regulate ISPs data use

The Federal Communications Commission (FCC) has adopted new rules aimed at giving broadband users more control over how their internet service providers (ISPs) use their personal information.

The rules separate customers' personal information as follows: opt-in, opt-out and exceptions to consent requirements. The most sensitive personal information, including users' geo-location, financial and health information and browsing history, sits in the opt-in category. ISPs are required to obtain express consent from their customers before using or sharing this information.

All customer information not included in the opt-in category, such as email addresses and the details of the internet service provided, is considered less sensitive and can be shared, subject to the customer having not opted out. The final category covers the circumstances in which customer consent can be inferred, e.g. for the purposes of billing and the provision of broadband services.

The rules also oblige ISPs to adopt reasonable data security practices and to provide their customers with 'clear, conspicuous and persistent' notices of how personal information is collected, used and shared and how they can amend their privacy preferences. These rules are limited in scope to ISPs and do not apply to individual websites or other services regulated by the Federal Trade Commission.

FCC Chairman, Tom Wheeler, commented: "The more our economy and our lives move online, the more information about us goes over our Internet Service Provider – and the more consumers want to know how to protect their personal information in the digital age. Today, the Commission takes a significant step to safeguard consumer privacy in this time of rapid technological change, as we adopt rules that will allow consumers to choose how their Internet Service Provider uses and shares their personal data."

Coverage from The Wall Street Journal

Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile